Some Revision - EIGRP offset lists

Every so often when reading around the internet you come across a post/email with a network related problem that makes you think "hmmmm i've never had to do that" or "that sounds like an interesting problem" - I'll lab it and see if I can find the answer.

Combine that with an area that I do not normally need to work in (EIGRP) and there you go a blog post in the making!


So here is the scenrio:

You are a network admin that looks after three sites, one main site where your offices are and two datacentres.

You have 2x100mbit links to each datacentre and the databcentres have 1x1Gbit link.


The problem:

Traffic to a certain network/host at datacentre 2 is overloading the link so we as the network admins have been asked if we can use the excess capacity on the link to datacentre 1 to spread the traffic.




First we setup the lab:

R1

interface Loopback0
ip address 192.168.101.1 255.255.255.0
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.13.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 192.168.12.0
network 192.168.13.0
network 192.168.101.0
no auto-summary
!


R2

interface Loopback0
ip address 10.100.10.1 255.255.255.0
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.23.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 10.100.10.0 0.0.0.255
network 192.168.12.0
network 192.168.23.0
no auto-summary
!


R3


interface Loopback0
ip address 10.200.10.1 255.255.255.0
!
interface Loopback3
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.13.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.23.3 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 3.3.3.3 0.0.0.0
network 10.200.10.0 0.0.0.255
network 192.168.13.0
network 192.168.23.0
no auto-summary
!




Now the offset lists:
R1

ip access-list standard LOOPBACK
permit 3.3.3.3

router eigrp 100
offset-list LOOPBACK in 4000 FastEthernet0/1



Confirming...

R1


R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, FastEthernet0/0
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
C 192.168.13.0/24 is directly connected, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/158720] via 192.168.12.2, 00:03:14, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
D 10.100.10.0 [90/156160] via 192.168.12.2, 00:05:48, FastEthernet0/0
D 10.200.10.0 [90/156160] via 192.168.13.3, 00:05:48, FastEthernet0/1
D 192.168.23.0/24 [90/30720] via 192.168.13.3, 00:05:48, FastEthernet0/1
[90/30720] via 192.168.12.2, 00:05:48, FastEthernet0/0
C 192.168.101.0/24 is directly connected, Loopback0



Note this bit:

3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/158720] via 192.168.12.2, 00:03:14, FastEthernet0/0

The succesor route is from 192.168.12.2 without the offset list it would be 192.168.13.3.

Here is the output from sh ip eigrp topology all-links

R1#sh ip eigrp topology all-links
IP-EIGRP Topology Table for AS(100)/ID(192.168.101.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 3.3.3.3/32, 1 successors, FD is 158720, serno 9
via 192.168.12.2 (158720/156160), FastEthernet0/0
via 192.168.13.3 (160160/132256), FastEthernet0/1
P 192.168.101.0/24, 1 successors, FD is 128256, serno 3
via Connected, Loopback0
P 10.100.10.0/24, 1 successors, FD is 156160, serno 6
via 192.168.12.2 (156160/128256), FastEthernet0/0
via 192.168.13.3 (158720/156160), FastEthernet0/1
P 192.168.12.0/24, 1 successors, FD is 28160, serno 1
via Connected, FastEthernet0/0
P 192.168.13.0/24, 1 successors, FD is 28160, serno 2
via Connected, FastEthernet0/1
P 192.168.23.0/24, 2 successors, FD is 30720, serno 7
via 192.168.12.2 (30720/28160), FastEthernet0/0
via 192.168.13.3 (30720/28160), FastEthernet0/1
P 10.200.10.0/24, 1 successors, FD is 156160, serno 4
via 192.168.13.3 (156160/128256), FastEthernet0/1
via 192.168.12.2 (158720/156160), FastEthernet0/0



Problem solved :)

Vyatta - Hub And Spoke - OSPF over GRE over IPSEC

So my planned more frequent updates to my blog did not exactly go to plan.

