Keep up with Tech ? How Far ?

One of the hardest things to do is to keep up with tech, now thats some thing every once in a while we hear from our colleagues and we might say it to ourselves as well. There are two things which needs some discussion here

1. New certifications in Networking scope
2. New paths like programming and cloud services

After working for a while, am at a point where I have been exposed to so many technologies within networking, there is Service provider, datacenter, enterprise and other aspects like programming and cloud services.

The choice to take both paths is not efficient if I give it a good thought, but on the other hand its always good to know other aspects of the job as well, am not trying to be diplomatic but rather speaking from experience here.

One path is to be an expert in certain aspect of the field, the other side is to invest time to learn new things, choice is not easy, any field is vast and it takes life time just to be good at one thing, imagine trying to be good at multiple things, it wont work for many people.

Other day I had to explore Amazon Athena and Amazon Glue and Finally Amazon quicksight, I have never used these services before nor I had real reason to do so, its mostly Big data aspect, but as I took a look at them for a simple task, I quickly discovered how handy these services were and what could be processed and analyzed in such a short time for someone who was looking at them for the first time.

Often times we are at a point where we need to know about many things at a nominal level, firms like Amazon has one thing in mind when they launch a service they make it easily adaptable rather than making it insanely tough and technical to understand.

I Quoted Aws, because I like AWS!

Trick to study : Always think that who ever who has better sense of business will always make it easy for people to operate and understand, and by that logic whatever you are learning just recall this that its supposed to be easy and straight forward for most of the complicated tasks as well. Technology design now a days is vested more and more about easier adaptability.

Just thought about writing about this experience as when i first saw Athena / Glue / Quicksight, I thought what am I doing with big data technology services, after spending a day or two, it was easy straight forward and I could use data to build and visualize in a certain way which made sense to my requirements, no one needs to be an expert to use a tool and complete a small task, a basic understand will suffice is what I concluded.

Happy Learning

Quick personal vpn – wireguard with aws

I have written about wire-guard previously about how easy it is to set-up a personal vpn

https://r2079.wordpress.com/2020/05/16/wireguard-server-and-qr-code-scan-in-the-mobile-app-its-that-simple-to-set-up-a-vpn/

What is the issue: I have never explained the use-case clearly in that post, let me try to re-attempt the write-up again

you see, on a personal basis I need to access few websites which are hosted in India, issue with these websites is that they dont allow any traffic external to the country

There are many browser based proxies out there which can do this task just fine and also paid services, my problem is that when you are exchanging user/password information and financial transactions over these proxies you don’t know how exactly all this data getting exchanged and transmitted

Few Tips from my experience before i get into the post :

-> you need to change ubuntu instances ipv4 forwarding so that it will forward packets through the instance also nats it

root@ip-172-31-34-66:~# cat /etc/sysctl.conf | egrep -i ip_forward
net.ipv4.ip_forward=1
root@ip-172-31-34-66:~# 

-> Make sure you dont start routing everything first, take public DNS’s and test the system with allowed_ips in the configuration file else you will loose internet access and if not done correctly you will also loose access to cloud instance

-> If you want to do complicated nat and other extensions, make sure you have a public static route via AWS back to the IP

Solution:

Aws has presence all over the globe , I simply chose a free offering ubuntu instance in Asia pacific zone which covers India to setup and install wireguard VPN service.

https://aws.amazon.com/free/ – aws free tier instance

https://www.wireguard.com/install/ – Covers wireguard install

Below is my wg0.conf file and I will use wg-quick to quickly bring up this instance

Post-up and Post-Down concepts are really handy, you could ask the config file to do the NAT only when the interface is up and Delete the interface when the interface is down. This covers the server side, what about client ?

[Interface]

Address = 10.0.0.1/24 
Address = fd86:ea04:xxxx::1/64 
SaveConfig = true 
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables  -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; 
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6table s -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 51820 FwMark = 0xca6c 

PrivateKey = aE7zcFky1e3BrNPKT3vFwxxxxxxxxxx 

[Peer] 
PublicKey = d+tZoJOkaNcC+x2xxxxxxxx
 AllowedIPs = 10.0.0.0/24, fd86:ea04:xxx::/64 Endpoint = xxxxx:60252

Wireguard has been supporting a client gui version as well along with QR code which we have seen.

Here is the screen-shot from my mac end-point

mac  ~ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  10.0.0.1 (10.0.0.1)  768.096 ms  150.332 ms  267.774 ms
 2  ec2.ap-south-1.compute.amazonaws.com   211.881 ms
    ec2.ap-south-1.compute.amazonaws.com   432.133 ms
    ec2.ap-south-1.compute.amazonaws.com   190.867 ms
 3  100.66.8.40 (100.66.8.40)  171.070 ms
    100.66.8.198 (100.66.8.198)  166.135 ms
    100.66.8.70 (100.66.8.70)  357.351 ms
 4  100.66.10.128 (100.66.10.128)  183.827 ms
    100.66.11.228 (100.66.11.228)  311.162 ms
    100.66.11.230 (100.66.11.230)  333.343 ms

Mac configuration file

above traceroute is from my laptop and we see public DNS 8.8.8.8 is tunnelled through EC2 instance in Asia pacific region and for outside world its the natted Elastic IP on Amazon aws instance.

