If your familiar with F5 you understand the need for a quick and dirty virtual lab on your lap top. From testing code upgrades to writing and testing iRules you'll quickly learn how important a lab is.
To get started your going to need a few pieces that will make up your virtual lab. Most of the following will work on a Mac or PC, but I am running a mac, so i apologize in advance if some of the configuration is different.
Software needed:
- F5 LTM Software: virtual lab edition is $99 you can also ask your F5 sales team for a trial lisc.
- Hypervisor: I am using VMWare Fusion
- Virtual Router: Vyatta (Brocade bought them but you can still find the open project iso.)
- Servers: Use what you feel comfortable with.
Step 1) Install Virtual Software (VMWare)
Step 2) Go to Preferences > Network and create several virtual machine networks. These vm networks will work like VLANs and you will assign virtual nics for devices that will operate in those networks.
Step 3) Install and configure your F5 Virtual Lab software. You will want to configure at least three network connections, one for management, server side and client side. Make sure you make the gateway IP the IP address you will assign the interface on the Vyatta router.
Step 4) Install and configure your Vyatta virtual router. This will allow your PC to communicate with all of the networks as well as bridge the server network to the internet for updates and package installs. Here is a great guide I found for vyatta commands.
Step 5) Install and configure your servers configuring their nice to participate in the server VLAN.
Step 6) Build a Virtual server on the F5 using an IP address on the client network, and your pool member that exists in the server network.
You should be up and running and able to play with the F5.
So everyone's heard of Amateur Radio, but certified Amateur radio operators are becoming a rarity. It's not hard to speculate why Amateur radio is disappearing, just go to a restaurant or visit the mall you'll see every other person focused on their cell phone.
Even though our nation's cellular networks are growing and becoming more robust, Amateur radio operators still provide an important public service. The largest disaster response by U.S. amateur radio operators was during Hurricane Katrina. More than a thousand ham operators from all over the U.S. converged on the Gulf Coast in an effort to provide emergency communications assistance. Subsequent Congressional hearings highlighted the Amateur Radio response as one of the few examples of what went right in the disaster relief effort.
A good way to be introduced to Amateur radio is to attend a local Amateur radio group event. I have included a link to help find your local group.
- http://www.arrl.org/find-a-club Link to the National Association for Amateur Radio club search.
The next step is to get certified. Many local chapters provide Amateur radio certification tests. Also this year at Defcon they will be offering the exams right at the convention.
- http://www.arrl.org/find-an-amateur-radio-license-exam-session Link to the National Association for Amateur Radio exam search.
The Defcon guys provided a terrific study resource to help you with the exam.
- https://hamstudy.org Free tools to help you study for the Ham Radio license.
Finally you'll need a radio. For my first radio I decided to play it safe and bought a low-priced hand held to get a feel for ham radio. Here it is:
, - Frequency Range: 136-174 / 400-480MHz; 25KHz/12.5KHz Switchable
- 128 Channels 50 CTCSS and 104 CDCSS; Channel Step: 2.5/5/6.25/10/12.5/25KHz
- Dual-Band Display, Dual Frequency Display, Dual-Standby; A/B band independent operation
- Comes with all necessary accessories, backed up by 12 Months Seller Warranty
I have searched high and low for a decent low-priced alternative for Visio on the Mac, and I think I have finally found one.
yEd Graph Editor is a powerful desktop application that can be used to quickly and effectively generate high-quality diagrams. Create diagrams manually, or import your external data for analysis. Thier automatic layout algorithms arrange even large data sets with just the press of a button.
The install is strait forward and works great, but us network guys want cisco icons. The network icons that come with are a little weak. So I found a German website that had the Cisco default icons as .svg files. Here is the link to the download cisco_svg_icons.
Next how to install the icons.
Let me know if you have any better alternatives.
yEd Graph Editor is a powerful desktop application that can be used to quickly and effectively generate high-quality diagrams. Create diagrams manually, or import your external data for analysis. Thier automatic layout algorithms arrange even large data sets with just the press of a button.
The install is strait forward and works great, but us network guys want cisco icons. The network icons that come with are a little weak. So I found a German website that had the Cisco default icons as .svg files. Here is the link to the download cisco_svg_icons.
Next how to install the icons.
- Open yEd Editor Go to Edit --> Pallte Manager
- Create a new Click New Section (name it)
- Highlight newly created Section and click import symbols
- Select .svg symbols and import them.
Let me know if you have any better alternatives.
Version 2 GeoIP and Network whitelisting iRule.
Implementing version 1 of the iRule has highlighted a few short comings. In version 2 I have added a stop gap measures to manually add IP space to an additional data group. This allows time for F5's Geo-IP database update process and your companies change managment.
Prior to the deployment of version 1 we identified issues with RFC1918 IP space. Because private IP space is not defined in the Geo-IP database the version 1 irule blocked server to virtual server communication if sourced from a private IP.
The second short coming is frequency of Geo-IP database updates. F5 is timely with their Geo-IP database updates, but unless your running their Application Firewall Module updating is still a manual process. IP space is being reallocated on a daily basis which means you will always be playing catchup. This is why I added the manual network data group. This group can be used as a stop gap as well as letting you add any private IP space you may want to add.
Here is the rule:
# Geo-IP_Network_Whitelist_acl_rule#
# v2.0 - May 9 2014
#
# BIG-IP versions 11.x (tested on 11.3.8)
#
# Purpose:
# This rule should be added to a network virtual server to catch all requests
# which don't match an allowed GeoIP country code or IP network/host. This
# creates a white list of networks and hosts that are allowed to connect to
# the virtual server. By default, log entries are written to /var/log/ltm.
#
# The rule expects the following two data groups to define which allowed country
# codes (example: ca, us), or defined allowed networks (example: 10.0.0.0/8)
# are allowed to connect to the virtual server.
#
# Clients that match on either the Network or GeoIP data group will be allowed
# to connect to the default pool. Clients that do not match will be rejected and
# see a web page not available.
#
# The data group names should be:
#
# geo_allowed_country (string Data Group List)
# geo_allowed_network (network Data Group List)
#
#
#
#
# This event is triggered when a client - BIG-IP TCP connection is established
when CLIENT_ACCEPTED {
if { [class match [whereis [IP::client_addr] country] equals geo_allowed_country] } {
# do nothing
log local0. "Geo-IP Code accepted from client: \
[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
} elseif { [class match [IP::client_addr] equals geo_allowed_network] } {
# do nothing
log local0. "Network accepted from client: \
[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
} else {
reject
log local0. "Client request rejected: \
[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
}
}
Enjoy!