Posts Tagged networking

FriendlyElec NanoPi NEO2, a better sub-$20 Linux computer

NanoPi NEO2 by FriendlyElec is a new sub-$20  Linux microcomputer, built on Allwinner H5 SoC, providing a Gigabit Ethernet and USB 2.0 interface. Also additional interfaces are possible via expansion headers (needs some soldering work). The board is equipped with 512MB DDR3 RAM.

It is highly recommended to buy the heatsink alongside with the board. The CPU is heating up quite significantly, and it needs cooling. With “stress -c 4” CPU load test, “armbianmonitor -m” shows the core temperature rising up to 75C. The board sustains long-term load under such conditions. But with a fan, the core temperature drops below 40C, and the power consumption drops significantly too.

The plastic 3D-printed enclosure is of little use. First, it’s quite easy to break when you insert the board. Also it does not fixate the heatsink properly.

So, I ended up in using the original cardboard packaging as a base for the board, just to avoid extra touching of electronic circuits, and to fixate the USB power cable:

IMG_20170416_155513436

Armbian nightly image booted without problems. Up to now, I noticed the following minor problems with it:

  1. it does not come up after reboot;
  2. “cpufreq-info” complains about unknown driver.

Network traffic tests with tcpkali (debs, deb build scripts) demonstrated that the CPU is able to saturate the Gigabit Ethernet port with TCP traffic, reaching above 900Mbps throughput.

All in all, this board looks much more reliable than Orange Pi Zero: it can work for long hours with an  USB Wifi dongle, whereas OPI0 was hanging up after few minutes of work (using the same USB power cable and power source and the dongle). UPD: the board doesn’t actually hang up, but the WiFi interface stops transmitting packets for some reason. Needs further investigation.

UPD: I tried to flip the board with the hope for better heat dissipation (below), but it appeared to be much worse, and the peak temperature reached 85C:

IMG_20170417_180933194[1]

Advertisements

, , , ,

6 Comments

Orange Pi Zero, a sub-$20 Linux computer

Orange Pi Zero with 512MB RAM, expansion board and black case is sold for sub-$20, including postal costs, and it is so far the cheapest Linux device you can buy.

Armbian project provides a dedicated image for this board. The nightly build is quite stable, and there’s also legacy kernel which works well.

The computer is equipped with a 100/10 Ethernet NIC, and the top throughput that I could achieve was about 90Mbps.

The on-board WiFi adapter is of very poor quality: regardless of the antenna attached, it gives about 6Mbps connection speed and excessive packet loss (up to 20% lost pings). It’s useless for any practical application, and it’s easier to disable it completely.

The two USB ports on the expansion board are not enabled by default in the legacy kernel. You need to add the following line to /boot/armbianEnv.txt file, and reboot the box:

overlays=usbhost2 usbhost3

In order to disable the onboard WiFi, comment the top line, and add another line in /etc/modprobe.d/xradio_wlan.conf:

#options xradio_wlan macaddr=DC:44:6D:1F:3C:14
blacklist xradio_wlan

Then, run the following commands to update the kernel boot parameters:

depmod -ae
update-initramfs -u

The onboard USB ports are not extremely fast: with an GigE or Wifi USB adapter, the maximum speed that I could achieve was about 40Mbps. But at least you get a stable and reliable connection.

The micro-USB OTG port is used for powering the device, and the board can freeze if the power consumption on USB ports is too big. For example, an external USB drive is very likely to knock the whole thing off. A WiFi dongle can freeze at bulk traffic loads. So, it’s advisable to use an external USB hub for attaching devices.

Network Manager is installed by default by Armbian, and that allows easy plug-and-play WiFi configuration, adding new SSID and passwords from “nmcli” command-line interface.

All in all, it’s still quite a pretty device in a small enclosure. It can be used as a low-cost or throw-away network agent or VPN gateway for remote access. Also it can act as a measurement agent for all kinds of network testing, especially if you need a massive deployment and price difference is important.

