Posted on 2011-03-17 18:00:00
Tags: Networking, Apple, Cisco
The "FreeBSD laptop as a Wireless Access Point for an iPhone" project I wrote earlier about has made me some followers, mostly they have no idea where the free internet connection comes from. But, based on the amount of download measured on it, they are enjoying it. One of the methods to determine how many people are on it is to use the output of the "arp -na" command: Every MAC address you see there is a mobile device which is associated with the wireless access-point you created.
One thing which you can do with that data is to match it against manufacturers. Very boring for non-networking techies... Don't read the rest :-)
MAC addresses consist of 12 hex-digits (48 bits) which are split in two parts: A six hex-digit (24 bits) prefix and a six hex-digit sequence number.
The MAC (or OUI as the IEEE calls it) prefix database can be found on the website of the IEEE at http://standards.ieee.org/regauth/oui/oui.txt. It contains at the moment of writing 14765 prefixes. The manuf(acturers) file from the Wireshark project can be found at http://anonsvn.wireshark.org/wireshark/trunk/manuf and contains 18321 prefixes plus a handful of shared prefixes.
Why is the one from the Wireshark project larger? Not really sure, but if you look at the registration costs it (US$ 1750 for a public registrered prefix OR US$ 1750 plus US$ 2100 per year for a private registered prefix) must be part of it. So it could be that the list from the Wireshark project has determined a bunch of the private ones. And unlike IP space which you can register in advance, you can't get a new prefix until you have certificated that you have used 95% of the sequence numbers.
Some statistics based on grep and cut and wc:
Number of prefixes Company 503 Cisco 122 Shenzhen 112 Motorola 109 Nokia Danmark A/S 84 Samsung Electronics 84 Apple 78 Intel Corp 59 Advanced (??) 61 Hewlett Packard 51 Private
"Advanced" could be a mistake in here, since it matches Advanced This and Advanced That. "Private" means a company who pays the US$ 2100 per year. Shenzhen has the same issue as "Advanced", it is a large bunch of companies in the Shenzhen city in China (near Hongkong). Apple was the company I didn't expect in the Top 10, but considering their iPhone / iPad success, it shouldn't surprise much.
Every prefix has 2 ** 24 entries in it, or 16 777 216 (about 16 million if you are conservate, or 17 million if you are optimistic), making there 1.4 billion Apple MAC addresses in the world. That number is not the number of Apple devices, since you need one per network interface: Ethernet, wireless or Bluetooth.
But the other number of Cisco is much more impressive: 8 438 939 648 MAC addresses. More than the next five in the list together.
Unfortunately the list of prefixes does not contain any assignment dates, it would have been interested to see what happened when LANs based on switching instead of hubs became the norm (and thus Cisco when Cisco started to sell their switches) and when mobile devices like the iPhone became popular, it would have boosted the allocation rate by Apple for sure.
MAC prefix exhaustion?
Unlike other technologies, and IPv4 comes in mind here, the MAC address prefix pool is pretty much unlimited but also only slowly being touched: There are 2 ** 22 or 4 194 304 prefixes. The number is 22, not 24 because two bits in the first byte of the prefix are used to determine if the MAC address is globally unique one or a special one. And right now, a good 35 years after the invention of Ethernet and Tokenring there are not even 19 thousand used.
The other causes are of the more strict rules the IEEE handles: You get a single prefix and don't get more until you have informed us officially that you have used 95% of them, and of course that you actually need to produce (and sell) something which uses a MAC address.
No comments | Share on Facebook | Share on Twitter
Posted on 2008-09-06 11:00:00
Tags: Networking, Rant, Cisco
When Cisco Systems started, the world of networking was simple, there were routers and there were hubs. Routers connected to other routers and hubs, hubs connected to one router and computers. Each interface on the router was its own LAN, its own IP subnet (Unless you used the interface for SNA, DECNet, IPX, AppleTalk or briding only). And the configuration on the routers made sense:
interface serial0 ip address 192.168.1.1 255.255.255.0 ! interface ethernet0 ip address 192.168.2.1 255.255.255.0
Over time, hubs got replaced by switches. Coax cables got replaced by cat5 cables. Seperate routers and switches got integrated and people started to think in VLANs instead of router interfaces. And this is where the Cisco IOS syntax went wrong: They kept talking about router interfaces instead of LANs.
For example, to create a new VLAN an Extreme Networks switch/router or a Riverstone / Cabletron switch/router (does anybody remember them?), you create the VLAN (you give it a name, not just an index number) add the IP subnet to the VLAN, add a tag to the VLAN and add (finally!) the ports, tagged or untagged, to the VLAN. So you have a VLAN, and it has the VLAN tag and IP address properties, and it has one or more ports in it. Port specific properties (speed, duplex, label) are configured in the ports section.
As you can see, this is readable and this is logical.create vlan "backbone" configure vlan backbone tag 2 configure vlan backbone add ports 4 tagged configure vlan backbone add ports 5 untagged configure vlan backbone ipaddress 10.128.7.1/28 [...] configure ports 4 display-string fibre-to-dc1 configure ports 4 auto off speed 100 duplex full configure ports 5 display-string natgw
Now let's see how it goes on the Cisco switch/router. It calls both the physical and logical ports and the VLAN definitions "interfaces", so there is no hierarchical approach of obvious difference between them:
Let's see, vlan 2 is euhm... on ethernet0/2 and on ethernet0/1 (maybe on others too, I couldn't find it so fast in the configuration), ethernet0/2 is the access network so it is untagged but it sits in vlan 2 and ethernet0/1 is full-duplex and has vlan 2 on the trunk so it must be tagged.interface ethernet0/1 description fibre-to-dc1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2 switchport mode trunk duplex full spanning-tree portfast ! interface ethernet0/2 description natgw switchport mode access switchport access vlan 2 spanning-tree portfast ! interface vlan 2 description backbone ip address 10.128.7.1 255.255.255.240
So the definition of VLANs in the IOS Syntax has become more of a hack without hierarchical approach to the issue than a proper style of hierarchical definition of the VLANs, its properties and the ports in it. Instead of the above, it could have gotten its own section:
interface ethernet0/1 description fibre-to-dc1 duplex full spanning-tree portfast ! interface ethernet0/2 description natgw spanning-tree portfast ! vlan 2 description backbone ip address 10.128.7.1 255.255.255.240 untagged ethernet0/2 tagged ethernet0/1
Can this issue be resolved and the IOS Syntax replaced by a proper syntax in which you can define a VLAN and its properties readable and logically? Asking the question is answering it: Of course. But will it ever happen? I hope it, because the current syntax is very error-prone. But I doubt it, since it is there already for years and hundreds of thousands of devices do use this syntax. Having people to change all of these configurations isn't something Cisco would want to do.
Posted on 2007-09-19 13:00:00
Tags: Cisco, Networking, SNMP
When you try connecting strange little switches and hubs to a Cisco 3560 PoE switch, your port might end up in "err-disabled" state:
That port is unusable until the end of time, or until somebody manually shut and no-shut it.Gi0/41 **IP Phones & PCs* err-disabled 8 a-half a-10 10/100/1000BaseTX cisco#show interfaces gi0/41 GigabitEthernet0/41 is down, line protocol is down (err-disabled)
Having experienced this once or two, it's a pain in the bottom and since I'm obsessed about monitoring, I tried to find out how to determine this remotely:
ifAdminStatus is up, but the "show interface" says it's down.RFC1213-MIB::ifDescr.10141 = STRING: "GigabitEthernet0/41" RFC1213-MIB::ifType.10141 = INTEGER: ethernet-csmacd(6) RFC1213-MIB::ifMtu.10141 = INTEGER: 1500 RFC1213-MIB::ifSpeed.10141 = Gauge32: 10000000 RFC1213-MIB::ifPhysAddress.10141 = Hex-STRING: 00 16 46 B6 DC A9 RFC1213-MIB::ifAdminStatus.10141 = INTEGER: up(1) RFC1213-MIB::ifOperStatus.10141 = INTEGER: down(2) RFC1213-MIB::ifLastChange.10141 = Timeticks: (3564555759) 412 days, 13:32:37.59
So nothing! There is no way to find an interface in the err-disabled state via SNMP!
Posted on 2006-05-17 15:45:37, modified on 2006-05-17 15:54:45
Tags: Networking, Voice over IP, Cisco
The Cisco 7970 phones have a nifty feature: IP Phone Services. With it, you can access services on the internet (for example the stock value of CSCO). I have been asked to make some nifty features, but the phone has some funky HTTP client code.
This is how our services are configured in the Cisco Call Manager
Service URL: http://xml.barnet.com.au/echo.xml
And this it the HTTP request the phone sends
GET /echo.xml?demo=text HTTP/1.1. Host: 202.83.176.80:80. Connection: close. User-Agent: Allegro-Software-WebClient/4.20. Accept: x-CiscoIPPhone/*;version=3.0, text/*,image/png,*/*. Accept-Language: en. Accept-Charset: iso-8859-1. Cookie: ASPSESSIONIDQQSCDATD=IIHNKHFBLCNEAGLMFDIEEIGN.
