Airflow mode of Cisco Nexus 93180yc FX3

I need to rack and stack Cisco Nexus 93180yc FX3 in my datacenter, therefore, I need to know what airflow mode to choose.

The Nexus 9K datacenter switches support two airflow modes

1. Portside intake - sucks cold air into network ports and blows warm air out of the power supply's  into hot aisle 
2. Portside exhaust - sucks cold air into power supply's and blows warm air out of the ports into hot aisle

The network ports should be located on the same side of the rack as the server’s rear panel, therefore, I need portside exhaust airflow mode.

Hope this helps other IT guys in the field. 

IPv4 Addresses Cheat Sheet

Bellow is my cheat sheet about IPv4 addresses and sub-netting.

 

 

The cheat sheet is primarily for myself :-), but somebody else can find it helpful and use it.

Description: The math binary representation of IP octets (bytes) and relation to Net Subnetting.

Keywords: Class Addressing, Classless Addressing, Tips & Tricks

 

VMware Fusion: Mount hgfs into Ubuntu Linux

This is a very short blog post. Here is the procedure howto manually mount macOS shared folders into Ubuntu Linux running as VM in VMware Fusion ...

sudo vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other

Why does a shut down Dell server consume 50W?

Question: Why does a shut down Dell server consume 50W?

 

Short Answer: Because some hardware components still consume power when the server is not disconnected from power. 

Longer Story with details 

I have Dell PowerEdge R620 with iDRAC7 in my home lab and here is the home power consumption in two scenarios

1. shutdown server still connected to power (531 Watts)
2. server fully disconnected from the power (475 Watts)

Scenario 1: shutdown server still connected to power

 

Scenario 2: server fully disconnected from the power

The difference between above two scenarios is ~ 50W. Why? 

Let's dive deeper. 

FortiGate Configuration Backup via REST API

One of my customers would like to backup FortiGate configuration as part of DRBC (Disaster Recovery and Business Continuity) Solution.

FortiGate supports REST API so it is great solution to periodically get configuration, store it into some file directory and leverage Veeam Backup and Replication solution to backup FortiGate configurations in with company standard protection process. 

In this blog post I document all customer's specific design factors and also the solution prototype how to fulfill these factors and backup FortiGate configuration into file directory.

I personally prefer *nix way over Windows, therefore, I will leverage Linux Docker and PowerShell to get information from FortiGate security appliance and put it into file directory. Docker solution could be leveraged on Windows operating systems as well.

If you are interested in details, read on.

David Pasek’s version of Greg Ferro’s 11 rules of design

Design documentation is not literature; it is a technical tool. The goal is clarity, precision, and usability. Here are 11 rules to guide you when writing a design document.

Greg Ferro's Eleven Rules of Design Documentation

Here is Greg Ferro’s approach to designing network design documentation. The “world” of networks is too big and varied to have only one document to cover more than one or two projects, but here are some rules to write a detailed Design document.

My IT Infrastructure Tips & Tricks - tmux

tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal. Tmux is available on Linux and BSD systems.

Let's dive into TMUX usage ...

ZeroEcho: Open Source, Future-Ready Cryptography for Java

What is ZeroEcho?

ZeroEcho is an open-source cryptography toolkit for Java. It builds on trusted providers such as Bouncy Castle (especially for post-quantum algorithms) and organizes them into a coherent, safe, and scriptable framework.

It is designed for developers, researchers, and practitioners who want to build cryptographic workflows that are:

• Secure today with classical algorithms, and
• Resilient tomorrow with post-quantum standards. 

Get Started

📂 Repository: https://gitea.egothor.org/Egothor/ZeroEcho

📖 Documentation: https://www.egothor.org/javadoc/zeroecho/lib/

Source: https://www.linkedin.com/pulse/zeroecho-open-source-future-ready-cryptography-java-leo-galambos-pgu2e/ 

sshuttle: where transparent proxy meets VPN meets ssh

sshuttle: where transparent proxy meets VPN meets ssh

https://sshuttle.readthedocs.io/en/stable/overview.html

 

What is GPON?

GPON stands for Gigabit Passive Optical Network.

It’s a type of fiber-optic broadband technology used by internet service providers (ISPs) to deliver high-speed internet, TV, and phone services to homes and businesses.

