lost and found ( for me ? )

Ubuntu 11.04 : KVM : configure multiple bridges


Here’s an explanation of how to configure multiple bridges.

My server has multiple NICs.
I’ve already associated eth2 with br0
# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.002655e1ezzz       no              eth2
virbr0          8000.000000000000       yes


I’m going to associate eth3 with br1.

cat /etc/network/interfaces
auto eth2
iface eth2 inet manual

auto br0
iface br0 inet static
       address 10.0.10.14
       netmask 255.255.255.0
       network 10.0.10.0
       gateway 10.0.10.254
       bridge_ports eth2
       bridge_stp off
       bridge_fd 0
       bridge_maxwait 0


edit  /etc/network/interfaces
make a bridge ( br1 ) for eht3 and associate it with eth3
    24 auto eth3
    25 #iface eth3 inet static
    26 #       address 10.0.20.14
    27 #       netmask 255.255.255.0
    28 iface eth3 inet manual
    29
    30
    31 auto br1
    32 iface br1 inet static
    33         address 10.0.20.14
    34         netmask 255.255.255.0
    35         network 10.0.20.0
    36         gateway 10.0.20.254
    37         bridge_ports eth3
    38         bridge_stp off
    39         bridge_fd 0
    40         bridge_maxwait 0


restart network script
# /etc/init.d/networking restart

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.002655e1ezzz       no              eth2
br1             8000.002655e1exxx       no              eth3
virbr0          8000.000000000000       yes

vSphere 5 : make a clone VM using a template


When cloning a VM using a template , you can make a customized VM , such as changing hostname , IP address , timezone from an original VM.
ESXi 5.0.0 , 623860


original VM : CentOS 5.5 32bit

connect to a vcenter ( not ESXi )

Home -> Customization Specifications Manager

Click “new” to make a template

enter info such as hostname , IP address ( static or DHCP ) etc.




select an original VM -> right click -> clone

choose the template file you created


You also make a customized clone VM from a template VM.

- prepare an original VM
- convert the original VM to a template VM
- make template with Customization Specifications Manager
- make a clone VM from the template VM and customize a clone VM using the template which you created with Customization Specifications Manager.

Linux Mint 12 : apache : rewrite module



Here's an explanation of how to use rewrite module



install httpd via apt-get.

# apache2 -v
Server version: Apache/2.2.20 (Ubuntu)
Server built:   Feb 14 2012 16:35:38


find in which directory mod_rewrite.so exists.
# locate mod_rewrite.so
/usr/lib/apache2/modules/mod_rewrite.so


make *.load file under /etc/apache2/mods-enabled/ directory.
# cat /etc/apache2/mods-enabled/rewrite_mod.load
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

# cat /etc/apache2/mods-enabled/mod_ssl.load
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so


edit /etc/apache2/sites-available/default file.
“AllowOverride None” to “AllowOverride All”
       <Directory /var/www/>
               Options Indexes FollowSymLinks MultiViews
#               AllowOverride None
               AllowOverride All
               Order allow,deny
               allow from all
       </Directory>


restart apache
# /etc/init.d/apache2 restart


if a client accesses to http://web server’s IP/test/zzz.html , Apache will redirect that client to  https from http.
# less /etc/apache2/sites-available/default
<VirtualHost *:80>
       ServerAdmin webmaster@localhost

       DocumentRoot /var/www
       ServerName mint-1
       <Directory />
               Options FollowSymLinks
               AllowOverride None
       </Directory>
       <Directory /var/www/>
               Options Indexes FollowSymLinks MultiViews
#               AllowOverride None
               AllowOverride All
               Order allow,deny
               allow from all

               RewriteEngine ON
               RewriteRule ^test/zzz.html https://mint-1/test/zzz.html [L,R]
       </Directory>

Apache : how to use mod_spdy

mod_spdy is SSL module for Apache , which enables you to browse web pages over HTTPS faster than non spdy.
To get the benefit of spdy , your browser needs to support spdy. and of course web sites support spdy.
Google Chrome ( default : enable ) and Firefox ( default : disable ) support spdy as of now.

Please check the below link if you want to know the detailed info.
http://code.google.com/p/mod-spdy/

[ install mod_spdy ]

[root@fc16-note ~]# cat /etc/fedora-release
Fedora release 16 (Verne)
[root@fc16-note ~]# uname -ri
3.3.2-6.fc16.x86_64 x86_64


install the following packages via yum
# yum install httpd at mod_ssl -y


download mod_spdy from https://developers.google.com/speed/spdy/mod_spdy/
# wget https://dl-ssl.google.com/dl/linux/direct/mod-spdy-beta_current_x86_64.rpm


before installing mod_spdy , your apache support SSL.
# apachectl start


In case of Fedora’s Apache , SSL is enabled by default
# lsof -ni:443
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   3674   root    4u  IPv4  31309      0t0  TCP 192.168.11.150:https (LISTEN)
httpd   3675 apache    4u  IPv4  31309      0t0  TCP 192.168.11.150:https (LISTEN)
httpd   3677 apache    4u  IPv4  31309      0t0  TCP 192.168.11.150:https (LISTEN)
httpd   3679 apache    4u  IPv4  31309      0t0  TCP 192.168.11.150:https (LISTEN)


access to the Apache’s IP over HTTPS to confirm whether or not Apache supports HTTPS.

install mod_spdy
# rpm -U mod-spdy-beta_current_x86_64.rpm
Redirecting to /bin/systemctl  start atd.service


The following files will be installed.
mod_spdy is an Apache module that allows an Apache server to support the SPDY protocol for serving HTTP resources.
-rwxr-xr-x    1 root    root                    10750 Apr  1 02:10 /etc/cron.daily/mod-spdy
-rw-r--r--    1 root    root                      770 Apr  1 02:10 /etc/httpd/conf.d/load_ssl_with_npn.conf
-rw-r--r--    1 root    root                      961 Apr  1 02:10 /etc/httpd/conf.d/spdy.conf
-rw-r--r--    1 root    root                   225200 Apr  1 02:10 /usr/lib64/httpd/modules/mod_spdy.so
-rw-r--r--    1 root    root                  2047056 Apr  1 02:10 /usr/lib64/httpd/modules/mod_ssl_with_npn.so


After installing mod_spdy rpm , ssl.conf will be overwritten.
# diff ssl.conf ssl.conf.org
12c12
< #LoadModule ssl_module modules/mod_ssl.so # See load_ssl_with_npn.conf
---
> LoadModule ssl_module modules/mod_ssl.so


# egrep -v ^# load_ssl_with_npn.conf | grep -v ^$
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl_with_npn.so


restart Apache
# apachectl restart


You can check SPDY session.

