URL > Average

Not too long ago, after reading yet another "the internet is dying! We're running out of address space and it's all coming by November 2010 according to Cisco!" I realized that, "hey waitaminute - that's just about two years from now. That's... soon."

So I setup IPv6 for the machines I own. I still depend on IPv4 simply due to IPv6 not being available... well, most anywhere. At least not natively.

A big part of the reason that we don't have IPv6 in more places is because... well, circular dependency here, but because it isn't around. I can't plug my laptop into any other ISP's line and use IPv6 natively, and even if I could, the chances of the average home grade router working with it is about two.

Out of thousands.

So to get around this, IPv6 in IPv4 tunnels are used. They do exactly what their name implies: tunnels IPv6 data within IPv4 packets. The downsides to IPv6 tunneling are latency/overhead and... your ability to keep your IP addresses. If you don't have native IPv6, then your current hosting provider or ISP won't be the one giving it to you - meaning you get to get the IPs from a third party company. When your hosting provider or ISP turns IPv6 on, what are the chances that you'll be able to reassign entire blocks of IPv6 address space? Probably not too great. If you've got Comcast as your home ISP, I don't think that your tunnel broker is going to happily move your address blocks over to Comcast's control - at all.

While the latter point is generally a deal breaker for a lot of people, in the long run, I don't care. IP address reassignment happens all the time. There's no rule stating that you must drop your tunnels once you get native IPv6, and there's no reason why it would be overly problematic or painful either. Simply bring up the native IPv6, change the DNS records, and drop your tunnels a few days later.

With this knowledge in hand, I went poking around the vast area known as the Internet and selected Hurricane Electric's IPv6 Tunnel Broker. What really sold me (for free, that is) on using HE for my tunnel was really twofold: one, their views on IPv6 (which boil down to "we'd really like to be in business when IPv4 is exhausted, so we're going to deploy native IPv6 everywhere, provide a tunnel broker for free for anyone and everyone, and we're going to do it three years before crunch time") and two, the fact that it was free.

In selecting HE, I also got full reverse DNS control, selection of the closest HE router to my server, full control of a /64 subnet and a /48 subnet (by request, which I requested), the possibility of adding three more /64 subnets and three more /48 subnets to my account, and full operating system support (with instructions for setup with  linux-net-tools, iproute2, *BSD, OSX, Solaris, Windows XP+, and Cisco).

Not bad for $0. I'm a happy customer (and a potential customer should I ever need colocation/dedicated servers).

I setup my account with HE, logged in, and was presented with simplistic instructions on how to setup my CentOS server.

ip tunnel add he-ipv6 mode sit remote 209.51.161.58 local 64.22.124.36 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:4:b2::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6

I created a new 'sit' tunnel named 'he-ipv6', with remote endpoint 209.51.161.58 - coming from 64.22.124.36 - and then turned the link up. Easy enough. Then I added my /64 allocation to the newly created tunnel, and pointed the default route through that tunnel.

Wait a minute. That's it? I'm IPv6 enabled already?

[kyle@averageurl ~]$ ping6 ipv6.google.com
PING ipv6.google.com(2001:4860:0:1001::68) 56 data bytes
64 bytes from 2001:4860:0:1001::68: icmp_seq=0 ttl=55 time=327 ms

Yup...

From there, I requested a /48 subnet so I could allocate a few full /64 subnets to my house (a /64 for my LAN, wifi, and secondary wifi), brought some more tunnels up, and then from my desktop...

kyle@ksb ~ $ ping6 ipv6.google.com
PING ipv6.google.com(2001:4860:0:2001::68) 56 data bytes
64 bytes from 2001:4860:0:2001::68: icmp_seq=1 ttl=54 time=325 ms

And now my desktop is IPv6 enabled. Go ahead, ping6 2001:470:d82b:ffff::2! You'll hit my home desktop. Then ping ::3 - my Vista box. Yup, that's right! My windows box is also on the IPv6 network. :fffe::2 would be my laptop on the wifi. The entire :fffd::0/64 subnet (and corresponding wifi AP) is unused currently, but perhaps once I decide to upgrade my router's software and play with wpa_supplicant that will change.


But why did I do this? What did I gain? Well, for starters, it was really fun to use HE's Looking Glass to run a traceroute to my desktop...

