Tuesday, July 21, 2015

Rambling Thoughts - July 21th

Thoughts for the week/day:


  • SD-WAN: Lots of buzz about SD-WAN in media and such.  This got me thinking. For me the killer app piece of this would be to easily change the path for software deployments to the branch. Instead of trying to push it down the higher cost "Private Circuit" switch that traffic over to a VPN tunnel on a low cost cable/dxl circuit that maybe in the branch. Why push software from a central SCCM server down the private circuit because it didn't fit in the QOS model that you may or may not have setup. I mean really how many of us have time to change QOS models on the WAN?

Projects: PacketFence Upgrade, Switching out HP 5412 in our Data Center to 4 - Brocade VDX 6740's.


Monday, July 13, 2015

Core Network Replacement Part 1

Core Network Replacement

I read a timely post by Tom Hollingsworth @NetworkingNerd about writing. I've realized that I have not written anything on my blog in quite sometime. I could write down a list of excuses but what is the point in that? Most others have the same or similar. And when did I actually get this posted?

I decided to capture some of the thought processes and steps that have and are going into the network core replacement at the $DayJob.

History:

Last Core network replacement was in was in 2007. Link to the vendor press release: http://www.thefreelibrary.com/Indiana+Tech+Builds+High+Performance+Campus+Network+With+Force10...-a0168505385

That update brought 10 gig between serveral buildings on campus and a push to 1 gb to the computer labs on campus. This also moved us away from a very Cisco centric network. It was new and different. The design contained Force10 E300 as well as a handful of S50 "classic" switches. 3 line cards in the E300, 8 port 10gig card, 24 port 1 gb SFP card, and a 48 port 1 gb copper card. At the time this seemed reasonable with room for growth. The 8 ports of 10 gig was not completely populated at first, but moving from 1 gb between buildings to 10 gig seemed like a huge jump. The 1 gig connections were not being used up, so 10 gig was a super highway.
After a couple of years a few flaws showed up. 1. My S50's didn't make the cut for running FTOS and continue to run STOS. 2. Some vlan troubles between STOS devices and no Force10 gear. 3. End of Sale / Dell purchase 4. Account forgotten.

In the pursuing years I found HP Procurve switch gear to be suitable and cost effective for use in my campus and branch offices. The last few building projects I used HP 5400 series switches either standalone or in a VRRP pair. I thought through whenever the next core upgrade came around, that maybe a good starting point. Possibly the 8200 series (Due to multiple "supervisors").

With the last building built Brocade offered a solution with their ICX 6610 and 6450 switches. I was intrigued with the performance in the 1 RU form factor. Being able to stack the switches across 10gig Ethernet links was very useful as the closets changed around from 3 to 4 due to design changes to the building. I had to compromise on the redundancy of each closet due to the change in cable paths and overloaded a closet from initial design. Since I wasn't stuck with fixed chassis I was able to shift one switch to the other closet. The use of high performance 1 ru switches showed value.

Current Selection:

So the ICX 6610 seemed to offer a redundant scalable cost effective solution to network core. Stack multiple to expand available 10gig ports. I was a bit concerned about having to stack multiple switches just to scale the 10gig ports without using the other ports on the switch.


Enter ICX 7750, 6 40gig Ports and 48 10gig port put that in a redundant pair. That is a lot of 10gig ports in 2U of switches. Which maybe more than I need at this point but the nice thing about SFP+ ports is the use of 1gig SFP's in them. So this is the direction that I went.


Next post will be a quick step through of the process that I used to swap them out.

Thursday, July 9, 2015

Rambling Thoughts - July 9th

In an effort to post a few more things I am going to write down some idea's and opinions on current goings on.


  • Network Break podcast - I really enjoy the Network Break podcasts from @packetpushers. Drew Conry-Murry @Drew_CM brings a new dynamic to the conversations between Ethan and Greg.

  • On the recent announcement by @OpenDNS about being acquired by Cisco. First reaction was the flying F-bomb. Why? Because I like OpenDNS, I like the team. Culture swallowed by Corporate Giant Cisco - doesn't end well. But I am waiting to see the final outcome. Still a customer and still an advocate.


Project that I am working on:


  • Packetfence upgrade/refresh - Many of my post cover things with Packetfence. I have used it for many years and advocate the use, especially if you don't have the budget for the Commercial products. Inverse has done a great job in development and also providing support.

  • Just finished swapping out the core of my network. Replaced a Force10 E300 with a pair of Brocade 7750's. Write-up forth coming.

Also would have to mention Nick @buraglio for telling me once again to write more.



Sunday, August 31, 2014

Vlans into Hyper-V VM Machines

A couple months I posted about running CentOS under hyper-v and some challenges related to the integration kit (or so I thought).

I recently came across what I was really looking for.

If I want the Linux (Or whatever) VM to have multiple vlans to a single nic into the vm, the solution is not in the GUI. Big shock there. You will find the following powershell command very useful.

Set-VMNetworkAdapterVlan

This command along with it's Get counterpart is very useful yet obscure. This command is like setting the port on the switch to pass the vlans that you want, only this is the virtual hyper-v switch.

Here is the link to the TechNet article explaining it: http://technet.microsoft.com/en-us/library/hh848475.aspx

From the article here is an example:

PS C:\> Set-VMNetworkAdapterVlan -VMName Redmond -Trunk -AllowedVlanIdList 1-100 -NativeVlanId 10

There is the keyword -Trunk. which makes the magic happen. Now if only MS would make reference to the status of the virtual switch port to the vm in GUI this might not have been such an wayward adventure. I believe that VMWare at least show the vlans in the gui. 

