OpenSSL Performance Comparison

willmore from #raspberrypi on freenode IRC has done interesting work, comparing Raspberry Pi openSSL performance against other systems; especially Arduino Galileo’s Quark Processor.

Concluding from willmore’s data, the Pi does especially well with AES ciphers: Running with stock performance options (no overclocking), AES performs nearly 7 times faster on the Raspberry Pi than on the Quark processor.

This makes the Pi an excellent and cost-effective choice for all kinds of secure, networked control and data acquisition tasks.

Extreme Networks XOS Config Backup

Similar to my last post, I wrote some Python code to backup the running configuration from Extreme Networks XOS Switches. This one is to be found at: http://pastebin.com/raw.php?i=0NxggW5C.

The XOS config backup script takes an external file called switches.csv. This serves as a list of all your XOS Switches that you want to backup the config from and uses a very simple format:


switch1.name, 1.1.1.1
switch2.name, 1.1.1.2
...

Note that the switch names are declarative only and need not correspond with the DNS hostnames. Furthermore, you might use DNS hostnames instead of IP addresses.

You also need to edit the script and set the admin password in the password variable before you can use it. Furthermore, this script requires pexpect as a dependency.

Once the script runs, it will create a tgz archive, containing the downloaded config files as switch.name_YYYYMMDDhhmm_config.xsf.

ZyXEL DSLAM Configuration Backup

I wrote a little Python script to automatically retrieve the configuration files from a bunch of ZyXEL DSLAMs. You can find it at http://pastebin.com/raw.php?i=vFpnhndJ.

The script takes an external file called dslams.csv. It serves as a list of all your DSLAMs that you want to backup the config from and uses a very simple format:


dslam1.name, 1.1.1.1
dslam2.name, 1.1.1.2
...

Note that the DSLAM names are declarative only and need not correspond with the DNS hostnames. Furthermore, you might use DNS hostnames instead of IP addresses.

You also need to edit the script and set the ZyXEL Web Configurator username and password in the dslamUser and dslamPass variables accordingly before you can use it.

Once the script runs, it will save DSLAM configs as dslam.name_YYYYMMDDhhmm.dat

ReTINA – Real Time IP Network Audio/Video (DIY)

Have you ever wished for an easy solution to direct audio and video output from the PC in your study to the home screen in your living room? Ever wanted to link your laptop to the meeting room projector for a presentation, without thick cables or cumbersome software support? Are you perhaps an artist, seeking to free your live performance from entanglement by wire? Need something that works and that you can easily build all by yourself, customized to your very own, specific needs?

Look no further, this is it: Niston Cloud is going to show you how to build yourself an universal IP network audio/video system from readily accessible COTS parts.

Niston Cloud’s ReTINA excels in simplicity and interoperability: It will work with most applications (except for 3D games) you might have installed on your PC or Mac, and it will do so over your regular IP based Fast or Gigabit Ethernet LAN at home. Or your 802.11n based WLAN. Or your HomePlug AV Powerline network. In fact, it could even work across a fast WAN link.

Niston Cloud’s ReTINA – Real Time IP Network Audio/Video.

Unlike Airplay and it’s cousins, this DIY-design needs no specific application software support. But what’s really terrific about ReTINA is: it works near real-time. Which means that you can use it to watch movies or even remotely play a software synthesizer with it.

Hey! Look ma, no lag!

It might be the coolest thing I ever came up with, but how can YOU get there?
Easy. Just follow the seven steps outlined below.

Retina - Remote IP Network AV

Niston Cloud’s ReTINA – Modular System Layout.

1st step: You have to decide on what signals and connectors you need for your TV and/or stereo. Check your gear’s inputs. Most modern displays are easily supported through VGA, DVI or HDMI ports. Note that you can convert some ports into others. For example, you can connect a DVI-A output into a VGA Input with a cheap DVI2VGA adapter. Or you can convert from DVI-D to HDMI with a conversion cable, but you won’t have digital audio over HDMI with a solution like this.

tv-set-inputs

My TV has a VGA port and a 3.5mm jack audio input.

