Present Location: News >> Blog

Blog

> Who hosts your cloud provider's status page?
Posted by prox, from Seattle, on October 22, 2018 at 23:08 local (server) time

I thought this was a little funny.  Here are the links to a few of the top cloud providers' status pages:

Now, here's who hosts the status page (courtesy of ipin, which is truly hideous Perl code that you should not read):

CenturyLink

(destiny:20:00:PDT)% ipin status.ctl.io.
  A record #1
4 Address: 172.217.6.211
4 PTR: lga25s54-in-f19.1e100.net.
4 PTR: lga25s54-in-f211.1e100.net.
4 Prefix: 172.217.6.0/24
4 Origin: AS15169 [GOOGLE - Google LLC, US]
  AAAA record #1
6 Address: 2607:f8b0:4006:804::2013
6 PTR: lga25s54-in-x13.1e100.net.
6 Prefix: 2607:f8b0:4006::/48
6 Origin: AS15169 [GOOGLE - Google LLC, US]

Amazon Web Services

(destiny:20:00:PDT)% ipin status.aws.amazon.com.
  A record #1
4 Address: 52.94.241.74
4 Prefix: 52.94.240.0/22
4 Origin: AS16509 [AMAZON-02 - Amazon.com, Inc., US]

Microsoft Azure

(destiny:20:01:PDT)% ipin azure.microsoft.com.  
  A record #1
4 Address: 13.82.93.245
4 Prefix: 13.64.0.0/11
4 Origin: AS8075 [MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US]

Oracle Cloud

(destiny:20:02:PDT)% ipin ocistatus.oraclecloud.com.
  A record #1
4 Address: 18.234.32.149
4 PTR: ec2-18-234-32-149.compute-1.amazonaws.com.
4 Prefix: 18.232.0.0/14
4 Origin: AS14618 [AMAZON-AES - Amazon.com, Inc., US]

Google Cloud

(destiny:20:02:PDT)% ipin status.cloud.google.com.  
  A record #1
4 Address: 172.217.6.206
4 PTR: lga25s54-in-f14.1e100.net.
4 PTR: lga25s54-in-f206.1e100.net.
4 Prefix: 172.217.6.0/24
4 Origin: AS15169 [GOOGLE - Google LLC, US]
  AAAA record #1
6 Address: 2607:f8b0:4006:804::200e
6 PTR: lga25s54-in-x0e.1e100.net.
6 Prefix: 2607:f8b0:4006::/48
6 Origin: AS15169 [GOOGLE - Google LLC, US]

Linode

(destiny:20:03:PDT)% ipin status.linode.com.      
  A record #1
4 Address: 18.234.32.150
4 PTR: ec2-18-234-32-150.compute-1.amazonaws.com.
4 Prefix: 18.232.0.0/14
4 Origin: AS14618 [AMAZON-AES - Amazon.com, Inc., US]

Vultr

(destiny:20:03:PDT)% ipin status.vultr.com. 
  A record #1
4 Address: 104.20.23.240
4 Prefix: 104.20.16.0/20
4 Origin: AS13335 [CLOUDFLARENET - Cloudflare, Inc., US]
  A record #2
4 Address: 104.20.22.240
4 Prefix: 104.20.16.0/20
4 Origin: AS13335 [CLOUDFLARENET - Cloudflare, Inc., US]
  AAAA record #1
6 Address: 2606:4700:10::6814:16f0
6 Prefix: 2606:4700:10::/44
6 Origin: AS13335 [CLOUDFLARENET - Cloudflare, Inc., US]
  AAAA record #2
6 Address: 2606:4700:10::6814:17f0
6 Prefix: 2606:4700:10::/44
6 Origin: AS13335 [CLOUDFLARENET - Cloudflare, Inc., US]

Rackspace

(destiny:20:04:PDT)% ipin status.apps.rackspace.com.
  A record #1
4 Address: 152.195.12.244
4 Prefix: 152.195.12.0/24
4 Origin: AS15133 [EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US]

I'm not gonna lie, I had a chuckle when I saw who hosted Oracle Cloud's status page.  Other takeaways:

Really, this isn't indicitive of anything.  I'd probably host my status page elsewhere if I ran a hosting service, TBQH.

Comments: 1
> Bragging
Posted by prox, from Seattle, on September 08, 2018 at 14:24 local (server) time

In the mid-1990s my friends used to brag about how many TVs their family had, how many cars they owned, and, in general, how much stuff they had.  I'll admit that I used to brag about how many computers I had or how I connected to AOL over a LAN connection.  All of this was annoying.

Things are a bit different in 2018 but ultimately the same.  Instead of bragging about how much stuff people have they now brag about how much stuff they don't have.  Here are the typical statements I hear people periodically brag about, at least around the PNW:

The no-car and no-TV statements I hear most often and they're usually stated out of context.  These all don't bother me much because I'm an adult but every once and awhile it gets really annoying (hence this blog post).  Maybe I should counter these by bragging about my wife and I having no kids.

Tasteless?  Maybe.

