Mathew McBride's website

Gigabyte 990FXA-UD3 with ESXi 5.5 and IOMMU

technologyvmwareesxiFri 27 Jun 2014 10:34:52No comments

I have been able to set up an ESXi environment with the 990FXA-UD3 rev 4.0 motherboard. This motherboard is rather nice as it has four PCI Express x16 slots (two x16 speed, two x4), as well as two 1x and one conventional PCI. The downside is this board is a little pricey (around $180AUD), compared to the 3 slot ASRock 970-Extreme4 that retails for around $115AUD.

VMDirectPath (PCI Express passthrough) works when IOMMU has been enabled in the BIOS (which it isn't by default), and I have successfully passed through the following cards with it:

  • Two Dell PERC 6i SAS/RAID Controllers (one in x16 slot 2, another in x16 slot 3)
  • Intel Pro 1000/PT Quad network card
The Intel Quad card cannot be enabled for passthrough by defualt, as its PCI-Express switch does not implement the required security extension (ACS). This check can be disabled in the ESXi advanced settings (see this page for an example). Once that is done, individual 'ports' on the card can be passed through (but enabling passthrough for one of a two port group requires the other port to be passed as well). I have a PERC 6i and two ports of the Intel card passed through two two seperate VMs each.

Unfortunately there are some side effects of using VMDirectPath:

  • 100% of the guest memory allocation needs to be reserved
  • A portion of host memory (~2GB) is reserved (possible IOMMU memory hole? Correct me if I am wrong..)
  • ESXi then reserves a large amount of RAM for itself (System Reserved), it won't let me lower this down past 2GB, along with the above, leaving me with 12GB available for VMs (out of 16GB) :(

I have a low end Gigabyte 5450 installed as the video card (in the first x16 slot), but haven't tried to pass through that yet (will when I get my hands on a PCI video card)

And just a reminder, ESXi 5.5 removed (the unofficial) support for the Realtek 8111E, which appears as the onboard NIC on far too many motherboards, this one included. It can be slipstreamed in the ISO image used to install ESXi (see here for example).

Advanced Geoblock evasion with OpenBSD pf and rdomain's

technologySat 21 Jun 2014 10:47:06No comments


Popular Geoblock evasion systems currently consist of browser plugins, or require modifications to DNS or other settings inside the end users network. The effect of these methods is either to restrict the applications that may be used to view Geoblock'ed content, or interfere with other internet applications – for example, by using a 'foreign' DNS server, content delivered from CDNs may come from a non-optimal source for that user.

With some creative routing table manipulation, control traffic for certain applications can be routed into a VPN tunnel, while general internet traffic and video traffic for the geoblocked applications can travel over the regular internet without any VPN performance loss.

For devices that we want to think are always in 'MURICA, a dedicated VLAN is used that drops all traffic from it to the VPN. Similar to the non-VLAN case, video traffic for geoblocked applications can be routed over the default internet route to avoid performance loss from VPN tunnels.

Read on for more

Show and tell: Networked LPC1768 platform

embeddedlpc1768armSun 19 May 2013 09:17:47No comments

For the past 18 months I've been playing with the NXP LPC1768 - a 32-bit ARM Cortex-M3 CPU. I started with the mbed and then the LPCXpresso and now my own board.

The driver throughout has been to produce a network-connected display - potential uses include a control panel for home automation, NFC access control or payments and more

LPC Platform with LCD running

Read below the fold for more

Running BitTorrent Sync on your (rooted) Android device

embeddedandroidbittorrentSat 27 Apr 2013 10:45:35No comments

BitTorrent Sync web GUI on Android browser screenshot

BitTorrent, Inc came out with the beta of Sync - a peer to peer file sync tool this week. It came at the right time for me as I was looking for something to sync files across multiple machines, both across LAN and the internet, while using my own infrastructure.

The only issue I have with it is that there is no Android client yet. And I really want one - I use my Android tablet to write notes/annotate lecture slides and I want to ensure these are available on both my PCs and on my server.

Thankfully, while we wait for Sync to come to Android, there is a way to run Sync on your Android device right now, thanks to the fact that the BitTorrent folks have been awesome and released binaries for Linux on multiple architectures (including ARM, which is what 99% of the Android install base is running).

Read below the fold for more..

HOWTO: Read only rootfs, writes to USB on Linux

embeddedraspberrypilinuxTue 26 Mar 2013 09:49:48No comments

What you will need:

  • Kernel sources for the system you are booting on
  • AUFS patches for the kernel
  • A USB drive, preferrably one with reasonably fast write speeds

The goal of this excercise is to create a Linux system that has a read-only root filesystem, with all write activites performed on a USB drive. In this instance, we will boot a Raspberry Pi, with the SDcard used as the read only rootfs, and a USB drive used for all file writes (system logs etc.). This is done to improve reliability, as during our access system project, we found that the SDcard can be a bit fragile if the system is reset often.

