Thursday, 30 July 2009

Classless IN-ADDR.ARPA delegation

In some cases you may be allocated a block of IP addresses smaller than a /24. This is referred to as a Classless Delegation and is explained in technical detail in RFC 2317.

For example, if your ISP allocated the block (the 32 IP addresses from to, the reverse DNS for this zone would be served out of a zone named

Once the zone is created, you'll be able to create PTR entries within this zone for each individual IP address. As an example, to map the IP address to, you would enter:

Host: 226
TTL: 86400
Type: PTR

Once you have setup the Custom DNS zone for this block, you need to have the block delegated to us. Contact your ISP and have them create NS records for the zone:   86400  IN      NS 86400 IN NS 86400 IN NS 86400 IN NS 86400 IN NS

Your ISP will ALSO need to create individual CNAME records for each IP address they have delegated to you. These CNAME records map the IP addresses into the new name space that has been defined via the zone.   86400  IN     CNAME 86400 IN CNAME 86400 IN CNAME

Until those changes are made, DNS queries for those IP addresses won't come to us, so it is not enough to simply create the zone. You MUST get it delegated to us and have the CNAME entries created in order for the reverse DNS to function.

Wednesday, 29 July 2009

Juniper Fast Track Program

Fast Track Program Details

The Juniper Networks Certification Fast Track program is specifically designed for experienced networking professionals to become certified in Juniper Networks JUNOS software-at substantial savings!

Networking professionals who achieve multiple certifications are in great demand, commanding higher salaries and adding more value to high-end enterprises. Because of this increased need, we are pleased to provide you with this fast tracked way to become JUNOS certified. Normally, these certifications would cost you several thousand dollars, so we encourage you to take advantage of this opportunity now. Access the Juniper Networks Certification Fast Track Program web site for details.

Fast Track Program participants now have quick and easy access to the Juniper Networks Communities, JNet. The J-Net Forum is dedicated to sharing information and best practices, and entertains questions about Juniper products, technologies and solutions. Access to preview our online forums and message boards by selecting the community of interest.

Linux find the memory used by a program / process

You can find the memory used by a program (process) by looking into /proc directory or using standard command such as ps or top. However, you must calculate all memory usage by hand i.e. add Shared Memory + mapped file + total virtual memory size of the process + Resident Set Size + non-swapped physical memory used by process.

So how do you find the memory used by a process or program under Linux? Use a tool called pmap. It reports the memory map of a process or processes.

pmap examples

To display process mappings, type
$ pmap pid
$ pmap 3724


3724:   /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
0000000000400000 164K r-x-- /usr/sbin/lighttpd
0000000000629000 12K rw--- /usr/sbin/lighttpd
000000000bb6b000 4240K rw--- [ anon ]
00000035ee600000 104K r-x-- /lib64/
00000035ee819000 4K r---- /lib64/
00000035ee81a000 4K rw--- /lib64/
00000035eea00000 1304K r-x-- /lib64/
00000035eeb46000 2048K ----- /lib64/
00000035eed46000 16K r---- /lib64/
00000035eed4a000 4K rw--- /lib64/
00000035eed4b000 20K rw--- [ anon ]
00000035eee00000 8K r-x-- /lib64/
00000035eee02000 2048K ----- /lib64/
00002aaaac51e000 4K r---- /lib64/
00002aaaac51f000 4K rw--- /lib64/
00007fff7143b000 84K rw--- [ stack ]
ffffffffff600000 8192K ----- [ anon ]
total 75180K

The -x option can be used to provide information about the memory allocation and mapping types per mapping. The amount of resident, non-shared anonymous, and locked memory is shown for each mapping:
pmap -x 3526