enter “chrome://net-internals/” filter spdy

or

chrome://net-internals/#events&q=type:SPDY_SESSION


t=1335370857736 [st=   0] +SPDY_SESSION  [dt=?]
                          --> host = "192.168.11.150:443"
                          --> proxy = "DIRECT"
t=1335370857736 [st=   0]    SPDY_SESSION_SYN_STREAM
                            --> flags = 1
                            --> accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                accept-charset: Shift_JIS,utf-8;q=0.7,*;q=0.3
                                accept-encoding: gzip,deflate,sdch
                                accept-language: ja,en-US;q=0.8,en;q=0.6
                                host: 192.168.11.150
                                method: GET
                                scheme: https
                                url: /
                                user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19
                                version: HTTP/1.1
                            --> id = 1
t=1335370857741 [st=   5]    SPDY_SESSION_RECV_SETTINGS
                            --> settings = ["[4:100]"]
t=1335370857743 [st=   7]    SPDY_SESSION_SYN_REPLY
                            --> flags = 0
                            --> accept-ranges: bytes
                                content-length: 4609
                                content-type: text/html; charset=UTF-8
                                status: 403
                                version: HTTP/1.1
                                x-mod-spdy: 0.9.1.5-301
                            --> id = 1
t=1335370857744 [st=   8]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 4096
                            --> stream_id = 1
t=1335370857744 [st=   8]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 513
                            --> stream_id = 1
t=1335370857744 [st=   8]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 0
                            --> stream_id = 1
t=1335370857754 [st=  18]    SPDY_SESSION_SYN_STREAM
                            --> flags = 1
                            --> accept: */*
                                accept-charset: Shift_JIS,utf-8;q=0.7,*;q=0.3
                                accept-encoding: gzip,deflate,sdch
                                accept-language: ja,en-US;q=0.8,en;q=0.6
                                host: 192.168.11.150
                                method: GET
                                referer: https://192.168.11.150/
                                scheme: https
                                url: /icons/apache_pb2.gif
                                user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19
                                version: HTTP/1.1
                            --> id = 3
t=1335370857755 [st=  19]    SPDY_SESSION_SYN_STREAM
                            --> flags = 1
                            --> accept: */*
                                accept-charset: Shift_JIS,utf-8;q=0.7,*;q=0.3
                                accept-encoding: gzip,deflate,sdch
                                accept-language: ja,en-US;q=0.8,en;q=0.6
                                host: 192.168.11.150
                                method: GET
                                referer: https://192.168.11.150/
                                scheme: https
                                url: /icons/poweredby.png
                                user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19
                                version: HTTP/1.1
                            --> id = 5
t=1335370857757 [st=  21]    SPDY_SESSION_SYN_REPLY
                            --> flags = 0
                            --> accept-ranges: bytes
                                content-length: 1797
                                content-type: image/gif
                                etag: "72511-705-45c91d789fac0"
                                last-modified: Wed, 26 Nov 2008 06:36:03 GMT
                                status: 200
                                version: HTTP/1.1
                                x-mod-spdy: 0.9.1.5-301
                            --> id = 3
t=1335370857757 [st=  21]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 1797
                            --> stream_id = 3
t=1335370857757 [st=  21]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 0
                            --> stream_id = 3
t=1335370857757 [st=  21]    SPDY_SESSION_SYN_REPLY
                            --> flags = 0
                            --> accept-ranges: bytes
                                content-length: 3034
                                content-type: image/png
                                etag: "6bf2-bda-485b74ec6bf80"
                                last-modified: Mon, 03 May 2010 21:30:54 GMT
                                status: 200
                                version: HTTP/1.1
                                x-mod-spdy: 0.9.1.5-301
                            --> id = 5
t=1335370857758 [st=  22]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 3034
                            --> stream_id = 5
t=1335370857758 [st=  22]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 0
                            --> stream_id = 5
t=1335370857795 [st=  59]    SPDY_SESSION_SYN_STREAM
                            --> flags = 1
                            --> accept: */*
                                accept-charset: Shift_JIS,utf-8;q=0.7,*;q=0.3
                                accept-encoding: gzip,deflate,sdch
                                accept-language: ja,en-US;q=0.8,en;q=0.6
                                host: 192.168.11.150
                                method: GET
                                scheme: https
                                url: /favicon.ico
                                user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19
                                version: HTTP/1.1
                            --> id = 7
t=1335370857796 [st=  60]    SPDY_SESSION_SYN_REPLY
                            --> flags = 0
                            --> content-length: 290
                                content-type: text/html; charset=iso-8859-1
                                status: 404
                                version: HTTP/1.1
                                x-mod-spdy: 0.9.1.5-301
                            --> id = 7
t=1335370857797 [st=  61]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 290
                            --> stream_id = 7
t=1335370857797 [st=  61]    SPDY_SESSION_RECV_DATA
                            --> flags = 0
                            --> size = 0
                            --> stream_id = 7
t=1335370858736 [st=1000]    SPDY_SESSION_PING
                            --> type = "sent"
                            --> unique_id = 1
t=1335370858737 [st=1001]    SPDY_SESSION_PING
                            --> type = "received"
                            --> unique_id = 1



[ how to enable SPDY on firefox ]

enter “about;config” in URL bar and search “spdy” , enable spdy.




Here’s a comparison of number of packets when enabling/disabling spdy on Firefox 11.0 when accessing to the same page. ( Fedora’s Apache top page. I mean welcome page )

enable spdy : 46 packets
$ tshark -i p2p1 port 443 -w enable_spdy_firefox.pcap
Capturing on p2p1
46


disable spdy : 87 packets
$ tshark -i p2p1 port 443 -w non_spdy_firefox.pcap
Capturing on p2p1
87


[ tips ]

SPYD indicator is an add-on tool to check you are accessing to web sites with SPDY or not.

For Chrome
https://chrome.google.com/webstore/detail/mpbpobfflnpcgagjijhmgnchggcjblin

For firefox
https://addons.mozilla.org/ja/firefox/addon/spdy-indicator/


You browser is using SPDY.



Your browser is not using SPYD.