Tuesday, October 20, 2015

Useful Office365 Command - Removal of Email

So in the aftermath of a targeted Phishing attack, we had several users who were the grand prize winners of the NDR floods. Now if you were a normal user how would you deal with 20,000 NDR messages in your inbox, I know most would freak out and not know what to do.

What are some of the methods to clean that up?

Inbox rule to delete the messages. Sounds like an OK thing to do. Took 4 hours for the rule to run. Yeah that is helpful.

Use the Compliance Center of Office 365 ? That is closer, but through the management console you can find the messages but putting a legal hold is not quite what I had in mind.

It turns out that you can use the Search-Mailbox powershell command with a -DeleteContent to remove the email from the users mailbox. You will need some of the Compliance Center permissions for the cmdlet to show up for you.

Using remote powershell connected to your Office 365 Tenant you can run the following command:

get-mailbox <users mailbox> | Search-mailbox -SearchQuery 'Subject:"Insert Subject Line"' -DeleteContent

The SearchQuery has a few options to use to search the mail, subject, to, from, and attachments.

Hey that is a little easier, since you don't have to open the users mailbox to place a rule inside it.

There is a limit to the number of items in the search query, it is limited to 10,000. So if you have more matches you will need to run multiple times. This still takes time to run. I have found it does run faster off-peak hours. (Unscientific)



Tuesday, July 21, 2015

Rambling Thoughts - July 21th

Thoughts for the week/day:

  • SD-WAN: Lots of buzz about SD-WAN in media and such.  This got me thinking. For me the killer app piece of this would be to easily change the path for software deployments to the branch. Instead of trying to push it down the higher cost "Private Circuit" switch that traffic over to a VPN tunnel on a low cost cable/dxl circuit that maybe in the branch. Why push software from a central SCCM server down the private circuit because it didn't fit in the QOS model that you may or may not have setup. I mean really how many of us have time to change QOS models on the WAN?

Projects: PacketFence Upgrade, Switching out HP 5412 in our Data Center to 4 - Brocade VDX 6740's.

Monday, July 13, 2015

Core Network Replacement Part 1

Core Network Replacement

I read a timely post by Tom Hollingsworth @NetworkingNerd about writing. I've realized that I have not written anything on my blog in quite sometime. I could write down a list of excuses but what is the point in that? Most others have the same or similar. And when did I actually get this posted?

I decided to capture some of the thought processes and steps that have and are going into the network core replacement at the $DayJob.


Last Core network replacement was in was in 2007. Link to the vendor press release: http://www.thefreelibrary.com/Indiana+Tech+Builds+High+Performance+Campus+Network+With+Force10...-a0168505385

That update brought 10 gig between serveral buildings on campus and a push to 1 gb to the computer labs on campus. This also moved us away from a very Cisco centric network. It was new and different. The design contained Force10 E300 as well as a handful of S50 "classic" switches. 3 line cards in the E300, 8 port 10gig card, 24 port 1 gb SFP card, and a 48 port 1 gb copper card. At the time this seemed reasonable with room for growth. The 8 ports of 10 gig was not completely populated at first, but moving from 1 gb between buildings to 10 gig seemed like a huge jump. The 1 gig connections were not being used up, so 10 gig was a super highway.
After a couple of years a few flaws showed up. 1. My S50's didn't make the cut for running FTOS and continue to run STOS. 2. Some vlan troubles between STOS devices and no Force10 gear. 3. End of Sale / Dell purchase 4. Account forgotten.

In the pursuing years I found HP Procurve switch gear to be suitable and cost effective for use in my campus and branch offices. The last few building projects I used HP 5400 series switches either standalone or in a VRRP pair. I thought through whenever the next core upgrade came around, that maybe a good starting point. Possibly the 8200 series (Due to multiple "supervisors").

With the last building built Brocade offered a solution with their ICX 6610 and 6450 switches. I was intrigued with the performance in the 1 RU form factor. Being able to stack the switches across 10gig Ethernet links was very useful as the closets changed around from 3 to 4 due to design changes to the building. I had to compromise on the redundancy of each closet due to the change in cable paths and overloaded a closet from initial design. Since I wasn't stuck with fixed chassis I was able to shift one switch to the other closet. The use of high performance 1 ru switches showed value.

Current Selection:

So the ICX 6610 seemed to offer a redundant scalable cost effective solution to network core. Stack multiple to expand available 10gig ports. I was a bit concerned about having to stack multiple switches just to scale the 10gig ports without using the other ports on the switch.

Enter ICX 7750, 6 40gig Ports and 48 10gig port put that in a redundant pair. That is a lot of 10gig ports in 2U of switches. Which maybe more than I need at this point but the nice thing about SFP+ ports is the use of 1gig SFP's in them. So this is the direction that I went.

Next post will be a quick step through of the process that I used to swap them out.

Thursday, July 9, 2015

Rambling Thoughts - July 9th

In an effort to post a few more things I am going to write down some idea's and opinions on current goings on.

  • Network Break podcast - I really enjoy the Network Break podcasts from @packetpushers. Drew Conry-Murry @Drew_CM brings a new dynamic to the conversations between Ethan and Greg.

  • On the recent announcement by @OpenDNS about being acquired by Cisco. First reaction was the flying F-bomb. Why? Because I like OpenDNS, I like the team. Culture swallowed by Corporate Giant Cisco - doesn't end well. But I am waiting to see the final outcome. Still a customer and still an advocate.

Project that I am working on:

  • Packetfence upgrade/refresh - Many of my post cover things with Packetfence. I have used it for many years and advocate the use, especially if you don't have the budget for the Commercial products. Inverse has done a great job in development and also providing support.