Signi.com & Electronic Signatures

Foundation – eIDAS Signature Levels

Under EU law (eIDAS 910/2014), electronic signatures can be:

• SES – Simple Electronic Signature (basic: typed name, click-to-sign, tickbox).

• AdES – Advanced Electronic Signature (cryptographically bound to the signer, integrity-protected).

• QES – Qualified Electronic Signature (requires a qualified certificate + secure signing device; legally equivalent to handwritten signature in the EU).

👉 Signi supports SES, AdES, and in certain cases QES (e.g. with BankID or qualified certificates).

How to set PERC H310 Mini to HBA mode and use disks diretly?

H310/H710/H710P/H810 Mini & Full Size IT Crossflashing

Original Source: https://fohdeesha.com/docs/perc.html

This guide allows you to crossflash 12th gen Dell Mini Mono & full size cards to LSI IT firmware. Mini Mono refers to the small models that fit in the dedicated "storage slot" on Dell servers. Because iDRAC checks the PCI vendor values of cards in this slot before allowing the server to boot, the generic full-size PERC crossflashing guides do not apply. This guide however solves that issue. Technical explanation for those curious. The following cards are supported:

• H310 Mini Mono
• H310 Full Size
• H710 Mini Mono
• H710P Mini Mono
• H710 Full Size
• H710P Full Size
• H810 Full Size

Garage Keyboard

Hardware 

• Klon Arduino NANO CH340
• Membránová klávesnice pro Arduino 3 x 4 matice
• Rozšiřující sada nepájivé pole a vodiče 

E-Shop: https://dratek.cz/ 

Training videos: 

• Arduino Basics
• https://www.youtube.com/watch?v=6OR7STWnIaE
• https://www.youtube.com/watch?v=fJWR7dBuc18 
• Arduino + keyboard: https://www.youtube.com/watch?v=afl15UdQiaw

 

PCIe bandwidth

Various PCIe versions bandwidth ...

PCIe Bandwidth

 

How to connect Tuya device to Node-Red

Here is the process how to get Device ID and Local Key for Tuya device.   

1. Create a Tuya Developer Account
• Go to https://iot.tuya.com and register for a developer account. 
2. Create a Cloud Project
3. Link Tuya App Account
• In your cloud project, navigate to the "Devices" tab and select "Link Tuya App Account." You'll typically scan a QR code with your Immax NEO PRO app (or Tuya Smart/Smart Life app) to authorize the link.
4. Get Device ID
• Once linked, your devices from the app should appear under the "Devices" tab in your cloud project. Note down the "Device ID" for each Tuya device you want to control. 
5. Create API Subscription
• Go to "Cloud" > "Cloud Services"
• Subscribe to
•  IoT Core Services
6. Still within the "Cloud Services" section, after subscribing, click on "My Service"
• For each of the services you just subscribed to, click "View Details"
• Go to the "Authorized Projects" tab 
• Ensure your specific cloud project is listed and authorized here. If not, you may need to click "Add Authorization" and select your project.
7. Get Local Key
• Go to "Cloud" -> "API Explorer."
• Under "Smart Home Device Control" (or similar), look for an option like "Query Device Details in Bulk" or "Get Device Specification Attribute."
• Device Management > Query Device Details 
• Input your Device ID and submit the request.
• The "Local Key" should be in the JSON response.

 

Převod souboru z MKV na MP4 pomocí ffmpeg

Pro převod souboru z MKV na MP4 pomocí ffmpeg použij následující příkaz:

ffmpeg -i vstup.mkv -codec copy vystup.mp4

Pokud MKV obsahuje kodeky, které nejsou kompatibilní s MP4 (např. některé titulky nebo audio kodeky), můžeš použít překódování:

ffmpeg -i vstup.mkv -c:v libx264 -c:a aac -strict experimental vystup.mp4

How to install and configure network printer and scanner in Linux Mint

Because of sustainability, I would like to use old Laptop/Printer/Scanner devices. 

This blog post is focused on Printer and Scanner.

I have a Canon MX350, so the runbooks for installing and using the printer and scanner were tested only with this model.

