Tuesday, December 1, 2009

Cisco FWSM xlate problem.

Today I we had a problem where 2 of our DNS servers were unreachable from behind our Cisco NAT based FWSM. When running rspan of the inside link I saw:


2009-12-01 15:21:29.471361 IP (tos 0x0, ttl 255, id 1254, offset 0, flags [none], proto UDP (17), length 77) 172.17.25.94.63881 > 128.252.135.4.53: [udp sum ok] 37364+ PTR? r._dns-sd._udp.resnet.wustl.edu. (49)
2009-12-01 15:21:29.471616 IP (tos 0x0, ttl 72, id 10215, offset 0, flags [none], proto ICMP (1), length 56) 172.17.25.254 > 172.17.25.94: ICMP net 128.252.135.4 unreachable, length 36


We found the problem to be a corrupted global and local xlate table from the DNS servers:


PAT Global 128.252.135.4(63481) Local 182.252.135.4(49370)


No idea how this happened, but to fix the problem:


clear xlate global 128.252.135.4

Saturday, November 28, 2009

RFC 4291 (IPv6 Addressing Architecture)

Just finished reading RFC4291. Brief Summary:

* IPv6 Addr Types: Unicast, Anycast, Multicast
* ::/128 - unspecified
* ::1/128 - loopback
* ff00::/8 - multicast
* fe80::/10 - link-local
* everything else is global unicast
* Can strip leading 0's and a single multiple group of 0's

* Unicast has this general format:

| n bits | m bits | 128-n-m bits |
+------------------------+-----------+----------------------------+
| global routing prefix | subnet ID | interface ID |
+------------------------+-----------+----------------------------+


* Multicast:
* prefix: ff
* all nodes: ff0{1/2}::2
* all routers: ff0{1/2/5}::2
* solicited-node: ff02::1:ffxx:xxxx

For me personally, this section had the most information that I needed help with, refer to 2.7. Multicast Addresses for more information.

* Required IPv6 addresses:
* subnet-router anycast: allows node to communicate with subnets router
* link-local
* loopback
* all-nodes multicast
* solicited-node multicast
* all-routers
* any additional anycast or unicast addresses assigned

Friday, November 27, 2009

Excellent RFC reader/viewer.

http://tools.ietf.org/html/

You can instantly see obsoleted RFC and compare `diffs` of older versions.

Thursday, November 26, 2009

dhcpv6 and/or rdns autoconfigure does not work in OSX

From what I can tell it appears that DHCPv6 and/or RDNS is not supported by OSX. Still trying to find a reasonable way to get DNS resolver information into OSX in a pure IPv6 environment only. Anyone?

Wednesday, November 25, 2009

Monday, November 23, 2009

md5 password hash

echo -n "myPassword" | md5

looking glass vs. route server

Trying to figure out today why our multihomed site only shows one route in a Looking Glass...

It appears the "looking glass" is typically the preferred route of that provider, while a "route server" is a aggregated list of all (many) routes.

Route server: telnet://route-views.oregon-ix.net

Friday, November 20, 2009

Prussic Knot

I realized today, that it is extremely important to verify you have tied yourself off correctly to the proper loop on your prussic knot. Here is a good example: http://www.animatedknots.com/prusik/index.php

Make sure you tie off to the big loop in this animation.

Friday, November 13, 2009

iperf with IPv6

You need to add -V to make it work:


[jemurray@paddington:~/iperf-2.0.2/src/]% ./iperf -i 1 -V -c unixhosts.us -t 12240
------------------------------------------------------------
Client connecting to unixhosts.us, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 2001:470:1f10:363::2 port 45568 connected with 2001:4978:268::1 port 5001
[ 3] 0.0- 1.0 sec 360 KBytes 2.95 Mbits/sec
[ 3] 1.0- 2.0 sec 392 KBytes 3.21 Mbits/sec
[ 3] 2.0- 3.0 sec 304 KBytes 2.49 Mbits/sec
[ 3] 3.0- 4.0 sec 304 KBytes 2.49 Mbits/sec
[ 3] 4.0- 5.0 sec 208 KBytes 1.70 Mbits/sec
[ 3] 5.0- 6.0 sec 304 KBytes 2.49 Mbits/sec
[ 3] 6.0- 7.0 sec 344 KBytes 2.82 Mbits/sec


Server side to:

./iperf -V -s

Thursday, November 12, 2009

IPv6 subnet configuration for SixXS (router / radvd)

I received my /48, here is how I routed the first /64 at home:


Startup scripts:

jemurray@glock:~$ cat /etc/init.d/ip6tunnel.sh
#!/bin/bash

ifconfig eth0 inet6 add 2001:4978:268::1/64 up
route -A inet6 add 2001:4978:268::/64 dev eth0 metric 1
echo "1" > /proc/sys/net/ipv6/conf/all/forwarding


router advertisement daemon (stateless client configuration):

jemurray@glock:~$ cat /etc/radvd.conf
interface eth0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix 2001:4978:268::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvPreferredLifetime 20;
AdvValidLifetime 30;
};
};

bind configuration for for IPv6 arpa space


;
; Home IPv6 space
; 2001:4978:268::/48
;
$TTL 604800
@ IN SOA ns60.buyagun.org. jemurray.zweck.net. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns60.buyagun.org.
@ IN NS glock.buyagun.org.

; Entire /48
;$ORIGIN 0.8.6.2.0.8.7.9.4.1.0.0.2.ip6.arpa.

; primary /64
$ORIGIN 0.0.0.0.8.6.2.0.8.7.9.4.1.0.0.2.ip6.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR unixhosts.us.

Wednesday, November 11, 2009

dig +trace option

Can't believe I didn't know about this years ago:


jemurray@glock:~$ dig +trace @2001:470:20::2 any unixhosts.us

; <<>> DiG 9.4.2-P2 <<>> +trace @2001:470:20::2 any unixhosts.us
; (1 server found)
;; global options: printcmd
. 354563 IN NS h.root-servers.net.
. 354563 IN NS k.root-servers.net.
. 354563 IN NS m.root-servers.net.
. 354563 IN NS j.root-servers.net.
. 354563 IN NS a.root-servers.net.
. 354563 IN NS l.root-servers.net.
. 354563 IN NS b.root-servers.net.
. 354563 IN NS f.root-servers.net.
. 354563 IN NS c.root-servers.net.
. 354563 IN NS d.root-servers.net.
. 354563 IN NS e.root-servers.net.
. 354563 IN NS i.root-servers.net.
. 354563 IN NS g.root-servers.net.
;; Received 497 bytes from 2001:470:20::2#53(2001:470:20::2) in 32 ms

us. 172800 IN NS K.GTLD.BIZ.
us. 172800 IN NS B.GTLD.BIZ.
us. 172800 IN NS I.GTLD.BIZ.
us. 172800 IN NS J.GTLD.BIZ.
us. 172800 IN NS C.GTLD.BIZ.
us. 172800 IN NS A.GTLD.BIZ.
;; Received 298 bytes from 128.8.10.90#53(d.root-servers.net) in 49 ms

unixhosts.us. 7200 IN NS GLOCK.BUYAGUN.ORG.
unixhosts.us. 7200 IN NS P6.NTS.WUSTL.EDU.
;; Received 91 bytes from 2001:503:d1ae:ffff:ffff:ffff:ffff:ff7e#53(I.GTLD.BIZ) in 60 ms

unixhosts.us. 86400 IN SOA glock.buyagun.org. jemurray.zweck.net. 1 604800 86400 2419200 86400
unixhosts.us. 86400 IN NS glock.buyagun.org.
unixhosts.us. 86400 IN AAAA 2001:4978:f:3db::2
unixhosts.us. 86400 IN MX 10 unixhosts.us.
;; Received 159 bytes from 2001:4978:f:3db::2#53(GLOCK.BUYAGUN.ORG) in 0 ms

snmp tools

Load an external MIB and walk it:

% cp ~/mymibname.txt /usr/share/snmp/mibs
% snmpwalk -m +mymibname -Os -c MySuperString -v 1 myhost.buyagun.org asyncOSMail

Translate a MIB name to OID:

% snmptranslate -m +mymibname -IR -On perCentMemoryUtilization

Tuesday, November 10, 2009

anycast dns

Anycast Addr: 1.2.3.4
Local DNS Server: 4.3.2.1

Unix
----
* vi /etc/sysconf/networks-scripts/ifcfg-lo:1

DEVICE=lo:1
IPADDR=1.2.3.4
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback

* /etc/init.d/network start
* Turns on lo:1





Router
------
; monitor DNS resolution every 30 seconds
ip sla monitor 100
type dns target-addr my.example.com name-server 4.3.2.1
frequency 30

; start the monitoring session and go forever
ip sla monitor schedule 100 life forever start-time now

; static route for anycast to local dns server
ip route 1.2.3.4 255.255.255.255 4.3.2.1 track 100

; tie the sla check to the static route
track 100 rtr 100

Thursday, July 23, 2009

My laptop backup plan

Background: I use a Mac.

Hardware: 2 external drives, 1 subscription to Mozy, 1 server,
1 Picasa account



1) Setup timemachine. It is easy, free, fast, and reliable.
How: Plug in an external hard drive and enable timemachine
Why: easy, free, fast, and reliable.

2) Mozy. It is easy, very low cost, and most importantly offers off site backups.
How: http://mozy.com/
Why: What if your house burns down?

3) Rsync. Easy, free, fast, and offers additional protection.
How: sudo rsync -vaxE --delete --ignore-errors / /Volumes/backup/
Why: Because you can't have enough backups and this drive gets unplugged and stored away in a safe plae.

4) Picasa. All the most important pictures are also upload to Picasa
How: Download the latest Picasa photo management software from Google
Why: To both share and backup important family photos

5) Rsync (again). This time to a server in the basement.
How: rsync -azvL --progress --delete -e '/usr/bin/ssh' "$LOCALDIR" $REMOTEUSER@$REMOTEHOST:$REMOTEDIR
Why: So the other PC's in the house can access the shared photos (and it can't hurt to have another backup)




If I had to pick 2 (there must always be 2 backups).

