RB2011LS-IN

This is the first routerboard that has fiber ports. These are going to make cool little POP routers or tower base routers. How interested are you guys in this RB? Who is dying to get one of these?
SEXTANTG

When you guys have some real world tests please send me some specs…something other than the test bench
I recently had a question about how to simulate the delay presented by a point to point circuit so someone could test their application going from one facility to access a SQL DB in a backup colo. I did a quick google and ended up with several great options.
Netem
One option I found, but didn’t test is Netem. This is a command line linux app that allows you to introduce delay, loss, duplication and re-ordering.
WANbridge
I then found WANbridge. I did test this one and it worked a treat. It is a bootable ISO based on Knoppix. It boots up and immedately bridges all interfaces together. Through it’s simple menu system I was simulating delay in less than 2 minutes. I also successfully tested bandwidth constraints. It also offers the ability to simulate loss. It has a great quick start guide that will have you up and working in no time fast.
Quick WANbridge video
WANem
Last I found WANem. This is similar to wanbridge in that it is built off of a bootable Knoppix ISO, but by default it is configured to route. I did find a quick CLI guide to setting it up for bridged, though.
Bridge setup
Edit /etc/network/interfaces and add the following lines:
1 2 3 4 5 6 7 8 | auto br0
iface br0 inet static
address 192.168.0.20
netmask 255.255.255.0
gateway 192.168.0.1
bridge_ports all
bridge_fd 0
bridge_stp off |
What you gain with WANem is features. First it has a web based GUI that will allow you to configure per interface configurations. This means that you can have different settings for incoming on one interface and outgoing on the other.
Options include bandwidth, delay, packet loss, duplication, packet reordering, corruption, random disconnects. All of these options can also have IP source/destination matchers.
Click image to enlarge.
Click image to enlarge.
My 3 year old wasn’t capable of actuating his can of processed cheese spread. What kind of parent would I be if he missed this piece of Americana?
Here’s a video of the Cheese Whizzer in action:
You guys jelly? I’ll make you one for $19.95 with free shipping.
I was just alerted to a winbox exploit that is affecting all MTK versions(Thanks Mike). Here are a few tips to protect yourself.
Add firewall rules to allow access to winbox only from management network.
You really should have your router locked down so management can only come from certain subnets anyway.
1 2 3 4 | /ip firewall filter
add action=drop chain=input comment=\
"Block access to winbox from anyone not on coming from management." \
disabled=no dst-port=8291 protocol=tcp src-address=!1.1.1.0/24 |
Add Portknock to access winbox
Allow access only via VPN
Change default winbox port
Go to IP Services and change the port from default. This isn’t a complete fix, but should help prevent port scanners from exploiting winbox.
When you want to winbox just add a colon and the new port number.

I just noticed that my good friend Justin Wilson will be doing a presentation about cookies at the MUM. I’m hoping for some oatmeal raisin or peanutbutter.
I’m going to be doing a presentation about Multihomed BGP…far less enticing than cookies…I wonder if he is giving away samples!?!?!
Since there will be several of us here and we obviously like to hear the sound of our own voices, perhaps we should put together some kind of round table discussion? I know we won’t be able to talk about new products coming out(we don’t know anymore than you do), but between us, we should have experience on just about any subject.
I don’t think MTK would officially sanction this(Normands correct me if I’m wrong), though I don’t know why they wouldn’t(other than you will likely leave dumber than when you arrived), so we would most likely have to do this some place other than the MUM. I’m thinking that if you buy the guys beers they will happily answer questions…the only payment I want is for you to tell me that I’m awesome and I look way better without hair and that you want to be just like me and that you are legally changing your name to Greg due to the epicness of the name, etc.
What say you guys?
What’s new in 5.16 (2012-May-09 17:23):
*) webfig – fixed problem when new item addition to status page in design skin mode
did not work;
*) add pw-type option for BGP VPLS;
*) fixed mac telnet – sometimes did not work if more than one mac level path
to destination;
*) user – fixed problem when adding new users from console it’s password was not set;
*) reset packet mark when encapsulating/decapsulating from eoip,ipip,gre,eoipv6,ipipv6,gre6 tunnels
Sounds like a good round of bug fixes.

I just noticed that the AU MUM is online, though there are no vendors listed yet. Other than Andrew “now I can dance” Cox, who of you are going? Does anyone from that side of the world even read this blog. Since you are in Australia on the opposite side of the world, does that mean all of this txet si sdrawkcab?










