ip_conntrack: table full, dropping packet / conclusions about connection tracking

The problem Recently one of our clients started a very large campaign and my servers got hit by twice the traffic it was handling normally. We actually didn’t have any problems, but from time to time you would notice this error message on our main firewall: ip_conntrack: table full, dropping packet Investigation I have seen this

Installing Vyatta 6.6 R1 with software raid 1

Intro For all my routers I usually choose at least some level of raid. As routers usually don’t need any disk performance, simple raid 1 – mirroring is enough to sustain disk failure and ensure server continues to work. Now let’s get busy and install our latest Vyatta on our server. Prerequisites To ensure fast

EncFS – Easy way of encrypting directory

Why? Usually system administrators need to secure their data. Plain text passwords, certificate files, private ssh keys laying around your disk are big security risk. Many times on existing system we don’t want to encrypt whole partition or just don’t have time to do it from scratch. We just need one folder encrypted and save our risky data in it.

Vyatta – SNAT – Randomly rotating public IP addresses

The problem Our contextual system uses bots/spiders to leech data from our customer’s websites in order to parse them and use extracted text for further content analysis. This means we have setup few servers that run bots/spiders. Can you imagine if 20 bots started leeching websites hosted on same webhosting using only one ip? That could be considered as sort of

DNS Geotargeting – Bind9

We recently had to setup some geo targeting with our domain name servers. We have different datacenters around the world and we wanted to keep our infrastructure as intact as possible, while still serving from nearest datacenter. If you don't use anycast or similar technology, DNS geo targeting might help you forward your clients to correct ip's. The main idea