• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Standard Disclaimers
  • Resume/Curriculum Vitae
  • Why Blog?
  • About
  • (Somewhat Recent) Publication List

packetqueue.net

Musings on computer stuff, and things... and other stuff.

Apple

October 30, 2013 Apple

OSX X11 Forwarding

Read­ing Time: 2 min­utes

I access var­i­ous Unix and Unix-like sys­tems all the time.  In most cas­es I don’t ever use any of the GUI tools or appli­ca­tions they may pro­vide.  I’ve been using Lin­ux since before Slack­ware was even a dis­tri­b­u­tion, and Unix longer than that, so I gen­er­al­ly find GUIs get in my way more often than not.  That said, some­times a GUI tool is the best way to do some­thing.

Some peo­ple like VNC, but I’ve always been an SSH man myself.  And, I’ve always used SSH X11 tun­nel­ing when I need it.  That means that on my Win­dows machine I have the Exceed suite installed, which includes a nice X11 instal­la­tion for Win­dows.  Every­where else, however–including on my Mac­book Pro–I’ve always just used the native X11 win­dows man­agers.  Until recent­ly.

I had­n’t noticed that X11 tun­nel­ing was­n’t work­ing from my Mac until recent­ly and found out that the X11 win­dow man­ag­er has been gone from Mac since Moun­tain Lion–which tells you how often I use GUI apps in this way.  It’s not a big deal to fix, but I fig­ured there are prob­a­bly some peo­ple out there who don’t know how to make it all work, so I’d type up this quick blur­ble.

Essen­tial­ly, you just need to down­load XQuartz and install it.  XQuartz is the new ver­sion of what used to be the X11.app that came by default in OSX ver­sions pri­or to Moun­tain Lion.  Or, it’s the same project.  Or some­thing.  You can read the Apple blurb here.

If you don’t have X11 for­ward­ing turned on, just edit your /etc/sshd file and change the X11 For­ward­ing line to be like so:

/etc/sshd file

 

 

 

 

Be sure to restart any ssh ses­sions you have open, and then con­nect using the ‑X flag in ssh.  Some­thing like “ssh ‑X [email protected]” should work.  Read the man page on ssh if you have any ques­tions, but it’s pret­ty straight for­ward over­all.  Once logged into your remote machine you can ver­i­fy if things are work­ing by run­ning any kind of X11 app (xclock or xeyes are my usu­al test sub­jects).  If not, start by echo­ing your local dis­play vari­able (echo $DISPLAY) and see if you have any­thing there.  If it’s emp­ty, then your local ssh client isn’t for­ward­ing the X11 infor­ma­tion and you might try using ‑vvv when you log in (lot’s of infor­ma­tion).

Like I said, easy-peasy.  Now I can go back to not using any GUI apps for a few more years when, I’m sure, some­thing else will be bro­ken or changed.

Share

August 6, 2013 Apple

My OSX

Read­ing Time: 5 min­utes

I have decid­ed to take a quick break from my more busi­ness-ori­ent­ed writ­ing of late to focus on some­thing that peo­ple seem to have an inter­est in: how I have my com­put­er set up and con­fig­ured. This post will nec­es­sar­i­ly be in more of a cat­a­log for­mat than arti­cle, but hope­ful­ly no less use­ful.

I switched to a Mac a few years ago, com­plet­ing the cir­cle of com­put­ing life as I did, as I start­ed with an Apple IIc around 1981. In between I fell in love with var­i­ous com­put­ers from the Ami­ga, Atari ST, ear­ly IBM machines, to Lin­ux and final­ly to the pin­na­cle of all things com­put­ing: the NeXT. Ever since then I think I have been sub­con­scious­ly try­ing to get my desk­tops to look as flu­id and work as well as the NeXT machines did, with vary­ing lev­els of suc­cess. Some of my choic­es reflect that impulse.

I will pref­ace this by say­ing that this is how I have my com­put­er set up and con­fig­ured, and is by no means the right way–it just works for me. The soft­ware I use is what I find inter­est­ing or use­ful to my work­flow and style, but I am always look­ing for improve­ments. This cat­a­log, then, will prob­a­bly be out of date five min­utes after I’m done writ­ing it all down.

Mail

Microsoft Out­look. I have installed and used Post­box, Thun­der­bird, and a cou­ple of oth­ers, but I keep falling back to Out­look. Per­haps it is a lit­tle bit of the Stock­holm Syn­drome (though not IPv6 Stock­holm Syn­drome), but I can’t seem to find any­thing else that match­es every­thing fea­ture-for-fea­ture that I need. It’s all a com­pro­mise some­where, some­how. With Out­look I have to put up with the usu­al Microsoft Bloat, but I com­pen­sate with a lot of mem­o­ry and pro­cess­ing pow­er.

Web Browser

Google Chrome. I’m sure some­one will cas­ti­gate me for this (as if the last sec­tion was­n’t bad enough) but I just find that it works well, is light­weight, and does every­thing that I want rea­son­ably well.

Remote Desktop

Cord is my go-to for con­nect­ing to remote Win­dows servers, though this is always in flux. I do much more via Pow­er­Shell than ever before, so pure Remote Desk­top Pro­to­col just does­n’t get used as much as it used to in my envi­ron­ment.

Organization

Ever­note is my main tool in the “remem­ber­ing stuff” cat­e­go­ry of tools. I use it to grab and cat­a­log things that I find inter­est­ing or use­ful. I use tags and dif­fer­ent note­books and such with­in the tool, and it suits me nice­ly. I did switch to the pre­mi­um edi­tion quite a while back, and it’s well worth it as far as I’m con­cerned.

Twitter

Tweet­bot and some­times my own com­mand-line client (writ­ten in Python as a learn­ing exer­cise) if I’m feel­ing plucky.

Text Editors

TextE­d­it, VIM (though I use a fair­ly cus­tomized ver­sion and con­fig­u­ra­tion, more on that lat­er).

Markup Tools

A lot of these tools revolve around spe­cif­ic tasks. For instance, I use Mark­down Pro to com­pose all of my blog posts, this one includ­ed. It gives a nice appear­ance to things with­out a lot of the fuss and extra bag­gage of full-weight word-proces­sors, and I can export the com­plet­ed work in HTML or PDF for­mat. Not par­tic­u­lar­ly fan­cy, but it gets the job done. My only com­plaint here is that the for­mat­ted por­tion of the screen (split-screen com­pos­ing win­dow) does­n’t keep up with the raw-text side. Minor annoy­ance, but if I could find some­thing that solved this I’d prob­a­bly switch prod­ucts.

I also use BBE­d­it for some things, though I’m find­ing I use it less these days than a cou­ple of years ago. It’s def­i­nite­ly one of those tools you either learn and love, or hate. There’s a fair­ly steep bar­ri­er to entry in both price and learn­ing, but you may find it use­ful for its syn­tax high­light­ing, script­ing, etc. More use­ful for raw code edit­ing (HTML, XML, C, etc.) than for arti­cles and such.

LaTeX has been my go-to for any kind of seri­ous doc­u­ment cre­ation (resumes, man­u­als, schol­ar­ly papers, etc.) for years now. I will warn you that it is absolute­ly not for the feint of heart as it is basi­cal­ly an old pro­gram­ming lan­guage for doc­u­ment markup. Most Mas­ters and PhD the­ses are writ­ten in this lan­guage, as are most schol­ar­ly research papers. It is well worth learn­ing, and once you do you’ll nev­er use any­thing else as it cre­ates the most hands-down beau­ti­ful doc­u­ments you’ll ever find. A lot of peo­ple will be turned off by the steep learn­ing curve (you have a lot of code to learn, and a lot of com­pil­ing to even get a view­able doc­u­ment) but if you have the patience, go for it.

