Uncategorized

Battlefield 3 – PunkBuster breaks!@#$%

0
January 25, 2012
by Michael McNamara in ,

I’ve been a big Battlefield fan ever since Battlefield 1942 and the mod Desert Combat. I really enjoyed Battlefield 2 and Battlefield 2142, so I was expecting a lot from Battlefield 3 when it was released late last year. While the graphics and basic game play are truly amazing the team work aspects of the game seem very much an after thought which is very disappointing. In the initial release of the game you couldn’t manually select which squad you wanted to join, a feature that’s been in every Battlefield game since the beginning of time. And where was the in-game voice communications? A feature that revolutionized PC gaming was gone and replaced again by a solution that seem to be an after thought, ESN Sonar. With all those issues the game has still been a lot of fun, however, recently it seems that hacks and cheats are becoming spoiling the fun.

Which leads me to the current issue facing Battlefield 3 players. PunkBuster appears to be broken and is preventing a large number of Battlefield 3 players from enjoying the game. Players are getting kicked from server almost immediately after joining. Here’s an example of the log message you’ll find on the server side;

PunkBuster Server: RESTRICTION: player1 (slot #2) [1610dac7419406201db5a46fxxxxxxxx(-) 75.111.11.111:3659] Service Communication Failure: PnkBstrB.exe driver failure (PnkBstrK.sys) ffab
PunkBuster Server: RESTRICTION: player1 (slot #2) [1610dac7419406201db5a46fxxxxxxxx(-) 75.111.11.111:3659] Service Communication Failure: PnkBstrB.exe driver failure (PnkBstrK.sys) ffab
PunkBuster Server: Kick Command Issued (RESTRICTION: Service Communication Failure: PnkBstrB.exe driver failure (PnkBstrK.sys) ffab) for (slot#2) 75.111.11.111:3659 1610dac7419406201db5a46fxxxxxxxx player1
PunkBuster Server: Lost Connection (slot #2) 75.111.11.111:3659 1610dac7419406201db5a46fxxxxxxxx(-) player1

It didn’t take too long until I stumbled across a Battlelog post from EA/Dice that acknowledged there was an issue with PunkBuster. There was an article on PC Gamer that alluded to some issues around hackers potentially injecting unauthorized bans into the ban lists that are streamed from PBBans and GGC.

Several Game Service Providers (GSP) posted the following note on their sites;

We are hearing reports that GGC / PBBans are being exploited and many players are being incorrectly banned by an exploit in the streaming process. We suggest customers disable using the GGC / PBBans banlists until this is resolved.

There was also a recent blog post from EA/Dice where they claimed they were going to start clamping down on the rampant hacks and cheats that are pervasive throughout the multiplayer servers. It looks like they might have broken something when they started clamping down, let’s hope there’s a fix soon.

You can try updating your installation of PunkBuster but this time around it appears that the problem is somewhere in the cloud. Sorry!

What game(s) do you play if any?

Cheers!

Updated: Friday January 27, 2012 – apparently the PunkBuster problems have been resolved.

Asterisk Now with Avaya IP Phones

0
January 15, 2012
by Michael McNamara in ,

There’s been a lot of discussion lately around connecting Avaya (legacy Nortel) IP phones with third-party SIP capable call servers. I’ve personally toyed with Asterisk on a number of occasions and have always been impressed so I recently setup an Asterisk Now installation (AsteriskNOW-1.7.1-i386.iso) on a CentOS 6.2 KVM host so I could re-test the interoperability between the latest version of Asterisk (v1.6.2.20) and the 1100 and 1200 series IP phones from Avaya running SIP v4.0 and SIP v4.3 respectively.

The installation was pretty straight forward, however, there were a few small issues that I had to deal with. Initially I was unable to connect to the server and found that the firewall was enabled, so I had to disable the firewall with the following commands, service iptables stop, chkconfig iptables off. I was also getting a weird error in the FreePBX gui when I tried to apply the configuration;

exit: 126
sh: /var/lib/asterisk/bin/retrieve_conf: Permission denied

…this turned out to be an issue with SELINUX, so I had to edit /etc/selinux/config and disable SELINUX (a reboot is required for the change to take effect). Once I did those few steps I was ready to create some extensions so I created 1001 and 1002 and set their password (secret) to ‘abc123′.

