TechOpsGuys.com Diggin' technology every day

29Sep/09Off

Simple Network management

TechOps Guy: Nate

I have honed my skills on a wide variety of areas over the past fifteen years. Networking is one area where I have spent a lot of time in in the last 6 years or so, specifically layer 3 networks. I have designed three networks to date, the first was the biggest, nearly 3,000 GbE ports, the more recent two were significantly smaller, combined probably 900 ports, most being GbE.

For layer 3 switching environments my vendor of choice is Extreme Networks. I like them for many reasons(as the others on this blog can testify I could go on all afternoon about them), but one of them is ease of use, and I wanted to illustrate this concept which seems to elude so many enterprise networking vendors out there.

In this case I will pick on Juniper, because I have been talking with them as well about replacing our aging Cisco infrastructure with something better. Though the whole network refresh idea was prompted by very poor quality Dell PowerConnect 6448 switches.

But back on topic, I use Juniper here because most people probably know Cisco, not as many are familiar with how Juniper does things. I am not trying to knock their complexity specifically, this is a more generic complaint that I am using them to illustrate.

So I asked a network engineer who is very good at Juniper's JunOS product to tell me what commands are needed for two very simple, yet common tasks, using their EX4200 stacking switch as the platform of choice.

Task 1

Create an 802.3ad port grouping with the first four ports on a switch which uses layer 3 (optionally layer 4) information for load balancing

Juniper JunOS Commands (17 commands)

set chassis aggregated-devices ethernet device-count 1
del interfaces ge-0/0/1 unit 0
del interfaces ge-0/0/2 unit 0
del interfaces ge-0/0/3 unit 0
del interfaces ge-0/0/4 unit 0
set interfaces ge-0/0/1 ether-options 802.3ad ae0
set interfaces ge-0/0/2 ether-options 802.3ad ae0
set interfaces ge-0/0/3 ether-options 802.3ad ae0
set interfaces ge-0/0/4 ether-options 802.3ad ae0
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members all
set interfaces ae0 unit 0 family ethernet-switching native-vlan-id 1
set interfaces ae0 aggregated-ether-options lacp active ( if lacp is desired )

Extreme XOS Commands (1 command)

enable sharing 1 grouping 1-4 algorithm address-based L3_L4


Task 2

TASK: Create two VLANs with the following properties and enable layer 3 routing between them:

VLAN 1: IP: 10.200.50.1/24 TAG: 1250 Ports: Tagged: 1,2,3,4,6,8,10,11,12,13,29,30,32,33 Untagged: 35,36

VLAN 2: IP: 10.200.51.1/24 TAG: 1251 Ports: Tagged: 1,2,3,4,6,8,10,11,12,13,29,30,32,33 Untagged: 37,38

Juniper JunOS Commands (54 commands)

set vlans vlan1 description "First VLAN"
set vlans vlan1 vlan-id 1250
set vlans vlan1 l3-interface vlan.1250
set interfaces vlan unit 1250 family inet address 10.200.50.1/24
set vlans vlan2 description "Second VLAN"
set vlans vlan2 vlan-id 1251
set vlans vlan2 l3-interface vlan.1251
set interfaces vlan unit 1251 family inet address 10.200.51.1/24
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/4 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/6 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/8 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/11 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/29 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/29 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/29 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/30 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/30 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/30 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/32 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/32 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/32 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/33 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/33 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/33 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/35 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/36 unit 0 family ethernet-switching vlan members 1250
set interfaces ge-0/0/37 unit 0 family ethernet-switching vlan members 1251
set interfaces ge-0/0/38 unit 0 family ethernet-switching vlan members 1251

Extreme XOS Commands (12 commands)

   create vlan test1
   config test1 tag 1250
   config test1 ipaddress 10.200.50.1/24
   config test1 add ports 1,6,8,10-13,29,30,32,33 tagged
   config test1 add ports 35-36
   enable ipforwarding test1

   create vlan test2
   config test2 tag 1251
   config test2 ipaddress 10.200.51.1/24
   config test2 add ports 1,6,8,10-13,29,30,32,33 tagged
   config test2 add ports 35-36
   enable ipforwarding test2

You can see in the case with the XOS commands that for the most part you can get an idea what the commands do, even if you don't know much about networking, not so with JunOS (in my opinion), same applies to IOS.

Extreme switches allow me to do other things than focus on the network, they work great, they are really easy to manage, fast as can be, and lower cost than the competition. Faster, better, cheaper, usually your only supposed to
be able to pick two out of three. I've been using them in production for the better part of the last decade, from the Summit 48, 48si, Summit 400, Summit X450A/E, and the Black Diamond 10808.

As illustrated here, network management doesn't have to be all that complicated. In the future I will try to give an overview of other technologies I have used to make things simpler such as ESRP which is my favorite network protocol, can you imagine adding full layer 3 protection to a VLAN with only a single command?

14Sep/09Off

transcode tips

TechOps Guy: Nate

I downloaded a show off my Tivo Series 3 last night, and wanted to convert it from it's native MPEG-2 to MPEG-4. I've done it before, but didn't want to spend time trying to find the scripts so I spent a bunch of time searching around for some quick tips on how best to do it. And despite some honest efforts I came up with nothing useful.

