Sunday, August 31, 2014

Vlans into Hyper-V VM Machines

A couple months I posted about running CentOS under hyper-v and some challenges related to the integration kit (or so I thought).

I recently came across what I was really looking for.

If I want the Linux (Or whatever) VM to have multiple vlans to a single nic into the vm, the solution is not in the GUI. Big shock there. You will find the following powershell command very useful.

Set-VMNetworkAdapterVlan

This command along with it's Get counterpart is very useful yet obscure. This command is like setting the port on the switch to pass the vlans that you want, only this is the virtual hyper-v switch.

Here is the link to the TechNet article explaining it: http://technet.microsoft.com/en-us/library/hh848475.aspx

From the article here is an example:

PS C:\> Set-VMNetworkAdapterVlan -VMName Redmond -Trunk -AllowedVlanIdList 1-100 -NativeVlanId 10

There is the keyword -Trunk. which makes the magic happen. Now if only MS would make reference to the status of the virtual switch port to the vm in GUI this might not have been such an wayward adventure. I believe that VMWare at least show the vlans in the gui. 

Hopefully this little bit of info will help others with this simple but confusing piece of MS setup.


Thursday, July 24, 2014

Tallac Networks - Wireless SDN

A week or so ago I received a briefing on Tallac Networks wireless SDN solution. I have been interested in what Tallac was doing in this space since they started. Matthew Davy gave me the briefing. And yes that is the same Matthew Davy from Packet Pushers Episode 40. I was fortunate enough to have an introduction to openflow around the same time as that podcast, maybe sooner, by Matt when he was at IU. Matt had given a talk about a week or so before to members of the state higher edu network, I was unable to attend due to work schedule, there was a stream which didn't work for me. But it was a good thing since Matt spent most of the time doing a basic SDN intro. The room was not very familiar with it.

On to the meat of it. 

Tallac Networks has two major focus:
  • Wireless SDN
  • SDN Training
They are a major provider of SDN training materials. The training is what provides the cash for the wireless SDN work. Instead of going after major VC funding and then just burning through it.

Their target market is a Managed Service Provider. They have a AWS-Cloud based portal which can be customized for the MSP, then down to the MSP clients. Currently the AP model is a pretty high end 3x3 (I believe) model white box unit. They do have plans for other models. But currently it is a dual radio 3 stream unit. What runs on the ap is what makes the solution:

That is right, the Tallac SDM agent has two components, SDM Cloud Service and an OpenFlow Agent. 
  • SDM Cloud Service is the management piece that talks to the cloud service. This is the "traditional" management agent, which ssid, traffic info, radio control etc is sent back and forth from the cloud management instance. 
  • OpenFlow Agent, does that mean?? Yes it does. You can attached the AP to an OpenFlow controller (OpenDayLight,Floodlight,etc) and push OpenFlow rules down onto the hardware. I am told that the Openflow controller is/can be separate from the SDM Cloud Service. But what if I'm not ready to use the OpenFlow component? That is ok, too.
Part of the Tallac API/Cloud service is once a site is setup in the portal, meaning Address/Billing info. The hardware can/is ordered through the portal and then is shipped direct from the factory (White box hardware manufacturer) to the site. The AP comes with the Agent loaded and it's identifiers are attached to the site in the portal. This means when the unit is plugged in and talks to the cloud service, it gets attached to the site without user intervention. 

Another feature is an on-demand  network push. Where a SSID & network policy get instantiated based on demand for that network. So if I have a unit at my house which I have configured a corp SSID with a ssl vpn back to the office, when I leave the SSID and ssl vpn get removed from the unit, after the timeout. So corp SSID is not broadcasting at my house when not corporate devices are there. When a device returns and "probes" for that SSID , the policy comes back onto the device. This could be applied inside an enterprise as well.

A list of their features is here: http://www.tallac.com/key-features

A bigger look at the solution stack is here:
The Orchestration API is what brings the pieces together. This allows the multi-tenancy, customization of the end-user interface, etc. Information from other systems can be pulled into the orchestration api to drive policy. The API is used to drive the vNET Manager and NFV components.

This is a basic overview of how Tallac is creating SDN Wireless. Why this is cool is that this solution can function like any other wireless solution out in the market. But they have the added bonus including in the api's and openflow feature that can be used/experimented with will little impact to the operation of the network.

One last note, Matt mention the possibility of a SDN starter kit that they are working on. I think that it is an excellent idea, one that I hope they do release here shortly. I believe in the coming months we will hear more about the work that Tallac is doing in this space.



Thursday, June 5, 2014

CentOS 6.5 under Hyper-V - Help Needed

So I have a need to run CentOS 6.5 under Hyper-V and need certain features which are not working.

Why Hyper-V?

  • Because we are a mostly MS shop
  • Education Licensing
  • It is what I have to work with, so dumping it is not an option.

And the Problem is:

CentOS contains LIS 3.1 for Hyper-v. which shows degraded Networking under Hyper-V console. (Upgrade Needed)

LIS 3.5 contains the networking components to do vlans directly on the host.

LIS 3.5 does not install, says it does but component check shows 3.1 versions.

Only workaround is to present the vm multiple NIC's which I would like to avoid.

If you have some validated working instructions or resources please respond in the comments.

