Present Location: News >> Blog

Blog

> Virtual Routers and LXC
Posted by prox, from Renton, on July 19, 2014 at 20:30 local (server) time

Ever since 2004 or 2005 I've wanted to see real virtual router functionality on Linux.  It would make setting up a lightweight networking lab with Quagga (or BIRD) a pinch and also allow me to leverage multiple Internet connections for VPN isolation, amongst other things.

You might say, "Hey, Linux has that in the form of tables and rules that can be manipulated by ip(8)!"  It does, sort-of.  It's possible to setup another routing table (optionally naming it in /etc/iproute2/rt_tables), add arbitrary routes, then setup rules to always tell the kernel to use a specific routing table for all packets coming from a certain IP address (or many more things, if you use iptables MARK).  This only "sort-of" works because there's no way (from what I can tell) to actually bind interfaces to a particular routing table.  There's also the issue with overlapping IP space—how do I tell ssh(1), for example, to use a particular routing table if there are two interfaces with the same IP address?  The -b argument won't do me much good.  Also, DHCP is problematic because heavy modifications are needed in dhclient-script and they'd be mostly implmentation-specific.

So, although I've used multiple routing tables with rules, they don't really fit my definition of virtual routers (VRF-lite, in Cisco parlance), which I define as a isolated construct has exclusive access to a set of interfaces and their addresses.

Linux Containers

I've been messing with Linux containers (LXC) recently and I think they might provide the exact functionality I've been looking for all these years.  With LXC it's possible to fire up a small instance that has its own routing table, interfaces, and applications.  There's no need to use rules or -b arguments anymore.  DHCP and Quagga don't require any hacks and work the way they should.

Networking with LXC is about what I expect; interfaces are dedicated to the container.  Overlapping IP addresses are certainly possible, if there's a need for that.  Connecting a container to the host or other containers can be achieved using a virtual Ethernet interface with a bridge.  This makes it easy to setup multiple Linux "virtual routers" without ever having to mess with VMs, routing tables or rules.  A good article on various LXC networking modes can be found here.

If you're familiar with Junos, Linux containers are almost analgous to logical systems in this type of role.  Logical routers, unlike VRFs, have their own copy of RPD, which is a daemon that handles all dynamic routing protocols.  If you're using Quagga with containers, the architecture is similar.

A slight drawback I can see with containers as virtual routers is the disk space usage.  Each container has, by default, its filesystem stored in a separate directory in /var/lib/lxc.  There's quite a bit of redundant data if you fire up many containers using the same distribution (e.g., Debian).  I'm sure there is some way to de-duplicate this (which would help with package upgrades, too!) but I haven't really looked into it because storage is so cheap nowadays and most of us have plenty of it.  A fairly fully-featured Debian container I've got is not that large, anyway:

(vega:17:04)# du -hcs /var/lib/lxc/*
4.0K	/var/lib/lxc/lxc-monitord.log
488M	/var/lib/lxc/soran
488M	total

So, in summary, for general-use virtual routers, I think LXC is pretty great.  The best part is that the only thing required to use LXC is a recent kernel with cgroups enabled and mounted properly.

Comments: 0
> Unit and Time Selection Inconstencies
Posted by prox, from Seattle, on June 07, 2014 at 18:31 local (server) time

Unlike most people in the United States, I like the metric system.  I prefer to use it instead of imperial units as much as possible and change the settings on my electronic equipment to display metric units.  Unfortunately, some equipment is fairly inconsistent with its support of the metric system and even 12 vs. 24-hour time.  Here's what I've got:

Carrier Thermostat

This thing tricked me into thinking it supports both 24-hour time and Celsius by showing "options: 24 hours" in the manual.  Unfortunately, it only supports changing the temperature unit.  The time must stay in 12-hour mode.

DSC Power Series Alarm Keypad

I successfully changed this to 24-hour mode.  There appears to be a thermal diode in the unit but there is no way to actually display the current temperature to the user so there is no way to set the scale.

Acura TSX

My car is a bit odd.  The navigation system can successfully be changed to use the metric system but the outside temperature and fuel level appear to be hard-coded to use imperial units.  The clock must stay in 12-hour mode, too.  Sadly, I do believe there is a "switch" for this but it's inaccessible to the user; the Canadian version of the car displays everything in metric.

Whirlpool Oven

This thing lives in the world of Fahrenheit and has a permanent 12-hour clock.

Whirlpool Microwave

There is no way to change the clock to 24-hour mode.

Motorola HD-DVR

I rent this thing from Comcast.  It displays time in 12-hour mode, only.

Brookstone Alarm Clock

I can switch this thing to 24-hour mode and Celsius, since it features a temperature sensor.

Samsung Clock / Radio

No 24-hour mode for this thing, even though the display is digital.

La Crosse Technology Atomic Wall Clock

This also features a local and remote temperature sensor.  I can switch this to Celsius and 24-hour mode easily.

If I were like one of those people who think we should have a law for everything, I'd say "there should be a law requiring all electronics companies to include support for the metric system in their products."  Thankfully, I'm not one of those people, so I think the best thing to do is vote with your wallet.  The next car I buy will support metric units in every feature!

Comments: 0
> Updates!
Posted by prox, from Seattle, on May 09, 2014 at 00:14 local (server) time

It occurred to me that I haven't blogged in quite some time.  So, here you go!

House

I moved into my townhouse in West Seattle about a month ago.  The house itself is about eight (8) years old so there's not much I'm going to change or replace right off the bat.  My fiancée has one or two things to say about the color schemes in some of the rooms, though, so there will be painting in the future.  It's in the High Point community, which is still expanding rapidly and there are lots of new townhouses and single family houses being built.  Unpacking took awhile but I'm more or less settled, now.  I do need to buy some more furniture in the future since I have roughly 450 more square footage than I did in Charlotte.

I managed to get lucky with the cabling.  All of the rooms in the house are wired for Cat5e and are already punched down in a central Leviton telecom panel in the closet of the master bedroom:

Leviton Telecom Box

There's also a second port in several rooms that is wired for Cat5e but all of those ports are wired together.  I ended up connecting my old Linksys PAP2T to those ports for analog phone compatibility, which I've actually used a bit.  I ended up putting my Juniper EX2200-C and ALIX box in the closet, as well:

Bedroom Closet

I haven't turned up my lab yet, since I was told I shouldn't be putting any loud things in the bedroom closet.

Comcast

Ah, Comcast.  I started off with xfinity 50/10 HSD and basic cable, which seemed fine until I realized I couldn't get more than one public IPv4 address.  Back in Charlotte I was able to get the CPE limit increased to three (3) so I could have two firewalls as well as a Linux box connected to the Internet.  After a long call with a fairly clueful CSR, he informed me that they no longer are able to increase the CPE limits for residential HSD and I'd have to get business class, which I did.

I got the same 50/10 service from Comcast Business but with a static /29.  They wouldn't let me use my own modem because I was getting a static assignment so they gave me a Comcast-branded NETGEAR CG3000DCR.  I suspect this is because of how they inject the /29 into their network, which is probably via RIP.  The speed is fine and the latency to the CMTS isn't too bad, although it seems to bounce around a bit:

Comcast CMTS

Here's a traceroute showing that nice paid peering between Comcast and Netflix:

Start: Thu May  8 20:34:26 2014
HOST: starfire                                          Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 10.1.10.1                                          0.0%     8    0.4   0.4   0.4   0.6   0.0
  2.|-- 73.98.180.1                                        0.0%     8    8.7   8.5   7.2  10.0   0.7
  3.|-- te-0-2-0-5-ur07.burien.wa.seattle.comcast.net      0.0%     8    9.7   9.5   7.6  11.1   0.9
  4.|-- be-1-ur08.burien.wa.seattle.comcast.net            0.0%     8    9.5   9.5   8.2  10.6   0.5
  5.|-- ae-1-0-ar03.seattle.wa.seattle.comcast.net         0.0%     8    9.7   9.6   8.5  10.9   0.7
  6.|-- he-1-3-0-0-10-cr01.seattle.wa.ibone.comcast.net    0.0%     8   10.3  11.7   9.3  18.2   2.8
  7.|-- he-0-13-0-0-cr01.sanjose.ca.ibone.comcast.net      0.0%     8   29.4  28.9  26.8  31.8   1.9
  8.|-- he-0-11-0-0-pe03.11greatoaks.ca.ibone.comcast.net  0.0%     8   27.0  37.1  26.9 103.8  27.0
  9.|-- as2906-c-0.sanjose.ibone.comcast.net               0.0%     8   69.0  68.4  61.2  79.2   5.3
 10.|-- 198.45.56.12                                       0.0%     8   69.3  67.8  63.8  70.3   2.2

They also let me set my own PTR records, which is nice, although they offer no self-service way of doing this.  I had to call them up.  Oh.. and I must say there is a night & day difference between residential and commercial phone support.

Unfortunately, while Comcast does support IPv6 on the xfinity side of the house they do not yet support it for their commercial offering, so I'm still tunneling.

That being said, I had a bit of a headache when I tried to cancel the HSD portion of my xfinity residential service.  At first when I canceled the service everything seemed fine.  However, the CableCARD tied to my account (connected to the ATI DCT on my Windows Media Center PC) magically stopped working around the same time.  I had to call them bad and they admitted they "made a mistake" when they were canceling my HSD account.  That's fine.  However, a few days later after I sold my old Motorola SB6141 to someone at work, I come to find out that the cable modem is still tied to my account.  Again I had to call them and tell them to take it off my account.  Surprisingly, my CableCARD and Motorola HD box didn't break this time.

Work

The commute from West Seattle isn't as bad as everyone had warned.  If I leave at around 07:00 I can be in the parking garage in around 18 minutes.  From there it's a short 5-6 minute walk to the office and I can be at my desk by 07:30.  I haven't quite figured out the best time to leave the office but it seems to take me anywhere from 25 to 30 minutes from the parking deck to my garage.  Regardless, nothing as infuriating as I-485 back in Charlotte!

Work is fairly challenging and my first project is almost done.  Amazon sure puts the wireless industry to shame with the sheer number of acronyms, nicknames, and proprietary lingo that is used for various things.  I'm certainly having fun, so far!  Yes, we are still hiring.

Climate

The first two warm days were last week and it got up to 29.4°C before I opened up the windows and cooled it down.  I'm going to try the first summer without any air conditioning and then figure out if I need to get central AC or a portable unit for next year.

Anyway, the spring is fairly nice out here!  It's nice and green, now:

Seattle Spring

The pollen is practically nonexistant compared to Charlotte.  In fact, I haven't noticed any of it and, as a result, I've managed to skip my seasonal allergies completely, which is nice.

Other Stuff

I think there's a bug in Mutt 1.5.23.  Ever since I upgraded from 1.5.21 I've noticed doing a full-text message search is horribly slow.  I think it may have to do with Debian bug 745532.

Comments: 0
> Odd NTP Attack
Posted by prox, from Seattle, on March 23, 2014 at 00:19 local (server) time

We've all heard about the recent NTP reflection attacks.  Last night I noticed a higher-than-normal traffic volume on nox, so I checked it out with tcpdump:

Note, the first and second octets have been anonymized to protect the victim.

21:07:07.999600 IP 100.44.89.82.26528 > 64.16.214.60.123: NTPv3, Client, length 48
21:07:07.999608 IP 100.44.89.82.26528 > 64.16.214.60.123: NTPv3, Client, length 48
21:07:07.999617 IP 100.44.89.82.26528 > 64.16.214.60.123: NTPv3, Client, length 48
21:07:07.999625 IP 100.44.89.82.26528 > 64.16.214.60.123: NTPv3, Client, length 48
21:07:07.999712 IP 100.44.89.82.26528 > 64.16.214.60.123: NTPv3, Client, length 48
21:07:07.999722 IP 100.44.89.82.26528 > 64.16.214.60.123: NTPv3, Client, length 48
21:07:07.999730 IP 100.44.89.82.26528 > 64.16.214.60.123: NTPv3, Client, length 48

Yes, nox is a public NTP server.  It's a member of the NTP Pool Project.  No, it's not susceptible to an NTP reflection attack.  It looks like some poor soul at 100.44.89.82 (looked like a SonicWALL when I poked around) was being attacked and the traffic above was being spoofed with the intention of having my server send back a reply that's much larger than the request.  Here's a decode of one of the packets:

21:07:07.772681 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto UDP (17), length 76)
    100.44.89.82.10084 > 64.16.214.60.123: [udp sum ok] NTPv3, length 48
        Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10s, precision -19
        Root Delay: 1.000000, Root dispersion: 1.000000, Reference-ID: (unspec)
          Reference Timestamp:  0.000000000
          Originator Timestamp: 0.000000000
          Receive Timestamp:    0.000000000
          Transmit Timestamp:   3604450027.692652940 (2014/03/21 21:07:07)
            Originator - Receive Timestamp:  0.000000000
            Originator - Transmit Timestamp: 3604450027.692652940 (2014/03/21 21:07:07)

What's odd about this is the packet above looks like just a normal NTP query.  Unlike most of the NTP reflection attacks that exploit the monlist or similar commands, this wasn't really going to have the desired effect.  And, of course, if you look at the initial (before I blocked that source address with iptables) traffic volume, it certainly did not:

MRTG

The desired effect, of course, should have been an outbound traffic volume that was greater than the inbound traffic volume, or amplified.  In this case, my server was just sending back a 48 byte packet for every 48 byte packet coming in, albeit apparently slightly ratelimited by the NTP daemon.

Was this a misconfigured DDoS bot?  Did the attacker really not know what he or she was doing or missed DDoS 101?  Or, was this traffic not actually spoofed and was a result of some broken NTP client?  Maybe.

Regardless, if this wasn't a misconfigured NTP client, BCP 38 would have prevented this from happening to begin with.  I don't know where the traffic was originating, but I do know that it was from a network that probably doesn't implement BCP 38.

Anyway, I thought this was a little odd so I figured I would share.

Comments: 0
> It's Time for A Change
Posted by prox, from Seattle, on March 09, 2014 at 13:40 local (server) time

No, I'm not quoting Bill Clinton.  I haven't posted in a few months because it was time for a change and I decided to pull the trigger.  I left Time Warner Cable in Charlotte and moved to Seattle to work for Amazon Web Services.

I'm not going to say much about the job change because it's really not appropriate for a public-facing blog and there's really not much I can say.  I'm happy to be advancing my career and working on a network that either powers 1% of the Internet or provides content to 1/3 of all Internet users (depending on who you ask).

Before I left Charlotte I got engaged to my beautiful fiancée on Valentine's Day.

Devon and Mark

We're set to be married next year on a day that commemorates the ratio between a circle's circumference and diameter.

At the moment I'm living in the Belltown area of Seattle in Washington state.  My ten (10) minute commute is thoroughly spoiling as it'll be a bit longer when I move into my permanent residence in a couple of weeks.

I'm still trying to figure out Seattle.  It's got elements from both uptown Charlotte and Manhattan but with its own twist.  The people who I come in contact with on a daily basis are very friendly, which from what I hear is actually abnormal.  The weather here is routinely overcast and rainy but I've found that weather forecasts are terribly inaccurate due to the surrounding mountains in the region.  Most days that are forecasted as rainy actually end up with an hour or two of sun between the fronts, which is nice.  I was told that only 17% of residences have central air conditioning.  At first, I thought this was a bit odd (coming from the south!) but I suppose it makes sense due to the climate.  I'll find out this summer if my computers will require extra cooling or if they'll be fine sans-AC!

