Thursday, July 24, 2014

Tallac Networks - Wireless SDN

A week or so ago I received a briefing on Tallac Networks wireless SDN solution. I have been interested in what Tallac was doing in this space since they started. Matthew Davy gave me the briefing. And yes that is the same Matthew Davy from Packet Pushers Episode 40. I was fortunate enough to have an introduction to openflow around the same time as that podcast, maybe sooner, by Matt when he was at IU. Matt had given a talk about a week or so before to members of the state higher edu network, I was unable to attend due to work schedule, there was a stream which didn't work for me. But it was a good thing since Matt spent most of the time doing a basic SDN intro. The room was not very familiar with it.

On to the meat of it. 

Tallac Networks has two major focus:
  • Wireless SDN
  • SDN Training
They are a major provider of SDN training materials. The training is what provides the cash for the wireless SDN work. Instead of going after major VC funding and then just burning through it.

Their target market is a Managed Service Provider. They have a AWS-Cloud based portal which can be customized for the MSP, then down to the MSP clients. Currently the AP model is a pretty high end 3x3 (I believe) model white box unit. They do have plans for other models. But currently it is a dual radio 3 stream unit. What runs on the ap is what makes the solution:

That is right, the Tallac SDM agent has two components, SDM Cloud Service and an OpenFlow Agent. 
  • SDM Cloud Service is the management piece that talks to the cloud service. This is the "traditional" management agent, which ssid, traffic info, radio control etc is sent back and forth from the cloud management instance. 
  • OpenFlow Agent, does that mean?? Yes it does. You can attached the AP to an OpenFlow controller (OpenDayLight,Floodlight,etc) and push OpenFlow rules down onto the hardware. I am told that the Openflow controller is/can be separate from the SDM Cloud Service. But what if I'm not ready to use the OpenFlow component? That is ok, too.
Part of the Tallac API/Cloud service is once a site is setup in the portal, meaning Address/Billing info. The hardware can/is ordered through the portal and then is shipped direct from the factory (White box hardware manufacturer) to the site. The AP comes with the Agent loaded and it's identifiers are attached to the site in the portal. This means when the unit is plugged in and talks to the cloud service, it gets attached to the site without user intervention. 

Another feature is an on-demand  network push. Where a SSID & network policy get instantiated based on demand for that network. So if I have a unit at my house which I have configured a corp SSID with a ssl vpn back to the office, when I leave the SSID and ssl vpn get removed from the unit, after the timeout. So corp SSID is not broadcasting at my house when not corporate devices are there. When a device returns and "probes" for that SSID , the policy comes back onto the device. This could be applied inside an enterprise as well.

A list of their features is here:

A bigger look at the solution stack is here:
The Orchestration API is what brings the pieces together. This allows the multi-tenancy, customization of the end-user interface, etc. Information from other systems can be pulled into the orchestration api to drive policy. The API is used to drive the vNET Manager and NFV components.

This is a basic overview of how Tallac is creating SDN Wireless. Why this is cool is that this solution can function like any other wireless solution out in the market. But they have the added bonus including in the api's and openflow feature that can be used/experimented with will little impact to the operation of the network.

One last note, Matt mention the possibility of a SDN starter kit that they are working on. I think that it is an excellent idea, one that I hope they do release here shortly. I believe in the coming months we will hear more about the work that Tallac is doing in this space.

Thursday, June 5, 2014

CentOS 6.5 under Hyper-V - Help Needed

So I have a need to run CentOS 6.5 under Hyper-V and need certain features which are not working.

Why Hyper-V?

  • Because we are a mostly MS shop
  • Education Licensing
  • It is what I have to work with, so dumping it is not an option.

And the Problem is:

CentOS contains LIS 3.1 for Hyper-v. which shows degraded Networking under Hyper-V console. (Upgrade Needed)

LIS 3.5 contains the networking components to do vlans directly on the host.

LIS 3.5 does not install, says it does but component check shows 3.1 versions.

Only workaround is to present the vm multiple NIC's which I would like to avoid.

