Month: December 2014

Getting My Real VM Server Back Online Part II: Storage Server!

December 31, 2014 / / 0 Comments

Anticipating the arrival of RAM for my VM server tomorrow I decided I needed some kind of real storage server, so I started working on one. I haven’t touched BSD since I was a kid, so I’m not used to it in general. I wasn’t sure how OpenSolaris would work on my hardware (I hear it’s better on Intel than AMD) so I opted for FreeBSD. Unfortunately I just found out FreeBSD doesn’t have direct iSCSI integration with ZFS, but that’s okay! We can always change OS’s later, especially since the storage array leaves a lot to be desired (RAID-Z1 with 4x1GB 2.5″ 5200RPM drives + 40GB Intel X25V for L2ARC, no separate ZIL).

I’m getting used to the new OS and about to configure iSCSI, which will be handed out via multipath over an Intel 82571EB NIC into two separate VLANs into a dedicated 3550-12T switch. We’ll see how it works, and if it’s fine I’m going to get my HTPC booting over it.

I’m going to look around for a motherboard with more RAM slots, for now I’m stuck with a mATX motherboard, a SAS card that won’t let the system boot, and 2 RAM slots (8GB) with an FX-8320.

Performance tests to come.. after I encounter a dozen issues and hopefully deal with them!

Rearranging The Intranet of Things Part II

December 31, 2014 / / 0 Comments

I’m sure there will be a lot more posts like this to come. I had formerly moved the edge router to the ‘closet’ (aka the garage, right next to the cable modem and 3560-24PS sitting there) and added another router there to have a routed gig port into my ‘office’ (aka my bedroom with a couple desks).

Today I replaced both routers with a single 7206VXR with an NPE-G1. I had it all configured and everything should’ve worked off the bat, but it didn’t — not exactly, anyway. The routing was perfect, the NAT was great. But I only have a VAM card which doesn’t work with 15.x (only VAM2 cards work with new code), and I didn’t want it doing VPN in software.

So I decided to keep the old WAN router as VPN-only duty. I briefly considered using a 1760 with a VPN module (I have a few), but when I finally get to having decent internet speeds it would choke. The 3825 has an EPII+ card on top of the onboard hardware engine, so it should at the least have no issue keeping up with my internet connection with weak Triple-DES. The only issue is when I went to forward UDP 4500 from the edge router to the VPN router I got:

% Port 4500 is being used by system

I was able to successfully forward ports UDP 500 and ESP, but here I got stumped. I verified there was no crypto config, I tried clearing crypto stuff, I tried disabling software crypto — all with no luck. Googling didn’t give me much to go on, but I finally ran into something showing this error as an IOS-XE bug for 15.2(4)S2 –and I was running 15.2(4)S3 (pure IOS, but basically the same), so being out of options and ideas I decided to just install 15.2(4)M7 and Voila! Problem solved!

Two routers replaced with — two routers, maybe that doesn’t sound very good, but it will allow me to do more at the edge with more ports available directly on the router instead of playing with switches and VLANs/VRFs.

And in case you want to see how my network is physically wired — and this is somewhat simplified, here you are!

Network Diagram

Simplified Network Diagram – 01/01/15

Rearranging The Intranet of Things

December 30, 2014 / / 0 Comments

So after dealing with a bunch of random dd-wrt based access points I decided to grab some LAP1142Ns off of eBay. I set up a vWLC on the VM machine, and was able to get it going fairly quickly even with no knowledge of Cisco Wireless technology.

So far my throughput is only slightly increased even after moving to 5GHz and having a 3×3 MIMO radio in my laptop.

I added a real router for the upstairs network (3825), and a gig link from the ‘closet’ to my office/workstations. Some of the interconnects in the lab are temporarily dual 100MBit load balanced via EIGRP to alleviate some of the bottlenecks. The LAP1142Ns are limited to 100mbit due to a 3560-24PS being the only POE switch I have, but I never see more than about 60mbit of throughput over wireless, and the port never exceeds 70mbit — so until I get that sorted out it’s not a limitation.

To get more gig links in my ‘office’ (aka my bedroom) I trunked a cheap Dell 5224 to a 3550-12G, replacing the 3550-12T that was formerly there. I wish I could afford newer Cisco gig switches my budget is basically non-existent.

