Jeremy's Web Log - July 2014

7.31.2014
9:51pm

Couple of things happening with me this week on the technology front. I received my new work laptop last Friday, a Thinkpad W540. It's got some nice specs, but it is unmistakeably a bulky "mobile workstation" laptop. The battery even protrudes out the back like the high capacity batteries of yesteryear. On the plus side, I got a docking station with it and those are always fun. It supports up to 3 monitors connected to the dock, along with the usual wired gigabit ethernet and USB3.0. The laptop has a Thunderbolt port too. I'm just about done migrating my applications and documents from the old 13 inch Macbook Pro that I got when I started at VCE. That laptop is over 4 years old and definitely time to retire.

My personal Windows 8.1 laptop, a Toshiba Satellite, recently got the HDD swapped with a Corsair SSD that I've had for a year. Unfortunately I've had some difficulties trying to update the Corsair firmware. It immediately fails whenever I try to update the drive, even when it's installed as the secondary non-boot drive. Corsair tech support is suggesting to do a secure wipe of the drive which will erase all the data and set it back to factory defaults. I wouldn't even be trying the firmware update in the first place, but there is an occasional boot problem where the Toshbia laptop doesn't detect the SSD. Kinda frustrating when you have to power cycle the laptop a dozen times to get it to recognize the drive. I never had any problems booting from the drive in a Mac, so I think it may be some compatibility issue with the Toshiba UEFI boot.

Last weekend I was on-call so I was unable to volunteer at the Conservators' Center. Cyndi tackled the grass mowing and trimming without me, because with the recent cool temperatures and plenty of rain the grass has been growing fast. I did go out to the center tonight for a couple hours, and at 5pm it was 78 degrees outside. For the last couple of hours we've been getting some light rain / mist. This weekend it's also supposed to do quite a bit of raining.

7.23.2014
8:20pm

I've been doing a little bit of "home lab" work the last couple days trying out ERSPAN and RSPAN for traffic monitoring. My Catalyst switch can do SPAN and RPSAN, and my Nexus 1000v software switch can do SPAN and ERSPAN. SPAN is pretty boring and something I have used before, but the other two I had never tried to implement.

ERSPAN on the Nexus 1000v is limited to source mode only, and this same limitation applies to the Nexus 5k switches (which I don't have in my lab, but they are a major part of VCE Vblocks). As an ERSPAN source, the 1000v can mirror packets from an uplink ethernet interface, virtual machine / vmkernel vethernet interface, or a VLAN. It will use generic routing encapsulation (GRE) to transmit the mirrored packets to an IP destination that you define. Traditionally, these GRE packets would be sent to a core switch like a Catalyst 6500 or Nexus 7000 series switch, where an ERSPAN destination session would be configured. The destination switch de-encapsulates the original packet, and forwards it to the specified physical interface where a network analyzer / sniffer is attached. In my case, I don't have a switch with the capability to act as an ERSPAN destination. Instead, I set the destination to the IP address of my laptop that is running Wireshark. Wireshark (at least fairly recent builds) can natively understand GRE packets and will display the de-encapsulated protocol information and payload. As long as the source switch has a valid route to the destination sniffer machine, the ERSPAN packets will be sent there. I was able to set up the Nexus 1000v to capture my virtual machine traffic on VLAN 1 and send it to my laptop. I didn't realize just how much continual network traffic there is in an idle VMware environment until I looked at the captured packets. My two ESXi hosts are constantly talking to vCenter and transmitting syslog data. When using ERSPAN, Wireshark doesn't even need to be in promiscuous mode. Another nice advantage is that regular network communication works on the sniffing machine, with traditional SPAN that is not possible unless you configure multiple network interfaces.

This blog post at Packet Pushers was very helpful in getting the ERSPAN configuration set up in my lab.

