tag:blogger.com,1999:blog-3856261798217203962024-02-20T17:35:23.058-08:00RoggyRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.comBlogger129125tag:blogger.com,1999:blog-385626179821720396.post-80878101067476382522012-10-27T16:06:00.004-07:002012-10-27T16:08:20.508-07:00Vyatta 6.5!Hi all,
So Vyatta 6.5 is out, have a look at the features:<br />
<b><u>(http://www.vyatta.com/downloads/documentation/VC6.5/VC65.zip)</u></b><br />
<br />
<code> </code><br />
<u> <b>Policy-Based Routing (PBR)</b></u><br />
PBR allows incoming packets to be forwarded based on policies, rather than just on the destination address. This enables the use of policies that selectively cause packets to take different paths based on defined criteria, such as source address, packet size, protocol, etc... By implementing policies that selectively cause packets to take different paths, network administrators have a powerful new tool for organizing and managing the network. Using PBR, administrators and managers are capable of:
Increasing quality of service by giving preferential treatment to bandwidth sensitive or high-priority traffic
Reducing capital and operating expenses by distributing select traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost, switched paths
Prioritizing critical data over non-critical data
Distributing traffic down multiple circuits to avoid connection overload<br />
<br />
<br />
<br />
<br />
<u><b> Virtual Tunnel Interface (VTI)</b> </u><br />
<br />
<u> </u>
VTI is a way to represent policy-based IPsec tunnels as virtual interfaces. Vyatta's implementation of VTI mirrors proven industry standards for secure tunnel (st.xx). The advantage of representing an IPsec tunnel as an interface makes it possible to plug IPsec tunnels into the routing protocol infrastructure of a router. Therefore, it becomes possible to influence the packet path by toggling the link state of the tunnel or based on routing metrics.
A VTI provides a termination point for a site-to-site IPsec VPN tunnel and allows it to behave like routable interfaces. In addition to simplifying the IPsec configuration, it enables many common routing capabilitiesto be used because the endpoint is associated with an actual interface.
VTI benefits include:
Simplified configuration of IPsec for protection of remote links
Simplified network management and load balancing
Dynamic routing through VTI
No GRE overhead
No need to use access lists to create a tunnel
<b> </b><br />
<br />
<br />
<u><b>BGP Multipath</b> </u><br />
IP routing protocols are designed to select a single best path to a given destination for forwarding traffic. However, many routing protocols have enhanced support for selecting multiple paths, with certain limitations. Multiple paths are useful for traffic engineering, load sharing, load balancing and to help provide quicker failover. This also reduces the probability of a link being left unused.
BGP Multipath in Vyatta Network OS 6.5 enables the installation of multiple BGP paths to a destination into the IP routing table. BGP Multipath does not affect the BGP best path selection process. One of the available paths is still designated as the best path as per the standard algorithm and configured/operational conditions. This best path is also advertised to the BGP neighbors. The Vyatta implementations of BGP Multipath will support EBGP and IBGP, but will not support EIGBP, exclusive confed-external path set or MPLS/VPN.
<b> </b><br />
<br />
<br />
<b>IPsec for IPv6</b>
Vyatta Network OS 6.5 delivers IPsec support for IPv6 using Internet key management protocol IKEv1. It will not deliver IPsec support for IPv6 using IKEv2. We anticipate that IKEv2 support will be introduced for both IPv4 and IPv6 in a subsequent release.
Improved VRRP Commands
The VRRP (Virtual Router Redundancy Protocol) operational mode commands have been modified to improve usability and ensure the commands are consistent with the command structure used throughout Vyatta Network OS.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
I dont know about you but PDR is (IMHO) the best feature here - I also know the upstream work vyatta has done with Quagga to get this done and its pretty awesome.
The other 2 - VTI is cool - but can be done with GRE, but its just simplier, and BGP Mutipath (not MP-BGP that would be awesome!!) is again cool but meh :)<br />
<br />
For those that cant wait and want docuementation grab it here:<br />
<b><u>http://www.vyatta.com/downloads/documentation/VC6.5/VC65.zip</u></b><br />
<br />
<br />
<b><i> So thank you Vyatta for 6.5 and roll on core!! </i></b><br />
<br />
<br />
<br />
<br />
Sources:
http://www.vyatta.com/product/vyatta-network-os/whats-new
Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com22tag:blogger.com,1999:blog-385626179821720396.post-22548643488917602152012-04-26T03:34:00.000-07:002012-04-26T03:35:14.483-07:00VMware - I want these now! App Blast and OctopusSmall post - and just two small requests:
<p>
<b>Project Octopus - Think dropbox for VMware yet enables Hybrid dropbox clouds too</b>
<p>
<object style="height: 390px; width: 600px"><param name="movie" value="http://www.youtube.com/v/2Sh3Ohn6J08?version=3&feature=player_detailpage"><param name="allowFullScreen" value="true"><param name="allowScriptAccess" value="always"><embed src="http://www.youtube.com/v/2Sh3Ohn6J08?version=3&feature=player_detailpage" type="application/x-shockwave-flash" allowfullscreen="true" allowScriptAccess="always" width="600" height="360"></object>
<p>
<b>Project Appblast - Like Citrix Access Gateway or Xen App but not Citrix Receiver as it is all HTML5!</b>
<p>
<object style="height: 390px; width: 600px"><param name="movie" value="http://www.youtube.com/v/QBxm5CBPeG8?version=3&feature=player_detailpage"><param name="allowFullScreen" value="true"><param name="allowScriptAccess" value="always"><embed src="http://www.youtube.com/v/QBxm5CBPeG8?version=3&feature=player_detailpage" type="application/x-shockwave-flash" allowfullscreen="true" allowScriptAccess="always" width="600" height="360"></object>
<p>Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com0tag:blogger.com,1999:blog-385626179821720396.post-67496901559280684362012-01-25T04:44:00.000-08:002012-01-25T05:30:01.687-08:00Some Revision - EIGRP offset listsEvery so often when reading around the internet you come across a post/email with a network related problem that makes you think "hmmmm i've never had to do that" or "that sounds like an interesting problem" - I'll lab it and see if I can find the answer.<br /><br />Combine that with an area that I do not normally need to work in (EIGRP) and there you go a blog post in the making!<br /><br /><br />So here is the scenrio:<br /><br />You are a network admin that looks after three sites, one main site where your offices are and two datacentres.<br /><br />You have 2x100mbit links to each datacentre and the databcentres have 1x1Gbit link.<br /><br /><br />The problem:<br /><br />Traffic to a certain network/host at datacentre 2 is overloading the link so we as the network admins have been asked if we can use the excess capacity on the link to datacentre 1 to spread the traffic.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLgm92NMua7vs35AcUy032urhShCP7oR-3tL6viBD2-FAJLwcNUGOuHqlxX1l7pJwO6lvPjDStP25x17xb8RNSxTniEm0DeyEgwSNgjf2JIdLMFbcv8fo9EpBuEjExUdEpSwxrWXqt1Qsv/s1600/EIGRP.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 231px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLgm92NMua7vs35AcUy032urhShCP7oR-3tL6viBD2-FAJLwcNUGOuHqlxX1l7pJwO6lvPjDStP25x17xb8RNSxTniEm0DeyEgwSNgjf2JIdLMFbcv8fo9EpBuEjExUdEpSwxrWXqt1Qsv/s320/EIGRP.JPG" border="0" alt=""id="BLOGGER_PHOTO_ID_5701560602916053010" /></a><br /><br /><br />First we setup the lab:<br /><br /><span style="font-weight:bold;">R1<span style="font-style:italic;"></span></span><br /><code><br />interface Loopback0<br /> ip address 192.168.101.1 255.255.255.0<br />!<br />interface Loopback1<br /> ip address 1.1.1.1 255.255.255.255<br />!<br />interface FastEthernet0/0<br /> ip address 192.168.12.1 255.255.255.0<br /> duplex auto<br /> speed auto<br />!<br />interface FastEthernet0/1<br /> ip address 192.168.13.1 255.255.255.0<br /> duplex auto<br /> speed auto<br />!<br />router eigrp 100<br /> network 192.168.12.0<br /> network 192.168.13.0<br /> network 192.168.101.0<br /> no auto-summary<br />!<br /></code><br /><br /><span style="font-weight:bold;">R2<span style="font-style:italic;"></span></span><br /><code><br />interface Loopback0<br /> ip address 10.100.10.1 255.255.255.0<br />!<br />interface Loopback1<br /> ip address 2.2.2.2 255.255.255.255<br />!<br />interface FastEthernet0/0<br /> ip address 192.168.12.2 255.255.255.0<br /> duplex auto<br /> speed auto<br />!<br />interface FastEthernet0/1<br /> ip address 192.168.23.2 255.255.255.0<br /> duplex auto<br /> speed auto<br />!<br />router eigrp 100<br /> network 10.100.10.0 0.0.0.255<br /> network 192.168.12.0<br /> network 192.168.23.0<br /> no auto-summary<br />!<br /></code><br /><br /><span style="font-weight:bold;">R3<span style="font-style:italic;"></span></span><br /><br /><code><br />interface Loopback0<br /> ip address 10.200.10.1 255.255.255.0<br />!<br />interface Loopback3<br /> ip address 3.3.3.3 255.255.255.255<br />!<br />interface FastEthernet0/0<br /> ip address 192.168.13.3 255.255.255.0<br /> duplex auto<br /> speed auto<br />!<br />interface FastEthernet0/1<br /> ip address 192.168.23.3 255.255.255.0<br /> duplex auto<br /> speed auto<br />!<br />router eigrp 100<br /> network 3.3.3.3 0.0.0.0<br /> network 10.200.10.0 0.0.0.255<br /> network 192.168.13.0<br /> network 192.168.23.0<br /> no auto-summary<br />!<br /></code><br /><br /><br /><br />Now the offset lists:<br /><span style="font-weight:bold;">R1<span style="font-style:italic;"></span></span><br /><code><br />ip access-list standard LOOPBACK<br /> permit 3.3.3.3<br /><br />router eigrp 100<br />offset-list LOOPBACK in 4000 FastEthernet0/1<br /></code><br /><br /><br />Confirming...<br /><br /><span style="font-weight:bold;">R1<span style="font-style:italic;"></span></span><br /><br /><code><br />R1#sh ip route <br />Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP<br /> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area <br /> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br /> E1 - OSPF external type 1, E2 - OSPF external type 2<br /> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2<br /> ia - IS-IS inter area, * - candidate default, U - per-user static route<br /> o - ODR, P - periodic downloaded static route<br /><br />Gateway of last resort is not set<br /><br />C 192.168.12.0/24 is directly connected, FastEthernet0/0<br /> 1.0.0.0/32 is subnetted, 1 subnets<br />C 1.1.1.1 is directly connected, Loopback1<br />C 192.168.13.0/24 is directly connected, FastEthernet0/1<br /> 3.0.0.0/32 is subnetted, 1 subnets<br />D 3.3.3.3 [90/158720] via 192.168.12.2, 00:03:14, FastEthernet0/0<br /> 10.0.0.0/24 is subnetted, 2 subnets<br />D 10.100.10.0 [90/156160] via 192.168.12.2, 00:05:48, FastEthernet0/0<br />D 10.200.10.0 [90/156160] via 192.168.13.3, 00:05:48, FastEthernet0/1<br />D 192.168.23.0/24 [90/30720] via 192.168.13.3, 00:05:48, FastEthernet0/1<br /> [90/30720] via 192.168.12.2, 00:05:48, FastEthernet0/0<br />C 192.168.101.0/24 is directly connected, Loopback0<br /><br /></code><br /><br />Note this bit:<br /><br /> 3.0.0.0/32 is subnetted, 1 subnets<br />D 3.3.3.3 [90/158720] via 192.168.12.2, 00:03:14, FastEthernet0/0<br /><br />The succesor route is from 192.168.12.2 without the offset list it would be 192.168.13.3.<br /><br />Here is the output from <span style="font-style:italic;">sh ip eigrp topology all-links</span> <br /><code><br />R1#sh ip eigrp topology all-links <br />IP-EIGRP Topology Table for AS(100)/ID(192.168.101.1)<br /><br />Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,<br /> r - reply Status, s - sia Status <br /><br />P 3.3.3.3/32, 1 successors, FD is 158720, serno 9<br /> via 192.168.12.2 (158720/156160), FastEthernet0/0<br /> via 192.168.13.3 (160160/132256), FastEthernet0/1<br />P 192.168.101.0/24, 1 successors, FD is 128256, serno 3<br /> via Connected, Loopback0<br />P 10.100.10.0/24, 1 successors, FD is 156160, serno 6<br /> via 192.168.12.2 (156160/128256), FastEthernet0/0<br /> via 192.168.13.3 (158720/156160), FastEthernet0/1<br />P 192.168.12.0/24, 1 successors, FD is 28160, serno 1<br /> via Connected, FastEthernet0/0<br />P 192.168.13.0/24, 1 successors, FD is 28160, serno 2<br /> via Connected, FastEthernet0/1<br />P 192.168.23.0/24, 2 successors, FD is 30720, serno 7<br /> via 192.168.12.2 (30720/28160), FastEthernet0/0<br /> via 192.168.13.3 (30720/28160), FastEthernet0/1<br />P 10.200.10.0/24, 1 successors, FD is 156160, serno 4<br /> via 192.168.13.3 (156160/128256), FastEthernet0/1<br /> via 192.168.12.2 (158720/156160), FastEthernet0/0<br /></code><br /><br /><br />Problem solved :)Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com3tag:blogger.com,1999:blog-385626179821720396.post-10445383354474581482011-07-13T06:58:00.000-07:002011-07-13T08:39:24.996-07:00Vyatta - Hub And Spoke - OSPF over GRE over IPSECSo my planned more frequent updates to my blog did not exactly go to plan.