Oh well :) I'm posting today with a good one.

Today we are once again playing the role of a Managed Service Provider who is providing a Managed Cloud Service + Firewall the customer however has two Cisco 3745 routers.

We have two Hubs MSP-R1 and MSP-R2 both Vyatta and R1,R2 both IOS.


Here is a picture:




MSP-R1 - Set Up Interfaces:

interfaces {
ethernet eth0 {
address 213.111.222.1/24
description INTERNET
duplex auto
firewall {
in {
name WAN_IN
}
local {
name VYATTA_IN
}
}
hw-id 08:00:27:a2:7a:a9
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.168.45.1/24
description TRMSPTED
duplex auto
hw-id 08:00:27:03:40:e0
ip {
ospf {
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
smp_affinity auto
speed auto
}
ethernet eth2 {
duplex auto
hw-id 08:00:27:68:d2:71
smp_affinity auto
speed auto
}
loopback lo {
address 1.1.1.1/32
}
tunnel tun0 {
address 10.10.45.1/30
description Linkto R2
encapsulation gre
ip {
ospf {
dead-interval 6
hello-interval 2
priority 1
retransmit-interval 5
transmit-delay 1
}
}
local-ip 1.1.1.1
multicast disable
remote-ip 2.2.2.2
ttl 255
}
tunnel tun1 {
address 10.10.45.5/30
description Linkto R2
encapsulation gre
ip {
ospf {
dead-interval 6
hello-interval 2
priority 1
retransmit-interval 5
transmit-delay 1
}
}
local-ip 1.1.1.1
multicast disable
remote-ip 3.3.3.3
ttl 255
}
}



MSP-R2 - Set Up Interfaces:

interfaces {
ethernet eth0 {
address 213.111.222.10/24
description INTERNET
duplex auto
hw-id 08:00:27:31:80:53
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.168.45.1/24
duplex auto
hw-id 08:00:27:40:cd:1e
ip {
ospf {
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
smp_affinity auto
speed auto
}
loopback lo {
address 10.10.10.10/32
}
tunnel tun0 {
address 10.10.45.9/30
description Linkto R1
encapsulation gre
ip {
ospf {
dead-interval 6
hello-interval 2
priority 1
retransmit-interval 5
transmit-delay 1
}
}
local-ip 10.10.10.10
multicast disable
remote-ip 2.2.2.2
ttl 255
}
tunnel tun1 {
address 10.10.45.13/30
description LinkTo R2
encapsulation gre
ip {
ospf {
dead-interval 6
hello-interval 2
priority 1
retransmit-interval 5
transmit-delay 1
}
}
local-ip 10.10.10.10
multicast disable
remote-ip 3.3.3.3
ttl 255
}
}


R1 - Spoke set up interfaces:

interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 10.10.45.2 255.255.255.252
ip ospf hello-interval 2
ip ospf dead-interval 6
tunnel source Loopback0
tunnel destination 1.1.1.1
!
interface Tunnel1
ip address 10.10.45.10 255.255.255.252
ip ospf hello-interval 2
ip ospf dead-interval 6
tunnel source Loopback0
tunnel destination 10.10.10.10
!
interface FastEthernet0/0
ip address 76.1.1.2 255.255.255.0
duplex auto
speed auto
crypto map MSP-MAP
!
interface FastEthernet0/1
ip address 10.101.0.1 255.255.255.0
duplex auto
speed auto
!



R2 - Spoke set up interfaces:

interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 10.10.45.6 255.255.255.252
ip ospf hello-interval 2
ip ospf dead-interval 6
tunnel source Loopback0
tunnel destination 1.1.1.1
!
interface Tunnel1
ip address 10.10.45.14 255.255.255.252
ip ospf hello-interval 2
ip ospf dead-interval 6
tunnel source Loopback0
tunnel destination 10.10.10.10
!
interface FastEthernet0/0
ip address 76.2.2.2 255.255.255.0
duplex auto
speed auto
no cdp enable
crypto map MSP-MAP
!
interface FastEthernet0/1
ip address 10.202.0.1 255.255.255.0
duplex auto
speed auto
!


