Yogesh Dhimate

Notes to Myself

Jan 2, 2021 - 5 minute read - Comments - Programming

How to Use Netcat to Debug Cloudhub Networking Issues

This is a simple trick I use to debug connection issues with the mule app deployed to CloudHub.

First of all its important to understand that there are different ways to set up your application

1. Using shared load balancer (i.e. cloudhub.io domain) with HTTP protocol.

In this scenario, the client application makes a request to a shared load balancer URL using HTTP protocol. The SLB forwards the request to the upstream mule application listening on port 8081.

Note that in this scenario the SLB URL receives the request on port 80, and forwards it to mule application listening on port 8081.

flowchart LR l1[Shared Load Balancer]-.->c1 subgraph A[Shared Load Balancer w/ HTTP] u(client)--http-->c1 c1(hello-world.cloudhub.io
)--port 8081-->a1 subgraph VPC 10.0.0.0/24 a1(mule-worker-hello-world.cloudhub.io:8081)--->id1((hello-world)) end end style A fill:#FFF,stroke:#DDD,stroke-width:2px

2. Using shared load balancer (i.e. cloudhub.io domain) with HTTPS protocol.

In this scenario, the client application makes a request to a shared load balancer URL using HTTPS protocol. The SLB forwards the request to the upstream mule application listening on port 8082.

Note that in this scenario the SLB URL receives the request on port 443, and forwards it to mule application listening on port 8082.

flowchart LR l1[Shared Load Balancer]-.->c1 subgraph B[Shared Load Balancer w/ HTTPS] u(client)--https-->c1 c1(hello-world.cloudhub.io
)--port 8082-->a1 subgraph VPC 10.0.0.0/24 a1(mule-worker-hello-world.cloudhub.io:8082)--->id1((hello-world)) end end style B fill:#FFF,stroke:#DDD,stroke-width:2px

3. Using dedicated load balancer (i.e. vanity domain) with HTTPS protocol.

In this scenario, the client application makes a request to a dedicated load balancer URL(exposed by a vanity domain) using HTTPS protocol. The DLB forwards the request to the upstream mule application listening on port 8091.

Note that in this scenario the DLB URL receives the request on port 443, and forwards it to mule application listening on port 8091.

flowchart LR l1[Dedicated Load Balancer
Vanity Domain]-.->c1 subgraph C[Dedicated Load Balancer w/ upstream HTTP] u(client)--https-->c1 c1(api.example.com
)--port 8091-->a1 subgraph VPC 10.0.0.0/24 a1(mule-worker-hello-world.cloudhub.io:8091)-->id1((hello-world)) end end style C fill:#FFF,stroke:#DDD,stroke-width:2px,font-face:Ubuntu

4. Using dedicated load balancer (i.e. vanity domain) with HTTPS protocol.

In this scenario, the client application makes a request to a dedicated load balancer URL(exposed by a vanity domain) using HTTPS protocol. The DLB forwards the request to the upstream mule application listening on port 8092.

Note that in this scenario the DLB URL receives the request on port 443, and forwards it to mule application listening on port 8092.

flowchart LR l1[Dedicated Load Balancer
Vanity Domain]-.->c1 subgraph C[Dedicated Load Balancer w/ upstream HTTPS] u(client)--https-->c1 c1(api.example.com
)--port 8092-->a1 subgraph VPC 10.0.0.0/24 a1(mule-worker-hello-world.cloudhub.io:8092)-->id1((hello-world)) end end style C fill:#FFF,stroke:#DDD,stroke-width:2px,font-face:Ubuntu

5. Not using load balancers.

This is one of those scenarios where you are not using Anypoint Platform load balancers. You are either using third-party load balancers, or your applications are using non HTTP protocols like a simple socket, or MLLP. In this case, the client application makes a request directly to the application (mule-worker).

flowchart LR u(client)--HTTPS-->a1 subgraph VPC 10.0.0.0/24 a1(mule-worker-hello-world.cloudhub.io:8092)-->id1((hello-world)) end

As seen above, to make your application endpoint available to the clients

  • When using a shared load balancer, your application should be listening on an appropriate port (8081 or 8082)
  • When using a dedicated load balancer, your application should be listening on an appropriate port (8091 or 8092), and the load balancer’s upstream HTTP protocol should be configured properly.
  • The VPC firewall should be configured properly to allow the ingress traffic on the appropriate port.