<br /><br />Oh well :) I'm posting today with a good one.<br /><br />Today we are once again playing the role of a Managed Service Provider who is providing a Managed Cloud Service + Firewall the customer however has two Cisco 3745 routers.<br /><br />We have two Hubs MSP-R1 and MSP-R2 both Vyatta and R1,R2 both IOS.<br /><br /><br />Here is a picture:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP2X96mZPsmFEYkhT0y7fi8Vmt5rR4aTyizU0LbldKKRtummmyI_ntCmPqfbjcZNclfXN6x9apl7N2y1IIfx-tVUKA8lkHxZWNo_cDfKK7jH8n-pfu9N4CrdlaqEXTDMdCtgzaG5DG9igo/s1600/gif_1.gif"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 257px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP2X96mZPsmFEYkhT0y7fi8Vmt5rR4aTyizU0LbldKKRtummmyI_ntCmPqfbjcZNclfXN6x9apl7N2y1IIfx-tVUKA8lkHxZWNo_cDfKK7jH8n-pfu9N4CrdlaqEXTDMdCtgzaG5DG9igo/s320/gif_1.gif" border="0" alt=""id="BLOGGER_PHOTO_ID_5628850776423212690" /></a><br /><br /><br /><span style="font-weight:bold;">MSP-R1 - Set Up Interfaces:<span style="font-style:italic;"></span></span><br /><code><br />interfaces {<br /> ethernet eth0 {<br /> address 213.111.222.1/24<br /> description INTERNET<br /> duplex auto<br /> firewall {<br /> in {<br /> name WAN_IN<br /> }<br /> local {<br /> name VYATTA_IN<br /> }<br /> }<br /> hw-id 08:00:27:a2:7a:a9<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth1 {<br /> address 192.168.45.1/24<br /> description TRMSPTED<br /> duplex auto<br /> hw-id 08:00:27:03:40:e0<br /> ip {<br /> ospf {<br /> dead-interval 40<br /> hello-interval 10<br /> priority 1<br /> retransmit-interval 5<br /> transmit-delay 1<br /> }<br /> }<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth2 {<br /> duplex auto<br /> hw-id 08:00:27:68:d2:71<br /> smp_affinity auto<br /> speed auto<br /> }<br /> loopback lo {<br /> address 1.1.1.1/32<br /> }<br /> tunnel tun0 {<br /> address 10.10.45.1/30<br /> description Linkto R2<br /> encapsulation gre<br /> ip {<br /> ospf {<br /> dead-interval 6<br /> hello-interval 2<br /> priority 1<br /> retransmit-interval 5<br /> transmit-delay 1<br /> }<br /> }<br /> local-ip 1.1.1.1<br /> multicast disable<br /> remote-ip 2.2.2.2<br /> ttl 255<br /> }<br /> tunnel tun1 {<br /> address 10.10.45.5/30<br /> description Linkto R2<br /> encapsulation gre<br /> ip {<br /> ospf {<br /> dead-interval 6<br /> hello-interval 2<br /> priority 1<br /> retransmit-interval 5<br /> transmit-delay 1<br /> }<br /> }<br /> local-ip 1.1.1.1<br /> multicast disable<br /> remote-ip 3.3.3.3<br /> ttl 255<br /> }<br />}<br /></code><br /><br /><br /><span style="font-weight:bold;">MSP-R2 - Set Up Interfaces:<span style="font-style:italic;"></span></span><br /><code><br />interfaces {<br /> ethernet eth0 {<br /> address 213.111.222.10/24<br /> description INTERNET<br /> duplex auto<br /> hw-id 08:00:27:31:80:53<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth1 {<br /> address 192.168.45.1/24<br /> duplex auto<br /> hw-id 08:00:27:40:cd:1e<br /> ip {<br /> ospf {<br /> dead-interval 40<br /> hello-interval 10<br /> priority 1<br /> retransmit-interval 5<br /> transmit-delay 1<br /> }<br /> }<br /> smp_affinity auto<br /> speed auto<br /> }<br /> loopback lo {<br /> address 10.10.10.10/32<br /> }<br /> tunnel tun0 {<br /> address 10.10.45.9/30<br /> description Linkto R1<br /> encapsulation gre<br /> ip {<br /> ospf {<br /> dead-interval 6<br /> hello-interval 2<br /> priority 1<br /> retransmit-interval 5<br /> transmit-delay 1<br /> }<br /> }<br /> local-ip 10.10.10.10<br /> multicast disable<br /> remote-ip 2.2.2.2<br /> ttl 255<br /> }<br /> tunnel tun1 {<br /> address 10.10.45.13/30<br /> description LinkTo R2<br /> encapsulation gre<br /> ip {<br /> ospf {<br /> dead-interval 6<br /> hello-interval 2<br /> priority 1<br /> retransmit-interval 5<br /> transmit-delay 1<br /> }<br /> }<br /> local-ip 10.10.10.10<br /> multicast disable<br /> remote-ip 3.3.3.3<br /> ttl 255<br /> }<br />}<br /></code><br /><br /><span style="font-style:italic;">R1 - Spoke set up interfaces:<span style="font-weight:bold;"></span></span><br /><code><br />interface Loopback0<br /> ip address 2.2.2.2 255.255.255.255<br />!<br />interface Tunnel0<br /> ip address 10.10.45.2 255.255.255.252<br /> ip ospf hello-interval 2<br /> ip ospf dead-interval 6<br /> tunnel source Loopback0<br /> tunnel destination 1.1.1.1<br />!<br />interface Tunnel1<br /> ip address 10.10.45.10 255.255.255.252<br /> ip ospf hello-interval 2<br /> ip ospf dead-interval 6<br /> tunnel source Loopback0<br /> tunnel destination 10.10.10.10<br />!<br />interface FastEthernet0/0<br /> ip address 76.1.1.2 255.255.255.0<br /> duplex auto<br /> speed auto<br /> crypto map MSP-MAP<br />!<br />interface FastEthernet0/1<br /> ip address 10.101.0.1 255.255.255.0<br /> duplex auto<br /> speed auto<br />!<br /></code><br /><br /><br /><span style="font-weight:bold;">R2 - Spoke set up interfaces:<span style="font-style:italic;"></span></span><br /><code><br />interface Loopback0<br /> ip address 3.3.3.3 255.255.255.255<br />!<br />interface Tunnel0<br /> ip address 10.10.45.6 255.255.255.252<br /> ip ospf hello-interval 2<br /> ip ospf dead-interval 6<br /> tunnel source Loopback0<br /> tunnel destination 1.1.1.1<br />!<br />interface Tunnel1<br /> ip address 10.10.45.14 255.255.255.252<br /> ip ospf hello-interval 2<br /> ip ospf dead-interval 6<br /> tunnel source Loopback0<br /> tunnel destination 10.10.10.10<br />!<br />interface FastEthernet0/0<br /> ip address 76.2.2.2 255.255.255.0<br /> duplex auto<br /> speed auto<br /> no cdp enable<br /> crypto map MSP-MAP<br />!<br />interface FastEthernet0/1<br /> ip address 10.202.0.1 255.255.255.0<br /> duplex auto<br /> speed auto<br />!<br /></code><br /><br /><span style="font-weight:bold;">MSP-R1 Set up VPN:<span style="font-style:italic;"></span></span><br /><code><br />vpn {<br /> ipsec {<br /> esp-group ESP-1W {<br /> compression disable<br /> lifetime 3600<br /> mode tunnel<br /> pfs enable<br /> proposal 1 {<br /> encryption 3des<br /> hash sha1<br /> }<br /> }<br /> ike-group IKE-1W {<br /> dead-peer-detection {<br /> action restart<br /> interval 30<br /> timeout 30<br /> }<br /> lifetime 28800<br /> proposal 1 {<br /> encryption 3des<br /> hash sha1<br /> }<br /> }<br /> ipsec-interfaces {<br /> interface eth0<br /> }<br /> nat-networks {<br /> allowed-network 0.0.0.0/0 {<br /> exclude 192.168.45.0/24<br /> }<br /> }<br /> nat-traversal enable<br /> site-to-site {<br /> peer 76.1.1.2 {<br /> authentication {<br /> mode pre-shared-secret<br /> pre-shared-secret letmein<br /> }<br /> ike-group IKE-1W<br /> local-ip 213.111.222.1<br /> tunnel 1 {<br /> allow-nat-networks disable<br /> allow-public-networks disable<br /> esp-group ESP-1W<br /> local-subnet 1.1.1.1/32<br /> remote-subnet 2.2.2.2/32<br /> }<br /> }<br /> peer 76.2.2.2 {<br /> authentication {<br /> mode pre-shared-secret<br /> pre-shared-secret letmein<br /> }<br /> ike-group IKE-1W<br /> local-ip 213.111.222.1<br /> tunnel 1 {<br /> allow-nat-networks disable<br /> allow-public-networks disable<br /> esp-group ESP-1W<br /> local-subnet 1.1.1.1/32<br /> remote-subnet 3.3.3.3/32<br /> }<br /> }<br /> }<br /> }<br />}<br /></code><br /><span style="font-weight:bold;">MSP-R2 Set up VPN:<span style="font-style:italic;"></span></span><br /><code><br />vpn {<br /> ipsec {<br /> esp-group ESP-1W {<br /> compression disable<br /> lifetime 3600<br /> mode tunnel<br /> pfs enable<br /> proposal 1 {<br /> encryption 3des<br /> hash sha1<br /> }<br /> }<br /> ike-group IKE-1W {<br /> dead-peer-detection {<br /> action restart<br /> interval 30<br /> timeout 30<br /> }<br /> lifetime 28800<br /> proposal 1 {<br /> encryption 3des<br /> hash sha1<br /> }<br /> }<br /> ipsec-interfaces {<br /> interface eth0<br /> }<br /> nat-networks {<br /> allowed-network 0.0.0.0/0 {<br /> exclude 192.168.45.0/24<br /> }<br /> }<br /> nat-traversal enable<br /> site-to-site {<br /> peer 76.1.1.2 {<br /> authentication {<br /> mode pre-shared-secret<br /> pre-shared-secret letmein<br /> }<br /> ike-group IKE-1W<br /> local-ip 213.111.222.10<br /> tunnel 1 {<br /> allow-nat-networks disable<br /> allow-public-networks disable<br /> esp-group ESP-1W<br /> local-subnet 10.10.10.10/32<br /> remote-subnet 2.2.2.2/32<br /> }<br /> }<br /> peer 76.2.2.2 {<br /> authentication {<br /> mode pre-shared-secret<br /> pre-shared-secret letmein<br /> }<br /> ike-group IKE-1W<br /> local-ip 213.111.222.10<br /> tunnel 1 {<br /> allow-nat-networks disable<br /> allow-public-networks disable<br /> esp-group ESP-1W<br /> local-subnet 10.10.10.10/32<br /> remote-subnet 3.3.3.3/32<br /> }<br /> }<br /> }<br /> }<br />}<br /></code><br /><br /><br /><span style="font-weight:bold;">R1 Set up VPN:<span style="font-style:italic;"></span></span><br /><code><br />!<br />crypto isakmp policy 100<br /> encr 3des<br /> authentication pre-share<br /> group 2<br />crypto isakmp key letmein address 213.111.222.1<br />crypto isakmp key letmein address 213.111.222.10<br />!<br />crypto ipsec transform-set MSP-TRANSFORM esp-3des esp-sha-hmac <br />!<br />crypto map MSP-MAP 10 ipsec-isakmp <br /> set peer 213.111.222.1<br /> set transform-set MSP-TRANSFORM <br /> match address 101<br />crypto map MSP-MAP 20 ipsec-isakmp <br /> set peer 213.111.222.10<br /> set transform-set MSP-TRANSFORM <br /> match address 102<br />!<br />!<br />access-list 101 permit 0 host 2.2.2.2 host 1.1.1.1<br />access-list 102 permit 0 host 2.2.2.2 host 10.10.10.10<br />!<br /></code><br /><br /><span style="font-weight:bold;">R2 Set up VPN:<span style="font-style:italic;"></span></span><br /><code><br />crypto isakmp policy 100<br /> encr 3des<br /> authentication pre-share<br /> group 2<br />crypto isakmp key letmein address 213.111.222.1<br />crypto isakmp key letmein address 213.111.222.10<br />!<br />!<br />crypto ipsec transform-set MSP-TRANSFORM esp-3des esp-sha-hmac <br />!<br />crypto map MSP-MAP 10 ipsec-isakmp <br /> set peer 213.111.222.1<br /> set transform-set MSP-TRANSFORM <br /> match address 101<br />crypto map MSP-MAP 20 ipsec-isakmp <br /> set peer 213.111.222.10<br /> set transform-set MSP-TRANSFORM <br /> match address 102<br />!<br />!<br />access-list 101 permit 0 host 3.3.3.3 host 1.1.1.1<br />access-list 102 permit 0 host 3.3.3.3 host 10.10.10.10<br />!<br /></code><br /><br /><br /><br /><span style="font-weight:bold;">MSP-R1 - OSPF setup<span style="font-style:italic;"></span></span><br /><code><br />protocols {<br /> ospf {<br /> area 0 {<br /> network 10.10.45.0/30<br /> network 192.168.45.0/24<br /> network 10.10.45.4/30<br /> }<br /> parameters {<br /> abr-type cisco<br /> router-id 1.1.1.1<br /> }<br /> }<br /><br /></code><br /><br /><span style="font-weight:bold;">MSP-R2 - OSPF setup<span style="font-style:italic;"></span></span><br /><code><br />protocols {<br /> ospf {<br /> area 0 {<br /> network 192.168.45.0/24<br /> network 10.10.45.8/30<br /> network 10.10.45.12/30<br /> }<br /> parameters {<br /> abr-type cisco<br /> router-id 10.10.10.10<br /> }<br /> }<br /></code><br /><br /><br /><span style="font-weight:bold;">R1 - OSPF setup<span style="font-style:italic;"></span></span><br /><code><br />router ospf 1<br /> router-id 2.2.2.2<br /> log-adjacency-changes<br /> network 10.10.45.0 0.0.0.3 area 0<br /> network 10.10.45.8 0.0.0.3 area 0<br /> network 10.101.0.0 0.0.0.255 area 0<br /> maximum-paths 6<br />!<br /></code><br /><br /><br /><span style="font-weight:bold;">R2 - OSPF setup<span style="font-style:italic;"></span></span><br /><code><br />router ospf 1<br /> router-id 3.3.3.3<br /> log-adjacency-changes<br /> network 10.10.45.4 0.0.0.3 area 0<br /> network 10.10.45.12 0.0.0.3 area 0<br /> network 10.202.0.0 0.0.0.255 area 0<br /> maximum-paths 6<br />!