The link above is to an OSX-spe­cif­ic set of pack­ages, and I rec­om­mend you start there. You can also look at The LaTeX Project and a nice Doc­u­ment Guide/Wiki to get start­ed. The CTAN Archive is a great place to browse for pack­ages and what­not. Hap­py hunt­ing!

Terminal Emulators

iTerm2 Solarized

iTerm2 Solar­ized

I use iTerm2 instead of the built-in ter­mi­nal pro­gram shipped with OSX. It has many nice fea­tures (too many to list), is more cus­tomiz­able, and is just bet­ter. Go get it. You’ll thank me. While you’re at it, get the Solar­ized pack­age and install it for every­thing you have. In addi­tion to a uni­form col­or palette, it helps across the board with aes­thet­ics when work­ing in any of the sup­port­ed appli­ca­tions.

 

Integrated Development Environments (IDEs)

I use two pri­ma­ry tools for cod­ing on my Mac: XCode when I’m doing some­thing using the Cocoa Frame­works (not often) and Komo­do IDE 8 for every­thing else (most­ly Python these days). Your choic­es here are like­ly to be high­ly per­son­al depend­ing on how much pro­gram­ming expe­ri­ence you have or are like­ly to do, and in what envi­ron­ments. You can do any kind of pro­gram­ming or script­ing in any kind of text edi­tor, of course, but I find a nice IDE to be a com­fort­ing thing to have around. I also have my VIM install con­fig­ured with syn­tax high­light­ing for the lan­guages I use.

Sundries

I use a ton of oth­er pro­grams from Wire­Shark to Drop­Box to get my work done; VPN clients, var­i­ous pho­tog­ra­phy suites (anoth­er hob­by of mine), to things like 1password for pass­word stor­age. Unfor­tu­nate­ly, this post is longer than I expect­ed already so I’m stop­ping it here. I’ll come back with a part II soon, and hope­ful­ly there I can include all rel­e­vant por­tions of my actu­al con­fig­u­ra­tions (.vim­rc, screen­rc, tmux_conf, .bashrc, .pro­file) as well as all of the OSX-spe­cif­ic hacks I’ve made over the years to get my Mac to behave like I want it to.

In the spir­it of giv­ing back, I’d love to hear from any­one else as to what nifty soft­ware, con­fig­u­ra­tions, or hacks you use to get things done on your Mac and why you like them. As I said at the top, many of these things are just what I’ve done, but I’m always open to sug­ges­tions and bet­ter ways of accom­plish­ing things.

Share

September 6, 2011 Apple

Screen and Reverse Telnet with Macbook Pro

Read­ing Time: 5 min­utes

As a lot of read­ers already know, from com­ments and dis­cus­sions on oth­er forums, I recent­ly made the switch from PC to Mac for my main per­son­al com­put­er.  This wasn’t some sort of Microsoft-hat­ing fren­zy, but rather a case where I had more com­pelling rea­sons to use a Mac at home (Apple TV, iTunes, wife’s Mac, etc.) than I did to stick with the PC (games).  I still have the PC for when I get the gam­ing urge, but since most of my time these days is spent study­ing, gam­ing has tak­en a back burn­er for the fore­see­able future.

I won’t both­er you with my ini­tial reac­tions to the Mac as they’ve been most­ly pos­i­tive and prob­a­bly not entire­ly dif­fer­ent than many oth­er people’s expe­ri­ences.  What I will say, though, is that as a long time user of var­i­ous fla­vors of Unix, it’s nice to be oper­at­ing on a plat­form that is Unix based again.  Specif­i­cal­ly, it’s nice to not have to down­load bolt-on soft­ware in order to be able to use SSH, Fin­ger, TFTP, etc.

One of the tools that I have used exten­sive­ly in the past is GNU Screen.  For those unfa­mil­iar with the pro­gram, you can check out a brief overview over at Wikipedia: http://en.wikipedia.org/wiki/GNU_Screen, or at the GNU Screen web­site here: http://www.gnu.org/software/screen/.

Despite using Screen since I was first intro­duced to it back around 1990 or so, if I recall cor­rect­ly, I’ve only ever used it real­ly for one thing: con­nect­ing from a Unix Machine to some­thing using the ser­i­al port or a modem.  Even the modem bit I didn’t use all the time as I tend­ed to favor Mini­com.  So, when a cou­ple of friends sug­gest­ed that I use Screen for solv­ing a prob­lem I was hav­ing, it made sense.

As part of my Cis­co lab I have some four­teen dif­fer­ent devices that I need to access at any one time.  I have all of those devices set up to my main ter­mi­nal serv­er (3945 which is also my main a‑lot-of-oth­er-things as well) using reverse tel­net.  In this way I can do a lot of things, but typ­i­cal­ly I would SSH to the ter­mi­nal serv­er, con­nect to a host by name, then use Ctrl-Shift‑6 x to get back to the ter­mi­nal serv­er and do the same thing again for anoth­er host.

This is all made pos­si­ble using an Async card:

NAME: "High Speed Wan Interface card with 16 RS232 async ports(HWIC-16A) on Slot 0 SubSlot 3", DESCR: "High Speed Wan Interface card with 16 RS232 async ports(HWIC-16A)"

 

With a per­ti­nent con­fig­u­ra­tion like so: 

interface Loopback0
ip address 172.16.0.1 255.255.255.0
ip host s2 2054 172.16.0.1
ip host s1 2053 172.16.0.1
ip host s4 2056 172.16.0.1
ip host s3 2055 172.16.0.1
ip host r5 2063 172.16.0.1
ip host r2 2060 172.16.0.1
ip host r6 2064 172.16.0.1
ip host r4 2062 172.16.0.1
ip host r3 2061 172.16.0.1
ip host r1 2059 172.16.0.1
ip host r8 2066 172.16.0.1
ip host r7 2065 172.16.0.1
ip host ASA 2051 172.16.0.1
ip host AP1 2052 172.16.0.1
ip host bb2 2057 172.16.0.1
ip host bb1 2058 172.16.0.1
line 0/3/0 0/3/15
session-timeout 120
no exec
transport input telnet

 

Still, open­ing four­teen hosts can get tedious, as you might imag­ine.

What this con­fig­u­ra­tion also allows for, how­ev­er, that I had only been using occa­sion­al­ly is log­ging in to any device by open­ing a tel­net con­nec­tion to the port.  So, I can either tel­net to the par­ent device’s IP address (in this case it’s 10.7.68.221) or to the loop­back address (if I have rout­ing) and adding on the port num­ber like so:

telnet 172.16.0.1 2056

 

which, as we see from above, would take me to the device labeled “s4”.   That’s all good, but still requires me to open each tel­net ses­sion by hand, right?  Not nec­es­sar­i­ly: enter Screen and the mag­ic of con­fig­u­ra­tion files.

I have two con­fig­u­ra­tion files for Screen: one is a .screen­rc file which sits in my home direc­to­ry as is stan­dard on Unix sys­tems.  Note that I could also put this in my /etc direc­to­ry and change the name if I want­ed a sys­tem-wide default for all users.  The oth­er file is a cus­tom one that I only use when I’m doing lab-work, and I call that one screen.ccie.

If I want to open just Screen by itself, from a ter­mi­nal (I use iTerm2) I just type “screen –A” which opens up Screen with all pos­si­ble emu­la­tions enabled (just in case).  If I want to open my ccie lab con­fig­u­ra­tion I type “Screen –Ac screen.ccie” to ref­er­ence the start­up file.  I also use “screen –A /dev/tty.KeySpansomething” to use my USB/Serial adapter if I’m at the con­sole some­where.