1) timemachine (fast, easy, reliable)
2) Mozy (offsite)

How to clone a Linux box

* Gather harddrive information from original system using fdisk

* Boot new system off of boot cdrom

* Make partitions and file systems on new system equal to size or
orignal systems used space.

fdisk /dev/sda

* Make the file system on the new partitions

mkfs.ext3 /dev/sda1

* Mount the partitions:

mount /dev/sda1 /mnt

* Copy the data from the old system to the new system:

rsync -av --links --hard-links --numeric-ids --exclude=/dev/* --exclude=/proc/* --exclude=/sys/* / root@172.16.1.33:/mnt

* Edit important config files that may have change from the old system to the new system:

/mnt/grub/boot/menu.lst
/mnt/grub/boot/device.map
/mnt/etc/fstab

* Install boot loader (GRUB)

grub-install --root-directory=/mnt /dev/sda

* reboot, you are done.

How active directory determins what DNS server to update

1) AD uses the DNS servers listed in their TCP/IP settings to send
a query to.

2) The query is to find out the authoritative server in the SOA for
the zone they need to update.

3) The DNS server that is queried will return the SOA information
for that zone. In the SOA record, is the server that is listed as
being authoritative for that zone. There can be many different
servers authoritative for a zone (primary and secondary), but the
DC is looking for the DNS server that is specifically listed in the
SOA record.

4) The DC will then send the dynamic updates to that DNS server in
the SOA.

* Now, the case of AD, they use the multi-master scenario. So,
whatever server is updated with the SRV records, that information
will be replicated to the other servers via DNS zone transfers.

Using rancid to mass update multiple network devices

Here is how to make mass changes to a bunch of network devices using
rancid:

clogin -c "conf t;interface g0/1;no shut; end; wr mem" router1 router2

Ways to boot Solaris with verbose output

Various commands to boot solaris into a verbose mode to see what
is happening during the boot phase:

1) boot -m verbose - More SMF chatter (solaris 10+ only)
2) boot -av - a=interactive v=verbose

Sun install MetaClusters

Sun Install MetaClusters
------------------------

METACLUSTER=SUNWCXall
NAME=Entire Distribution plus OEM support DESC=A pre-defined software
configuration consisting of all software included in the operating system
release, plus OEM pla tform support.



METACLUSTER=SUNWCall
NAME=Entire Distribution
DESC=A pre-defined software configuration consisting of all software
included in the operating system release.


METACLUSTER=SUNWCprog
NAME=Developer System Support
DESC=A pre-defined software configuration consisting of the typical
software used by software developers.



METACLUSTER=SUNWCuser
NAME=End User System Support
DESC=A pre-defined software configuration consisting of the typical
software required by end-users running a desktop.


METACLUSTER=SUNWCreq
NAME=Core System Support
DESC=A pre-defined software configuration consisting of the minimum
required software for a standalone, non-networked works tation.


METACLUSTER=SUNWCmreq
NAME=Minimal Core System Support
DESC=A pre-defined minimal software configuration consisting of the
minimum required software for a standalone, non-network ed workstation.



You can find this and much more interesting information in the (replace
solaris version with your version):

.../OS/Solaris_9_2005-09/Solaris_9/Product/.clustertoc

Quick reference guide to create a new Solaris SMF startup script.

Copy one of the existing manifest files from /var/svc/manifest/
Edit the new file make sure to give it a unique instance name
Copy one of the existing method files from /lib/svc/method/ and edit it
Import the new manifest: /usr/sbin/svccfg -v import /var/svc/manifest/somefile.xml
Verify the new manifest: svcs -a
Start the script: svcadm enable

How to attach SAN/FC disks to a Solaris 10 system without rebooting.

If newly SAN/FC attached storage does not appear when presented to a
Solaris 10 system perform these steps:

Check to see if the OS sees the newly attached disk space:

# cfgadm -al
c2::212000d0b202bd41 unavailable connected configured failed

Then configure it:

# cfgadm -c configure c2::212000d0b202bd41

Check again:

# cfgadm -al
c2::212000d0b202bd41 disk connected configured unknown

Check format:

root@weaver:~ # format
Searching for disks...
Mode sense page(3) reports nsect value as 200, adjusting it to 100
done

c2t212000D0B202BD41d0: configured with capacity of 50.06GB

AVAILABLE DISK SELECTIONS:
2. c2t212000D0B202BD41d0
/pci@7c0/pci@0/pci@1/pci@0,2/SUNW,emlxs@2/fp@0,0/ssd@w212000d0b202bd41,0

Instructions on booting a Sun Solaris 10 T2000 from Fabric (SAN) attached disks

Fabric (SAN) Booting a Sun Server
=================================

Hardware
--------
Server: Sun Fire T2000
HBA: Emulex (SUNW,emlxs-pci10df,fc00 LP10000-S)
SAN: Xiotech Magnitude 3D


Overview
--------
Instructions for configuring and installing the Solaris 10 OS on a Sun
T2000 with a FC/SAN attached disk drive (ie. no local disks).