<br /></code><br /><br /><br /><span style="font-weight:bold;">Proof is in the pudding - <span style="font-style:italic;"></span></span><br /><br /><br />Routing Tables<br /><br /><br />R1:<br /><code><br />Gateway of last resort is 76.1.1.1 to network 0.0.0.0<br /><br /> 2.0.0.0/32 is subnetted, 1 subnets<br />C 2.2.2.2 is directly connected, Loopback0<br />O 192.168.43.0/24 [110/11121] via 10.10.43.9, 00:00:01, Tunnel1<br /> [110/11121] via 10.10.43.1, 00:00:01, Tunnel0<br /> 76.0.0.0/24 is subnetted, 1 subnets<br />C 76.1.1.0 is directly connected, FastEthernet0/0<br /> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks<br />C 10.10.43.8/30 is directly connected, Tunnel1<br />O 10.10.43.12/30 [110/11121] via 10.10.43.9, 00:00:01, Tunnel1<br />C 10.10.43.0/30 is directly connected, Tunnel0<br />O 10.10.43.4/30 [110/11121] via 10.10.43.1, 00:00:01, Tunnel0<br />C 10.101.0.0/24 is directly connected, FastEthernet0/1<br />O 10.202.0.0/24 [110/11122] via 10.10.43.1, 00:00:01, Tunnel0<br /> [110/11122] via 10.10.43.9, 00:00:01, Tunnel1<br />S* 0.0.0.0/0 [1/0] via 76.1.1.1<br /></code><br /><br />R2:<br /><code><br />Gateway of last resort is 76.2.2.1 to network 0.0.0.0<br /><br /> 3.0.0.0/32 is subnetted, 1 subnets<br />C 3.3.3.3 is directly connected, Loopback0<br />O 192.168.43.0/24 [110/11121] via 10.10.43.5, 00:01:29, Tunnel0<br /> [110/11121] via 10.10.43.13, 00:01:29, Tunnel1<br /> 76.0.0.0/24 is subnetted, 1 subnets<br />C 76.2.2.0 is directly connected, FastEthernet0/0<br /> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks<br />O 10.10.43.8/30 [110/11121] via 10.10.43.13, 00:01:29, Tunnel1<br />C 10.10.43.12/30 is directly connected, Tunnel1<br />O 10.10.43.0/30 [110/11121] via 10.10.43.5, 00:01:29, Tunnel0<br />C 10.10.43.4/30 is directly connected, Tunnel0<br />O 10.101.0.0/24 [110/11122] via 10.10.43.5, 00:01:29, Tunnel0<br /> [110/11122] via 10.10.43.13, 00:01:29, Tunnel1<br /></code>Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com9tag:blogger.com,1999:blog-385626179821720396.post-8594908085502300992010-11-13T10:12:00.001-08:002010-11-13T10:30:42.655-08:00Vyatta to Cisco - Tunneling from ASA to Vyatta Using VMware and GNSIts been a while since my last article/lab apologies for that, hopefully I will get back to my once a week schedule (fingers crossed)<br /><br />So that lab today is for connecting a Vyatta router to a Cisco ASA/PIX and creating a Lan to Lan Tunnel with some one to one src/dst NAT thrown in for good measure :)<br /><br />Here is the lab:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN5jOaGwT7srFFy3FwICv3YRfchyphenhyphenOrLQT3oAFthVJr3YaGviid0fUYnEfxLcSDSVghV4cuf4oswDj0ciUh6cjxZJxkTe4QjdIcHE_FlC1tJkQnz7yILY3Kl5aOCVIRH_mpa-z3JED5iyyB/s1600/vyattaASATunnel.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 226px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN5jOaGwT7srFFy3FwICv3YRfchyphenhyphenOrLQT3oAFthVJr3YaGviid0fUYnEfxLcSDSVghV4cuf4oswDj0ciUh6cjxZJxkTe4QjdIcHE_FlC1tJkQnz7yILY3Kl5aOCVIRH_mpa-z3JED5iyyB/s320/vyattaASATunnel.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5539099989231753778" /></a><br /><br /><br /><br /><span style="font-weight:bold;">Here is the proof that is works: </span><br /><iframe src="http://player.vimeo.com/video/16798409" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/16798409">Vyatta to Cisco - Tunneling from ASA to Vyatta Using VMware and GNS</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br /><span style="font-weight:bold;">Vyatta config:</span><br /><span style="font-style:italic;"><br />interfaces {<br /> ethernet eth0 {<br /> address 10.0.19.1/24<br /> address 10.0.19.10/24<br /> duplex auto<br /> hw-id 00:0c:29:5d:91:c6<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth1 {<br /> address 192.168.10.1/24<br /> duplex auto<br /> hw-id 00:0c:29:5d:91:d0<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth2 {<br /> duplex auto<br /> hw-id 00:0c:29:5d:91:da<br /> smp_affinity auto<br /> speed auto<br /> }<br /> loopback lo {<br /> }<br />}<br />protocols {<br /> static {<br /> route 0.0.0.0/0 {<br /> next-hop 10.0.19.9 {<br /> }<br /> }<br /> }<br />}<br />service {<br /> nat {<br /> rule 5 {<br /> destination {<br /> address 10.20.0.0/24<br /> }<br /> exclude<br /> outbound-interface eth0<br /> source {<br /> address 192.168.10.0/24<br /> }<br /> type masquerade<br /> }<br /> rule 100 {<br /> outbound-interface eth0<br /> outside-address {<br /> address 10.0.19.10<br /> }<br /> source {<br /> address 192.168.10.10<br /> }<br /> type source<br /> }<br /> rule 110 {<br /> destination {<br /> address 10.0.19.10<br /> }<br /> inbound-interface eth0<br /> inside-address {<br /> address 192.168.10.10<br /> }<br /> protocol tcp<br /> type destination<br /> }<br /> rule 900 {<br /> outbound-interface eth0<br /> source {<br /> address 192.168.10.0/24<br /> }<br /> type masquerade<br /> }<br /> }<br /> ssh {<br /> allow-root<br /> port 22<br /> protocol-version v2<br /> }<br />}<br />system {<br /> host-name R1<br /> login {<br /> user vyatta {<br /> authentication {<br /> encrypted-password $1$Oxg1L7oM$v4Vi.4pW3Ai/fPFIzpDzC0<br /> }<br /> level admin<br /> }<br /> }<br /> ntp-server 0.vyatta.pool.ntp.org<br /> package {<br /> auto-sync 1<br /> repository community {<br /> components main<br /> distribution stable<br /> password ""<br /> url http://packages.vyatta.com/vyatta<br /> username ""<br /> }<br /> }<br /> syslog {<br /> global {<br /> facility all {<br /> level notice<br /> }<br /> facility protocols {<br /> level debug<br /> }<br /> }<br /> }<br /> time-zone GMT<br />}<br />vpn {<br /> ipsec {<br /> esp-group ESP-1W {<br /> compression disable<br /> lifetime 3600<br /> mode tunnel<br /> pfs disable<br /> proposal 1 {<br /> encryption 3des<br /> hash sha1<br /> }<br /> }<br /> ike-group IKE-1W {<br /> lifetime 86400<br /> proposal 1 {<br /> dh-group 2<br /> encryption 3des<br /> hash sha1<br /> }<br /> }<br /> ipsec-interfaces {<br /> interface eth0<br /> }<br /> nat-traversal enable<br /> site-to-site {<br /> peer 10.0.29.2 {<br /> authentication {<br /> mode pre-shared-secret<br /> pre-shared-secret letmein<br /> }<br /> ike-group IKE-1W<br /> local-ip 10.0.19.1<br /> tunnel 1 {<br /> allow-nat-networks disable<br /> allow-public-networks disable<br /> esp-group ESP-1W<br /> local-subnet 192.168.10.0/24<br /> remote-subnet 10.20.0.0/24<br /> }<br /> }<br /> }<br /> }<br />}<br /><br /><br />/* Warning: Do not remove the following line. */<br />/* === vyatta-config-version: "webgui@1:dhcp-server@4:conntrack-sync@1:firewall@3:qos@1:webproxy@1:vrrp@1:nat@3:ipsec@2:wanloadbalance@2:cluster@1:system@3:quagga@2:dhcp-relay@1" === */<br /><br /></span><br /><br /><br /><span style="font-weight:bold;">Pix Config:</span><br /><span style="font-style:italic;"><br />!<br />PIX Version 8.0(2)<br />!<br />hostname FW1<br />enable password 8Ry2YjIyt7RRXU24 encrypted<br />names<br />!<br />interface Ethernet0<br /> nameif outside<br /> security-level 0<br /> ip address 10.0.29.2 255.255.255.0<br />!<br />interface Ethernet1<br /> nameif inside<br /> security-level 100<br /> ip address 10.20.0.1 255.255.255.0<br />!<br />interface Ethernet2<br /> shutdown<br /> no nameif<br /> no security-level<br /> no ip address<br />!<br />interface Ethernet3<br /> shutdown<br /> no nameif<br /> no security-level<br /> no ip address<br />!<br />interface Ethernet4<br /> shutdown<br /> no nameif<br /> no security-level<br /> no ip address<br />!<br />passwd 2KFQnbNIdI.2KYOU encrypted<br />ftp mode passive<br />access-list icmp extended permit icmp any any<br />access-list NO-NAT extended permit ip 10.20.0.0 255.255.255.0 192.168.10.0 255.255.255.0<br />access-list IPSEC-TUN extended permit ip 10.20.0.0 255.255.255.0 192.168.10.0 255.255.255.0<br />pager lines 24<br />mtu outside 1500<br />mtu inside 1500<br />no failover<br />icmp unreachable rate-limit 1 burst-size 1<br />no asdm history enable<br />arp timeout 14400<br />global (outside) 1 interface<br />nat (inside) 0 access-list NO-NAT<br />nat (inside) 1 0.0.0.0 0.0.0.0<br />access-group icmp in interface outside<br />access-group icmp out interface outside<br />access-group icmp in interface inside<br />access-group icmp out interface inside<br />route outside 0.0.0.0 0.0.0.0 10.0.29.9 1<br />timeout xlate 3:00:00<br />timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02<br />timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00<br />timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00<br />timeout uauth 0:05:00 absolute<br />dynamic-access-policy-record DfltAccessPolicy<br />no snmp-server location<br />no snmp-server contact<br />snmp-server enable traps snmp authentication linkup linkdown coldstart<br />crypto ipsec transform-set FW1-TRANSFORM esp-3des esp-sha-hmac<br />crypto map FW1 10 match address IPSEC-TUN<br />crypto map FW1 10 set peer 10.0.19.1<br />crypto map FW1 10 set transform-set FW1-TRANSFORM<br />crypto map FW1 interface outside<br />crypto isakmp identity address<br />crypto isakmp enable outside<br />crypto isakmp policy 100<br /> authentication pre-share<br /> encryption 3des<br /> hash sha<br /> group 2<br /> lifetime 86400<br />no crypto isakmp nat-traversal<br />telnet timeout 5<br />ssh timeout 5<br />console timeout 0<br />threat-detection basic-threat<br />threat-detection statistics access-list<br />!<br />!<br />tunnel-group 10.0.19.1 type ipsec-l2l<br />tunnel-group 10.0.19.1 ipsec-attributes<br /> pre-shared-key letmein<br />prompt hostname context<br /><br /><br /></span><br /><br />Enjoy!Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com3tag:blogger.com,1999:blog-385626179821720396.post-13463816714131437072010-08-23T14:10:00.000-07:002010-08-23T14:19:00.609-07:00Vyatta - Remote Access VPN with L2TP and PPTPHi,<br /><br />I have done a remote access VPN lab before - with OpenVPN. This one is with the more widely accepted L2TP and PPTP. So accepted infact that both the iphone and ipad like it too.<br /><br />So here we go how to configure a VM to allow remote access from iPhone,iPad and Windows Xp.<br /><span style="font-weight:bold;"><br />Part1:<br />Introduction<br />Setup<span style="font-style:italic;"></span></span><br /><iframe src="http://player.vimeo.com/video/14371897" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/14371897">Vyatta - Remote Access VPN - L2TP,PPTP -Part1</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><span style="font-weight:bold;"><br />Part2:<br />Setup Continued<span style="font-style:italic;"></span></span><br /><iframe src="http://player.vimeo.com/video/14372005" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/14372005">Vyatta - Remote Access VPN - L2TP,PPTP -Part2</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><span style="font-weight:bold;">Part3:<br />Actually Configuring L2TP and PPTP<span style="font-style:italic;"></span></span><br /><iframe src="http://player.vimeo.com/video/14372233" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/14372233">Vyatta - Remote Access VPN - L2TP,PPTP -Part3</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><span style="font-weight:bold;">Part4:<br />Settting up Firewall<span style="font-style:italic;"></span></span><br /><iframe src="http://player.vimeo.com/video/14372422" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/14372422">Vyatta - Remote Access VPN - L2TP,PPTP -Part4</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p>Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com18tag:blogger.com,1999:blog-385626179821720396.post-71422016755612481292010-07-29T10:13:00.000-07:002010-07-29T10:13:00.102-07:00Vyatta - Final 6.0 with updated VMtools for vSphere 4.1So its been a busy few weeks with all the news and related blog articles on vSphere 4.1<br />I finally got around to extracting vmtools 8.3.x and intergrating it into the Vyatta Appliance.<br /><br />There is also something different with this release, the source code for vmtools has been modified to prevent Large Recieve Offload.LRO is defined as:<br /><br /><span style="font-style:italic;">In computer networking, large receive offload is a technique for increasing inbound throughput of high-bandwidth network connections by reducing CPU overhead. It works by aggregating multiple incoming packets from a single stream into a larger buffer before they are passed higher up the networking stack, thus reducing the number of packets that have to be processed. In Linux, it is generally used in conjunction with the New API (NAPI) to also reduce the number of interrupts.</span><br /><br />There have been a few users reporting an issue with LRO and others requesting the intergration of the latest version of VMtools..so here you go:<br /><br /><a href="http://www.techstream.co.uk/VyattaVC6.0-Final-LRO.zip">Download Vyatta VC 6 with LRO patch and the latest VMtools</a><br /><br /><br />I would like a few people to test this release and let mw know how it goes before making it live on the VAM.