13. Jazzfest Sarajevo

September 25th, 2009 by admin

09.10.2009. 20:00

Carlos Bica AZUL
Portugal, Njemačka, SAD

Jazz Fest 2009 launch concert CDA, Gabelina 16

03.11.2009. 20:00

KURT ELLING Sings the Music of Coltrane and Hartman
SAD

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

04.11.2009. 12:00

RADIONICA: Talk with Kurt Elling

Radionica Mala sala BKC a, Branilaca Sarajeva 24

04.11.2009. 20:00

ANOUAR BRAHEM QUARTET
Tunis, Njemačka, Švedska, Liban

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

04.11.2009. 22:00

ARKUL
Bosna i Hercegovina

Next Generation – Pozorište mladih, Kulovića 8

05.11.2009. 20:00

TRILOK GURTU BAND
Indija, Njemačka, Francuska, Australija, Italija

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

05.11.2009. 22:00

DAMIR IMAMOVIĆ
Bosna i Hercegovina

Next Generation – Pozorište mladih, Kulovića 8

06.11.2009. 20:00

TBA

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

06.11.2009. 23:00

TBA

Groove Stage – Dom mladih, Terezije bb

07.11.2009. 21:00

RENAUD GARCIA-FONS & LINEA DEL SUR
Francuska, Španija

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

07.11.2009. 23:00

TBA

Groove Stage – amfiteatar Doma mladih, Terezije bb

08.11.2009. 12:00

RADIONICA: Upoznaj instrumente

Radionica Mala sala BKC a, Branilaca Sarajeva 24

08.11.2009. 15:00

RADIONICA: Renaud Garcia-Fons

Radionica Mala sala BKC a, Branilaca Sarajeva 24

Posted in happenings | No Comments »

QoS on Cisco router in few simple steps: shape your http and https traffic in quick and efficient way

September 14th, 2009 by admin

Few days ago we had request to shape http and https traffic to one megabit in our network. This post will describe full procedure in several simple steps.

First thing that we need to do is to create class map which will match http and https traffic. To do so, we need to do following:

  1. enable
  2. conf t
  3. class-map match-any WEB
  4. match protocol http
  5. match protocol secure-http
  6. exit

Explanation:

  1. switch to privileged mode;
  2. switch to global configuration mode;
  3. once in global configuration mode, we are able to create class-map and to name it WEB. Please note that we have match-any statement as well. There are two possibilities that we can use: match-any and match-all. Difference between them is same as with logical or and logical and. In case of using match-any we are matching host or https or http traffic;
  4. we are matching http traffic for this class-map;
  5. we are matching https traffic for this class-map.

Once we are done with creating class-map, we need to create policy-map which will match class-map that we previously defined and we need to set policing options in order to shape http and https traffic to one megabit. Here is the procedure:

  1. policy-map OUTPOLICY
  2. class WEB
  3. police 1000000 conform-action transmit  exceed-action drop  violate-action drop
  4. exit

Here is the explanation of above configuration:

  1. Creating policy-map named OUTPOLICY;
  2. we are matching class WEB with OUTPOLICY which means that all that we configure will apply to class WEB;
  3. We are allowing one megabit for http and https traffic previously defined in class map WEB and matched in previous step (that traffic is allowed with conform-action transmit and all traffic above that will be dropped by statement exceed-action drop).

Now, lets imagine that we have router with two interfaces: FastEthernet 0/0 which is being used for WAN link and FastEthernet 0/1 which is used as interface on which is LAN connected (lets say that it is working with IP address 192.168.0.1 and it is default gateway for hosts in your network).

We need to apply our QoS configuration on both interfaces. Configuration is as follows:

  1. interface FastEthernet 0/0
  2. service-policy output OUTPOLICY
  3. exit
  4. interface FastEthernet 0/1
  5. service-policy output OUTPOLICY
  6. exit

As you can see, we are setting service-policy OUTPOLICY in outband direction and we are doing that on both interfaces. If we are watching our network from our network towards Internet this rule will mean that we are limiting upload (rule on the interface FastEthernet0/0), if we are watching from the Internet side towards your local network, rule on FastEthernet 0/1 interface will mean that we are limiting download. I know that it can be confusing, because it would be logical to have this rule in inbound direction for local interface FastEthernet0/1, but all depends of point of view. All the concept is very similar to access lists.

To make sure that all is working fine, we can execute following commands:

  1. show class-map WEB
  2. show policy-map interface FastEthernet0/0 (FastEthernet0/1)

Posted in cisco, networks | 1 Comment »

Linux and VPN client selection

September 10th, 2009 by admin

Since I am working for company that will not ever never let us connect to their network without VPN client, and taking in consideration that I wanted to use Linux on my laptop it was time to get my hands on selecting appropriate VPN client since I am working as teleworker (this sounds cool to me).

Now, before I start describing anything I need to say that I am using Ubuntu 9.04 on my laptop. Few of the reasons for using Ubuntu would be that it is working very nice, it is fast enough, it is nice looking and very stable at the same time, and at the end of day it is Debian based, and I proudly admit that I am emotional when it is about Debian. Ok, now back to VPN clients.

We are using IPsec. Therefore, I needed something that can support it and actually I have found two real possibilities:

1. Cisco VPN client for Linux
2. vpnc

I was working with vpnc before and I have to admit that it was my first selection. In my personal opinion it is working very nice, and it is really easy to use. network-manager-vpnc is actually just a vpnc plugin for network-manager and is nice solution because you will be able to use it from nm-applet from panel which is more friendly than connecting over console. vpnc is capable of working just over UDP and I have found it as huge limitation. I am working from the network which is reaching limits almost all the time, and UDP in those kind of networks is not that good solution. In most cases, if you are using UDP and you are working from those described networks you will see on the statistics that you are sending bytes, but you are not receiving anything. I was trying to find some vpnc clone that is working over TCP, because we obviously need some packet delivery guarantee, but I wasn’t that successful. That was reason to try Cisco VPN client.

There is really good project page for Cisco VPN client at this link. As i have heard, people were complaining that it is hard to compile it and install it, but with installations provided on the above link, it is not that hard to accomplish that. Main reason why em I actually using Cisco VPN client is ability to work over TCP. It is working really good, it is stable and I would, from my personal experience, recommend it.

I have noticed that huge disadvantage of using Cisco VPN client is using it over wireless network. After certain period of time my Ubuntu just freezes and only way to get it working is to turn it off, and start it over again. Solution is to use wired network, after that it is all work fine. It seems that Intel wireless driver is actually making this problem, but I was reading that some of the users are complaining on really bad multi core support. One of the solutions was to start it with just one core (which means to disable one core in prior to starting vpn client), which is not that user friendly. One of following posts will describe procedure how to install and to configure both vpnc and cisco vpn client, and how to resolve some of the issues that might occur while using them.

Posted in applications, cisco, debian, linux, networks, open source, security | 1 Comment »