Tracing the route to IPv6 node 2001:470:d82b:ffff::2 from 1 to 30 hops

  1     2 ms   <1 ms   <1 ms 2001:470:0:32::2 
  2    76 ms   75 ms   75 ms 2001:470:0:35::2 
  3   103 ms  103 ms  103 ms 2001:470:0:4b::2 
  4   103 ms  103 ms  103 ms 2001:470:0:8c::2 
  5   148 ms  148 ms  148 ms 2001:470:4:b2::1 
  6   234 ms  236 ms  238 ms 2001:470:d82b:ffff::1 
  7   234 ms  233 ms  233 ms 2001:470:d82b:ffff::2

... while it sits behind my IPv4 NAT router. And then my Vista computer, and then my laptop connected to the wifi. Then I got to go take a look at The KAME project and check out the dancing turtle. It turns out that Google's IPv6 site also has an animated logo.

But in the end, I can now access all of my computers from behind NAT, without actually using any NAT - at all. I could drop the IPv4 addresses from some computers and still retain access to them, full access. This may prove to be both a blessing and a curse, but given time, we'll see..

(And yes, I know I shouldn't be using ::1 for my routers, that'll change soon enough.)

Clicking back over to my blog, I read some of the things that I had posted earlier. To be honest, reading those posts now scares me to a degree. Reading this, a year later, it is plainly obvious where I had no clue what so ever what I was talking about.

That's always a fun feeling. "Oh, hey, look at all of this stuff I wrote about a year and a half ago. It's... it is... so.. entirely wrong. And to think I took my time to write that, scanned it once for typos (missed many), and then attached my name to it by clicking the big 'Save' button."

I was sorely tempted to remove my existing content (content! ha!) and start over with this post, but that feeling quickly subsided when I remembered that no matter how hard I try, and no matter how little people may care, somewhere it was archived. Saved as organized bits on a disk somewhere in the world, indexed by multiple bots, and easily found by anyone looking for my name. Kinda creepy when you think about it.

The other reason that I quickly gave that up, is equally simple. Some of it, I actually like. I've outlined in the past in great detail things which I still believe, and a lot of my philosophies. Sure, the ratio of posts I like is still nearly three to one, but hey, I'll live with it.

After just over a year of not touching this blog, for reasons many, I think I'll be.. well, I don't want to say "back to blogging." There's too much cliche involved with that line. I can think of no quicker way to blog deletion than by announcing my triumphant return of posting random things that no one cares about on a website that no one subscribes to (let alone visits to post comments).

Except of course, for the bots (feed aggregators included).

But who knows what will happen!

Yup. I just said it: Windows is a perfect platform.

Obvious counter argument: go out there and search for "windows virus scanner" and check that out: 1.38 million results on Google. 53,000 if you include the quotes.

Either I'm wrong, or Google is lying to me. That's a lot of results for a virus scanner. "Windows virus" turns up 134 million. Clearly, Windows is anything but the perfect platform. My reasons as to why it is regarded as an imperfect, shoddy, spyware-ridden platform are very clearly written in a packet I got ahold of recently, concerning a website which is used extensively at work. The website in question will be launching with a new version soon, and to inform their customers of the upcoming changes and needed alterations to your OS (read: Windows and Internet Explorer) in order for this website to work.

Quoted directly from this thirty page packet: ... "you will need to download a new control from the [XX] site, this requires that you be administrator of your machines for that 1st export only. Unless it is a big company with an IT department, you are likely administrator already."

Let's put this in linux terms. "You are required to run as root in order to get this piece of software to work. You are already running as root, so don't worry about it."
The problem with Windows isn't Windows. The problem with Windows is the absurd number of poorly written software packages, all of which require administrator rights. This is a website, not a system reconfiguration utility. "I know! And, so, I only require administrator rights the first round!" One of these days, I'm going to go find out why it requires administrator rights at all.

