?

Log in

Julien Goodwin
Recent Entries 
28th-Apr-2012 12:21 am - Raspberry Pi debian notes
southpark cartoon
So one of the guys at our office somehow ended up with two Raspberry Pi's from the first batch, as one was enough for him to play with he offered the other one up, and I turned out to be the only person in the office who wasn't so lazy as to not walk over to the other building where he was to borrow for the weekend.




Here's a bunch of useful things that you probably want to do with the default Debian installation to make it more usable.

First, please don't give the foundation guys flack for any of these issues, a decent distro is hard, and I've paid hundreds of times more then this and gotten a horrific hack-job of (usually) debian (often with a kernel already years out of date, istead of one from this year). This really isn't too bad for a first go.

Security


If you're using the pi on a network, or in a public place there are a few things to consider, it's actually pretty good compared to most embedded images I've seen.

Regenerate SSH keys


The pi already has SSH keys on the image, this is a security issue as it makes you a very easy target for MITM attacks.
As root run:
rm /etc/ssh/ssh_host_*key
dpkg-reconfigure openssh-server

Note this enables SSH server on boot, so disable it if you want, see the note below about NFS, just use "ssh" as the service. If you've used SSH before this you'll need to delete your existing entry on your client before SSH will let you connect due to the new keys.

Consider disabling NFS client (the sole open services by default)


Other then the ports being open this has no security implication, but it does save a lot of boot time.
update-rc.d portmap disable
update-rc.d nfs-common disable

Delete the pi user


Or at least change its password. If you create another admin user consider removing pi from sudoers.

Minor bits


"root" has an invalid password (same as Mac OS, Ubuntu, etc.). The users "tli" and "pnd" exist in /etc/shadow with passwords (but not /etc/passwd). The user "suse" also has full root by sudo, but doesn't exist.

Keyboard layout


Most of us don't use UK keyboards, you can switch to your local layout by running "dpkg-reconfigure keyboard-configuration". you may want at least a qwerty (if not UK English) layout keyboard for this step, will be hard without one.

Time zone


I think the concept of a "British Summer" is an oxymoron so I want to change the timezone to something more relevant to me.

You can do that by running "dpkg-reconfigure tzset" (again, sudo for root if needed)

Console Blanking


If you're using a pi as a server you might want to disable console blanking so if you connect a monitor you don't need to hit a key to wake it up (which you might not be able to do if you've somehow crashed it).

To do this edit /etc/kbd/config and change BLANK_TIME to 0>.

Debian Mirror


You may wish to change to a local debian mirror by editing /etc/apt/sources.list and changing "uk" to the appropriate two letter code (debian mirror list), then as with all apt based systems, "apt-get update" to find new packages, apt-get dist-upgrade to upgrade to them (you should be careful what you install unless you've expanded the filesystem as there's not much free space).

I'd actually suggest the following as a good base debian apt set, these include security updates:
# Main, the core of debian
deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
#deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free

# Security updates
deb http://security.debian.org/ squeeze/updates main contrib non-free
#deb-src http://security.debian.org/ squeeze/updates main contrib non-free

# Other important updates before point releases
deb http://ftp.us.debian.org/debian/ squeeze-updates main contrib non-free
#deb-src http://ftp.us.debian.org/debian/ squeeze-updates main contrib non-free


The commented out lines are for source packages, unless you plan to do debian package development on the board itself they're not worth it

Swap


You can (but probably shouldn't unless you like killing SD cards) enable swap by uncommenting the swap line in /etc/fstab and rebooting or running "swapon -a"

Expanding the filesystem to use all (or just more) of your SD card


*WARNING* This is only applicable to the 19/April/2012 Debian build, it's very easy to destroy data by doing this wrong.



I installed on an 8GB card (as it was all I had lying about) and wanted to use all the space available. If you're going to expand the filesystem I'd suggest doing it straight away so you won't feel bad if you stuff up and destroy the OS on the card.

All of this procedure needs to be run as root.