, , , ,

2 Comments

tcpkali, TCP load generator

tcpkali is a lightweight and  easy-to-use tool that allows you to generate a traffic load with multiple TCP sessions. You push the load in one or both directions at the same time. Also the tool works easily over a NAT’ed connection. This tool is great if you need to test QoS for VoIP applications.

Here’s an example of a bidirectional load test:

# listening machine: listen on tcp port 8000, send traffic, and use 4 threads.
# the program will exit in 1 hour.
tcpkali -l 8000  --listen-mode=active -m X -T 1h -w 4

# connecting machine: send traffic using 4 threads and 10 simultaneous sessions
# for 1 minute
tcpkali 192.168.1.109:8000 -m Y -c 10 -T1m -w 4

The above test between directly connected PC Engines APU2 boards has shown 1Gbps of traffic, and the average CPU load was about 50%.

Also here are the packaging instructions for Debian, and a 64-bit binary package for Debian 8.

, , , ,

Leave a comment

Quick IP prefix calculation

It’s a quite common task that you need to translate an IP address into a prefix — for example, when creating an IP prefix list from a set of addresses. Here’s a simple Perl script that helps it:

sudo apt-get install libnetaddr-ip-perl
cat >getprefix.pl <<'EOT'
use strict;
use warnings;
use NetAddr::IP;
if( scalar(@ARGV) == 0 ) {
    die("Usage: $0 PREFIX ...");
}
foreach my $pref (@ARGV) {
    my $ip = NetAddr::IP->new($pref) or
        die("Cannot create NetAddr::IP from $pref");
    print $ip->network()->cidr(), "\n";
}
EOT

# testing
cat >/tmp/x <<'EOT'
10.1.1.1/23
192.168.5.3/28
EOT

cat /tmp/x | xargs perl getprefix.pl | awk '{print "set ", $1}'
set  10.1.0.0/23
set  192.168.5.0/28


, ,

Leave a comment

3G connectivity for PC Engines APU (MC8775)

PC Engines’ APU board has its mPCIe slot 2 wired to the SIM card socket, which allows using any standard mPCIe 3G modem. Most of modern modems are quite expensive, but there are plenty of Sierra Wireless MC8775 cards at aliexpress.com for around $20 apiece. This is a decent hardware, manufactured around 2007-2011. It doesn’t deliver the highest UMTS speeds possible, but still can be used in situations where speed is unimportant.

The cards that I bought came with firmware version 1_1_8_15, dated 2007/07/17. I didn’t test it fully, but there are some failure reports in the internet.

The firmware upgrade requires an adapter with a SIM card slot. I got mine from this eBay seller.

This page describes the firmware upgrade process. The links to istudioz.net are still valid, but you need to remove # (%23) from the URLs. The 3G watcher for the AirCard 875 is unavailable at its original place, but easy to find with Google. I got mine at this site. The upgrade requires a 32bit Windows machine, and takes about 20 minutes. I upgraded the firmware successfully with my old Vista laptop.

Also I bought the 3G antenna and the pigtail cable at aliexpress.

After inserting the 3G modem into mPCIe slot 2 and booting Debian Wheezy, the device was immediately visible as three serial USB interfaces (/dev/ttyUSB0  /dev/ttyUSB1  /dev/ttyUSB2). ttyUSB0 is used for data, and ttyUSB2 can be used for controlling the device with AT commands. The command “AT^CARDMODE” will tell if the SIM card is inserted, and “AT!GSTATUS?” displays the network status information. “AT+GMR” displays the current firmware version. Ctrl-a Ctrl-x sequence will finish the picocom session.

apt-get install -y wvdial picocom
picocom -b 115200 /dev/ttyUSB2 
AT^CARDMODE
AT!GSTATUS?
AT+GMR
Ctrl-a Ctrl-x

The following /etc/wvdial.conf works with Sunrise.ch 3G network:

[Dialer Defaults]
Modem = /dev/ttyUSB0
Baud = 460800
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Phone = *99#
Username = ''
Password = ''
Ask Password = 0
Stupid Mode = 1
Compuserve = 0
Idle Seconds = 0
ISDN = 0
Auto DNS = 1 

Execute “wvdial” comand from the command line, and it should immediately connect to the internet. The rest is easy: you can place wvdial into a startup script and execute it automatically at boot time.