This packet then proceeds to outline all of the needed steps to get this new website up and running on the individual computers. This process must be repeated for every user on every computer. For me, this means driving between three buildings, located in Sandy, Salt Lake, and Bountiful. For the curious, that's a half-hour drive. The total machine count is 37. Total miles driven will be just over 50. Time spent in transit will be roughly an hour and a half, all things considered. Once I hit the first building, however, the real work begins. This packet outlines that the following changes need to be made:

1. Adjust the settings of the popup blocker to whitelist said website.
2. Ensure that the cache settings are set to check for new versions of pages automatically (and then clean the cache out).
3. Add the website to the "Trusted Sites" security zone.
4. Adjust the security settings for the "Trusted Sites" zone to allow/do the following: Enable automatic prompting of ActiveX controls, enable binary and script behaviors, download signed ActiveX controls, download unsigned ActiveX controls, initialize and script ActiveX controls not marked as safe, run ActiveX controls and plugins, script ActiveX controls marked safe for scripting, enable automatic prompting for file downloads, enable file downloads, and enable font downloads. (These are the instructions for IE6. IE7 also includes enabling Loose XAML, XAML browser applications, XPS documents, allowing previously unused ActiveX controls to run without prompting, and oddly, disabling video and animation on a webpage that does not use them.)
5. Go ahead and re-read point number four there. I even put the relevant points in bold for you, so by all means, have at it.
6. Check the computer for any of the following toolbars, and if they are found, reconfigure them all individually to also allow popups from the website in question: Google, Yahoo, AOL, MSN, "or anything besides Standard Buttons, Address Bar or Links."
7. The remaining pages are dedicated to disabling or reconfiguring any other possible popup blockers.

It should be noted that not one of those steps included instructions that told me how to download and install said unsigned, marked not safe for scripting, "I need admin rights to continue" ActiveX control.

So, come the Monday morning that this launches, I get to drive around more than I care to, tweaking more settings that need tweaked, decreasing the default system security, installing ActiveX controls as administrator.

There is nothing wrong with Windows; there is everything wrong with the average software package (and/or website, as is this case). Because of this, Windows doesn't even have a fighting chance. If a website you loaded up suddenly popped up a box stating that it wanted your root password to continue, what would you do?

Why don't you do the same thing on Windows though?

Oh, right, the software requires it.

The operating system isn't broken, just all of the third-party software is.

You know that funky option in your computer's BIOS, "Network Boot Agent"? Okay, so it goes by a lot of names. "Networking Boot ROM," "Integrated NIC ROM," the list goes on. Maybe you've seen the "Press F12 to network boot option" around. You see this, your curiosity gets the best of you, so you hit F12. Suddenly your computer is scanning the ethernet subnet for a DHCP server and acquiring an IP address!

Only to go away really fast and continue booting up your computer without really telling you much. Awfully anti-climatic, if you ask me. I mean really, you add an option to your boot order, hit the button to make it go, and it starts doing all of these wonderful things only to promptly "stop" and advance in the boot order without telling you a thing.

Let's clear up the mysticism: what you (typically) just activated and attempted to use was this thing called PXE. PXE stands for "Preboot Execution Enviroment." Wikipedia has an awesome article (also available on the German Wikipedia) on the details of PXE, but I may be biased in thinking that because I assisted in it's writing. Admittedly, it has changed a fair amount over time, but the content of the article as a whole is still there. Now, come on, I know you're lazy and didn't read all of that artice. I'd even go as far as to say you didn't read any of it. So, if you're still wondering "What is this PXE thing?" I'll answer that here and now.

PXE is in it's most simple terms, a boot device. At least, that's what it appears to be to your BIOS. However, instead of spinning up your hard drive, it fires up the NIC in your computer and starts probing for DHCP (or BOOTP, but that won't be covered here. It's pretty much obselete). Then, once it has acquired an IP address with the needed DHCP options set, the PXE ROM goes about downloading and executing files off of a TFTP server.

So, what is PXE? A way to boot your computer without the need of a hard drive or any real physical storage medium. It's commonly known as netbooting. The process, as outlined above, is pretty simple. The NIC scans for a DHCP server, and then acquires an IP address. In it's brief exchange with the DHCP server, the client is sent several "DHCP Options" along with the IP address, one of which is commonly known as "filename." If the client does not find this option, it gives up and (typically) advances with the boot order. If it finds this option, however, it tries to download the specified file off of a TFTP server. An additional option which can be given is "next-server" which is the IP address of the TFTP server to contact in order to download "filename." If the "next-server" paramater is omitted, then it defaults to the same IP as the DHCP server, and likewise tries to download "filename" and in turn, execute the file it downloads.