The Avaya (legacy Nortel) IP phones can be provisioned from a TFTP server so I installed a TFTP server on my Asterisk server using yum install tftp-server. Then I enabled the TFTP server with chkconfig tftp on and finally I had to restart xinetd with service xinetd restart. I placed the files I needed in the /tftpboot directory including 1220SIP.cfg, 1120eSIP.cfg and users.dat (these filenames are case sensitive on a Linux server – if you use a Windows server such as TFTPD32 then the case is not an issue). I configured my local DHCP server to offer DHCP option 66 (TFTP Server) and I was off and running. The 1220 and 1120e both booted, download the provisioning files from the TFTP server, and connected to the Asterisk server. I entered the username and passwords and I was logged in and running in seconds placing calls between the two handsets.

I had to refer to my original post on the forums on what settings I needed to disable the extended license;

http://forums.networkinfrastructure.info/nortel-ip-telephony/disabling-features-from-extended-feature-set-on-ip-deskphone/

Here’s what the configuration files on the TFTP server looked liked, the 1220SIP.cfg file contained the following lines;

[FW]
DOWNLOAD_MODE AUTO
VERSION SIP12x004.03.09.00
FILENAME SIP12x004.03.09.00.bin
PROTOCOL TFTP

[DEVICE_CONFIG]
DOWNLOAD_MODE FORCED
VERSION 000200
FILENAME users.dat

[DIALING_PLAN]

The 1120eSIP.cfg file contained the following lines;

[FW]
DOWNLOAD_MODE AUTO
VERSION SIP1120e04.00.04.00
FILENAME SIP1120e04.00.04.00.bin
PROTOCOL TFTP

[DEVICE_CONFIG]
DOWNLOAD_MODE FORCED
VERSION 000200
FILENAME users.dat

[DIALING_PLAN]

The users.dat file contained the following lines;

DNS_DOMAIN local
SIP_DOMAIN1 asterisk.local
SERVER_IP1_1 192.168.1.10
SERVER_PORT1_1 5060
SERVER_RETRIES1 3

VMAIL 5000
VMAIL_DELAY 300

DEF_LANG English
DEF_AUDIO_QUALITY High

ADMIN_PASSWORD 26567*738
SSH YES
SSHID admin
SSHPWD admin
# Settings to disable extended license
MAX_LOGINS 1
USB_HEADSET LOCK
EXP_MODULE_ENABLE NO
ENABLE_SERVICE_PACKAGE NO
IM_MODE DISABLED
AVAYA_AUTOMATIC_QoS NO
VQMON_PUBLISH NO
SIP_TLS_PORT 0
ENABLE_BT NO

I did have to re-configured the 1220 to AllAut before it would honor the settings in the TFTP provisioning file.

Cheers!

Avaya Split MultiLink Trunking (SMLT) Layer 2 Trunking

5
December 5, 2011
by Michael McNamara in ,

It was recently pointed out to me that I had never written a post documenting how to configure SMLT to a edge/closet switch. While there are plenty of examples in the Avaya/Nortel technical guides I’ll humor the folks that are interested. In this example I’ll configure a pair of ERS 8600 switches utilizing SMLT over SLT (Single Link Trunks).

Let’s assume that these switches are already setup in an IST pair (future post?) and that we want to add a new edge/closet switch to the network. We’ll utilize port 1/7 on both ERS 8600 switches to connect to ports 1/47 and 1/48 on the edge switch. The edge switch should be setup as an MLT. You can refer to this post for additional details regarding how to configure the edge switch.

Here’s a diagram of our example topology…

SMLT Layer 2 Topology Diagram

Step 1.

Let’s start configuring the ERS8600-A switch;

config ethernet 1/7 perform-tagging enable
config ethernet 1/7 untagged-frames-discard enable
config ethernet 1/7 default-vlan-id 200
config ethernet 1/7 cp-limit enable multicast-limit 7500 broadcast-limit 5000
config ethernet 1/7 enable-diffserv true
config ethernet 1/7 slpp packet-rx enable
config ethernet 1/7 slpp packet-rx-threshold 5
config ethernet 1/7 mstp cist forceportstate disable
config ethernet 1/7 mstp msti 1 forceportstate disable
config ethernet 1/7 smlt 107 create
config ethernet 1/7 vlacp  enable
config ethernet 1/7 vlacp  fast-periodic-time 500
config ethernet 1/7 vlacp  timeout short
config ethernet 1/7 vlacp  timeout-scale 5

Let’s break down those commands and review each;

  • config ethernet 1/7 perform-tagging enable

This command will enable tagging to make the port an 802.1q trunk port. This will enable us to trunk multiple VLANs over the single interface, it will also preserve an Layer 2 QoS/CoS information.

  • config ethernet 1/7 untagged-frames-discard enable

This command will discard any non 802.1q tagged frames that are received on the port. This can be a valuable defense measure in protecting your network. What would happen if the edge switch was accidentally factory reset with both uplinks still connected? A loop would result, however, with this feature all frames from the edge switch will be discarded until the switch is reconfigured.