2nd step: Consider the audio part. Do you even need it? Some TV sets with VGA connector offer an analogue audio input. Typically a small 3.5mm jack input, just like the one for your headphones. But: Most TV sets with HDMI ports also support digital audio over HDMI. So you might not even need a separate audio out for your setup, as you would connect your stereo to the audio out of your TV. This way, you could use the TV’s remote control to adjust the sound volume.

3rd step: Get yourself an USB display adapter. Watch for OS support in the form of drivers. Adapters built around a DisplayLink chip work well due to good driver support and for me, this HP NL571AT DVI (digital & analog) adapter in particular gives me no grief. If you need HDMI with digital audio, then you’ll want to something like this Monoprice USB to HDMI adapter. Most of these DisplayLink adapters offer Full HD resolution, and that’s just perfectly right for your Full HD TV.

usb-graphics-adapter

HP USB display adapter with DVI2VGA converter and USB lead.

4th step: If you want a dedicated audio output, you also need an USB sound card. I used a cheap USB audio dongle made in china, but you could go for something bigger. This 6.1 sound card with S/PDIF perhaps? Or would you fancy something rather more expensive, like the Anedio D2 DAC? Once again: Whatever you do, watch for OS driver support. Ironically, most cheap dongles will work out of the box with both PC and Mac, as they are recognized as standard USB audio devices by the operating system.

I'm using a cheap USB sound dongle with a 3.5mm jack to 3.5mm jack lead for audio

A cheap USB sound dongle with a 3.5mm jack to 3.5mm jack lead.

5th step: Get yourself equipped with one of Silex Technology’s SX-3000GB USB device servers. Be warned: Resisting the temptation to buy a $10 device server you must! This particular model is the key component to make it all to work right –  trust me.

The Silex SX-3000GB - The only USB device server that really works.

The Silex SX-3000GB – The only USB device server that really works.

6th step: Connect the USB AV devices to the USB device server and install the Silex support software (Silex device server setup and SX Virtual Link) on your System. You’ll need the device server setup to configure the SX-3000 and SX Virtual Link to connect/disconnect the remote USB devices to/from your System. Once configured and connected, the remote devices will just work as if they were attached locally, by USB cable – when in fact, they could be located anywhere and connected by cable or wireless.

The ReTINA assembled.

The ReTINA assembled.

7th step: Attach the USB Display Adapter to your Display and optionally connect the audio output(s) of the USB sound card with your stereo or TV. Make sure the Silex is powered up and has an ethernet link. Then use the SX Virtual Link Application to connect the USB display adapter and, possibly, the USB audio device to your computer.

sxvirtualink-remote-av-devices

Connecting the remote AV adapters with SX Virtual Link.

As the connection is being made for the first time, your OS should automatically detect the attached devices (USB plug and play) and prompt you to install the device drivers. Hence why I told you to watch for driver support during steps 3 and 4. If the OS doesn’t already have the drivers, hopefully there will be a driver CD or download for you. If not, then you’re out of luck. I cant help you.

Also keep in mind that there is some constraint on the bandwidth and latency of the network. Playing your soft synth by remote is not going to work over some laggy and congested 802.11b WLAN with abundant packet loss. And streaming HD video wont work over anything less than 802.11n lite at all.

Choose your network technology wisely.

Choose your network technology wisely.

I successfully tested HD video and stereo audio over 802.11n WLAN, Fast- & Gigabit Ethernet, as well as HomePlug AV LAN connections and used this solution to stream audio over an openVPN secured n-Lite WLAN at some point in time. But don’t blame me if your network connection sucks!

I also tested a setup where audio only was going over wireless, with the screen “conventionally” attached by VGA cable. The result: No perceivable delay between picture and sound. Try this with Airplay…

If networking’s done right, Niston Cloud’s ReTINA is just great.

Browse for a movie on your PC in the study and enjoy it with your family in the living room! You don’t have to copy stuff across your LAN anymore, watch directly from the PC. It works even for streaming web TV and other Adobe Flash based sites. Try that with your average media set-top box….

