Sunday 20 June 2010

Roggyblog on Twitter!

If you have a question/suggestions tweet me:
@roggyblog

New Vyatta Appliance!

This is the most up to version of the VC6.0 release (June 01, 2010)
with VMware tools installed and ready to go.

Here is the download from VMware:
http://www.vmware.com/appliances/directory/383813

and the direct link:
here

VMware View 4 - Tour!

Hey Everyone,


This is a long overdue video however it should be worth it :)

Hopefully this video will help those of you trying to get to griping with VDI/VMware View and answers questions like:

1) What is the composer? What does it do?
2) What is the agent? How do I fix "waiting for agent"?
3) What is PCoIP?
etc..

Reference Diagram:



Part 1:
Tour of VMware View 4
Components Required
Where to install components
What each bit does

VMware View 4 - Part 1 from Roggy on Vimeo.





Part 2:
Using the VMware View Manager
Desktop pools
Entitlement
Playing 720p video within VMware View Client with PCoIP


VMware View 4 - Part 2 from Roggy on Vimeo.




Enjoy!


Sources:
Picture taken from here (ty!):
http://www.ntpro.nl/blog/uploads/

Sunday 13 June 2010

Multipathing and Multiple Connections Per Session - Two sides of the same iSCSI coin?

One again a record breaking title for a post! lets hope my google-fu is not
effected by long titles...or I'm in real trouble ;)

So I was working today on something that envolved me testing iSCSI functionality with Windows Server 2008.
While I was waiting for the VM to come up, I set about testing the iSCSI initiator within Windows 7.

What interested me most was a feature called "MCS" which stands for Multiple Connections Per Session and is defined within RFC-3720 and as such a a protocol level feature that allows features we have previously seen with MPIO.

Here is how to get there:

Load the iscsi software from Control Panel->Administative Tools->iSCSI Initiator:
Pic1:




Select the Target from the list click "properties"
Pic2:




Select the MCS policy you wish to have, I selected "fail over only" which is the same
as "fixed" in MPIO world.


Pic3:




You probably will only have one session at the moment, therfore click "add"
Dont click "connect"!

Pic4:



Click "Advanced"
Here is where you pick the other iSCSI target portal.

Pic5:






And thats great! we have a redundant path to our iSCSI targets..but notice this button:

Pic6:




Hmm MPIO is not avalible within Windows 7, which is fine as MCS pretty much gets us to the same place (Inface some say MCS is better) however with Windows Server 2008 we have the option of MPIO so lets give it a go!

First thing to remember is that MPIO is a driver thing so if you have an EMC,3par,netapp,Dell etc device they all have MPIO driver for Windows 2008 so you need to follow their instructions (and look for DSM instructions), here we are using Windows 2008 Software iSCSI Initiator and Windows Server 2008 native MPIO driver.

When you install/start iscsi on windows server 2008 it asks you to install MPIO, if you said no..or just forgot install MPIO like this:

From the "Add features Wizard"
Pic1:



Once installed select MPIO from Control Panel click "Add support for iSCSI devices"
then reboot (p.s. here is where you would add the 3rd Party DSM drive btw)

Pic2:



Go Back to the iscsi Initiator (within Administrative tools)
Pic3:



Select the target click properties
Pic4:


Highlight the sessions click "Devices..."

Pic5:



Click MPIO and select the Policy you want
Pic6:





Hope that helps someone out there!


Sources:
http://www.ietf.org/rfc/rfc3720.txt

http://www.windowsitpro.com/article/virtualization2/Q-With-iSCSI-what-s-the-difference-between-Multipath-I-O-MPIO-and-multiple-connections-per-session-MCS-.aspx

Sunday 6 June 2010

Thank You VMware - vExpert for Roggy!




A certain sense of disbelief hit me when I received the email from John Troyer letting me know that I had become a vExpert 2010.
It is an honour to be given this award especially considering the company I am in and the sites they have created:
Duncan Epping Yellow Bricks
Edwin Friesen Thinstall Guru
Eric Sloof NTPRO.NL
These sites are not only unique but also technically outstanding and if you have not bookmarked them already I suggest you do!
So thank you VMware and thank you John Troyer for making giving back to the community so easy

Friday 4 June 2010

Basic BGP - Path Selection with Vyatta

There is actually very little BGP documentation out there on Vyatta, which is strange as if there is one real strength of Vyatta it is BGP.
This set of videos is all about BGP and if it proves popular I will do some more with some more advanced features.

Here is the Picture:




Basic BGP - Path Selection with Vyatta -Part 1
General Setup

Basic BGP - Path Selection with Vyatta -Part 1 from Roggy on Vimeo.




Basic BGP - Path Selection with Vyatta -Part 2

Checking BGP peering
Adding Next-hop-self


Basic BGP - Path Selection with Vyatta -Part 2 from Roggy on Vimeo.