  • config ethernet 1/7 default-vlan-id 200

This command will set the PVID to our management VLAN. This value will only be considered if the port receives a frame which doesn’t have an 802.1q header and hence is missing the VLAN ID. The command “untagged-frames-discard enable” essentially negates this command but we set it anyway so we’re consistent in our configurations.

  • config ethernet 1/7 cp-limit enable multicast-limit 7500 broadcast-limit 5000

This command will enable CP-Limit to protect the core network from too many Multicast or broadcast packets flooding the link. CP-Limit will shutdown the link to try and protect the core network. This is just one of many defense mechanisms available to help protect your network.

  • config ethernet 1/7 enable-diffserv true

This command will enable DiffServ (Layer 3 QoS) on the switch port and set it for Trusted, so the switch will honor all DiffServ marked packets and give those packets the appropriate priority and queuing.

  • config ethernet 1/7 slpp packet-rx enable
  • config ethernet 1/7 slpp packet-rx-threshold 5

These commands will enable Simple Loop Protection Protocol (SLPP) to help detect any misconfiguration of the MultiLink trunks on the edge/closet switch.

  • config ethernet 1/7 mstp cist forceportstate disable
  • config ethernet 1/7 mstp msti 1 forceportstate disable

These commands will disable Multiple Spanning Tree Protocol (MSTP) no the switch ports. Spanning Tree is not compatible with Avaya’s Split Trunking Protocol since we are quite literally creating a loop in the physical topology. If this switch was running STP the command would like so, ethernet 1/7 stg 1 stp disable.

  • config ethernet 1/7 smlt 107 create

Here’s the command that you’ve been waiting for … this command essentially creates a S-SMLT or Single Link Trunk (SLT). The  ID used in the connection needs to match the peer ERS 8600 switch.

Design note – in my networks I use numbers to denote the different IDFs or ICRs. I usually add 100 to those numbers for the SMLT ID and VLAN IDs. Since this is IDF #7 (or ICR #7) the SMLT ID is 100 + 7 = 107 and the VLAN for this closet will eventually be 107. If I was still using VRRP the VRRP ID would also be 107. You can use whatever number you’d like but they must match on the two ERS 8600s!

  • config ethernet 1/7 vlacp  enable
  • config ethernet 1/7 vlacp  fast-periodic-time 500
  • config ethernet 1/7 vlacp  timeout short
  • config ethernet 1/7 vlacp  timeout-scale 5

These commands enable VLACP on the port and utilize the recommended values from Avaya.

You should repeat the commands above in Step 1 on both Avaya Ethernet Routing Switch 8600s, substitute the appropriate port numbers and SMLT ID. 

Design note – in my networks the edge/closet switches are still Layer 2 only so I perform all the routing in the core switches. I will usually have a “default” VLAN per edge/closet switch although I do have multiple VLANs that span multiple edge/closet switches.

Step 2.

With the port configured now we’ll build the VLAN that we’ll associate with most ports on the edge switch.

config vlan 107 create byport-mstprstp 1 name "10-1-112-0/23"
config vlan 107 add-mlt 1
config vlan 107 ports add 1/7 member portmember
config vlan 107 fdb-entry aging-time 21601
config vlan 107 ip create 10.1.112.1.1/255.255.254.0 mac_offset 0
config vlan 107 ip igmp proxy-snoop enable
config vlan 107 ip igmp snoop enable
config vlan 107 ip dhcp-relay enable
config vlan 107 ip ospf interface-type passive
config vlan 107 ip ospf enable
config vlan 107 ip rsmlt enable
config vlan 107 ip rsmlt holdup-timer 9999

Let’s break down those commands and review each;

  • config vlan 107 create byport-mstprstp 1 name “10-1-112-0/23″

This command will create VLAN 107 and make it a port based VLAN with the name “10-1-112-0/23″. You might be asking what the mstprstp is… this specific switch I’m working with has been deployed with MSTP enabled. If you have a switch still using STP (default) then the command would look like so config vlan 107 create byport 1 name “10-1-112-0/23″

  • config vlan 107 add-mlt 1

This command will add VLAN 107 to our IST which in this case happens to be MLT ID 1.

  • config vlan 107 ports add 1/7 member portmember

This command will add VLAN 107 to port 1/7 which we are using to connect our edge/closet switch.

  • config vlan 107 fdb-entry aging-time 21601

This command will set the default FDB aging time for all MAC information learned in this VLAN to 6 hours and 1 second. This is a best practice recommendation by Avaya to help reduce the ARP broadcast storms that can result when the FDB table expires a large number of entries which then in turn causes them to be removed from the ARP table causing the switch to re-ARP for them.