For the RSPAN configuration, I used my Catalyst switch as the source. First I created a new VLAN 100 as "remote-span" VLAN. This VLAN should only be included on trunks where RSPAN traffic is desired. VLAN pruning with VTP can be very helpful. I then created a new monitor session with a source of VLAN 1, and a remote destination of VLAN 100. Each individual RSPAN session has to use its own VLAN. If I was going to send this mirrored data to another Catalyst switch, I would need to create the same VLAN 100 with "remote-span" on the second switch, unless VTP was configured. You also have to make sure the RSPAN VLAN is trunked between switches. I wanted to use a vSphere distributed switch (vDS 5.5) as my destination, and I already had a host configured with one vmnic attached to the distributed switch. I added VLAN 100 to my switchport trunk interface connecting to the host vmnic. Next, I created a new port group on the vDS for VLAN 100. In the VM settings for my Wireshark sniffing machine, I modified the network adapter configuration to use that new port group instead of the standard vSwitch. Lastly, I went to the vDS Port Mirroring configuration section and created a new Remote Mirroring Destination session. Note this must be done using the vSphere Web Client. I chose to disallow normal I/O on the destination port, since the VM was only being used for Wireshark and I had direct console access through vCenter. My source VLAN was 100 (matching the Cisco remote-span VLAN) and the destination port ID was my sniffer VM that had already been connected to the dVS. Once the mirroring session was up, I was able to get packets captured with Wireshark in promiscuous mode on the VM network interface. Unlike ERSPAN, this configuration requires promiscuous mode so that the host won't drop frames that have a different destination MAC address in the header.

This post from VMware explains the reverse RSPAN configuration with the distributed switch, where source data is being taken from virtual machines and sent externally to a network switch connected to the sniffer.

On a side note, my home lab currently has both vCenter Server (Windows) and the vCenter Server Appliance (Linux) running. I've got one HP server connected to the vCenter appliance and using Nexus 1000v, and the second HP server is connected to the Windows vCenter and is using standard vSwitch plus the distributed virtual switch. Normally I have both HP servers connected to the vCenter appliance so that I can vMotion machines from one host to the other for maintenance and upgrades.

7.21.2014
10:08pm

I finally finished watching the Dexter series. Thank goodness for Netflix and not having to wait a week in-between each episode. I found it interesting that the actor who played Dexter was married in to the actress who played his sister on the show, from 2008 to 2011.

I've been having some problems with my work laptop (an older Macbook Pro), last week I got frustrated enough that I restored a 10.8.5 backup and then did a new upgrade to 10.9.4 since my last OS backup of 10.9 kept freezing constantly. The hardware seems to be fine, just something got hosed up with OS X and it would only work properly in safe mode.

I have a new work laptop on order, but it will take a couple weeks to get here and it is a Thinkpad instead of a Mac. Our department at VCE is no longer purchasing Macs, although there are some other sections of the company that can still get them. I use both types of computers daily, so switching is not a big deal.

Recently I've been enjoying some of the timber framing videos from Wranglerstar. Not that I intend to ever do my own timber framing, but it's interesting to learn anyway.

7.17.2014
8:57pm

Stung by a wasp today, little bastards. I went out to the Conservators' Center after work today to put together a new stainless steel work table that I donated for the animal keepers. The dirt driveway, which has long been overdue for improvement, has been graded and covered with new crush and run. So hopefully no more "running the pothole gauntlet," at least for a long while.

I've been working steadily to complete my Netflix watching of all the Dexter seasons. Currently halfway through season 7, so there's only one full season remaining. Also have been watching some Masterchef episodes and a few other random things. Once I finish Dexter I need to watch the rest of Wilfred season 2, watched the first couple episodes but that was it so far.

Next week I'm planning to catch up with Jonathan Hester, one of my friends from high school back in Wilmington. I got to see him a few years ago when I was in Wilmington for a work trip, but he and his wife have lived in Raleigh for the last couple years.

I'll be hanging out at Kure Beach for a few days in mid-August. Sharing a rented beach house with some friends, should be fun.

7.14.2014
10:42pm

I have been foiled again by the Disney vault. I did not realize they were still continuing that frustrating practice where they remove their most popular animated movies from home video distribution. If I watched live network television I'm sure I would have seen their ads about "buy now, before it's too late."