First, change the partition size:
fdisk /dev/mmcblk0

Inside fdisk use these commands:
  • Type "p" and press enter, note the "Start" number of p2 (in this image, 1233)
  • Delete the swap partition with "d" then "3"
  • Delete the root partition with "d" then "2"
  • Recreate the root partition with "n" then "2", then start cylinder (1233 for mine), then either press enter for all the card, or follow the instructions for otherwise (using anything less then the old End cylinder of p2 will break your system)</li>
  • Verify things look ok by printing the table again ("p")
  • If they're all good use "w" to finish.


Now reboot

Once the system is back to finish expansion run:
resize2fs /dev/root

(This took several minutes on my 8GB card)

You can verify the result with "df -h"
14th-Feb-2012 09:58 pm - Lab equipment: Juniper
southpark cartoon
I'm getting back in networking certifications again as several of my various certifications come due for renewal over the year.

First up are the Juniper certs, and of those, the Enterprise track, so here's my view on what lab equipment is most helpful for each track.

Enterprise
  • 2+ EX4200 - The 4200 is the best model to have in the lab as although stacking isn't on the exam various side-effects of it are, and only the EX and M/MX/T lines implement it.

  • 2+ SRX/J - For IS-IS, BGP, IPv6 and other items that require a licence on the EX line a pair of SRX or J's may be the easier way to go.


Security
  • 3+ SRX/J - If you have infinite money the ideal would be a pair of SRX240's and a pair of SRX1400's to cover both major hardware lines, but anything from SRX210 up should be fine (the SRX100 will work for most things, but is not enough for some tasks).


Service Provider
  • 1 MX with ~20 ports (in practice a 240 or an 80 are all that make sense, all ethernet is fine)

  • An M series (5/7i/10(i) most likely) with SONET and ATM pics is useful as well to round out knowledge. A SONET MIC on the MX would suffice if you really need it.


Through the P level several SRX (210-650) or J series are sufficient.

Also useful are ~3 additional Ethernet switches for Spanning Tree labs, a few CPE type devices, and a server to run Radius on (and serve OS images)
14th-Feb-2012 08:53 pm - What I enjoyed at linux.conf.au 2012
southpark cartoon
This year, for the first time I can recall, I went to LCA paid for by my employer, that meant writing up a trip report when I got back, and, since others might enjoy it, here it is.

I'm not going to cover everything I saw, just the highlights (which does
happen to be most of the talks I saw).




"Lazy Security in a Large Gateway - Mark Suter" (Unisys, Sysadmin miniconf)
http://youtu.be/JIQa1Avn_bY

Mark said many good things, amongst which are these two:
"When the model doesn't reflect reality and you blame reality, you stop
doing science and start doing economics"
"if you have a policy that doesn't allow exceptions you have a broken
policy"




Keynote by Bruce Perens
http://youtu.be/Uoum-DHO7S8

If you're interested in open hardware the latter part of Bruce's talk
covers some projects you might find interesting, otherwise skip it as
the first part is badly presented and largely a compliance rant.




Jon Corbet's (of lwn.net) Kernel Report
http://youtu.be/elRCAD3sPEk

Every year Jon gives a state of the kernel, there's some neat stuff
happening, including in the networking space.

His talk later in the week "Challenges for the Linux plumbing community"
is also worth a watch.
http://youtu.be/dNXggr8ycNE




"EFI and Linux: the future is here, and it's awful" Matt Garrett (Red Hat)
http://youtu.be/V2aq5M3Q76U
http://youtu.be/IfKF7mEY5Dc (repeat)

If you've never seen Matt speak, it's a treat. In this talk he descibes
how EFI works.




There were two talks on Tuesday afternoon largely covering change
management.

"Mistakes were made" by Selena Deckelmann
Analyse failure more then success, but remember to analyze success,
there's always things that can be done better.

"Moving Day: Migrating Big Data from A to B" by Laura Thomson
Much of the same, worth watching more for the parts on negotiating
change times.




