Monday, June 25, 2012

ARP Cache size and interval configuration


It is possible to increase the size of engine’s ARP cache by changing values of /proc/sys/net/ipv4/neigh/default/gc_thresh3 (The hard maximum number of entries to keep in the ARP cache. Defaults to 1024.) and /proc/sys/net/ipv4/neigh/default/gc_thresh2 (The soft maximum number of entries to keep in the ARP cache. Defaults to 512.)

To change the timeout value of the entries, you need to modify the gc_interval file, indicating the timeout value in seconds. For other kernal variables checkout the man page of arp (http://www.kernel.org/doc/man-pages/online/pages/man7/arp.7.html).
Not sure how to make the changes permanent in ubuntu, but in the reference, the following is stated.
The changes should be made to /data/run-at-boot  file in order for changes to survive boot. The run-at-boot file must be created with execute permission for root.
Add the following lines to /data/run-at-boot file in all of the engines of the cluster:
#!/bin/sh
echo 8192 >/proc/sys/net/ipv4/neigh/default/gc_thresh3
echo 4096 >/proc/sys/net/ipv4/neigh/default/gc_thresh2
The change activates after boot or by executing the run-at-boot script. The change should be activated as simultaneously as possible in all the nodes of the cluster, so that the functioning of the nodes in the cluster would be same all the time.


References:
1. http://stoneblog.stonesoft.com/2009/02/arp-cache-overflow/
2. http://www.ibm.com/developerworks/opensource/library/os-iptables/index.html
Posted by at 0 comments
Labels: , , , , , , ,

Sunday, June 24, 2012

Floodlight installation on a machine within proxy.

When installing Floodlight openflow controller on a corporate machine behind corporate proxy, you might face some connection timed out errors and dependency errors. Some of the errors are:
[exec] [artifact:dependencies] Downloading: org/slf4j/slf4j-api/1.5.8/slf4j-api-1.5.8.pom from repository central at http://repo1.maven.org/maven2
[exec] [artifact:dependencies] Error transferring file: Connection timed out
.....
[exec] [artifact:dependencies] [WARNING] Unable to get resource 'org.slf4j:slf4j-api:pom:1.5.8' from repository central (http://repo1.maven.org/maven2): Error transferring file: Connection timed out
[exec] [artifact:dependencies] Downloading: commons-lang/commons-lang/2.5/commons-lang-2.5.pom from repository central at http://repo1.maven.org/maven2
[exec] [artifact:dependencies] Error transferring file: Connection timed out
.....
[exec] BUILD FAILED
.....
This happens after you download Floodlight through the proxy and are trying to install. Floodlight uses ant and maven packages, so appropriate changes need to be made for each to use the system proxy. The setting of environment variables http_proxy and https_proxy is not sufficient.

For ANT:
To compile floodlight using "ant eclipse" or "ant", setup proxy using:
export ANT_OPTS="-Dhttp.proxyHost=proxyname/ip -Dhttp.proxyPort=3128"

For Maven:
add ~/.m2/settings.xml with following content:
<settings>
  <proxies>
   <proxy>
      <active>true</active>
      <protocol>http</protocol>
      <host>proxy</host>
      <port>3128</port>
      <username>proxyuser</username>
    </proxy>
  </proxies>
</settings>
Posted by at 0 comments
Labels: , , , , , ,

Using GIT from inside corporate proxy

Shamelessly lifted from the below reference.

Many corporate firewalls prevent git from using its efficient binary protocol by blocking outbound network connections. Sometimes, you are lucky and are trying to clone a repository that is hosted on a site like github which exports their repositories over HTTP, which would enable you to get through the firewall using the http_proxy environment variable. However, you are usually not that lucky and are only given a git:// URL to clone from.

Fortunately, most corporate firewalls allow for tunneling connections through their HTTP proxies, using HTTP CONNECT. This is normally used for allowing browser to connect to secure websites (using SSL over port 443), but if you are lucky, you can have your firewall administrator configure the proxy to also allow CONNECT for port 9418, which is the port used by git.

Once they have appropriately configured the proxy, you should then be able to use tools like netcat-openbsd or socat to connect through as follows…

STEP-1: Install `socat`. For example, on Debian/Ubuntu, just 'sudo apt-get install socat'.

STEP-2: Create a script called `gitproxy` in your bin directory; 
#!/bin/sh
# Use socat to proxy git through an HTTP CONNECT firewall.
# Useful if you are trying to clone git:// from inside a company.
# Requires that the proxy allows CONNECT to port 9418.
#
# Save this file as gitproxy somewhere in your path (e.g., ~/bin) and then run
#   chmod +x gitproxy
#   git config --global core.gitproxy gitproxy
#
# More details at http://tinyurl.com/8xvpny

# Configuration. Common proxy ports are 3128, 8123, 8000.
_proxy=proxy.yourcompany.com
_proxyport=3128

exec socat STDIO PROXY:$_proxy:$1:$2,proxyport=$_proxyport

You will need to replace proxy.yourcompany.com with the name of your proxy host and the port with the port used by the proxy (common ports include 3128, 8123 and 8000).

 STEP-3: Configure `git` to use it: 
 git config --global core.gitproxy gitproxy

References:
http://www.emilsit.net/blog/archives/how-to-use-the-git-protocol-through-a-http-connect-proxy/

Posted by at 0 comments
Labels: ,

apt doesnt work with system proxy


System proxy details are generally indicated in the environment variables "http_proxy" and "https_proxy". They can be set by applying System Wide Proxy in the GUI.

They can be set from shell or terminal using: 
export http_proxy="http://proxy:port"
export https_proxy="https://proxy:port"

You can check using: 
echo $http_proxy
echo $https_proxy

Sometimes apt-get doesn't not take in the system proxy information.
Check the file /etc/apt/apt.conf for proxy details. Sometimes, you might need to check /etc/apt/apt.conf.d and a separate proxy file. The proxy entries should be as below: 

Acquire::http::proxy "http://proxy:port/";
Acquire::ftp::proxy "ftp://proxy:port/";
Acquire::https::proxy "https://proxy:port/";

You might need to add username and password information, as below: 
Acquire::http::proxy "http://<username>:<password>@<proxy>:<port>/";
Acquire::ftp::proxy "ftp://<username>:<password>@<proxy>:<port>/";
Acquire::https::proxy "https://<username>:<password>@<proxy>:<port>/";

Save the file once you make the changes.

TIP: Add these lines in another file, /etc/apt/apt.conf.d/80proxy. This will ensure that after a version upgrade changes won't be lost.

References:
http://askubuntu.com/questions/89437/how-to-install-packages-with-apt-get-on-a-system-connected-via-proxy
Posted by at 0 comments
Labels: , ,

Fedora - Ubuntu differences


When working with fedora16, I noticed there were significant differences in the commands used by Fedora and Ubuntu. In most cases, the trick lies in identifying the command equivalents between the two distributions. 
Fedora mostly uses "yum" and Ubuntu generally uses "apt-get".


gcc, g++ compilers, some other generic packages and utilities

In Ubuntu, we use build-essential.  

sudo apt-get install build-essential

Its equivalent in fedora with yum is

su
yum groupinstall "Development Tools"
yum install kernel-devel kernel-headers

References:
http://forums.fedoraforum.org/showthread.php?t=198819
http://blog.htbaa.com/news/yum-equivalent-for-apts-build-essential
Posted by at 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)