Read below the fold for more

Frequently asked questions about NFC and myki cards

technologynfcmykiSun 17 Feb 2013 07:02:45No comments

Back in 2010, when I was first experimenting with NFC, I uploaded a file with information from a myki card to my website. According to the logs, it is one of (if not, the) most viewed pages on my site every month(!). More recently, after UltraReset appeared and some were asking if myki was vulnerable to it, I pulled out my NFC reader one lunchtime and found the answer (hint: nope!).

(The above article was mentioned on ZDnet, together with a response from the contractor of the myki system (KAMCO). I actually didn't notice it until someone reposted the link a few months later!)

These days one can find a similar information about any NFC card with an NFC smartphone and a suitable app - such as TagInfo by NXP. (Who are usually tight lipped about providing any useful technical information about their NFC products without an NDA)

The myki card

myki cards are powered by MIFARE DESFire series ICs - that contain an embedded 8051-type microcontroller, an embedded 3DES encryption engine and an operating system that allows one to maintain a filesystem on the card as well as handling authentication.

Read full post for more

Escaping (CG)NAT hell: tunnel your way out

technologyvpnopenvpnec2Sat 02 Feb 2013 09:06:22No comments

Recently my ADSL connection was down for a few days as some idiot had put a shovel or backhoe into a set of phone lines serving the area (no ADSL). To make matters worse, this happened while we were collecting a relative from the airport. The ability to communicate with relatives either by phone or applications like Skype is important, not to mention I need internet access just to entertain myself, so I set about finding a solution.

Click to read more

Installing Windows on an (older) Mac without DVD drive with Parallels

technologybootcampparallelswincloneSat 12 Jan 2013 10:18:54No comments

My Macbook Pro (mid 2010) model does not have a DVD drive - I removed the inbuilt DVD drive and moved the supplied HDD to the optical drive (with an OptiBay) when I installed my SSD. This causes problems installing Windows as the EFI version on this machine will not boot a Windows install DVD from an external DVD drive

One method to get around this is to install Windows on a virtual machine first and then clone the image onto the bootcamp drive using Winclone

Hugues Valentin has an article describing the method using VirtualBox. I already use Parallels and would rather not install VirtualBox for a single purpose.

You will need the qemu-img command from QEMU to continue, you can get it from MacPorts.

To install Windows, proceed with the instructions in the article above. Ensure you only create a VM with the lowest size practicable (i.e 20GB rather than the default 60GB) as we'll need to copy it later

Once Windows is installed, open up Terminal and change to the directory holding the Parallels disk image. Use qemu-img to convert the Parallels disk to a raw image, like so:

qemu-img convert -f parallels -O raw Windows\ 8\ 0.hdd.0.\{5fbaabe3-6958-40ff-92a7-860e329aab41\}.hds win8.img

You can the mount the Windows image as a regular disk drive ("open win8.img") and then use WinClone to clone it to your bootcamp drive

IGMP multicast with Dell PowerConnect 2808

technologypowerconnectmulticastigmpSat 12 Jan 2013 09:54:10No comments

I'm playing around with a Dell PowerConnect 2808 switch before deploying it for a production use. One thing I tested was multicast and IGMP snooping support

After configuring IGMP snooping as per the manual, I found each port continued to receive the multicast streams after the clients left the stream.

It appears to get IGMP joins and leaves working as expected, one needs to define a multicast bridge group for that multicast IP first.

FNET network stack port to LPC176x - with IPv6!

embeddedipv6lpc176xfnetFri 04 Jan 2013 14:57:15No comments
Screenshot of FNET

I am pleased to annouce a port of the FNET network stack to the NXP LPC176x (ARM Cortex-M3) microcontrollers (mbed and LPCXpresso boards). This brings an excellent networking stack with not only IPv4 and IPv6 capabilities, but also fully open source under the GPL and LGPLv3 with a linking exemption allowing use in closed-source projects

(More info below the fold)

Welcome to my site

Mathew McBride, telecoms hardware access engineer, programmer, gamer and all round nerd

Warning: contents of blog may not make any sense whatsoever.

ipv6 ready

You are accessing this page over IPv6!

(C) Mathew McBride, 2006-2017
Creative Commons License
Unless specified, the content on this website is licensed under a Creative Commons Attribution-ShareAlike 3.0 Australia License.