So a short time ago I dug up my scripts and thought to share some of them, not only will it make it easier for me since I can check this site for the syntax in the future but maybe it'll help you too.

Of course I won't cover installing transcode or it's dependencies, I assume you have all of that done. I don't recall what all of the options do but as you can see there are quite a few, not the easiest thing to remember. See the man page or transcode documentation for what the options mean.

Export audio portion of a video file to OGG Vorbis:

transcode -i input_filename -y raw,ogg -F mpeg4 -E44100 -b 128 -N 0x55 -w 120,300,2 -V -Z 176x120 -m filename.ogg -o /dev/null

Export audio portion of a file to MP3(using lame):

transcode -i input_file -y raw -F mpeg4 -E44100 -b 128 -N 0x55 -w 120,300,2 -V -Z 176x120 -m output.mp3 -o /dev/null

Convert video+audio from some format(e.g. MPEG-2) to MPEG-4:

transcode -i input.mpg y xvid4 -F mpeg4 -E22050 -b 64 -N 0x55 --w 250,200,3 -V -M 2 -o filename.avi

I wish transcode had some easy to use templates, such as convert with low, medium, or high compression type of deal. I mean if you don't specify any options by default it seems to use maximum quality and in some cases despite going from say MPEG-2 to MPEG-4 I've seen the file size increase.

Filed under: Uncategorized No Comments
14Sep/09Off

Fix hanging vmware tools on linux

TechOps Guy: Nate

I can't be the only one who has come across this, back in early June I filed a support case with VMware around the fact that roughly 90% of the time when the latest version of vmware-tools that shipped with vSphere loaded on my CentOS 5 systems it would hang part way through, if I logged into the console I and just pressed <enter> it would continue loading. Naturally the Tier 1 support rep was fairly useless, wanting me to do some stupid things to get more debug information.

I went off on my own and traced down the problem to the vmware-config-tools.pl script towards the end of the script at around line 11,600, where it tries to make a symlink. If I disable the offending code the problem stops(the link it's trying to create is in fact already there):

sub symlink_icudt38l {
my $libdir = db_get_answer('LIBDIR');
install_symlink($libdir . '/icu', $gRegistryDir . '/icu');
}

If your interested in the strace output:

[..]
[pid  7228] <... read resumed> "", 4096) = 0
[pid  7228] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid  7228] fstat(4, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
[pid  7228] close(4)                    = 0
[pid  7228] rt_sigaction(SIGHUP, {SIG_IGN}, {SIG_IGN}, 8) = 0
[pid  7228] rt_sigaction(SIGINT, {SIG_IGN}, {SIG_DFL}, 8) =  0
[pid  7228] rt_sigaction(SIGQUIT, {SIG_IGN},  {SIG_DFL}, 8) = 0
[pid  7228] wait4(7244, [{WIFEXITED(s)  && WEXITSTATUS(s) == 0}], 0, NULL) = 7244
[pid   7228] rt_sigaction(SIGHUP, {SIG_IGN}, NULL, 8) = 0
[pid   7228] rt_sigaction(SIGINT, {SIG_DFL}, NULL, 8) = 0
[pid   7228] rt_sigaction(SIGQUIT, {SIG_DFL}, NULL, 8) = 0
[pid  7228] lstat("/etc/vmware-tools/icu", {st_mode=S_IFLNK|0777,  st_size=25, ...}) = 0
[pid  7228] read(0, 

The last line there the system is waiting for input, when I hit <enter> it continues loading.

The support case sat..and sat..and sat. Then a couple of weeks ago some manager called me up and wanted to know how the case was doing. I guess they didn't spend any time on it at all. I told him I already found a workaround, and he said because of that they were going to work up a KB entry on it then close the case. Then another week passes and I get an email saying OH! We see you found a workaround, we'll forward that to engineering and get back to you. Yes the workaround I sent on JUNE 16.

So hope this helps someone, I'll update this when/if they get a KB entry out on it. It's certainly saved me a lot of time, it is very annoying to have to connect to each and every system to press enter to get it to continue to boot to workaround this bug.

Tagged as: , No Comments
10Sep/09Off

Where is the serial console in ESXi

TechOps Guy: Nate

Back to something more technical I suppose. I was kind of surprised and quite disappointed when vSphere was released with an ESXi that did not have serial console support. I can understand not having it in the first iteration but I think it's been over a year since ESXi was first released and still no serial console support? I guess it shows how Microsoft-centric VMware has been(not forgetting that Windows 2003 introduced an emergency console on the serial port, though I haven't known anyone that has used it).

Why serial console? Because it's faster and easier to access. Most good servers have the ability to access a serial console over SSH, be it from HP, or Dell, or Rackable, probably IBM too. Last I checked Sun only supported telnet, not ssh, though that may of changed recently. A long time ago with HP iLO v1 HP allowed you to access the "VGA" console via SSH, using the remcons command, this vanished in iLO v2(unless they added it back in recently I haven't had an iLO 2 system in about 1.5 years). If your dealing with a system that is several networks away, it is so much faster to get to the console with SSH then bouncing around with the web browser and fooling with browser plug ins to get to the VGA console.