Comments: 0
> Boot Messages
Posted by prox, from Seattle, on August 04, 2018 at 13:23 local (server) time

Most modern switches and routers today are based on a Linux or *BSD-flavoured operating system.  It's a given that these operating systems are fairly complex but what boggles my mind is when vendors ship them with their products and don't bother cleaning up the initialization scripts.

For example, Junos:

Attaching /cf/packages/junos via /dev/mdctl...
Mounted junos package on /dev/md1...
A
Media check on da0
Automatic reboot in progress...
** /dev/da0s2a (NO WRITE)
** Last Mounted on /
** Root file system
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
161 files, 75937 used, 74101 free (21 frags, 9260 blocks, 0.0% fragmentation)
mount reload of '/' failed: Operation not supported 

-a: not found
-a: not found
-a: not found
-a: not found
-a: not found
-a: not found
-a: not found
-a: not found
-a: not found
-a: not found
Checking integrity of BSD labels:
  s1: Passed
  s2: Passed
  s3: Passed
  s4: Passed

That -a: not found bugs my OCD and makes me worry that the -a argument was ignored because it was treated as a file.  The mount error is fun, too.

Comments: 0
> Linux USB Identifiers and Error Messages
Posted by prox, from Seattle, on April 14, 2018 at 20:38 local (server) time

It took me a few minutes to track this down, so I figured I'd share it with the world.

In the event of a USB error or warning, the Linux kernel will print a message like the following:

[15740840.830734] usb 2-3: Failed to suspend device, error -71

Most of us have a ton of USB-connected devices, so how does one figure out what "usb 2-3" refers to in order to diagnose the problem?  At first, I thought lsusb(8) would help:

(atlantis:17:29:PDT)% lsusb
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 010 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 009 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 003: ID 0bc2:5031 Seagate RSS LLC FreeAgent GoFlex USB 3.0
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 002: ID 2109:2812 VIA Labs, Inc. VL812 Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 0409:0058 NEC Corp. HighSpeed Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 005: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port
Bus 006 Device 004: ID 1781:0a98 Multiple Vendors raphnet.net USBTenki
Bus 006 Device 003: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
Bus 006 Device 002: ID 0451:2046 Texas Instruments, Inc. TUSB2046 Hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

That's nice, but I don't see bus number 2 and device number 3 or bus number 3 and device number 2 in that list. The verbose (-v) flag doesn't appear to help, either.  So, I try usb-devices(1) and am presented with even more information, like this for each device:

T:  Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#=  1 Spd=480 MxCh= 6
D:  Ver= 2.00 Cls=09(hub  ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=1d6b ProdID=0002 Rev=04.13
S:  Manufacturer=Linux 4.13.0-1-amd64 ehci_hcd
S:  Product=EHCI Host Controller
S:  SerialNumber=0000:00:1a.7
C:  #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=0mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub

I still couldn't find a combination of 2-3 or 3-2 in there.  So, I started hunting around sysfs for an answer, and ended up finding it:

(atlantis:17:35:PDT)% cd /sys/bus/usb/devices/2-3                 
(atlantis:17:35:PDT)% lsusb|grep $(cat idVendor):$(cat idProduct)
Bus 002 Device 002: ID 2109:2812 VIA Labs, Inc. VL812 Hub

For some reason, lsusb(8) doesn't feel like displaying the what I learned is the device number and device path:

(atlantis:17:35:PDT)% echo $(cat devnum)-$(cat devpath)          
2-3

Although, I have three "hubs" connected to this machine, so tracking those down is another story.  At least I know what I'm looking for, now.

Comments: 0
> No More Quagga
Posted by prox, from Seattle, on April 04, 2018 at 01:51 local (server) time

It took awhile, but I finally converted the last two software routers (well, hosts that run routing protocols) on my network that were running Quagga to FRR:

bazooka.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
centauri.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
evolution.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
excalibur.prolixium.com.: Version: 4.0-1~debian9+1
exodus.prolixium.com.: Version: 1.6.3-3
firefly.prolixium.com.: Version: 1.6.3-3
mercury.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
nat.prolixium.com.: Version: 4.1-dev-1.0-1~debian9+1
nox.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
pathfinder.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
proteus.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
remus.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
scimitar.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
sprint.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
starfire.prolixium.com.: Version: 4.1-dev-1.0-1~debian9+1
storm.prolixium.com.: Version: 1.6.3-3
tachyon.prolixium.com.: Version: 3.1-dev
tiny.prolixium.com.: Version: 4.0-1~debian9+1
trident.prolixium.com.: Version: 3.1-dev
trill.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1
valen.prolixium.com.: Version: 4.1-dev-1.0-1~debian9+1
orca.prolixium.com.: Version: 3.1-dev-1.0-1~debian9+1

The -dev versions above are hand-rolled from the latest source code.  There are no pre-built Debian packages for i386 so I was forced to roll them by hand.

The 1.6 versions above are actually BIRD.

Comments: 0
> Odd iFit Boot Loop Fix
Posted by prox, from Seattle, on April 03, 2018 at 22:47 local (server) time

tl;dr I ran into a boot loop issue with my NordicTrak treadmill.  Turning off NTP solved the problem.