<br /><br /><br /><br />References:<br />http://www.vyatta.org/forum/viewtopic.php?t=3030&postdays=0&postorder=asc&start=105<br />http://nwsmith.blogspot.com/2010/07/patching-vmxnet-to-disable-lro.html<br />http://en.wikipedia.org/wiki/Large_receive_offloadRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com6tag:blogger.com,1999:blog-385626179821720396.post-20666673329200182672010-07-20T01:05:00.000-07:002010-07-20T01:23:33.197-07:00vSphere 4.1 and KB1011292Hi everyone,<br /><br />So I have been trying to get together some hands on 4.1 videos for you guys (and girls)<br />however KB1011292 has been my main reason for not upgrading.<br /><br />What is KB1011292 I here you ask?:<br />"<span style="font-style:italic;">VMware View Composer 2.0.x is not supported in a vSphere vCenter Server 4.1 managed environment as vSphere vCenter Server 4.1 requires a 64 bit operating system and VMware View Composer does not support 64 bit operating systems.<br /> <br />VMware View 4.0.x customers who use View Composer should not upgrade to vSphere vCenter Server 4.1 at this time. Our upcoming VMware View 4.5 will be supported on VMware vSphere 4.1.</span>"<br /><br /><br />As you know the supported way of upgrading your vSphere enviroment is like this:<br />1) Upgrade vCenter<br />2) Upgrade ESX hosts<br />3) Upgrade vmware tools<br />4) Upggrade vm hardware version.<br /><br />Therefore if you run VMware View 4 with composer your trip into 4.1 greatness is going to come grinding to a halt with step 1.<br /><br />Having VDI is great however it makes upgrading a pain...so roll on VMware View 4.5 with your 64bit composer.<br /><br /><br />And for those not tide to VDI here is the Vsphere upgrade guide:<br /><a href="http://www.vmware.mobi/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf">Upgrade Guide</a>Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com0tag:blogger.com,1999:blog-385626179821720396.post-53860061540289022902010-07-13T05:00:00.000-07:002010-07-13T05:00:02.937-07:00vSphere 4.1!OK, so vSphere 4.1 is out! and now the embargo is lifted I can finally share some of the <span style="font-style: italic;">awesome</span> new features in 4.1.<br /><br />Now lets be honest there are so many new and cool features in 4.1 that most other companies would probably release it as a version 5.0!But VMware release it as a point release...and that's cool.<br /><br />Enough of the chit chat you did not come here to hear how great VMware is, its more about what are these new features? Is it worth upgrading to? and are they worth all the fuss?<br /><br />So the features:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3bpBg_q0XE23-2sFIzMTgs2GWX7mobSgiiWbjdVrxwA37gbrT1Q7VUEZeLLaN9HN4-ysMqpFLIyrDOCmMbYHvvyXx6z_HJCbrINzVbQh441_Khmurjd1KLFlAl63qkjm5CrzJUQ8wSZOb/s1600/Newfeatures.JPG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 196px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3bpBg_q0XE23-2sFIzMTgs2GWX7mobSgiiWbjdVrxwA37gbrT1Q7VUEZeLLaN9HN4-ysMqpFLIyrDOCmMbYHvvyXx6z_HJCbrINzVbQh441_Khmurjd1KLFlAl63qkjm5CrzJUQ8wSZOb/s320/Newfeatures.JPG" alt="" id="BLOGGER_PHOTO_ID_5493307532478024898" border="0" /></a><br /><br />and here is a summary of the features that I think really count and why:<br /><br />1)<span style="font-weight: bold;">Storage I/O control</span><br />Prioritized use of storage (similar to how compute is prioritized with vSphere)<br />this means you can now make sure that your "VIV"s or Very Important VMs get the IO they need when you have IO congestion. This is done via the <span style="font-style: italic;">I/O Shares</span> within the VM properties.<br /><br />2)<span style="font-weight: bold;">Network I/O Control</span><br />Set different levels of service per Storage Flow type.<br />virtual machine, vMotion, FT, and IP storage traffic.<br />This means you can make iSCSI or NFS take priority over vMotion.<br />But there is a gotcha:<br /><span style="font-style: italic;">Enabled with Distributed Switch only and therefore Enterprise Plus only </span><br /><br /><br />3)<span style="font-weight: bold;">Memory Compression</span><br />Slower than real memory but much faster than swapping to disk.<br />Improves the performance for the VM when under contention as far less memory is swapped to disk.<br /><br /><br />4)<span style="font-weight: bold;">vMotion Performance Increases and Scale Increases</span><br />Allows up to 4 on a 1Gbps network and 8 on a 10Gbps network.<br /><br />5) <span style="font-weight: bold;">Storage vMotion Scale Increases</span><br />Allows up to 128 (both VMFS and NFS)<br /><br />6) <span style="font-weight: bold;">DRS Host affinity</span><br />Allows you set set rules on where your VMs vMotion to when DRS needs to move them.<br />e.g. VM W2003-DC1 only goes to DRS Group 1, however VM W2003-Exchange only goes to DRS Group 2.<br /><br />Here is where you create the rules:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0FoSbe2QAotk5qMeec1k9_Y4rPmPxFy7muVhLiLSn0GBri5QP6z7__8SYNl_jdS-yE3DssufzQ0OcF31MMX8bLeHVWWPem32llEz09_i6oVNeUhAbrHM0XjM7JqvqwFI-w-V5gCf2ihcF/s1600/DRS-rules.JPG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 184px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0FoSbe2QAotk5qMeec1k9_Y4rPmPxFy7muVhLiLSn0GBri5QP6z7__8SYNl_jdS-yE3DssufzQ0OcF31MMX8bLeHVWWPem32llEz09_i6oVNeUhAbrHM0XjM7JqvqwFI-w-V5gCf2ihcF/s320/DRS-rules.JPG" alt="" id="BLOGGER_PHOTO_ID_5493333308003352674" border="0" /></a><br /><br />7)<span style="font-weight: bold;">vStorage API for Array Integration</span><br />This is another great feature (if supported by your SAN),<br />essentially this means vSphere can interact directly with your SAN.<br />Therefore instead of copying the files from one datastore to another, it instructs the SAN to move the blocks for you! Increasing the performance for Storage vMotion and Provisioning VMs etc<br /><br /><br />Also noteworthy:<br /><span style="font-weight:bold;">4.1 will be the last release for ESX (ESX Classic) from now on there will only be ESXi releases</span><br /><br /><br />The binaries are avalible now so go grab them!<br /><br />References:<br />Thanks for John Toyer@vmwareRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com0tag:blogger.com,1999:blog-385626179821720396.post-69720030538838053692010-07-09T02:27:00.000-07:002010-07-09T02:52:12.980-07:00Download my videos!Hi Everyone,<br /><br />I noticed last night (and was messaged by a few people) that some of my latest videos seem to have been encoded in a lower resolution, therefore I have reencoded, reupped and reembedded these videos.<br /><br />However I wanted to take this opportunity to let you know that one of the reasons I chose Vimeo is that you can download my videos for free!<br />Registration is much quicker than most, you can download all my videos and then play them back any time.<br /><br />Once you register you will see a "Download Video" option on the right hand side.<br /><br />Here are some links to get you started:<br /><a href="http://www.vimeo.com/8368046">Vyatta Internet Gateway</a><br /><a href="http://www.vimeo.com/6474152">Vyatta Remote Access OpenVPN lab with NAT and Firewall setup</a><br /><a href="http://www.vimeo.com/7560591">Vsphere within VMware Workstation 7 Part 1</a><br /><a href="http://www.vimeo.com/10041892">Samba Cluster with GFS 2, Centos 5, iSCSI and Openfiler - Part 1</a><br /><a href="http://www.vimeo.com/10897479">Router on a Stick within vSphere using Vyatta and Optimizing for 1Gbps Routing - Part 1</a><br /><br /><br />Enjoy (offline!)Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com4tag:blogger.com,1999:blog-385626179821720396.post-79559040015111462032010-07-04T13:09:00.000-07:002010-07-09T01:20:55.782-07:00Setting up Windows 2008 Network LoadBalancing with vSphereSo I came across a few posts recently during my travels where a couple of<br />people were having issues with setting up Windows Network Load Balancing within<br />vSphere and in particular with Distributed vSwitches.<br /><br />So here we go - how to setup NLB with IIS:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBMogASqASsD4s7U7zl30Zcadgt0O5kkR7umV2WH_BOWaFVBN3rWKWSqvhDl0SUlKN35G7-qffw8-wtVbuiC2mUPeWmlI62ljdryIeCI11cYEPdrcN9doOn8Gmjp8YwJ6TTthMoa3xgdyE/s1600/WNLB.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 226px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBMogASqASsD4s7U7zl30Zcadgt0O5kkR7umV2WH_BOWaFVBN3rWKWSqvhDl0SUlKN35G7-qffw8-wtVbuiC2mUPeWmlI62ljdryIeCI11cYEPdrcN9doOn8Gmjp8YwJ6TTthMoa3xgdyE/s320/WNLB.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5490146765644331426" /></a><br /><br /><br />And here is the video:<br /><span style="font-style:italic;">1)Setting up NLB<br />2)Going through setup of vSphere Enviroment<br />3)Installing IIS<br />4)Testing for Failure<br />5)Going Through the vDS settings</span><br /><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=13193309&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=13193309&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/13193309">Setting up Windows Network Load Balancing within vSphere</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br />Enjoy!Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com1tag:blogger.com,1999:blog-385626179821720396.post-49717341022898283582010-06-20T15:25:00.000-07:002010-06-20T15:27:11.979-07:00Roggyblog on Twitter!If you have a question/suggestions tweet me:<br />@roggyblogRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com0tag:blogger.com,1999:blog-385626179821720396.post-44666695053156144782010-06-20T14:59:00.000-07:002010-06-20T15:05:23.096-07:00New Vyatta Appliance!This is the most up to version of the VC6.0 release (June 01, 2010)<br />with VMware tools installed and ready to go.<br /><br />Here is the download from VMware:<br />http://www.vmware.com/appliances/directory/383813<br /><br />and the direct link:<br /><a href="http://www.techstream.co.uk/VyattaVC6.0-Final.zip">here</a>Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com8tag:blogger.com,1999:blog-385626179821720396.post-73497041334686903422010-06-20T14:46:00.000-07:002010-07-09T01:19:22.683-07:00VMware View 4 - Tour!Hey Everyone,<br /><br /><br />This is a long overdue video however it should be worth it :)<br /><br />Hopefully this video will help those of you trying to get to griping with VDI/VMware View and answers questions like:<br /><br />1) What is the composer? What does it do?<br />2) What is the agent? How do I fix "waiting for agent"?<br />3) What is PCoIP?<br />etc..<br /><br />Reference Diagram:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYvBZ_c8TL_JfJh2hzY-A5h0iCa3gyltE8eKgYs_mgC9moOOGe0QLkK5CQmX-xKvQEhTQMjGL-xkMroEo3YTx4CKlBHOzMJWCAzHwpCUfryLdjgT9PMPoX4JUWiniBpX6Vj0j1Bg-ugH7j/s1600/View4_Marketecture.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 258px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYvBZ_c8TL_JfJh2hzY-A5h0iCa3gyltE8eKgYs_mgC9moOOGe0QLkK5CQmX-xKvQEhTQMjGL-xkMroEo3YTx4CKlBHOzMJWCAzHwpCUfryLdjgT9PMPoX4JUWiniBpX6Vj0j1Bg-ugH7j/s320/View4_Marketecture.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5484978592468106194" /></a><br /><br /><br /><span style="font-weight:bold;">Part 1:</span><br /><span style="font-style:italic;">Tour of VMware View 4<br />Components Required<br />Where to install components<br />What each bit does</span><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=13192798&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=13192798&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/13192798">VMware View 4 - Part 1</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br /><br /><span style="font-weight:bold;">Part 2:</span><br /><span style="font-style:italic;">Using the VMware View Manager<br />Desktop pools<br />Entitlement<br />Playing 720p video within VMware View Client with PCoIP </span><br /><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=13193075&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=13193075&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/13193075">VMware View 4 - Part 2</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br />Enjoy!<br /><br /><br />Sources:<br />Picture taken from here (ty!):<br />http://www.ntpro.nl/blog/uploads/Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com0tag:blogger.com,1999:blog-385626179821720396.post-39134565458393766092010-06-13T07:53:00.000-07:002010-06-13T08:49:09.088-07:00Multipathing and Multiple Connections Per Session - Two sides of the same iSCSI coin?One again a record breaking title for a post! lets hope my google-fu is not<br />effected by long titles...or I'm in real trouble ;)<br /><br />So I was working today on something that envolved me testing iSCSI functionality with Windows Server 2008.