There are no directions anywhere, that I could find, that explains how
to perform this setup. Xiotech, IBM, and EMC all told me it was very
difficult to do on a Sun system. This is NOT the case, it is very
easy. It is nothing more then installing the OS.

Extra Notes
-----------
{ok} probe-scsi-all - shows drives attached to the system
{ok} show-disks - displays the disks attached to the system


Instructions
------------
We built a pretty stock jumpstart server using the JASS framework.
The following directions are all based on using jumpstart to build the
system.

1) Configure the zone on the FC switches include the SAN and the HOST in
the zone (refer to switch documentation).

2) Configure the disks on the SAN. In our case we presented a single 45GB
disk to the system (refer to SAN documentation).

3) Boot the Sun system up into single user mode:

{ok} boot net -s

4) You are going to receive an error about the SAN disk not having a valid
lable, and a line that looks something like this:

WARNING: /pci@7c0/pci@0/pci@1/pci@0,2/SUNW,emlxs@1/fp@0,0/ssd@w212100d0b202bd41,0 (ssd2): has no label

5) Once the system is booted up, you need to label/format the disk:

# format

It will ask you to label the disk. Follow the directions.

6) Before you exit the format command make note of the full device name
for the SAN disk, it will look something like:

c2t212100D0B202BD41d0


7) On the jumpstart server, setup a basic profile that will include
installing the OS on the SAN attached disk, something like:

root_device c2t212100D0B202BD41d0s0
filesys rootdisk.s0 10000 /
filesys rootdisk.s1 20000 /var
filesys rootdisk.s2 4000 swap
filesys rootdisk.s3 free /opt

8) Perform the Jumpstart Install:

{ok} boot net - install

8.5) You will see it selecting the SAN attached disk for the install:

- Selecting all disks
- Configuring boot device
- Using disk (c2t212100D0B202BD41d0) for "rootdisk"
- Configuring / (c2t212100D0B202BD41d0s0)
- Configuring /var (c2t212100D0B202BD41d0s1)
- Configuring swap (c2t212100D0B202BD41d0s2)
- Configuring /opt (c2t212100D0B202BD41d0s3)
- Automatically configuring disks for Solaris operating system
- Deselecting unmodified disk (c0t0d0)
- Deselecting unmodified disk (c0t1d0)

Creating and checking UFS file systems
- Creating / (c2t212100D0B202BD41d0s0)
- Creating /var (c2t212100D0B202BD41d0s1)
- Creating /opt (c2t212100D0B202BD41d0s3)

9) Once the install is completed you will see it reboot using the SAN
attached disk as the boot disk:

Rebooting with command: boot
Boot device: /pci@7c0/pci@0/pci@1/pci@0,2/SUNW,emlxs@1/fp@0,0/disk@w212100d0b202bd41,0:a File and args:
SunOS Release 5.10 Version Generic_118833-17 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.

How to transfer a file with a webserver, uuencode, uudecode, script or tee, and telnet.

How to transfer a file with a webserver, uuencode, uudecode, script or
tee, and telnet. (ie. filetransfer without ftp, without ssh, without scp,
without any standandard file transfer program).

Background: the system was deployed to a remote site only to find out
a critical shared library was not installed and ssh would not start.
Router ACLs that only allow outbound 22 and 80 were applied to the
uplinks.


In order to retrieve the file:

1) uuencode the file to be sent.

2) Copy the file to a directory that is accessable via a public webserver.

3) From the host you need to get the file onto, run:

telnet 80 | tee
GET

4) uudecode

5) Install file where it needs to be.

How to make Solaris 9 recognize SAN attached storage

I recently ran into a problem were my Solaris 9 server
would not recognize the new storage I presented to it from our
Xiotech SAN. On Solaris 10 everything has always "worked out of
the box". The problem was from two issues.

1) Solaris 9 does not have the drivers for the Emulex HBA. They have
to be downloaded from here:

http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId=StoreEdgeSw-4.0-G-F&TransactionId=Try

(Note: you need a sunsolve account to get the drivers).

2) The HBA was "unconfigured". In order to figure out if the card is
"unconfigured", use `cfgadm` - if you see output like this:


#cfgadm
Ap_Id Type Receptacle Occupant Condition
c3 fc connected unconfigured failed


You need to run:

#cfgadm -c configure c3

After you do that all is well.

