Direct DSL Connections between Cisco routers

For some time I have a small test network with a number of old Cisco routers (mainly 2500 series). Recently I decided to purchase a c1841 through Marktplaats as the IOS versions of the 2500 is really ancient and is very limited for more complex setups nowadays (latest IOS version is 12.3)

With the c1841 I also obtained two SHDSL cards, specifically:

  • a G.SHDSL WIC (WIC-1SHDSL-V3)
  • a 2-pair G.SHDSL HWIC (HWIC-2SHDSL)

These cards are described in detail on Cisco’s website. It turned out that the G.SHDSL HWIC card is supported in my main router (a c1921), so I decided to connect my test network to my main router using a DSL connection using these two cards to fully separate the test network from my main networks (and for the fun of it). Cisco had a good guide available to set this up (see Configuring Cisco G.SHDSL HWICs in Cisco Access Routers and Setup back to back CPE connection and ) but as it turned out not to be totally trivial I decided to document my setup here as well.

Cabling

The nice thing about (SH)DSL is that it uses standard phone (CAT-4) cables that can be up to several kilometers long. For my test lab I started off with a standard (2-wire) phone cable with 6-pin RJ-11 connectors. (SH)DSL uses a straight connection where one of the ends should be put in CPE (subscriber) mode and the other one in CPO (office) mode.

As the 2-pair G.SHDSL HWIC (HWIC-2SHDSL) interface has two ports and I temporarily had two c1841 routers with a G.SHDSL WIC (WIC-1SHDSL-V3) I also created a splitter cable as per the Cisco G.SHDSL documentation (diagram below) to establish two DSL connections.

SHDSL RJ-11 splitter schematic
SHDSL RJ-11 splitter schematic

Dual DSL connection with 2 wires using a splitter cable

With the above cable it was quite easy to establish DSL connections between my c1921 router with the 2-pair G.SHDSL HWIC (HWIC-2SHDSL) card and two c1841with an G.SHDSL WIC (WIC-1SHDSL-V3) adapter. Unfortunately the 2-pair G.SHDSL HWIC (HWIC-2SHDSL) can only operate in CPE (client) mode so c1921 was running in CPE mode for both lines and the two c1841s both need to be set to CPO (office) mode. This setup looks like this:

c1921 with 2 DSL connections to 2 c1841s

Below is the configuration used:

c1921 with 2 DSL connections to 2 c1841s:

controller SHDSL 0/0/0
  dsl-group 0 pairs 0
  !
  dsl-group 1 pairs 1
  !
!
interface ATM0/0/0
  no ip address
  no atm ilmi-keepalive
  pvc 0/35
    encapsulation aal5snap
  !
  pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 2
  !
!
interface ATM0/0/1
  no ip address
  no atm ilmi-keepalive
  pvc 0/35
    encapsulation aal5snap
  !
  pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 3
  !
!
interface Dialer1
  ip unnumbered GigabitEthernet0/0
  encapsulation ppp
  dialer pool 2
  dialer-group 2
!
interface Dialer2
  ip unnumbered GigabitEthernet0/0
  encapsulation ppp
  dialer pool 3
  dialer-group 3
!
dialer-list 2 protocol ip permit
dialer-list 3 protocol ip permit

Obviously in a real-live setting additional statements will be required to ensure that firewall, nat, etc. are also correct but that is not the intention of this description. The above sets up the SHDSL adapter in 2-line more and defines two ppp connections over ATM and uses the IP address of the main GigabitEthernet interface also for the dialer interfaces. The corresponding configuration on the two c1841s is:

c1841 with DSL connections to c1921 (two times):

controller DSL 0/0/0
 mode atm
 line-term co
 dsl-mode shdsl symmetric annex B
!
interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 pvc 0/35 
  encapsulation aal5snap
 !
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer0
 ip unnumbered Loopback0
 encapsulation ppp
 dialer pool 1
 dialer-group 1
!
ip route 0.0.0.0 0.0.0.0 Dialer 0
!
dialer-list 1 protocol ip permit
!

This (re)uses the IP address of the Loopback0 interface for the dialer interface. Thanks to the default route all 3 Cisco’s will be able to reach each other. During the simple speed tests I was able to do I noticed that the DSL connection could almost reach it’s 2Mbit maximum throughput, even from one c1841 through to c1921 to the other c1841. For more complex routing I would recommend not using static routes but using a routing protocol like EIGRP (which I am using as well and will describe later).

Single DSL connection with 4 wires using a straight cable

As one of the c1841s was a loaner, I then decided to setup the permanent connection slightly different using a 4-wire cable and configured the c1921 and c1841 slightly differently to utilise all 4 wires of the cable. The benefit of this setup is that it doubles the connection speed to approx. 4.5Mbit (still not really amazing considering that my internet connection over fiber cable is 50Mbit, but a bit more). This setup looks like this:

Single connection with 4 wires using a straight cable

Below is the configuration used:

c1921 4-wire DSL connections to c1841:

controller SHDSL 0/0/0
 dsl-group auto 
  shdsl 4-wire mode enhanced
 !
!
interface ATM0/0/0
  no ip address
  no atm ilmi-keepalive
  pvc 0/35
    encapsulation aal5snap
  !
  pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 2
  !
!
interface Dialer1
  ip unnumbered GigabitEthernet0/0
  encapsulation ppp
  dialer pool 2
  dialer-group 2
!

This setup is pretty similar to that before apart from how the SHDSL controller is configured and there is also (due to this configuration) only 1 ATM interface (so also only Dialer interface needed). However, as the controller is changed it is required to issue the following command to remove the previous dsl-group definitions to switch from the previous setup:

controller SHDSL 0/0/0
  no dsl-group 0
  no dsl-group 1

Before this new configuration can be entered, which also removes all configuration of the ATM interfaces (the Dial interfaces are unaffected). The corresponding configuration on the c1841 is:

c1841 4-wire DSL connections to c1921:

controller DSL 0/0/0
 mode atm
 line-term co
 line-mode 4-wire enhanced
 dsl-mode shdsl symmetric annex B
!
interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 pvc 0/35 
  encapsulation aal5snap
 !
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer0
 ip unnumbered Loopback0
 encapsulation ppp
 dialer pool 1
 dialer-group 1
!
ip route 0.0.0.0 0.0.0.0 Dialer 0
!
dialer-list 1 protocol ip permit
!

With this new configuration early measurements indeed confirm the bandwith is higher, but not really doubled. As this is a connection to my test network, the performance is not really an issue but I like the idea of having physical cable that I can remove easily and the fact that my test network is not connected to my main switch / network in any way.

Reviving this blog again…

So… that intention from early 2015 to write things more often didn’t quite work out as you may see… As I changed jobs early 2015 I have not been able to post anything anymore since March 2015. Yes, the job was very demanding and I hardly had time to spend though that’s not the only reason for not posting (though it was all due to lack of time in the end).

Things are changing now (the change will probably be good, the reasons aren’t) so I will be reviving this blog again the coming days and weeks. I have literally hundreds of draft articles and ideas laying around to cover though time may still be the limiting factor…

I am currently creating an inventory of still to be covered topics to get started and expect to start posting regularly as of this weekend.

Resolved Apple CalDav issues with PostgreSQL startup

Today I noticed that my phone could no longer create any new calendar items. With Server.app I noticed that the Calendar (and AddressBook) services were no longer running and when checking their status, it took forever for the panel to load. Enabling the service again also took forever to not start (and unfortunately without any error message).

After some digging I found that the PostgreSQL server the Apple CalDav service uses internally was no longer running and issues starting In the logfiles in /var/log/caldavd/postgresql/ I found messages like:

2015-03-14 12:59:33.665 CET [689] LOG:  unexpected pageaddr 0/5DC82000 in log segment 000000010000000000000061, offset 13115392
2015-03-14 12:59:33.665 CET [689] LOG:  invalid primary checkpoint record
2015-03-14 12:59:33.679 CET [689] LOG:  unexpected pageaddr 0/5DC7C000 in log segment 000000010000000000000061, offset 13090816
2015-03-14 12:59:33.679 CET [689] LOG:  invalid secondary checkpoint record
2015-03-14 12:59:33.679 CET [689] PANIC:  could not locate a valid checkpoint record

I suspect these were caused by a crash a few days ago of my NAS that serves the iSCSI disks where the postgres data is stored. I spent a lot of time today to look for a solution (including trying to restore a backup and set it up from scratch, which all failed). In the end I found a clue in the manual page of pg_resetxlog:

DESCRIPTION
pg_resetxlog clears the write-ahead log (WAL) and optionally resets some other control information stored in the pg_control file. This function is sometimes needed if these files have become corrupted. It should be used only as a last resort, when the server will not start due to such corruption.

This pretty closely matched my situation so (after making a backup of the DB folder) I executed the following command in the folder where Server.app stores it data (by default that is /Library/Server/Calendar and Contacts but in my case that’s /Volumes/Data/Library/Server/Calendar and Contacts as I store all data on a RAID5 container on my NAS)

sudo -u _calendar pg_resetxlog -f Data/Database.xpg/cluster.pg/

After running this command the PostgreSQL for Services started again and my Calendar (and AddressBook) services were running again. So far it looks like I did not lose any data apart from a calendar entry that I had added on my Macbook in iCal.I am glad it is resolved, but I have to look into how backups are made so that the next time I at least know that I can get my calendar and contacts back…

Crashplan stopped backing up due to corrupt cache

Today I noticed that Crashplan running on my NAS was no longer backing up any files and that the backup set was 0 Mb and only 2 files (which should have been a few 100k files and > 350Gb). Rescanning the fileset didn’t help, neither did removing and adding the folders again.

