New hosting Space on AWS

My blog was at https://r2079.wordpress.com and its now moved to https://r2079.com. Why this change?

First and Foremost – Thrill and Challenge

Secondly – Customization and Cost

Don’t get me wrong, I dint migrate because I wanted to get into web development, its not the case and Am not even at intermediate Level there!

Why – This is a custom domain. This is hosted with Route53 Amazon, WordPress is build on AWS custom instance. The Reasons are very simple

1. I Wanted to include short flash videos in my old blog, word press apparently dint allow it
2. Secondly, I wanted to take frequent backups – was only possible with a huge yearly cost for customization
3. Paying for 1 Route53 domain, opened a lot of DNS options, I cancelled my Dynsubscription which was costing 54 Euros per year, while AWS would get most of it witht 12 USD.
4. Most Importantly, I don’t have to pay anything just to block Ads!

So, This is where it is, I will try to maintain the website now and see how this goes, Till now Infrastructure was maintained and patched by WordPress , from now probably i have to take care of it.

It exciting and equally rewarding that you can customize and also get rewarded at the same time, this also opens a lot of opportunities to spin up load balancers and experiment with my AWS technical skills.

Wireguard Server and QR Code scan in the mobile app – It’s that simple to set-up a VPN

Fancy a VPN build in under 10 minutes? , there are many vendors outside who offer mobile App and connectivity all through the world, most of the times ofcourse they under perform. Be it for beating Apps which impose Geographical restrictions etc.

What is wireguard ?

https://www.wireguard.com/ – you can read all about it

Why do you need it ?

Simple and easy to build your own VPN service plus Pay as you Go by turning off the cloud instance and Wire-guard has some cutting edge encryption at the software level, which makes it performs better even in cloud instances.

Do i need to Install anything?

All you need is to run a docker image.

https://hub.docker.com/r/linuxserver/wireguard – and you will have all install instructions

Ok i have installed whats Next?

Get your Mobile App, and scan the QR code generated by the system.

Next ?

Nothing, download the app and you are good to by scanning this and you are on your way to your own VPN

How do i verify my traffic stats ?

Log into docker and execute wg, all stats will be readily available

-Rakesh

BPF Compiler Collection – BCC in short

Network Tracing sometimes is really important, although most of the times tcpdump utility is quite handy there are other tools that can make life much easier.

while am no expert in eBPF and scripts, i do know how to use bcc-tools in some scenarios.

https://github.com/iovisor/bcc/blob/master/INSTALL.md#ubuntu—binary

Alright What is the scenario:

Let’s start with something small, you want to measure TCP connection latency.

Other interesting options, you can capture lifetime, stats and most importantly TCP-Retransmissions

Ebpf filters are safer and more powerful to implement, give this a consideration during any Linux troubleshooting scenarios.

-Rakesh

Tizona – Cli for Cloud Music

This is not a Network technology related post

https://tizonia.org/ – Opensource Project

In their own words ‘The most powerful cloud music player for the Linux terminal, with support for Spotify (Premium), Google Play Music (free and paid tiers), SoundCloud, YouTube, TuneIn radios, Plex servers and Chromecast devices.’

• 

What this has to do with this Post:

I have just implemented in an old Raspberry Pi which I was about to throw away. Secondly, it’s a passive project from at least 4 years to play cloud music on Linux CLI.

Why this obsession?

Ever think about music play all day but a very very low volume, am that kind of person. I don’t really listen to it very particularly all the times, but some music lingering in low volumes [Am speaking about extremely low volumes] will always help.

Why not use your LAPTOP ?

The very point of spreading it accross the home and not having to deal with GUI interfaces. Its much better for me not to have control as well, I just skip the tracks and will never be able to listen to new tracks.

Secondly, I dont want to spend a lot of money on crazy hardware with their fancy apps, I want to keep the project low and gives some feeling of accomplishment.

• 

Offers Major cloud providers, easiest way create a Playlist there and you already will begin playing music

• 

  Tizonia Help and Various Providers

This is a Fun Project and extremely portable endless control options, you can spin up a simple script and you can have a cron job as well.

-Rakesh

Ostinato – Drone Mode – Traffic Generator

I have started this below article detailing a small subset of what Ostinato is capable of doing, in short, is a traffic generator with great options to modify and dictate the type of traffic that you want to generate and can do it at decent speeds

https://r2079.wordpress.com/2020/02/26/ostinato-packet-generator-test-your-broadcast-and-mitigation-strategies/

What is the Issue: The issue is that Ostinato in default mode is only supported in GUI mode, which is good for many cases but some times especially if you want to send some decent traffic to stress test your MPLS LSP a PC working from home scenario over VPN is not an ideal bet.

Explain more: Well, imagine you have a Cloud provider Instance, most of the instances are CLI based while Ostinato is GUI based.

So How to Proceed: After seeing what Tool is capable of we purchased the full suite which has Python Api support Plugin as well. So it operates something like this

How does it look:

so you have start the drone first, before doing anything else, i was stuck in this phase for more than 2 hours just because i was dumb not to read all the instructions

You can build the packet and save the stream as Python file or you can edit the example file supplied

I found https://www.browserling.com/tools/ip-to-hex, this helped to rename example file to the drone-ip destination field

Also used sed to replace it, it will save a lot of time

• 

That will start sending traffic, obviously you need to go through some documentation to get your feet started but its a nice tool and must have.

-Rakesh

Telnyx api/sms saves my plants! Every single time.

When its a holiday, I do some house-hold farming, mostly into Hydroponics which is based on water and associated nutrients and does not require soil as a medium.

Let me show an example.

As you can see, Plant drinks up water, and the one which you are seeing is lemon plant from its seed stage, Monitoring water level is extremely important and for me there are many more in home so cant be keeping track of everything.