The first time I learned about the "vault" was way back in late 2003 or early 2004, when I wanted to get a copy of Beauty and the Beast on DVD. I remembered seeing the movie for sale at the Disney store in 2003 and figured it would be no big deal to get a copy later. Well, that was completely wrong. The market value of the DVD (both new and used) jumped up substantially when Disney "sent it back to the vault" and I refused to pay $70-80 for a single DVD. I ended up picking up a used copy of the Beauty and the Beast CAV laserdisc for like $7.

This time around, I have missed my chance to purchase Beauty and the Beast on blu-ray for MSRP. It's currently available on Amazon from 3rd party sellers for $79.99. Sleeping Beauty is a whopping $85. The Lion King blu-ray is up to $62 (which I already purchased a while ago), Fantasia and Pinocchio have jumped up a little bit to $40.

It's not too late to get a copy of Peter Pan for a reasonable price, because it was just put on moratorium at the end of April. $28 for the blu-ray/DVD combo from Amazon.

7.12.2014
9:21pm

Watching some back to back episodes of Masterchef on Hulu. I pulled out the grill this evening to cook some marinated pork tenderloin, which I had with caesar salad and french bread.

Yesterday evening after work, and the bulk of the day today was spent volunteering at the Conservators' Center, helping Cyndi with the mowing and trimming. It hasn't rained much here in the last few weeks so the grass still wasn't very tall. Still hard work with a heat index near 100.

7.10.2014
10:31pm

After waiting a long time for Apple IOS 7 to be stable and bug fixed and all that good stuff, I finally upgraded my iPhone 5 to IOS 7 tonight. And of course it didn't go as planned. Shortly after it finished downloading and started installing on the phone, I got the "Connect to iTunes" screen which indicates the phone is in recovery mode. The phone is completely unusable until it has been "recovered" with iTunes. This can be a major problem if you decide to upgrade your phone or tablet while traveling away from your computer. It can also be a major problem if you don't have a recent backup of the device stored on your computer or on Apple iCloud. Fortunately I had iCloud backup turned on. Once the phone was wiped and finished installed IOS 7, I was able to recover all my apps and settings from iCloud.

My iPad has been running IOS 7 for quite a few months now, so I'm already adjusted to the new look and feel. One of the reasons I waited so long to upgrade the iPhone is because I used an inexpensive 12V car charger that was not "Apple licensed" for the lightning port. IOS 6 did not enforce the licensing, but it is now enforced in IOS 7. The connector on my cheap charger finally wore out, so I bought a new licensed Griffin charger from Best Buy. That removed the last obstacle to the IOS 7 upgrade (or so I thought).

Tonight I also did a water change on my 125 gallon aquarium. I usually change 30 gallons every 2-3 weeks.

7.09.2014
10:52pm

Trip to Alamance Crossing tonight for some Brixx pizza and to finally see How To Train Your Dragon 2. I enjoyed the movie enough to pick up a copy when it comes out on Blu-ray. Wasn't real impressed with the couple of songs they used in the movie, but the score was decent just like the first movie. During the previews I saw there will be a Penguins of Madagascar movie coming out next year. The teaser trailer was pretty funny, but I'm not sure how the penguin characters will pan out in a feature length movie.

7.08.2014
5:38pm

Watching a video from Onelonelyfarmer, one of my Youtube subscriptions. All kinds of interesting farming and equipment videos on his channel.

I decided that I'm going to do a series of posts on my current aquariums, starting with the 20 gallon long swordtail tank that is upstairs in my loft / office area.

The swordtail tank started with 2 adult "mickey mouse" females and 1 adult red wag male. It's got a small piece of mopani driftwood at each end of the tank, which creates a small cave area in the back corners. There's a coconut husk thing I got from Petco that was covered in java fern when I bought it, but now the java fern has grown substantially and covers most of the middle area of the tank. There's an anubias at each end attached to the driftwood. Floating in the middle is some hornwort that grows pretty quickly. I periodically remove some and place it in my other tanks that don't grow it as fast. Substrate is sand in the middle, with aquarium gravel on the two ends. For illumination, there are two 21" long LED light bars from Marineland. For filtration there is a Marineland Penguin 150B on the left side, and an Aqueon 10 gallon filter on the right. Heater is an Aqueon Pro.