One nice thing is the Comcast XFINITY service in the area provides native IPv6 with prefix delegation.  Finally, no more tunneling!  Although, I do like the permanent nature of a tunneled /56 or /48 as well as the reverse DNS delegation.  Maybe I'll ultimately use a combination of both.

Comments: 1
> Cisco IOS IPv6 Prefix List Oddness
Posted by prox, from Charlotte, on December 28, 2013 at 15:22 local (server) time

A week or so I configured some IPv6 prefix lists in my networking lab at home on a few Cisco IOS boxes running 15.1(4)M7.  Almost a day after I finalized the configuration, I noticed that the prefix lists appeared to be reordering themselves from time to time.  Specifically, the "show running-config" command would list the entries in a slightly different order, every once and awhile.

Normally, I wouldn't care.  Prefix lists are not evaluated based on order and this was just a lab, anyway.  However, I have RANCID setup to monitor all configuration file changes in my lab environment and I started getting several e-mails per day.  Here's a sample:

Index: configs/defiant
===================================================================
retrieving revision 1.485
diff -u -4 -r1.485 defiant
@@ -340,11 +340,11 @@
   passive-interface Loopback0
  !
  ipv6 prefix-list DEFAULT-ROUTE permit ::/0
  !
- ipv6 prefix-list SPOCK-NETS permit 2001:48C8:1:104::37/128
  ipv6 prefix-list SPOCK-NETS permit 2001:48C8:1:104::38/127
  ipv6 prefix-list SPOCK-NETS permit 2001:48C8:1:13A::/63
+ ipv6 prefix-list SPOCK-NETS permit 2001:48C8:1:104::37/128
  !
  route-map ADV-DEFAULT permit 10
   match ip address DEFAULT-ROUTE
  !

This is happening on two routers running the same exact version of IOS with a similar prefix list.  It seems like the configuration compilation that is executed from the "show running-config" command may be doing something wrong since when I display the prefix lists manually and they are shown in the same order each time:

defiant#show ipv6 prefix-list 
ipv6 prefix-list DEFAULT-ROUTE: 1 entries
   seq 5 permit ::/0
ipv6 prefix-list SPOCK-NETS: 3 entries
   seq 5 permit 2001:48C8:1:104::37/128
   seq 10 permit 2001:48C8:1:104::38/127
   seq 15 permit 2001:48C8:1:13A::/63

I haven't tried messing with different IOS versions, yet.  I may do that later.

Oh, in other news.. among other things, I got a plush NCC-1701 for Christmas:

Plush Enterprise NCC-1701

Yes, it's from ThinkGeek and makes noise.

Comments: 0
> OS X Mavericks 6in4 Tunnel Crash
Posted by prox, from Charlotte, on December 19, 2013 at 16:17 local (server) time

Well, this one is a bummer.  Apparently, Mac OS X Mavericks introduced a bug in either the gif(4) driver or kernel that crashes the whole machine when an IPv6 address is removed from a 6in4 tunnel interface.  The gif(4) driver in the BSD world provides a generic driver to tunnel IP in IP (any version inside any other version).

If you want to try it, do this as root:

/sbin/ifconfig gif0 up
/sbin/ifconfig gif0 tunnel 10.1.1.1 10.9.9.9
/sbin/ifconfig gif0 inet6 2001:db8:1:116::2/64
/sbin/route add -inet6 default 2001:db8:1:116::1
/sbin/route delete -inet6 default
/sbin/ifconfig gif0 -tunnel
/sbin/ifconfig gif0 inet6 2001:db8:1:116::2/64 -alias

The last command triggers a kernel panic and reboot after a few seconds.  I discovered this after loading my IPv6 6in4 tunneling script on my old MacBook Air.  The tunnel works fine when it's up.  However, tearing it down seems to be problematic, to say the least.  My script doesn't even get to the point where gif0 is brought down.

The backtrace and some associated information looks like this:

Thu Dec 19 13:37:50 2013
panic(cpu 1 caller 0xffffff80164d143e): Preemption level underflow, possible cause unlocking an unlocked mutex or spinlock
Backtrace (CPU 1), Frame : Return Address
0xffffff80a5e536d0 : 0xffffff8016422f69 
0xffffff80a5e53750 : 0xffffff80164d143e 
0xffffff80a5e53760 : 0xffffff80164d11cf 
0xffffff80a5e53770 : 0xffffff801664ce14 
0xffffff80a5e537b0 : 0xffffff801662bb33 
0xffffff80a5e538d0 : 0xffffff8016730aac 
0xffffff80a5e539a0 : 0xffffff8016714519 
0xffffff80a5e53dc0 : 0xffffff801672b6cc 
0xffffff80a5e53e20 : 0xffffff801672b308 
0xffffff80a5e53e60 : 0xffffff801672afea 
0xffffff80a5e53f20 : 0xffffff801644a15a 
0xffffff80a5e53fb0 : 0xffffff80164d6aa7 

BSD process name corresponding to current thread: kernel_task

Mac OS version:
13A603

Kernel version:
Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64
Kernel UUID: [removed]
Kernel slide:     0x0000000016200000
Kernel text base: 0xffffff8016400000
System model name: MacBookAir3,1 (Mac-[removed])

The full report can be found here.  I removed some values in it that I thought might be harmful if they are public (I could be mistaken).  I also filed a bug report with Apple on this: 15701774.  I'm fairly sure this is not hardware-related or related to VirtualBox, Cisco AnyConnect, or TunnelBlick kernel extensions being present since I can crash another Mavericks install running in a VM that has none of them loaded.

Update: I did realize I was not running the latest version of OS X Mavericks, 10.9.1.  I just upgraded but the issue is still present.  Here is a crash report under 10.9.1.

Update: Apple closed my bug report as a duplicate of 14929904.

Comments: 0
> iPad Air, iOS 7, Jailbreaking, etc.
Posted by prox, from Charlotte, on November 18, 2013 at 23:11 local (server) time

Yes, I have a few things to say about this.  It's not a review of the iPad Air but more of a whiny rant (shocker, I know).

I recently picked up an iPad Air MF018LL/A, which is the white cellular model with 128 GiB of storage.  I use AT&T for carrier diversity with the 3 GiB/mo plan since my phone is on T-Mobile's network.  The iPad Air replaced my iPad 3, which when I owned it was jailbroken and still running iOS 6.  I happened to sell it and all of my accessories to a colleague who is now a first-time iPad owner.

Below: iPad 3 on the left, iPad Air on the right.

iPad 3 and iPad Air

First Impression

My first impression with the iPad Air was awful since it failed at the first thing I asked it to do: install an application.  I got the dreaded "could not connect to iTunes store" error whenever I tried to install an application on Wi-Fi or cellular.

Cannot Connect to iTunes

It turns out this is an iOS 7 issue that some folks got after upgrading from iOS 6 and there was a thread on the Apple Support Communities site about it.  I had to ultimately do a factory reset and wipe of the device to fix it.  I didn't lose anything because it was a brand new iPad and I had not loaded anything back onto it.  It's odd that this hasn't been fixed in iOS 7.0.3, which is what's running on my iPad Air.  I also wonder how iOS 7 was loaded onto the iPad.  I'm almost wondering if iOS 6 was initially running on the iPad Air during development and the first few devices were shipped with a version of iOS 7 that was upgraded from an existing iOS 6 installation.  Curious.

Second Impressions

The iPad Air hardware is good.  The CPU seems fast (Google Earth is smooth as butter) and the shell (+ components) is much lighter and thinner than the iPad 3.  I'm not sure what I think about battery life, yet.  So far, it seems to last slightly less than my iPad 3 but my analysis is most unscientific.

The antennas or cellular radio itself must be better in the iPad Air vs. the iPad 3 because I have five "dots" more often than I had five "bars" on the iPad 3.  I suppose the "dots" could be mapped to different ranges of dBm in iOS 7, now, or the addition of more LTE bands is helping, although I didn't think LTE bands themselves overlapped within an area.

