In a previous article we talked about linking two spaces via L2TPv3.  We’ve decided to drop this in favour of layer 3 management.

We wanted to add additional layer 3 management for a while now.

• Faster intervlan routing.  Why kill all those CPU cycles on our router when it can be handled by a layer 3 switch.
• Better QoS control for colocated servers.  We’ve been providing network access to our clients via NAT.  Although this has fit the requirements of our current clients, we wanted to be able to offer WAN IPs on our client colocated servers.  In order to provide QoS without NAT, we needed more equipment.
• More sensible topology.  We’ll be using OSPF to better manage the unique needs of our clients and our two spaces.  By going with layer 3, we’ll segment our networks to ease management and add redundancy.

We’ve secured additional hosting center space in Innovation Place’s Concourse building in Saskatoon.  The room isn’t huge but it will allow us some additional possibilities.

The biggest advantage of this additional space is a chilled-water based cooling system that will allow us greater density and lower our electrical power requirements.  We’re really trying to “green” up our business and this new system will be much more efficient for our hosting center.

Here are a few things we’re hoping to add with this second space:

• Failover router for our primary ISP.  Due to constraints with one of our clients this project probably won’t happen until September.  We’re planning on configuring a router in each space as a redundant, failover pair using HSRP and OSPF.
• More servers. Of course!  We’ll be moving most our existing equipment to this space although the long term plan will be to have redundant SANs in either space.  As above, we’re waiting on a client and probably won’t be setting up the second SAN until the fall.
• More reliable service. Cooling and power concerns have pressured us to gain this additional space. We expect downtime to decrease.

We’re  currently testing a ZFS-based fileserver for VM storage.  Everyone was right — hardware compatibility is a problem with OpenSolaris.

Aside from the hardware compatibility, the OpenSolaris install is very easy.

It took me about five minutes to fall in love with ZFS.  Wow — I can’t believe how easy it is to manage disks.  NFS was similarly a snap and we now have a few test VMs running on them with VMWare.  All in all, I’m pretty pleased with OpenSolaris and I think we’ll be expanding its use once we get some more hardware.

First let me give the finger to every admin relying on backscatterer.org where a couple of our mail transport agents were found listed today.  No really, backscatterer.org is morally reprehensible and intellectually absurd.  How can you support an RBL that you have to pay to delist your IP or else wait FOUR WEEKS!  Doesn’t that make you question how impartial they are?

For those unfamiliar with backscatterer.org it is an RBL (real time black list) which flags servers that are caught sending backscatter.  Backscatter is when a mail server obeys RFC822 and sends an automatic reply to the sender when an email can not be delivered.  If a virus, for example, forges the “mail from” header and sends an email to a recipient that doesn’t exist, then the recipient mail server will send a response to the forged sender.  Now if the forged sender address was your’s, at this point you’d begin wondering why you were receiving an “undeliverable warning” when you never sent that person said email. 

I’m pretty confident that most readers have had this happen to them before, but I’m also pretty sure that it doesn’t happen that often.  I see these messages occasionally in my Junk folder, but that’s about it.  Point one — backscatter isn’t that big a deal.  Any one care to refute this with numbers? 

My other beef is that I’ve read numerous blogs where they classify out-of-office messages and other autoresponses as backscatter.  I don’t agree with this at all.   If you contact someone else that person should be free to contact you back.  If you want to live in isolation then don’t email me and then complain when you get an out-of-office message.

We try to be as restrictive as possible in setting SPF records (in accordance with RFC4408) for our clients.  The SPF is a DNS record that basically states that mail from yourdomain.tld can only originate from specified servers.  Now if other providers used SPF records like we do, then there wouldn’t be a lot of backscatter because the mail server would know if the sender address was forged.  Point two — backscatter would be decreased if service providers followed RFC4408 which has been in the official rulebook for quite some time.

Now I’ll give backscatterer.org a break on this one:  They can’t really be blamed how mail admins use their service.  Nonetheless, the internet is filled with service providers going off the deepend with spam filtering.   A few examples: 

• Godady checks all domain.tld against Spamhaus’ PBL.  If part of your email references a domain name that is on Spamhaus’ PBL then Godaddy will block the email.  Now this isn’t just if the email originates from an IP listed on the PBL (which is what it was designed for).  It’s everything.  If you email your friend a link and that webserver is listed on the PBL, then your email will be dropped.  Service providers now have to make sure their web servers, CRM servers, et cetera are not listed on any mail blacklists even if they never directly send any mail.  I think that’s pretty silly.
• Microsoft Live seems to run a default-block type of filtering for smaller service providers (like Saskaweb).  When I was doing testing with our backup MX, I found messages were blocked from Microsoft Live until I clicked this link and typed in the IP address and completed a captcha.  No explanation was given as to why my IP was blocked.
• Some spam filters insist that your PTR matches your EHLO which has a matching type A DNS record.  This is just ridiculous.  The assumption seems to be that only legitimate mail admins would be willing to just through these hoops.  If your ISP won’t provide you with a custom PTR?  Well then I guess you can’t run a mail server!