Hopefully this little bit of info will help others with this simple but confusing piece of MS setup.


Thursday, July 24, 2014

Tallac Networks - Wireless SDN

A week or so ago I received a briefing on Tallac Networks wireless SDN solution. I have been interested in what Tallac was doing in this space since they started. Matthew Davy gave me the briefing. And yes that is the same Matthew Davy from Packet Pushers Episode 40. I was fortunate enough to have an introduction to openflow around the same time as that podcast, maybe sooner, by Matt when he was at IU. Matt had given a talk about a week or so before to members of the state higher edu network, I was unable to attend due to work schedule, there was a stream which didn't work for me. But it was a good thing since Matt spent most of the time doing a basic SDN intro. The room was not very familiar with it.

On to the meat of it. 

Tallac Networks has two major focus:
  • Wireless SDN
  • SDN Training
They are a major provider of SDN training materials. The training is what provides the cash for the wireless SDN work. Instead of going after major VC funding and then just burning through it.

Their target market is a Managed Service Provider. They have a AWS-Cloud based portal which can be customized for the MSP, then down to the MSP clients. Currently the AP model is a pretty high end 3x3 (I believe) model white box unit. They do have plans for other models. But currently it is a dual radio 3 stream unit. What runs on the ap is what makes the solution:

That is right, the Tallac SDM agent has two components, SDM Cloud Service and an OpenFlow Agent. 
  • SDM Cloud Service is the management piece that talks to the cloud service. This is the "traditional" management agent, which ssid, traffic info, radio control etc is sent back and forth from the cloud management instance. 
  • OpenFlow Agent, does that mean?? Yes it does. You can attached the AP to an OpenFlow controller (OpenDayLight,Floodlight,etc) and push OpenFlow rules down onto the hardware. I am told that the Openflow controller is/can be separate from the SDM Cloud Service. But what if I'm not ready to use the OpenFlow component? That is ok, too.
Part of the Tallac API/Cloud service is once a site is setup in the portal, meaning Address/Billing info. The hardware can/is ordered through the portal and then is shipped direct from the factory (White box hardware manufacturer) to the site. The AP comes with the Agent loaded and it's identifiers are attached to the site in the portal. This means when the unit is plugged in and talks to the cloud service, it gets attached to the site without user intervention. 

Another feature is an on-demand  network push. Where a SSID & network policy get instantiated based on demand for that network. So if I have a unit at my house which I have configured a corp SSID with a ssl vpn back to the office, when I leave the SSID and ssl vpn get removed from the unit, after the timeout. So corp SSID is not broadcasting at my house when not corporate devices are there. When a device returns and "probes" for that SSID , the policy comes back onto the device. This could be applied inside an enterprise as well.

A list of their features is here: http://www.tallac.com/key-features

A bigger look at the solution stack is here:
The Orchestration API is what brings the pieces together. This allows the multi-tenancy, customization of the end-user interface, etc. Information from other systems can be pulled into the orchestration api to drive policy. The API is used to drive the vNET Manager and NFV components.

This is a basic overview of how Tallac is creating SDN Wireless. Why this is cool is that this solution can function like any other wireless solution out in the market. But they have the added bonus including in the api's and openflow feature that can be used/experimented with will little impact to the operation of the network.

One last note, Matt mention the possibility of a SDN starter kit that they are working on. I think that it is an excellent idea, one that I hope they do release here shortly. I believe in the coming months we will hear more about the work that Tallac is doing in this space.



Thursday, June 5, 2014

CentOS 6.5 under Hyper-V - Help Needed

So I have a need to run CentOS 6.5 under Hyper-V and need certain features which are not working.

Why Hyper-V?

  • Because we are a mostly MS shop
  • Education Licensing
  • It is what I have to work with, so dumping it is not an option.

And the Problem is:

CentOS contains LIS 3.1 for Hyper-v. which shows degraded Networking under Hyper-V console. (Upgrade Needed)

LIS 3.5 contains the networking components to do vlans directly on the host.

LIS 3.5 does not install, says it does but component check shows 3.1 versions.

Only workaround is to present the vm multiple NIC's which I would like to avoid.

If you have some validated working instructions or resources please respond in the comments.

Thanks

Update 8/27/2014:
This is normal for the Intergration kit to be off. Things still work. The answer I was looking for can be found here: http://mrfogg97.blogspot.com/2014/08/vlans-into-hyper-v-vm-machines.html

Friday, February 14, 2014

OpenDaylight on Windows - Hydrogen

A couple weeks ago OpenDaylight released Hydrogen, which is the first production release of code. This is a pretty significant milestone as it wasn't that long ago that ODL started.

Now I have detailed getting the controller up and running on windows in a previous post, that was actual building from source.

After a bit of try and fail of running the controller on x86 32-bit windows, I remembered that the Java seemed to run better on x64 version of Windows.

My test system:

Dell 2850 - 4 gig of ram running Windows Server 2008 R2

Installation:

Install Java SE 1.7.0_51

Set JAVA_HOME Environment Variable on system.

 ** Important note ** Use the 8.3 path name  This comes into play when starting the controller from the batch file.

Download pre-built zip file from http://www.opendaylight.org/software/downloads

Unzip into a directory

Open a Command Prompt as Administrator

Change to opendaylight directory in the folder extracted from the zip file.




Type run -start  to start the controller in the background. It takes a little bit before it is ready. If you are impatient like I am, run netstat -a in another command window. When you see localhost is listening on port 8080 you are ready to go.

Then point a web browser to http://localhost:8080

Login as on previous builds: