Category: Work

Benchmarking the Mikrotik Routerboard RB1100

I attended and gave a talk at the recent Irish Wireless Conf & Expo on behalf of INEX. I don’t get to do much with wireless links and as such I found many of the talks and exhibitors very interesting. One company that had a large presence through both Wireless Connect in Dublin and Irish Wireless in Shannon was Mikrotik – a company manufacturing routers built on Linux and some kit that I had been meaning to look at for some time.

Following the conference I picked up some RB750’s and RB750G’s and was very impressed. So much so, that I picked up a RB1100 also. The RB1100 specifications include:

  • 13 individual 1Gbps ports;
  • 2 x 5 port switch groups;
  • 800MHz Power PC MPC8544E processor;
  • SODIMM RAM slot with up to 1.5GB RAM;
  • 1 x microSD card slot;
  • 1U rack mount case.

I decided to benchmark this to see at just what rate it could route packets.

Benchmark Methodology and Tests

I used two PCs running Linux with iperf to measure TCP throughout with different packet sizes. To establish a baseline, I ran the same tests with the two PCs directly connected (this is the Direct Connection results below). The maximum achievable result with this is 1Gbps.

An example command line for the test which runs for 10 secs by default and for a packet size of 64 bytes is:

iperf -f m -i 1 -c 10.0.0.1 -l 64

Then I ran four test sets routing traffic between two networks as follows:

  1. No c/t, no f/w: connection tracking disabled and firewall set to allow all;
  2. No c/t, f/w: connection tracking disabled but with some simple firewall rules;
  3. C/t, no f/w: connection tracking enabled but firewall set to allow all;
  4. C/t, f/w: connection tracking enabled and stateful firewall rules.

In addition, I ran the above four tests with the RB1100 configured as a OpenVPN server:

/interface ovpn-server serverset auth=sha1,md5 certificate=cert1 \
cipher=blowfish128,aes128,aes192,aes256                          \
default-profile=your_profile enabled=yes                         \
keepalive-timeout=disabled mac-address=FE:50:A7:D5:FE:B7         \
max-mtu=1500 mode=ip netmask=24 port=1194                        \
require-client-certificate=no

One of the PCs was connected to the RB1100 as a VPN client pushing traffic to the other server on a non-VPN connect with all traffic routed through the RB1100. I also did a baseline test by running the VPN server with the same encryption on one of the PCs with a direct connect to the other and then pushing traffic over the VPN link.

Results:

The results can be seen in the following graph:

Without connection tracking and firewall, full line rate is achievable for packet sizes of 256bytes and higher – all in all, an excellent result. That said, no connection tracking and no firewall would be an unusual configuration and with these, the box maxes out at around 525Mbps – still an excellent result for less than €400.

The VPN tests yielded:

VPN throughput primarily relies on CPU horse power and the PCs used for the Direct Connection baseline test are pretty modern.

ViMbAdmin – We Have a Logo!

As an example of open source in action, we had a note on our Google Code page for ViMbAdmin with a wanted section asking for a logo. Yesterday morning I received a mail from Robert Bell, self professed Head Nerd of Limeworks Australia offering some of his designers time to create one.

24 hours later, we proudly present the new face of ViMbAdmin:

ViMbAdmin Logo

With a cool new logo, we decided we needed to overhaul the login page. You can see the new face of ViMbAdmin at our updated live public demonstration page: http://www.opensolutions.ie/vimbadmin/. This has also been incorporated in a new release version, 0.2.4, which can be downloaded from here.

A sincere thanks to Robert Bell and his team Limeworks Australia for the logo.

 

World IPv6 Day – Do Something – Anything!

June 8th, 2011 is World IPv6 Day and on that day, Google, Facebook, Yahoo!, Akamai and Limelight Networkswill be amongst some of the major organisations that will offer their content over IPv6 for a 24-hour “test flight”.

I’m trying to push June 8th as a ‘flag day’ for smaller companies to get something – anything – done with IPv6. Enabling AAAA on their websites (and leaving it on) would be super. Some other suggestions I have:

  1. Register on IPv6Ready.ie and add the badge to your site. Even if it’s Pending IPv6, the whole point of the project is to nudge the level of awareness up a notch and we need badges on sites for that.
  2. If you haven’t even used IPv6 before, get a SixXS tunnel and be sure to choose either HEAnet, Airwire or Digiweb as your tunnel broker. All are members of INEX with good IPv6 connectivity so you’ll see low latency with good connectivity on these.
  3. If you want to get IPv6 on your LAN and your ISP won’t provide it, then (a) bug them some more; and (b) as a intermediate measure, also get a subnet from SixXS for your LAN.
  4. Dual stack your mail server and add a AAAA record to your MX hosts. This is a really simple and painless first step as SMTP is such a resilient protocol, if the mail cannot be delivered over v6, it’ll fall back to v4. Postfix, Sendmail and others have been IPv6 capable for years.
  5. Dual stack your DNS server. Like Postfix / Sendmail, Bind has been IPv6 capable for years. Get it listening on v6 and then add AAAA records to at least one of them.
  6. Hurricane Electric have a very useful IPv6 Certification program (see it at http://ipv6.he.net/certification/) which certifies an individuals ability. It’s a free process and what’s great about it is that, even if not interested in the cert, working through the process gets you configuring IPv6 on your web server, email server and DNS.
  7. Always look for IPv6 when choosing an ISP, a hosting provider, equipment vendors, and SaaS. Even if not a deciding factor, ask for IPv6 support to keep nudging it up the list of priorities for service providers.
  8. Register and display a badge from www.ipv6ready.ie. Did I say that already?

 

We’re IPv6 Ready! Are you?

IPv6 ReadyOver in INEX, we just launched a new initiative to promote and increase awareness of IPv6 among content owners and businesses generating revenue from an online presence.

This project is called IPv6 Ready and it is essential a certification program for websites that are IPv6 ready to one of two standards:

Gold: The website has a AAAA (IPv6) DNS record; and

Platinum: At least one of the websites DNS name servers is additionally IPv6 enabled.

IPv6 PendingFor those websites that are not IPv6 enabled (and in many cases this is dependent on a third party hosting company), we also have a very cool IPv6 Pending badge which you can use to let your customers know that you are IPv6 aware.

The badges shown here are the large versions but we also have an extra large, medium and small so you’ll find an appropriate one for your site.

How do you get your badges? Easy, just head over to IPv6Ready.ie and register your site. Once you complete the simple process, you’ll be emailed all four personalised badges!

Help us make this a success! Please repost, blog, tweet and spread the word any way you can to help us raise awareness and push IPv6 forward – even just a little. If nothing else, please register and display a badge! You’ll also get a link such as this to your own certificate!

We’re IPv6 Ready! Are you?

IPv6 ReadyOpen Solutions has been certified by INEX to their Platinum standard. This means both our website and our DNS name servers are IPv6 enabled.

We should of course disclose that not only do we contract services to INEX, we also developed the website and web application that powers IPv6Ready.ie!

It is vital that content owners and businesses that generate even a small proportion of their revenue through an online presence become IPv6 Ready.

To this end, IPv6 Ready is an initiative by INEX to promote the uptake of IPv6 in the Internet and broader business communities. While IPv6 has been available and in active use for over 10 years, its take up has been stunted by the continued, but increasingly limited, availability of IPv4 address space. INEX, with the IPv6 Ready initiative is encouraging businesses to delay no longer and invest in IPv6 to ensure the future of their Internet related activity.

Even if you’re not IPv6 Ready just yet, you can still make your users and customers aware that you realise the importance of this by displaying the IPv6 Pending badge which you receive by signing up at IPv6Ready.ie.

Test your site now: www.ipv6ready.ie.

Open Solutions has been a part of INEX’s operations team since April 2008, working with the expanding number of INEX Members and ensuring the smooth running of the exchange. We assist with the administration of the switching frabic, provide member support, and develop INEX’s provisioning and management systems.

IPv6 Ready is a PHP application using our standard application framework of Zend, Doctrine ORM and Smarty running on a FAMP stack.

Introducing ViMbAdmin – Virtual Mailbox Administration

About two weeks ago, my company released an internal software project, ViMbAdmin, as open source under a GPL3 license. So far the reception has been great for a project we just put out there. We have over ten third party installs and are getting good feedback and activity on the Google Code platform where we host it.