MSP-R1 Set up VPN:

vpn {
ipsec {
esp-group ESP-1W {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption 3des
hash sha1
}
}
ike-group IKE-1W {
dead-peer-detection {
action restart
interval 30
timeout 30
}
lifetime 28800
proposal 1 {
encryption 3des
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
exclude 192.168.45.0/24
}
}
nat-traversal enable
site-to-site {
peer 76.1.1.2 {
authentication {
mode pre-shared-secret
pre-shared-secret letmein
}
ike-group IKE-1W
local-ip 213.111.222.1
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group ESP-1W
local-subnet 1.1.1.1/32
remote-subnet 2.2.2.2/32
}
}
peer 76.2.2.2 {
authentication {
mode pre-shared-secret
pre-shared-secret letmein
}
ike-group IKE-1W
local-ip 213.111.222.1
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group ESP-1W
local-subnet 1.1.1.1/32
remote-subnet 3.3.3.3/32
}
}
}
}
}

MSP-R2 Set up VPN:

vpn {
ipsec {
esp-group ESP-1W {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption 3des
hash sha1
}
}
ike-group IKE-1W {
dead-peer-detection {
action restart
interval 30
timeout 30
}
lifetime 28800
proposal 1 {
encryption 3des
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
exclude 192.168.45.0/24
}
}
nat-traversal enable
site-to-site {
peer 76.1.1.2 {
authentication {
mode pre-shared-secret
pre-shared-secret letmein
}
ike-group IKE-1W
local-ip 213.111.222.10
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group ESP-1W
local-subnet 10.10.10.10/32
remote-subnet 2.2.2.2/32
}
}
peer 76.2.2.2 {
authentication {
mode pre-shared-secret
pre-shared-secret letmein
}
ike-group IKE-1W
local-ip 213.111.222.10
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group ESP-1W
local-subnet 10.10.10.10/32
remote-subnet 3.3.3.3/32
}
}
}
}
}



R1 Set up VPN:

!
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key letmein address 213.111.222.1
crypto isakmp key letmein address 213.111.222.10
!
crypto ipsec transform-set MSP-TRANSFORM esp-3des esp-sha-hmac
!
crypto map MSP-MAP 10 ipsec-isakmp
set peer 213.111.222.1
set transform-set MSP-TRANSFORM
match address 101
crypto map MSP-MAP 20 ipsec-isakmp
set peer 213.111.222.10
set transform-set MSP-TRANSFORM
match address 102
!
!
access-list 101 permit 0 host 2.2.2.2 host 1.1.1.1
access-list 102 permit 0 host 2.2.2.2 host 10.10.10.10
!


R2 Set up VPN:

crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key letmein address 213.111.222.1
crypto isakmp key letmein address 213.111.222.10
!
!
crypto ipsec transform-set MSP-TRANSFORM esp-3des esp-sha-hmac
!
crypto map MSP-MAP 10 ipsec-isakmp
set peer 213.111.222.1
set transform-set MSP-TRANSFORM
match address 101
crypto map MSP-MAP 20 ipsec-isakmp
set peer 213.111.222.10
set transform-set MSP-TRANSFORM
match address 102
!
!
access-list 101 permit 0 host 3.3.3.3 host 1.1.1.1
access-list 102 permit 0 host 3.3.3.3 host 10.10.10.10
!




