So. I have yet another new toy. Granted, this is my first real toy toy.
I didn't even really want it, like want want it.
Nor was I looking for it.
Was humouring the sales guy at the car dealer, who was busy trying to sell me on a Tuscon, Santa Fe, or Genesis. The aforementioned three are pretty weak compared to the Volvo.
"So, I'll try the next trim-level Genesis, maybe it'll be better than the base." I says.
"Let me take a look around the used lot, while you check if there's one free to drive." I says.
"Huh... a Lancer. Nice. Wait… that's an Evolution. Wonder which salesman owns that. …No plates? Uh… Hey! What's up with this Evo?"
There you go. That's the story of how the downpayment for anther house became a toy, and enough debt to keep me from just up and stopping from going to work suddenly. At least for a little while.
It's been a while since I've driven a standard. This one came with a racing clutch among other things, which I proceeded to stall about 5 times on the test-drive.
Since acquiring it 5+ weeks after making payment, the number of stalls has increased to a total of 21 over the span of two days, though the rate at which they occur has decreased exponentially.
Just in time for fall and winter. Smart.
Replaced an old Soekris at work couple weeks back. Poor old thing had 1388 days of uptime.
Alas, the replacement was necessary to turn a previously abandoned transmission site isolated on a 3rd party's network, into a customer-ready site, jerry-rigged into our AS.
Took a wee bit of fiddling, but found the right knobs to tweak to replicate some of the tricks we use on our cisco boxes to make management happen in stupid places without the hardware or budget to do it properly.
Probably easier to just use BGP for the whole deal, but our OSPF RIB is already polluted with so much garbage from all the bad ideas that were pushed into production over the years anyway. As such, it's becoming the dumping ground for bad (albeit, fun) ideas like this one.
Relevant config here for future self-reference - obviously, severely obfuscated from the production environment.
The keen observer will notice that there's no IPSEC here. Because of company policy to drive end-of-life equipment into the ground, we lack sufficient resources for shaping or ACL's, let alone crypto at our aggregators. My gif(4) and IPSEC experiments will have to wait until I have sufficient boxes, and enthusiasm to pursue this of my own accord.
The diagram:
On the Cisco:
!
interface Loopback254
description Public tunnel termination interface
ip address 172.20.254.254 255.255.255.255
!
interface Loopback101099
description 1010 Fake St, Nutley. Z-end network
ip address 10.10.99.1 255.255.255.255
!
interface Tunnel101099
description 1010 Fake St, Nutley. Management tunnel
ip unnumbered Loopback101099
ip mtu 1476
ip ospf 1 area 10.10.99.0
tunnel source Loopback0
tunnel destination 192.168.99.223
!
router ospf 1
router-id 172.20.254.254
area 10.10.99.0 stub no-summary
!
end
On the Soekris:
bsd~ grep inet /etc/hostname.vlan99
inet 10.10.99.0 255.255.255.0 NONE up
bsd~ cat /etc/hostname.gre0
192.168.99.223 172.20.254.254 netmask 255.255.255.255 link0
tunnel 192.168.99.223 172.20.254.254
inet alias 10.10.99.2 255.255.255.255
up
# Alias and static route to R01. Without these, ospfd sends hello's directly out the
# upstream interface un-encapsulated, instead of over the tunnel
!route add -host 10.10.99.1 -iface 10.10.99.2
bsd~ sudo cat /etc/ospfd.conf
router-id 10.10.99.254
area 10.10.99.0 {
stub
interface gre0:10.10.99.2
interface vlan99:10.10.99.254 {
passive
}
}
Less the underlying config for a happy BSD and Cisco box (Routing tables, outbound interfaces, etc…), you should wind up with something along these lines;
bsd~ ospfctl show neighbor
ID Pri State DeadTime Address Iface Uptime
172.20.254.254 1 FULL/P2P 00:00:34 10.200.6.1 gre0 31m
On paper, this looks goofy as all hell, but is a fun way to exploit the longest prefix wins rule. Plus, our IGP tables are already polluted with far, far worse garbage that won't be going away any time soon. The real world has a habit of destroying all hope one had of running an efficient, clean, easy to manage network.
One caveat is access to/from our NMS. Since the amount of impact and network noise from this cruft is limited by the stub, a static route was necessary (Augh!).
Also, now that I think about it, the 'ip unnumbered loopback' in the example is a left-over from plastering this over top of multiple tunnels to the same site. Here, it's un-necessary.
That said, learn from my tomfoolery. Just because you can, don't… just don't. Do not do this to your network.
Moving right along.
I'm loving this album. Having watched the music videos, I recollect having watched them late last year as they were being released. I don't recall enjoying the songs nearly as much then as I do now.
Weird.
Long post is long. Here, have a music video.