How to Install and Configure NVIDIA Graphics Card in FreeBSD

 

[SKIP - NOT USED] Install driver for NVIDIA Graphics Card

pkg install nvidia-driver

sysrc kld_list+="nvidia nvidia-modeset"

sysrc linux_enable="YES" 

[SKIP - NOT USED] Configure the NVIDIA driver in a configuration file

cat >> /usr/local/etc/X11/xorg.conf.d/20-nvidia.conf << EOF
Section "Device"
    Identifier "Card0"
    Driver     "nvidia"

    BusID     "pci0:0:1:0"  
EndSection

EOF

[SKIP - NOT USED] NVIDIA configuration (it creates /etc/X11/xorg.conf)

pkg install nvidia-xconfig

nvidia-xconfig

How to get VMs with specific custom attribute?

Here is the Onliner to list VMs with custom attribute "Last Backup" ...

Get-VM | Select-Object Name, @{N='LastBackup';E={($_.CustomFields | Where-Object {$_.Key -match "Last Backup"}).Value}} | Where-Object {$_.LastBackup -ne $null -and $_.LastBackup -ne ""}

and here is the another one to count the number of such VMs ...

Get-VM | Select-Object Name, @{N='LastBackup';E={($_.CustomFields | Where-Object {$_.Key -match "Last Backup"}).Value}} | Where-Object {$_.LastBackup -ne $null -and $_.LastBackup -ne ""} | Measure-Object | Select-Object Count

 

How to get all VMs restarted by VMware vSphere HA? PowerCLI OneLiner below will do the magic ...

Get-VIEvent -MaxSamples 100000 -Start (Get-Date).AddDays(-1) -Type Warning | Where {$_.FullFormattedMessage -match "restarted"} | select CreatedTime,FullFormattedMessage | sort CreatedTime -Descending | Format-Table

How to compress PDF file in Linux

I'm using Linux Mint with xsane for scanning documents on my old but still good Canon MX350 printer/scanner. Scans are saved as huge PDF documents (for example 50 MB) and I would like to compress it to consume much less disk space.

Install Ghostscript

apt install ghostscript

Compress the file input.pdf

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook -dNOPAUSE -dQUIET -dBATCH -sOutputFile=output_compressed.pdf input.pdf

Let's break down these options

• -sDEVICE=pdfwrite: Tells Ghostscript to output a PDF file.
• -dCompatibilityLevel=1.4: Sets the PDF version. Version 1.4 is quite old but widely compatible and often allows for good compression. You can try 1.5 or 1.6 for slightly more modern features and potentially better compression in some cases.
• -dPDFSETTINGS=/ebook: This is the main compression control. As mentioned, /ebook usually gives a good balance.
• -dNOPAUSE -dQUIET -dBATCH: These make Ghostscript run silently and non-interactively.
• -sOutputFile=output_compressed.pdf: Specifies the name of the compressed output file.
• input.pdf: original 50 MB PDF.

Lossy compression (322x) from 50 MB to 155 KB without any visible degradation is worth to keep cloud (Google drive) costs low.

My VIM configuration file

My preferred editor in unix-like systems is vi or vim. VI is everywhere and VIM is improved for scripting and coding.

VMware VCF's SDDC Backup over sftp

You can do a native VCF SDDC Manager backup via SFTP protocol. SFTP is a file transfer protocol that operates over the SSH protocol. When using SFTP for VMware VCF's backup, you're effectively using the SSH protocol for transport.

For VCF older than 5.1, you have to allow ssh-rsa algorithm for host key and user authentication on your SSH Server.

It is configurable in SSH Daemon Configuration (/etc/ssh/sshd_config) on your backup server should have following lines to allow ssh-rsa algorithm for host key and user authentication.

# add ssh-rsa to the list of acceptable host key algorithms

HostKeyAlgorithms +ssh-rsa

 

# allow the ssh-rsa algorithm for user authentication

PubkeyAcceptedAlgorithms +ssh-rsa

 

 

This should not be necessary for SDDC Manager in VCF 5.1 and later.

 

RaspberryPi - GPIO control over Web Interface

How to use RaspberryPi inputs and outputs? The easiest way is to use the GPIO pins directly on the RaspberryPi board.

Hardware

Raspberry Pi has 8 freely accessible GPIO ports. which can be controlled. In the following picture they are colored green. 

GPIO ports

Attention!!! GPIO are 3.3V and do not tolerate 5V !! Maximum current is 16mA !! It would be possible to use more of them by changing the configuration.

Software

First you need to install the ligthhttpd (or apache ) server and PHP5:
sudo groupadd www-data
sudo apt-get install lighttpd
sudo apt-get install php5-cgi
sudo lighty-enable-mod fastcgi
sudo adduser pi www-data
sudo chown -R www-data:www-data /var/www
In the lighthttpd configuration

you need to add:
bin-path" => "/usr/bin/php5-cgi
socket" => "/tmp/php.socket"

Now you need to restart lighthttpd:
sudo /etc/init.d/lighttpd force-reload

This will run our webserver with PHP.

Now we get to the actual GPIO control. The ports can be used as input and output. Everything needs to be done as root.

First you need to make the port accessible:
echo "17" > /sys/class/gpio/export

Then we set whether it is an input (in) or output (out):
echo "out" > /sys/class/gpio/gpio17/direction

Set the value like this:
echo 1 > /sys/class/gpio/gpio17/valu

Read the status:
cat /sys/class/gpio/gpio17/value

This way we can control GPIO directly from the command line. If we use the www interface for control, we need to set the rights for all ports so that they can be controlled by a user other than root.
chmod 666 /sys/class/gpio/gpio17/value
chmod 666 /sys/class/gpio/gpio17/direction

How to create a template on XCP-ng with XenOrchestra

"In this post I will show you how to create a template in XenOrchestra and using an image we created and customized ourself. " ... full blog post is available at https://blog.bufanda.de/how-to-create-a-template-on-xcp-ng-with-xenorchestra/

VMware vSAN ESA on Cisco UCS - TCP Connection Half Open Drop Rate

During the investigation of high disk response times in one VM using vSAN storage, I saw a strange vSAN metric (TCP Connection Half Open Drop Rate).

What is it?

I have opened support ticket with VMware Support (2025-02-13) and started my own troubleshooting in paralel.

VMware vs OpenStack

Here are scrrenshot from Canonical webcast

Feature comparison

OpenStack technological stack

 

System containers (LXD) vs Application Containers (Docker)

 

 

 

vSphere 8 consumption gui

Source: https://www.linkedin.com/posts/katarinawagnerova_vsphere-kubernetes-vms-ugcPost-7213567854271492099-ygOq?utm_source=share&utm_medium=member_ios

Infrastructure & Application Monitoring with Checkmk

Source: https://checkmk.com/ 

docker container run -dit -p 8080:5000 -p 8000:8000 --tmpfs /opt/omd/sites/cmk/tmp:uid=1000,gid=1000 -v monitoring:/omd/sites --name monitoring -v /etc/localtime:/etc/localtime:ro --restart always checkmk/check-mk-cloud:2.3.0p24

 

 

VCF - nested ESX

Source: https://mhvmw.wordpress.com/2024/12/29/part-iii-beginners-guide-using-nested-esxi-hosts-for-a-vcf-5-2-1-home-lab/

 

Shodan - Search Engine for the Internet of Everything

Search Engine for the Internet of Everything

https://www.shodan.io/

Shodan is the world's first search engine for Internet-connected devices. Discover how Internet intelligence can help you make better decisions.

Network Monitoring Made Easy

Within 5 minutes of using Shodan Monitor you will see what you currently have connected to the Internet within your network range and be setup with real-time notifications when something unexpected shows up.

ČRa new data center

Source: https://www.cra.cz/tiskove-centrum/datova-centra/cra-se-stanou-jednickou-mezi-provozovateli-datovych-center-ziskaly-uzemni-rozhodnuti-pro-nove-dc

CRA se stanou jedničkou mezi provozovateli datových center, získaly územní rozhodnutí pro nové DC

České Radiokomunikace (CRA) finišují s přípravami jednoho z nejambicióznějších projektů v oblasti digitální infrastruktury v České republice, nového datového centra. Podařil se další významný krok, CRA získaly územní rozhodnutí. V lokalitě Praha Zbraslav vznikne do dvou let jedno z největších zařízení svého druhu nejen v České republice, ale i v Evropě, které bude mít kapacitou přes 2 500 serverových racků a příkon 26 megawattů. 