<br />While I was waiting for the VM to come up, I set about testing the iSCSI initiator within Windows 7.<br /><br />What interested me most was a feature called "MCS" which stands for Multiple Connections Per Session and is defined within RFC-3720 and as such a a protocol level feature that allows features we have previously seen with MPIO.<br /><br />Here is how to get there:<br /><br /><span style="font-style:italic;">Load the iscsi software from Control Panel->Administative Tools->iSCSI Initiator:</span><br />Pic1:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_5YDtqfNLF3TpBl6kasBkb1ZebsduR6hyphenhyphenEMOpWoJq0Yv_Be6lxKjPrUyPCMqqiRs-6moZVCyhFGsTpopj7nvzjwqvDmMY82euQrLPDaTdWA-7e1S3xfreyrC8n8_UMMdYAZf4PmqFtuIw/s1600/part1.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 227px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_5YDtqfNLF3TpBl6kasBkb1ZebsduR6hyphenhyphenEMOpWoJq0Yv_Be6lxKjPrUyPCMqqiRs-6moZVCyhFGsTpopj7nvzjwqvDmMY82euQrLPDaTdWA-7e1S3xfreyrC8n8_UMMdYAZf4PmqFtuIw/s320/part1.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482278320556135058" /></a><br /><br /><br /><br /><span style="font-style:italic;">Select the Target from the list click "properties"</span><br />Pic2:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaw-m1g9iDeUh51wrSxeAWkhZqx5iN1vouGsaJJqH4ZzBl0J_XrQXLlDp5-TIpEJYtv_8VrejQBC9Z-1O2-8pVQGqWBH6sIpwRIzsnGshZGTJRcjqErhmcuZQE4Rv0j3Yq3ZFrSDEr3G6W/s1600/part2.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 208px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaw-m1g9iDeUh51wrSxeAWkhZqx5iN1vouGsaJJqH4ZzBl0J_XrQXLlDp5-TIpEJYtv_8VrejQBC9Z-1O2-8pVQGqWBH6sIpwRIzsnGshZGTJRcjqErhmcuZQE4Rv0j3Yq3ZFrSDEr3G6W/s320/part2.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482278420078682402" /></a><br /><br /><br /><br /><span style="font-style:italic;">Select the MCS policy you wish to have, I selected "fail over only" which is the same<br />as "fixed" in MPIO world.</span><br /><br />Pic3:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuId0rFm-aVNWYRqTMdllGGJ8m67cxseO84l6pI1ARhF285edhweQGVY-udlFsuFWlSKHucG3GvaV8phcRUj-j79j1_5i41oxxNt-JnMHRD58Oq5B-ps0qdukHgHLPC8gaNP6a2DKNlymm/s1600/part3.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 219px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuId0rFm-aVNWYRqTMdllGGJ8m67cxseO84l6pI1ARhF285edhweQGVY-udlFsuFWlSKHucG3GvaV8phcRUj-j79j1_5i41oxxNt-JnMHRD58Oq5B-ps0qdukHgHLPC8gaNP6a2DKNlymm/s320/part3.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482278507815261282" /></a><br /><br /><br /><span style="font-style:italic;"><br />You probably will only have one session at the moment, therfore click "add"<br />Dont click "connect"!</span><br />Pic4:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHNQlVIREMmtX1qNmsfvIA0Q-DVfMgWbA9NO9RKXh4QpITbnbtPomY7ov0sEl9KsD1lAS4PJDmBSsdIzB3MSt-6yppNYp58PLActARtx9apzucBn9mwQB42oBwh-mFFhtQmI8QYJB3xSz7/s1600/part4.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 186px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHNQlVIREMmtX1qNmsfvIA0Q-DVfMgWbA9NO9RKXh4QpITbnbtPomY7ov0sEl9KsD1lAS4PJDmBSsdIzB3MSt-6yppNYp58PLActARtx9apzucBn9mwQB42oBwh-mFFhtQmI8QYJB3xSz7/s320/part4.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482278591750281714" /></a><br /><br /><br /><span style="font-style:italic;">Click "Advanced"<br />Here is where you pick the other iSCSI target portal.</span><br />Pic5:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5jXB9bvBNsoyrpCTpy8A5QvuvA1R1v8ujwkwza0MOLW99brXuXd-V8M_55alUpQCs-g_YWnAh04gRQHOmNL0td6TWO1aBetGct4rH1D9Qg47fi-eE_yUkEplQuMVgp8i6glspsRNnJ7bz/s1600/part5.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 271px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5jXB9bvBNsoyrpCTpy8A5QvuvA1R1v8ujwkwza0MOLW99brXuXd-V8M_55alUpQCs-g_YWnAh04gRQHOmNL0td6TWO1aBetGct4rH1D9Qg47fi-eE_yUkEplQuMVgp8i6glspsRNnJ7bz/s320/part5.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482278692443938450" /></a><br /><br /><br /><br /><br /><span style="font-style:italic;"><br />And thats great! we have a redundant path to our iSCSI targets..but notice this button:</span><br />Pic6:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKGcgllZ2o8r0sLz5uilH9sz-X5rJOlaP6qXD_CdCmNXf5kEhPupyKYPBZWDmwYNi6JW-xttcNhuyFBapVFuJe-KC8BGqwvpQUuEY2T5VJ4i899nOqAj3ZUk41xccjSPsTU-HALcuTpWAO/s1600/part6.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 260px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKGcgllZ2o8r0sLz5uilH9sz-X5rJOlaP6qXD_CdCmNXf5kEhPupyKYPBZWDmwYNi6JW-xttcNhuyFBapVFuJe-KC8BGqwvpQUuEY2T5VJ4i899nOqAj3ZUk41xccjSPsTU-HALcuTpWAO/s320/part6.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482278775609472914" /></a><br /><br /><br /><br />Hmm MPIO is not avalible within Windows 7, which is fine as MCS pretty much gets us to the same place (Inface some say MCS is better) however with Windows Server 2008 we have the option of MPIO so lets give it a go!<br /><br />First thing to remember is that MPIO is a driver thing so if you have an EMC,3par,netapp,Dell etc device they all have MPIO driver for Windows 2008 so you need to follow their instructions (and look for DSM instructions), here we are using Windows 2008 Software iSCSI Initiator and Windows Server 2008 native MPIO driver.<br /><br />When you install/start iscsi on windows server 2008 it asks you to install MPIO, if you said no..or just forgot install MPIO like this:<br /><br /><span style="font-style:italic;">From the "Add features Wizard"</span><br />Pic1:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkvhEd5LSKBWAGN6UwRNUYkgjSAsP0VBILTHhkjqy-ER-o9shZInWgO-e2d65yXT6PuAYn2q6om4yCHW6xqfIa3YCUTO2wSPbhCBgScHWSPX5xuUCjI7yBYViOParbT-46_whmkNwh47NG/s1600/w2008part1.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 236px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkvhEd5LSKBWAGN6UwRNUYkgjSAsP0VBILTHhkjqy-ER-o9shZInWgO-e2d65yXT6PuAYn2q6om4yCHW6xqfIa3YCUTO2wSPbhCBgScHWSPX5xuUCjI7yBYViOParbT-46_whmkNwh47NG/s320/w2008part1.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482282953849061346" /></a><br /><br /><br /><span style="font-style:italic;">Once installed select MPIO from Control Panel click "Add support for iSCSI devices"<br />then reboot (p.s. here is where you would add the 3rd Party DSM drive btw)</span><br />Pic2:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiivV49UQnHgIu47atcUBwo-HvuDX0-BVRwOx3khe3f0yaxQuKpMqhpRARZPX8xyP6Dfc8ovwd5jIXPanVn9wE-JKBzDvbL-oWc9-NU58zOA-Q-XEENAjceINpVR2Z2Uj_Yu0I11SDhfMvj/s1600/w2008part2.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 257px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiivV49UQnHgIu47atcUBwo-HvuDX0-BVRwOx3khe3f0yaxQuKpMqhpRARZPX8xyP6Dfc8ovwd5jIXPanVn9wE-JKBzDvbL-oWc9-NU58zOA-Q-XEENAjceINpVR2Z2Uj_Yu0I11SDhfMvj/s320/w2008part2.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482283028113228802" /></a><br /><br /><br /><span style="font-style:italic;">Go Back to the iscsi Initiator (within Administrative tools)</span><br />Pic3:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfRc3ZmIpFDT6n_9FWCY4aYmM2gkJGqICA5wTkpyxpZZhGaYM-aCubmeTE-wUyoDjmC9bt1jQhf2hwkcy30FgrBHSyogHziuFQ5rRYr1-UOcbm2EMy9y6LT-7llxx1VvzEh1dVBQJnZgrl/s1600/w2008part3.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 287px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfRc3ZmIpFDT6n_9FWCY4aYmM2gkJGqICA5wTkpyxpZZhGaYM-aCubmeTE-wUyoDjmC9bt1jQhf2hwkcy30FgrBHSyogHziuFQ5rRYr1-UOcbm2EMy9y6LT-7llxx1VvzEh1dVBQJnZgrl/s320/w2008part3.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482285584913695378" /></a><br /><br /><br /><span style="font-style:italic;">Select the target click properties</span><br />Pic4:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbt-tGG7Qmx5ONc6-dP0-oDS6SRgiE6y0YlERwPRHjWPL1HTTFMQvwPIcxZdMe6SGoD-wSV787_3TJExxLZSLDmEt3VtNSgyLBlFQEdm5EwS2hElWJJofGa3tLWdQ5Yv9ot4B8HMxIK3LX/s1600/w2008part4.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 307px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbt-tGG7Qmx5ONc6-dP0-oDS6SRgiE6y0YlERwPRHjWPL1HTTFMQvwPIcxZdMe6SGoD-wSV787_3TJExxLZSLDmEt3VtNSgyLBlFQEdm5EwS2hElWJJofGa3tLWdQ5Yv9ot4B8HMxIK3LX/s320/w2008part4.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482283207583840290" /></a><br /><span style="font-style:italic;"><br />Highlight the sessions click "Devices..."</span><br />Pic5:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5nczkEqVICxfdC-s5zhZlCZBZxgWvWSLVgm-uWq22-htv8ugzuFZa4DWqKJmMDo1A6eTtEY1pfSEIzew5i-v82g0Ca0HhNLrIRyozABG-hcTB8fnltDOhg49UvDpcvHU-1jr4iUKs-1uB/s1600/w2008part5.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 276px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5nczkEqVICxfdC-s5zhZlCZBZxgWvWSLVgm-uWq22-htv8ugzuFZa4DWqKJmMDo1A6eTtEY1pfSEIzew5i-v82g0Ca0HhNLrIRyozABG-hcTB8fnltDOhg49UvDpcvHU-1jr4iUKs-1uB/s320/w2008part5.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482283290201379010" /></a><br /><br /><br /><span style="font-style:italic;">Click MPIO and select the Policy you want</span><br />Pic6:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiE4QMXXHjaep3s8ENXHnHs8jVwDAO9RpnWFVH_HVNdunYPegj9VRRsZfS9BeYzy9KcBqW3plii8B9YIP4hmbdTUCwaCU-tMV0kBJoDn0QdkItqfMO2_A1Nr1CrjyaCFHTf1MWpqtMcHs6h/s1600/w2008part6.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 244px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiE4QMXXHjaep3s8ENXHnHs8jVwDAO9RpnWFVH_HVNdunYPegj9VRRsZfS9BeYzy9KcBqW3plii8B9YIP4hmbdTUCwaCU-tMV0kBJoDn0QdkItqfMO2_A1Nr1CrjyaCFHTf1MWpqtMcHs6h/s320/w2008part6.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5482283366990841746" /></a><br /><br /><br /><br /><br />Hope that helps someone out there!<br /><br /><br />Sources:<br />http://www.ietf.org/rfc/rfc3720.txt<br /><br />http://www.windowsitpro.com/article/virtualization2/Q-With-iSCSI-what-s-the-difference-between-Multipath-I-O-MPIO-and-multiple-connections-per-session-MCS-.aspxRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com3tag:blogger.com,1999:blog-385626179821720396.post-68232570313797609552010-06-06T03:12:00.000-07:002010-06-06T03:38:21.708-07:00Thank You VMware - vExpert for Roggy!<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigfnUr45YSw0WUAtmVEaH9jVhhqqEQByemH4-H2okelqF_REI4cm_4XRlgu53UtIo6n8269ZMPTp9ZXb0UCwrkUxDPbkgFCCx_V6fGLWWa1tLcyugaWTPy5ueS3RcOef8dBeA8SdFLaQpH/s1600/vExpert_2010_thumb.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 227px; height: 51px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigfnUr45YSw0WUAtmVEaH9jVhhqqEQByemH4-H2okelqF_REI4cm_4XRlgu53UtIo6n8269ZMPTp9ZXb0UCwrkUxDPbkgFCCx_V6fGLWWa1tLcyugaWTPy5ueS3RcOef8dBeA8SdFLaQpH/s320/vExpert_2010_thumb.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5479608151559148914" /></a><br /><br /><br />A certain sense of disbelief hit me when I received the email from John Troyer letting me know that I had become a vExpert 2010.<br />It is an honour to be given this award especially considering the company I am in and the sites they have created:<br />Duncan Epping <a href="http://www.yellow-bricks.com/">Yellow Bricks</a><br />Edwin Friesen <a href="http://edwinfriesen.nl/content/">Thinstall Guru</a> <br />Eric Sloof <a href="http://www.ntpro.nl/blog/">NTPRO.NL</a> <br />These sites are not only unique but also technically outstanding and if you have not bookmarked them already I suggest you do!<br /><span style="font-style:italic;">So thank you VMware and thank you John Troyer for making giving back to the community so easy</span>Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com0tag:blogger.com,1999:blog-385626179821720396.post-16825322911411655062010-06-04T04:29:00.000-07:002010-07-09T01:16:32.626-07:00Basic BGP - Path Selection with VyattaThere is actually very little BGP documentation out there on Vyatta, which is strange as if there is one real strength of Vyatta it is BGP.<br />This set of videos is all about BGP and if it proves popular I will do some more with some more advanced features.<br /><br />Here is the Picture:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfq5y01ZPEgKMQByxej5fCeggNdKOeb-C_W37D_BCqD69AKSq4cj3am29A3-yEwpRWeFDDG5x_egmNujsldL1QKMZM-cU0emvYMCroCGEqFbG84599T4TpKq04pJOWaJxigvr1J6YsnLCQ/s1600-h/Med_Localpref.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 262px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfq5y01ZPEgKMQByxej5fCeggNdKOeb-C_W37D_BCqD69AKSq4cj3am29A3-yEwpRWeFDDG5x_egmNujsldL1QKMZM-cU0emvYMCroCGEqFbG84599T4TpKq04pJOWaJxigvr1J6YsnLCQ/s320/Med_Localpref.jpg" alt="" id="BLOGGER_PHOTO_ID_5343151340241652034" border="0" /></a><br /><br /><br /><span style="font-weight:bold;">Basic BGP - Path Selection with Vyatta -Part 1</span><br /><span style="font-style:italic;">General Setup</span><br /><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=13192031&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=13192031&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/13192031">Basic BGP - Path Selection with Vyatta -Part 1</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><span style="font-weight:bold;"><br />Basic BGP - Path Selection with Vyatta -Part 2</span><br /><span style="font-style:italic;">Checking BGP peering<br />Adding Next-hop-self </span><br /><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=13192391&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=13192391&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/13192391">Basic BGP - Path Selection with Vyatta -Part 2</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><span style="font-weight:bold;">Basic BGP - Path Selection with Vyatta -Part 3</span><br /><span style="font-style:italic;">Creating ACLs<br />Creating Prefix Lists<br />Creating Route-maps<br />Setting Local Pref<br />Setting Med<br />Clearing a Peer </span><br /><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=13192652&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=13192652&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/13192652">Basic BGP - Path Selection with Vyatta -Part 3</a> from <a href="http://vimeo.com/user1515121">Roggy</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br />Although it can seem a little boring, I always like to include the full configs:<br /><span style="font-weight:bold;">R1</span><br /><code><br />firewall {<br /> all-ping enable<br /> broadcast-ping disable<br /> conntrack-table-size 32768<br /> conntrack-tcp-loose enable<br /> ip-src-route disable<br /> ipv6-receive-redirects disable<br /> ipv6-src-route disable<br /> log-martians enable<br /> name ALLOW_ESTABLISHED {<br /> default-action drop<br /> rule 10 {<br /> action accept<br /> state {<br /> established enable<br /> }<br /> }<br /> }<br /> receive-redirects disable<br /> send-redirects enable<br /> source-validation disable<br /> syn-cookies enable<br />}<br />interfaces {<br /> ethernet eth0 {<br /> address 172.12.123.1/24<br /> description R1-R2-R3<br /> duplex auto<br /> hw-id 00:0c:29:fe:17:2d<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth1 {<br /> duplex auto<br /> hw-id 00:0c:29:fe:17:37<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth2 {<br /> address dhcp<br /> duplex auto<br /> hw-id 00:0c:29:fe:17:41<br /> smp_affinity auto<br /> speed auto<br /> }<br /> loopback lo {<br /> address 5.5.5.5/24<br /> address 6.6.6.6/24<br /> address 7.7.7.7/24<br /> address 8.8.8.8/24<br /> }<br />}<br />policy {<br />}<br />protocols {<br /> bgp 1 {<br /> neighbor 172.12.123.2 {<br /> remote-as 234<br /> }<br /> neighbor 172.12.123.3 {<br /> remote-as 234<br /> }<br /> redistribute {<br /> connected {<br /> }<br /> }<br /> }<br />}<br />service {<br /> dns {<br /> forwarding {<br /> cache-size 150<br /> listen-on eth1<br /> name-server 208.67.222.222<br /> name-server 208.67.220.220<br /> }<br /> }<br /> nat {<br /> rule 10 {<br /> outbound-interface eth0<br /> source {<br /> address 192.168.10.0/24<br /> }<br /> type masquerade<br /> }<br /> }<br /> ssh {<br /> allow-root<br /> port 22<br /> protocol-version v2<br /> }<br />}<br />system {<br /> host-name R1<br /> login {<br /> user root {<br /> authentication {<br /> encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/<br /> plaintext-password ""<br /> }<br /> level admin<br /> }<br /> user vyatta {<br /> authentication {<br /> encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.<br /> }<br /> level admin<br /> }<br /> }<br /> ntp-server 0.vyatta.pool.ntp.org<br /> package {<br /> auto-sync 1<br /> repository community {<br /> components main<br /> distribution stable<br /> password ""<br /> url http://packages.vyatta.com/vyatta<br /> username ""<br /> }<br /> repository lenny {<br /> components main<br /> distribution lenny<br /> password ""<br /> url http://packages.vyatta.com/debian/<br /> username ""<br /> }<br /> repository VC6 {<br /> components main<br /> distribution VC6.0<br /> password ""<br /> url http://packages.vyatta.com/vyatta/<br /> username ""<br /> }<br /> }<br /> syslog {<br /> global {<br /> facility all {<br /> level notice<br /> }<br /> facility protocols {<br /> level debug<br /> }<br /> }<br /> }<br /> time-zone GMT<br />}<br /><br /><br />/* Warning: Do not remove the following line. */<br />/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */<br />/* Release version: VC6.0-2010.03.22 */<br /><br /></code><br /><br /><span style="font-weight:bold;">R2</span><br /><code><br />firewall {<br /> all-ping enable<br /> broadcast-ping disable<br /> conntrack-table-size 32768<br /> conntrack-tcp-loose enable<br /> ip-src-route disable<br /> ipv6-receive-redirects disable<br /> ipv6-src-route disable<br /> log-martians enable<br /> name ALLOW_ESTABLISHED {<br /> default-action drop<br /> rule 10 {<br /> action accept<br /> state {<br /> established enable<br /> }<br /> }<br /> }<br /> receive-redirects disable<br /> send-redirects enable<br /> source-validation disable<br /> syn-cookies enable<br />}<br />interfaces {<br /> ethernet eth0 {<br /> address 172.12.123.2/24<br /> description R1-R2-R3<br /> duplex auto<br /> hw-id 00:0c:29:fa:84:8d<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth1 {<br /> address 172.12.234.2/24<br /> description Inside<br /> duplex auto<br /> hw-id 00:0c:29:fa:84:97<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth2 {<br /> address dhcp<br /> description DMZ<br /> duplex auto<br /> hw-id 00:0c:29:fa:84:a1<br /> smp_affinity auto<br /> speed auto<br /> }<br /> loopback lo {<br /> }<br />}<br />policy {<br /> access-list 100 {<br /> rule 10 {<br /> action permit<br /> destination {<br /> any<br /> }<br /> source {<br /> any<br /> }<br /> }<br /> }<br /> access-list 150 {<br /> rule 10 {<br /> action permit<br /> destination {<br /> any<br /> }<br /> source {<br /> inverse-mask 0.0.0.255<br /> network 172.12.234.0<br /> }<br /> }<br /> }<br /> route-map SET-LOCAL-PREF {<br /> rule 10 {<br /> action permit<br /> match {<br /> ip {<br /> address {<br /> access-list 100<br /> }<br /> }<br /> }<br /> set {<br /> local-preference 301<br /> }<br /> }<br /> }<br /> route-map SET-MED {<br /> rule 10 {<br /> action permit<br /> match {<br /> ip {<br /> address {<br /> access-list 150<br /> }<br /> }<br /> }<br /> set {<br /> metric 201<br /> }<br /> }<br /> rule 20 {<br /> action permit<br /> match {<br /> ip {<br /> address {<br /> access-list 100<br /> }<br /> }<br /> }<br /> }<br /> }<br />}<br />protocols {<br /> bgp 234 {<br /> neighbor 172.12.123.1 {<br /> remote-as 1<br /> route-map {<br /> export SET-MED<br /> }<br /> }<br /> neighbor 172.12.234.4 {<br /> nexthop-self<br /> remote-as 234<br /> route-map {<br /> export SET-LOCAL-PREF<br /> }<br /> }<br /> redistribute {<br /> connected {<br /> }<br /> }<br /> }<br />}<br />service {<br /> dns {<br /> forwarding {<br /> cache-size 150<br /> listen-on eth1<br /> name-server 208.67.222.222<br /> name-server 208.67.220.220<br /> }<br /> }<br /> ssh {<br /> allow-root<br /> port 22<br /> protocol-version v2<br /> }<br />}<br />system {<br /> host-name R2<br /> login {<br /> user root {<br /> authentication {<br /> encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/<br /> plaintext-password ""<br /> }<br /> level admin<br /> }<br /> user vyatta {<br /> authentication {<br /> encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.<br /> }<br /> level admin<br /> }<br /> }<br /> ntp-server 0.vyatta.pool.ntp.org<br /> package {<br /> auto-sync 1<br /> repository community {<br /> components main<br /> distribution stable<br /> password ""<br /> url http://packages.vyatta.com/vyatta<br /> username ""<br /> }<br /> repository lenny {<br /> components main<br /> distribution lenny<br /> password ""<br /> url http://packages.vyatta.com/debian/<br /> username ""<br /> }<br /> repository VC6 {<br /> components main<br /> distribution VC6.0<br /> password ""<br /> url http://packages.vyatta.com/vyatta/<br /> username ""<br /> }<br /> }<br /> syslog {<br /> global {<br /> facility all {<br /> level notice<br /> }<br /> facility protocols {<br /> level debug<br /> }<br /> }<br /> }<br /> time-zone GMT<br />}<br /><br /><br />/* Warning: Do not remove the following line. */<br />/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */<br />/* Release version: VC6.0-2010.03.22 */<br /><br /></code><br /><br /><span style="font-weight:bold;">R3</span><br /><code><br />firewall {<br /> all-ping enable<br /> broadcast-ping disable<br /> conntrack-table-size 32768<br /> conntrack-tcp-loose enable<br /> ip-src-route disable<br /> ipv6-receive-redirects disable<br /> ipv6-src-route disable<br /> log-martians enable<br /> name ALLOW_ESTABLISHED {<br /> default-action drop<br /> rule 10 {<br /> action accept<br /> state {<br /> established enable<br /> }<br /> }<br /> }<br /> receive-redirects disable<br /> send-redirects enable<br /> source-validation disable<br /> syn-cookies enable<br />}<br />interfaces {<br /> ethernet eth0 {<br /> address 172.12.123.3/24<br /> description R1-R2-R3<br /> duplex auto<br /> hw-id 00:0c:29:21:bd:6f<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth1 {<br /> address 172.12.234.3/24<br /> description R2-R3-R4<br /> duplex auto<br /> hw-id 00:0c:29:21:bd:79<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth2 {<br /> address dhcp<br /> description DMZ<br /> duplex auto<br /> hw-id 00:0c:29:21:bd:83<br /> smp_affinity auto<br /> speed auto<br /> }<br /> loopback lo {<br /> }<br />}<br />policy {<br /> access-list 150 {<br /> rule 10 {<br /> action permit<br /> destination {<br /> any<br /> }<br /> source {<br /> inverse-mask 0.0.0.255<br /> network 172.12.234.0<br /> }<br /> }<br /> }<br /> prefix-list ALL-ROUTES {<br /> rule 10 {<br /> action permit<br /> le 32<br /> prefix 0.0.0.0/0<br /> }<br /> }<br /> route-map SET-LOCAL-PREF {<br /> rule 10 {<br /> action permit<br /> match {<br /> ip {<br /> address {<br /> prefix-list ALL-ROUTES<br /> }<br /> }<br /> }<br /> set {<br /> local-preference 201<br /> }<br /> }<br /> }<br /> route-map SET-MED {<br /> rule 10 {<br /> action permit<br /> match {<br /> ip {<br /> address {<br /> access-list 150<br /> }<br /> }<br /> }<br /> set {<br /> metric 101<br /> }<br /> }<br /> rule 20 {<br /> action permit<br /> match {<br /> ip {<br /> address {<br /> prefix-list ALL-ROUTES<br /> }<br /> }<br /> }<br /> }<br /> }<br />}<br />protocols {<br /> bgp 234 {<br /> neighbor 172.12.123.1 {<br /> remote-as 1<br /> route-map {<br /> export SET-MED<br /> }<br /> }<br /> neighbor 172.12.234.4 {<br /> nexthop-self<br /> remote-as 234<br /> route-map {<br /> export SET-LOCAL-PREF<br /> }<br /> }<br /> redistribute {<br /> connected {<br /> }<br /> }<br /> }<br />}<br />service {<br /> dns {<br /> forwarding {<br /> cache-size 150<br /> listen-on eth1<br /> name-server 208.67.222.222<br /> name-server 208.67.220.220<br /> }<br /> }<br /> ssh {<br /> allow-root<br /> port 22<br /> protocol-version v2<br /> }<br />}<br />system {<br /> host-name R3<br /> login {<br /> user root {<br /> authentication {<br /> encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/<br /> plaintext-password ""<br /> }<br /> level admin<br /> }<br /> user vyatta {<br /> authentication {<br /> encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.