3526:   -bash
Address Kbytes RSS Anon Locked Mode Mapping
0000000000400000 700 - - - r-x-- bash
00000000006ae000 40 - - - rw--- bash
00000000006b8000 20 - - - rw--- [ anon ]
00000000008b7000 32 - - - rw--- bash
00000000098de000 536 - - - rw--- [ anon ]
00000035ee600000 104 - - - r-x--
00000035ee819000 4 - - - r----
00000035ee81a000 4 - - - rw---
00000035eea00000 1304 - - - r-x--
00000035eeb46000 2048 - - - -----
00000035eed46000 16 - - - r----
00000035eed4a000 4 - - - rw---
00000035eed4b000 20 - - - rw--- [ anon ]
00000035eee00000 8 - - - r-x--
00000035eee02000 2048 - - - -----
00000035ef002000 4 - - - r----
00000035ef003000 4 - - - rw---
00000035ef600000 12 - - - r-x--
00000035ef603000 2044 - - - -----
00000035ef802000 4 - - - rw---
00002aaaaaaab000 4 - - - rw--- [ anon ]
00002aaaaaaba000 12 - - - rw--- [ anon ]
00002aaaaaabd000 40 - - - r-x--
00002aaaaaac7000 2044 - - - -----
00002aaaaacc6000 4 - - - r----
00002aaaaacc7000 4 - - - rw---
00002aaaaacc8000 55112 - - - r---- locale-archive
00002aaaae29a000 28 - - - r--s- gconv-modules.cache
00002aaaae2a1000 8 - - - rw--- [ anon ]
00007fff9bff4000 92 - - - rw--- [ stack ]
ffffffffff600000 8192 - - - ----- [ anon ]
---------------- ------ ------ ------ ------
total kB 74496 - - -

Tuesday, 28 July 2009

DNS Caching

All records in DNS have a Time to Live (TTL) value. This value dictates how long a record should be stored locally before a new copy of the record must be retrieved from DNS. The record storage is known as the DNS cache, and the act of storing records is called caching.

There are many different places where DNS caches exist: on your local computer, with your ISP's recursive DNS servers, and even the root servers at the core of the Domain Name System. These caches reduce the number of queries that need to be resolved by nameservers.

Sometimes the information in DNS changes, but the old information is still stored in the DNS caches at varying levels. When the cached record is different from the newest information in DNS, it is called a caching error.

How do I fix a caching error?

Depending on your operating system, there are different methods of clearing your local DNS cache. Removing all of your stored DNS information is known as cache flushing. Please see the following list for instructions on how to flush your DNS cache in most common operating systems. (Before flushing the DNS cache, clear out your web browser's temporary files and close all browser windows.)


In Windows 98/2000/ME/XP, open a command prompt and type the following to clear the Windows DNS Resolver:

ipconfig /flushdns


In most *nix operating systems (Unix, Linux, FreeBSD, etc.), type the following to restart the nscd daemon:

/etc/rc.d/init.d/nscd restart


In Mac OSX, open a command prompt and type the following to clear the DNS resolver cache:

dscacheutil -flushcache

In older versions, the command is:

lookupd -flushcache

Some records are cached by your ISP's recursive DNS servers, which are servers that do the 'legwork' of lookups on behalf of subscribers. If a caching error occurs at this level, clearing your local cache will not solve the issue, as your ISP will keep returning the old, incorrect records to your queries. If this happens, you will need to wait for the records to expire naturally.

Common TTL Values

The default or recommended value for the DNS record types in our Dynamic DNS and Custom DNS services are:


TTL Value (seconds)

A (Host), Super Dynamic

20 (20 seconds)

A (Host), Dynamic

60 (1 minute)

A (Host), Pseudo-Static

600 (10 minutes)

A (Host), Static

14400 (four hours)

A (Host), Static

21600 (six hours)

AAAA (IPv6), Super Dynamic*


AAAA (IPv6), Dynamic*


AAAA (IPv6), Pseudo-Static*


AAAA (IPv6), Static*


AAAA (IPv6), Static*



43200 (12 hours)


86400 (24 hours)











* indicated record type only available in Custom DNS Expert interface

In the Expert interface, you can modify the TTL value for any record type. If you do change the default TTLs, values lower than 20 have no noticeable impact on propagation time, and TTL values higher than 86400 (twenty four hours) are likewise unnecessary and can lead to problems if the record needs to be changed.