After a little digging I noticed in the logs entries like (log message was a log longer but I only included the relevant part of it):

com.code42.exception.DebugException: BSM:: SET-1: Exception adding source file...skipping - fileStat=FileStat[/volume1/photo, exists = true, fileType = 1, length = 0, lastModified = 1419895925000, lastAccess = 1425690867000, created = 1419895925000], com.code42.backup.manifest.FileManifest$CorruptFileManifestException: CORRUPT FMF ENTRY FixedPortion[entryPosition = 186768232, fileId = 00000000000000000000000000000000, parentFileId = 00000000000000000000000000000000, fileType = 0, version = Version[timestamp = 0, sourceLastModified = 0, sourceLength = 0, sourceChecksum = null, fileType = 0]

Googling for this message did not render any result unfortunately and this part of the Crashplan system is rather obscure (nothing to debug, messages are limited. The only thing I could think of to try to resolve it was to drop the cache Crashplan maintains (in the cache subdirectory of the Crashplan installation). It turns out that this was sufficient as after a restart the cache was rebuild and the the scan resulted in the expected number of filed.

The steps I performed were:

  1. Stop the Crashplan engine
  2. remove all files in the Crashplan cache/ subdirectory
  3. Start Crashplan
  4. Enforce a rescan of the fileset in [Settings] –> [Backup] –> Verify Selection [Now]

Since I had removed the folders from the backup set I feared that I had to upload all data again to my external backup targets, but Crashplan was smart enough not to need that.

Cyrillic (and other language) support for the Pebble Watch

The stock firmware of the Pebble Watch only seems to support English and other western languages out of the box. As I sometimes receive messages and notifications in Cyrillic, it was annoying that these were not displayed correctly (i.e. all the unknown characters were replaced by a rectangle)

On the Pebble site itself there is nothing mentioned on how this can be enabled, so it looks like it is not supported out of the box. Fortunately the smart people of PebbleBits have found a way around this and offer modified firmware versions with support for additional character sets and also a small number of other patches. They state clearly that their site is not operated by or affiliated with Pebble in any way but it offers a very interesting Firmware Generator, which offers support for a number of language sets:

  • Symbols, Emoji
  • Latin-based: English, Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Hungarian, Icelandic, Italian, Latvian, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Slovak, Spanish, Swedish, Turkish
  • Cyrillic: Belarusian, Kazakh, Macedonian, Russian, Ukrainian
  • Other: Greek, Hebrew, Thai, Vietnamese

For modern firmwares (v2.5+) there seems to be sufficient place to add a number of languages, older firmware versions have some limitations. In addition to adding characters, it is also possible to apply a number of patches to the firmware itself:

  • Disable default watchfaces
  • Disable default main menu entries
  • Display phone number instead of contact name on incoming call
  • Additional quick launch options for apps
  • Change buttons layout of stock Music app (my favorite as it adds the option to control the volume)
  • Translate the interface to a another language

After the selection is made, the custom firmware can be downloaded. This should be done from a smartphone that is connected to the Pebble watch, the site works great on a mobile phone, but also provides a QR code that can be scanned by the phone to download the firmware. The installation is seamlessly done by opening the file with the Pebble app, which guides you through the process.

So far I have noticed that the watch works fine with the patched firmware and supports (in my case) Cyrillic notifications perfectly now.

For reference: here is a  link to the configuration I use.

Got a Pebble watch from Дед Мороз

pebble_watchLooks like Дед Мороз did not want me to completely get rid of Pebble as he brought me a Pebble Smart Watch for New Year!

The Pebble Watch is already on the market for quite some time and well supported by iPhone and Android applications. I will probably need some time to really find out what it can do, the notifications and music control are already nice features on top of being a nice watch. I know that Runkeeper also supports it, so something to check out the next time I go out for a run.

Once caveat I already found is that it does not support all characters in notifications out of the box and Cyrillic does not seem to be supported at all… something to dive into.

Happy New Year!

Happy New Year 2015Happy New Year and best wishes for 2015!

A new fresh year and wish you all the best for 2015, let it be a great year in which things only get better again for all.

As you can see also a new fresh website for my blog. I have moved over to WordPress as it suited my needs better and allowed me to simplify my setup (as I am hosting it myself).  During the course of last year I ran into small problems and issues with my setup of the Pebble blogging software I used. I still think Pebble was a great platform when I started using it a long time ago. There have hardly been any updates to the platform, which did not really bother me from a functional perspective, but did make me wonder whether there are really no security issues with it (or that they were just not found & fixed as it has a very small usage footprint). Besides the anti-spam mechanisms it had turned out not to work so I ended up manually removing spam comments just too often. Last but not least it required too much system resources as it requires a Java Servlet container that I do not need for anything else (anymore).

Therefore I decided last year to migrate my own and a few other blogs I host to a single WordPress 4 Network Instance. Migration was not flawless and I am still in the process of migrating the articles from last year (doing that manually) so expect some more content to be added the coming days/weeks. The design is still quite basic, I will clean that up once I find the time for that.

Let 2015 be a very good and productive year!

Piwigo LDAP module blocks upgrade to 2.7 :-(

Today Piwigo 2.7 became available (for info on what’s new refer to their announcement). While upgrading I noticed that the Ldap Login module I depend on is not supported and according to this announcement on the Piwigo forums probably never will be.

I did try to perform the update and patch the LDAP Login plugin, but had to five that up after spending more than an hour on it as it turned out that something had changed in the way authentication is handled in Piwigo. Since I was running out of time I had to leave that for now as it turned out not to be a simple fix.

For me this is bad news as I am depending on LDAP integration so for now I cannot upgrade. Since the 2.7 version is still very fresh (i.e. only announced today) I will just defer the upgrade to see if there is any movement on this plugin. If not, I will have to look for another solution unfortunately….

Will document any alternative solution here as well once I find it to help others with a similar dependency.

Clean Photo Album permalinks with Piwigo

I am playing for some time now with Piwigo to replace my Menalto Gallery3 online photo gallery. Key reason to look at another solution is that after the move from Gallery 2 to 3 the project (which took ages as it was a major overhaul of the code), the projects seems to have stalled.

So far I really like Piwigo as it has everything I need including iPhoto integration and a (simple) iPhone app. LDAP support is available through a plugin that is basic but suffices for my need. However, one of the key gaps for me was that it did not have any way to generate nice and simple URLs to albums that you can share easily (verbally). Although it was possible to define permalinks for an album, the URL remained ugly in my opinion.
Today I hacked a small patch together for the Piwigo 2.6 codebase that changes the URLs for photo albums to something like:

http://photo.mydomain.tld/albumname

which is exactly the way it worked for me fine (like I had with Gallery3). This only works for albums with a permalink defined, default album URL will retain the /category/<albumid> format, which is fine for my situation.

Steps to obtain more clean album URLs are:

  1. Apply this patch: piwigo-url-patch
  2. Add the following mod_rewrite rewriting rules to your Apache configuration
    RewriteRule ^/category/       /index.php/%{REQUEST_URI}               [L]
    RewriteRule ^/[^.]+$          /index.php/category/%{REQUEST_URI}      [L]

Again, in my setup this worked, I am still testing this so any feedback to improve is welcome. I did notice that occasionally the patch results in a / too many in URLs generated by piwigo, but that is silently ignored and does not affect the functionality.

To actually use the patch, define a permalink under [Administration] –> [Albums] –> [Manage] on the [Permalinks] tab.

Change Gitlab homepage using Apache’s mod_rewrite

For some time I have been looking for a way to share public projects easily using GitLab. With the Public Project option of GitLab this was already possible for some time, but it did not work quite as I would like to (i.e. I would like http://gitlab.mydomain.tld to be the URL for all public projects). Due to the way GitLab is setup, the default URL will redirect the user to the login page, which does provide a link to the Public Projects page, but was not quite what I want.

Of course, as GitLab is open source, I could change the code directly, but as I would have to do that after each upgrade of GitLab (which is monthly!) I did not want to do that. Today I found a way around changing the code by using the following mod_rewrite rules to my Apache configuration (I placed this in the <VirtualHost> configuration but should also work from a .htaccess file):

# Redirect /users/sign_in to /public unless it has a local refferer
# This makes the public projects page the homepage instead of the login page
RewriteCond   %{HTTP_HOST}@@%{HTTP_REFERER}    !^([^@]*)@@https?://1/
RewriteRule   ^/users/sign_in$                 https://%{SERVER_NAME}/public/          [R,L]

This is inspired by a blog post on referer checking from the Apache .htaccess file. To get to this solution I just had to realize that an internal redirect by the application clears the referrer and apply the opposite logic to intervene when this happened (no referrer implies a redirect, when the user clicks on a link the request will have a referrer). How this works is:

  1. The user visits http://gitlab.mydomain.tld/
  2. GitLab redirects this request to its sign_in page
  3. The browser requests the sign_in page, as this was a redirected page the referrer will be empty
  4. The above mod_rewrite rule kicks in and redirects the user to the public projects page

For me this setup works as I expect. The only caveats are that users with browsers setup not to provide a referrer (e.g. for privacy reasons) may no longer be able to login and that a direct link to the sign_in page won’t work (the user will be redirected to the public projects page and has to click the sign_in button). For my setup both are no issue, let me know through the comments if there are other issues or perhaps solutions for this.