I still need a total network redesign, my routing table is almost laughable:

dswr1.core#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.5.6 to network 0.0.0.0

D 192.168.30.0/24 [90/28928] via 10.255.1.6, 22:58:10, FastEthernet0/16
 [90/28928] via 10.255.1.2, 22:58:10, FastEthernet0/14
 172.17.0.0/16 is variably subnetted, 6 subnets, 2 masks
D 172.17.0.48/28 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.32/28 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.16/28 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.0/28 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.72/29 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.64/29 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
 172.16.0.0/16 is variably subnetted, 7 subnets, 4 masks
C 172.16.255.0/28 is directly connected, Vlan601
D 172.16.2.8/30 [90/28416] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28416] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.16.2.4/30 [90/28672] via 10.255.1.6, 22:58:18, FastEthernet0/16
 [90/28672] via 10.255.1.2, 22:58:18, FastEthernet0/14
C 172.16.5.4/30 is directly connected, FastEthernet0/24
D 172.16.3.2/32 [90/156672] via 10.255.1.6, 22:58:14, FastEthernet0/16
 [90/156672] via 10.255.1.2, 22:58:14, FastEthernet0/14
D 172.16.1.0/24 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.16.3.1/32 [90/156160] via 172.16.5.6, 10:49:53, FastEthernet0/24
 172.18.0.0/28 is subnetted, 1 subnets
D 172.18.0.0 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 192.168.99.0/24 [90/28928] via 10.255.1.6, 03:03:00, FastEthernet0/16
 [90/28928] via 10.255.1.2, 03:03:00, FastEthernet0/14
 10.0.0.0/30 is subnetted, 2 subnets
C 10.255.1.4 is directly connected, FastEthernet0/16
C 10.255.1.0 is directly connected, FastEthernet0/14
D 192.168.0.0/24 [90/30720] via 172.16.5.6, 10:49:54, FastEthernet0/24
D 192.168.100.0/24 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
C 192.168.101.0/24 is directly connected, Vlan400
D*EX 0.0.0.0/0 [170/30720] via 172.16.5.6, 10:49:54, FastEthernet0/24

Getting My Real VM Server Back Online

December 30, 2014 / / 0 Comments

My server has been off hiding somewhere far away from me for a while, so I’ve been running virtual machines on an AMD FX-8320 990FX based box. Unfortunately it only had 16GB of RAM and I gutted the server RAM for use in my workstations.

I’ve decided to order some used ECC Registered 4GB sticks off of eBay — 32GB ought to do for now. I won’t have to worry about whether I can launch a new VM due to RAM constraints (I was using a lot of swap before!), so titan.frankd.lab will soon be back online with the FX-8320 machine for failover. I’m going to need shared storage, so I’ll have to setup a real iSCSI storage box soon.

End short random thought.

A lot of bit of nothing

December 19, 2014 / / 0 Comments

As it sometimes happens personal stuff has taken hold of my life and stopped me from doing anything major with anything technology related. I decided that I should pick a little project to pick up some new skills, so I’ll be setting up Cisco’s AIR-CTVM Wireless controller along with a couple LAP-1142Ns 802.11n (draft) access points that I picked up off of eBay to get rid of the DD-WRT APs which haven’t been entirely cooperative. For example, the Netgear WNR834B v2 will only use the base channel assigned with the second channel being two channels above it (currently channels 6 and 8) which is clearly not optimal for throughput.

I’m going to be rearranging my home network to segment it a bit more and do some more with routing. I want to keep the LAPs running off the 3560-24PS with PoE power instead of powering them with external bricks, so unfortunately each AP will be limited to 100mbit of throughput — that’s actually still better than what I get now over the 2.4GHz N AP, so it’ll still be a usable throughput improvement.

I’ll also be able to actually do some L3 segmenting instead of needing to share a VLAN across physical boundaries for the ‘dumb’ AP bridges currently in place.

I’ve been doing some work on IP management software, and while a lot of the back-end functionality is currently there for calculation, I’d like to rewrite some of it for speed. There are parts that are written strictly for readability using strings instead of bit compares, and they’re much slower than I’d like them to be for large address spaces. I should have something interesting to show if I can manage to put a little more time into it.