Caching Issues

When a client attempts to access a domain before it exists, a "does not exist" record will be saved. The TTL for these records varies from server to server, but the average TTL is about 2 hours. During this time period, domain name resolution may not be possible.

Why do some records have such high TTLs?

As discussed earlier, the TTL values of records exist to ease the query load on nameservers. Many records, such as MX or CNAME records, are expected to change very rarely, so they are usually given high TTL to prevent unnecessary extra lookups. Other records, such as hosts assigned to dynamic IP addresses, are given very low TTLs, as they are expected to change at a moment's notice. Unnecessarily low TTLs will also slow clients as they will be forced to perform extra DNS queries.

Full reverse (IN-ADDR.ARPA) zones

Reverse DNS records (PTR) are generally served out of a reverse zone. For instance, if you have been assigned the block of addresses 192.168.5/24 (the 256 IP addresses from to, the reverse DNS for this zone would be served out of a zone named

In such a case, you would setup Custom DNS for that zone, selecting the Expert interface option (PTR records can only be added in this interface). Once the zone is created, you'll be able to create PTR entries within this zone for each individual IP address. As an example, to map the IP address to, you would enter:

Host: 12
TTL: 86400
Type: PTR

Note that is you have multiple /24 blocks, you will need a separate zone for each block.

Once you have setup the Custom DNS zone for this block, you need to have the block delegated to us. Contact your ISP (or whomever is assigning this block of addresses to you) and have them create NS records for the zone:   86400  IN      NS 86400 IN NS 86400 IN NS 86400 IN NS 86400 IN NS

Until that delegation is made, DNS queries for those IP addresses won't come to us, so it is not enough to simply create the zone. You MUST get it delegated to us in order for the DNS to function.

PTR records within a forward zone

In some cases your ISP may not want to create NS records for your allocation, especially if the ISP has assigned a large number of very small blocks to individual customers. In such a case, they can still allow you to control the reverse by using the method discussed in section 5.2 "Alternative naming conventions" of RFC 2317.

Let's say, for example that your ISP has provided you with 4 IP addresses, - Not only is this a very small block, but it doesn't fall on an octet boundary. Thus it is actually not possible to use the above described method.

In such a case, instead of having the ISP create NS records for Classless delegation, you would have them create CNAME records within the zone like this:   86400  IN      CNAME 86400 IN CNAME 86400 IN CNAME 86400 IN CNAME

Then, in the Custom DNS zone for you would create PTR records like this:

Host: 27.rev
TTL: 86400
Type: PTR

Important: Just as with the earlier example, unless your ISP does their part and create the necessary CNAME records, DNS queries to resolve the IP addresses won't come to us and those PTR records will be useless. Not all ISPs are willing to do this, even for customers who have static IP addresses (if you have a dynamic IP address, they almost certainly won't create these for you).

What is Reverse DNS?

Reverse DNS provide mappings from IP addresses to host names. For more info on this, see the Reverse DNS KB article.

Reverse DNS should not be created in Custom DNS. Instead, it is usually best to contact your ISP and request DNS records to be created for your IP. Also, only in rare circumstances is it necessary to delegate individual or few amounts of IP addresses to

Saturday, 25 July 2009

Cisco Completes Acquisition of Pure Networks

SAN JOSE, Calif. - August 12, 2008 - Cisco today announced that it has completed the purchase of Seattle-based Pure Networks, a leader in home-networking-management software and tools. Pure Networks’ solutions allow users to easily set up and manage a home network and connect a range of devices, applications and services.

The acquisition of Pure Networks provides Cisco with a fully integrated line of home-networking-management solutions that will also serve as the foundation for the development of new multimedia-enabled applications, tools and capabilities for consumers to use in an increasingly “connected life” at home, at work and on the go. The acquisition further advances Cisco’s consumer strategy by enhancing the development of the existing Linksys® Easy Link Advisor (LELA) platform, which enables a consumer to more easily set up, organize, manage, secure and use a home network.

With the close of the transaction, Pure Networks will be integrated into Linksys, a division of Cisco.