Thanks

Update 8/27/2014:
This is normal for the Intergration kit to be off. Things still work. The answer I was looking for can be found here: http://mrfogg97.blogspot.com/2014/08/vlans-into-hyper-v-vm-machines.html

Friday, February 14, 2014

OpenDaylight on Windows - Hydrogen

A couple weeks ago OpenDaylight released Hydrogen, which is the first production release of code. This is a pretty significant milestone as it wasn't that long ago that ODL started.

Now I have detailed getting the controller up and running on windows in a previous post, that was actual building from source.

After a bit of try and fail of running the controller on x86 32-bit windows, I remembered that the Java seemed to run better on x64 version of Windows.

My test system:

Dell 2850 - 4 gig of ram running Windows Server 2008 R2

Installation:

Install Java SE 1.7.0_51

Set JAVA_HOME Environment Variable on system.

 ** Important note ** Use the 8.3 path name  This comes into play when starting the controller from the batch file.

Download pre-built zip file from http://www.opendaylight.org/software/downloads

Unzip into a directory

Open a Command Prompt as Administrator

Change to opendaylight directory in the folder extracted from the zip file.




Type run -start  to start the controller in the background. It takes a little bit before it is ready. If you are impatient like I am, run netstat -a in another command window. When you see localhost is listening on port 8080 you are ready to go.

Then point a web browser to http://localhost:8080

Login as on previous builds:






Saturday, December 14, 2013

Where did the time go? - December 2013 Edition

The other day in reading a few blog posts I notice that some of my favorites were a little neglected. I was about to give them a little jab over twitter, then I thought when was your last post? Umm, Umm, Yeah got myself. August 25th. It's December, where did the time go?

I realize that I am not the master of content, churning out daily posts or even weekly posts. But I think it was time for something.

I could go down a list of thing of how we got to this point but let me filter out the more technical highlights.

Things that have kept me busy since the last post:


  • Fall Semester started - now is almost over, couple more days.
    • Limited packetfence work other that keep it running. FreeRadius issue - patched with restart script
    • Cloud storage vendor change
      • Twinstrata implementation - Lots of data move from one provider to another
    • Office 365 Implementation - Still in process
      • Initial setup was contracted, production migrations up to us
      • Migrations scheduled into early next year (2014)
    • Personal device Printing - Still in process
      • IOS/AirPrint - Papercut
        • Bonjour over Cisco controller based wireless
  • Family - busy with activities for the kids
With Christmas break coming up, unlike some who get a change freeze, I get a change window, including some during the middle of the day.

Looking forward past the current items: 
  • Testing of new gear
    • Airtight AP - received that in late November, have to dig into the interface to see all the nerd knobs
    • Brocade switches
      • Received 2 - 6610 and 2 - 3450 switches to evaluate uses as campus switches
      • The 6610 has the potential to be used as a core replacement, with the stacking and L3 features. 
  • Getting back to OpenDaylight. 
  • Writing a few more posts. The list above has more than enough topics to write on, just have to do it.

If anyone picked up on that little tidbit a few lines back, yes my core switch is slated for EOS in a couple years, so I think it is time to evaluate what is out in the market. 




Sunday, August 25, 2013

PacketFence 4.0.x Game System Registration

I came across a little snafu in the Gaming System registration in Packetfence 4.0.X. In PacketFence you can have a page that allows users to register systems that don't have web browsers on them. You can access it by https://<packetfence ip>/gaming-registration .

Great since Xbox's are notorious for not getting registered, due to collision in the OS fingerprinting. This is a well documented problem. In my previous install they would fingerprint to OEM Wireless Router, this time it seems RIM BlackBerry. Either way they miss my auto-registration violation rule, which I may just get rid of.

So trouble started when several students tried to register their Xbox's using the registration page.
 They would authentication to the first page then enter the MAC address:
 Then it would throw this error:

So what gives looks valid. Turns out there is a file: <PF install dir>/lib/pf/web/gaming.pm Which has a list of the first part of MAC addresses allowed to be entered into this page. Added the first 3 octets of the address to the file in the correct spot. Save the file and you are back in business.

I recommend that you verify the manufacturer  of the mac. I use this site: http://www.coffer.com/mac_find/ this allows you to verify that it is a microsoft mac. Hope this helps if you come across this problem.


Sunday, August 18, 2013

Packetfence 4.0.5 - Notes

Packetfence 4.0.5 was released on 8-12-2013. Slight bit of craziness, since there were a couple problems with it. But Inverse issued patches within hours. Now the downloaded version is stable and works fairly well.

I however ran into a couple bumps with that upgrade/patch.

First one was I ran into this bug: http://www.packetfence.org/bugs/view.php?id=1676
Which basically the radius server was throwing SOAP errors and would not return the correct vlan, and then after a few hours just stop running. The patch listed here: https://github.com/inverse-inc/packetfence/commit/4861189ba7faf680eef257d5b1c157d7260fe0de  Was missing/didn't apply to the update. So I found the line in the source and edited it to reflect the change. This resolved the issue and the radius server has been running since.

The other was the retrieval for role for gaming device registration. This was a quick two lines added to module described here: https://github.com/inverse-inc/packetfence/commit/36bacc02289afb01a1abd38420585c7f792a4511

At this point I have to freeze the code, no more updates as this is completely in production. And the students are back on campus. The only changes I think we be made are page edits to fix the wording or add more information to the pages.

Update to this post:

After experiencing some problems, I found that my installation is still at 4.0.1 - which is why these patches were not there. Only a certain part of PF was upgraded. Not anything to make it matter.
 {Link to new post when done}