Tom Voboril: 2015

05 November 2015

Fiber Networks Demystified

As sysadmins, it used to be that fiber networking was something we dealt with after it was installed. We might buy specific hardware, or have it provided for us. For most sys-admins and network techs, fiber was a magic place that worked and worked well. If it broke.... we had bad days. The reality is, fiber networking is not that complicated. There are, believe it or not, more standards for copper cable than there are for fiber. We only use a few standards for either one.... so stop getting freaked out.

In the beginning, there was OM1. This orange, 62.5µm cable has been a part of most major installs since the mid-'70s. It is fragile, has limited range, and limited modal bandwidth. It DOES, however, still have 3 times the max distance of CAT 5, 5e, 6, or 7. My biggest problem with the old OM1 (Old Military 1) is that it is much more fragile than the other cable types.

We then moved to 50µm cable for LED-driven optical networks. It was great. It doubled the max distance for data transmissions, it's more durable, it has double the modal bandwidth of OM1. What it did not do, was efficiently transport laser optics, because like the OM1 fiber, it had imperfections in the core of the fiber, so you have to use a conditioning cable at launch.

Enter OM3 and OM4, laser Optimized and laser Enhanced fiber. These two are designed to be more efficient with laser optics, but will also carry LED optics more effectively.

Why not that Single-Mode Fiber.... that goes farther. Sure. It does... 9µm single-mode cable is capable of something like 80km. Single-mode fiber is different from multimode fiber in the way light travels along with the fiber.

The question, then, is what you are in need of, and if you are going beyond 1100m. Single-mode fiber has even fewer standards than multimode.

Standard	Wavelength	Max Range
10GBASE-LR	1310 nm	10 km
10GBASE-ER	1550 nm	40 km
10GBASE-ZR	1550 nm	80 km

Multimode has a few more options.

Ethernet Standards
Speed	Standard	Media	Distance
1 Gb/s	1000BASE-T	Cat 5/5e/6/7	100m
	1000BASE-SX	OM1	300m
		OM2	600m
		OM3	1000m
		OM4	1100m
	1000BASE-LX	OM1-OM4	550m
	1000BASE-LX/LH	SMF	10km
	1000BASE-ZX	SMF	70km
10 Gb/s	10GBASE-SR	OM1	30m
		OM2	150m
		OM3	300m
		OM4	550m
	10GBASE-LRM	OM1	220m
		OM2	260m
		OM3-OM4	400m
	10GBASE-T	Cat 6 ^(unshielded)	55m
	10GBASE-T	Cat 7/6 ^(shielded)	100m
	10GBASE-LX4	SMF	10km
	10GBASE-ER	SMF	40km
	10GBASE-ZR	SMF	120km
40 Gb/s	40GBASE-SR4	OM3	100m
40 Gb/s	40GBASE-SR4	OM4	150m
100 Gb/s	100GBASE-SR10	OM3	100m
100 Gb/s	100GBASE-SR10	OM4	150m

To be honest, pick your speed, pick your distance, and you will have your standard and cable. In my opinion, if you are running 1Gb, use SX optics, if you are running 10Gb, run SR.... done.

I mentioned different fiber cables before. I need to be clear. Even though OM3 and OM4 are optimized for laser, they will still run your SX network. OM3 and OM4 are backward compatible.

You might want to click on this chart to view the larger version...

The 2 big rules are:

1) Don't Mix and Match. You can do that with CAT-whatever, you can't with fiber.

2) Keep it clean. We are talking about glass and light... even the grease from your hands will get you dirty packets..

Also, as an aside. Be nice to the next guy, or gal, that works on your fiber. Stop using ST cable connectors. They are stupid, and my fat fingers can't use them in tight spaces. You have other options.

In short. Don't make yourself crazy. It will all work out.

I have compiled everything into a "Fiber Demystified Cheat Sheet" Use it... enjoy it. If you find mistakes, leave a comment below!