For more information, visit:

Cisco’s Acquisition Summary:

VTP (VLAN Trunking Protocol) configuration

Things to remember when setting up VTP:

VTP Modes:

  • Server - This is the default setting for a switch. You can create, edit and remove VLANS for the VTP domain.
  • Client - A client is not able to create, edit or delete VLANS, but it will synchronize with the VTP server.
  • Transparent - A switch in this mode will not advertise it’s VLANS, nor will it synchronize with the VTP server. However, it will forward VTP advertisements received.

VTP v2 - provides support for Token Ring. If you don’t have a Token Ring environment, there is no need to enable VTP v2.

VTP sumary advertisements - these are sent out every 5 minutes by default. If the VTP domain in the advertisement is different that the switch’s VTP domain, then the advertisement is ignored. Once the switch determines the VTP domain is the same, it then looks at the revision number. If the switch has a revision number that is equal to or higher then the advertisement revision number, the advertisement is ignored.

Configuration on a Cisco 3550 switch that you want to be a “server”:

MDF# config t

MDF (config)# vtp mode server (default is server)

MDF (config)# vtp domain cisco (default is NULL and is case sensitive)

MDF (config)# vtp password cisco

Configuration on a Cisco 3550 switch that you want to be a “client”:

MDF# config t

MDF (config)# vtp mode client (default is server)

MDF (config)# vtp domain cisco (default is NULL and is case sensitive)

MDF (config)# vtp password cisco

Commands used with VTP troubleshooting:

“show vtp status”

“show vlan brief”

“delete flash:vlan.dat” to remove all VTP and VLAN information from the switch. A “write erase” will not delete this file, you must delete it manually.


Be sure to check the VTP information on a switch before adding it to a production network. A switch configured as a server with the same domain and a higher revision number can down an entire network!

How is this possible? For example, you recently replaced all of your old Cisco 2950 switches with new 3560s. The 2950s had a revision number of 25. When you added the 3560s, you did it all at once one evening. You also made a few changes to your VLANs and the new revison number is only 17. Lets say a 3560 failed and you replaced it with one of the old 2950s that is configured as a VTP server. The 2950s old VLAN information will replace all of the new VLANs on the other 3560s and all of your updates are lost.

Juniper Networks Announces Release of Instructional Guide “JUNOS for Dummies”

A Practical Approach to Learning and Using JUNOS Software to Manage High-Performance Networks

SUNNYVALE, Calif., October 6, 2008 — Juniper Networks, Inc. (NASDAQ: JNPR), the leader in high-performance networking, today announced the recent release of “JUNOS® for Dummies,” (Wiley Publishing, Inc; ISBN: 9780470277966; $29.99) a practical guide to JUNOS software, the trusted network operating system driving Juniper Networks’ high-performance network infrastructure. This latest “For Dummies” reference guide provides a practical, fast-track approach to learning and using JUNOS software to manage high-performance networks with Juniper Networks routers, switches, security appliances and other network components.

JUNOS software enables businesses to deploy switching, routing and security infrastructure with the power of a single network operating system. Delivering the power of one operating system, JUNOS software simplifies network operations and drives operational excellence to reduce the cost of innovation.

“JUNOS for Dummies” teaches administrators how to use JUNOS features and provides guidance for choosing the right hardware. It also teaches readers how to easily set up and connect, configure, manage, and troubleshoot a variety of Juniper appliances and routers of all sizes.

“Innovative businesses view the network as critical to their success and their IT teams are always looking for new ways to enable innovation while meeting demanding and changing requirements,” said Scott Edwards, director, Education Services at Juniper Networks. “With JUNOS software and this friendly instructional book, our goal is to help network and security administrators ensure a fast, reliable, and secure converged network that supports rapid growth, while reducing operational cost, complexity and risk.”

Published by John Wiley & Sons, Inc., “JUNOS for Dummies” is available worldwide wherever technical books are sold. For more information or to read a sample chapter, visit Additional information from John Wiley & Sons can be found at

Initial / default login name and password on EX-series switches


When customers receive a new EX switch and power it on, it requests a login name and password. For first-time JUNOS-EX users this could be confusing as there is no password information included. This article provides the default user ID and password information.