<br /> }<br /> level admin<br /> }<br /> }<br /> ntp-server 0.vyatta.pool.ntp.org<br /> package {<br /> auto-sync 1<br /> repository community {<br /> components main<br /> distribution stable<br /> password ""<br /> url http://packages.vyatta.com/vyatta<br /> username ""<br /> }<br /> repository lenny {<br /> components main<br /> distribution lenny<br /> password ""<br /> url http://packages.vyatta.com/debian/<br /> username ""<br /> }<br /> repository VC6 {<br /> components main<br /> distribution VC6.0<br /> password ""<br /> url http://packages.vyatta.com/vyatta/<br /> username ""<br /> }<br /> }<br /> syslog {<br /> global {<br /> facility all {<br /> level notice<br /> }<br /> facility protocols {<br /> level debug<br /> }<br /> }<br /> }<br /> time-zone GMT<br />}<br /><br /><br />/* Warning: Do not remove the following line. */<br />/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */<br />/* Release version: VC6.0-2010.03.22 */<br /><br /></code><br /><br /><span style="font-weight:bold;">R4</span><br /><code><br />firewall {<br /> all-ping enable<br /> broadcast-ping disable<br /> conntrack-table-size 32768<br /> conntrack-tcp-loose enable<br /> ip-src-route disable<br /> ipv6-receive-redirects disable<br /> ipv6-src-route disable<br /> log-martians enable<br /> name ALLOW_ESTABLISHED {<br /> default-action drop<br /> rule 10 {<br /> action accept<br /> state {<br /> established enable<br /> }<br /> }<br /> }<br /> receive-redirects disable<br /> send-redirects enable<br /> source-validation disable<br /> syn-cookies enable<br />}<br />interfaces {<br /> ethernet eth0 {<br /> address 172.12.234.4/24<br /> duplex auto<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth2 {<br /> address dhcp<br /> duplex auto<br /> smp_affinity auto<br /> speed auto<br /> }<br /> loopback lo {<br /> }<br />}<br />protocols {<br /> bgp 234 {<br /> neighbor 172.12.234.2 {<br /> remote-as 234<br /> }<br /> neighbor 172.12.234.3 {<br /> remote-as 234<br /> }<br /> redistribute {<br /> connected {<br /> }<br /> }<br /> }<br />}<br />service {<br /> dhcp-server {<br /> disabled false<br /> shared-network-name POOL1 {<br /> authoritative disable<br /> subnet 192.168.10.0/24 {<br /> default-router 192.168.10.1<br /> dns-server 192.168.10.1<br /> domain-name Vyatta.local<br /> lease 86400<br /> start 192.168.10.10 {<br /> stop 192.168.10.200<br /> }<br /> }<br /> }<br /> }<br /> dns {<br /> forwarding {<br /> cache-size 150<br /> listen-on eth1<br /> name-server 208.67.222.222<br /> name-server 208.67.220.220<br /> }<br /> }<br /> nat {<br /> rule 10 {<br /> outbound-interface eth0<br /> source {<br /> address 192.168.10.0/24<br /> }<br /> type masquerade<br /> }<br /> }<br /> ssh {<br /> allow-root<br /> port 22<br /> protocol-version v2<br /> }<br />}<br />system {<br /> host-name R4<br /> login {<br /> user root {<br /> authentication {<br /> encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/<br /> plaintext-password ""<br /> }<br /> level admin<br /> }<br /> user vyatta {<br /> authentication {<br /> encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.<br /> }<br /> level admin<br /> }<br /> }<br /> ntp-server 0.vyatta.pool.ntp.org<br /> package {<br /> auto-sync 1<br /> repository community {<br /> components main<br /> distribution stable<br /> password ""<br /> url http://packages.vyatta.com/vyatta<br /> username ""<br /> }<br /> repository lenny {<br /> components main<br /> distribution lenny<br /> password ""<br /> url http://packages.vyatta.com/debian/<br /> username ""<br /> }<br /> repository VC6 {<br /> components main<br /> distribution VC6.0<br /> password ""<br /> url http://packages.vyatta.com/vyatta/<br /> username ""<br /> }<br /> }<br /> syslog {<br /> global {<br /> facility all {<br /> level notice<br /> }<br /> facility protocols {<br /> level debug<br /> }<br /> }<br /> }<br /> time-zone GMT<br />}<br /><br /><br />/* Warning: Do not remove the following line. */<br />/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */<br />/* Release version: VC6.0-2010.03.22 */<br /><br /></code>Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com3tag:blogger.com,1999:blog-385626179821720396.post-35792210619128570852010-05-16T12:22:00.000-07:002010-05-16T13:19:46.574-07:00VMware Storage Alphabet Soup and Making the Most of VMwares MultipathingHaving recently moved into an enviroment where the storage is a little alien to me, I thought would be helpful to buff up on some storage knowledge and thought it might help some readers too.<br />Here is a diagram of a midrange san:<br /><br /><span style="font-style:italic;">(Thanks Virtualgeek for this picture)</span><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmPiE_2G_IDd6BkCfeGW3_Yekktz-bymst7LIx-8651bfFe5lsXOKRmXIUGP8jc0SwTWDPYcZWovX9K6QGAMOLZNzl84y48QXVN0uzHA_dPgz7-icnamcaRYQ4HM65LZMiwsq-LOFvW5Nq/s1600/cellerapicture.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 161px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmPiE_2G_IDd6BkCfeGW3_Yekktz-bymst7LIx-8651bfFe5lsXOKRmXIUGP8jc0SwTWDPYcZWovX9K6QGAMOLZNzl84y48QXVN0uzHA_dPgz7-icnamcaRYQ4HM65LZMiwsq-LOFvW5Nq/s320/cellerapicture.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5471962113222015266" /></a><br /><br />See the two items list as "Data Processor(head) A" and "Data Processor(head) B"?<br />Traditionally if you are using Active/Active Processor array you should use "Fixed" as the Multipathing method and In an Active/Passive array use "MRU".<br /><br />However this changed with:<br /><span style="font-weight:bold;">ALUA</span>:<span style="font-style:italic;">Symmetric Logical Unit Access</span><br />Essentially in midrange san enviroments (EMC Clariion etc), this allows an unoptimized and an optimized path to a lun through different heads.<br /><br />ESX(4) the HBA is aware of optimized and unoptimized paths as it knows which head has control of the LUN!<br />Suddenly we can use MRU with Active/Active heads.<br /><span style="font-weight:bold;"><br />MRU </span><span style="font-style:italic;">Most recently used</span>:Use the Optimized Path unless it is not avalible then use the Unoptimized path (ESX 4.0/vSphere only)<br /><br /><span style="font-weight:bold;">Fixed</span>: Always use this LUN unless it is unavalible.<br /><br /><span style="font-weight:bold;">NMP</span>:Native MultiPath Driver:<br /><br /><span style="font-weight:bold;">MMP</span>:Multipath Plugin (EMC Powerpath)<br /><br /><span style="font-weight:bold;">Round Robin</span>: Within ESX server's iSCSI HBA it sends 4000 IO blocks down one path then moves to the next path.<br /><span style="font-weight:bold;"><br />Custom Policy</span>:<br />Use the following commmand to tweak the iSCSI HBA<br />esxcfg-mpath --lun vmhba32:0:8 --policy custom --custom-hba-policy any --custom-max-blocks 1024 --custom-max-commands 50 --custom-target-policy any <br /><br /><br />References:<br />http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_iscsi_san_cfg.pdf<br />http://www.vmware.com/pdf/vi3_35_25_roundrobin.pdf<br />http://virtualgeek.typepad.com/virtual_geek/2009/09/a-couple-important-alua-and-srm-notes.html<br />http://virtualgeek.typepad.com/virtual_geek/2008/08/celerra-virtual.htmlRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com2tag:blogger.com,1999:blog-385626179821720396.post-56963172754829416222010-05-16T12:10:00.000-07:002010-05-16T12:22:49.660-07:00Having problems connecting Outlook 2007 to Exchange 2003? SPN might be to blameAfternoon,<br /><br />I was having some problems today connection Outlook 2007 to an Exchange 2003 SP2 box today.<br /><br />Here is the Error message that was being recieved:<br /><code><br />The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.<br /></code><br /><br />After a couple of hours playing around I managed to narrow this down to Outlook 2007 now authenticating with kerberos and not being able to find the Service Prinical Name for the global catalog server.<br /><br />Authentication via Outlook 2003 (NTLM) was perfect, as was HTTPS (OWA) this was just affecting Kerberos.<br /><br />Here is how I fixed it:<br />1) Install Windows Server 2003 Support tools:SUPPTOOLS.MSI<br />2)Run setspn -L ExchangeServerName you will see something like this:<br /><code><br />Registered ServicePrincipalNames for CN=<ExchangeServerName>,CN=Computers,DC=example,DC=com:<br /> exchangeAB/<ExchangeServerName><br /> exchangeAB/<ExchangeServerName>.example.com<br /> exchangeMDB/<ExchangeServerName><br /> exchangeMDB/<ExchangeServerName>.example.com<br /> exchangeRFR/<ExchangeServerName><br /> exchangeRFR/<ExchangeServerName>.example.com<br /> SMTPSVC/<ExchangeServerName><br /> SMTPSVC/<ExchangeServerName>.example.com<br /> HOST/<ExchangeServerName><br /> HOST/<ExchangeServerName>.example.com<br /></code><br /><br /><span style="font-weight:bold;">exchangeAB/<ExchangeServerName><br />exchangeAB/<ExchangeServerName>.example.com</span><br /><br />The above line is the one we are interested in. We need to change it:<br /><code><br />setspn -D exchangeAB/ExchangeServerName ExchangeServerName<br />setspn -D exchangeAB/ExchangeServerName.example.com ExchangeServerName<br /></code><br /><br />Then re-add the details:<br /><code><br />setspn -A exchangeAB/GlobalCatalogServerName GlobalCatalogServerName <br />setspn -A exchangeAB/GlobalCatalogServerName.example.com GlobalCatalogServerName<br /></code><br /><br />The output from setspn should now be:<br /><br /><code><br />Registered ServicePrincipalNames for CN=<ExchangeServerName>,CN=Computers,DC=example,DC=com:<br /> exchangeMDB/<ExchangeServerName><br /> exchangeMDB/<ExchangeServerName>.example.com<br /> exchangeRFR/<ExchangeServerName><br /> exchangeRFR/<ExchangeServerName>.example.com<br /> SMTPSVC/<ExchangeServerName><br /> SMTPSVC/<ExchangeServerName>.example.com<br /> HOST/<ExchangeServerName><br /> HOST/<ExchangeServerName>.example.com<br /></code><br /><br />Note the ExchangeAB SPNs are gone as they are now pointing to the domain controller (GC)<br /><br /><br />Reference List:<br />http://support.microsoft.com/kb/927612/en-usRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com1tag:blogger.com,1999:blog-385626179821720396.post-78360822838291802972010-05-06T14:00:00.000-07:002010-05-06T14:42:49.199-07:00Using VMware View with Network cards as Removeable DevicesThis is only going to be a quick on hopefully :)<br /><br />For those that do not know vmware presents most of their nics as removeable/USB devices PCNET(Vlance),Intel e1000 and vmxnet,vmxnet2,vmxnet3 this is to allow the feature of "hot add" which is a great way off adding hardware to a VM without powering the machine off.<br /><br />Today whilst playing around it was highlighted to me that some "adventurous" VM View users that had USB enabled used that oppurtunity to disable the network card. Forcing the intervention of the admin from the cloud to re-add the vnic<br /><br />Heres a couple of ways around it:<br /><br />1) Use the configuration options to add "devices.hotplug" = "false" like this:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqu-jMQ7G_IkaUJid-Y09H0w2DFJ17t9RlNkiRX7IUlfRVxc1buPZy0eOVn0djOSqFS8-pQL9Gcv6GaJaoplchppXr1f-I2dpFv5NpS7UwYxvxuNvuc9k_rzmtAfAxBPX_jgxPRWVIwTGR/s1600/configparams-hotadd.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 256px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqu-jMQ7G_IkaUJid-Y09H0w2DFJ17t9RlNkiRX7IUlfRVxc1buPZy0eOVn0djOSqFS8-pQL9Gcv6GaJaoplchppXr1f-I2dpFv5NpS7UwYxvxuNvuc9k_rzmtAfAxBPX_jgxPRWVIwTGR/s320/configparams-hotadd.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5468268302547857202" /></a><br /><br />*Also does not affect cpu/mem hotplug<br /><br />2) Edit the *.vmx file and add:<br /><code><br />devices.hotplug = "false"<br /></code><br /><br />3) Hide the "safelty remove hardware option" like this:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjheBXmcUIC72eKsSCD85-YP8fOAOkm4JL51iZkGEHAfNNpBLK0qcanffVLM6g3HR_qgfHDT8osjoCWE9Wg6fbAD-rw7bQXvKeN2zlugrwdmv2-TOKv6ZbtfBLgdkTabr_N1dYWMwdEyYfN/s1600/view.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 273px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjheBXmcUIC72eKsSCD85-YP8fOAOkm4JL51iZkGEHAfNNpBLK0qcanffVLM6g3HR_qgfHDT8osjoCWE9Wg6fbAD-rw7bQXvKeN2zlugrwdmv2-TOKv6ZbtfBLgdkTabr_N1dYWMwdEyYfN/s320/view.JPG" border="0" alt=""id="BLOGGER_PHOTO_ID_5468274086495072850" /></a><br /><br />4) Use the "NoDisplayClass" to customize the driver *yuck!<br /><br /><br />Hope that helps someone out there!<br /><br /><br /><br />Source:http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1012225&sliceId=1&docTypeID=DT_KB_1_1&dialogID=64244650&stateId=0%200%2067543541<br />*NB:Using VMXnet3 does not disable hot plug as indicated in the KBRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com0tag:blogger.com,1999:blog-385626179821720396.post-63963638965506692102010-05-05T15:23:00.000-07:002010-05-05T15:36:19.367-07:00Using HSRP,CARP and VRRP within VMwareHi all,<br /><br />Just a quick note incase it helps anyone else out there.<br /><br />I was recently in a lab moving from a vSS (Virtual Standard Switch) over to a vDS (Virtual distributed switch) when I came across and issue with a Pfsense box.<br /><br />I had two VMs using CARP (which is like HSRP or VRRP) to push about a highly avalible IP address. <br />Now most vm admins out there will work out that for <span style="font-style:italic;">VRRP or CARP to work you need to enable "Promiscuous Mode" within the vSS or within the port group.<br /></span><br /><br />The issue I came across was with Promiscuous Mode and one uplink port (vDS or vSS) CARP was working perfectly however on adding the second uplink port to the vDS, pings to the CARP address were dropping.<br /><br />Therefore - lesson learned was: When load balaning across multiple nics (or uplink ports in vDS terminology) you need to also be using the load balancing method of "Route Based on IP hash" (with accompanying switch config) if you plan to use CARP or VRRP else it will not work!Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com0tag:blogger.com,1999:blog-385626179821720396.post-51160387323909859372010-04-13T10:30:00.000-07:002010-04-13T14:56:56.885-07:00Vyatta VC 6 - Final with VMware Tools IncludedHi Everyone,<br /><br />Vyatta Released VC 6.0 late last month and although it did include OpenVM-tools which is great, there are a few people out there (myself included) who really want a VM to come already included with VMware tools and VMxnet3 especially performance matters at all to you :)<br /><br />Sorry for the delay in getting this out, however compiling VMware tools for the Vyatta 2.6.31 custom kernel was not as easy as I had planned.<br /><br />Here is the listing with VMware:<br /><a href="http://www.vmware.com/appliances/directory/383813">http://www.vmware.com/appliances/directory/383813</a><br /><br />and here is the direct link:<br /><a href="http://www.techstream.co.uk/VyattaVC6.0-Final.zip">VyattaVC6-Final.zip</a><br /><br />And once you have downloaded it, why not give one of my labs ago <a href="http://roggyblog.blogspot.com/2010/04/router-on-stick-within-vsphere-using.html">here</a><br /><br /><br />Enjoy!Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com7tag:blogger.com,1999:blog-385626179821720396.post-77045345338559521952010-04-13T08:01:00.000-07:002010-04-13T14:57:50.911-07:00Router on a Stick within vSphere using Vyatta and Optimizing for 1Gbps RoutingVyatta have released VC6.0 final so I thought I would modify it a little by removing Openvm-tools and replace it with VMware tools, configure it with vmxnet 3 then bring it all together within vSphere for some iPerf benching.<br /><br />So here we have the "Router on a stick" where we use a Vyatta VM to route between two VM networks with VLAN Trunk then optimize with Jumbo Frames (MTU 9000) on the vnics,vswitch and changing adapter types.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-nDAW58gfL4Bk6EhKs40eUSSWqE3jiOkzjkTFX-RmxtPRGPx1mvfSbMsuRIGbRigrmBAHbwMkZ-78-Jupz3x9BxLByyIq6lrGYSsU64rnItaPrjg5Tpr8qKQn4WVecvUXHwimN6yNeoJy/s1600/RouterOnaStick.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 226px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-nDAW58gfL4Bk6EhKs40eUSSWqE3jiOkzjkTFX-RmxtPRGPx1mvfSbMsuRIGbRigrmBAHbwMkZ-78-Jupz3x9BxLByyIq6lrGYSsU64rnItaPrjg5Tpr8qKQn4WVecvUXHwimN6yNeoJy/s320/RouterOnaStick.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5459646734235304882" /></a><br /><br /><br /><span style="font-weight:bold;">Part 1</span><br /><br /><span style="font-style:italic;">Lab Setup<br />Configuration of Vyatta<br />Configuration of vSphere (VLAN Trunk)<br />Configure Routing<br />Benchmark using iPerf </span><br /><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=10897479&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=10897479&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/10897479">Router on a Stick within vSphere using Vyatta and Optimizing for 1Gbps Routing - Part 1</a> from <a href="http://vimeo.com/user1515121">Richard Vimeo</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br /><span style="font-weight:bold;">Part 2</span><br /><span style="font-style:italic;">Configuring Jumbo frame on guests<br />Configuring Jumbo frame on vSwitch<br />Changing vNic type<br />Benchmark with iPerf </span><br /><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=10897549&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=10897549&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/10897549">Router on a Stick within vSphere using Vyatta and Optimizing for 1Gbps Routing - Part 2</a> from <a href="http://vimeo.com/user1515121">Richard Vimeo</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br />Here is the KB relating to why Windows XP (32bit) and Windows Server (32bit) come up with a 1.4Gbps link speed for 10Gbps drivers/adapters.<br />http://support.microsoft.com/kb/931857<br /><br />And for those that cannot wait for the VMware Appliance here is the link to:<br /><a href="http://www.techstream.co.uk/VyattaVC6.0-Final.zip">Vyatta VC 6.0 - Final with VMware Tools</a><br /><br /><span style="font-weight:bold;">Vyatta Config</span><br /><code><br />firewall {<br /> all-ping enable<br /> broadcast-ping disable<br /> conntrack-table-size 32768<br /> conntrack-tcp-loose enable<br /> ip-src-route disable<br /> ipv6-receive-redirects disable<br /> ipv6-src-route disable<br /> log-martians enable<br /> name ALLOW_ESTABLISHED {<br /> default-action drop<br /> rule 10 {<br /> action accept<br /> state {<br /> established enable<br /> }<br /> }<br /> }<br /> receive-redirects disable<br /> send-redirects enable<br /> source-validation disable<br /> syn-cookies enable<br />}<br />interfaces {<br /> ethernet eth0 {<br /> address dhcp<br /> description Outside<br /> duplex auto<br /> firewall {<br /> in {<br /> name ALLOW_ESTABLISHED<br /> }<br /> local {<br /> name ALLOW_ESTABLISHED<br /> }<br /> }<br /> hw-id 00:50:56:83:39:3e<br /> smp_affinity auto<br /> speed auto<br /> }<br /> ethernet eth1 {<br /> MTU 9000<br /> description Inside<br /> duplex auto<br /> hw-id 00:50:56:83:70:c3<br /> smp_affinity auto<br /> speed auto<br /> vif 10 {<br /> address 192.168.10.1/24<br /> description VLAN-10<br /> }<br /> vif 20 {<br /> address 192.168.20.1/24<br /> description VLAN-20<br /> }<br /> }<br /> ethernet eth2 {<br /> description DMZ<br /> duplex auto<br /> hw-id 00:50:56:83:51:b7<br /> smp_affinity auto<br /> speed auto<br /> }<br /> loopback lo {<br /> }<br />}<br />service {<br /> dhcp-server {<br /> disabled false<br /> shared-network-name POOL1 {<br /> authoritative disable<br /> description VLAN10<br /> subnet 192.168.10.0/24 {<br /> default-router 192.168.10.1<br /> dns-server 192.168.10.1<br /> domain-name Vyatta.local<br /> lease 86400<br /> start 192.168.10.10 {<br /> stop 192.168.10.200<br /> }<br /> }<br /> }<br /> shared-network-name POOL2 {<br /> authoritative disable<br /> description VLAN20<br /> subnet 192.168.20.0/24 {<br /> default-router 192.168.20.1<br /> dns-server 192.168.20.1<br /> domain-name vyatta.local<br /> lease 86400<br /> start 192.168.20.10 {<br /> stop 192.168.20.240<br /> }<br /> }<br /> }<br /> }<br /> dns {<br /> forwarding {<br /> cache-size 150<br /> listen-on eth1.10<br /> listen-on eth1.20<br /> name-server 208.67.222.222<br /> name-server 208.67.220.220<br /> }<br /> }<br /> nat {<br /> rule 10 {<br /> outbound-interface eth0<br /> source {<br /> address 192.168.10.0/24<br /> }<br /> type masquerade<br /> }<br /> rule 20 {<br /> outbound-interface eth0<br /> source {<br /> address 192.168.20.0/24<br /> }<br /> type masquerade<br /> }<br /> }<br /> ssh {<br /> allow-root<br /> port 22<br /> protocol-version v2<br /> }<br />}<br />system {<br /> host-name vyatta<br /> login {<br /> user root {<br /> authentication {<br /> encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/<br /> plaintext-password ""<br /> }<br /> level admin<br /> }<br /> user vyatta {<br /> authentication {<br /> encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.<br /> }<br /> level admin<br /> }<br /> }<br /> ntp-server 0.vyatta.pool.ntp.org<br /> package {<br /> auto-sync 1<br /> repository community {<br /> components main<br /> distribution stable<br /> password ""<br /> url http://packages.vyatta.com/vyatta<br /> username ""<br /> }<br /> repository lenny {<br /> components main<br /> distribution lenny<br /> password ""<br /> url http://packages.vyatta.com/debian/<br /> username ""<br /> }<br /> repository VC6 {<br /> components main<br /> distribution VC6.0<br /> password ""<br /> url http://packages.vyatta.com/vyatta/<br /> username ""<br /> }<br /> }<br /> syslog {<br /> global {<br /> facility all {<br /> level notice<br /> }<br /> facility protocols {<br /> level debug<br /> }<br /> }<br /> }<br /> time-zone GMT<br />}<br /><br /><br />/* Warning: Do not remove the following line. */<br />/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */<br />/* Release version: VC6.0-2010.03.22 */<br /></code><br /><br /><br />Enjoy!Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com14tag:blogger.com,1999:blog-385626179821720396.post-50532676353261850322010-03-31T09:01:00.000-07:002010-03-31T09:30:09.988-07:00Managed Service Provider using Vyatta (OpenVPN Client Specific Subnets) and PRTG to monitor CustomersPossibly my longest title ever?<br />As the intro says this is a bit of roleplay for us, we are setting up the lab as a Managed Service Provider (MSP) who wishes to have a way to tunnel in (or in this case have the client tunnel out) to HQ where we can monitor all the goodies that PRTG can monitor remotely.<br /><br />Heres the diagram:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmSJKJCtygT1i941uf-j-Ke45BWQENvm9HX1zzh9ec6WifvghQC6phGvt_SFN_pFY6pOQ80Oj3RNHV5mLu8oItmTZ7hABAaXaaYLEudaKvDaqAgR956svPCoD48ld5zPIEmIk8o5peC58B/s1600/MSPOpenVPN.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 226px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmSJKJCtygT1i941uf-j-Ke45BWQENvm9HX1zzh9ec6WifvghQC6phGvt_SFN_pFY6pOQ80Oj3RNHV5mLu8oItmTZ7hABAaXaaYLEudaKvDaqAgR956svPCoD48ld5zPIEmIk8o5peC58B/s320/MSPOpenVPN.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5454829718875808242" /></a><br /><br /><span style="font-weight:bold;">Intro Video and lab setup:</span><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=10583859&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=10583859&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/10583859">Managed Service Provider using Vyatta (OpenVPN) and PRTG to monitor Customers - Part 1</a> from <a href="http://vimeo.com/user1515121">Richard Vimeo</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><span style="font-weight:bold;">Part 2</span><br /><span style="font-style:italic;">Setup of connectivity<br />Setup OpenVPN Server with client specific info<br />Setup OpenVPN Client<br />Using Easy-RSA to generate certificates and keys<br />Securing interfaces with Firewall<br />Securing vtun0 interface with firewall </span><br /><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=10584008&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=10584008&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/10584008">Managed Service Provider using Vyatta (OpenVPN) and PRTG to monitor Customers - Part 2</a> from <a href="http://vimeo.com/user1515121">Richard Vimeo</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br />Enjoy!Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com7tag:blogger.com,1999:blog-385626179821720396.post-67476921273146607982010-03-24T05:14:00.000-07:002010-03-24T12:23:39.509-07:00Network Monitoring/Sniffing using vSphere and PRTG ReduxHi,<br /><br />As ever I try and bring you guys (and girls?) something a little different :)<br />After completing this video <a href="http://roggyblog.blogspot.com/2010/03/network-monitoringsniffing-using.html">here</a> and being in contact directly with PRTG it came to my attention that the version I was using "PRTG Traffic Grapher V6" was EOL and the new version "PRTG Network Monitor" is the successor.<br />Network Monitor does have alot of cool new features including an iPhone app (cant wait for a droid version) and the best bit...they were kind enough to provide me with a copy of PRTG Network Monitor V7 for this video.<br /><br /><span style="font-weight:bold;">Part1</span><br /><span style="font-style:italic;">A cool tour of some of the features of PRTG Network Monitor V7 and how we use our virtual machine to monitor our voice network</span><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=10403646&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=10403646&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/10403646">Network Monitoring/Sniffing using vSphere and PRTG Ver 2 - Part 1</a> from <a href="http://vimeo.com/user1515121">Richard Vimeo</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /><br /><br /><span style="font-weight:bold;">Part2</span><br /><span style="font-style:italic;">This video actually shows you how we set the whole thing up!</span><br /><object width="400" height="300"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=10403785&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=10403785&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/10403785">Network Monitoring/Sniffing using vSphere and PRTG Ver 2 - Part 2</a> from <a href="http://vimeo.com/user1515121">Richard Vimeo</a> on <a href="http://vimeo.com">Vimeo</a>.</p>Roggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.com3