Disclaimer

The information contained in this website is for general information purposes only. The information is provided by Tomas Voboril and while I endeavored to keep the information up to date and correct, I make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the cheat sheet or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will I be liable for any loss or damage, including, without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website. Always check with your Vendor, Systems Admin, and Installer before making major decisions.

09 October 2015

Top Five Giveaway Fountain Pens

This weeks Friday Top Five is Giveaway Fountain Pens. I am doing this one before the Top Five Starter Fountain Pens for 2 reasons:

1) I have found that a lot of people will be introduced to fountain pens by someone else and don't usually just go out and pick up the hobby (of course there are exceptions... I decided in high school that I was going to write with fountain pens without anyone encouraging the hobby.)

2) I just bought a bunch of fountain pens to give away, so the idea is on my mind...

My guidelines for a giveaway fountain pen are dependent upon whether or not I will be around the pen as they start to use it, and how much time I have to tinker with it before I give it away.

If I am going to be around, I don't mind giving away a piston filler, or cartridge converter, because I have bottles of ink they can refill from. If I do not have time to tinker, than I am not going to give away a really cheap pen that might not start writing well out of the box.

#5 The Hero 616

The Hero 616 is cheap, really cheap. It is a replica of the old Parker '51. Apparently some parts are interchangeable, but I haven't tried. I usually buy these in a pack of 10 from China, because I have to work on them before I give them away. Some of them won't work, but most of them can be put into use with a little bit of micro-mesh, a razor, and some shellac. This tends to be one of the last ones I give away, but if I have been using my Parker '51, then I give these away so they look like the pen I have been using.

Pros:

Holds enough ink to get a starter by for a while
Has built in converter
Does not dry out quickly
Classic Look
CHEAP
Comes in several colors

Cons

Poor build quality
Stiff nibs that need work
Can leak

#4 The Platinum Preppy

The Platinum Preppy is one of those quintessential give away pens. These pens can be bought from any major vendor. They will take Platinum's proprietary cartridge, their converter, or can be converted to an eye-dropper. Some people prefer the Platinum Plaisir, but I like these. Most of mine are converted to eye droppers, but then if they break or come unscrewed... it is a BIG mess.

Pros:

Holds a decent amount of ink
Will take Cartridge or Converter or Eye-dropper
Does not dry out quickly
Clear demonstrator
CHEAP
Comes in several colors
Decent Nib

Cons

Cheap plastic can break
Can leak
Looks very "kiddy"

#3 The Dollar 717iT

No, the Dollar Pen does not cost just a Dollar. The Company's name is Dollar. This pen comes from Pakistan, and generally can be purchased from eBay for just a few dollars. It is a piston filler, has a decent nib, and comes in several colors.

Pros:

Holds a decent amount of ink
Piston Filler
CHEAP
Comes in several colors

Cons

Will only take bottled ink
Can leak around the section
Not always easy to get

#2 Pilot 78g

The Pilot 78g is one of my favorite pens, not just to giveaway, but as part of my every day carry pens. These have surprisingly good nibs, normally have decent flow, and look nice. They are not always available in the U.S., and when they are they are 10-15$

Pros:

Has built in converter, but can also take cartridge
Great Nib
Classic Look
Comes in 3 colors

Cons

Hard to find in U.S.
Not as cheap as other options
Painted on gold bands will wear away
Does not hold a lot of ink

#1 Pilot V-Pen

The Pilot V-Pen is sold as the Varsity in the U.S., but I like the styling of the V-Pen better, and since my last name is Voboril, it's just better. These are disposable fountain pens, and they are really pretty amazing. No they can not be refilled, but the nibs are very smooth, they are super cheap, and they never ever dry out. I have never had a hard start or even a skip, that I can remember.