MSP-R1 - OSPF setup

protocols {
ospf {
area 0 {
network 10.10.45.0/30
network 192.168.45.0/24
network 10.10.45.4/30
}
parameters {
abr-type cisco
router-id 1.1.1.1
}
}



MSP-R2 - OSPF setup

protocols {
ospf {
area 0 {
network 192.168.45.0/24
network 10.10.45.8/30
network 10.10.45.12/30
}
parameters {
abr-type cisco
router-id 10.10.10.10
}
}



R1 - OSPF setup

router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 10.10.45.0 0.0.0.3 area 0
network 10.10.45.8 0.0.0.3 area 0
network 10.101.0.0 0.0.0.255 area 0
maximum-paths 6
!



R2 - OSPF setup

router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 10.10.45.4 0.0.0.3 area 0
network 10.10.45.12 0.0.0.3 area 0
network 10.202.0.0 0.0.0.255 area 0
maximum-paths 6
!



Proof is in the pudding -


Routing Tables


R1:

Gateway of last resort is 76.1.1.1 to network 0.0.0.0

2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
O 192.168.43.0/24 [110/11121] via 10.10.43.9, 00:00:01, Tunnel1
[110/11121] via 10.10.43.1, 00:00:01, Tunnel0
76.0.0.0/24 is subnetted, 1 subnets
C 76.1.1.0 is directly connected, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.10.43.8/30 is directly connected, Tunnel1
O 10.10.43.12/30 [110/11121] via 10.10.43.9, 00:00:01, Tunnel1
C 10.10.43.0/30 is directly connected, Tunnel0
O 10.10.43.4/30 [110/11121] via 10.10.43.1, 00:00:01, Tunnel0
C 10.101.0.0/24 is directly connected, FastEthernet0/1
O 10.202.0.0/24 [110/11122] via 10.10.43.1, 00:00:01, Tunnel0
[110/11122] via 10.10.43.9, 00:00:01, Tunnel1
S* 0.0.0.0/0 [1/0] via 76.1.1.1


R2:

Gateway of last resort is 76.2.2.1 to network 0.0.0.0

3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
O 192.168.43.0/24 [110/11121] via 10.10.43.5, 00:01:29, Tunnel0
[110/11121] via 10.10.43.13, 00:01:29, Tunnel1
76.0.0.0/24 is subnetted, 1 subnets
C 76.2.2.0 is directly connected, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.10.43.8/30 [110/11121] via 10.10.43.13, 00:01:29, Tunnel1
C 10.10.43.12/30 is directly connected, Tunnel1
O 10.10.43.0/30 [110/11121] via 10.10.43.5, 00:01:29, Tunnel0
C 10.10.43.4/30 is directly connected, Tunnel0
O 10.101.0.0/24 [110/11122] via 10.10.43.5, 00:01:29, Tunnel0
[110/11122] via 10.10.43.13, 00:01:29, Tunnel1


Vyatta to Cisco - Tunneling from ASA to Vyatta Using VMware and GNS

Its been a while since my last article/lab apologies for that, hopefully I will get back to my once a week schedule (fingers crossed)

So that lab today is for connecting a Vyatta router to a Cisco ASA/PIX and creating a Lan to Lan Tunnel with some one to one src/dst NAT thrown in for good measure :)

Here is the lab:




Here is the proof that is works:

Vyatta to Cisco - Tunneling from ASA to Vyatta Using VMware and GNS from Roggy on Vimeo.

Vyatta config:

