Archive for October, 2017

Notes: EdgeMax (EdgeRouter)

Sunday, October 29th, 2017

Notes on working with an Ubiquiti EdgeRouter running EdgeMax.

Factory Reset

If you ever need to start over, you can factory reset by holding the Reset button for about 10 seconds, until the eth4 LED starts flashing and then becomes solidly lit. After a few seconds, the LED will turn off, and the EdgeRouter will automatically reboot.

Getting Started

Plug your computer in to PORT 1 (eth0). Connect to https://192.168.1.1 (note HTTPS). Accept that it lacks a certificate. Default user account is “ubnt” with password “ubnt” (and no quotes).

First things first, you should do an update. At the very bottom of the page, there is buttons for Alert and System. Click System, and scroll further down.

In another tab, you’re going to want to open this link:

https://www.ubnt.com/download/edgemax/edgerouter-x

Grab the latest firmware for your EdgeRouter. Then back in the web-ui, find Configuration Management & Device Maintenance->Upgrade System Image->Upload System Image.

Hop over to the Wizards tab, and run the Basic Setup. This will reconfigure the EdgeRouter so PORT 1 (eth0) uses DHCP to fetch an IP and Gateway to the internet. This is useful for connecting it to your existing network, and for when you have a Cable internet provider (i.e. no authentication required. it’s all MAC/Serial Number based).

This also sets up switch0, and a variety of other settings (NAT masquerading for the WAN connection, good WAN firewall defaults, a DHCP server for a normal LAN).

The Dashboard

The dashboard is the main tab you use for setting up interfaces.

After the wizard, we already have a virtual Switch (switch0) ready to go. If you drill down in to switch0’s settings (Actions->Config), you can define or change the IP address (i.e. where you see the Router on the network), or in the VLAN tab set which ports to associate with the Switch, and optionally set a fixed VLAN address for specific ports (i.e. for connecting an untagged device).

(more…)

Notes: Linux Containers

Saturday, October 28th, 2017

Linux Containers are “the new hotness”. If there’s a feature Ubuntu has over other distros, its containers built-in. LXD is the modern tool used for containers. It can be installed elsewhere, but that’s not how we roll here.

https://linuxcontainers.org/

LXD containers are not VM’s, but are designed to work exactly like them. The key difference is they are fully native, and they access to hardware directly (well networking aside). You can even grant access to a GPU. Containers are a very flexible tool for your everyday Linux use.

Ubuntu 16.04 ships with LXD 2.0, but for some of the advanced features, you’re going to want the latest.

https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/lxd-stable

Working with containers is A LOT like working with vagrant boxes.

Reference: https://www.ubuntu.com/containers/lxd

It’s also worth noting that while LXD only runs on Linux, the client (lxc) can be run on other OS’s including Windows and Mac. What this lets you do is set up remote connections to LXD containers. I’m not going to cover remotes here, but infrastructurally speaking it can be used from other platforms (even just other Linux machines).

Disabling IPv6

DON’T DO THIS.

You can optionally disable IPv6 support in LXD.

Where lxdbr0 is the ldx-br0 bridge created during setup.

Frankly though, this doesn’t change much. I thought it did more, but the containers themselves are still assuming an IPv6 IPs, just you can’t see them via lxc list anymore.

Reference: https://github.com/lxc/lxd/issues/3333

Modern Kernels on LTS Ubuntu

Starting with Ubuntu 16.04 LTS, you are able to make your Ubuntu install subscribe to the latest changes to the Linux kernel. There are 3 channels you can subscribe to:

  • GA-16.04 (General Availability)
  • HWE-16.04 (Hardware Enablement)
  • HWE-16.04-Edge (Cutting Edge Hardware Enablement)

By default Ubuntu puts you on the GA track, meaning in Ubuntu 16.04’s case, you’re getting Kernel 4.4.x. Switching to HWE, you get a current Kernel. At the time of this writing, that’s 4.10.x.

HWE channels are good up until the next major LTS release of Ubuntu. Then you effectively get put on the GA track of the now current LTS release (i.e. 18.04 starting April 2018). It is then expected you’ll upgrade to the new LTS release, where you can begin again, switching to the next HWE series.

More details: https://wiki.ubuntu.com/Kernel/RollingLTSEnablementStack

How to install HWE:

Then reboot to apply the change.

I’m not 100% sure how necessary this is, but I was under the impression that I read something that called for newer that 4.4.x kernel. Who knows. I’ll make a note here if I find it again.

Canonical also offers a live Kernel patching service.

https://www.ubuntu.com/server/livepatch

Notable because rebooting is not required, but beyond 3 machines you need to start paying for a support plan. Also (and this is key), the livepatching services is limited to GA releases. Yes, no HWE kernels via livepatch.

Linux Network Interfaces

This is a key file on Ubuntu. It’s not even specific to LXD, but Linux in general. To create advanced Linux Networking configurations, from bridges to VLANs, you do it here.

A default Ubuntu Server install will give you a relatively simple configuration. The ever important loopback interface (lo), and a list of ethernet adapters.

WiFi and some specialty services (VMs) are handled by other applications. Interestingly, my Ubuntu Desktop machine’s interfaces file is far more bare.

It looks like in Desktop Ubuntu, another service is being run to support plug-and-play networking.

(more…)

Notes: Advanced Networking (overview)

Wednesday, October 18th, 2017

So thanks to … reasons, I recently had to rework my internal network. To do it, I had to order some new hardware, and learn a bunch new things about networking.

(more…)