The initial login name and password on EX-series switches:

login: root

The device is shipped with no password; simply press the enter key.

Note: For security reasons, create a password for the Root ID.

NASA, Cisco Partnership on Climate Change Monitoring Platform

WASHINGTON - March 3, 2009 - NASA and Cisco Inc. announced Tuesday a partnership to develop an online collaborative global monitoring platform called the “Planetary Skin” to capture, collect, analyze and report data on environmental conditions around the world.

Under the terms of a Space Act Agreement, NASA and Cisco will work together to develop the Planetary Skin as an online collaborative platform to capture and analyze data from satellite, airborne, sea- and land-based sensors across the globe. This data will be made available for the general public, governments and businesses to measure, report and verify environmental data in near-real-time to help detect and adapt to global climate change.

“In the past 50 years, NASA’s expertise has been applied to solving humanity’s challenges, including playing a part in discovering global climate change,” said S. Pete Worden, director of NASA’s Ames Research Center. “The NASA-Cisco partnership brings together two world-class organizations that are well equipped with the technologies and skills to develop and prototype the Planetary Skin infrastructure.”

Cisco and NASA will kick off Planetary Skin with a series of pilot projects, including “Rainforest Skin,” which will be prototyped during the next year. Rainforest Skin will focus on the deforestation of rainforests around the world and explore how to integrate a comprehensive sensor network. It also will examine how to capture, analyze and present information about the changes in the amount of carbon in rainforests in a transparent and useable way. According to scientists, the destruction of rainforests causes more carbon to be added to the atmosphere and remain there. That contributes significantly to global warming.

“Mitigating the impacts of climate change is critical to the world’s economic and social stability,” said John Chambers, Cisco chief executive officer. “This unique partnership taps the power and innovation of the market and harnesses it for the public good. Cisco is proud to work with NASA on this initiative and hopes others from the public, private and not-for-profit sectors will join us in this exciting endeavor.”

NASA provides continuous global observations of our home planet using a constellation of spacecraft, as well as airborne and in situ ground observations to monitor the health and well-being of Earth. NASA’s investment in Earth observations and climate change research is greater than that of all other nations combined.

Cisco will bring its experience and expertise in networking technologies and advanced innovation to the project. Cisco’s Internet Business Solutions Group has a unique combination of business acumen, scientific, economics and policy understanding. Its experts will conduct complex data analysis and modelling, and share an in-depth knowledge of the next generation Internet Protocol architectures to determine how to best prototype, replicate and scale a Planetary Skin to millions of participants.

Cisco is also working on the Planetary Skin program with the United Nations, multi-lateral development banks, businesses, international government agencies, universities, think tanks, non-governmental agencies and foundations. Planetary Skin participants will pool their unique skills, assets and technologies to develop the decision support capabilities to effectively manage natural resources such as biomass, water, land and energy; climate change-related risks such as a rise in sea level, droughts and disease proliferation; and new environmental markets for carbon, water and biodiversity.

For more information about Planetary Skin and how to partner with this project, visit:

For more information about NASA and its programs, visit:

For more information about Cisco Inc., visit:

Cisco Announces Executive Transition for Worldwide Operations

SAN JOSE, Calif. - February 26, 2009 - Cisco, the worldwide leader in networking that transforms how people connect, communicate and collaborate, today announced that Robert Lloyd, 52, has been named Executive Vice President (EVP) of Worldwide Operations, effective April 26, 2009. As the direct result of a long-range succession strategy, Lloyd succeeds Richard Justice, 59, who is stepping down from his day-to-day responsibilities due to an on-going battle with prostate cancer. Justice will remain at Cisco as a part-time executive advisor to Chairman and CEO John Chambers.