ViMbAdmin (pronounced vim-be-admin) is essentially a modern replacement for PostfixAdmin – a web based interface which will allow you to manage virtual mailboxes, virtual domains and aliases.

We have a live demo which you can access here. You can also browse screenshots by clicking the image on this page.

ViMbAdmin was written in PHP using our own web application framework which includes the Zend Framework, the Doctrine ORM and the Smarty templating system with JQuery on the frontend.

The decision to use Smarty, Doctrine and Zend unfortunately adds a bit of overhead for someone installing the product as they will also need to locate these third party libraries. Fortunately:

  • many distributions include all three as packages now;
  • if you take the svn install option then they will be also installed from external svn sources.

ViMbAdmin can work as a slot in replacement for Postfix Admin with a few MySQL ALTER statements.

Features

  • Super admin(s) user level with full access;
  • Admin(s) user level with access only to assigned domains and their mailboxes and aliases;
  • Super admins can create and modify super admins and admins;
  • JQuery Datatable throughout for quick in browser searching and pagination;
  • Create, modify and purge domains including limited the number of mailboxes and aliases a non-super admin can create per-domain;
  • Activate / deactivate admins, domains, mailboxes and aliases at the click of a button;
  • Full logging;
  • Facility for users (mailbox owners) to change their password;
  • Forgotten Password / Password Reset function for admins;
  • Very configurable including:
    • set default values for quotas, number of mailboxes and aliases for domain creation;
    • templated welcome and settings email for users;
    • either plain or MD5 mailbox password support.

We hope it’s of use to you!

Using Doctrine ORM with Zend Application

We’ve just published the first in a serious of hidden treasures articles from our ViMbAdmin application over on the company blog:

In this first of a serious of articles where we delve into some of the hidden treasures in our ViMbAdmin application, we look at how to integrate Doctrine ORM with Zend – and specifically Zend_Application and Zend_Controller.

As all the code is available with the GPL license online, I didn’t over explain the set-up but I’d love some feedback on whether I’ve been too obscure for the article to be useful at all.

Using Doctrine ORM with Zend Application

In this first of a serious of articles where we delve into some of the hidden treasures in our ViMbAdmin application, we look at how to integrate Doctrine ORM with Zend – and specifically Zend_Application and Zend_Controller.

In this article we delve into our ViMbAdmin application and we look at how to integrate Doctrine ORM with Zend – and specifically Zend_Application and Zend_Controller.

The first assumption (and requirement) we are going to make is that you are using Zend_Application. If you want to see a working application set up and configured for this, please checkout or browse our ViMbAdmin source code – which we’ll reference throughout this document.

Zend Application has a resource framework which allows us to bootstrap various resources on demand. We have created a Doctrine resource for this very purpose which you can download from here (and you may need to edit the class name and change the plugin path in the config code below to match your setup). Our implementation does many things:

  • instantiates the Doctrine object;
  • sets up an autoloader for Doctrine models;
  • instantiates the Doctrine manager;
  • opens the connection to the database;
  • sets all collations and character sets to UTF8 (this is hard coded but can easily be changed);
  • sets various hard coded Doctrine attributes which can also be changed.

We the add various configuration parameters to the application.ini file:

 

Or the following where $application is the instance of Zend_Application:

$application->getBootstrap()->bootstrap( 'doctrine' );

From that, you can use Doctrine to your hearts content!

We also have a Doctrine CLI script which works from the same resource. See:

http://code.google.com/p/vimbadmin/source/browse/trunk/bin/doctrine-cli.php

 

Introducing ViMbAdmin – Virtual Mailbox Administration

Open Solutions are pleased to announce the immediate availability of our latest free and open source web application, ViMbAdmin, a web based interface which will allow you to manage mailboxes, virtual domains and aliases.

Open Solutions are pleased to announce the immediate availability of our latest free and open source web application, ViMbAdmin (vim-be-admin). ViMbAdmin is a web based interface which will allow you to manage mailboxes, virtual domains and aliases.

ViMbAdmin is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3, or (at your option) any later version.

ViMbAdmin was entirely funded by Open Solutions and developed by our staff. If you find this application of value, please consider making a donation to our chosen charity.

Do you want to see it in action? We have a live demo which you can access here. You can also browse screenshots by clicking the image on this page.

ViMbAdmin was written in PHP using our own web application framework which includes the Zend Framework, the Doctrine ORM and the Smarty templating system with JQuery on the frontend.

ViMbAdmin is hosted on its own Google Code project page where you can find documentation, browse the source code and access our Subversion repository. We have set up a Google Groups discussion group and you can read our ViMbAdmin blog posts.

ViMbAdmin can work as a slot in replacement for Postfix Admin with a few MySQL ALTER statements.

Features

  • Super admin(s) user level with full access;
  • Admin(s) user level with access only to assigned domains and their mailboxes and aliases;
  • Super admins can create and modify super admins and admins;
  • JQuery Datatable throughout for quick in browser searching and pagination;
  • Create, modify and purge domains including limited the number of mailboxes and aliases a non-super admin can create per-domain;
  • Activate / deactivate admins, domains, mailboxes and aliases at the click of a button;
  • Full logging;
  • Facility for users (mailbox owners) to change their password;
  • Forgotten Password / Password Reset function for admins;
  • Very configurable including:
    • set default values for quotas, number of mailboxes and aliases for domain creation;
    • templated welcome and settings email for users;
    • either plain or MD5 mailbox password support;

 

Querying for DNS Glue Records (using dig)

On a project I’m working on, I need to establish if a domain has IPv6 glue records or not. If I had to do it on a once off, a whois lookup would answer that nicely:

$ /usr/bin/whois opensolutions.ie
<snip>
nserver:     dns1.dns.opensolutions.ie 87.232.1.40 2a01:268:4::40
nserver:     dns2.dns.opensolutions.ie 87.232.1.41 2a01:268:4::41
nserver:     dns3.dns.opensolutions.ie 87.232.16.61 2a01:268:3002::61

However, in this case, I will need to do it many times on many domains and do not need to have to worry about whois servers limiting the queries or parsing the output from different whois servers.

After some digging, it looks like the nameservers of TLDs return glue records in the additional section. Let’s look by example on opensolutions.ie. First, find the TLD servers for .ie:

$ dig NS ie
<snip>
;; ANSWER SECTION:
ie.                     172800  IN      NS      gns1.domainregistry.ie.
ie.                     172800  IN      NS      uucp-gw-1.pa.dec.com.
ie.                     172800  IN      NS      uucp-gw-2.pa.dec.com.
ie.                     172800  IN      NS      ns3.ns.esat.net.
ie.                     172800  IN      NS      banba.domainregistry.ie.
ie.                     172800  IN      NS      ice.netsource.ie.
ie.                     172800  IN      NS      gns2.domainregistry.ie.
ie.                     172800  IN      NS      ns-ie.nic.fr.
ie.                     172800  IN      NS      b.iedr.ie.

Now query one of these for the nameservers for opensolutions.ie:

$ dig NS opensolutions.ie @banba.domainregistry.ie.
<snip>
;; AUTHORITY SECTION:
opensolutions.ie.       172800  IN      NS      dns3.dns.opensolutions.ie.
opensolutions.ie.       172800  IN      NS      dns2.dns.opensolutions.ie.
opensolutions.ie.       172800  IN      NS      dns1.dns.opensolutions.ie.

;; ADDITIONAL SECTION:
dns1.dns.opensolutions.ie. 172800 IN    A       87.232.1.40
dns1.dns.opensolutions.ie. 172800 IN    AAAA    2a01:268:4::40
dns2.dns.opensolutions.ie. 172800 IN    A       87.232.1.41
dns2.dns.opensolutions.ie. 172800 IN    AAAA    2a01:268:4::41
dns3.dns.opensolutions.ie. 172800 IN    A       87.232.16.61
dns3.dns.opensolutions.ie. 172800 IN    AAAA    2a01:268:3002::61

As you can see, the authority section contains the nameservers for opensolutions.ie which are all on the opensolutions.ie domain. We then find the glue records for these nameservers in the additional section.