interfaces {
ethernet eth0 {
address 10.0.19.1/24
address 10.0.19.10/24
duplex auto
hw-id 00:0c:29:5d:91:c6
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.168.10.1/24
duplex auto
hw-id 00:0c:29:5d:91:d0
smp_affinity auto
speed auto
}
ethernet eth2 {
duplex auto
hw-id 00:0c:29:5d:91:da
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 10.0.19.9 {
}
}
}
}
service {
nat {
rule 5 {
destination {
address 10.20.0.0/24
}
exclude
outbound-interface eth0
source {
address 192.168.10.0/24
}
type masquerade
}
rule 100 {
outbound-interface eth0
outside-address {
address 10.0.19.10
}
source {
address 192.168.10.10
}
type source
}
rule 110 {
destination {
address 10.0.19.10
}
inbound-interface eth0
inside-address {
address 192.168.10.10
}
protocol tcp
type destination
}
rule 900 {
outbound-interface eth0
source {
address 192.168.10.0/24
}
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R1
login {
user vyatta {
authentication {
encrypted-password $1$Oxg1L7oM$v4Vi.4pW3Ai/fPFIzpDzC0
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}
vpn {
ipsec {
esp-group ESP-1W {
compression disable
lifetime 3600
mode tunnel
pfs disable
proposal 1 {
encryption 3des
hash sha1
}
}
ike-group IKE-1W {
lifetime 86400
proposal 1 {
dh-group 2
encryption 3des
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-traversal enable
site-to-site {
peer 10.0.29.2 {
authentication {
mode pre-shared-secret
pre-shared-secret letmein
}
ike-group IKE-1W
local-ip 10.0.19.1
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group ESP-1W
local-subnet 192.168.10.0/24
remote-subnet 10.20.0.0/24
}
}
}
}
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "webgui@1:dhcp-server@4:conntrack-sync@1:firewall@3:qos@1:webproxy@1:vrrp@1:nat@3:ipsec@2:wanloadbalance@2:cluster@1:system@3:quagga@2:dhcp-relay@1" === */




Pix Config:

!
PIX Version 8.0(2)
!
hostname FW1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.0.29.2 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.20.0.1 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list icmp extended permit icmp any any
access-list NO-NAT extended permit ip 10.20.0.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list IPSEC-TUN extended permit ip 10.20.0.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NO-NAT
nat (inside) 1 0.0.0.0 0.0.0.0
access-group icmp in interface outside
access-group icmp out interface outside
access-group icmp in interface inside
access-group icmp out interface inside
route outside 0.0.0.0 0.0.0.0 10.0.29.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set FW1-TRANSFORM esp-3des esp-sha-hmac
crypto map FW1 10 match address IPSEC-TUN
crypto map FW1 10 set peer 10.0.19.1
crypto map FW1 10 set transform-set FW1-TRANSFORM
crypto map FW1 interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
tunnel-group 10.0.19.1 type ipsec-l2l
tunnel-group 10.0.19.1 ipsec-attributes
pre-shared-key letmein
prompt hostname context




Enjoy!

Vyatta - Remote Access VPN with L2TP and PPTP

Hi,

I have done a remote access VPN lab before - with OpenVPN. This one is with the more widely accepted L2TP and PPTP. So accepted infact that both the iphone and ipad like it too.

So here we go how to configure a VM to allow remote access from iPhone,iPad and Windows Xp.

Part1:
Introduction
Setup

Vyatta - Remote Access VPN - L2TP,PPTP -Part1 from Roggy on Vimeo.

Part2:
Setup Continued

Vyatta - Remote Access VPN - L2TP,PPTP -Part2 from Roggy on Vimeo.

Part3:
Actually Configuring L2TP and PPTP

Vyatta - Remote Access VPN - L2TP,PPTP -Part3 from Roggy on Vimeo.

Part4:
Settting up Firewall

Vyatta - Remote Access VPN - L2TP,PPTP -Part4 from Roggy on Vimeo.

Vyatta - Final 6.0 with updated VMtools for vSphere 4.1

So its been a busy few weeks with all the news and related blog articles on vSphere 4.1
I finally got around to extracting vmtools 8.3.x and intergrating it into the Vyatta Appliance.

There is also something different with this release, the source code for vmtools has been modified to prevent Large Recieve Offload.LRO is defined as:

In computer networking, large receive offload is a technique for increasing inbound throughput of high-bandwidth network connections by reducing CPU overhead. It works by aggregating multiple incoming packets from a single stream into a larger buffer before they are passed higher up the networking stack, thus reducing the number of packets that have to be processed. In Linux, it is generally used in conjunction with the New API (NAPI) to also reduce the number of interrupts.