“Over his twelve-year tenure at Cisco, Rick Justice has made a tremendous impact on the business, contributing substantially to the company’s growth and success, while serving as a trusted advisor, role model and exceptional leader,” said Chambers. “Rick has been incredibly courageous throughout his now five-year battle with prostate cancer. After two attempts at cures, the cancer has unfortunately returned once again. I fully support Rick’s decision to now put his health unequivocally first, and look forward to his continued role as a part-time advisor to the business.”

Chambers continued, “Core to Rick’s legacy within Cisco is his role in the development of a strong bench of seasoned leaders. Rick and I have known that Rob has been ready to run the worldwide operations organization for some time, having successfully run the two largest geographies at Cisco. Rob is an ideal successor for this role, with an exceptional track record of leading change and increasing productivity while driving innovation and growth, both in the United States and internationally.”

In his new role, Lloyd will report directly to Chairman and CEO John Chambers, and will be responsible for oversight of Cisco’s Worldwide Sales, Worldwide Channels, Internet Business Solutions Group and Strategic Alliances organizations. Corporate Development, also previously within Justice’s organization, will now report directly to Chambers under the continued leadership of Senior Vice President (SVP) Ned Hooper.

With over 14 years of leadership experience in Cisco’s largest geographies, Lloyd has managed the majority of Cisco’s worldwide business. He is currently SVP of U.S., Canada and Japan Operations. Under Lloyd’s leadership, total revenue in the U.S. and Canada region has grown from $12.5 billion to $22 billion within three years. He also co-chairs Cisco’s Enterprise Business Council, which leads the development and execution of Cisco’s business strategies for the Enterprise market. Previously, Lloyd served as President of Cisco’s Europe, Middle East and Africa (EMEA) region for nearly four years, where he helped transform the region into a more customer-focused structure aligned to key verticals and geographies, enabling the company to effectively meet the needs of emerging markets and high-growth industry segments. Under his leadership, the EMEA business grew from 28 to 32 percent of Cisco’s worldwide revenues.

Prior to Cisco, Lloyd was Vice President of Corporate Sales for a leading Canadian Systems Integrator. In 1982, he founded a business focusing on the IT needs of major corporations, government and education, growing it to over 400 employees during his nine-year tenure.

Wednesday, 22 July 2009

NTP Server and Client Configuration in debian

he Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP port 123 as its transport layer. It is designed particularly to resist the effects of variable latency (Jitter).

Using NTP is a great way to keep your system clock set correctly. It works by contacting a number of servers around the world, asking them for the time and then calculating what the correct local time is from their responses.

Install NTP server in Debian

#apt-get install ntp ntpdate ntp-server

This will install all the required packages for NTP

Configuring NTP Server

By Default main configuration file located at /etc/ntp.conf

Default configuration file looks like below

#/etc/ntp.conf, configuration for ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# maps to more than 300 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
# *** Please consider joining the pool! ***
# *** ***
server iburst
server iburst
server iburst
server iburst

# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict ::1

# Clients from this (example!) subnet have unlimited access,
# but only if cryptographically authenticated
#restrict mask notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)

# If you want to listen to time broadcasts on your local subnet,
# de-comment the next lines. Please do this only if you trust everybody
# on the network!
#disable auth

Example Configuration

You need to add a number of servers to the server list. The Debian default is which works but isn't always amazingly accurate because it makes no attempt to use time servers near you. If you want more accuracy use the time servers either on your continent (for instance or your country (for instance one of your local country servers.The optimal number of servers to listen to is three but two will also give a good accuracy. If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.

I am using the following two servers for my configuration


Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.

restrict mask nomodify notrap noquery
restrict mask nomodify notrap noquery

The mask statement is really a subnet mask limiting access to the single IP address of the remote NTP servers.

If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you'll have to define the networks from which this server will accept NTP synchronization requests. You do so with a modified restrict statement removing the noquery keyword to allow the network to query your NTP server. The syntax is:

restrict mask nomodify notrap

In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.

We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords


Save the file and exit

Now you need to run the ntpdate command against your server


restart NTP for these settings to take effect using the following command

#/etc/init.d/ntp restart

You can now configure other Linux hosts on your network to synchronize with this new master NTP server in a similar fashion.

