The Adventures of Rich and Vince

Characters courtesy of SP Studio

Net-SNMP on Windows with SSL

Recently, I found my older Windows version (5.2.2) of the Net-SNMP tools didn't have support for AES privacy protocol for SNMPv3 when I tried to use it. I grabbed the latest pre-compiled Windows binaries (5.6.1.1) from the site and found they didn't have AES support either. After some reading, I found I needed OpenSSL DLLs and old ones at that - version 0.98. This wasn't going to work; I was going to need to compile this myself.

I tried with MinGW included with Strawberry Perl, but 'gmake.exe' kept giving errors. Now I needed Microsoft Visual Studio Community and some help.

Run MAD - one month to go ...

According to the following tweet, on or about 20 July, 2016, I began my run-a-mile-everyday thing with the hashtag #RunMAD - as in - Run Mile-a-Day.

365
∑ (run)^1
t=1
#RunMAD

— Vince (@VinsWorldcom) July 21, 2016

The goal was simple, run at least 1 mile every day for at least 1 year. Some rules:

1. Run at least 1 contiguous non-stop mile every day
2. A day is between 12:00:00a and 11:59:59p
3. No "saving" miles (i.e., 2 miles today doesn't mean 0 miles tomorrow)
4. Do this for at least 1 year from the start date

Unfortunately, I don't quite remember the official "start date" - if I tweeted the day I started or if I made sure I'd stuck with it for at least 1 week or so before posting so boldly. In any case, after 11 or so months with 1 or so left to go, I'm planning on extending to at least Labor Day, 2017 to make sure I've completed a full year. I've done this everyday so far, whats a few more ... ?

Digital Disruption in Service Providers

Every industry can be digitally disrupted - even those that claim to provide the very digital transformation enterprises so desperately seek.

The true benefit of software-defined networking is not separation of control plane and data plane - that doesn't work at scale. It's not easier centralized control and the end of command line with more fancy acronyms like YANG, XML-RPC and REST APIs. The "revolutionary" idea is the separation of the network layer into physical connectivity and logical connectivity. I quote "revolutionary" as tongue-in-cheek - the OSI model always had a separate physical layer and network layer, but in the long move from circuits to fully-managed, bundled MPLS, we seem to have forgotten that.

DNS PII UH-OH

A seemingly normal DNS packet:

ETH: dst:98:76:54:32:10:ab  src:ab:cd:ef:12:34:56  type:0x0800
IPv4: version:4  hlen:5  tos:0x00  length:190  id:44821
IPv4: flags:0x00  offset:0  ttl:128  protocol:0x11  checksum:0xb060
IPv4: src:8.8.8.8  dst:192.168.10.1
UDP: src:53  dst:13245  length:170  checksum:0x8756
DNS: id:21817  qr:1  opcode:0  flags:0x18  rcode:0
DNS: qdCount:1  anCount:4
DNS: nsCount:0  arCount:0
DNS::Question: name:www.www.com
DNS::Question: type:1  class:1
DNS::RR: name:www.www.com
DNS::RR: type:5  class:1  ttl:64  rdlength:16
DNS::RR::CNAME: cname:www.Johnny.com
DNS::RR: name:www.www.com
DNS::RR: type:5  class:1  ttl:64  rdlength:17
DNS::RR::CNAME: cname:www.Fingers.com
DNS::RR: name:www.www.com
DNS::RR: type:1  class:1  ttl:64  rdlength:4
DNS::RR::A: address:25.7.42.197
DNS::RR: name:www.www.com
DNS::RR: type:1  class:1  ttl:64  rdlength:4
DNS::RR::A: address:73.156.82.200

But upon some decoding ...

Net::SSH2 Upgrade Access to Cisco

I upgraded my Strawberry Perl to 5.24 and my GNS3 test lab for SSH access via CRAPPS suddenly didn't work.

Knowing the Perl version changed, I checked and the Net::SSH2 version changed (0.58 to 0.63). Troubleshooting was pretty easy - just a quick Perl script to open a connection and die on failure with error:

#!perl
use strict;
use warnings;
use Net::SSH2;

my $ssh2 = Net::SSH2->new();
$ssh2->connect('10.254.254.1') or $ssh2->die_with_error;
print "Success\n";

The error was: Unable to exchange encryption keys (-8 LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE). OK, so I said troubleshooting was easy ... the solution ... maybe not so much?