Tarsnap - Online backups for the truly paranoid

Source: http://www.tarsnap.com/

 

NAS Performance: NFS vs. SMB vs. SSHFS | Jake’s Blog

Source: https://blog.ja-ke.tech/2019/08/27/nas-performance-sshfs-nfs-smb.html 

NAS Performance: NFS vs. SMB vs. SSHFS

Aug 27, 2019 ~ updated: Apr 2, 2020

This is a performance comparison of the the three most useful protocols for networks file shares on Linux with the latest software. I have run sequential and random benchmarks and tests with rsync. The main reason for this post is that i could not find a proper test that includes SSHFS.

Best DevOps tools

Source: https://www.virtualizationhowto.com/2025/01/best-containers-for-devops-in-2025/ 

Best Containers for DevOps in 2025

A look at the top Docker containers for DevOps in 2025. Streamline your code projects and automation with these cool and robust containers

Brandon Lee2 weeks agoLast Updated: January 16, 2025

10 minutes read 

Best containers for devops starting in 2025

JetKVM - Control any computer remotely by JetKVM

JetKVM - Control any computer remotely by JetKVM — Kickstarter

https://www.kickstarter.com/projects/jetkvm/jetkvm

https://www.cra.cz/cra-acquires-cloud4com-a-leading-cloud-computing-provider

CRA acquires Cloud4com, a leading cloud computing provider

A significant deal on the Czech IT scene, ARICOMA Group and České Radiokomunikace (CRA), the subsidiary of Cordiant Digital Infrastructure Limited (CORD), a specialist investor in digital infrastructure, announce that CRA are acquiring Cloud4com (C4C) from ARICOMA Group, along with its data centre in Lužice (together “the Transactions”). The price of the Transactions are partly conditional on 2024’s results, but expected to exceed CZK 1 billion. The Transactions, which took legal effect upon signature, also includes the conclusion of a strategic cooperation between ARICOMA Group and České Radiokomunikace.

FreeBSD X11 config in Virtual Box

PACKAGES

pkg install virtualbox-ose-additions

pkg install drm-kmod

/etc/rc.conf

ifconfig_em0="DHCP"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
moused_nondefault_enable="NO"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"

kld_list="/boot/modules/vboxvideo.ko"

zfs_enable="YES"
dbus_enable="YES"
moused_enable="YES"
devd_enable="YES"
vboxguest_enable="YES"
vboxservice_enable="YES"
tailscaled_enable="YES"
 

/boot/load.conf

drm_load="YES"
vboxdrv_load="YES"
vboxguest_load="YES"
vboxvideo_load="YES"

The secrets of MTU - L2 MTU vs. L3 MTU - Where does the fragmentation happen?

Source: https://www.packetstreams.net/2018/07/the-secrets-of-mtu-l2-mtu-vs-l3-mtu.html

"The Maximum Transmission Unit (MTU) is the largest possible frame size of a communications Protocol Data Unit (PDU) on an OSI Model Layer 2 data network." In today's network the standard MTU for Layer 3 IP packet is 1500 bytes. Meanwhile, the standard MTU for Layer 2 Ethernet frame is 1514 bytes ( 6 bytes source MAC + 6 bytes destination MAC + 2 bytes EtherType + 1500 bytes IP packet). For the Dot1Q trunk frame, extra 4 bytes for Dot1Q tag is added. So up to here, we understand that there are two types of MTUs. MTU for layer 2 frames and MTU for layer 3 packets.

How to simulate HDD serial number on VMware Workstation or Fusion

Question: Is possible to emulate HDD serial number on VMware Workstation?

Answer ...

Yes, it is possible to emulate or specify a custom HDD serial number on VMware Workstation. You can do this by editing the virtual machine's configuration file (.vmx). 

Broadcom (VMware) Useful Links for Technical Designer and/or Architect

Lot of URLs have been changed after Broadcom acquisition of VMware. That's the reason I have started to document some of useful links for me. 

Waydroid

A container-based approach to boot a full Android system on regular GNU/Linux systems running Wayland based desktop environments.

Waidroid Web Site