My wife and I purchased a NordicTrak C 990 treadmill in late 2016.  It doesn't get all that much use (I still prefer going to the pool and swimming) but we both periodically use it.  I have an iFit membership that's mostly a waste of money but allows the machine to report and track my workouts online.

The control plane of the machine runs Android 2.x and has always felt pretty brittle outside of the iFit application.  Connecting to Wi-Fi, for example, is done through the Android system dialog screens rather than through an iFit-branded screen.

Anyway, the whole system was working fine until I decided to use it today.  I put the key in and Android indicated it couldn't connect to Wi-Fi.  So, I power cycled the system (naturally).  Upon reboot the iFit screen would load but then after 10-15 seconds trigger a reboot of Android.  I searched around and found instructions like this that described how to reinstall the iFit application.  However, these instructions didn't work for me because even if I could draw the "figure 8" on the screen to exit the iFit application's splash page, the OS would still reboot seconds later.

I took a guess that something Wi-Fi-related was causing the reboot so I shut the 2.4GHz radios on my two Cisco WAPs (the treadmill is one of two devices that still use 2.4GHz only).  The reboots stopped.  Something network-related was definitely causing it.  Maybe it's some update check that is returning a value that is triggering a bug in Android?  So, I ran tcpdump(8) on my local router.  I started a continuous ping and the last packets transferred before the system rebooted were NTP queries.  Thinking that something time-related was killing the OS I went into Android settings and disabled network-provided time.  The system was still stable after boot even when Wi-Fi is on, now.

The system date was 2012-01-01 so I tried setting it to 2018-04-03.  Instantly, the system locked up and after a few seconds rebooted.  I even tried setting it to a last known good date earlier in the year when I knew the treadmill was still working - same thing, triggered a reboot.  It would appear that either something in the OS can't handle the date changing too drastically or there's something that can't handle a 2018 date.

So, the treadmill is functional but I now can't login to my iFit account.  I'm guessing that somehow the date is passed as one of the login parameters and the iFit platform rejects the login attempt.  I'll play more with it later and will not be renewing my iFit membership if I still can't login.

Hopefully this post will be useful to someone who's given up and about to buy a new treadmill..

Update: I played around with setting the date a bit more.  Even setting it to 2012-01-02 triggers a reboot.  It would appear the date can't actually be set, now.

Comments: 0
> Testing IPv6 Node Information Queries
Posted by prox, from Seattle, on December 31, 2017 at 20:25 local (server) time

After reading There’s No Place Like ::1 — Enumerating Local IPv6 networks, I decided to try it out on a couple of my local LANs.  Surprisingly enough, Linux, Solaris, IRIX (yes, IRIX), and Windows do not seem to respond to these (RFC 4620) queries but FreeBSD, iOS, and macOS do.

Here's a segment with a few Apple hosts on it:

(trill:17:07:PST)% ping -c 2 -N name ff02::1%br0
PING ff02::1%br0(ff02::1%br0) 56 data bytes
30 bytes from fe80::223:dfff:fe7f:2678%br0: odyssey; seq=1; ttl=64
26 bytes from fe80::885:e847:e16b:a305%br0: atv; seq=1; ttl=64 (DUP!)
28 bytes from fe80::dea9:4ff:fe8b:dd95%br0: orion; seq=1; ttl=64 (DUP!)
29 bytes from fe80::10b3:60fb:bef0:90d2%br0: lantea; seq=1; ttl=64 (DUP!)
30 bytes from fe80::223:dfff:fe7f:2678%br0: odyssey; seq=2; ttl=64

--- ff02::1%br0 ping statistics ---
2 packets transmitted, 2 received, +3 duplicates, 0% packet loss, time 1001ms

atv is an AppleTV, orion & odyssey run macOS (varying versions), and lantea is an iPod.  Now, here's a segment with a few Linux & Windows hosts:

(starfire:17:13:PST)% ping -c 2 -N name ff02::1%eth3
PING ff02::1%eth3(ff02::1%eth3) 56 data bytes
27 bytes from fe80::200:aaff:feac:f871%eth3: host; seq=1; ttl=64
27 bytes from fe80::200:aaff:feac:f871%eth3: host; seq=2; ttl=64

--- ff02::1%eth3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms

Not much here, except a strange reply from something calling itself host, which is actually my Xerox Phaser 6280 laser printer.

Also, Junos (FreeBSD-based), Cisco IOS, and IOS-XR (QNX-based) seem to ignore these too.

The conclusion here is, of course, that layer 2 is insecure.  But really, who cares about a name if most things run some sort of mDNS agent nowadays, anyway?

Comments: 0
> Ignoring ICMPv6 PTBs
Posted by prox, from Seattle, on December 30, 2017 at 21:31 local (server) time

I've started a list of websites that are inaccessible from tunnels or VPNs because they block ICMPv6 PTBs.

Really, it's getting annoying.  The one that got added tonight was my.t-mobile.com.  It's fairly ironic, too.

Comments: 0

No Previous PageDisplaying page 1 of 120 of 960 results Next Page