Or: add touch of real class to your next business presentation. Beam your media from your laptop to the overhead projector, completely wireless, with the help of Niston Cloud’s ReTINA. It’s also ideal for multi-user scenarios, as you can easily share your TV/Projector/USB Speakers across several laptops or workstations with SX Virtual Link’s ‘disconnect request’ feature.

Essentially, you could connect more USB devices (through a powered hub), like this USB-to-MIDI adapter or an MCE IR remote receiver and an USB DVD drive perhaps.

The possibilities are endless!

DSL from the cloud

It is a radical idea and a thrilling undertaking – eliminating much of the traditional gear from an ISP’s infrastructure. But, gaze at telecommunications (or IT in general) long enough and you’ll eventually come to realize: everything is virtual, in that world, anyways. Or do you really believe that this is air, we are breathing, in cyberspace? 😉

DSL Modems and DSLAM hooked into the cloud

DSL Modems and DSLAM hooked into the cloud

Instead, try and do away with all these routers and boxes and dedicated servers. Cut down massively on your energy bill, because less gear requires less cooling and uses less power. Make the economies of scale work for you. This is what the cloud fuss is really all about!

Bundle your computing resources into a cluster and improve on efficiency in terms of utilization and TCO, while retaining the resiliency of a distributed infrastructure. Gain the administrative benefits of a centralized, mainframe-like environment while retaining the flexibility of individual systems and customized implementations. Leveraging virtualization techniques, such as VMware’s vSphere, we can make it all happen.

Some people will argue that the “inner sanctum” of any ISP would be a set of core routers and a bunch of peerings and transit agreements. While certainly true from a point of view, I however identifiy the RADIUS database to be much more of the real McCoy – you’ll be hosed and done if you loose that. Being the central authentication and accounting service, it’s literally your vault full of your gold: customer records.

Customers won’t be able to connect with your service if the RADIUS goes down. But, with those records gone for good, a sudden flood of support calls from angry people that can’t go online during prime time will seem like a walk in the park. On a sunny Sunday afternoon, that is: You’ll need to rebuild that database from records stored elsewhere. If you can’t restore the passwords, you’ll have to issue a new one for every customer and have the account information updated in each and every CPE out there in the field.

I think that those records are the very core of your ISP business, as far as your customers mean business to you.

Hence, we moved RADIUS and it’s database onto our cluster and into the cloud first. While at it, we also created a bunch of virtual PPPoE servers and some edge routers. Rather easy and at no additional cost, with the help of the freeBSD based and quite so often completely underestimated or even belittled pfSense platform. On which we also implemented two anycasted DNS resolvers. That, and we brought in the customer management system, too.

What’s left outside the cluster is a network switch, a bunch of DSLAMs and -so far- the core routers. In the picture above you can also spot two DSL modems, one for ADSL2+ and the other for a less known DSL variant named IDSL.

Yes. We can provide Internet access from the cloud.

OpenVPN Service for Windows

You’ve probably heard of OpenVPN, the open source TLS VPN solution. It’s quite stable and supported on a myriad of platforms, with the most recent additions being Android and Apple iOS. It’s well maintained and well known, easy to configure and work with and it has great community support. I dig it, yeah.

Niston Cloud's OpenVPN Service for Windows

However, when I used it to secure subscriber connections for a wireless ISP, I encountered a major shortcoming of the standard Windows Service supplied by the OpenVPN project: It doesn’t work well for laptops, due to lack of Sleep/Resume support.

To address this shortcoming, I ended up writing my own implementation of an NT Service for OpenVPN. It has proper Sleep/Resume event support, logs to the Windows Event Log, stores tunnel configuration within the Windows Registry and includes a simple administrative GUI for service and tunnel configuration. You can also reuse service and tunnel functionality in your own Microsoft .NET Application, as all core functions are contained within a DLL.

Niston Cloud’s OpenVPN Service for Windows is released under a MIT license and you can download the source code from openvpnwinsvc.codeplex.com. The Service does NOT include the OpenVPN application! You can obtain this from the OpenVPN community download page.