So sensor gets the data, Raspberry Pi talks to AWS IOT securely since Microcontrollers are still a pain to handle SSL and Rpi makes it easy and after processing MQTT message AWS IOT will process based on the Rules, in our case if the treshold is below 500 then plant is drying up.

Why Not Inbuilt SES/SMS with AWS ?

SES works great but I check my emails only once in two days and there is no way to alert based on the email, SMS I wanted to used multiple number pool (thinking to expand) and Cost with Telnyx is Really Amazing to do any Communication services

I have tried other vendors and results are not great either my carrier has some integration problems or whatever SMS never reaches to my mobile while I get charged, the two reliable ones are Telnyx and Amazon depending on your cost/integration and ease of use.

Telnyx API is just 4 lines and you can pretty much integrate it with non AWS application as well. Check out this

Api is amazingly easy – https://developers.telnyx.com/docs/v1/messaging

Look at the code

https://github.com/yukthr/auts/blob/master/random_programs/sendsms.py

Overall, this has been working fine for me for some while now

If you need to know more about Telnyx and Services

• https://telnyx.com/
• https://developers.telnyx.com/docs
• https://telnyx.com/products/programmable-sms

Amazon components

• https://aws.amazon.com/ses/
• https://aws.amazon.com/lambda/
• https://aws.amazon.com/iot/

Future idea is to integrate some AI/ML and predict. This has been a fun project and can be extended to other domains as time permits.

Ostinato – Packet Generator – Test your broadcast and mitigation strategies

I used ostinato long before when it was in early stages probably, at that point I never had any real need to use a packet generator as the place I was working was already equipped with IXIA and Spirant best in Class Packet generators.

https://ostinato.org/ – is the link

Whats the use case – Well I wanted to test LSP loadbalancing and also specific scenario of BUM traffic and how well it can be contained lets say in Switching level QFX and also VPLS level

Its doing a good job, though it started as open source, author now sells it with some minimal fee to keep up with the development costs.

You could also use scapy and i wrote a small program to do this , problem is scapy sorts of waits for some of the responses and i have not yet figured out what needs to be solved there

• 

Testing Ostinato on QFX and its really good so far. Storm control got in and stopped transmitting any packets through the interface.

• 

At the end, this is a nice to have tool for any sort of packet crafting and limited scale testing for proof of concept scenarios.

-Rakesh

Lora – Test and results – awesome

What is LORA – Best reference – https://www.thethingsnetwork.org

I will anyways attempt to define this as a newbie who just got into this technology

“with the help of a specific Receiver and Transmitter and using Radio waves you can send small bits of information to long ranges without the need of repeaters or wireless IP networking gear. “

Why is this useful – I have many use cases simple one being measuring soil moisture for plants and measuring water level in an overhead tank.

I currently have a very expensive setup of a Raspberry Pi zero wireless, a Repeater to repeat my Base Ip Network and a solar panel to power the power-hungry sensor as Raspberry pi does not know how to go into Deepsleep and wakeup.

Lora Makes it simple and even in reasonable living space, wireless routers do not perform well to cover the range up till the back yard garden.

What do you need – Listed in the below article and its nicely written

Most of the Sample Code – https://randomnerdtutorials.com/ttgo-lora32-sx1276-arduino-ide/

I have tested its range till 300m without any issues at all, that’s like 4 times what my wireless router can do!

LORA Receiver

LORA Sender

3D printer printing LORA cover.

some reference notes

Project from here on will be very simple, use one AWS GreenGrass Node to publish all the values to AWS SNS system, involve Lambda to Trigger some alerts, Have a nice time series like Influxdb doing Time Series representation and Grafana to dashboarding.

I will try to do a prototype of hardware and software in coming months and I hope it helps anyone in the farming field.

-Rakesh

Dyndns and Openvpn – Remote Management

Please no Team viewer or crappy neverheard-vpn discounted services ! It wont work on my headless Raspberry Pi’s and lot of clutter to manage.

I have visited my home and was doing some hobby IT setup with Raspberry Pi’s, the problem is that i had problems many times accessing my home PC in another Remote Location due to many reasons, lets say crappy ISP. I contacted my ISP and they said I need to take a static IP and also pay for opening up two non standard ports. Its like you pay to get tortured and then additional headache of Port forwarding.

To add more to the pain, the IP that i get from my upstream provider is a Private IP, wow I havent seen that for a while. Anyways, to get around this I was thinking about using OPENVPN as a solution along with Dyndns.

Now, setup is very simple

Clint-pc (Location 1) ———-AWS(OPENVPN)————Client-pc (Location 2)

Why AWS -> Accessible and Cost

Problem is changing IP, I dont have any business requirement or criticality to buy a Elastic IP , but whole point will be lost if my clients wont know what to access, worse I will never have access to location-2 if am in location-1 to change IP Addresses

I have mapped OPENVPN with dyndns script.

https://help.dyn.com/ddclient/

This really solved most of the problem, but should i be running AWS t3 instances for 24×7 which will cost me more for not using the service at all. Hence Dyndns will solve the IP-Domain name lookup without needing an Elastic IP.

Rest of the configuration from client side is

Connecting to Access Server with Linux

There is a little knob which will enable communication between the VPN hosts, which you have to enable

The final problem is that what if i stop the server and when i start how do i ensure Clients connect back automatically

Two instances

• When Client Reboots – A Reboot cron to automatically connect to the DNS url
• When Server stops / starts / reboots – A retry from Client endlessly to connect to VPN.

-Rakesh

Editing Files in a Docker Container

This is the quick and easy way I learned to edit some files within a Docker container. Professional DevOps engineers might be doing it in a different way, this is the network engineers way of doing things 😉

 

 

-Rakesh