Back to backscatterer.org.  Have you read their site?  Go now, open it in a new tab so you can report back to me.  Do you, like me, find their tone offensive and unnecessarily confrontational?  Read the sender callout section.  Point three against backscatterer.org:  They’re rude.  Although we are a customer service driven company, I personally feel that being rude should NOT get you to the front of the line, should NOT get your bill refunded with x months free, and should NOT mean that you are taken more seriously than someone who can explain their problem without foaming at the mouth.

I mentioned it already, but I forgot to make it a point.  Point four — any blacklist that requires you to pay to be delisted (or else wait four weeks) can not be trusted to be impartial.  This sort of scam is reminiscent of those fake antivirus packages floating around.  Sure I’ve got complaints against Spamhaus but I have to give them credit for their quick IP delisting.  You see, Spamhaus acknowledges that their system makes mistakes.  They also are willing to take the word of a real person over the data maintained by their computer program.  Backscatterer.org requires you to pay 50 euro or else wait 4 weeks for your IP to be delisted.

Well I’m getting tired, but I hope that you fellow admins will not use backscatterer.org in your spam filtering arsenal.  I think out-of-office messages are quite useful and we will not stop this service unless we absolutely have to.  Backscatterer?  Well I hope you’ll just go away.

As mentioned in a previous post, Saskaweb is looking for additional space.  We’re in talks with our current landlord for another server room but there might be a snag.

They’re not too keen on running lines between our existing space and the new space.  The workaround they offer is a VLAN on their switches between the two spaces.  The fee for this VLAN and the additional connections is reasonable and each link would be 100Mb.  But……

Saskaweb uses VLANs for our Saskatoon colocation service, managed hosting, and VPS hosting.  We can’t put our trunk on their VLAN.  Or can we….

From a brief read, L2TPv3 might be exactly what we need.  Layer 2 Tunneling Protocol should allow me to send a trunk over their 100Mb VLAN’ed line.  Of course there are some catches:

1. Specs weren’t easy to find, but I’ll bet there’s a performance hit:  I can’t believe we’d get wire speed and the risks of fragmentation could stress the router CPUs
2. No VTP.  Not a deal-breaker as we keep up-to-date documentation on all our VLANs, but still a bit of a pain.
3. I’ve never set up L2TPv3 before

I guess number 3 shouldn’t be considered a catch — the only days where a sysadmin doesn’t learn something new are holidays.

Saskaweb is currently in talks to obtain more space.  We’d like to get some extra racks up to handle more drive arrays and better manage power requirements.  We’re still shopping around but hope to be adding new equipment within the next couple months!

We’ve decided on Novastor for our online backup service.  The interface isn’t much and there aren’t as many options as we’d expect for the price, but it does the job and it does it well.  The bit-level copy shrinks the backup considerably and the compression does a pretty good job at making the most of the ever-shrinking backup window.

Our current plan is to use Novastor for the following services:

• Offsite backup for workstation/workgroup environments that have too much data for our standard backup client
• As part of our server management service
• Offsite backup for server environments

The pricing will be customized to the data retention period and diskspace requirements of the client.

Saskaweb is pleased to announce the launch of our new support ticketing system! The system is email based and will generate a new ticket ID for each support request. Additional information can be appended to each ticket by replying to the relevant ticket (instructions enclosed with each ticket request).

We now encourage our users to submit their requests to: helpdesk@saskaweb.com.

We chose osticket (http://osticket.com) because it was very simple and fulfilled our current requirements.

For companies wishing to deploy their own trouble ticket systems, I’d encourage you to have a look at osticket.com. If you are a current Saskaweb hosting client, we’d be happy to set up a demo for you.

Saskaweb can host your support ticket system:  Current hosting clients can have a ticket system like osticket hosted for no additional monthly charge!  The only charge would be the initial setup fee ($75/hour). For requests please contact (you guessed it): helpdesk@saskaweb.com

We’re trying out NovaStor software for our Saskatoon offsite backup business.  Our first trial went well, the NovaStor allows you to stage your backup files (you can copy the initial full to a removable disk so you don’t have to swamp their internet for a few days).  I was a bit unimpressed by the lack of a manual selection list, but the backup went well and I’ll try restoring later next week.

The price point is a bit steeper than our usual software, but the options look good.  If they work as advertised, it’ll be worth it!

I just finished http://www.rollotherm.ca. They’re a Saskatoon, Saskatchewan company that manufactures and installs roll shutter systems.  They’ve installed both manual and automatic roll shutters in residential, commercial, and vacation property — both inside and out.  Besides, the project went well and Gil was a pleasure to work with!

check them out: http://www.rollotherm.ca