Wednesday, April 28, 2010

Coming back from the US

Sitting here in my hotel room, I was in deep reverie of the days that have passed since I have come to the US. It seems like a long time, but if my memory serves me right, its actually less than 2 months. It seems like forever. Snapping out of it, I am happy that i am getting to go back home 3 weeks earlier than expected and originally planned. I am supposed to be flying on the 8th of the May and if all goes well, I will be in Bangalore at the midnight of the 9th. I am so happy that i am literally counting my days here. My emotions would probably be understood by some one who is serving a life time sentence and his days of getting out of the jail is closing in.

Anyways, these days have been like a sentence to the “Kaala Paani” (For those who don’t know what it means, It was a jail on an island where inmates were sent and they had no way to return)  . But this also has been an experience to me, driving 320 miles in 2 days just around Atlanta, meeting new people and to see the US face to face and unveil the charisma of the US, just to find it is just another country. Apart from finding the striking differences in the cultures of the country, i noticed the subtle similarities in the lives of the people.

Some odd reasons, when we were all kids, we some how got this crazy idea, that US is heaven. I mean, this is in a literal sense, I have some people try so hard to get to the US that they play a game of Limbo with their life (Intended to be read as: How low can you go). US is not very different, similar people stay here with similar problems. But as they say the grass is always greener on the other side of the fence. I did realize that there is no place better than home. The similarities between the people around the world is the same, we are all tied by the basic of human nature. we are all selfish, self centred and all that for the world, but trustworthy, dependable, caring for the people that they love. I mean it is the same thing every where, so if you don’t have to be alone anywhere, make friends. That way there will be nothing you would want more than being with your loved ones. Guess that’s why they call man a social animal.

I did have moments of ecstasy and thrill visiting the place, it is definitely a beautiful place, no doubt about it. I did meet wonderful people and get to know them and learnt a few American terms like SOL, CYA, etc :). It has been a pleasure working here and none the less an experience. but i look forward to getting back to India and to my friends and family.

At this point in time, I am reminded of Chris Daughtry’s song…

Well I'm going home,
Back to the place where I belong,
And where your love has always been enough for me.
I'm not running from.
No, I think you got me all wrong.
I don't regret this life I chose for me.
But these places and these
faces are getting old,
So I'm going home.
Well I'm going home

Have a great one guys ….

The Unified Theory in the Grand Scheme of things…

In the search of the “Fundamental” entity in the grand scheme of things that we form a small part of, I thought it would be interesting to know a theory that makes the most logical sense. There have been fights, talks and debates about whether or not God exists. People have been imprudent enough to challenge the existence of God and term that Science is every thing. I thought this theory might interest them as well.

Before I go any further, let me make it clear that I love science and this is nothing against science. What I believe science is a candle (or any Light source) in the centre of a dark room. We don’t know how big the room is or how big the space is, all we see is till where the candle can throw light on. when we get a better light source, we are able to see some thing we never knew in the past, some times proving our old assumptions wrong. Science is nothing more than when we gain understanding of how some thing works, and not really create it. It always existed, but we never knew. The most amazing discoveries are later termed as “Obvious”. So that science is, and I am glad we have it. It should be increasing the respect we have for the creator, not challenging him.

Lets see a brief history of science, in various forms. Lets start with magnetism, the Lodestone was a natural magnet which was discovered and was used in navigation. Then came along Electricity, which was again discovered in lightning. So when these were discovered, we said …. “Oh well, Electricity is Electricity and Magnetism is Magnetism”. But one fine day Oerstead accidently dropped a compass next to a wire carrying current and the compass deflected, then Faraday came along, and we found the famous “rate of change of flux” and we discovered that Electricity can create magnetism and magnetism can create Electricity.  We again thought, “Guess we were wrong, these are separate entities, but they can create each other”. Next EM Waves were found and Herz even made an equipment which could generate them. Now we found that they are not separate but they co existed in nature. Wow … how different is it from the original thought…. Any case, lets leave this at here and pick up on some thing else.

In the Biology, the search for fundamental was still on, they first discovered that “Cells” are the basic building blocks of any living being and then we came across different types of cells, Then we said, wait a minute, the cells have nucleus (People don't come back saying there are non nucleated cells as well, I know that… that's not the point). In the  Nucleus we have the Nucleolus and that has the Chromatin fibres, which has the DNA. Whoa…. now this DNA is made up of different arrangement of A-T-C-G, this gives various characteristics. What are these made up of , Carbon Hydrogen and Oxygen, the same things make medicines and the same thing make germs, isn't it a little tingling.