Basic ipfilter rules


## Block Everything inbound
block in log all

## allow outbound and return traffic
pass out quick proto tcp from any to any flags S keep state keep frags
pass out quick proto udp from any to any keep state keep frags

## ICMP
pass in quick proto icmp from any to any
pass out quick proto icmp from any to any

##
## Allow localhost traffic
##
pass in quick on lo0 proto tcp from 127.0.0.1/32 to 127.0.0.1/32

## Allow ssh from mangement host
pass in quick proto tcp from 1.2.3.4/32 to any port = 22 flags S keep state keep frags

Cable Pinouts (ether, t1, e1, etc)


Standard Ethernet (568B)
------------------------
1 WhiteOrange <-> WhiteOrange
2 Orange <-> Orange
3 WhiteGreen <-> WhiteGreen
4 Blue <-> Blue
5 WhiteBlue <-> WhiteBlue
6 Green <-> Green
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

Standard Ethernet (568B) Cross-Over
-----------------------------------
1 WhiteOrange <-> WhiteGreen
2 Orange <-> Green
3 WhiteGreen <-> WhiteOrange
4 Blue <-> Blue
5 WhiteBlue <-> WhiteBlue
6 Green <-> Orange
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

Standard Ethernet (568A)
------------------------
1 WhiteGreen <-> WhiteGreen
2 Green <-> Green
3 WhiteOrange <-> WhiteOrange
4 Blue <-> Blue
5 WhiteBlue <-> WhiteBlue
6 Orange <-> Orange
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

Standard Ethernet (568A) Cross-Over
-----------------------------------
1 WhiteGreen <-> WhiteOrange
2 Green <-> Orange
3 WhiteOrange <-> WhiteGreen
4 Blue <-> Blue
5 WhiteBlue <-> WhiteBlue
6 Orange <-> Green
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

T1/E1 Cross-Over
----------------
1 WhiteOrange <-> Blue
2 Orange <-> WhiteBlue
3 WhiteGreen <-> WhiteGreen
4 Blue <-> White Orange
5 WhiteBlue <-> Orange
6 Green <-> Green
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

Using `bc` for base conversoin

jemurray@remington:~$ bc
bc 1.06
Copyright 1991-1994, 1997, 1998, 2000 Free Software Foundation, Inc.
This is free software with ABSOLUTELY NO WARRANTY.
For details type `warranty'.
obase=10
ibase=16

C0A8

49320

Basic iptables rules


#!/bin/bash

# If you use the kernel modules, make sure they are loaded
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat
modprobe ipt_state
modprobe ipt_REJECT
modprobe ipt_LOG

# added in case you are reloading
iptables --flush

# drop all inbound by default
iptables -P INPUT DROP

# always allow loopback
iptables -A INPUT -i lo -j ACCEPT

# Allow return traffic
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT

# Allow ICMP
iptables -A INPUT -p icmp -m icmp -j ACCEPT

## SSH (Limit connection attempts)
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
iptables -A INPUT -p tcp -m tcp --source 192.168.0.0/24 --dport 22 -j ACCEPT

# Log and Block
iptables -A INPUT -j LOG --log-prefix IN-FILTERBLOCK
iptables -A INPUT -j REJECT

ASCII Table


Dec Hx Oct Char Dec Hx Oct Char Dec Hx Oct Char
--------------- --------------- ---------------
32 20 040 SPACE 64 40 100 @ 96 60 140 `
33 21 041 ! 65 41 101 A 97 61 141 a
34 22 042 " 66 42 102 B 98 62 142 b
35 23 043 # 67 43 103 C 99 63 143 c
36 24 044 $ 68 44 104 D 100 64 144 d
37 25 045 % 69 45 105 E 101 65 145 e
38 26 046 & 70 46 106 F 102 66 146 f
39 27 047 ' 71 47 107 G 103 67 147 g
40 28 050 ( 72 48 110 H 104 68 150 h
41 29 051 ) 73 49 111 I 105 69 151 i
42 2A 052 * 74 4A 112 J 106 6A 152 j
43 2B 053 + 75 4B 113 K 107 6B 153 k
44 2C 054 , 76 4C 114 L 108 6C 154 l
45 2D 055 - 77 4D 115 M 109 6D 155 m
46 2E 056 . 78 4E 116 N 110 6E 156 n
47 2F 057 / 79 4F 117 O 111 6F 157 o
48 30 060 0 80 50 120 P 112 70 160 p
49 31 061 1 81 51 121 Q 113 71 161 q
50 32 062 2 82 52 122 R 114 72 162 r
51 33 063 3 83 53 123 S 115 73 163 s
52 34 064 4 84 54 124 T 116 74 164 t
53 35 065 5 85 55 125 U 117 75 165 u
54 36 066 6 86 56 126 V 118 76 166 v
55 37 067 7 87 57 127 W 119 77 167 w
56 38 070 8 88 58 130 X 120 78 170 x
57 39 071 9 89 59 131 Y 121 79 171 y
58 3A 072 : 90 5A 132 Z 122 7A 172 z
59 3B 073 ; 91 5B 133 [ 123 7B 173 {
60 3C 074 < 92 5C 134 \ 124 7C 174 |
61 3D 075 = 93 5D 135 ] 125 7D 175 }
62 3E 076 > 94 5E 136 ^ 126 7E 176 ~
63 3F 077 ? 95 5F 137 _ 127 7F 177 DEL