If there is a misconfiguration, your application endpoint will not be accessible. Your clients will get errors like ‘Bad Gateway’, or ‘Timeout’. The easiest way to debug these types of errors is to use netcat to perform port scanning and identify open ports on your application.

For example, to check if your application hello-httpbin is listening on port 8081 you can use


  nc -w 1 -G 1 -z -v mule-worker-hello-httpbin.cloudhub.io 8081

  Connection to mule-worker-hello-httpbin.cloudhub.io port 8081 [tcp/sunproxyadmin] succeeded!

In this you can see, the application name is prefixed with mule-worker, to get the correct DNS name. For more details about this convention, please see the DNS records section in Cloudhub Networking Guide. The other options of netcat (or nc) are as follows

  • -w: Timeout when a connection is idle for more than specified seconds.
  • -G: TCP connection timeout in seconds.
  • -z: Just scan for listening daemons, without sending any data to them.
  • -v: Give more verbose output.

If you are not sure about the specific open port in your application, you can specify the range and identify all open ports using


  nc -w 1 -G 1 -z -v mule-worker-hello-httpbin.cloudhub.io 8081-8092
  Connection to mule-worker-hello-httpbin.cloudhub.io port 8081 [tcp/sunproxyadmin] succeeded!
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8082 (tcp) failed: Connection refused
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8083 (tcp) failed: Operation timed out
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8084 (tcp) failed: Operation timed out
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8085 (tcp) failed: Operation timed out
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8086 (tcp) failed: Operation timed out
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8087 (tcp) failed: Operation timed out
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8088 (tcp) failed: Operation timed out
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8089 (tcp) failed: Operation timed out
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8090 (tcp) failed: Operation timed out
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8091 (tcp) failed: Connection refused
  nc: connectx to mule-worker-hello-httpbin.cloudhub.io port 8092 (tcp) failed: Connection refused

In this, you can see that the application only has port 8081 open. Also interesting to note that the ports 8082, 8091, and 8092 are ‘refusing connection’, as they are allowed in the firewall but they are not exposed in the application. Whereas for the remaining ports we are getting an ‘Operation timed out’ error as they are blocked at the firewall.

The simple netcat/nc utility has saved me a lot of time. I hope it helps you as well.

Dec 31, 2020 - 2 minute read - Comments - Personal

Recap of 2020

The end of the year is the time to pause, look back, and think about how the year went by. I am very grateful and fortunate to had an opportunity to enjoy a reasonably good time in 2020.

On the personal front

  • We visited our families in India in January. I enjoyed meeting my parents, brother, in-laws, and friends.
  • I did not travel for work and got more time to spend with my wife.
  • I started reading books. As a kid, I was an avid reader. The librarian in my town knew me by name. He would hold the books for me. With job and other things taking precedence over the years, I forgot about the books.
  • I stopped procrastinating about writing this blog. I had some solid excuses like not having enough content to write, poor writing skills, not enough time with work-related travel, etc. I discovered that none of this matters if I can just sit down and write something.
  • I re-started playing Clash of Clans. I enjoyed playing it a few years ago, but got addicted to it and burned out. During the pandemic, I wanted something other than movies to wind down. I downloaded my favorite game again and took it for a spin. I was surprised to find my old clan-mates still playing. Then I realized that I was thinking about this game all wrong. There is no end goal to it. The journey of playing is what makes it enjoyable.
  • I was able to stick to my intermittent fasting routine throughout the year, even during my visit to India.
  • And the best for the last. I was positively surprised by something magic. :)

On the professional front

  • I got promoted to a senior position in the team, started mentoring the team members. By the end of the year, I transitioned to a more exciting role that I am looking forward to in the next year.
  • I continued my learning by becoming a Salesforce Ranger, as well as became a Certified Administrator. I also completed the HL7 FHIR training and became proficient in FHIR.