Basic BGP - Path Selection with Vyatta -Part 3
Creating ACLs
Creating Prefix Lists
Creating Route-maps
Setting Local Pref
Setting Med
Clearing a Peer


Basic BGP - Path Selection with Vyatta -Part 3 from Roggy on Vimeo.




Although it can seem a little boring, I always like to include the full configs:
R1

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.12.123.1/24
description R1-R2-R3
duplex auto
hw-id 00:0c:29:fe:17:2d
smp_affinity auto
speed auto
}
ethernet eth1 {
duplex auto
hw-id 00:0c:29:fe:17:37
smp_affinity auto
speed auto
}
ethernet eth2 {
address dhcp
duplex auto
hw-id 00:0c:29:fe:17:41
smp_affinity auto
speed auto
}
loopback lo {
address 5.5.5.5/24
address 6.6.6.6/24
address 7.7.7.7/24
address 8.8.8.8/24
}
}
policy {
}
protocols {
bgp 1 {
neighbor 172.12.123.2 {
remote-as 234
}
neighbor 172.12.123.3 {
remote-as 234
}
redistribute {
connected {
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
nat {
rule 10 {
outbound-interface eth0
source {
address 192.168.10.0/24
}
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R1
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */



R2

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.12.123.2/24
description R1-R2-R3
duplex auto
hw-id 00:0c:29:fa:84:8d
smp_affinity auto
speed auto
}
ethernet eth1 {
address 172.12.234.2/24
description Inside
duplex auto
hw-id 00:0c:29:fa:84:97
smp_affinity auto
speed auto
}
ethernet eth2 {
address dhcp
description DMZ
duplex auto
hw-id 00:0c:29:fa:84:a1
smp_affinity auto
speed auto
}
loopback lo {
}
}
policy {
access-list 100 {
rule 10 {
action permit
destination {
any
}
source {
any
}
}
}
access-list 150 {
rule 10 {
action permit
destination {
any
}
source {
inverse-mask 0.0.0.255
network 172.12.234.0
}
}
}
route-map SET-LOCAL-PREF {
rule 10 {
action permit
match {
ip {
address {
access-list 100
}
}
}
set {
local-preference 301
}
}
}
route-map SET-MED {
rule 10 {
action permit
match {
ip {
address {
access-list 150
}
}
}
set {
metric 201
}
}
rule 20 {
action permit
match {
ip {
address {
access-list 100
}
}
}
}
}
}
protocols {
bgp 234 {
neighbor 172.12.123.1 {
remote-as 1
route-map {
export SET-MED
}
}
neighbor 172.12.234.4 {
nexthop-self
remote-as 234
route-map {
export SET-LOCAL-PREF
}
}
redistribute {
connected {
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R2
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */



R3

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.12.123.3/24
description R1-R2-R3
duplex auto
hw-id 00:0c:29:21:bd:6f
smp_affinity auto
speed auto
}
ethernet eth1 {
address 172.12.234.3/24
description R2-R3-R4
duplex auto
hw-id 00:0c:29:21:bd:79
smp_affinity auto
speed auto
}
ethernet eth2 {
address dhcp
description DMZ
duplex auto
hw-id 00:0c:29:21:bd:83
smp_affinity auto
speed auto
}
loopback lo {
}
}
policy {
access-list 150 {
rule 10 {
action permit
destination {
any
}
source {
inverse-mask 0.0.0.255
network 172.12.234.0
}
}
}
prefix-list ALL-ROUTES {
rule 10 {
action permit
le 32
prefix 0.0.0.0/0
}
}
route-map SET-LOCAL-PREF {
rule 10 {
action permit
match {
ip {
address {
prefix-list ALL-ROUTES
}
}
}
set {
local-preference 201
}
}
}
route-map SET-MED {
rule 10 {
action permit
match {
ip {
address {
access-list 150
}
}
}
set {
metric 101
}
}
rule 20 {
action permit
match {
ip {
address {
prefix-list ALL-ROUTES
}
}
}
}
}
}
protocols {
bgp 234 {
neighbor 172.12.123.1 {
remote-as 1
route-map {
export SET-MED
}
}
neighbor 172.12.234.4 {
nexthop-self
remote-as 234
route-map {
export SET-LOCAL-PREF
}
}
redistribute {
connected {
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R3
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */



R4

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.12.234.4/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address dhcp
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
bgp 234 {
neighbor 172.12.234.2 {
remote-as 234
}
neighbor 172.12.234.3 {
remote-as 234
}
redistribute {
connected {
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name POOL1 {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
domain-name Vyatta.local
lease 86400
start 192.168.10.10 {
stop 192.168.10.200
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
nat {
rule 10 {
outbound-interface eth0
source {
address 192.168.10.0/24
}
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R4
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */