Skip to main content

Posts

Showing posts from November, 2012

SSL Certs, Keys and Trusts

Recently faced some weird issues with ssl, while building a new infrastructure. So this will be a post on SSL basics which actually is sufficient to fix even crazy error  like "SSLHandshakeException". For guys wondering what is that, I too have no idea abt it. Its computer way of saying, go and read basics  before bugging me.
Browser based Handshakes(One way cert validation): Say I open gmail.com, browser sends a request to gmail.com, gmail.com will give me a certificate that will have hostname(gmail),  validity of certificate,  public key of gmail.com and a hash to make sure data is not tampered. Browser uses the public key to encrypt data to gmail which can be decrypted only with gmail's private key. Similarly gmail sends data encrypted with its private key which can be decrypted with its public key which the browser has. SSL Session:  But everybody will have gmail's public key. What if any culprit decrypts data from gmail and reads it? So at the start of https conn…

Load Balancing

This blog always talks abt things at very basic level. This is one such post on basics of Load Balancing. During my college days, I have wondered how sites run 24*7 without any downtime. I also wonder how sites like google, yahoo handle so much traffic(Add facebook and quora to that list now).
One of the key contributor for this awesomeness is load balancer. In simple terms, there are many hosts ready to serve the incoming request. So the questions are 1)how one routes traffic to any one of the host(such that they are not unfairly skewed)? 2)how to make end users unaware of  server(s) crashes in our datacenter? 3)how to make cookie based transaction possible if each request hits different server? 4)how to make https transaction possible(as they are tightly bound to hostname)? Lets see the different kinds of solution available and the way they solve the above problems 1)DNS Load Balancers: (http://en.wikipedia.org/wiki/Round-robin_DNS) In this method we have to associate two or more A…

Summarize

Had been trying this summarizing system for a while.. So refactored all my existing codes and created a runnable jar file. Download jar from here.
1) Click and run the file using Java SE.
2)Select input file(only pdf)
3)Specify the amount of text to be extracted
The output file will be in the same folder as the input pdf file with the name being "eskratch"+input_file_name.
Still errors are not properly handled, will try handling these errors and release an update soon.

Networking In LXC

Had been trying to create multiple vm containers and make them reachable from the existing infrastructure switches. So basically I will explain about my host system My host system has two interfaces em1 and em2. em1 is attached to two vlan switch ports 211 and 103. So my interface looks like em1, em1.211, em1.103 and em2. em2 is reachable through my network.
1)Networking via veth: I created a bridge interface br0 and attached it with em1.211 and em1.103. Now the containers use veth to bridge with br0 using veth pair. The usual flow of data will be
from outer world to container em1.x(picks up in promisc mode)->br0->host veth pair->container
from outer world to host em2(picks up packet as em1 has no ip)->host

2)Networking via macvlan:
Macvlan is a kernel feature which allows an interface to have multiple hw address and ip. So by default macvlan creates a new interface(virtual of an existing interface) with hw and ip addr pairs and then moves that interface to containers. If…