There have been a few users reporting an issue with LRO and others requesting the intergration of the latest version of VMtools..so here you go:

Download Vyatta VC 6 with LRO patch and the latest VMtools


I would like a few people to test this release and let mw know how it goes before making it live on the VAM.



References:
http://www.vyatta.org/forum/viewtopic.php?t=3030&postdays=0&postorder=asc&start=105
http://nwsmith.blogspot.com/2010/07/patching-vmxnet-to-disable-lro.html
http://en.wikipedia.org/wiki/Large_receive_offload

vSphere 4.1 and KB1011292

Hi everyone,

So I have been trying to get together some hands on 4.1 videos for you guys (and girls)
however KB1011292 has been my main reason for not upgrading.

What is KB1011292 I here you ask?:
"VMware View Composer 2.0.x is not supported in a vSphere vCenter Server 4.1 managed environment as vSphere vCenter Server 4.1 requires a 64 bit operating system and VMware View Composer does not support 64 bit operating systems.

VMware View 4.0.x customers who use View Composer should not upgrade to vSphere vCenter Server 4.1 at this time. Our upcoming VMware View 4.5 will be supported on VMware vSphere 4.1."


As you know the supported way of upgrading your vSphere enviroment is like this:
1) Upgrade vCenter
2) Upgrade ESX hosts
3) Upgrade vmware tools
4) Upggrade vm hardware version.

Therefore if you run VMware View 4 with composer your trip into 4.1 greatness is going to come grinding to a halt with step 1.

Having VDI is great however it makes upgrading a pain...so roll on VMware View 4.5 with your 64bit composer.


And for those not tide to VDI here is the Vsphere upgrade guide:
Upgrade Guide

vSphere 4.1!

OK, so vSphere 4.1 is out! and now the embargo is lifted I can finally share some of the awesome new features in 4.1.

Now lets be honest there are so many new and cool features in 4.1 that most other companies would probably release it as a version 5.0!But VMware release it as a point release...and that's cool.

Enough of the chit chat you did not come here to hear how great VMware is, its more about what are these new features? Is it worth upgrading to? and are they worth all the fuss?

So the features:


and here is a summary of the features that I think really count and why:

1)Storage I/O control
Prioritized use of storage (similar to how compute is prioritized with vSphere)
this means you can now make sure that your "VIV"s or Very Important VMs get the IO they need when you have IO congestion. This is done via the I/O Shares within the VM properties.

2)Network I/O Control
Set different levels of service per Storage Flow type.
virtual machine, vMotion, FT, and IP storage traffic.
This means you can make iSCSI or NFS take priority over vMotion.
But there is a gotcha:
Enabled with Distributed Switch only and therefore Enterprise Plus only


3)Memory Compression
Slower than real memory but much faster than swapping to disk.
Improves the performance for the VM when under contention as far less memory is swapped to disk.


4)vMotion Performance Increases and Scale Increases
Allows up to 4 on a 1Gbps network and 8 on a 10Gbps network.

5) Storage vMotion Scale Increases
Allows up to 128 (both VMFS and NFS)

6) DRS Host affinity
Allows you set set rules on where your VMs vMotion to when DRS needs to move them.
e.g. VM W2003-DC1 only goes to DRS Group 1, however VM W2003-Exchange only goes to DRS Group 2.

Here is where you create the rules:


7)vStorage API for Array Integration
This is another great feature (if supported by your SAN),
essentially this means vSphere can interact directly with your SAN.
Therefore instead of copying the files from one datastore to another, it instructs the SAN to move the blocks for you! Increasing the performance for Storage vMotion and Provisioning VMs etc


Also noteworthy:
4.1 will be the last release for ESX (ESX Classic) from now on there will only be ESXi releases


The binaries are avalible now so go grab them!

References:
Thanks for John Toyer@vmware