Hardware Raid is Dead and is a Bad Idea in 2022
Hardware Raid is Dead and is a Bad Idea in 2022 – Level1Techs
Why Single-Port LAGs?
I recommend always using LACP for external connections. It will make your life easier, even when you only have a single connection. Here’s why we do it.
Source: Why Single-Port LAGs?
LibreNMS Alerts
An overview of LibreNMS alerts used to monitor different anomalies.
RPKI Session down – JUNOS
Trigger alert if we logged a RPKI session has gone down within the last 1 hour. Match based on syslog events from device. (Device > log > syslog)
syslog.msg LIKE '%RPD_RV_SESSIONDOWN%'
AND syslog.timestamp >= macros.past_60m
AND macros.device_up = 1Broadcast packets exceeds threshold – JUNOS
Trigger alert if more than 300 broadcast pkt/s on 10/25/100 GbE interfaces. ifAlias (interface description on the network device) needs to begin with “PEERING”.
ports_statistics.ifInBroadcastPkts_rate > 300
AND ports.ifAlias LIKE 'PEERING%'
AND macros.device_up = 1
AND (
ports.ifName LIKE 'et-%'
OR ports.ifName LIKE 'xe-%'
)RouterOS Script: Check Google Global Cache Cluster
Open the built-in editor
/system/script/edit value-name=source check-ggc-clusterPaste the script content
:global currentGGCcluster;
:local result;
:local data;
:local newGGCcluster;
:set result [/tool/fetch output=user url="https://redirector.googlevideo.com/report_mapping?di=no" as-value ascii=yes];
:set data [:tostr [:pick $result [:find $result "="] [:find $result ";"]]];
:set newGGCcluster [:tostr [:pick $data ([:find $data ">"] + 2) [:len $data]]];
:if ($newGGCcluster != $currentGGCcluster) do={
:put "SP GGC Cluster $currentGGCcluster changed to $newGGCcluster";
:set currentGGCcluster $newGGCcluster;
/log info "SP GGC Cluster $currentGGCcluster changed to $newGGCcluster";
}Add the scheduler (policy not restricted, probably should be)
/system/scheduler/add interval=1d name=check-ggc-cluster on-event="/system/script/run check-ggc-cluster;" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startupCheck variable contents
/system/script/environment/print detail where name=currentGGCclusterMikrotik CG-NAT using NETMAP and hardware offload NAT – The ForwardingPlane
#useIPv6
Mikrotik CG-NAT using Netmap and hardware offload NAT
Source: Mikrotik CG-NAT using NETMAP and hardware offload NAT – The ForwardingPlane
Add Danish NemID X.509 public certificate to RIPE Database
General
If you ever used the RIPE Database.
You know the following RIPE Maintainer Authentication methods is possible.
- SSO (a.k.a. single sign on)
- key-cert (GnuPG keys + X.509 certificate)
- MD5 encrypted passwords
NemID
- IF you have the danish NemID follow the guidelines here to configure NemID on your computer. And then for you email program.
- Go find your public certificate here and download it.
- Open the certificate locally on your computer and prepend every line with ‘certif: ‘ so it looks the example below. Remember the key-value pairs:
- key-cert: auto
- mnt-by: xyz
- source: ripe
Example
- from older RIPE documentation.
key-cert: AUTO-1 certif: -----BEGIN CERTIFICATE----- certif: MIID8zCCA1ygAwIBAgICAIIwDQYJKoZIhvcNAQEEBQAwcTELMAkGA1UEBhMCRVUx certif: EDAOBgNVBAgTB0hvbGxhbmQxEDAOBgNVBAoTB25jY0RFTU8xHTAbBgNVBAMTFFNv certif: ZnR3YXJlIFBLSSBUZXN0aW5nMR8wHQYJKoZIhvcNAQkBFhBzb2Z0aWVzQHJpcGUu certif: bmV0MB4XDTAzMDkwODEwMjYxMloXDTA0MDkwNzEwMjYxMlowfTELMAkGA1UEBhMC certif: TkwxETAPBgNVBAoTCFJJUEUgTkNDMRAwDgYDVQQLEwdNZW1iZXJzMRgwFgYDVQQD certif: Ew91ay5idC50ZXN0LXVzZXIxLzAtBgkqhkiG9w0BCQEWIHRlc3QtdXNlckBsaW51 certif: eC50ZXN0bGFiLnJpcGUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC certif: AQEArv3srxyl1QA3uS4dxdZbSsGrfBrMRjMb81Gnx0nqa6i+RziIf13lszB/EYy0 certif: PgLpQFdGLdhUQ52YsiGOUmMtnaWNHnEJrBUc8/fdnA6GVdfF8AEw1PTfJ6t2Cdc9 certif: 2SwaF+5kCaUDwmlOgbM333IQmU03l3I1ILs32RpQyZ+df/ovHNrVzeLc2P59isac certif: bfjM2S0SXPQzHjuVLH40eOgVuXA/5LAYs51eXqwtKszSxFhqekf+BAEcRDrXmIT4 certif: e3zfiZOsXKe0UfaEABgHUMrYjsUCJ8NTMg6XiVSNwQQmXCdUbRvK7zOCe2iCX15y certif: 9hNXxhY/q/IW54W5it7jGXq/7wIDAQABo4IBCDCCAQQwCQYDVR0TBAIwADARBglg certif: hkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMBoGCWCGSAGG+EIBDQQNFgtSSVBF certif: IE5DQyBDQTAdBgNVHQ4EFgQUzdajNaRorkDTAW5O6Hpa3z9pP3AwgZsGA1UdIwSB certif: kzCBkIAUHpLUfvaBVfxXVCcT0kh9NJeH7ouhdaRzMHExCzAJBgNVBAYTAkVVMRAw certif: DgYDVQQIEwdIb2xsYW5kMRAwDgYDVQQKEwduY2NERU1PMR0wGwYDVQQDExRTb2Z0 certif: d2FyZSBQS0kgVGVzdGluZzEfMB0GCSqGSIb3DQEJARYQc29mdGllc0ByaXBlLm5l certif: dIIBADANBgkqhkiG9w0BAQQFAAOBgQByg8L8RaiIz5k7n5jVwM/0oHSf48KRMBdn certif: YdN2+eoEjVQbz48NtjbBTsOiUYj5AQWRHJrKtDQ+odbog0x7UsvhXjjBo/abJ6vI certif: AupjnxP3KpSe73zmBUiMU8mvXLibPP1xuI2FPM70Y7fgeUehbmT7wdgqs7TEtYww certif: PeUqjPPTZg== certif: -----END CERTIFICATE----- mnt-by: YOUR-MNT source: RIPE
Afterwards you should be able to sign emails send to “RIPE Database” <auto-dbm@ripe.net> with your NemID certificate and the updates gets approved if your maintainer has authorization over the object you try to create/modify/delete.
Myer-Briggs Avatar Chart – bradgarbus.com
Source: INFJ Posters & Charts – Brad Garbus, LPCA
Single-sign-on wordpress+mediawiki
If you want a singe-sign-on solution for wordpress and mediawiki, try reading this post, should work.