  • config vlan 107 ip create 10.1.112.1.1/255.255.254.0 mac_offset 0

This command will configure a Layer 3 interface on VLAN 107 with the IP address of 10.1.112.1/23. Your mac_offset will differ depending on how many IP interfaces you already have deployed on your switch.

  • config vlan 107 ip igmp proxy-snoop enable
  • config vlan 107 ip igmp snoop enable

This command will enable IGMP snooping and proxy on the VLAN.

  • config vlan 107 ip dhcp-relay enable
  • config vlan 107 ip dhcp-relay create-fwd-path server 10.1.1.100
  • config vlan 107 ip dhcp-relay enable-fwd-path server 10.1.1.100

These commands will enable DHCP relay on the VLAN, and forward all DHCP requests to 10.1.1.100.

  • config vlan 107 ip ospf interface-type passive
  • config vlan 107 ip ospf enable

This command will enable OSPF on the VLAN and will set it to passive (best practice for edge/closet VLANs).

  • config vlan 107 ip rsmlt enable
  • config vlan 107 ip rsmlt holdup-timer 9999

This command will enable RSMLT which replaces the VRRP functionality. We set the holdup-timer to infinity, we don’t want the ERS 8600 to stop accepting packets for it’s peer at anytime.

You should repeat the commands above in Step 2 on both Avaya Ethernet Routing Switch 8600s, substitute the appropriate IP address and ports.

Step 3.

There are a few items that we still need to take care of to round out the configuration.

We need to enable SLPP for VLAN 107;

  • config slpp operation enable
  • config slpp add 107

These commands will enable SLPP globally and will also enable SLPP in VLAN 107.

Step 4.

Here are some commands you can use to verify the configuration and operation.

You can check the SMLT table and verify that the trunk is configured as SMLT and operating as SMLT;

ERS-8610-A:5# show smlt info
================================================================================
Mlt SMLT Info
================================================================================
MLT   SMLT     ADMIN    CURRENT
ID    ID       TYPE     TYPE
--------------------------------------------------------------------------------
4     4        smlt     smlt
10    10       smlt     norm
15    15       smlt     norm

================================================================================
Port SMLT Info
================================================================================
PORT  SMLT     ADMIN    CURRENT
NUM   ID       TYPE     TYPE
--------------------------------------------------------------------------------
1/7   3        smlt     smlt
4/4   6        smlt     smlt

You can check the MLT table and verify that VLAN 107 is a member of MLT 1 (IST);

ERS-8610-A:5# show mlt info
================================================================================
Mlt Info
================================================================================
PORT    SVLAN  MLT   MLT        PORT         VLAN
MLTID IFINDEX NAME      TYPE    TYPE  ADMIN CURRENT    MEMBERS      IDS
--------------------------------------------------------------------------------
1   6144  MLT-IST      trunk   normal ist    ist      1/1,4/1,8/1       1 2 3 4 5 9 10 20 21 25 99 100 101 102 103 107 198 199 200

You can verify that the IST is up and operational between the two ERS 8600 switches;

ERS-8610-A:5# show mlt ist info
================================================================================
Mlt IST Info
================================================================================
MLT   IP                   VLAN     ENABLE   IST
ID    ADDRESS              ID       IST      STATUS
--------------------------------------------------------------------------------
1     10.1.100.2         100      true     up

You can check the state of VLACP on port 1/7 to confirm that VLACP is enable and up.

ERS-86010-A:5# show port info vlacp port 1/7
================================================================================
VLACP Information
================================================================================
INDEX ADMIN   OPER    PORT   FAST    SLOW    TIMEOUT TIMEOUT ETHER      MAC
ENABLED ENABLED STATE  TIME    TIME    TIME    SCALE   TYPE       ADDR
--------------------------------------------------------------------------------
1/7   true    true    UP    500     30000   short     5      0x8103    01:80:c2:00:11:00

You can check the SONMP topology tables to make sure you have the correct port(s).

ERS-8610-A:5# show sys topology
================================================================================
Topology Table
================================================================================
Local                                                                     Rem
Port  IpAddress       SegmentId MacAddress   ChassisType      BT LS  CS   Port
--------------------------------------------------------------------------------
0/0  10.1.1.1      0x000000  0004387xxxxx ERS8610          12 Yes HtBt  0/0
1/1  10.1.1.2      0x000101  000fcdfxxxxx ERS8610          12 Yes HtBt  1/1
1/7  10.1.255.20   0x00012f  0014c73xxxxx mBayStack5520-48T-PWR 12 Yes HtBt  1/47

Cheers!

Go to Top