Mathew McBride's website

Gigabyte 990FXA-UD3 with ESXi 5.5 and IOMMU

technologyvmwareesxiFri 27 Jun 2014 10:34:52No comments

I have been able to set up an ESXi environment with the 990FXA-UD3 rev 4.0 motherboard. This motherboard is rather nice as it has four PCI Express x16 slots (two x16 speed, two x4), as well as two 1x and one conventional PCI. The downside is this board is a little pricey (around $180AUD), compared to the 3 slot ASRock 970-Extreme4 that retails for around $115AUD.

VMDirectPath (PCI Express passthrough) works when IOMMU has been enabled in the BIOS (which it isn't by default), and I have successfully passed through the following cards with it:

  • Two Dell PERC 6i SAS/RAID Controllers (one in x16 slot 2, another in x16 slot 3)
  • Intel Pro 1000/PT Quad network card
The Intel Quad card cannot be enabled for passthrough by defualt, as its PCI-Express switch does not implement the required security extension (ACS). This check can be disabled in the ESXi advanced settings (see this page for an example). Once that is done, individual 'ports' on the card can be passed through (but enabling passthrough for one of a two port group requires the other port to be passed as well). I have a PERC 6i and two ports of the Intel card passed through two two seperate VMs each.

Unfortunately there are some side effects of using VMDirectPath:

  • 100% of the guest memory allocation needs to be reserved
  • A portion of host memory (~2GB) is reserved (possible IOMMU memory hole? Correct me if I am wrong..)
  • ESXi then reserves a large amount of RAM for itself (System Reserved), it won't let me lower this down past 2GB, along with the above, leaving me with 12GB available for VMs (out of 16GB) :(

I have a low end Gigabyte 5450 installed as the video card (in the first x16 slot), but haven't tried to pass through that yet (will when I get my hands on a PCI video card)

And just a reminder, ESXi 5.5 removed (the unofficial) support for the Realtek 8111E, which appears as the onboard NIC on far too many motherboards, this one included. It can be slipstreamed in the ISO image used to install ESXi (see here for example).

Advanced Geoblock evasion with OpenBSD pf and rdomain's

technologySat 21 Jun 2014 10:47:06No comments

Synopsis

Popular Geoblock evasion systems currently consist of browser plugins, or require modifications to DNS or other settings inside the end users network. The effect of these methods is either to restrict the applications that may be used to view Geoblock'ed content, or interfere with other internet applications – for example, by using a 'foreign' DNS server, content delivered from CDNs may come from a non-optimal source for that user.

With some creative routing table manipulation, control traffic for certain applications can be routed into a VPN tunnel, while general internet traffic and video traffic for the geoblocked applications can travel over the regular internet without any VPN performance loss.

For devices that we want to think are always in 'MURICA, a dedicated VLAN is used that drops all traffic from it to the VPN. Similar to the non-VLAN case, video traffic for geoblocked applications can be routed over the default internet route to avoid performance loss from VPN tunnels.

Read on for more

Frequently asked questions about NFC and myki cards

technologynfcmykiSun 17 Feb 2013 07:02:45No comments

Back in 2010, when I was first experimenting with NFC, I uploaded a file with information from a myki card to my website. According to the logs, it is one of (if not, the) most viewed pages on my site every month(!). More recently, after UltraReset appeared and some were asking if myki was vulnerable to it, I pulled out my NFC reader one lunchtime and found the answer (hint: nope!).

(The above article was mentioned on ZDnet, together with a response from the contractor of the myki system (KAMCO). I actually didn't notice it until someone reposted the link a few months later!)

These days one can find a similar information about any NFC card with an NFC smartphone and a suitable app - such as TagInfo by NXP. (Who are usually tight lipped about providing any useful technical information about their NFC products without an NDA)

The myki card

myki cards are powered by MIFARE DESFire series ICs - that contain an embedded 8051-type microcontroller, an embedded 3DES encryption engine and an operating system that allows one to maintain a filesystem on the card as well as handling authentication.

Read full post for more

Escaping (CG)NAT hell: tunnel your way out

technologyvpnopenvpnec2Sat 02 Feb 2013 09:06:22No comments

Recently my ADSL connection was down for a few days as some idiot had put a shovel or backhoe into a set of phone lines serving the area (no ADSL). To make matters worse, this happened while we were collecting a relative from the airport. The ability to communicate with relatives either by phone or applications like Skype is important, not to mention I need internet access just to entertain myself, so I set about finding a solution.

Click to read more

Installing Windows on an (older) Mac without DVD drive with Parallels

technologybootcampparallelswincloneSat 12 Jan 2013 10:18:54No comments

My Macbook Pro (mid 2010) model does not have a DVD drive - I removed the inbuilt DVD drive and moved the supplied HDD to the optical drive (with an OptiBay) when I installed my SSD. This causes problems installing Windows as the EFI version on this machine will not boot a Windows install DVD from an external DVD drive

One method to get around this is to install Windows on a virtual machine first and then clone the image onto the bootcamp drive using Winclone

Hugues Valentin has an article describing the method using VirtualBox. I already use Parallels and would rather not install VirtualBox for a single purpose.

You will need the qemu-img command from QEMU to continue, you can get it from MacPorts.

To install Windows, proceed with the instructions in the article above. Ensure you only create a VM with the lowest size practicable (i.e 20GB rather than the default 60GB) as we'll need to copy it later

Once Windows is installed, open up Terminal and change to the directory holding the Parallels disk image. Use qemu-img to convert the Parallels disk to a raw image, like so:

qemu-img convert -f parallels -O raw Windows\ 8\ 0.hdd.0.\{5fbaabe3-6958-40ff-92a7-860e329aab41\}.hds win8.img

You can the mount the Windows image as a regular disk drive ("open win8.img") and then use WinClone to clone it to your bootcamp drive

IGMP multicast with Dell PowerConnect 2808

technologypowerconnectmulticastigmpSat 12 Jan 2013 09:54:10No comments

I'm playing around with a Dell PowerConnect 2808 switch before deploying it for a production use. One thing I tested was multicast and IGMP snooping support

After configuring IGMP snooping as per the manual, I found each port continued to receive the multicast streams after the clients left the stream.

It appears to get IGMP joins and leaves working as expected, one needs to define a multicast bridge group for that multicast IP first.

Is electricity demand rising? Maybe, maybe not?

technologyelectricitySat 27 Oct 2012 04:39:17No comments

Here is some statistics for Victoria's Electricity demand (and wholesale price) from 2008 up to the end of September, 2012.

Demand (MW) 2008 2009 2010 2011 2012 (to 1/10)
Minimum 4004.1 3882.1 3717.5 3853.5 3767.2
Maximum 9701.5 10415 9858.3 9570.3 9069.2
Mean 5956.3 5856.8 5842.9 5724 5745.2
StdDev 837.64 909.71 919.98 844.98 861.36
Price ($/MWh)
Minimum -134.09 -496.71 -817.03 -332.92 -150.18
Maximum 8766.2 10000 9998.6 9596.5 4364.1
Mean 40.232 36.485 34.443 29.368 39.148
StdDev 116.11 233.64 262.22 104.89 59.943

The sources to compile these statistics come from AEMO. This source lists demand and price every 30 minutes, but the actual market moves on five-minute dispatch intervals.

So, peak demand from the wholesale side hasn't really been growing - more skilled analysts elsewhere confirm that demand is declining. But I've also heard people on both sides of the fence - those on the retailer/consumer side suggesting there is a regulation problem, and those in the industry putting forward a case that peak demand is definitely rising with an increase in home air conditioners. In any event, I am not in the industry so am not in a good position to judge who is right.

The numbers above only show demand on the National Electricity Market. It is possible localized demand on the distribution (as opposed to transmission networks) is higher than shown here - as 'demand-side' sources such as Solar PV present to the market as 'negative demand'.

Another possibility to entertain is that after some high profile infrastructure failures (such as on Black Saturday some years back), transmission and distribution operators would rather take heat for overbuilding on reliability rather than be asked why the lights went out. And, as typical for many pieces of infrastructure that were neglected for many years, asset replacements may be catching up.

The above numbers don't factor in blackouts causing demand to drop (particularly in peak demand episodes) or other factors, such as general climate trends.

Dumps of myki short term ticket cards

technologynfcmykiTue 25 Sep 2012 11:22:39No comments

In light of a recent demonstration of a 'replay' attack on MiFare Ultralight Cards, here is some further analysis.

Some years back I had posted on the (now-defunct) myki.org forum that myki used DESFire and the STT's Ultralight C (with 3DES encryption). The STT's are actually the plain Ultralight variety. (In fact, Ultralight C was only launched shortly before myki went live)

Also, at that time, libnfc did not contain the code to differentiate between a normal Ultralight card, and the 'C' variant

The following data was generated by using the libnfc and associated libfreefare toolkits

(Read below the fold)

SELinux Policy Macros: Reference

technologylinuxselinuxSat 15 Sep 2012 18:20:27No comments
I have posted a 'cheatsheet' of SELinux Policy Macros to assist in development of SELinux Policy Modules.

Notes from PowerCor Smart Meter Rollout Presentation

technologypowersmartmeterSat 15 Sep 2012 09:05:14No comments

I was fortunate enough to attend a presentation by Mark Pilkington, Metering Standards Manager at CitiPower/PowerCor on the ongoing Smart Meter rollout in Victoria.

The story behind the Smart Meter rollout was interesting, and didn't match any of the diatribe that has been circulated in public. Indeed, he noted that Engineers need to improve the communication to the public on issues such as these.

Read below the fold for more..

Welcome to my site

Mathew McBride, telecoms hardware access engineer, programmer, gamer and all round nerd

Warning: contents of blog may not make any sense whatsoever.

ipv6 ready

You are accessing this page over IPv6!

(C) Mathew McBride, 2006-2017
Creative Commons License
Unless specified, the content on this website is licensed under a Creative Commons Attribution-ShareAlike 3.0 Australia License.