, , , , ,

Leave a comment

DOCSIS troubleshooting: pinging and sniffing

A customer DOCSIS network had some strange issues with modem and MTA performance, and here are some simple scripts that were used for troubleshooting.

Read the rest of this entry »

, , , ,

Leave a comment

Call-home SSH scripts

Sometimes I need to set up quickly some presence in a customer network: to be able to access it remotely, or to run some network management scripts, and so on. Most of such networks are behind NAT or at least a firewall, and incoming connections from outside aren’t always easy.

But outgoing connections from a customer LAN are mostly not a problem at all. So, I bring my own small netbook and place it in the customer LAN. This netbook automatically makes an outgoing SSH connection to my central server (a VPS) and pulls an SSH tunnel so that I can access the netbook from outside.

This is a kind of a backdoor, and it makes sense to make your customer completely aware of what you’re doing.

For such purposes, I have a couple of cheapest 10″ netbooks. I’m using Acer AspireOne and some older eMachines netbooks because they were sold cheaply. Most other netbooks would fit too, but one should be careful about Linux compatibility (especially the video drivers might be a problem). They come with 1GB RAM and 160 or 250 GB hard drives. It’s quite trivial to upgrade them to 2GB RAM, although it’s not really necessary. You must only be careful about buying a new SODIMM with exactly the same clocking as the original one.

The netbooks run standard Ubuntu Linux, with SSH daemon enabled. If the user home directory is encrypted, you won’t be able to login with your public SSH keys, so better not encrypt it.

Read the rest of this entry »

, , , , ,

1 Comment

WiFi hotspot with an Ubuntu netbook

My task was to set up my Ubuntu netbook (Acer Aspire One D255E-13DQws) so that it acts as a wi-fi access point whenever I insert a USB WiFi adapter, and shares its existing connection, be it a wired RJ45 or WiFi connection on the built-in wi-fi card.

Among other use scenarios, it may be useful in hotels where only one WiFi client device is allowed in a room.

The below scenario is tested with Ubuntu 11.10, and it should work with older versions too. The TP-Link TL-WN821N is used by default, and also a Ralink3070 based adapter was working the same way.

Read the rest of this entry »

, , ,

1 Comment

IPSEC VPN connection between Racoon and Checkpoint

When connecting a Checkpoint firewall with a Linux or BSD server with Racoon software, the following error is quite typical in the very beginning of  Phase 1 negotiation:

2011-04-14 15:47:21: DEBUG: 40 bytes message received from 62.x.x.x[500] to 2
13.x.x.x[500]
2011-04-14 15:47:21: DEBUG:
30652081 6d92a9ee 00000000 00000000 0b100500 4bd389ff 00000028 0000000c
00000000 0100000e
2011-04-14 15:47:21: DEBUG: malformed cookie received or the initiator's cookies collide.

The ting is, racoon uses AES key length of 128 bit by default, and Checkpoint firewalls use AES-256 (for Phase 1 only 256-bit keys are supported).

The following configuration should fix the problem. Also “sainfo” line shows how to set AES-256 for  Phase 2:

remote 62.x.x.x {
        exchange_mode main;
        proposal {
                encryption_algorithm aes 256;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
                lifetime time 1440 minutes;
        }
        generate_policy off;
        nat_traversal force;
}

sainfo address 213.x.x.x[any] any address 62.y.y.y/24[any] any {
        encryption_algorithm aes 256;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

, , ,

4 Comments