I configured the switch on the side of the iPad Air to control roation lock, since I have volume muted almost all of the time, anyway.  I find that, compared to the iPad 3, it's more difficult to slide the button back & forth with my finger.  The button itself appears to be rounded and the one on the iPad 3 had sharper edges that were easier to "grab" with my finger.

I'm disappointed that the fingerprint reader now being used on the iPhone 5s didn't make its way into the iPad Air.  I guess it doesn't matter to me since I probably wouldn't have used it, anyway.

iOS 7

I don't mind the visual changes in iOS 7, to be honest.  I thought the skeuomorphisms probably needed to go, too.  There are a few things that bug me, though.

The control center is an abomination.  Apple made the decision on what toggles should be available to users and didn't leave any room for customization.  It's infuriating.  I would like to swap out the airplane mode for a toggle that turns cellular data on and off.  If I'm connected to Wi-Fi and want to shut off cellular data to save a little bit of battery life, I have to navigate all of the way to settings.

It appears the text size for items on the status bar at the top of the screen has become smaller.  The text size setting doesn't appear to change the font size of them.  What's weird is the items are larger at the lock screen but shrink when the device is unlocked.  Very odd.

The IPv6 support seems better than in previous versions of iOS.  I didn't have a problem loading all web pages over IPv6 on my dual-stack network at home.  In iOS 6, some of those pages would have loaded over IPv4 due to Apple's odd HE implementation.  DHCPv6 appeared to work on one of my test SSIDs but unfortunately the iPad put the IPv4 DNS servers before the IPv6 one.  More testing is required, apparently.

DHCPv6 Fail?

One difference in the IPv6 support between iOS 6 and 7 is the implementation of RFC 4941 when SLAAC is used.  iOS 6 added temporary addresses with random interface identifiers but always kept the link-local address based on EUI-64 as well as one GUA.  iOS 7 appears to randomize the interface identifiers for both the link-local address and all the GUAs.  I really wish it was possible to disable this.

Jailbreaking

I really miss the jailbroken functionality I had with iOS 6 on my iPad 3.  Lots of people ask me why I bother to still jailbreak iOS devices—my reasons mostly relate to optimization and performance.  I'll detail them all here.

3G Unrestrictor.  This application works around some of the very annoying and pointless restrictions of iOS itself and many applications.  Podcasts, iTunes, and the App Store won't download anything over 100 MB (I assume MiB) over a cellular connection.

Over 100 MiB (or MB?)

There's no way to disable this and it's infuriating.  TWC TV won't stream live TV over cellular.  The list goes on.  These restrictions are stupid because iOS and the various applications are essentially telling the user that they're too stupid and irresponsible to use their cellular data plan.  If I want to burn up my plan downloading podcasts that is my prerogative!  3G Unrestrictor fixes all of these issues and fools applications into thinking the current network connectivity is via Wi-Fi.

SBSettings.  SBSettings provides functionality similar to iOS' control center but is instead customizable and provides tweaks that allow various things on the status bar to be changed.  Toggles include data, OpenVPN (if installed), 3G Unrestrictor, and more.  The status bar can be configured to show the current Wi-Fi SSID, numeric signal strength indicators for both cellular and Wi-Fi, non-scaled battery percentage, and more other options than I can remember at the moment.

FakeClockUp.  This application speeds up transitions and some animations on iOS.  Although these animations take only a second or so every time, this can add up to minutes and hours of wasted time over the life of a device.  This application is needed because iOS doesn't provide an option to disable these transitions.

Command-line Access.  While most non-geeks do not care about such things, command-line access provides a wealth of flexibility.  Among other things, it allows for network-related diagnostics and troubleshooting as well as the ability to directly back up media and application data that is otherwise inaccessible or only provided by other 3rd party applications.

Hopefully, the above will be usable for iPad Air owners once again when the iOS 7 jailbreak is released.  Until then, we're locked into doing things the way Apple wants us to do them, sans-choice.

Comments: 0

No Previous PageDisplaying page 1 of 116 of 926 results Next Page