Category: Linux

Printing over IPv6 to a Canon MP495

Yesterday I posted that my new Canon Pixma MP495 also supports IPv6.

I had to test if I could print over IPv6, so I switched from IPv4 to IPv6 in the printer configuration (Note: You have to select IPv4 or IPv6, there is no Dual-Stack!). Before doing so I wrote down the MAC Address of the printer, I would need that to find it on my network, since the printer would get a IP from the Router Announcements my Linux router send out.

After turning on IPv6 the printer got his address within a few seconds and I was able to browse through the webinterface with Firefox.

Now I wanted to print over IPv6, the first thing I checked was if CUPS under Ubuntu 10.04 supported IPv6. It seems that CUPS supports IPv6 since version 1.2 and Ubuntu 10.04 is shipped with CUPS 1.4, so that was OK.

Then I created a DNS record for my printer, I pointed a AAAA-record to my printer, just so I dind’t have to type the address all the time. And DNS has been developed for NOT typing IP-Addresses, isn’t it?

Now I had to configure CUPS to print over IPv6, my goal was to do this via the GUI and not use any command-line stuff, that was even easier that I thought.

Adding the printer can be done in a few simple steps:

  • Go to System -> Administration -> Printing
  • Add a printer
  • Choose “Network Printer”
  • Choose LPD/LPR Host or Printer
  • In the host field, put the DNS record to your printer (or add the printer in /etc/hosts)
  • Then choose “Probe”
  • At “Queue”, select “ps”
  • Click on “Forward”
  • Choose “Provide a PPD file”
  • Download this PPD file and choose it as the driver
  • Add the printer!

Your printer settings should then look like:

Your are all set, the printer should work over IPv6 after this steps. Happy printing over IPv6!

Bonding, VLAN and bridging under Ubuntu 10.04

The last few weeks I spend a lot of time upgrading Ubuntu 9.10 systems to 10.04, these systems are SuperMicro blade systems with 2 NIC’s per blade.

By using bonding (active-backup) we combine eth0 and eth1 to bond0. On top of the bond we use 8021q VLAN’s, so we have devices like bond0.100, bond0.303, etc, etc.

Those devices then are used to create bridges like vlanbr100 and vlanbr303 to give our KVM Virtual Machines access to our network.

This would result in a setup like:

eth0 -> |
        | -> bond0 -> bond0.100 -> vlanbr100
eth1 -> |          -> bond0.303 -> vlanbr303

Under Ubuntu 9.10 and before this setup worked fine, but under Ubuntu 10.04 we noticed that the network inside the virtual machine wouldn’t work that well. The ARP reply (is-at) would be dropped at the bridge and didn’t get transferred to the Virtual Machine.

If I’d set the arp manually inside the VM, everything started to work, but ofcourse, that was not the way it was meant to be.

After hours of searching I found a Debian bugreport, that was exactly my problem!

It seems that Ubuntu’s ifenslave-2.6 package (1.10-14) under 10.04 has exactly the same bug. Backporting the ifenslave package from 10.10 (1.10-15) fixed everything for me, my virtual machines would start to work again.

I created a bug report for this at Ubuntu, hopefully they will fix it in 10.04 rather quickly.

For now, if you have the same problem, just backport the ifenslave package from 10.10 to 10.04

Canon MP495 supports IPv6!

While we are nearing the end of the IPv4 pool, a lot of consumer electronics (even Enterprise routers) do not support IPv6.

Today I bought a new printer to use at home. It had to be a printer which would work over WiFi, after some time at the local store I choose the Canon Pixma MP495, a simple printer, just what I needed.

After configuring it (which I had to do via Windows), I browsed to the IP of the printer and saw that it supported IPv6! (Even IPsec) Wow, that is something you don’t see often.

Haven’t tested it with my Ubuntu 10.04 laptop yet, but it is nice to see manufacturers start implementing IPv6 in ordinary products!

Make-kpkg fails due to a ‘+’/plus appended to the kernel version

This weekend i tried to compile a patched 2.6.35 kernel and wanted to install this on multiple machines. But it kept failing when the .deb files were created.

make-kpkg kept complaining that the kernel version, 2.6.35-rbd+ was not in the “control info”.

After some searching i found out this was due to CONFIG_LOCALVERSION_AUTO not being set.

Setting this to ‘y’ solved it for me, now my kernel compiled and got packed the way it should.

Nokia, shame on you..

Last november i bought a Noka N900, the reason for my purchase was because it ran Maemo which gave me the freedom to do with my phone whatever i wanted to (with some limitations ofcourse 😉 ).

I’ve been using my N900 intensive since then, using it the whole day to keep up to date with my work, manage some servers through SSH and keep in touch with Jabber Instant Messaging.

Really, the N900 is a great phone and even better when you like Linux as much as i do.

But there was a downside…. A few weeks ago (half April) my phone started to complain that my memory was full, so i couldn’t receive any more IM’s or SMS’s. When i opened a terminal and did a “df -h” it showed me that i was only using 23% of the internal memory. A reboot solved it, so i guessed it was a bug somewhere.

After a few days the phone started to reboot itself and kept complaining whenever i wanted to save something to the internal MMC memory, so i opened up a terminal and typed “dmesg”, well, then i knew what was wrong: The internal MMC memory was broken.

So i started to search the web and i found this thread: talk.maemo.org

It seemed i wasn’t the only one! I contacted Nokia (since i bought the phone from them directly) and they told me i could return it to “BelCompany” (A Dutch phone store) which would then return it for me to the Nokia Service Center.

And so they did.. After a week i got my phone back with the message: Software reprogrammed

Well, i didn’t think that would fix it and it didn’t. After 5 minutes of usage i opened a terminal again and i saw the kernel spitting out errors again about mmcblk0p2. So i went back to “BelCompany” and they returned it again to Nokia.

Guess what? I got my phone back again with the same message and it is still broken!

So i got a broken phone back from the repair center for the second time! I brought the phone back to “BelCompany” again and they urged Nokia to replace my phone with a new N900.

Nokia, shame on you! When i returned my phone to the Nokia service center i attached 3 A4’s with error message from the phone and ways you could reproduce the problem, but in stead you just reprogrammed the MMC and sent it back to me again. Really not the way to treat people when they pay EUR 599,00 for a phone!

To be continued..

How to turn off the Journal with EXT4

For a specific system i wanted maximum performance, so i tried of turning the journaling on my ext4 device.

It took me some time to find out how, so here is a small howto:

1. Unmount your EXT4 filesystem
2. tune2fs -O ^has_journal /dev/sdX
3. mount your filesystem again.

And voila! You have an ext4 filesystem without a journal.

Note: This works if you have a kernel newer then 2.6.28!

ActiveSync (Z-Push) sync with Zarafa and Nokia N900

Recently i bought a Nokia N900 and started right away with configuring my Exchange (Zarafa) account, but i didn’t work.

Syncing a mobile phone works via Microsoft’s ActiveSync, in Zarafa’s case this is implemented via Z-Push.

After making a post on the Z-Push forum i got in contact with Andreas (a Z-Push) and he found out what the problem was. Z-Push implements Exchange 2003 and the Nokia N900 requires Exchange 2007.

Andreas started working on some fixes and after a few days of mailing he made an alpha version which also support the Nokia N900.

At the moment i am running the Alpha in conjunction with my Zarafa envirioment and it works fine, so for all the other N900 users, help is on its way!

Protecting yourself against a DDoS with varnish

Today we received another DDoS attack on of our clusters.

99% of the DDoS attacks we receive are floods on port 80, not really Syn Flood attacks, but just a large stream of garbage on port 80 from thousands of hosts. This results in Apache just spawning processes and eventually locking up.

About two weeks ago i read about Varnish, this high performance HTTP proxy also seems to be a real life-saver when it comes to DDoS attacks.

Since we were really out of options i gave Varnish a go and installed it on our webservers. I configured Apache to listen on 127.0.0.1:80 and Varnish to listen on the public IP.

After doing this on 10 webservers i sat back and watched everything getting back to life!

This is because Varnish only forwards a HTTP request to the backend (Apache in this case) when it is complete, so this protects Apache from getting al the garbage and spawning useless childs.

So if you ever get a DDoS (and i really hope not!), keep Varnish in mind for saving yourself!

At the moment Varnish really looks like a permanent solution in our hosting envirioment, with some special Apache modules you can make it a transparant proxy, see: mod_extract_forwarded2

rtc timer problems when running Asterisk in KVM

For our VOIP we use Asterisk ( www.sipcat.com ). Recently we migrated the server from a physical machine to a KVM virtual machine under Ubuntu 9.04

When searching around i found some problems around running Asterisk in a VM, but there were also some succes stories.

I kept getting the message:
rtc: lost some interrupts at 1024Hz

I was able to solve this by disabling APIC for this virtual machine, i kept ACPI enabled.

Multipath iSCSI under Linux

Building a iSCSI Target (Server) under Linux is fairly simple, just install Enterprise iSCSI Target (IET) and you are ready. The Initiator (Client) is simple to, just use Open-iSCSI and you are ready to go, but how do you make this redundant?

When i first started using iSCSI i heard about the term “multipath”, i read that you could make a redundant IP link to your iSCSI Target with multipath, but how?

Searching on the web didn’t give me real practical anwsers. After using multipath for about 2 years now, i thought, why don’t i make a blog post about it so other people can have redundant iSCSI to!

For this example i have a iSCSI Target with two IP’s:

  1. 172.16.0.1/255.255.255.0
  2. 172.16.1.1/255.255.255.0

These IP’s given to eth0 and eth1, via two switches the connectivity is given to my initiator with the IP’s:

  1. 172.16.0.101/255.255.255.0
  2. 172.16.1.101/255.255.255.0

So there is a redundant network connection to the target, now we just have to start using this.

My target has as IQN: “iqn.2009-11-11.widodh.storage:iscsi-001”

I suppose you know how to configure IET and Open-iSCSI, so i’ll just skip the regular configuration. In this example my Target exports one LUN of 10GB.

On the client (Ubuntu 9.04 (Jaunty)) you have to install:

  1. open-iscsi
  2. multipath-tools

And that’s it, there is no configuration needed for multipath, this is all done dynamically.

Now we are going to discover the Target on both IP’s and log on to it:

iscsiadm -m discovery -t sendtargets -p 172.16.1.1
iscsiadm -m discovery -t sendtargets -p 172.16.0.1
iscsiadm -m node -T iqn.2009-11-11.widodh.storage:iscsi-001 -p 172.16.0.1 --login
iscsiadm -m node -T iqn.2009-11-11.widodh.storage:iscsi-001 -p 172.16.1.1 --login

The nicest thing about this is, that Multipath itself discovers that there is a redundant connection to a SCSI device and everything is done for you.

In “/dev/mapper” you’ll find (for example) “14945540000000000000000000100000099b2f8000f000000″and that is your multipath device.

You can list your multipath devices with:

multipath -ll

In my example this looked like:

14945540000000000000000000100000099b2f8000f000000dm-0 IET     ,VIRTUAL-DISK  
[size=35G][features=0][hwhandler=0]
\_ round-robin 0 [prio=1][active]
 \_ 4:0:0:0 sdd 8:48  [active][ready]
\_ round-robin 0 [prio=1][enabled]
 \_ 3:0:0:0 sdc 8:32  [active][ready]

Multipath detected a redundant path for “sdc” and “sdd” and created a device which i could use.

If one of the connections goes down for what ever reason, you should see this in your dmesg:

[ 2070.285310] device-mapper: multipath: Failing path 8:32.

Multipath will then show:

sdc: checker msg is "directio checker reports path is down"
14945540000000000000000000100000099b2f8000f000000dm-0 IET     ,VIRTUAL-DISK  
[size=35G][features=0][hwhandler=0]
\_ round-robin 0 [prio=1][active]
 \_ 4:0:0:0 sdd 8:48  [active][ready]
\_ round-robin 0 [prio=0][enabled]
 \_ 3:0:0:0 sdc 8:32  [failed][faulty]

Yes, you will see a lot of SCSI errors in your dmesg, but since you have a redundant path that is nothing to be worried about.

Just keep in mind, use “/dev/mapper/14945540000000000000000000100000099b2f8000f000000” as your block device for whatever you intent to use it!

Multipath in combination with iSCSI is really great, a simple network hickup will never get your services down and you can keep your network like a basic Layer-2 network, no STP is needed, the redundant paths can go over fully seperated links which decreases the chance for downtime!

Have fun using multipath!