Tag Archives: learning

SDN Course – Interview with Google Network Lead

This week in the SDN course on coursera there were lots of examples of real use of SDN stuff, for example like the B4 WAN by Google. They got a really interesting and cool interview with the Network Lead at Google – Amin Vahdat.
And! They actually put this interview up on youtube so you don’t have to be registered for the course on coursera to view the interview. Actually I just noticed all the interviews are there, including the one I mentioned before with the Internetz Architect David Clark.

Programming assignment for this week is to work with pyresonance, which is based on resonance + pyretic which is a controller that can change how network is forwarded/routed based on outside things, like network intrusion or bandwidth caps. This is really new stuff. The code that was put on github was put there just 3 days ago :)

Assignment is to create a load balancer and forward traffic to hosts depending on load :)

Make your own L2 Firewall!

Is what I did this week during the SDN Course on Coursera :)

Within mininet or with a real OpenFlow capable switch, you can point the switch to use a controller. The controller would figure out all the smart stuff and the switch only does what the controller tells it to do.

POX is one of these APIs that you can use to create controllers, it’s good for learning about controllers as it’s not so low level as it’s sibling NOX, which is in C++. There are switches in JAVA too (Floodlight) and many more.

With POX there are some example switches, for example a basic L2 learning switch. It remembers (among quite a few other things) MAC addresses for hosts and remembers in which ports the MAC addresses can be found. With a simple ping: After L2 broadcast is done to find the MAC of the recipient, the controllers install the MAC_source+port and MAC_destination+port as flows on the switches.

What we did this week was to right after the switch is executed, run some extra code that parses a .csv file for MAC address pairs that are not allowed to talk and add these pairs into the flow table.

Pretty cool I think :)

Scientific Linux 6 – Basic Setup

Not allowing root to log in

By default sshd is running on SL6 and you can ssh in with ‘root’.

Probably a good idea to change this in /etc/ssh/sshd_config

permitrootlogin no

But first, create a user that can log in.

useradd mart
passwd mart

Then you can change sshd_config and ‘service sshd reload’.

Then you can ssh in and either hit’ su -‘ to get root access.
Or, if you hit ‘visudo’ and add your user. You can later just type ‘sudo bash’ to get a root bash shell.

Firewall

iptables -L to view the firewall setup, note that there is a ‘virbr0’ interface that has forwarding rules. This is probably for NAT or bridging for potential virtual machines, and was probably created when we chose ‘Virtual Host’ as the role for the system.
iptables-save : another view that may be easier to understand. This you can put in ‘file’ and then hit iptables-restore < file.

Slow before you get the login prompt while ssh-ing?

To see what is happening, ssh in with ‘ssh -v ip’.
In my case I saw

 debug1: An invalid name was supplied
Cannot determine real for numeric host address

A little googling showed me that this is because your machine doesn’t have a name lookup for that IP. So go ahead and add one in /etc/hosts and then it will be fast.

Notice that your ssh stops working after a while? Doesn’t accept input?

If so, add this to your ~/.ssh/config file:

Host *
   ServerAliveInterval 60

Make sure there is at least a space on the second line. I have three :p
You can change the * to a specific domain if you do not want to do this on all your boxes.
If the file doesn’t exist, create it.

Run sshd on a second port.

  1. Edit /etc/ssh/sshd_config
  2. Add a line saying: Port 6666
  3. look in /etc/hosts.allow (any entries? good)
  4. iptables-save > ~/fwrules
  5. vi fwrules
  6. copy the –dport 22 line and paste a new one above the -j REJECT lines (vi commands: yy and P)
  7. change the 22 to 6666 (vi commands: x for delete, R for replace mode. :wq! to save and quit)
  8. iptables-restore < ~/fwrules
  9. /etc/init.d/sshd restart

If you want you can hit: iptables -L or iptables-save.
These will also show the current iptables rules.
See ip6tables for IPv6 rules.

Now the port is running on another non-standard port (you could set it to whatever you want, as long as it’s lower then 65536 and preferably higher than 1024). This might be good for security reasons. You could still have port 22 open for access from your internal network (see adding a -s ip.add.r.ess on the row in the iptables rules) and the other one accessible from the internet or maybe even a specific network / address on the internet for even more security.

Install Scientific Linux 6 in VMWare Workstation

Time for some more Linux testing.

The reason for this is because I think I will go ahead and try to study for the RHCSA – Red Hat Certified System Administrator. Work might send me to a course in December, probably wise to play around with it before this.

So here we go.

Scientific Linux (SL) is a free clone of Red Hat Enterprise Linux (RHEL). Historically it’s been updated faster than CentOS. It’s same as Enterprise Linux (EL) – it’s re-compiled from source.

New VM, \SL-61-x86_64-2011-07-27-Install-DVD.iso, RHEL6 64-bit. 1 Core, 2G RAM, NAT, LSI Logic, New virtual disk, SCSI, 20G. Then boot the VM.

SL.org has this in pictures.

First thing you see is the Grub menu:

  1. Install or Upgrade
  2. Install with basic video driver
  3. Rescue
  4. Boot from local drive
  5. Memtest (I like that memtest is pretty standard now)

Chose 1. Next screen is a graphical interface where you click and write, so you need keyboard/mouse. Next screen asks if you want local disks or external storage (fc, iSCSI, or zFCP – for system Z). Hostname: SL1.localdomain.

Create disks. Custom/full size. xfs/encryption/lvm cannot be used for boot volumes.

Role: Virtual Host (I want to try KVM). Enabling SL 6.1 and SL 6.1 Security Updates repositories.

Pinging to something on the Intertubes work from the start.

More posts coming with more fun stuff :)

BCFP 16G Beta Exam Material

After the announcement of the available material Fabric OS 7.0.0a has been released.

On the page http://community.brocade.com/docs/DOC-2041 only the first revision of the 7.0 release notes is available.

The BCFA 16G beta course material is also available, probably a good idea to read up on both and do a little rehearsing.

The old attachments are these:

  • 1860_FabricAdapter_DS.pdf (942.3 K)
  • FOS_TrblShoot_v700-02.pdf (1.8 MB)
  • FOS_CmdRef_v700.pdf (4.6 MB)
  • FOS_AdminGd_v700-02.pdf (7.2 MB)
  • FOS_FCIP_AdminGd_v700.pdf (2.8 MB)
  • NetworkAdvisor_SAN_InstallGd_v1110.pdf (450.3 K)
  • NetworkAdvisor_SAN_Manual_v1110.pdf (9.5 MB)
  • v7.0.0_releasenotes_v1.0.pdf (1.5 MB)
  • SH_Family_DS_03.pdf (157.7 K)
  • Brocade_Adapters_v2.3.0.0_Admin_Guide.pdf (1.5 MB)
  • AccessGateway_AdminGd_v700.pdf (919.0 K)

With my notes:

  • 1860_FabricAdapter_DS.pdf (this is just a brochure/data sheet of that product)
  • FOS_TrblShoot_v700-02.pdf (trbl and diag guide, 3 June 2011, 138p)
  • FOS_CmdRef_v700.pdf (cmd reference manual- 29 April 2011, 1132p)
  • FOS_AdminGd_v700-02.pdf (3 June 2011, 580p)
  • FOS_FCIP_AdminGd_v700.pdf (29 April 2011, 136p)
  • NetworkAdvisor_SAN_InstallGd_v1110.pdf (13 May 2011, 47p)
  • NetworkAdvisor_SAN_Manual_v1110.pdf (13 May 2011, 1301p)
  • v7.0.0_releasenotes_v1.0.pdf (29 April 2011, 125p)
  • SH_Family_DS_03.pdf (SAN Health Family, brochure/data sheet)
  • Brocade_Adapters_v2.3.0.0_Admin_Guide.pdf (27 October 2010, 292p)
  • AccessGateway_AdminGd_v700.pdf (29 April 2011, 102p)

The newer versions are not available if you have a registered account on my.brocade.com without any product registered to it. I’ve e-mailed Brocade asking for more access. In the meantime some are available on for example HP.com – but the Brocade release notes are not available there. And the HP Release notes for 7.0.0a have the HP names of the products.
On HP’s site you can go to the manuals for the 8/40 to get some more documents.

Actually it looks like the documents available are quite up to date. I guess the Admin Guides etc don’t update that often anyway. There is however a document in the manuals link above that explains that there have been some changes to some of the Brocade Documents. This might be worth checking out.

