Four years ago ...

Four years ago I was thinking if I should open a blog or no, what would people say? What was I going to write about? But finally I took the plunge because I needed to improve my writing skills in the english language, although my main problem was I didn't have imagination to write or to speak about whatever, I went blank in my english exams and it was very difficult to make up my own story or my own content. However, I'm here, writing, and also in english because I decided to write in english last year for not forgetting my english skills.

What have I done in the last years? Apart from improving my writing skill, security and networking keep being my main fields in my job. I have taken part of many projects about audits and improvements about security information systems, like the PCI-DSS Compliance, and networking installations as well, like improving and managing an Autonomous System configuration. In addition, I have made some speeches at University, High Schools, Government, Businesses, etc about security awareness, IT Management, Web Application Firewalls, wireless networks, etc. I have also been the teacher for some courses about VPN, Metro Ethernet, Cisco ASA, Alcatel-Lucent switches, etc and in the meantime I have been studying about Certified Information Security Manager (CISM), recertification of the CCNP, load balancers, etc. What's more, I have come across old and interesting friends, and professionals, and I have met new experts, that they are people over everything, like High School friends, new young professionals working with me, and foreigners of workcamps in Turkey and Russia. All of them deserve more than any project or certification and I wish to keep in touch with them.

An overview about the most widely read posts in the last four years are the next:

Posts

 

With regard about from where the blog is visited, we can find the statistics next:

Posts by countries

Last and not less important, I would like to thank to everybody who read this blog and support me because they are the main reason why I have already written 196 posts with almost 83000 views. If someone has something to say for improving this blog, it is welcome.

Regards my friends and I hope to see you again back in September after holiday.

Cross compilation for broadband routers II

Last week, I wrote about cross compilation for broadband routers and the test result wasn't as I expected because my “Hello World” application didn't work in my router but I have been working on it for this week and I have got it. It works !!! We have to take into account some things that we'll see in this post today like the importance of bit order in memory, static and shared libraries, kernel version, etc.

First, we should check how the target processor saves words (bytes) in memory because depending on this we will compile on one way or another. There are two techniques, little-endian and big-endian, and although I have checked it, I still remember when I studied this at University. Most routers work with MIPS processors and big-endian architecture, storing the Most Significant Byte (MSB) at the lowest memory address, while most PCs and servers work with Intel and AMD processors, storing the Least Significant Byte (LSB) at the lowest memory address. Therefore, MSB, which is optimized for networking task, is the opposite of LSB. Next we can see the main difference between Little-Endian and Big-Endian:

Little-Endian vs Big-Endian

 

Another thing to take into account is the kernel version for compiling with the right libraries. Last post I installed the cross-development toolchain of the Universal Embedded Operating System which is right for new developments over new broadband routers but I want to make a new application for an old router, thus I have used the CodeSourcery toolchain this time, but I have downloaded an old one from 2012.

CodeSourcery Installation

Also, it is important to know about static and shared libraries. When we develop for a MIPS environment where the target device has few libraries and the file system is in read-only mode, like most routers, is much better to build applications with static libraries although it will be bigger than applications with shared libraries. Next we can see some linux commands (ldd, readelf and file) to check if an application has shared or static libraries.

Check libraries of a binary

Once our development platform is ready with the CodeSourcery toolchain, we can compile the “Hello World” application with Big-Endian, static libraries and the right kernel and libraries versions.

Developing and Compiling Hello World

 

Finally, we have seen that the application is a MSB executable for 32 bits MIPS microprocessor with static libraries and …. it works in my Huawei router.

Application Hello World for MIPS Architecture

Regards my friends, we'll try to build more and sophisticated applications in the future!!

Cross compilation for broadband routers

Lately, I'm interested to know what we can do with broadband devices or home stations that ISPs install in our houses and what kind of traffic we have inside our houses because if I could sniff my neighbour's FTTH, everybody could do it. These thought, about analyzing broadband devices, come from two or three years ago when I wanted to install applications and services in an ONT manufactured by ZTE. However, those years were vivid and exhausted because I was learning english, thinking and writing for the ISACA Challenge, writing in this blog, studying for ISACA certifications and working as well, thus I didn't have enough time to think about it, but this year is being more relaxing and from time to time I go back to think about this field, home networks.