Leaving the above there, lets come to the Atomic Physics side of things, we had discovered the fact that molecule was the smallest building blocks then we found Atoms, then we had different types of Models which were proposed, starting with Neil Bohr’s model, then Somerfield came along and proposed another model where the electrons had a spin on them, basically giving us insight into the magnetism. Now we have found the sub atomic particles as well and some of us think about the zero point energy. Any case, lets us understand that all the above have just been just created by basic building blocks of atoms, be it organic things or inorganic ones.

Now another 2 basic laws of physics that I would want to shed light on. Law of Conservation of mass and Law of Conservation of Energy, which essentially states, that these things cannot be created nor be destroyed but transformed from one form to the other. So mass is mass and energy is energy. but then Einstein came up with a brilliant equation

E=mc^2 , According to his theory of relativity, the speed of light ( c ) is a constant, which just makes the mathematical equation as E (Energy) is directly proportional to mass (m), and we have also created the Atom bomb with the same principle (converting mass into destructive energy). This essentially means mass and energy can interchangeably transform.

Now this energy is nothing else but “God” himself. He is the fundamental, he is the energy that has transformed in to all that we see. We just don’t realize that. Also, before you jump in to prove me wrong (with the quantum mechanics theory), just take a deep breath and think about how all the strings are connected and think that in the past we have been naive we have not understood and have had to go back and correct our selves several times. Though some people might say that belief in God will make people stop discovering, I say that would be a lame excuse, we definitely need to make the bulb / candle shine brighter, but we need to appreciate what we discover in its light and not try and estimate its creators power. let us remember, the Quantum physics theory is also based on wave functions, which are just probabilities derived from the uncertainty principle …  

I hope you enjoyed reading this article ….

Sunday, April 4, 2010

Checkpoint FW SPLAT Cluster XL Troubleshooting (NGX Versions)

In this blog, let us see a Step by Step approach that you would take to troubleshoot a Cluster XL problem in Checkpoint.

Normally, this problem comes of after a reboot or an Upgrade or as a result on some change in the underlying network. When troubleshooting the CPHA, the following commands are very helpful

  • cphaprob state
  • cphaprob list
  • cphaprob –a if

The status of the CPHA is shown by the first command. First thing that you need to do is verify basic connectivity between the firewall interfaces. Allow the cluster members to ping each other (if not already allowed by the policy) and ping away, you should be able to verify the basic connectivity in this way.

If the connectivity exists, then find out which firewall has the problem, it will normally be the down firewall

Number Unique Address Assigned Load State
1 (local) 100% Active
2 0% Down

Here as you can see the second firewall is down, you need to first go ahead and just execute ‘cpstop’ and ‘cpstart’ commands on the box. The CPHA should be back up.

Also execute the command ‘cphaprob –a if’ that should give you the interface status and Cluster Xl status.

If this doesn't work, try pushing the policy from the CMA/SC server and then execute cpstop / cpstart commands. If this doesn’t clear out the problem, reboot the box. 90% of the CPHA problems will be resolved in the above given steps, but if still its not resolved then read on.

The above steps were given with the assumption that the CPHA was working and it stopped working suddenly. If this is the first time you are trying to make it happen or some major policy/network changes broke it, then here is what you need to keep in mind.

  • CPHA uses multicast, so make sure the switches you have in the path don’t drop multicast traffic, if you are using Cisco gear, then you might want to configure igmp snoop.
  • It also uses the port ‘8116’ in UDP, so make sure that the port is open between the devices. (This is crucial if you have played around with the global properties and implied rules.
  • RIB uses port 2010 so make sure that is also open between the firewalls.

After checking that your switches, execute the command, ‘cphaprob list’ and make sure both the sides have the same registration and the states of all of them are OK. If the state shows problem, then you should work in the direction of resolving that problem.

Device Name: FIB
Registration number: 4
Timeout: none
Current state: problem
Time since last report: 9.3 sec

Then you can do the snoop using the ‘fw monitor’ command and make sure the communication between the firewalls is happening.

Use the following command

fw monitor –e ‘accept dport=8116;’

  1. You will see the source and the destination as the network ID of the network over port 8116.
  2. On port 2010 (change the dport to 2010 in above capture), you should see FIB communicating between the firewalls.

You should also check the /var/log/messages for error messages that can help you troubleshoot this further.

And yes, I forgot to mention, in this case, i was seeing that the FIB on one firewall had switched itself off after the upgrade, so went ahead and switched on advanced routing using ‘cpconfig’ command and all went well.