Xen Long Distance Live Migration

Reading about VMWares Long Distance VMotion, which they offer in connection with Ciscos Data Center Interconnect, I was wondering if the same thing wouldn’t be possible using Citrix XenServer as well as OpenVPN. My current test setup is running a XenServer instance in Tubingen at my University, as well as an instance at the TU Munich. The distance between both locations is about 220KM, and a ping reveals a latency of about 8ms. Both locations provide a Bandwidth of about 100MBit through the Universities Internet connection, while throughput is limited by OpenVPN further. I got a Server running OpenVPN as well as NFS for shared storage at the TU Munich as well, while the OpenVPN Client in Tubingen is running as a VM inside XenServer itself to provide the VPN Tunnel.
The purpose of the setup is to provide an environment to demonstrate the possibility to migrate a VM between different subnets while maintaining reachability throughout the migration, which is the topic of my thesis. Even though this is not implemented yet the migration over the distance, while just using a pretty standard internet connection and a VPN Tunnel, is. I decided to create a screencast to demonstrate this, in it’s first form, which is working since yesterday.
I plan to have a demo of a working migration with constant reachability when my thesis is done.


Kind of hard to see in the current video quality, the top server is located at Tubingen in a Subnet, with a TestVM running, while the other Server is located at the TU Munich with a Subnet, both running XenServer 5.5. The TestVM runs a little script printing the current date every second, to demonstrate there is no real downtime during the Live Migration.

iPhone 3.1.3 on O2 Germany with costum IPCC Carrier Bundle

Recently Apple released Version 3.1.3 of the iPhone OS, reenabling tethering for Carriers which do not originally have the iPhone. I myself got an iPhone from italy completely unlocked running on the O2 Network in Germany, until Version 3.1.3 I was using a costum IPCC Carrier Bundle file to get a nice O2 logo and also to have my APNs and MMS preconfigured so I didn’t have to do that everytime I change SIMs. Sadly this IPCC stopped working with 3.1.3, well it did not stop working technically but tethering was not enabled while using it, also the MMS settings didn’t get applied properly.


p>Googling around for some time last night I was able to setup a carrier bundle for O2 which enables tethering, pre populates all the APN and MMS settings, while getting rid of those nasty “Call forwarding” messages when calling somebody, so for anybody interested you can download it.

To apply it simple run

defaults write com.apple.iTunes carrier-testing -bool TRUE

in the Terminal with iTunes closed to enable custom carrier bundles. Afterwards you can apply the IPCC simply by Option+Click on Check for Updates in iTunes and selecting the downloaded IPCC.

Setup Mercurial over SSL with Apache

Since some of my SVN Repositories did not survive the last Update of the Database, and were really hard to recover, or some even needed to be recovered from older Backup, I decided to switch to Mercurial for all me Repository needs.

Looking around on the Web there a probably 100s of guides explaining the basics and setup, but actually None of them worked as a whole for me, so I decided to write down my experiences maybe they apply to somebody, and if not, at least it will be easier for me next time.

First of all thanks to the following Guides I got everything working:

Second I’m running on a Debian Lenny Server with all Updates until 5/5/2009, Mercurial is 1.0.1, Apache is Apache/2.2.9 (Debian).

Now a couple hints, make sure cgi is enabled

sudo a2enmod cgi
sudo a2enmod cgid

Now Setup a new Location for Mercurial like this one

ScriptAliasMatch ^/merc(.*) /MYREPOPATH/hgwebdir.cgi$1
   <Location /merc>
   Allow from all
   Options ExecCGI
   AuthType Digest
   AuthName “REPOSNAME”
   AuthDigestProvider file
   Require valid-user

Now copy the file hgwebdir.cgi found in /usr/share/hg to the Repository Path and Setup a hgweb.config file in the same location to point to your repositories


Now just the repositories need to be initilized in this Path

mkdir testrepo
cd testrepo && hg init

and the Password file has to be created

mkdir testrepo

If you now add allow_push = USERNAME to the hgrc file for the repository you can push your changes to the newly initilized repository after cloning it.

Hope those hints will help, if not comments are welcome.

Wifi Speed Draft-N: 2.4GHz vs 5GHz

Just a quick comparison, after using my Airport Extreme with Draft-N Wifi in the 2.4GHz b/g compatibility mode for some time I realized how much more speed you can get using the N only 5GHz mode, just for comparison:

Using 2.4GHz B/G/N mode: 140MBit

Using 5GHz N only mode: 270MBit

Since I have 2 Wifi routers at home using 1 for B/G and the Airport Extreme for N only really pays of, suddenly copying large files via Wireless makes sense and is useable. Knowing that the addition of the second Wifi Set in the latest Airport Extremes make a lot of sense, especially when sharing Media over Wifi.

Using S/MIME in GMail

I’m a big fan of EMail encryption and Authentification, because I use EMail like Letters, and would like to assure the recipient that it’s really me who’s sending it. Also if it’s Privat or if I might be sending the occasional Password, I would like to encrypt.

Since S/MIME is build into pretty much every EMail Programm on the Planet (Apple Mail, Outlook, Thunderbird, Evolution etc.) I prefer it over PGP/GPG. Well I got my Certificat from www.thawte.com which worked really flawlessly, and they also tell you how to Integrate it in about ever Mail Programm there is, the only Problem I have is:

What do I do If I’m on a Computer without my Mail Programm?

But since I use GMail there is a nice solution, GMail S/MIME I finally no longer have to run Thunderbird on my Netbook but can stick to Firefox, and thats all I need. Simply Import your Certificate, and the Thawte Root CA under Certificates (Preferences -> Advanced -> View Certificates ), and your good to go, no other Configuration needed.

It works great for me, so I guess finally I can tell more People to use S/MIME.

Get Wireshark to recognize the Networkinterfaces on MacOSX

Since working extensively with PXEBoot, TFTP, Xen Virtual Networking and all this good stuff I’m very depended on Wireshark for my debugging. Sadly the way Wireshark works on BSD style Network devices, like in MacOSX, it would have to be run as Root to be able to read the capture. Since I’m kind of security conscious, I really don’t like running Apps as root, and especially Apps exposed to the Network. Looking around I discovered 2 workarounds, one good one and one hack.

1. The Hack:

Make the capture devices readable by the user by running:

sudo chgrp staff /dev/bpf*

sudo chmod g+r /dev/bpf*

This works great if you are administrator on your Mac (I’m not, I’m a standart user), and if you are willing to enter this every time you reboot in the Terminal.

2. The Good way:

Install a Startup Item which is executed at boot by the lauchd as root, to change the Permissions on the capture devices. To do this first you need to login as Administrator once to create the Startup Item then you need to create a Folder

sudo mkdir -p /Library/StartupItems/ChmodBPF

in this Folder there will be 2 files: 1 executable shell script which sets the Permissions and 1 plist, which just has to be there I guess. On how to create those files you can look here or just download the once created already from here and put it in the Folder.

Now make sure the Permissions are set correctly

sudo chown -R root:wheel /Library/StartupItems/ChmodBPF

sudo chmod 644 /Library/StartupItems/ChmodBPF/StartupParameters.plist

sudo chmod 755 /Library/StartupItems/ChmodBPF/ChmodBPF

Now after a reboot Wireshark should work fine, recognizing all the Interfaces, and being able to capture from them.