Most Cisco routers, ZTE routers, Huawei routers, Alcatel-Lucent routers, etc work with small embedded operating systems with a set of Unix tools which come from the Busybox software package. These devices usually have very limited resources and they are made with MIPS microprocessors which are based on a System On a Chip (SoC) because CPU is integrated with memory, ethernet NICs, wireless interface, PCI, USB, etc.

MIPS devices

 

It's interesting to know the large number of protocols that ISPs use to maintain, configure and deploy automatically devices inside our homes, like TR-069 which is used for instance to deploy the ISP configuration from Auto Configuration Servers (ACS) to the end-user devices like routers or VoIP phones. TR-069 was published by the Broadband Forum and entitled as the CPE WAN Management Protocol (CWMP).

TR-069 Family of Remote Management Specifications

 

Once we know that most broadband devices have MIPS CPUs, if we have developed an application or service and we want to run it in the embedded operating system, we have to compile it in the MIPS architecture. The steps to make cross compilation in a Ubuntu laptop for MIPS architectures are the next:

Add the next line to the repositories:

• deb http://www.emdebian.org/debian/ squeeze main

Run the next:

• wget https://archive.debian.net/squeeze/libgmp3c2
• dpkg -i libgmp3c2_4.3.2+dfsg-1_amd64.deb
• apt-get update
• apt-get install emdebian-archive-keyring
• apt-get install linux-libc-dev-mips-cross libc6-mips-cross libc6-dev-mips-cross binutils-mips-linux-gnu gcc-4.4-mips-linux-gnu g++-4.4-mips-linux-gnu

Our development platform is ready, then we write the application and compile it.

Developing and compiling

Finally, we have seen that the Hello World application fails in my machine, that is normal because my laptop has not a MIPS architecture. We'll see in a Huawei router:

Application "Hello World" for MIPS architecture

Ooooh …. it isn't work either, I have to study and test more, we'll see in next posts.

Regards my friends and remember, test your thought and test whatever you are thinking.

Virtual Networks Everywhere

What is a Virtual Network? Who should manage Virtual Networks? Today, there are many technologies with the word “Virtual”, it seems that “Virtual” is a fashion word, better to remember and better to sell, like “Cyber” in the security field which is the preferred word for salespersons. Therefore, network engineers know many concepts like Virtual LAN (VLAN), Virtual Switches, Virtual Connect, Virtual Private Networks (VPN), Virtual Private LAN Service (VPLS), Virtual Switching System (VSS), etc, etc. However, I want to write in this post about three new Virtual Something that I come across lately.

Network Function Virtualization (NFV)

This is a technology that we are increasingly going to hear more often because NFV allows us to deploy network virtual appliances cheaper, faster and dynamically over an Hypervisor. These are the main advantages with regards to hardware appliances because we only need to download the software, buy a license and deploy into the virtual infraestructure, thus it is faster and more flexible to deploy than traditional network appliances. In addition, NFV along with SDN can be used in the datacenter for management and orchestration which will be useful for automating network provisioning. Examples of NFV are load balancers, firewalls, IDS and WAN accelerators.

Virtual Routing and Forwarding (VRF)

This is another technology which is usually implemented in big and long enterprise networks when we need to isolate networks in the most cost-effective way. Therefore, we can have isolated virtual routers inside a hardware router sharing physical NICs, memory and CPU but with different Routing Table (RIB) in the control plane and Forwarding Table (FIB) in the data plane. On the other hand, and this is important, we shouldn't configure VRF in our router just because it is fashion, because this can make our network complex and difficult to manage.

Easy Virtual Network (EVN)

EVN is the last concept I have learnt. In fact, I learnt it when I was studying to recertify my CCNP certification. This is not a new technology or a new standard but a new way to configure easily virtual networks in a Cisco router. This concept is used along with VRF and the main advantage is that we don't have to configure each subinterface in a trunk but just once regardless of how many VRF there are in the router. Moreover, we'll be able to do troubleshooting easily with EVN because it allows to run tshoot tools for each VRF instance.

Regards my friends and remember, Virtual is a fashion word, maybe we should think about another word for new technologies.