"IPv6 Dynamic Reverse Mapping - the magic, misery and mayhem" by Robert
Mibus (Internode)
http://youtu.be/JsAUXuL6IrY

The talk covered Internode's solution to generating valid reverse DNS
for their customers with query-time live generation and a custom
python-based DNS server.

(Chatted with him later, he had a glue TTL related bug in his design,
also was able to assist with some local IPv6 contacts)




"Multi-tenancy, multi-master, Sharding, scaling and analytics with
Drizzle" by Stewart Smith
http://youtu.be/3-t7KRAIwwA

Stewart is one of those people who it's always worth hearing what they
have to say, he's worked on XFS for a few years, then MySQL/drizzle for
at least the last six.

One neat feature of drizzle (the better scaling, less crufty MySQL fork)
is that their extension API is simply (the open source release of)
protobufs.




Keynote - Paul Fenwick
http://youtu.be/KV1iUmDVsM4

On hacking brains, some very neat stuff about cognative biases.




Next up was a double header on filesystems, Avi Miller from Oracle on
btrfs, then Dave Chinner from Red Hat on XFS

http://youtu.be/hxWuaozpe2I (btrfs)
http://youtu.be/FegjLbCnoBw (xfs)

These are good on their own just for the information, but are excellent
when watched in order just to see the serve Dave sends Avi's way.

(the short version is you should use XFS for everything, it's awesome)

Also neat tool "seekwatcher" which can be used to visualise disk load:
http://oss.oracle.com/~mason/seekwatcher/




"Mentoring: We're Doing It Wrong" by Leslie Hawthorn
http://youtu.be/ydS4vXNzN0I

Leslie, for those who don't know is an Xoogler from the Open Source
office, and is responsible for the LCA 2007 party, whilst compiling
this I did find several photos of me at that party:
http://✎.net/wp-content/uploads/2007/01/linux-ninja.jpeg




"Helping your audience learn" by Jacinta Richardson
http://youtu.be/S7-tP_olziM

For anyone writing training sessions, long or short, *watch this*.




On Thursday afternoon there were several talks on Android accessory
development, worth watching if you think you might be interested.

"Desktop Home Hacks" by Allison Randal
http://youtu.be/a8asl5SsGy4
(Not actually android related, but fits with the bunch)

"World domination and party tricks with the Android Open ADK" by
Jonathan Oxer
http://youtu.be/cixG5-jPjQw

Jon's awesome, and not only injected himself with an RFID tag several
years ago, but took photos for his blog.
http://grinding.be/2008/03/07/exploring-rfid-implants/

"Android Accessories Made Easy With Arduino" by Philip Lindsay
http://youtu.be/4yBkSwP9x7s

This talk covered "handbag" an android app that allows you to write UI
in Arduino instead of Eclipse. Very neat (although doesn't work on ICS yet)

"Hack everything: re-purposing everyday devices" by Matt Evans
http://youtu.be/VY9SBPo1Oy8

Some interesting thoughts on reverse engineering, and reusing old
consumer electronics.




"What is in a tiny Linux installation" by Malcolm Tredinnick
http://youtu.be/4UU0Dd4dQ1I

Malcolm covered the kernel and low-level userspace components of a tiny
embedded linux build, worth watching if you ever want to build / hack
such devices.




"Bloat: How and Why UNIX Grew Up (and Out)" by Rusty Russell and Matt Evans
http://youtu.be/Nbv9L-WIu0s

This talk looked back over forty years of unix and showed where how
cat/grep/ls/etc. went from several kilobytes into several hundred kilobytes.




"Rescuing Joe" by Andrew Tridgell
http://youtu.be/ML__e_ZcWiQ

Tridge (of Samba, rsync fame) gave a talk on the UAV project he's
involved with that has a goal of a plane autonomously locating a lost
hiker and sending them an aid package, from takeoff to landing with no
human intervention.