If you have some validated working instructions or resources please respond in the comments.


Friday, February 14, 2014

OpenDaylight on Windows - Hydrogen

A couple weeks ago OpenDaylight released Hydrogen, which is the first production release of code. This is a pretty significant milestone as it wasn't that long ago that ODL started.

Now I have detailed getting the controller up and running on windows in a previous post, that was actual building from source.

After a bit of try and fail of running the controller on x86 32-bit windows, I remembered that the Java seemed to run better on x64 version of Windows.

My test system:

Dell 2850 - 4 gig of ram running Windows Server 2008 R2


Install Java SE 1.7.0_51

Set JAVA_HOME Environment Variable on system.

 ** Important note ** Use the 8.3 path name  This comes into play when starting the controller from the batch file.

Download pre-built zip file from

Unzip into a directory

Open a Command Prompt as Administrator

Change to opendaylight directory in the folder extracted from the zip file.

Type run -start  to start the controller in the background. It takes a little bit before it is ready. If you are impatient like I am, run netstat -a in another command window. When you see localhost is listening on port 8080 you are ready to go.

Then point a web browser to http://localhost:8080

Login as on previous builds:

Saturday, December 14, 2013

Where did the time go? - December 2013 Edition

The other day in reading a few blog posts I notice that some of my favorites were a little neglected. I was about to give them a little jab over twitter, then I thought when was your last post? Umm, Umm, Yeah got myself. August 25th. It's December, where did the time go?

I realize that I am not the master of content, churning out daily posts or even weekly posts. But I think it was time for something.

I could go down a list of thing of how we got to this point but let me filter out the more technical highlights.

Things that have kept me busy since the last post:

  • Fall Semester started - now is almost over, couple more days.
    • Limited packetfence work other that keep it running. FreeRadius issue - patched with restart script
    • Cloud storage vendor change
      • Twinstrata implementation - Lots of data move from one provider to another
    • Office 365 Implementation - Still in process
      • Initial setup was contracted, production migrations up to us
      • Migrations scheduled into early next year (2014)
    • Personal device Printing - Still in process
      • IOS/AirPrint - Papercut
        • Bonjour over Cisco controller based wireless
  • Family - busy with activities for the kids
With Christmas break coming up, unlike some who get a change freeze, I get a change window, including some during the middle of the day.

Looking forward past the current items: 
  • Testing of new gear
    • Airtight AP - received that in late November, have to dig into the interface to see all the nerd knobs
    • Brocade switches
      • Received 2 - 6610 and 2 - 3450 switches to evaluate uses as campus switches
      • The 6610 has the potential to be used as a core replacement, with the stacking and L3 features. 
  • Getting back to OpenDaylight. 
  • Writing a few more posts. The list above has more than enough topics to write on, just have to do it.

If anyone picked up on that little tidbit a few lines back, yes my core switch is slated for EOS in a couple years, so I think it is time to evaluate what is out in the market. 

Sunday, August 25, 2013

PacketFence 4.0.x Game System Registration

I came across a little snafu in the Gaming System registration in Packetfence 4.0.X. In PacketFence you can have a page that allows users to register systems that don't have web browsers on them. You can access it by https://<packetfence ip>/gaming-registration .

Great since Xbox's are notorious for not getting registered, due to collision in the OS fingerprinting. This is a well documented problem. In my previous install they would fingerprint to OEM Wireless Router, this time it seems RIM BlackBerry. Either way they miss my auto-registration violation rule, which I may just get rid of.

So trouble started when several students tried to register their Xbox's using the registration page.
 They would authentication to the first page then enter the MAC address:
 Then it would throw this error:

So what gives looks valid. Turns out there is a file: <PF install dir>/lib/pf/web/ Which has a list of the first part of MAC addresses allowed to be entered into this page. Added the first 3 octets of the address to the file in the correct spot. Save the file and you are back in business.

I recommend that you verify the manufacturer  of the mac. I use this site: this allows you to verify that it is a microsoft mac. Hope this helps if you come across this problem.

