You are here: Home / 2012 / Archives for February 2012
February 13, 2012 By

Trains

© CBS

My brain has become kind of an amorphous blob of mush recently and I though I needed to change things up a bit. Apparently I’m not one of those people who can productively code for 10+ hours a day. (What did you think I did after work?) Anyway, I wanted to get back to my roots as a network admin and do something different so I decided to pick up a few inexpensive MicroTik routers and learn some advanced routing.

Anyway, while waiting for the gear to arrive I decided to watch this excellent training video and then decided I needed to design a “network” to route. The network I designed loosely resembles a real datacenter style network but much smaller. In fact, small enough to fit on my desk. Like a miniature train set.

Anyway, here’s the plan. I’m going to configure the routers first and then I’m going to try and get them to distribute their routes via RIP, then OSPF, then BGP. I’ll try configuring some HA stuff and testing what happens in various situations and maybe later on even play with VRRP. Here’s a diagram of the network topology I’m going to use first.

You might think it odd that I decided to handle all of my “peering” on a switch instead of with routers, but really this is pretty common. Since all those routers are “ISP” routers, they can be trusted to some degree so the additional flexibility and performance of using a switch should be nice. For example, to upgrade the TRANSIT router or to increase capacity, another one can simply be added to the switch and the full bandwidth becomes available to the mesh. Also, it allows me to plug one cable into my computer and run WinBox to manage all these things via MAC ;-)

Oh, and the 192.168.x.x addresses are “customer” addresses. That’s just so I’ll have something to ping and traceroute to.

 

Filed Under: Fun, Projects
February 11, 2012 By

DNSWash Is Alive

Well, the brochure-ware part anyway. I wrote up some initial policies last night, sketched the UI for the community portion and have started coding up the database. Anyway, further updates and lots of policy information can be found over on the new website:

http://www.dnswasher.org

Filed Under: Development, Projects
February 11, 2012 By

The Project – DNSWash

I saw the news, OpenDNS is rightfully going to start charging for their service for businesses. Unfortunately, this puts a lot of people in a bit of a pickle because their pricing isn’t very transparent, and most people haven’t budgeted for the change – and we just started a new year so budgets don’t get re-done for a while.

Well, I got to thinking about it and decided “It can’t be that hard to implement DNS filtering, surely I could write a little filtering DNS server and hook it up to a blacklist and that should get people through for a while.” And surely enough, in about 20 lines of Ruby and about 15 minutes I had a fully functional recursive resolver with caching and filtering built right in.

My project for the weekend is going to be to write a web app to manage various filter lists and expose a basic HTTP API so that I can release the whole thing as a working proof of concept and get some feedback. I expect the way I’m going to implement this performance won’t be that good but it should be totally usable by the end of the week. The reason I chose this option is because I can throw a basic web app up on Heroku for free and that will mean the whole project can operate indefinitely at no ongoing cost to me.

But, what I really want isn’t a set of programs that work together to handle this simple task. Ultimately, I’d like to have a great database of community maintained and owned domain categorizations with real process and policy behind its maintenance. Once the database is mature enough for production usage I think the best way to share it would be using BIND RPZs per category and probably also dnsbl style.

Anyway, I’m going to put together a website for the project and start thinking about policies before I write the actual database app.

Filed Under: Development, Projects