"Codec 2 - Open Source Speech Coding at 2400 bit/s and Below" by David Rowe
http://youtu.be/KsywWf8dQgU
http://youtu.be/7y6CHpMauHw (repeat)
(I saw the repeat as I missed it first time around)

This is a speech codec designed mainly for use over modems and ham
bands. The codec 56 bytes per 40ms *impressive*. Interesting fact,
speech codecs of such low data rates are classed as munitions
6th-Jan-2012 01:39 am - The "Qantas Feedback Panel"
southpark cartoon
I was invited by Qantas to join their feedback panel, and despite recent service being fairly unimpressive (Given that I flew one one of the very last flights before the grounding, and two the day the took to the air again that's not surprising) I decided to give it a try.

After my flight to Melbourne for Christmas I got a link to a survey, in it they asked a few questions about service on the ground and in the air. However instead of using text boxes they decided that a 1-10 value was sufficient.

They also rate limit the survey to (based on a forum posting somewhere) not more often then once every 10 days. This means that after my flight back to Sydney, in which many more things went wrong, and right, then normal there was no way to let them know through this channel.

I think both of these are wrong, if I was doing it I would ask five questions (based on their existing questions):
  1. What, if anything, impressed you with your experience when booking, and on the ground?
  2. What, if anything, disappointed you with your experience when booking, and on the ground?
  3. What, if anything, impressed you with your experience in the air?
  4. What, if anything, disappointed you with your experience in the air?
  5. Any other feedback about this flight?


And in addition to mailing (do it as one mail for all flights at the end of a round trip if it's for a week or less) make the link available as a "give feedback on a recent flight" link for all Frequent Flyers. Perhaps give some nominal bonus (miles/status credits) to people who give feedback that Qantas are able to take action on.

Yes using free text requires more time to review, but it's needed if they really want feedback. Even one person should easily be able to handle 100 requests that need to be examined and passed on for action, or many times that for ones that say nothing specific (or simple things like "the baggage service in SYD is very slow") per day.
3rd-Dec-2011 03:18 pm - The obliagatory 30000' post
southpark cartoon
I'm on a plane cruising over the pacific ocean, so it must be time for another instalment of "Julien writes a blog post about a Cory Doctorow book while sitting in (premium) economy on-board a Qantas jet flying to/from the US".

First of all, the Qantas A380.

It's an interesting aircraft, unlike the 747 it lacks that massive sense of power on a fully loaded take-off roll. Overall it's a nice plane, but I still hold a torch for the 747. It is quieter which is nice as I somehow lost my custom earplugs. Premium economy is about the same as in the 747, except it's upstairs which ads to the privacy (despite requesting upgrades to business on both outbound and return I failed to win the upgrade lottery although I did luck out with an empty seat next to me on the way out). The bathrooms seem smaller then on the 747, although given that it's over two years since I've flown on one of those that could just be wishful thinking. The entertainment system seems like a small, but nice, improvement over the 747. One thing that makes me very sad however is that Qantas (or possibly one of the aviation regulators that they're beholden to) felt the need to keep lit "no smoking" signs, which doesn't help people like me sleep with all those extra points of fairly bright light. However for some strange reason the in-seat power doesn't seem to work for my thinkpad (tried multiple chargers both 60w and 90w, one of them [the 90w] nearly brand new, with both Australian an US plugs), fortunately this one still gets over five hours of battery life even though it's coming up on 18 months old with the original battery. (Update: of course when the flight attendant tried it worked fine, go figure), of course then the plane decided we're on a landing trek and turned all the lights on and killed seat power which took a few minutes to resolve.

It's a real shame that Qantas don't offer the SYD-SFO service any more, evidenced solely by the number of people connecting from bay-area flights there's still demand for it, and Qantas did state it was a profitable route, I hope when more A380's come that they'll reintroduce it as a 747 route.

I also feel obligated to give a shout out to the cute PM from Oracle with whom I had a nice chat in LAX while waiting to board (another Aussie working in the valley).

As I've been in the states for a few weeks I've done a bunch of shopping, picking up a few things that are unavailable, or just too expensive in Australia.

