BGP routers only advertise the best path to their
neighbors. When a better path is found, it replaces the current path.
Advertising a path and replacing it with a new path is called an implicit withdraw.
Since we only advertise the best path, a lot of other possible paths are unknown to some of the routers. We call this path hiding.
Extra notes on additional path command syntax:
neighbor neighbor-id additional-paths send: We use this to configure the router so it sends multiple BGP paths to a neighbor.
neighbor neighbor-id additional-paths receive: If you have a neighbor that sends multiple paths, that’s nice but you still have to configure your local router that it wants to receive multiple paths.
bgp additional-paths select : you receive a bunch of paths from your neighbor but you can still configure your router which of these paths you actually want to use.
bgp additional-paths install: this tells the router to actually install a backup path that you selected with the “bgp additional-paths install” command.
neighbor neighbor-id advertise additional-paths: This configures your router which additional-paths you want to advertise to a neighbor. “all” means all additional-paths.
PPTP: To allow PPTP tunnel maintenance traffic, open TCP 1723. To allow PPTP tunneled data to pass through router, open Protocol ID 47.
L2TP over IPSec To allow Internet Key Exchange (IKE), open UDP 500. To allow IPSec Network Address Translation (NAT-T) open UDP 4500. To allow L2TP traffic, open UDP 1701.
OpenVPN uses port 1194 udp and tcp:
Here’s the Cisco access list: (gre=Protocol ID 47, pptp=1723, isakmp=500, non500-isakmp=4500):
permit gre any any permit tcp any any eq 1194 permit udp any any eq 1194 permit udp any any eq isakmp permit udp any any eq non500-isakmp permit udp any any eq 5500 permit tcp any any eq 1723 permit udp any any eq 1701
If natted address is being used by any of the peer then you need to open up the UDP port 4500 for ISAKMP.
If no natting is there then you need to open up the UDP port 500 for ISAKMP
For Phase 2: you need to explicitly open up the port for specific protocol like port 50 for AH and port 51 for ESP
IPSec can use ESP (protocol 50), or AH (protocol 51). AH breaks if used with any type of NAT with IPv4, so it is rarely ever used in a transform set.
Guacamole is a
clientless remote desktop gateway. After successful implementation of
this system on some PCs, now I want to use this on a Raspberry Pi 3 B+.
Following is how I do the installation on Raspbian system.
Copy following text and save it as “/etc/guacamole/guacamole.properties”
# Guacamole - Clientless Remote Desktop
# Copyright (C) 2010 Michael Jumper
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Hostname and port of guacamole proxy
# Auth provider class (authenticates user/pass combination, needed if using the provided login screen)
# NoAuth properties
Copy following text and save it as “/etc/guacamole/noauth-config.xml”
Copy following text and save it as “~/.config/autostart/x11vnc.desktop”
Exec=x11vnc -forever -nopw -rfbport 5900 -display :0
Restart Raspberry Pi:
$ sudo reboot
At this point guacamole should be automatically started at system
boot. You can try to open it from a web-browser, the address is
“<ip-address>:<port>/guacamole”. On my network it looks like
In case you use headless system (Raspberry Pi without display
attached) and you have poor display resolution, you can set the
parameters in “/boot/config.txt” from this:
The infamous heat issue with the Odroid HC2 is here. My simple solution is simply by plugging in cheap USB fan to the bottom of the case (I put my HC2 vertically for better heat dissipation). Below is the result.
And for the sake of comparison, here’s the CPU thermal reading for my RPi2 with no cooling (and running Node JS + Munin server)