That's it. That right there is the majority of what PXE "is" and how it works. Why did your computer acquire an IP address only to just continue on booting? Because you didn't have the needed DHCP options set. To be fair, the huge majority (99%) of all home routers lack the ability to configure the needed options, so it's likely you've never even heard of "DHCP Options." However, my personal feelings on how retarded home routers are do not belong here.

Let's move on to a "What is/isn't PXE" list real quick.

PXE is:

• A way of booting your computer without a hard drive or CD-ROM (or floppy, for you old people)
• Very useful - does not require physical storage in the computer to work
• Light - DHCP options and a TFTP server are the only requirements
• Powerful - ever wonder what it'd be like to walk into a room of computers, turn them all on, press F12, and come back an hour later to fresh installs of (your OS here)? I've done it with Windows, and I must say, it's management/installation/reinstallation bliss.

PXE isn't:

• A way to "network boot this ISO image I have here" (but it is possible given time)
• ... even related to the boot loader or actual software side of the computer. It downloads a file, it runs a file, that's IT. It's not a kernel, it lacks any real form of hardware support. It exists to run something else, not run your system for you.
• Diskless booting. Sure, it CAN do that, but again, PXE isn't there to run your system for you.
• Thin clients. Refer to above statement. And statement above said above statement. You get the idea.
• Overly detailed. When I started messing with PXE, it made little sense as a whole and felt very hacked together once I got it working. This was largely due to a lack of documentation.

In sum, PXE has a vast number of capabilities, but PXE in and of itself is pretty much worthless. You can't feed it an ISO of a bootable CD and say "Go!," nor can you magically make an entire lab of computers run Firefox without hardrives. I'll admit it in full: PXE does not run your computer for you. You are in charge of that. But, it certaintly can help in installing OSs or running entire diskless labs. If this seems unclear, I'm sure the latter articles will clear it up.

In the next few parts, I'll use the following software: ISC DHCP, tftp-hpa, pxelinux, memtest86+, and maybe a little bit of the debian installer. Who knows, maybe I'll splurge and go overboard with some CentOS installation over PXE, but for the most part, you're safe with the previous list. (Don't go downloading all of the debian CDs though, as we won't be using them.)
It should also be noted that I have written and maintain the only wiki (that I know of anyways) that is dedicated to the topic of PXE booting. For the curious, that wiki is available here.

Microsoft Windows Vista was recently released. To be honest, I'm excited for it. It brings countless good things to the windows world, and to be blunt, XP is beginning to show it's age. (Windows 2000 is timeless though, in my opinion. Maybe I'll post my thoughts of Win2k vs WinXP vs Vista eventually, we'll see.) Let me say that one more time:

I am glad that Vista was released. It is an upgrade. It is worth purchasing. There are too many advantages, both in terms of the technical side of Vista, and user interface side of Vista, to think otherwise. Once again: Vista is good.

I run a network for small business. It's a Windows network, through and through. Pair of Win2k3 servers in two locations, a copy of MSSQL, and two point to point T1 lines linking three buildings together. It's all built on Windows Server technology, and I'll be dead honest here: I haven't found a better, easier to use, scalable server system than that of Windows Server. Let's do this in bold too: Windows Server is good. Windows Server makes me happy, and it makes all of the employees happy (even though they could care less, they just want to work.).

So what did I do the day Vista was released to the public?

Blow away my last copy of WinXP. Destroy it. That was also my last copy of anything Microsoft that I use for my own personal computing. Hear that? No more WinXP in my blood. No more XP on anything that I personally use, be it at home or at school. Bye WinXP. Vista is out, and I don't care what the critics and journalists say: Vista is worth purchasing.
So, I replaced my copy of XP with Linux.

And it feels good. So very good.

My number one complaint about Vista is two-fold: versions, and limited features/too many features. I run networks, I build networks. My primary computer has five different NICs in it, three of them are 1000mbit and two of them are 100mbit. Further, I have a PCI wifi card in there, and my router is a soekris box with a hand-rolled distro running on a CompactFlash card. I like my networks, and I like them a lot.

Know what I like MOST about networks? Networking. You know, intra-device communication. The flexibility that networking provides. File is on another computer? So what, just click click, bam, your file is in front of you, even if you're on the opposing side of the globe. Networking is fun.

Networking with Vista is not. Now, don't get me wrong: new TCP/IP stack? Re-worked IPSEC support? Hate to break it to you people, but with about seven clicks (with Vista) I can literally move three buildings from open TCP/IP to straight IPSEC communications between ALL computers, using SSL certificates. Seven clicks, and I have a network that runs IPSEC flawlessly, and effortlessly. And no, the IPSEC implementation isn't broken: it works, and it works well. I'm not trying to say that Vista has horrible networking with that earlier line. The network stack, the possibilities... I love.

What I hate is the arbitrary limitations imposed upon the different versions of Vista. For example, lower end versions of Vista cap the number of connections you can have to any specific computer at five. Let's count.. my desktop, my other desktop, my laptop, my brother's computer, the family computer, my sister's computer, and my xbox. Oops, seven. Vista Home Basic is out of the running.

Also, Remote Desktop (aka 'RDP') has been essentially removed from Vista Home editions. I can't bring up the computer's display at will anymore, I have to install VNC or something similar.
It's these little things that get at me. Want feature X? Gotta spend more money. More connections to a computer than Y? Yeah, spend more money, but note that you're capped at 10 period unless you drop several thousand on a copy of Windows Server, and oh, we don't have Vista Server out yet, it'll be another year or so.

This is the biggest reason I switched to Linux: there are no arbitrary limitations imposed. Anywhere. I can connect thousands of machines to this one, and I can type a single line to bring a window from a desktop to my laptop, in a secure fashion, from anywhere in the world.

Let me give you a scenario here, from my everyday work. At school, I use my laptop for everything. Notes, research, papers, reading, the works. All of my work is kept in a subversion repository. Because of this, I can access my up to date notes from pretty much any computer and any OS anywhere.

I get home, and turn my laptop on. It boots up, and I place it in the dock. The laptop automatically detects that it has been docked, and brings up the wired ethernet interface. As a part of this process, it also registers with my LAN DNS server as it obtains an IP, and then commits my most recent set of school notes to the subversion repository. At this point in time, I can type a line into my desktop, and update my desktop's copy of my notes with the most recent version.

Further, because it has registered with my LAN DNS server, I don't need to worry about assigning static IPs. This can be taken one step further: whenever anyone brings over their laptop, they get the same treatment (I should mention that I run an iTunes server on my desktop also. Not apple software, but linux software providing the same functions).

Because I run linux on my laptop and desktops, I can type one more line and bring up windows from my laptop on to my desktop. If I have a bookmark I want to grab, I just run firefox on my laptop and watch the window appear on my desktop.

Earlier up, I mentioned I have an xbox connected to my network, and counted it as a computer connecting to my other computers. Why? It's a modded xbox, running a copy of XBMC. XBMC uses libsmb from samba to give it networking with other windows computers, in addition to having UPnP support, and the ability to browse for iTunes shares on the network.

You know those mockups that Microsoft and Apple have every so often, where it shows the "house of the future"? Where someone walks in with a laptop and wirelessly collaborates with the people in the home? How the music is there to be listened to, the videos to be watched, and work just "gets done" because of the transparent technology powering it?

Hate to break it to you, Microsoft and Apple, but I've already got all of that and then some. It didn't cost me a dime, it works flawlessly, and I can bring as many networked devices I please into the fold without paying more to get around an arbitrary limitation. I've got an xbox that can play any assortment of video and audio at 1080i resolutions in 5.1 surround, laptops plug in (or wifi in) and mystically "just work," and then "just work" with the desktops in a beautiful unison.
I should also note that the Windows Server network I run has its bits moved around by linux routers. Sure, Windows Server powers the desktops, but the bits don't move from site A to B to C on their own, and quite frankly, I wouldn't want anything Microsoft doing that for me.

I love open networking. As a direct result of networking with open technologies, I already have the home of the future. Plus, all of my private networking is encrypted, transparently. Anything that's "open to the public" is, well, just that: open. It's a beautiful thing.

Sorry Vista, you don't fit that bill at all.