____________________________________________________________________________
|Oct | Dec | Hex | Display | Symbol | Char Name | Keypress |
|____|_____|_____|_________|________|________________________|______________|
|000 | 000 | 00 | none | NUL | Null | Ctrl-Shift-@ |
|001 | 001 | 01 | ^A | SOH | Start of Header | Ctrl-A |
|002 | 002 | 02 | ^B | STX | Start of Text | Ctrl-B |
|003 | 003 | 03 | ^C | ETX | End of Text | Ctrl-C |
|004 | 004 | 04 | ^D | EOT | End of Transmission | Ctrl-D |
|005 | 005 | 05 | ^E | ENQ | Enquire | Ctrl-E |
|006 | 006 | 06 | ^F | ACK | Acknowledge | Ctrl-F |
|007 | 007 | 07 | ^G | BEL | Bell | Ctrl-G |
|____|_____|_____|_________|________|________________________|______________|
|010 | 008 | 08 | ^H | BS | Back Space | Ctrl-H |
|011 | 009 | 09 | ^I | HT | Horizontal Tab | Ctrl-I |
|012 | 010 | 0A | ^J | LF | Line Feed | Ctrl-J |
|013 | 011 | 0B | ^K | VT | Vertical Tab | Ctrl-K |
|014 | 012 | 0C | ^L | FF | Form Feed | Ctrl-L |
|015 | 013 | 0D | ^M | CR | Carriage Return | Ctrl-M |
|016 | 014 | 0E | ^N | SO | Shift Out | Ctrl-N |
|017 | 015 | 0F | ^O | SI | Shift In | Ctrl-O |
|____|_____|_____|_________|________|________________________|______________|
|020 | 016 | 10 | ^P | DLE | Data Link Escape | Ctrl-P |
|021 | 017 | 11 | ^Q | DC1 | Device Control 1 | Ctrl-Q |
|022 | 018 | 12 | ^R | DC2 | Device Control 2 | Ctrl-R |
|023 | 019 | 13 | ^S | DC3 | Device Control 3 | Ctrl-S |
|024 | 020 | 14 | ^T | DC4 | Device Control 4 | Ctrl-T |
|025 | 021 | 15 | ^U | NAK | Negative Acknowledge | Ctrl-U |
|026 | 022 | 16 | ^V | SYN | Synchronize | Ctrl-V |
|027 | 023 | 17 | ^W | ETB | End Transmission Block | Ctrl-W |
|____|_____|_____|_________|________|________________________|______________|
|030 | 024 | 18 | ^X | CAN | Cancel | Ctrl-X |
|031 | 025 | 19 | ^Y | EM | End of Medium | Ctrl-Y |
|032 | 026 | 1A | ^Z | SUB | Substitute | Ctrl-Z |
|033 | 027 | 1B | ^[ | ESC | Escape | Ctrl-[ |
|034 | 028 | 1C | ^\ | FS | File Separator | Ctrl-\ |
|035 | 029 | 1D | ^] | GS | Group Separator | Ctrl-] |
|036 | 030 | 1E | ^^ | RS | Record Separator | Ctrl-Shift-^ |
|037 | 031 | 1F | ^_ | US | Unit Separator | Ctrl-Shift-_ |
|____|_____|_____|_________|________|________________________|______________|
|177 | 127 | 7F | ^? | DEL | Delete | DEL |
|____|_____|_____|_________|________|________________________|______________|



Note: To place control characters in a file when using the vi or ex editor,
type Ctrl-v before typing the desired control character.

Monday, February 23, 2009

All possible netmasks expanded


Netmask Netmask (binary) CIDR Notes
255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single address)
255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable



Netmask 255.255.255.0 /24 (11111111.11111111.11111111.00000000)
1 subnet
LOW IP HI IP
x.x.x.0 x.x.x.255

Netmask 255.255.255.128 /25 (11111111.11111111.11111111.10000000)
2 subnets
LOW IP HI IP
x.x.x.0 x.x.x.127
x.x.x.128 x.x.x.255

Netmask 255.255.255.192 /26 (11111111.11111111.11111111.11000000)
4 subnets
x.x.x.0 x.x.x.63
x.x.x.64 x.x.x.127
x.x.x.128 x.x.x.191
x.x.x.192 x.x.x.255

Netmask 255.255.255.224 /27 (11111111.11111111.11111111.11100000)
8 subnets
x.x.x.0 x.x.x.31
x.x.x.32 x.x.x.63
x.x.x.64 x.x.x.95
x.x.x.96 x.x.x.127
x.x.x.128 x.x.x.159
x.x.x.160 x.x.x.191
x.x.x.192 x.x.x.223
x.x.x.224 x.x.x.255

Netmask 255.255.255.240 /28 (11111111.11111111.11111111.11110000)
16 subnets
x.x.x.0 x.x.x.15
x.x.x.16 x.x.x.31
x.x.x.32 x.x.x.47
x.x.x.48 x.x.x.63
x.x.x.64 x.x.x.79
x.x.x.80 x.x.x.95
x.x.x.96 x.x.x.111
x.x.x.112 x.x.x.127
x.x.x.128 x.x.x.143
x.x.x.144 x.x.x.159
x.x.x.160 x.x.x.175
x.x.x.176 x.x.x.191
x.x.x.192 x.x.x.207
x.x.x.208 x.x.x.223
x.x.x.224 x.x.x.239
x.x.x.240 x.x.x.255