The item longest on my list was a Unicomp keyboard, particularly the version with the inbuilt trackpoint (or whatever female body part you prefer to call them). It's so nice to have a solid keyboard again, and I'll certainly enjoy having a good keyboard to work off, Google offers a decent variety of keyboards for their staff, but none were ones I was particularly happy with.

Next comes a slightly odder one, Pelican, well known for making hard cases came out a year or so ago with their "1510 LOC" which is a 1510 case (supposedly the maximum dimensions for a carry-on bag, not that anyone respects that) but with inserts that make it into a small overnight case, with a neoprene laptop sleeve in the lid, it's a very nice combination, and (hopefully) somewhere below me is mine carrying many of my newly acquired gadgets.

In terms of new gadgets I picked up the two newest form of Amazon's Kindle, neither available outside the US, the Touch and the Fire. I've never owned an e-Reader of any sort before so these are new to me. My general view is that the fire, for anyone outside the US is a waste of money (unless you want a 7" tablet for custom apps, which was my plan). The touch on the other hand is a much nicer device, only let down by its lack of physical page-turn buttons, and well worth the US$100 price. (For more of my view on the fire see the Delimiter review and my comments on it)

I picked up a FitBit Ultra for a friend and decided to try one myself, not a bad little unit, but once I've got my typical daily stats I suspect the novelty will wear off and I'll not bother with them, the sleep tracking I gave up on after less than half a night due to the uncomfortable wrist band.

The rest of my purchases were fairly minimal, a couple of random bits from a Frys trip and other odd pieces from the Amazon order.

As mentioned I was in the states for a few weeks, only a few days short of a whole month. My trip started with a big off-site for all of NetOps (and associated groups) down in San Diego, of which many of us from Sydney missed much of due to the need to cover our Sydney shifts combined with an unexpected critical update we had to roll out across many of our devices. I will say that even the basement of a five star hotel is a nice place, and ordering many hundreds of dollars of room service on the company is oddly fun.

Given the number of (staff) visitors Google has in Mountain View they've bought up a bunch of corporate apartments which was my home for this trip, combined with the Google shuttle bus' for commuting, and that I ate breakfast, lunch, and dinner at the office nearly every day (notable exceptions were the days around Thanksgiving when much of the campus shut down) during the week this allowed me to have eyes only for the company. But even with this I don't think I'd actually move there, this trip reinforced for me that outside a few major cities it's close to impossible to live in the states without having a car, and an inability to get to all sorts of places would get to me very quickly. It is annoying however that the en-suite bathroom in my corporate apartment was at least twice the size of the bathroom in my apartment in Sydney.

All this has been a nice distraction from actually writing about Cory's book "With a little help". This is a short story compilation so it's hard to actually give a good review of the content given its varied nature. The story on what Google could be like if we/they actually tried to be evil was scary, not least because I started thinking about the interesting technical challenges that would be involved, only to see Cory's note at the end suggesting that interest in the challenges as one plausible way that Google might head down that slope. One thing that I can comment on however was the physical aspect, I bought the hardbound version and am actually somewhat disappointed with it as a *book*, it's beautiful, but not quite as good as a typical machine binding, also the paper is a little too thick to be a nice read, but does give it some gravitas as a trinket.
22nd-Nov-2011 12:44 am - JunOS apply-groups
southpark cartoon
Ivan Pepelnjak has recently been playing with JunOS, and was wondering how people configure various things.

Here's how to use Juniper's built-in groups feature to make configuring backbone interfaces in an IS-IS+MPLS environment trivial (and I've thrown in IPv6 for free). This is not a complete config (notably IS-IS I've left out as I'm too tired to write that as well).