Below you’ll find the screen.ccie file, with com­ments, as well as a screen shot of what it looks like in action.  I didn’t include the .screen­rc file because it is iden­ti­cal, except for the last sec­tion that opens up all of the dif­fer­ent tel­net ses­sions.  I’m sure there are a lot of ways to do this, some bet­ter than oth­ers, and infi­nite com­bi­na­tions of col­ors, stats, etc. that can be con­fig­ured, but this is what I have for now.

 

 

# SomeClown's .screenrc file.  Cribbed from a lot of places.
# Credit to both @IPv6Freely and @jay25f

# Next and Previous tabs shortcuts
bindkey "^e" next       # Next
bindkey "^w" prev       # Previous

# Various options
escape ^Zz                      # Control-A is needed elsewhere
nethack on                      # Just 'cuz
maptimeout 5            # Fixes Vi
vbell off                   # Pavlov
startup_message off     # Meh
defscrollback 30000     # Lots o' logging room
autodetach on           # Go away, come back.
shelltitle ""

# Status at bottom of screen; tabs, etc.  The code's a FusterCluck, but looks nice
hardstatus alwayslastline "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%< %=%D %M %d %c"
hardstatus string '%{= kK}%-Lw%{= KW}%50>%n%f %t%{= kK}%+Lw%< %{=kG}%-= %d%M %c:%s%{-}'

# Specific for CCIE Lab.  Standard .screenrc file doesn't include text below

# Create named tabs for each device
screen -t Stuff 0                       # General
screen -t R1    1
screen -t R2    2
screen -t R3    3
screen -t R4    4
screen -t R5    5
screen -t R6    6
screen -t R7    7
screen -t R8    8
screen -t S1    9
screen -t S2    10
screen -t S3    11
screen -t S4    12

# For each tab above, do stuff
at R1 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2059 \015"
at R2 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2060 \015"
at R3 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2061 \015"
at R4 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2062 \015"
at R5 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2063 \015"
at R6 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2064 \015"
at R7 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2065 \015"
at R8 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2066 \015"
at S1 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2053 \015"
at S2 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2054 \015"
at S3 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2055 \015"
at S4 stuff " echo 'Starting some shite...' && sleep 10 && telnet 10.7.68.221 2056 \015"
Share

January 27, 2011 Apple

Why Bonjour Hates my Wireless Network

Read­ing Time: 5 min­utes

Why Bon­jour Hates my Wire­less Net­work

Many of you know my strug­gle as of late to inte­grate all of my recent­ly acquired Apple devices into my exist­ing net­work.  Many of you also know the frus­tra­tion I’ve had with this process and have been inno­cent passers-by to my inces­sant twit­ter updates, rants and spon­ta­neous bursts of mis­placed anger.  Here then, is my brief expla­na­tion of what the prob­lem is, and why I now—after too many rab­bit-hole adven­tures to list—believe that I will not solve my prob­lem with­out dif­fer­ent equip­ment or a rad­i­cal re-design of my net­work.

I should point out, by the way, that it’s not that I’m a masochist—really I’m not—but rather that in my stud­ies I find it use­ful to have a lot of equip­ment lying around.  That equip­ment inevitably works its way into my home net­work, and after some time I have a large and some­times con­vo­lut­ed struc­ture in place.  In this case, how­ev­er, the wire­less is pret­ty far out­side the scope of any­thing I’ll deal with on the CCIE Rout­ing and Switch­ing Lab Exam, and was brought in specif­i­cal­ly to sup­port some future upgrades to my home: wire­less secu­ri­ty, roam­ing VoIP phones, etc.  The irony, as my wife so per­fect­ly point­ed out the oth­er evening, is that if we just had a “reg­u­lar” lit­tle wire­less router “like all the nor­mal, non-com­put­er geek peo­ple” our Apple devices would all work.