What are my plans for the next year? I like to keep things simple, so I will continue to do the things I did this year already, but in a more structured way.

Dec 30, 2020 - 4 minute read - Comments - Personal

How Intermittent Fasting Saved My Life

One of my goals for 2020 was to stick to an intermittent fasting routine. I completed 6600 hours of fasting in 2020. On average, that’s 18 hours of fasting every day, for 365 days. Other interesting stats include the longest streak of 440 fasts and the longest fast of 37 hours. I did reasonably well to maintain a healthy weight despite stress-induced binge eating during the pandemic.

My fasting journey started in mid of 2019. In the second half of July 2019, I was experiencing sharp pain in my left arm and shoulder. During that week in the middle of the night, I woke up all sweaty, with shortness of breath. I anxiously started googling for the nearest urgent care location, and the shortest path to reach there, just in case I need to rush. Fortunately in the next few minutes, I regained control of my breath. I drank a glass of water and decided to wait until morning. I visited my primary care physician the next day to find out what’s going on, and potentially plan for my angioplasty or bypass surgery (or whatever they do to fix the heart-related problem).

I like my doctor. He is not aggressive with any medications or prescriptions. His advice usually contains words like an embrace, adapt, or wait. After performing preliminary checks he confirmed that while the incident was indeed frightening, and showed all the symptoms of cardiac arrest, it was not a heart attack! The subsequent lipid profile tests etc confirmed his diagnosis.

While the diagnosis was good, when I carefully looked at the lab results, my LDL cholesterol was at the upper threshold of the safe range. My BMI was indicating that I was overweight. The pain in my left arm wasn’t completely gone. What if my doctor was wrong? This was a clue that I needed to make changes in my lifestyle. Fortunately, two things happened.

  1. I read an interesting article about magician Penn Gillette losing 100 pounds by fasting for 3 months. He essentially followed One Meal A Day approach to maintain the weight loss.
  2. I met a friend who had lost about 20 pounds in 3 months by following the intermittent fasting practice. It was super impressive.

I started taking deep dive into some internet research to understand the basics of intermittent fasting. While it looks like a modern fad, it has been practiced for centuries by various cultures and religions. For example, Hindu Lunar calendar has a 2-week schedule based on the full moon and new moon. On the 11th day after the full moon and new moon, one fasts from sunrise to sunset. That’s twice a month. It’s called Ekadashi fast.

The physiology of fasting is fascinating. Once you have the food, the digestion kicks in, and food breaks into glucose, amino acids, and fatty acids. Ghrelin or the ‘hunger hormone’ decreases and insulin increases. Insulin carries the nutrients into cells to be stored as glycogen, fat, etc., or used as energy. This phase - anabolic - lasts for 4 hours.

After the anabolic phase, the catabolic phase kicks in. For the next 12 hours, your blood glucose continues to drop and the liver starts breaking down glycogen for energy.

The catabolic phase transitions to the fat-burning phase. That’s 16 hours after you ate. As the name indicates, during the fat burning phase fat stores break down for energy. The fat burning phase lasts for 8 hours and transitions into the ketosis (and the deep ketosis phase).

graph LR Z("fa:fa-hamburger")-.->A(Anabolic) A(Anabolic) -. 0-4

hrs .-> B(Catabolic) B(Catabolic) -. 4-16

hrs .-> C(Fat
Burning) C(Fat
Burning) -. 16-24

hrs .-> D(Ketosis) D(Ketosis) -. 24-72

hrs .-> E(Deep
Ketosis)

I will not go into a lot of technical details here. That’s the basic overview of the physiology of fasting.

Coming back to the point. In August 2019, I started my fasting journey with a 16/8 schedule which meant 16-hour fasting and an 8-hour eating window. Just within a week or so I got used to it. I found it too easy, then I transitioned to the 18/6 schedule. And eventually settled on the 20/4 schedule for most of 2019. I use Zero Fasting to keep me motivated. I got the results I hoped for and did not experience any pain in my left arm or shoulder since then.

Note: To put in Penn Gillette’s words. If you take health and nutrition advice from a random internet stranger. You are an idiot.