Controlling ARP Solicitations

When your network endpoints are not changing during testing scenario, transmitting ARP packets at the default rate is arguably wasted bandwidth. You can tune the Linux networking stack to extend the time between ARP broadcasts.

These tunables are in /proc/sys/net/ipv4/neigh and are divided by default and per-device settings. The knobs I find that are useful are:

  • base_reachable_time: a guideline on how often to broadcast for ARP updates
  • gc_stale_time: threshold in seconds on when to consider evicting an arp entry
  • locktime: minimum time to keep an ARP entry

You can set twist these knobs for two ports in a shell script like so:

for f in /proc/sys/net/ipv4/{enp2,enp3}/{base_reachable_time,gc_stale_time,locktime} ; do
    echo 300 > $f
done

This changes the values to 5 minutes.

Turning off IPMI DHCP

Many SuperMicro motherboards have IPMI features that have a dual-port feature. The first two Ethernet ports on the motherboard are capable of serving the IPMI function.

IPMI served by these ports
IPMI served by these ports

If the dedicated IPMI port is not cabled, IPMI will be served off the LAN1 port (which is predictably the MGT port on LANforge machines).

Turning off IPMI is often not possible, but turning off the IPMI port DHCP is possible. There are two ways of doing this, and you might not even need to reboot your server if your IPMI driver is included in the Linux distribution you are using.

Using the Linux IPMI tools

You might have either the ipmiutils or the ipmitool package available, maybe both. Both are probably going to rely on the same drivers, however.

ipmiutil

# install
 $ sudo yum install ipmiutil
# show configuration
 $ sudo ipmiutil lan -c
# disable the LAN feature (if desired)
 $ sudo ipmiutil lan -d
# or set a fixed IP:
 $ ipmiutil lan -e -I 0.0.0.0

Setting the address of 0.0.0.0 sometimes is a shortcut for disabling the IPMI LAN features. Or you can set a normal non-routable address like 192.168.0.251. (Refer to this post.)

ipmitool

Similar commands are listed for IPMITool on this post. The “lan set 1” phrase refers to “IPMI Device 1.”

 $ sudo ipmitool lan set 1 ipsrc static
 $ sudo ipmitool lan set 1 ipaddr 192.168.0.251
 $ sudo ipmitool lan set 1 netmask 255.255.255.0
 $ sudo ipmitool lan set 1 defgw ipaddr 192.168.0.1

Configuring the BIOS

We might have a motherboard that isn’t in the driver set for these tools. This is how you’d know:
ipmi-100

In this scenario, we need to reboot and press DEL to get into the BIOS. You will likely never see two motherboards with exactly the same BIOS screen layout…but just look for IPMI and you’ll likely get to screens that look like this:

Advanced screen bios-100

Advanced – IPMI Configuration

bios-101

IPMI LAN Configuration

bios-102We can verify that this is the MAC address we’re seeing traffic from using tcpdump. Let’s also gather the MAC addresses because we’ll want those as a reference when looking at our tcpdump data.

bios-ip-103

Now we can craft a tcpdump that will show useful things:

tcpdump -eni eth1 \
    ether host 00:25:90:01:66:0a \
 or ether host 00:25:90:01:66:0b \
 or ether host 00:25:90:01:8a:ef

And we’ll see results like this:

17:35:07.814819 00:25:90:01:8a:ef > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:01:8a:ef, length 548
17:35:10.874561 00:25:90:01:8a:ef > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:01:8a:ef, length 548
17:35:13.945135 00:25:90:01:8a:ef > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:01:8a:ef, length 548

Clearly, we’re getting getting DHCP broadcasts from that port. After setting the IPMI IP in the BIOS to 0.0.0.0, those broadcasts stop.

Using UTF-8 in Your SSIDs

The LANforge server process is not multi-byte character aware, and pasting hanzi or other logograms into the GUI will get mangled. What is displayed is an byte escape sequence, like what this script shows:

 > ./utf8hex.pl 小猫
\xe5\xb0\x8f\xe7\x8c\xab

This is the C-language byte encoding for those UTF-8 characters. This is what wpa_supplicant and hostapd rely on in their configuration files. (That script is pasted below.)

If you paste hanzi into the hostapd.conf file “ssid=” property, (you have to specify a custom file) you can get a virtual AP to come up. It will NOT associate with a station. The wrong way:
2015-10-23-vap-utf8-101

If you paste the byte sequence into the ssid property, a station WILL associate. Make sure to specify utf8_ssid=1. The right way:
2015-10-23-vap-utf8-201

The display scan window will display the SSID as a byte sequence.
2015-10-23-vap-utf8-100

The SSID picker in the Port Modify will show the byte sequence after you click the DISPLAY SCAN button.
2015-10-23-vap-utf8-102

Watch your Wireless Events log window for of station association messages. A station that continues to scan even if the SSID is shown in the scan windows is one that is not connecting.

2015-10-23-vap-utf8-200

This is the right way to write the wpa_supplicant file, with the SSID escape sequence. Use the utf8hex script to get this byte sequence.
2015-10-23-vap-utf8-103

Here is the utf8hex.pl script:

#!/usr/bin/perl -w
use utf8;

for my $u (@ARGV) {

   foreach my $ch (split('', $u)) {
      my $b = ord($ch);
      if ($b >= 20 && $b <= 126) {
         print $ch;
      }
      else {
         printf("\\x%x", $b);
      }
   }
   print "\n";
}

Captive Portal Automated Testing

wifi_captive_portalIf you’ve ever been to a coffee shop for free WiFi, and needed to sign-in for Internet access, you’ve used a Captive Portal. Are you developing one? How many stations can your portal controller authenticate simultaneously? Let’s do some automated testing of that with LANforge. This cookbook will guide you through how to use the portal-bot script.
#wifi #network #testing