Sunday, August 18, 2013

Packetfence 4.0.5 - Notes

Packetfence 4.0.5 was released on 8-12-2013. Slight bit of craziness, since there were a couple problems with it. But Inverse issued patches within hours. Now the downloaded version is stable and works fairly well.

I however ran into a couple bumps with that upgrade/patch.

First one was I ran into this bug:
Which basically the radius server was throwing SOAP errors and would not return the correct vlan, and then after a few hours just stop running. The patch listed here:  Was missing/didn't apply to the update. So I found the line in the source and edited it to reflect the change. This resolved the issue and the radius server has been running since.

The other was the retrieval for role for gaming device registration. This was a quick two lines added to module described here:

At this point I have to freeze the code, no more updates as this is completely in production. And the students are back on campus. The only changes I think we be made are page edits to fix the wording or add more information to the pages.

Update to this post:

After experiencing some problems, I found that my installation is still at 4.0.1 - which is why these patches were not there. Only a certain part of PF was upgraded. Not anything to make it matter.
 {Link to new post when done}

Friday, August 9, 2013

7Signal - Thoughts [Pre-WFD5]

[I have received a Webex presentation and in-person demo of the 7Signal product. This is also a stream of thought post.]

7Signal is a wireless performance and optimization company. Their products do not provide wifi, they monitor and test your wireless network, so that you can optimize it and get the best potential out of your investment.

There solution is listed below- [straight from the data sheet]
Solution components
Sapphire consists of three elements that measure, record, report, alarm, analyze, troubleshoot and verify 
1. Sapphire Eye: Unobtrusive ceiling-mounted scanners that measure large wireless coverage areas.
2. Sapphire Sonar Server: Sonar test servers are located in close proximity to application servers. 
Sonar Server is the endpoint for user experience measurements performed by the Eye units. Sonar 
reports results back to Eye units and then forwards those reports to the Carat Management Server.
3. Sapphire Carat Management Server: A centrally located Carat server stores, manages and 
analyzes the collected data from the Eyes. It provides reports and alarms and includes analyzer 

So there is the Sapphire Eye which you mount on the ceiling in your environment in the area in which you want to monitor and test. The Eye has 7 directional antennas which are utilized in all of the test. To say that it is "unobtrusive" I will beg to differ. It looks like a upside down flower pot. I know that I have some areas in which if I hung it from those ceilings, someone would hit their head. With that said, I understand the reason why it it so big, the antennas are not your cheap usb adapter 1.5 db antennas. They are big! There is a compass feature in the unit so that you can always know the direction of the antennas no matter how you mount it. 

The software is in two pieces, server software which runs/controls the test that the Eye performs, collects data and such. Second piece is the management console which you can access the reports and data that has been collected and processed. Graphs and charts and all sorts of data is displayed.
Since I didn't drive the console and have only a limited feel for it. Watch the videos and read the data sheets for a better look.

My explanation of the product is: "Hang a wireless engineer from the ceiling with all his tools 24/7 and get data. Giving you a real time site survey and analysis"

As explained, you can go with a CAPEX model, OPEX, or hybrid of the two. These models allow some flexibility depending on your organization.

My feelings without naming price, is it is on the expensive side. (I'm pretty cheap so take that how you will... Actually just contact a partner and find out for yourself.) If you take the offering and break it down into what a professional wireless engineer would bring to the job, then if think they are on par.

The OPEX model has a lot of intrigue. The list price is like buying an mid-level AP per month per Eye.

Include or not depending on options is a start-up analysis/recommendations from their engineers.

I was ask if I thought is was worth it from a colleague. I believe it has value and great potential for me, not sure that I can justify the price for my organization. The costs used in their calculator seem not to be in my ballpark as ROI and such. (If I could plug my own values in, might change a bit.) Now there is flexibility to move the EYEs around into spots that are having trouble and then work through that area.   

Currently I am thinking more about the product and the value. I will be watching the WFD5 stream to see what they present. I hope to update this post in the coming weeks as I will have flushed out some ideas further.