virtual grind thoughts from the virtual world

4Feb/140

Cisco Champion

I am honored to be selected as a Cisco Champion. To find out more about the program, check it out here:

Cisco Champions

justin giardina, cisco champion

justin giardina, cisco champion

23Jun/110

Accessing the bash shell in Equallogic

Sometimes I need tools such as traceroute when troubleshooting connectivity between Equallogic arrays. This is especially useful when configuring features like replication.

From the main Equallogic shell, only certain Equallogic specific commands are available. To access the OS level shell, you can simply ssh in to your array and issue the command:

su exec bash

From the bash shell, you can issue OS level commands such as ifconifg and traceroute.

22Jun/112

vCloud Director Cell Firewall Settings – Cisco ASA

In a vCloud Director environment, vCD cells are usually placed in a DMZ network. Based on best practices, a load balancer is also used in multi-cell environments, which is placed in front of the vCD cells.

Access to/from the vCD cells should be restricted not only from the public side, but also internally. For instance, vCD cells do need to communicate with a database vlan where a database server lies and a management vlan where services such as vCenter live.

When configuring multiple vlans, certain access lists are placed between the vlans for communication. An example of this would be an access list that allows your vCD cells to communicate with the database vlan. For example, you may have an access list that allows tcp port 1521 (Oracle) from your vCD cells to your database server.

Another issue that may come up are keepalives for tcp streams between your vCD cells on one vlan and your esxi hosts on another vlan. vCloud Director will also email messages such as:

"The Cloud Director Server cannot communicate with the Cloud Director agent on host "hostname". When the agent starts responding to the Cloud Director Server, Cloud Director Server will send an email alert.

If you are using a Cisco ASA environment, this issue can be fixed easily with a feature called Dead Connection Detection.

The following config will allow you to do this:

1. Create an access-list that allows the ip addresses or subnet of your vCD cells:

access-list vcd_dcd extended permit ip host 10.10.10.10 any
access-list vcd_dcd extended permit ip host 10.10.10.11 any

or

access-list vcd_dcd extended permit ip 10.10.10.0 255.255.255.0 any

These access lists would allow your vCD cells on 10.10.10.10 and .11 or 10.10.10.0/24. Note that you can also make this access-list more specific by defining the destination, which would be your esxi hosts or subnet. An example of this would be:

access-list vcd_dcd extended permit ip host 10.10.10.10 host 10.11.11.10
access-list vcd_dcd extended permit ip host 10.10.10.10 host 10.11.11.11

or

access-list vcd_dcd extended permit ip 10.10.10.0 255.255.255.0 10.11.11.0 255.255.255.0

2. Next, you need to make a class-map:

class-map vcd_keepalive_class
match access-list vcd_dcd

3. Create a policy-map that defines your timeout and dcd settings:

policy-map vcd_keepalive_policy
class vcd_keepalive_class
set connection timeout idle 2:00:00 dcd 0:10:00 3

4. Finally, create a service policy for the interface where your vCD cells reside:

service-policy vcd_keepalive_policy interface INTNAME

* Note that you will change "INTNAME" with the ASA interface (nameif) name.

For reference, this Cisco article covers DCD in detail:

Configuring Connection Limits and Timeouts

18May/110

Veeam Community Podcast – Episode 19

I recently chatted with Rick Vanover regarding some unique cloud designs. We also discussed some topics around the current status of cloud based deployments, as we see as a cloud computing service provider.

Link:
Episode 19 – Cloud computing with iland

14May/110

Packet Pushers Podcast

Just thought I would take a second to share a great podcast I listen to on a regular basis. This usually happens when I am on my treadmill, I need something to my focus on that dreadful task.

Packet Pushers is run by a few Cisco engineers that have a lot of real world experience. Over the years, they have touched on numerous topics including IPv6, BGP, virtualization, and many more. Personally, I like the tone of the podcast since they bring in experts in different technologies and have a fun time discussing the details of the show at hand.

I suggest anyone interested in networking in general check them out.

Link:
Packet Pushers
Packet Pushers iTunes Feed

14May/110

Bitcricket IP Subnet Calculator

For years, I have been using the IP Subnet Calculator dashboard widget for quick IPv4 sanity. Jeremy Williams released this handy tool in 2005, and has been on every Mac I have owned since.

Since IPv6 is becoming more commonplace, I recently started looking for a nice simple calculator for OSX. Low and behold, I ran across Bitcricket's IP Subnet Calculator recently. The Bitcricket calculator is very simple and also contains CIDR and IPv6 functionality. I have been using the calculator for a few weeks now and highly recommend it.

Please note that the Bitcricket calculator works on OSX and Windows.

Links:
IP Subnet Calculator Widget
Bitcricket IP Subnet Calculator

28Mar/110

Link To vSphere 4.0 iSCSI SAN Configuration Guide

When working with iSCSI arrays, this guide is worth gold.

Get the guide here.

4Mar/110

Collecting vShield Manager Logs

I ran in to some issues with the vShield Manager interaction with vCenter Chargeback. In order to troubleshoot, the vShield Manager logs need to be exported via the vShield Manager web interface or CLI.

To get the logs from the web interface, simply log in to the IP address of the web interface, click "Settings & Reports", then click "Audit Logs". Note that you can also download the logs to your local computer by clicking "Configuration", then "Support", then "Initiate". Once initiated, you can download the logs by clicking "Download".

For the CLI, simply log in via the console or ssh and issue a "show tech-support".

12Feb/112

Using Keyspan USB Serial Adapter With Mac OSX

I have been getting a lot of questions about using USB serial adapters with my Mac. Although there are a lot out there, I usually recommend that people try the Keyspan USA-19HS. I have never had an issue with this adapter on OSX, as well as Windows.

I do recommend installing the driver that comes with the adapter, it will add a new device to OSX, /dev/tty.KeySerial1.

Once you install the driver, you can add the small AppleScript snippet to open a new terminal window and utilize screen. You can also compile this simple script and create a clickable application to launch your serial screen quickly.

Code below:

tell application "Terminal"
do script with command "screen /dev/tty.KeySerial1"
set number of rows of window 1 to 100
set number of columns of window 1 to 80
set background color of window 1 to "black"
set normal text color of window 1 to "green"
set custom title of window 1 to "SerialOut"
end tell

I must thank Mark Stewart for the info on this.

17Nov/100

Replication Bandwidth Calculator

The guys at virtualizeplanet.com have a great post/tool on calculating replication bandwidth. We hear this request a lot from customers and the calculator on the following page can help calculate what can be expected from a certain WAN speed.

Awesome job, guys.

Replication Bandwidth Calculator

Filed under: Network, VMware No Comments