  • Just finished swapping out the core of my network. Replaced a Force10 E300 with a pair of Brocade 7750's. Write-up forth coming.

Also would have to mention Nick @buraglio for telling me once again to write more.

Sunday, August 31, 2014

Vlans into Hyper-V VM Machines

A couple months I posted about running CentOS under hyper-v and some challenges related to the integration kit (or so I thought).

I recently came across what I was really looking for.

If I want the Linux (Or whatever) VM to have multiple vlans to a single nic into the vm, the solution is not in the GUI. Big shock there. You will find the following powershell command very useful.


This command along with it's Get counterpart is very useful yet obscure. This command is like setting the port on the switch to pass the vlans that you want, only this is the virtual hyper-v switch.

Here is the link to the TechNet article explaining it: http://technet.microsoft.com/en-us/library/hh848475.aspx

From the article here is an example:

PS C:\> Set-VMNetworkAdapterVlan -VMName Redmond -Trunk -AllowedVlanIdList 1-100 -NativeVlanId 10

There is the keyword -Trunk. which makes the magic happen. Now if only MS would make reference to the status of the virtual switch port to the vm in GUI this might not have been such an wayward adventure. I believe that VMWare at least show the vlans in the gui. 

Hopefully this little bit of info will help others with this simple but confusing piece of MS setup.

Thursday, July 24, 2014

Tallac Networks - Wireless SDN

A week or so ago I received a briefing on Tallac Networks wireless SDN solution. I have been interested in what Tallac was doing in this space since they started. Matthew Davy gave me the briefing. And yes that is the same Matthew Davy from Packet Pushers Episode 40. I was fortunate enough to have an introduction to openflow around the same time as that podcast, maybe sooner, by Matt when he was at IU. Matt had given a talk about a week or so before to members of the state higher edu network, I was unable to attend due to work schedule, there was a stream which didn't work for me. But it was a good thing since Matt spent most of the time doing a basic SDN intro. The room was not very familiar with it.

On to the meat of it. 

Tallac Networks has two major focus:
  • Wireless SDN
  • SDN Training
They are a major provider of SDN training materials. The training is what provides the cash for the wireless SDN work. Instead of going after major VC funding and then just burning through it.

Their target market is a Managed Service Provider. They have a AWS-Cloud based portal which can be customized for the MSP, then down to the MSP clients. Currently the AP model is a pretty high end 3x3 (I believe) model white box unit. They do have plans for other models. But currently it is a dual radio 3 stream unit. What runs on the ap is what makes the solution:

That is right, the Tallac SDM agent has two components, SDM Cloud Service and an OpenFlow Agent. 
  • SDM Cloud Service is the management piece that talks to the cloud service. This is the "traditional" management agent, which ssid, traffic info, radio control etc is sent back and forth from the cloud management instance. 
  • OpenFlow Agent, does that mean?? Yes it does. You can attached the AP to an OpenFlow controller (OpenDayLight,Floodlight,etc) and push OpenFlow rules down onto the hardware. I am told that the Openflow controller is/can be separate from the SDM Cloud Service. But what if I'm not ready to use the OpenFlow component? That is ok, too.
Part of the Tallac API/Cloud service is once a site is setup in the portal, meaning Address/Billing info. The hardware can/is ordered through the portal and then is shipped direct from the factory (White box hardware manufacturer) to the site. The AP comes with the Agent loaded and it's identifiers are attached to the site in the portal. This means when the unit is plugged in and talks to the cloud service, it gets attached to the site without user intervention. 

Another feature is an on-demand  network push. Where a SSID & network policy get instantiated based on demand for that network. So if I have a unit at my house which I have configured a corp SSID with a ssl vpn back to the office, when I leave the SSID and ssl vpn get removed from the unit, after the timeout. So corp SSID is not broadcasting at my house when not corporate devices are there. When a device returns and "probes" for that SSID , the policy comes back onto the device. This could be applied inside an enterprise as well.

A list of their features is here: http://www.tallac.com/key-features

A bigger look at the solution stack is here:
The Orchestration API is what brings the pieces together. This allows the multi-tenancy, customization of the end-user interface, etc. Information from other systems can be pulled into the orchestration api to drive policy. The API is used to drive the vNET Manager and NFV components.

This is a basic overview of how Tallac is creating SDN Wireless. Why this is cool is that this solution can function like any other wireless solution out in the market. But they have the added bonus including in the api's and openflow feature that can be used/experimented with will little impact to the operation of the network.

One last note, Matt mention the possibility of a SDN starter kit that they are working on. I think that it is an excellent idea, one that I hope they do release here shortly. I believe in the coming months we will hear more about the work that Tallac is doing in this space.

Thursday, June 5, 2014

CentOS 6.5 under Hyper-V - Help Needed

So I have a need to run CentOS 6.5 under Hyper-V and need certain features which are not working.

Why Hyper-V?

  • Because we are a mostly MS shop
  • Education Licensing
  • It is what I have to work with, so dumping it is not an option.

And the Problem is:

CentOS contains LIS 3.1 for Hyper-v. which shows degraded Networking under Hyper-V console. (Upgrade Needed)

LIS 3.5 contains the networking components to do vlans directly on the host.

LIS 3.5 does not install, says it does but component check shows 3.1 versions.

Only workaround is to present the vm multiple NIC's which I would like to avoid.

If you have some validated working instructions or resources please respond in the comments.


Update 8/27/2014:
This is normal for the Intergration kit to be off. Things still work. The answer I was looking for can be found here: http://mrfogg97.blogspot.com/2014/08/vlans-into-hyper-v-vm-machines.html