If you haven’t read my pre­vi­ous post­ing on Bon­jour, that might pro­vide some more back­ground but isn’t, strict­ly speak­ing, nec­es­sary.  Some under­stand­ing of Bon­jour might be help­ful, how­ev­er, so very quick­ly, here it is: Bon­jour is Apple’s imple­men­ta­tion of a ser­vice dis­cov­ery pro­to­col sim­i­lar to Microsoft’s zero-conf.  It uses a cou­ple of address­es to make things work, and it is the pro­to­col behind Apple’s “every­thing just works” mag­ic.  If you want more than that, Google can offer you much deep­er expla­na­tions.

Bon­jour uses two address­es, real­ly, to do its work: 224.0.0.251 and 224.0.0.252, the lat­ter of which is the “dis­cov­ery” part of the pro­to­col and the for­mer where the action hap­pens.  The astute among you will notice that these are both link-local address­es and so won’t be for­ward­ed by layer‑3 devices (even real­ly, real­ly bro­ken ones) at all.  I had already been around the block with this once before, and so fig­ured that because my wire­less net­work was one broad­cast domain (thought I smug­ly) every­thing would be all good.  I was wrong.

Now would be a good time to toss in a quick net­work dia­gram so that you can visu­al­ize what we’re talk­ing about here.  The draw­ing below is just the wire­less por­tion of my net­work as it applies to what we’re dis­cussing in this arti­cle.  Rest assured, there is a lot more out there, but none of it is applic­a­ble to this sit­u­a­tion.

As you can hope­ful­ly see, we have a 2811 ISR con­nect­ed to a 2950 switch via 802.1q, and two 1142 APs con­nect­ed at layer‑2 to the switch.  What might not be as obvi­ous at first is that the Wire­less Lan Con­troller you see at the upper right of the dia­gram is a mod­ule sit­ting in the 2811 router.  This is where the heart of evil appar­ent­ly lies, but more on that in a minute.  The access points are on VLAN 16, and get DHCP assign­ment from the 2811 along with option 43 and option 60 which are both nec­es­sary (despite what you may hear) to get the radios reg­is­tered to the con­troller, at least in this con­fig­u­ra­tion.  All VLANs are allowed every­where (for test­ing) and no ACL/VACLs or any oth­er secu­ri­ty out­side of stan­dard wire­less is applied.

Before any­one points out the obvi­ous, by the way, I did recon­fig­ure this arrange­ment to put the APs on the same VLAN as the WLC man­age­ment inter­face, make that the native VLAN all the way through, and bridge the switch and router at lay­er 2 with BVI, just as a test to elim­i­nate layer‑3 bound­aries.  While inter­est­ing to do, that didn’t solve the prob­lem we’re hav­ing here.  In fact, I didn’t even notice the real prob­lem loca­tion until I made this dia­gram (who would have thought?).

The WLC mod­ules that plug into a router, while run­ning the same soft­ware and oth­er­wise oper­at­ing almost iden­ti­cal­ly, are dif­fer­ent in at least one key respect from their stand-alone coun­ter­parts: they can’t com­mu­ni­cate at layer‑2 with the router.  A stan­dard con­troller (say a 4400 series) can com­mu­ni­cate at layer‑2 with radios plugged in to access switch­es, there­by becom­ing the first layer‑3 hop from the radios—even when dif­fer­ent VLANs are assigned than man­age­ment.  The inte­grat­ed mod­ule, how­ev­er, com­mu­ni­cates with the host router across the back­plane at layer‑3.  Look­ing back at the dia­gram, you can clear­ly see that drawn out.  So no mat­ter what I do with bridg­ing from the radios, switch, router, etc., inevitably I’ll have lay­er three sep­a­ra­tion between the radios and the con­troller.

This is all well and good for most pro­to­cols, but not for link-local mul­ti­cast.