Also serial console has the ability(in theory anyways) to log what you get on the serial console to a syslog or other kind of server(most console/terminal servers can do this) since it is all text. I haven't yet seen a DRAC or an ILO that can do this that would be a nice feature to have.

ESX(non i) does support serial console though enabling it isn't too straight forward, but at least it can be done.

Come on VMware for your next release of ESXi please add full serial console support, to be able to not only access the console while it's booted but be able to install over serial console as well. Thanks in advance, not holding my breath!

Tagged as: , No Comments
10Sep/09Off

Most Free Credit score sites are a scam

TechOps Guy: Nate

I'm sure both readers of this blog(including me) know this but I just wanted to write about a couple issues on the topic of sites that claim to give you a free credit report(or free credit score). I see these blasted all over TV all the time, well at least on CNBC and CNN where I watch a lot of stuff(no I'm not an investor I just find the news entertaining, long story ask me later).

Anyway my first question revolves around the sites being advertised, just a few minutes ago I saw an ad for the site freescore.com. Throughout the ad they talk about freescore.com but in the lower left of the ad they show the site freescore11.com. What's with the 11 in the name? Why aren't they consistent with the name? Top right of the screen is freescore.com in fancy letters.

I've seen the same sort of thing with ads for the site freetriplescore.com they too have added numbers to their domain name in the ads while the actors in the ads never mention the numbers, what's with the numbers?

But the scam comes in to play when you find out(hopefully not before you get the credit report) that you only get that free info if you sign up for a service(in both cases). They do disclose this in the fine print on the ads, and I think on the freetriplescore ad one of the actors even mentions it in a somewhat sly(to me at least) way. But their marketing really drives home the fact that you can get this info for free from them when you cannot.

I think it's likely many people don't notice that actor saying they need to sign up for a service, and probably don't have a DVR so they can pause and read the fine print(assuming the quality is good enough to read, I've seen a lot of fine print on TV that is really hard to read when paused.) And it's these fine print and sly disclosure tricks that make me classify these sites as scams.

I recall a law being passed barring car dealers from using fine print in their TV advertising, I think that should be extended, they should set some sort of standard size of TV and say you can't have text that is smaller than X inches or something.

Last point is there is a place where you can get a free credit report(once per year from each of the major credit reporters), I just looked it up again because they don't advertise as far as I can tell(since they don't make money on it they probably don't have the funds to which is understandable), and I hardly ever hear them mentioned. I think this is the right site it is annualcreditreport.com.

You are also of course entitled to receive a copy of a credit report that someone else ran on you say you applied for an apartment or a loan or something, you can write directly to the credit agencies to get a copy of that report. There are probably other times you can get it too, I just remember being told this, and I did it one time about 9 years ago, there was some doctor's office that had something on my credit report that I don't recall having to pay, the doctor was based out of a state I've never been to before, I wrote them asking for more details on why they think I should pay them and a few months later they wrote back saying they removed that item from my report without any explanation, I guess it was a mistake on their end to begin with.

As a Providian..I mean Washington Mutual..I mean now Chase bank customer I did like (note past tense) the ability to check my credit score on their web site for free, never had to request it they just gave it to me and the history over the past 6 months or so. Since Chase acquired them though that feature is gone, oh well. That really was a unique feature among banks that I had relationships with that kept me there.

I'm also a customer with BofA, and the somewhat unique feature I like with them is the ability to generate temporary credit card numbers, I use that feature extensively, whenever possible really. I'm sure lots of banks offer both of these features, but it's not something I was looking for when I signed up for them at the time(many many years ago), and I think both are nice things to have. I should get more for the ~24% interest rates I pay(I don't mind higher interest rates I see it as incentive to pay it off sooner).

Filed under: Uncategorized 9 Comments
2Sep/09Off

Intel doesn’t like wget

TechOps Guy: Nate

I noticed a couple of days ago, while testing out a new proxy system at my company that Intel doesn't like wget. Out of habbit, I usually use wget and sites like intel.com or cnn.com or netscape.com etc for testing internet connectivity from the command line. It had me running in circles for a little bit trying to troubleshoot the proxy when I realized it was the client that Intel was rejecting. I verified the results on multiple systems on multiple ISPs.

--2009-09-02 11:13:02--  http://www.intel.com/
Resolving www.intel.com... 208.50.77.158, 208.50.77.167
Connecting to www.intel.com|208.50.77.158|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2009-09-02 11:13:02 ERROR 403: Forbidden.

And from another system, on another ISP(note connecting to a different IP on Intel's side):

--2009-09-02 11:12:27--  http://www.intel.com/
Resolving www.intel.com... 96.17.8.8, 96.17.8.80
Connecting to www.intel.com|96.17.8.8|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2009-09-02 11:12:28 ERROR 403: Forbidden.

Don't know what Intel has against little ol wget, it's harmless! I tested curl, lynx and of course other GUI browsers and they were all fine. I haven't gone so far as to change my user agent to see if that is related, I don't know how else they might be able to return a 403 though.

Filed under: Uncategorized No Comments