So despite that the service has the full hostname, the Host line in the HTTP request contains an IP address. It's HTTP/1.1, so the Host line is required. RFC2616 says this about it:
14.23 Host The Host request-header field specifies the Internet host and port number of the resource being requested, as obtained from the original URI given by the user or referring resource (generally an HTTP URL, as described in section 3.2.2). The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on a single IP address. Host = "Host" ":" host [ ":" port ] ; Section 3.2.2 A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP URL). For example, a request on the origin server for <http://www.w3.org/pub/WWW/> would properly include: GET /pub/WWW/ HTTP/1.1 Host: www.w3.org A client MUST include a Host header field in all HTTP/1.1 request messages . If the requested URI does not include an Internet host name for the service being requested, then the Host header field MUST be given with an empty value. An HTTP/1.1 proxy MUST ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being requested by the proxy. All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field.
Reading this, it looks like the IP address isn't even allowed there. But it should have been xml.barnet.com.au.
Posted on 2005-07-29 14:40:23, modified on 2006-01-09 16:29:23
Tags: Voice over IP, Cisco
A new day, a new toy... except this is one which doesn't want to buzz.
The ATA can be called, and it rings. That part works. The other way around, it conveniently forgets to send the dialed number in its SIP INVITEs:
INVITE sip:;user=phone SIP/2.0 Via: SIP/2.0/UDP 192.168.2.248:5060 From: sip:[email protected];tag=1606025951 To: <sip:;user=phone> Call-ID: [email protected] CSeq: 2 INVITE Contact: <sip:[email protected]:5060;transport=udp> User-Agent: Cisco ATA 186 v3.1.0 atasip (040211A) Expires: 300 Allow: ACK, BYE, CANCEL, INVITE, NOTIFY, OPTIONS, REFER, REGISTER Content-Length: 248 Content-Type: application/sdp
I've asked for an upgrade to the 3.2(1) image, but I haven't heard anything yet. Annoying!
Posted on 2005-03-12 22:53:41, modified on 2006-01-09 16:29:23
Tags: Voice over IP, Cisco, DNS
The Cisco 7970 phones have a nifty feature: IP Phone Services. With it, you can access services on the internet (for example the stock value of CSCO). I have been asked to make some nifty features, but up to now it's no luck for me! Read on...
An IP Phone Service is defined as an URL, which returns an XML file with the commands in it. All very simple stuff.
For example, http://1.2.3.4/test.xml would return an XML file. This works.
But, we're living in the 21st century and we use hostnames these days. So, I changed it to http://xml.example.org/test.xml. No fish. Not even an TCP session towards the webserver. Why?
15:43:25.727288 10.192.15.229.1177 > 10.192.0.2.53: 48+ Type1907 (Class 29802)?. (33) [tos 0x60] 0x0000 4560 003d 1186 0000 3e11 4564 0ac0 0fe5 E`.=....>.Ed.... 0x0010 0ac0 0002 0499 0035 0029 0000 0030 0100 .......5.)...0.. 0x0020 0001 0000 0000 0000 0007 7374 6a61 6d65 ..........stjame 0x0030 7303 6e65 7402 6175 0000 0100 01 s.net.au.....
This is why. Don't ask me why the phone asks for A record of stjames.net.au, but it is asking it wrong: At offset 0x0028, the value 00 is there by mistake, it shouldn't have been there in the first place.
My name server happily refuses the query, and the Cisco 7970 returns "Host not found". Let's hope that Cisco can do something about it :-/
Note: Please note that this problem has been fixed in version 6.0.3.
Posted on 2005-02-21 13:02:07, modified on 2006-01-09 16:29:23
Tags: Voice over IP, Cisco, tftp, DHCP
For a new project within BarNet, we're going to use the Cisco solution for Voice-over-IP. The central server will be the Cisco Call Manager (and friends), the phones will be Cisco 7970 phones.
DHCP-wise these devices aren't too demanding, it asks for the TFTP server and something like option 150 (which is unspecified as far as I can tell). The TFTP server option is a string with the hostname or IP address of the TFTP server. The option 150 is, after going through the documentation of the Cisco gear, *also* for specifying the TFTP server, but then only with the IP address.
So the DHCP configuration should be (for people using the ISC DHCP server):
option cisco-tftp code 150 = array of ip-address;
class "cisco7970" {
match if substring (option vendor-class-identifier,0,37) = "Cisco Systems, Inc. IP Phone CP-7970G";
option arp-cache-timeout 60;
option cisco-tftp 192.168.1.1,192.168.1.2;
option tftp-server-name "cisco-cm.mavetju.org";
}
Update
There is a draft for the option 150 available at: http://www.ietf.org/internet-drafts/draft-raj-dhc-tftp-addr-option-00.txt