I think I found every rab­bit-hole pos­si­ble to get lost down, and pro­ceed­ed to do just that.  When I final­ly ran out of said holes to explore, kind folks on twit­ter that I respect and look up to sent me off in still more direc­tions.  I tried, in no par­tic­u­lar order:

(1)    Using Des­ti­na­tion NAT to change the 224.0.0.251 and 252 address­es to mul­ti­cast in the 239.x.x.x range

(2)    Using Des­ti­na­tion NAT to change the 224.0.0.251 and 252 address­es to uni­cast

(3)    Using helper maps

(4)    Bridg­ing every­thing under the sun to every­thing under the moon.  No love because the back­plane can’t be bridged.

I was going to even try GRE tun­nels, DCI, or any oth­er type of tun­nel to move Layer‑2 over Layer‑3.  At the end of the day, how­ev­er, besides get­ting tired of the project, I decid­ed that noth­ing was like­ly to work.  Why?  Because one of the first things a layer‑3 device does when it receives a pack­et is to decre­ment the TTL.  So no mat­ter what I do with NAT, or tun­nels, or any oth­er damned thing, the router will always decre­ment the TTL before it decides to pass the pack­et to some oth­er ser­vice (like DNAT, GRE, what­ev­er), there­by dis­card­ing the pack­et before it ever reach­es those process­es.

As far as I can tell today, this is unsolv­able.  Apple hates me, and oth­ers like me.  Using a TTL of 1 as your method of lock­ing down com­mu­ni­ca­tions is pret­ty rock-sol­id from a DRM view­point, but also very inflex­i­ble and heavy-hand­ed.  I’m going to put a portable 3560 in my enter­tain­ment cen­ter to sup­port my DirecTV box, Apple TV and oth­er enter­tain­ment devices so that they can share the iTunes library on my main com­put­er, but I’m not hap­py about it.  I lose my shiny N‑connected cool­ness, and my iPad won’t be able to con­trol those devices.  In addi­tion, I’ve had to hard-set my wife’s print­er, since her Mac can’t find it any more.

The bot­tom line is that all of the auto-con­fig­u­ra­tion mag­ic that Apple devices can have has gone away in my cur­rent set up.  I could fix it by run­ning a par­al­lel wire­less net­work using autonomous access points, or buy a cheap‑o wire­less router, but then I have the oth­er prob­lem where I lose vis­i­bil­i­ty and con­trol, just to make a quirky sys­tem work.  The only viable option, real­ly, is to change out my WLC mod­ule for a stand-alone controller—which I may do at some point—but at this point I’m tired and may just move on, defeat­ed.

Share

November 30, 2010 Apple

iTunes Home Sharing

Read­ing Time: 3 min­utes

iTunes Home Sharing

A decent into the hell of Bon­jour and black tur­tle-necks

This is just anoth­er short exam­ple in what I’m expect­ing will be a recur­ring theme here on Pack­et Queue: atten­tion to detail.  As a net­work engi­neer, as in so many pro­fes­sions, pay­ing atten­tion to the lit­tle things can mean the dif­fer­ence between 10 min­utes of trou­bleshoot­ing and 3 days of unmit­i­gat­ed, sleep-deprived hell.  Luck­i­ly enough for me, the exam­ple I’m about to give wasn’t 3 days by any means, and since it was per­son­al and not busi­ness the urgency wasn’t the same as if a WAN link had failed.  That said, I want­ed it fixed.

My wife just bought a new computer—her first Mac since the original—and dur­ing the ini­tial mov­ing of files and such, I dis­cov­ered a nifty fea­ture of iTunes: Home Shar­ing.  Now, I have a large iTunes library at home already—something on the order of almost 180 Gigabytes—and want­ed her to be able to share that library on her new Mac.  After all, we’re not pirates; we just want to have access to our shared music library on any com­put­er or device in the house rel­a­tive­ly seam­less­ly.  So I read a quick lit­tle blurb on the how-tos and why-fores of home shar­ing (real men some­times read direc­tions) and turned it on.  Aside from the crick­ets, noth­ing hap­pened.  Sacre­bleu!

Bonjour?

Bon­jour! ¡No Hablo!

No, not a greet­ing but a name giv­en by Apple to their zero­conf imple­men­ta­tion that allows devices (print­ers, stor­age, shares, etc.) to auto-mag­i­cal­ly find one anoth­er.  This is the ser­vice that was sup­posed to make my iTunes library share­able between com­put­ers.  This is the ser­vice that was sup­posed to make every­thing in my dull world shiny again.  Not being over­ly steeped in the Apple world, how­ev­er, has made me nat­u­ral­ly sus­pi­cious of any­thing that “just works” as more often than not, said thing only “just works” if you “just use it in this one way”.  That nat­ur­al sus­pi­cion of mine was proven to be well-found­ed.

Upon read­ing up on Bon­jour, I dis­cov­ered that it uses mDNS (mul­ti­cast DNS) to find ser­vices.  Well, I thought, that would mean that mul­ti­cast rout­ing should work to fix my woes and I set off to work my mag­ic.  Of course, I had missed a crit­i­cal detail that would have saved me some time: the mul­ti­cast DNS imple­men­ta­tion that forms a part of Bon­jour uses the mul­ti­cast group address of 224.0.0.251.  If you haven’t noticed the prob­lem yet, nei­ther did I right away.  Had I noticed said prob­lem, I wouldn’t have com­plete­ly recon­fig­ured my ASA and 2811 for mul­ti­cast rout­ing, and I wouldn’t have start­ed trac­ing pack­ets with Wire­Shark:

The Mul­ti­cast range runs from 224.0.0.0 through 239.255.255.255 as every first-year net­work­ing stu­dent prob­a­bly knows.  But that range is like all oth­er ranges and has cer­tain reserved address­es with­in it.  In our case, the most inter­est­ing range is 224.0.0.0/24 which is known as the Local Net­work Con­trol Block, or some­times just Link-local.  Address­es in this range include the OSPF address­es of 224.0.0.5 and .6, and RIPv2 address of 224.0.0.9, among oth­ers. The salient detail being that these mul­ti­cast address­es are typ­i­cal­ly sourced with a TTL of 1 and are not to be sent off of the broad­cast domain in which they orig­i­nate.

My wire­less net­work, which my wife’s new Mac is on, is a dif­fer­ent VLAN (and hence, dif­fer­ent broad­cast domain) from my wired net­work.  In fact, between my three wire­less net­works and mul­ti­ple lab net­works, my home envi­ron­ment prob­a­bly has some­thing on the order of 25 dif­fer­ent broad­cast domains.  Def­i­nite­ly not the norm for the aver­age user, but also not uncom­mon if you start look­ing at more tech­ni­cal peo­ple or pro­duc­tion envi­ron­ments.  So, the bot­tom line is that Bon­jour and iTunes won’t work in my envi­ron­ment with­out an mDNS proxy or some oth­er trick­ery.

What both­ers me most about this rev­e­la­tion is that a lot of Apple’s soft­ware and periph­er­als work on this same sys­tem.  Air­port (Apple’s wire­less) as well as their print­er set­up, shares, etc. all work using Bon­jour so are, from at least a sim­ple view­point, bro­ken across broad­cast domains.  I’m guess­ing from Google search­es and such that it’s a minor­i­ty of users of iTunes who are con­cerned about this, and so it may not even make sense for Apple to address the prob­lem.  But if you extrap­o­late that out to every­thing else using Bon­jour, and con­sid­er a cor­po­rate net­work envi­ron­ment, I have to won­der how much of this con­tributes to Apple’s lack of pen­e­tra­tion into enter­prise net­works.

As always, if I’ve got­ten details wrong or you’d just like to offer your own opin­ion back and fur­ther the dis­cus­sion, I can be reached here on this blog or via @someclown on Twit­ter.

Share

Copyright© 2023 · by Shay Bocks