Currently there are some swordtail fry living in the tank, as well as 5-6 adolescents. They seem to mostly be red wag colored, although a few have lighter tails that may end up looking like the mickey mouse style. Aside from three fry that I gave to Taylor a while back for her tank, I have kept all the rest of the babies. The adults don't seem to have any desire to eat their fry. There's also one adult platy living with the swordtails. When I get some more fully grown adult swordtails, I will move them to my 125 gallon tank and see how they get along with the rainbowfish.

7.07.2014
9:39pm

Another year older, another year wiser? On paper at least. Currently listening to the new score release from Disney, The Legacy Collection - The Lion King. More Hans Zimmer goodness. There was even some discussion on TLK-L in the last few days about the album, and that mailing list has been pretty dead since 2011.

I tried to get access to my web host a couple weeks ago, and didn't remember the right password. Of course by the time I gave up and reset the password, I had hit the security throttling limit of Polurnet so I couldn't even try to sign in until the next day. Now my cPanel and FTP access is working once again.

Last week was the "Take a break" week at VCE, where a large portion of the company goes on vacation at the same time. This is a concept they borrowed from Cisco I believe, and 2013 was the first year that VCE had the break week. It encourages people to relax halfway through the calendar year, and recharge their batteries before tackling the second half. I don't mind the "coerced" vacation since I get 4 weeks per year anyway.

During the break week I spent a couple of the days visiting my parents in Virginia for the 4th of July, a couple days volunteering at the Conservators' Center, and one day for a trip to Tiger World, the private zoo down near Charlotte. My friend / neighbor / pet-sitter who works at CCI came along. It was hot and humid, but the trip is something I had been wanting to do for over a year. I even bought a LivingSocial deal a few months back for half off admission. They had some interesting primates and birds, and an impressively large bear exhibit. They have a new tiger enclosure under construction with a large swimming pool, and another enclosure for a pair of cougars they were supposedly getting this week.

The Virginia trip was really wonderful. I drove up on Friday in my MX-5, equipped with brand new wheels and tires that I bought from Tire Rack. The old tires were 6 years old and the TPMS sensors were going to need replacing soon anyway with the batteries wearing out. The temperature was great with the top down, no rain in sight and low humidity. I took my parents some popcorn from Carolina Popcorn Shoppe in Raleigh, and some donuts from T Distefano's bakery in Mebane. My favorite donut shop, NC Jelly Donuts, was closed on Friday for the holiday. My dad cooked ribs on the 4th, excellent as usual. We watched the Hunger Games sequel, which I hadn't seen or purchased yet. On Saturday, the three of us (and my mom's three shetland sheepdogs) went to Peaks of Otter for a strenuous hike up to flat top. Part of our hike loop was a couple miles along the Blue Ridge Parkway, and we saw lots of motorcyclists out enjoying the weather. After the hike we had some barbequed burgers near Little Stoney Creek. A quick stop for ice cream on the way back to Christiansburg, then I had to hit the road back to NC. The drive back was just as nice, in fact it got somewhat chilly by the time I crossed the state border heading into Yanceyville.

Also happening last week was Hurricane Arthur, which made landfall in the Shackleford Banks, NC as a category 2 storm. Some of my friends were staying near Kill Devil Hills so they got quite a bit of wind and rain. Beautiful day following the storm though.

When checking some links on this personal web site, I realized that Varrow finally got rid of my old Varrowblogs page. Fortunately the internet archive still had a copy of my posts since 2011, complete with photos. I copied it all and dumped it to a Word document for retention. I had some useful information in there that I still refer back to occasionally.

The music and movies pages are getting updated tonight.