Pros:

Holds a lot of ink
Does not dry out, period.
Great Nib, smooth as butter
CHEAP
Comes in several colors

Cons

Disposable
Disposable
Disposable

I give away more Pilot V-Pens than any other. When someone is ready to move up to a starter pen, I usually help them with that too. To me, a starter pen is the gateway to the fountain pen world. If someone picks up a $400 pen, or sometimes even a $30 pen as their first fountain pen, they will be hesitant to use it all the time. These pens are pens you use every day, and if you loose it, or break it, you don't sweat about it.

29 September 2015

Pelikan M805 Blue/Black

There are few brands that I drool over more than Pelikan. So it was very exciting when I received this pen in the mail from Rolfe at Missing-Pen.de. First, I have to say, if you are looking for a Pelikan, I can not recommend Missing Pen enough. Rolfe is a joy to work with and his service is prompt and thorough. I was also treated with some of his store exclusive Diamine Ink "Racing Green" More on that later.

I have had this pen long enough now to get my thoughts together about it. I would have posted sooner, but we have had a lot going on. I guess the first thing to answer is "Why the M805 in Blue?" I can not afford a M1000 at this point, and I was nearly about to go for the M800 in red several years ago when I first started looking at getting one of these, but the blue just.... strikes my fancy.

My understanding is that the Pelican with its Baby has often been used as a symbol of Christianity because the Pelican will pierce it's own chest and feed its young blood if food is in short supply, which can be referenced to Christ, having His side pierced for all of us. For more reading on that: The Symbolism of the Pelican.

Engraving on the front of a Catholic Alter

I don't know if that was the intention of Pelikan, but I like the idea that it was. There are plenty of luxury fountain pen companies, so the idea that one might be a bit more noble, impresses me. I may just be coming up with excuses to like Pelikan more, but I think it's nice to be able to put my finger on some of the intangibles.... and I already like the brand.

And, seriously, there are plenty of reasons to like the brand. I enjoy all the details. The motif of the pelican moves on to the clip where the eye and bill are represented. That slight swoop at the end makes it a very functional clip too.

The pattern is also very interesting. I like the Stresemann pattern. It is different and interesting. There are very small imperfections in some of the blue strips, but I like it, it makes mine unique. The Pelikan website has a better explanation of the history of the man behind the pattern:

The foreign minister of the Weimar Republic, Gustav Stresemann (1879- 1929), was honored with the Nobel Prize for Peace in 1926: Together with his French colleague Aristide Briand, he was acknowleged for his reconciliatory work between the nations after World War I. Besides his impressive political career, Stresemann also became famous for the creation of a new kind of suit that was still sufficiently formal for official presentations and yet comfortable enough for his work at the office. Stresemann liked to wear suits with thin stripes, and, as life sometimes goes, a legend developed … and suddenly, people called the striped fountain pens from Pelikan -- that were just then starting their global tour of success around the world -- by the name of "Stresemann“.

Both the suits and the pens still carry that name to this day.

Being part of the Souverän series of pens, the 805 has a piston filling system. The differential screw piston filler is really one of the things that made Pelikan famous.

From: http://www.gentlemansgazette.com/pelikan-fountain-pen-guide/

Pelikan’s fountain pen was revolutionary in the sense that it had a piston mechanism that consisted of differential threads. This mechanism was invented by the Hungarian engineer Theodor Kovács and filed in 1921 and patented in 1923. Using two threads with different telescope thread leads, the piston moves much faster than with a single thread. This not only allowed for a quicker charging by simply turning a knob, but it also increased the capacity considerably. On top of that, the use of cork prevented the fountain pen from leaking. Pelikan bought the patent for this invention in 1927 from Kovács since he failed to create a working fountain pen with his Croatian business partners. Pelikan later substituted the cork with plastic as seen below, because cork dries out over time and decreases in volume, causing the fountain pen to leak.