Hope this helps you to build a VPN of you choice instead of relying on un-known proxies.

-Rakesh

Progress on Image classification and Home-assistant and Dyson integration

Contunuing from the previous post, I was determined to learn some sort of image classification in my free time, I went with Tensorflow/keras as the language or ml language as they have a lot of tutorials around it.

Below youtube series from tensor-flow team will help you get started if you are interested in this

The other part that was a sort of problem for a long time is integration of Dyson Fan with any sort of automation platform like Alexa or python api, Dyson does have an app but apparently they have some issues in UK/Ireland integration, after some research I found that home-assistant supports integration and after a lot of documentation and trials, it looks like home-assistant has now support for it.

Here is the below file that you need to use in the configuration.yaml snippet.

dyson:
username: yourdysonemailaccount
password: yourpassword
language: GB
devices:
- device_id: xxx-xx-xxxxxx
device_ip: a.b.c.d

This has now control for any sort of automation

-Rakesh

Aws Deeplens – meet the devil dog – part 1

Now on first look she is so adorable, don’t be fooled by looks this dog is responsible for destruction of usb cables, foot wear , headphones, trash can openings and garden destruction.

Idea inspired from : https://youtu.be/ALKz1eKj4n0

Aws deeplens – https://aws.amazon.com/deeplens/

So here is the idea, over the course of next few days to months, I will start capturing many constructive and destructive images of my dog and start training a AI model which will give us a reasonable idea on what exactly she is up to when we leave her alone and alert us accordingly.

Am not a ML developer let alone be an expert, but aws makes it easy to train and deploy models and you don’t have to know much to get started. I developed another ML model with aws rekognition which identifies unwanted plants and shrubs in a raised bed.

I got set up this deeplens and deployed a model project in no less than 5 minutes and am being honest. Here is a sample model which identifies cat vs dog , this model comes is among example models.

It has a Mqtt topic which you can subscribe as well

-Rakesh

Improving the moisture model – the final phase

Back from this post http://r2079.com/2020/03/17/telnyx-api-p-sms-and-aws-iot-saves-my-plants-every-single-time/, I did see that using Telnyx and Aws MQTT did indicate the moisture. All good, so why drag this topic ?

Links reference :

https://www.espressif.com/en/products/socs/esp32 – microcontroller used in the project

https://www.banggood.com/Electronic-Plastic-Box-Waterproof-Electrical-Junction-Case-100x68x50mm-p-948113.html?rmmds=search&cur_warehouse=CN

Waterproof Box

https://www.banggood.com/Capacitive-Soil-Moisture-Sensor-Not-Easy-To-Corrode-Wide-Voltage-Monitor-Module-p-1309033.html?rmmds=search&cur_warehouse=CN

Moisture Sensor

https://vruzend.com/ – lithium ion 18650 batteries

https://micropython.org/ – micropython

http://telnyx.com/ – Telecom provider

https://aws.amazon.com/ – Cloud provider

Well, there are multiple aspects to the design itself

1. The system always required usb external power – batteries well dint last long
2. The system always required to be internal or inside home – reason it wasnt weather resistant
3. Costly [ Mqtt Push and and if plant dried out, it would make Telnyx API send me a lot of messages which in turn is a cost ]
4. I never wanted a 24×7 system, I wanted something which comes online once per day and then sort of sleeps for rest of the day
5. Wanted to use micropython, python programming language is something I always found easy on beginners like me, where as C and CPP are difficult in my opinion.
6. I wanted something small and less or no clumsy at all.

So I began working on the project, I always wanted this to make a self-sustaining model and in my effort, now I hope at least I could last it long. Here is what I did so far

Used a Weather-resistant, waterproof box to embed two lithium-Ion rechargeable 18650 batteries in parallel. This should technically provide ESP32 (Microcontroller) to update me 4 times / Day for least to least good 2-3 weeks and if I remove the Red LED then even more and also I can reduce the frequency

I think i finally could use the benefits of a Micro-controller like Esp32 which can deep Sleep for a good amount of time compared to Esp8266 which could only do it effectively for 70 odd minutes.

The applications are now endless, you can use the same idea for measuring, monitoring or alerting anything anywhere based on any condition that you could think of, PS I used electrical tape on the edges so that screws won’t go rusty

final Image from monitoring system looks something like this, the system is designed to get an update every 6 hours, I will write a follow-up post with the relevant code block.

The last thing this needs a small solar panel which powers the two lithiums and this will go as long as it can when placed properly in any location.

suffice to say, this helps and it already did save my plants multiple times.

-Rakesh

New hosting Space on AWS

My blog was at https://r2079.wordpress.com and its now moved to https://r2079.com. Why this change?

First and Foremost – Thrill and Challenge

Secondly – Customization and Cost

Don’t get me wrong, I dint migrate because I wanted to get into web development, its not the case and Am not even at intermediate Level there!

Why – This is a custom domain. This is hosted with Route53 Amazon, WordPress is build on AWS custom instance. The Reasons are very simple

1. I Wanted to include short flash videos in my old blog, word press apparently dint allow it
2. Secondly, I wanted to take frequent backups – was only possible with a huge yearly cost for customization
3. Paying for 1 Route53 domain, opened a lot of DNS options, I cancelled my Dynsubscription which was costing 54 Euros per year, while AWS would get most of it witht 12 USD.
4. Most Importantly, I don’t have to pay anything just to block Ads!

So, This is where it is, I will try to maintain the website now and see how this goes, Till now Infrastructure was maintained and patched by WordPress , from now probably i have to take care of it.

It exciting and equally rewarding that you can customize and also get rewarded at the same time, this also opens a lot of opportunities to spin up load balancers and experiment with my AWS technical skills.

Wireguard Server and QR Code scan in the mobile app – It’s that simple to set-up a VPN

Fancy a VPN build in under 10 minutes? , there are many vendors outside who offer mobile App and connectivity all through the world, most of the times ofcourse they under perform. Be it for beating Apps which impose Geographical restrictions etc.

What is wireguard ?

https://www.wireguard.com/ – you can read all about it

Why do you need it ?

Simple and easy to build your own VPN service plus Pay as you Go by turning off the cloud instance and Wire-guard has some cutting edge encryption at the software level, which makes it performs better even in cloud instances.

Do i need to Install anything?

All you need is to run a docker image.

https://hub.docker.com/r/linuxserver/wireguard – and you will have all install instructions

Ok i have installed whats Next?

Get your Mobile App, and scan the QR code generated by the system.

Next ?

Nothing, download the app and you are good to by scanning this and you are on your way to your own VPN

How do i verify my traffic stats ?

Log into docker and execute wg, all stats will be readily available

-Rakesh

BPF Compiler Collection – BCC in short

Network Tracing sometimes is really important, although most of the times tcpdump utility is quite handy there are other tools that can make life much easier.

while am no expert in eBPF and scripts, i do know how to use bcc-tools in some scenarios.

https://github.com/iovisor/bcc/blob/master/INSTALL.md#ubuntu—binary

Alright What is the scenario:

Let’s start with something small, you want to measure TCP connection latency.

Other interesting options, you can capture lifetime, stats and most importantly TCP-Retransmissions

Ebpf filters are safer and more powerful to implement, give this a consideration during any Linux troubleshooting scenarios.

-Rakesh

Tizona – Cli for Cloud Music

This is not a Network technology related post

https://tizonia.org/ – Opensource Project

In their own words ‘The most powerful cloud music player for the Linux terminal, with support for Spotify (Premium), Google Play Music (free and paid tiers), SoundCloud, YouTube, TuneIn radios, Plex servers and Chromecast devices.’

• 

What this has to do with this Post:

I have just implemented in an old Raspberry Pi which I was about to throw away. Secondly, it’s a passive project from at least 4 years to play cloud music on Linux CLI.

Why this obsession?

Ever think about music play all day but a very very low volume, am that kind of person. I don’t really listen to it very particularly all the times, but some music lingering in low volumes [Am speaking about extremely low volumes] will always help.

Why not use your LAPTOP ?

The very point of spreading it accross the home and not having to deal with GUI interfaces. Its much better for me not to have control as well, I just skip the tracks and will never be able to listen to new tracks.

Secondly, I dont want to spend a lot of money on crazy hardware with their fancy apps, I want to keep the project low and gives some feeling of accomplishment.

• 

Offers Major cloud providers, easiest way create a Playlist there and you already will begin playing music

• 

  Tizonia Help and Various Providers

This is a Fun Project and extremely portable endless control options, you can spin up a simple script and you can have a cron job as well.

-Rakesh

Ostinato – Drone Mode – Traffic Generator

I have started this below article detailing a small subset of what Ostinato is capable of doing, in short, is a traffic generator with great options to modify and dictate the type of traffic that you want to generate and can do it at decent speeds

https://r2079.wordpress.com/2020/02/26/ostinato-packet-generator-test-your-broadcast-and-mitigation-strategies/

What is the Issue: The issue is that Ostinato in default mode is only supported in GUI mode, which is good for many cases but some times especially if you want to send some decent traffic to stress test your MPLS LSP a PC working from home scenario over VPN is not an ideal bet.

Explain more: Well, imagine you have a Cloud provider Instance, most of the instances are CLI based while Ostinato is GUI based.

So How to Proceed: After seeing what Tool is capable of we purchased the full suite which has Python Api support Plugin as well. So it operates something like this

How does it look:

so you have start the drone first, before doing anything else, i was stuck in this phase for more than 2 hours just because i was dumb not to read all the instructions

You can build the packet and save the stream as Python file or you can edit the example file supplied

I found https://www.browserling.com/tools/ip-to-hex, this helped to rename example file to the drone-ip destination field

Also used sed to replace it, it will save a lot of time

• 

That will start sending traffic, obviously you need to go through some documentation to get your feet started but its a nice tool and must have.

-Rakesh