Netmask 255.255.255.248 /29 (11111111.11111111.11111111.11111000)
32 subnets
x.x.x.0 x.x.x.7
x.x.x.8 x.x.x.15
x.x.x.16 x.x.x.23
x.x.x.24 x.x.x.31
x.x.x.32 x.x.x.39
x.x.x.40 x.x.x.47
x.x.x.48 x.x.x.55
x.x.x.56 x.x.x.63
x.x.x.64 x.x.x.71
x.x.x.72 x.x.x.79
x.x.x.80 x.x.x.87
x.x.x.88 x.x.x.95
x.x.x.96 x.x.x.103
x.x.x.104 x.x.x.111
x.x.x.112 x.x.x.119
x.x.x.120 x.x.x.127
x.x.x.128 x.x.x.135
x.x.x.136 x.x.x.143
x.x.x.144 x.x.x.151
x.x.x.152 x.x.x.159
x.x.x.160 x.x.x.167
x.x.x.168 x.x.x.175
x.x.x.176 x.x.x.183
x.x.x.184 x.x.x.191
x.x.x.192 x.x.x.199
x.x.x.200 x.x.x.207
x.x.x.208 x.x.x.215
x.x.x.216 x.x.x.223
x.x.x.224 x.x.x.231
x.x.x.232 x.x.x.239
x.x.x.240 x.x.x.247
x.x.x.248 x.x.x.255

Netmask 255.255.255.252 /30 (11111111.11111111.11111111.11111100)
64 subnets
LOW IP HI IP
x.x.x.0 x.x.x.3
x.x.x.4 x.x.x.7
x.x.x.8 x.x.x.11
x.x.x.12 x.x.x.15
x.x.x.16 x.x.x.19
x.x.x.20 x.x.x.23
x.x.x.24 x.x.x.27
x.x.x.28 x.x.x.31
x.x.x.32 x.x.x.35
x.x.x.36 x.x.x.39
x.x.x.40 x.x.x.43
x.x.x.44 x.x.x.47
x.x.x.48 x.x.x.51
x.x.x.52 x.x.x.55
x.x.x.56 x.x.x.59
x.x.x.60 x.x.x.63
x.x.x.64 x.x.x.67
x.x.x.68 x.x.x.71
x.x.x.72 x.x.x.75
x.x.x.76 x.x.x.79
x.x.x.80 x.x.x.83
x.x.x.84 x.x.x.87
x.x.x.88 x.x.x.91
x.x.x.92 x.x.x.95
x.x.x.96 x.x.x.99
x.x.x.100 x.x.x.103
x.x.x.104 x.x.x.107
x.x.x.108 x.x.x.111
x.x.x.112 x.x.x.115
x.x.x.116 x.x.x.119
x.x.x.120 x.x.x.123
x.x.x.124 x.x.x.127
x.x.x.128 x.x.x.131
x.x.x.132 x.x.x.135
x.x.x.136 x.x.x.139
x.x.x.140 x.x.x.143
x.x.x.144 x.x.x.147
x.x.x.148 x.x.x.151
x.x.x.152 x.x.x.155
x.x.x.156 x.x.x.159
x.x.x.160 x.x.x.163
x.x.x.164 x.x.x.167
x.x.x.168 x.x.x.171
x.x.x.172 x.x.x.175
x.x.x.176 x.x.x.179
x.x.x.180 x.x.x.183
x.x.x.184 x.x.x.187
x.x.x.188 x.x.x.191
x.x.x.192 x.x.x.195
x.x.x.196 x.x.x.199
x.x.x.200 x.x.x.203
x.x.x.204 x.x.x.207
x.x.x.208 x.x.x.211
x.x.x.212 x.x.x.215
x.x.x.216 x.x.x.219
x.x.x.220 x.x.x.223
x.x.x.224 x.x.x.227
x.x.x.228 x.x.x.231
x.x.x.232 x.x.x.235
x.x.x.236 x.x.x.239
x.x.x.240 x.x.x.243
x.x.x.244 x.x.x.247
x.x.x.248 x.x.x.251
x.x.x.252 x.x.x.255

net mask:

1111 11 00 == 252

Pozar's two-bit(tm) addressing

4-bit m m m m
2-bit m m
(.1) 0 0 0 0 0 0 0 1 (.2) 0 0 0 0 0 0 1 0
(.17) 0 0 0 1 0 0 0 1 (.18) 0 0 0 1 0 0 1 0
(.33) 0 0 1 0 0 0 0 1 (.34) 0 0 1 0 0 0 1 0
(.49) 0 0 1 1 0 0 0 1 (.50) 0 0 1 1 0 0 1 0
(.65) 0 1 0 0 0 0 0 1 (.66) 0 1 0 0 0 0 1 0
(.129) 1 0 0 0 0 0 0 1 (.130) 1 0 0 0 0 0 1 0
(.193) 1 1 0 0 0 0 0 1 (.194) 1 1 0 0 0 0 1 0
(.225) 1 1 1 0 0 0 0 1 (.226) 1 1 1 0 0 0 1 0



CIDR: Classless Inter-Domain Routing -- Standard Boundaries

(inverse mask)
Netmask bits # IPs # C's source-wildcard

255.255.255.255 /32 1 < 0.0.0.0
255.255.255.254 /31 2 < 0.0.0.1
255.255.255.252 /30 4 < 0.0.0.3
255.255.255.248 /29 8 < 0.0.0.7
255.255.255.240 /28 16 < 0.0.0.15
255.255.255.224 /27 32 < 0.0.0.31
255.255.255.192 /26 64 < 0.0.0.63
255.255.255.128 /25 128 < 0.0.0.127
255.255.255.0 /24 256 1 0.0.0.255
255.255.254.0 /23 512 2 0.0.1.255
255.255.252.0 /22 1024 4 0.0.3.255
255.255.248.0 /21 2048 8 0.0.7.255
255.255.240.0 /20 4096 16 0.0.15.255
255.255.224.0 /19 8192 32 0.0.31.255
255.255.192.0 /18 16384 64 0.0.63.255
255.255.128.0 /17 32768 128 0.0.127.255
255.255.0.0 /16 65536 256 0.0.255.255
255.254.0.0 /15 131072 512 0.1.255.255
255.252.0.0 /14 262144 1024 0.3.255.255
255.248.0.0 /13 524288 2048 0.7.255.255
255.240.0.0 /12 1048576 4096 0.15.255.255
255.224.0.0 /11 2097152 8192 0.31.255.255
255.192.0.0 /10 4194304 16384 0.63.255.255
255.128.0.0 /9 8388608 32768 0.127.255.255
255.0.0.0 /8 16777216 65536 0.255.255.255
254.0.0.0 /7 33554432 131072 1.255.255.255
252.0.0.0 /6 67108864 262144 3.255.255.255
248.0.0.0 /5 134217.72K 524288 7.255.255.255
240.0.0.0 /4 268435.44K 1048576 15.255.255.255
224.0.0.0 /3 536870.88K 2097152 31.255.255.255
192.0.0.0 /2 1073741.7K 4194304 63.255.255.255
128.0.0.0 /1 2147483.4K 8388608 127.255.255.255
0.0.0.0 /0 4294966.8K 16777216 255.255.255.255

----------

Here's some general rules about how this allocation works. Keep in mind that
all of these "masks" are really based on binary AND/OR masking, thus a
decimal "255" is binary 11111111 and a decimal "0" is binary "00000000".
Here's a little table in binary which may be of help:

255.255.255.255 /32 11111111.11111111.11111111.11111111
255.255.255.254 /31 11111111.11111111.11111111.11111110
255.255.255.252 /30 11111111.11111111.11111111.11111100
255.255.255.248 /29 11111111.11111111.11111111.11111000
255.255.255.240 /28 11111111.11111111.11111111.11110000
255.255.255.224 /27 11111111.11111111.11111111.11100000
255.255.255.192 /26 11111111.11111111.11111111.11000000
255.255.255.128 /25 11111111.11111111.11111111.10000000
255.255.255.0 /24 11111111.11111111.11111111.00000000
255.255.254.0 /23 11111111.11111111.11111110.00000000
255.255.252.0 /22 11111111.11111111.11111100.00000000
255.255.248.0 /21 11111111.11111111.11111000.00000000
255.255.240.0 /20 11111111.11111111.11110000.00000000
255.255.224.0 /19 11111111.11111111.11100000.00000000
255.255.192.0 /18 11111111.11111111.11000000.00000000
255.255.128.0 /17 11111111.11111111.10000000.00000000
255.255.0.0 /16 11111111.11111111.00000000.00000000
... etc ...

A /32 is an allocation of 1 IP, and there is 256 /32's in a /24.
A /31 is an allocation of 2 IP's, and there is 128 /31's in a /24.
A /30 is an allocation of 4 IP's, and there is 64 /30's in a /24.
A /29 is an allocation of 8 IP's, and there is 32 /29's in a /24.
A /28 is an allocation of 16 IP's, and there is 16 /28's in a /24.
A /27 is an allocation of 32 IP's, and there is 8 /27's in a /24.
A /26 is an allocation of 64 IP's, and there is 4 /26's in a /24.
A /25 is an allocation of 128 IP's, and there is 2 /25's in a /24.
A /24 is an allocation of 256 IP's, and there is 1 /24 in a /24.

----------

Starting "Network" IP address of Subnetted /24's (last octet value):
NOTE: *0 - Zero subnet may not functional on ALL CPE types

/32: Any IP is an individual /32.
/31: IP evenly divisible by 2. (e.g. *0,2,4,6,8,10,12,14,16,18 ... 252,254)
/30: IP evenly divisible by 4. (e.g. *0,4,8,12,16,20,24,28,32, ... 248,252)
/29: IP evenly divisible by 8. (e.g. *0,8,16,24,32,40,48,56,64, ... 240,248)
/28: IP evenly divisible by 16. (e.g. *0,16,32,48,64,80,96,112, ... 224,240)
/27: IP evenly divisible by 32. (e.g. *0,32,64,96,128,160,192,224)
/26: IP evenly divisible by 64. (e.g. *0,64,128,192)

Followers

Blog Archive

Contributors