One other trick I've included is using groups to set your own defaults, in this case the frame scrambler for SONET links.

groups {
	BACKBONE {
		interfaces {
			<*> {
				mtu 2000;
				unit 0 {
					family iso;
					family inet6;
					family mpls;
				}
			}
		}
	}
	SONET-DEFAULTS {
		interfaces {
			<so-*> {
				sonet-options {
					fcs 32;
				}
			}
		}
	}
}
interfaces {
	apply-groups SONET-DEFAULTS;
	ge-0/0/0 {
		apply-groups BACKBONE;
		unit 0 {
			description "A Backbone link";
			family inet {
				address 10.1.2.3/26;
			}
		}
	}
	so-0/1/0 {
		apply-groups BACKBONE;
		unit 0 {
			description "Another backbone link";
			family inet {
				address 10.2.3.6/28;
			}
		}
	}
			
}
protocols {
	rsvp {
		interface all;
		interface fxp0 {
			disable;
		}
	}
	mpls {
		interface all;
		interface fxp0 {
			disable;
		}
	}
}
southpark cartoon
A thread currently ongoing on the LUV list about RAM and swap had me thinking about how to create a desktop system capable of high performance that idles with low power usage.

The way I think that would actually work is to split a system in two. First, a main system containing:

  • A dual-core 64-bit ARM CPU (the 64-bit ARM is now standard, but will take a while to make it to mass production)

  • A few SATA ports, at least two 6Gb

  • A basic 3D GPU, a laptop-level NVIDIA or AMD chip is probably right here, needs to be capable of driving four simultaneous displays and/or two 30" monitors

  • A *good* 1Gb ethernet NIC, capable of sustaining wire-speed transfers

  • Capable of taking 16GB of RAM, normally 4GB or 8GB for this sort of system



This should easily be doable in less then 30 watts, and, for most operations would not be obviously different from a larger system.

Next, sitting off across a PCIe link (at least 10Gb/sec, so x4 if Gen1), a simple, yet high performance system with a "single-board" system, containing:

  • A high end Intel (eg. Core i7 39xx) or AMD (Bulldozer) cpu

  • As much RAM as they can take, could be 32GB or more

  • BIOS would be LinuxBios to allow fast booting and shutdown



And that's it, all IO would be via the PCIe bus back to the main ARM system. A simple job scheduler on the ARM side could then allow jobs needing high performance to spin up the big system, and after all jobs complete and the big system goes idle, shut it down again.

I have a hefty Intel system (Core i7, 12GB RAM) on my desk at Google, and, for some network simulation jobs this can max-out my system for a few minutes, but the other 99% of the day a much smaller system would be more then enough.
20th-Nov-2011 10:42 pm - Gnome3
southpark cartoon
Last weekend Debian Testing got Gnome3, and because I was bored waiting for my shift to start (pretty much all of Google NetOps Sydney was in Mountain View for the week so we had to cover Sydney hours from Mountain View, that means 5pm - 1am shifts, not *quite* as bad as you'd think) I decided to upgrade. Apart from my laptop's SSD going read-only in the middle and breaking X the upgrade went fine.

Unfortunately the default Gnome3 interface is simply unusable, I tried for a few minutes to open my normal programs and just failed.

The fallback interface on the other hand is close enough to Gnome2 that after a few hours of tweaking (very little of my settings stayed), and with the aid of the un-official Tweak Tool I've been able to get a session I'm fairly happy with.

Things I still don't like though are:

  • Having to alt-right click on panels to get to the settings

  • A bunch of settings were lost on the upgrade from gnome2

  • The new "Cantrell" font is barely distinct when bold, this makes many things that rely on bold to distinguish states unusable (eg, Thunderbird), otherwise I actually like the font, and was disappointed to switch back to Bitstream Vera

  • No dark GTK theme, this is fixed in 3.2, but that's not yet available in Debian (although the theme package is in experimental it's uninstallable due to broken depedency chains)

  • Lack of support for classic screen savers. I love the unicode screen saver, but only "blank screen" is offered, and badly implemented at that

  • The inability to disable evolution and telepathy. I don't use either, and particularly evolution likes to do stupid things to my session. (I also don't like the update notifier, but that's minor)

  • Also need to find a way to disable gphoto2 stealing my iPhone when it's plugged in, it should *always* go to VMware

8th-Nov-2011 03:12 pm - "The Limoncelli Test"
southpark cartoon
Tom Limoncelli (of "Time Managment for Systems Administrators" fame) recently posted The Limoncelli Test: 32 Questions for Your Sysadmin Team, it's a great start, but I have a few things I'd add (and his comment form is broken).


  • Can the loss of any single team member (eg, "hit by a bus") be handled with no operational impact (ie, projects may be delayed, but no services expected to fail).

  • Think of SPOF's as per-service not per-system

  • Are internal requests also in the ticket system, if only external stuff is in it you're not tracking a large amount of work

  • Do you only have *one* ticket system for everything? Most of the better systems (eg, Atlassian JIRA) can do complex workflows reducing the need for separate systems

  • Do you keep a repository of the install media for all currently deployed systems. This includes things like firmware upgrades, OS images, etc. Not just the latest version, but of *all* currently deployed versions.

  • Do your laptops have fully-encrypted drives to prevent release of private data. On recent hardware there's *no* performance hit for this with spinning disks, and minimal with SSD's, and it solves so many problems. Having a policy that no such data gets on laptops may help, but isn't enough.

  • Does your configuration system keep it's config in an RCS. Just having central config isn't enough, it needs to be revision control so you can roll back, and have history to know when something changed.

  • For core networks and other critical systems N+2 might be needed, if failure during a maintenance would immediatly cause serious issues (DNS is a prime example in many cases). You may also need to consider having one system use different software to prevent something like a BIND exploit take out everything.

  • Don't do the popular thing ("Cargo Cult Systems Administration"). Google does things that make sense for *LARGE* clusters, not a single-server site, many of the hip new programming things might not be deployable at needed scale (either down or up, programming techniques have a scale band). Virtualisation makes little to no sense for clusters (depends on the app).

southpark cartoon
So Juniper have released new switches, what's my view?

Lets go from small to large.

That means starting off with the EX2200-C, a 14-port Gig-e switch, with the last two ports being copper / SFP combo. Fanless and with an optional 100W of PoE this promises to be a wonderful access switch, with its only real disappointment being the lack of a model with 10g uplinks, most likely not done to avoid cannibalizing sales of the higher end when used as 10g fanout switches (at this point the cost of the chips would be minimal, although overall integration might still have increased the cost too much). It even does "enterprise" routing (ie, OSPF & RIP, but no IS-IS or BGP, no dynamic routing of IPv6 either). This would be a wonderful replacement to the switch running my home network in Melbourne (a generic Chinese brand 12-port PoE switch), and if the price (and shipping time) is right I may well put one in there. If the price is exceptional I might even grab one for my place in Sydney, not that I currently use any copper ports at all here.

Next up the chain is the EX3300 series, essentially a simple upgrade of the EX3200, just with four 1/10g combo SFP+ uplinks. The hardware looks wonderful, but the software is the problem here with it using the EX2200 line, not the EX3200/4200 line, so again no v6 dynamic routing or BGP. Also at only 8k routes and 4k ARP entries this is a shrink from the 3200. So if you only need L2 this could be great, but buying an L3 switch that can't do IPv6 (in a useful way) in 2011 is beyond stupid, no matter how much you might not care about IPv6 today. The real curve ball here is integrating Juniper's VC stacking, albeit in the slower version using 10g ports and limited to six switches at maximum. I'm not so sure how useful this is once the software limitations start hitting. The real test will be if Juniper allow these to be used as Qfabric management switches.

Finally, there's the switch that makes no sense to me, the EX6200, which seems to simply be a cheaper build EX8208 with PoE support. It *is* more then that, really targeted as a Cisco Catalyst 4500 replacement. Again the lack of 10g is strange, with only the fabric / control modules having any. There isn't even a 4x 10g line card (at least for now), or any line cards other then 48-port gig-e. Again this is aimed at "enterprise" (and access at that) with similar shrunk limits from the original EX line. Even the software is still neutered, with BGP, IS-IS and IPv6 simply listed as "roadmap" features, making this useless for many.

So in short one nice compact access switch, one nice 1ru switch let down by software, and one chassis switch let down by lack of 10g and software.
This page was loaded Feb 20th 2017, 6:09 am GMT.