That is a beautiful nib. I realize I am gushing about this pen, so it may be surprising that I had a small, short lived disappointment. I am not sure if mine just needed some break in time, or it had slight baby's bottom, or what, but I did have some skipping and hard starts until I had ran about 2 fills through it. I have heard that Pelikans sometimes need breaking in, so I was not too stressed... but I still think it should have written perfect out of the gate.

Other than that small hiccup, it has been a wonderful nib. It is a European Medium. I have found it true to my idea of medium. It is, of course, wider than a Pilot, or Sailor, etc. It does not really seem any wider than my Montblanc M, or my Lamy M.

It is an 18k gold nib, plated with rhodium. It is not a particularly soft nib, but it certainly is not a nail. It's nice.

I have other German pens, but these three are my German Knights. If I put the Lamy 2000 right next to the Montblanc 149 they would seem in more stark comparison; the Pelikan M805 is a nice balance between the two.

I do realize it would be more appropriate to compare the Pelikan M805 to the Montblanc 146, but I don't have a MB 146, I DO have a MB 149. I really want a Pelikan M1000 now, but it will have to wait, besides the M805 is really the perfect size for daily use. The two companies have a history together, too. There was even a time that Pelikan made the ink for Montblanc and Montblanc made the nibs for Pelikan.

This is not my best handwriting, but someone had commented that the Pelikan sizes run a bit broad compared to others. I can agree with this.

As I was taking the pictures for this post, my 7 year old reminded me that we had gotten TWO new pens. It is true, I also purchased a new pen for my wife. Neon Coral Lamy Safari, the limited edition color for 2014.

In conclusion, I am smitten. I love the pen. I love the nib, the size, the color, the whole brand. If you have ever been on the fence about Pelikan... come on in, the water is fine. I can also recommend Rolfe Thiel with Missing-Pen (http://stores.ebay.com/missing-pen) He is a joy to work with, has excellent service, and phenomenal prices.

My expectations have been exceeded, and that is a rarity. I am not often blown away.

28 September 2015

The Day the DNS Died / BIND Triage Server Array

(Credit Jon Watson)

DNS is such a pivotal, central, important part of not just internet browsing, but of everyone's IT infrastructure.... and yet, when it died, I was left to eulagize, alone, at its funeral. I don't mean to be melodramatic, and I am not going to start singing any Don McLean songs, but I do want to complain. I AM the IT department, so when something like this breaks and I come up with a great solution, I can't share with anyone.

The best I ever get to do is give analogies... and I usually send them before lunch so it usually has something to do with food or cars, or both:

Staff,

Our internet is running slow... Technically, our name resolution is running slow. The internet is now running much faster. It’s kind of like a pizza delivery guy who drives an Austin Martin DB9 with a super charged V8, but doesn’t know the area, doesn’t have a phone book and has a GPS device from the 90’s whose batteries have run out. We have been having collisions on the network, and our DNS (internet phone book) is trying to resolve every one of them. I am loading up a second DNS server right now, and separating internal and external traffic so we can get through testing, and you all can take advantage of our faster internet. Please be patient this morning and I will keep you all up to date.

- Tom

We should probably start at the beginning. I am the sys admin for an "Urban-Ring" School in the midwest. We have a fairly standard setup. We have fiber running from every rack and between every building. We have a standard AD Windows Domain setup with backup DCs. Our DHCP is also one of the Domain Controllers (DCs). It feeds both the primary Windows DNS Server and the slave. Because of the continual need for both internal and external resolution of names and addresses, our Windows machines serve up everything, and are the only DNS servers our clients see. We have a SonicWall with content filter, firewall, etc... for a gateway. All very standard.

I am very happy with our Windows servers. They are easy to manage, they are scale-able, and they have always done exactly what I wanted them to. We have several virtual networks on our one physical network. We are in the process of running more fiber so that we have 2 more physical networks. The problem entered in when we doubled the clients on the network. We are in the middle of switching our security cameras to IP cameras, and we just added 55 IPads to the system. We have the IP addresses, and we have the outgoing bandwidth. But one afternoon, everything screeched to a halt.

I was frantic. Running every test I know to run, I ruled out anything obvious. In the end I found an overworked primary DNS server and a useless secondary, and lots of collisions on the network. I needed a fast solution so that we could get through some standardized testing, and keep our IT services going until I could finish our expansion and put things right.

My solution was a BIND Triage Server Array. You will not find anything on google about a BIND TSA, but is seemed like a good name for what I was doing. Essentially, I needed a few forward only DNS servers to seperate out our internal traffic and outgoing traffic, and get it to the right place. I wanted to continue using my DHCP and AD DCs for internal resolution because it is more efficient and verbose for Windows machines. All of our IPads and such were not going to be authenticated by the firewall and content filter at the sonic wall. BIND is a fast, easy solution.

Here is how I did it:

Spin up CentOS 7, minimal install, headless.

Give the machine a static IP during install. The DNS server is going to be changed latter, at this point use your standard DNS, or 8.8.8.8 so that it can download additional programs.

Once you are up, install BIND and its utilities, nano (text editor), wget (to update your root fowards), and tcdump (to monitor things).

$ sudo yum install bind bind-utils
$ sudo yum install nano
$ sudo yum install wget
$ sudo yum install tcpdump

OR the quick and clean method of installing them all:

$ sudo yum install -y bind bind-utils nano wget tcpdump

The first thing I do, before I start editing my config file, is make sure my root fowards are up to date.

$ sudo wget --user=ftp --password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /var/named/named.root

Now, we can edit.

$ sudo nano /etc/named.conf

I changed a few things to make it simple. This is for a 192.168.0.0/24 test network, we use different subnetting, but that is for another day, 192.168.0.0/24 is simple. Change the IPs to match your network.

The listen-on port is the internal and static IP of the DNS server.
Change your allow-query to your network
Set your forwarders as your ISPs DNS servers
Change the name of the root fowards file
The two other zones are for your internal network. In this case 192.168.0.3 is the test networks AD DC, DHCP, and DNS server.

//
// named.conf
options {
        listen-on port 53 { 127.0.0.1; 192.168.0.2;};
        listen-on-v6 port 53 { ::1; };
        forwarders {
        8.8.8.8;
        8.8.4.4;
        };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24;};
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.root";
};
zone "myschool.edu" {
  type forward;
    forward only;
    forwarders { 192.168.0.3; };
};
zone "0.168.192.in-addr.arpa" {
    type forward;
    forward only;
    forwarders { 192.168.0.3; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Make sure you didn't jack it up....

$ sudo named-checkconf

Make sure clients can connect through your firewall.

$ sudo firewall-cmd --permanent --add-port=53/tcp
$ sudo firewall-cmd --permanent --add-port=53/udp
$ sudo firewall-cmd --reload

And, we want it to start on boot.

$ sudo systemctl enable named

and GO.....

$ sudo systemctl start named

Now we want to change our DNS server's DNS server, first check what the name of your NIC is.

$ sudo nmcli connection show

This DNS server's connection was p3p1.... so ...

$ sudo nmcli con mod p3p1 ipv4.dns "127.0.0.1"

At this point, change the DNS servers for your clients to the DNS servers static IP, and we can test the system. The following command will let you log all the queries going to the new DNS server.

$ sudo rndc querylog

To actually see the logs....

$ sudo tail -f /var/log/messages

or get fancy with perl .... do install perl

$ sudo tail -f /var/log/messages | perl -pe 's/.*named.*/\e[1;31m$&\e[0m/g'

If you want more information, use tcpdump. Note that you use the name of the NIC connection, in this case p3p1.

$ sudo tcpdump -n -s 1500 -i p3p1 port 53

Spin up a second one to make sure you are redundant. I actually found that this works really well, and may leave it like this for a while. It is easy, peasey, and quick to change.