Determining If NTP Is Synchronized Properly

Use the ntpq command to see the servers with which you are synchronized. It provided you with a list of configured time servers and the delay, offset and jitter that your server is experiencing with them. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.

#ntpq -p

Output looks like below

A star by any one of the names means that the system clock is synchronising with the NTP clock. If you don't have a star (as in the example above) it means that the clocks are unreachable, already synchronized to this server or has an outrageous synchronization distance. Try running ntpdate (you will need to stop the ntp server) with your first ntp server as an argument. This will set your system clock fairly accuratly and mean that the server will be able to choose a clock to synchronize with.

Firewall Configuration for NTP

NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn't a high port (above 1023), but 123 also. You'll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.

NTP Client Configuration

If you want to configure ntp client you need to install the following packages

#apt-get install ntp ntp-simple ntpdate

Configuring NTP client

You need to edit the /etc/ntp.conf file you need to point the following settings to NTP server ip address

Server configuration settings


Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.

restrict default notrust nomodify nopeer

Localhost configuration


In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.

We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords


Now you need to save and exit the file

run ntpdate command against your server


Restart ntp service using the following command

/etc/init.d/ntp restart

If you use the date command to change time, it is worth setting also the hardware clock to the correct time. Otherwise, the time is wrong after the next reboot, since the hardware clock keeps the time when power is turned off. When the clock in the operating system shows the correct time, set the hardware clock like this

#hwclock --systohc

se the ntpq command to see the servers with which you are synchronized

#ntpdc -p

Sunday, 19 July 2009

Shell Script To Back Up All MySQL Databases, Each Table In An Individual File And Upload To Remote FTP

This script will create a backup of each table in every database (one file per table), compress it and upload it to a remote ftp.

First create a mysql user with select and lock table privileges (or use root).

Then use this script in your crontab every hours:

# System + MySQL backup script
# Copyright (c) 2008 Marchost
# This script is licensed under GNU GPL version 2.0 or above
# ---------------------------------------------------------------------
######TO BE MODIFIED#####
### System Setup ###
### MySQL Setup ###
### FTP server Setup ###
### Binaries ###
TAR="$(which tar)"
GZIP="$(which gzip)"
FTP="$(which ftp)"
MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"
### Today + hour in 24h format ###
NOW=$(date +"%d%H")
### Create hourly dir ###
mkdir $BACKUP/$NOW
### Get all databases name ###
DBS="$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'show databases')"
for db in $DBS
### Create dir for each databases, backup tables in individual files ###
  mkdir $BACKUP/$NOW/$db
  for i in `echo "show tables" | $MYSQL -u $MUSER -h $MHOST -p$MPASS $db|grep -v Tables_in_`;
    echo $i; $MYSQLDUMP --add-drop-table --allow-keywords -q -c -u $MUSER -h $MHOST -p$MPASS $db $i | $GZIP -9 > $FILE
### Compress all tables in one nice file to upload ###
### Dump backup using FTP ###
$FTP -n $FTPS <
quote USER $FTPU
quote PASS $FTPP
cd $FTPD
### Delete the backup dir and keep archive ###
rm -rf $ARCHIVED

Sunday, 12 July 2009

Link-Layer Connectivity Class-on-Demand

Link-Layer Connectivity Class-on-Demand Outline

Each VoD attempts to address a specific configuration task related to link-layer technologies deployed using the Cisco IOS and examine all possible options related to the specific task. This "options analysis" learning and problem solving approach is often exhibited in the form of options analysis decision tree diagrams. Several of these decision trees are exhibited below with the description of each of the VoD Blocks of this series.

  • Interface Classification and Configuring Point-to-Point Links
  • Comparing the Catalyst Layer 2 versus Layer 3 Port Configuration Options
  • Configuring Access Ports on a Catalyst Switch
  • Configuring Catalyst Port Speeds, Duplex Settings and UDLD
  • Configuring VTP
  • Configuring Trunk Ports
  • Configuring 802.1Q and the Native VLAN
  • Configuring EtherChannel
  • Configuring Spanning Tree

Download Link ::