The conclusion of this little exercise is that the material available is currently good enough (for me).

Reading encrypted/password protected pdf on Linux

Brocade Logo

The problematic PDF

The CFP300 material on http://community.brocade.com/docs/DOC-2041 is encrypted so that it cannot be printed/re-edited without a password.

If you try to open this with evince (default .pdf viewer in Gnome) it will ask for a password.
pdftotext (comes with the software suite poppler) says:

Error: Weird encryption info
Error: Incorrect password

It’s only the material starting with M0* that has this issue, this has also been seen with other documents. Maybe this is because they were created with a too new version of Adobe Acrobat that evince/pdftotext doesn’t support.
The rest of the material are going to be public and they are user/admin guides anyway. But the M0* files are from the actual course material for the 16G so this is why.

The solution on RHEL6 x64: install FoxitReader. Download the .rpm – then hit ‘rpm -Uvh FoxitReader-1.1-0.fc9.i386.rpm’ and it will be installed. To start it just hit ‘FoxitReader’.

Anyway I think it’s nice of Brocade to pre-release the course material for those doing the beta-test. If you want the real material the cheapest is 650$ and then you get the material, narration of the pdfs (usually good quality, not just reading off the presentations) and a few quite good lab exercises.

The Studying

Just threading along here with the material, slowly but steady.
I’m starting with the NPIV / Access Gateway stuff. It’s a bit more complicated than just a switch that isn’t its own domain, it’s also mapping the virtual WWN to the N_ports (a switch in AG mode has N_ports that connect to F_ports in another switch). Usually N_ports are on hosts’ and targets’ ports and the switches’ has the F_ports.

Frustration?

This is from a post on the ITRC forum, I will copy it into here because the forum are moving soon and you never know if the links will work or not :) Also I do want to immortalize it.

Title: Is it just me? Or does everything required a fw update?

Begins with some posts with some people never having any problems and some people who have had. Then gregersenj posted what I have pasted below, which is just a very honest and in my opinion accurate view of daily IT life. It may not be what others want to hear, maybe especially the people paying for the IT-services. But I believe nobody understands the whole picture in an IT-system. You may believe a lot but for everybody there are some areas that you don’t understand completely. Like drivers, kernel, just as an example.

gregersenj
Jun 18, 2011 13:24:53 GMT    Unassigned

Frustration allways come from 2 reasons.
1. Lack of knowledge.
2. “Religion”
1 often lead to 2.
And that lead to Frustration. 

Things to realize:
There’s no 100% uptime.
There’s nothing bug free.
There’s allways a risk.

Ralize the aboave, and learn how stuff works.

I don’t got a lot of knowledge on the Itanium/PA risc systems.
But, on some RX26xx model(s) you mst enable the embedded smart array controller from the EFI.

OA and ILo is a on-line, non-disruptive upgrades. A backup of the OA configuration is recommended, just in case.

Interconnect modules can be upgraded on-line. On-line FW upgrades neee a reboot to activate new FW.
VCSU upgrade modules, then reboot them 1 by 1.
Do you trust your enviroment?
Do you want to take the risk?

Yes, the blade must be powered off to activate a profile.
I don’t know why, but I believe that the engineers have a good reason.

I will recommend you to create a FW anf Driver base line, and ensure, that you are allways within supportet release sets.

Most release notes do say upgrade at earliest convinience.

I learn new stuff every day, and the more I learn, the less knowledge I blieve that I have.

Theory is:
It don’t work, but we know why.
Real life is:
It work, but we don’t know why.

Wish you a lot of fun learning, and hope you get less frustratet.

BR
/jag

Learning Storage

** 2011-08-18 Just updated the link to the HP forum.

I also wrote a primer to Data Storage.

Just listened to this podcast episode #96 of Infosmack on theregister (about storage).
Very interesting to hear what some really experienced people say about storage and the

future. Like hybrid disk drives becoming more and more predominant in the future and maybe encrypted drives?

One participant of the talk was Larry Freeman who wrote this book called storage brain that apparently Netapp uses for introducing new hires to storage. They also have a page with some other cool storage stuffs :

http://www.storage-brain.com/2011/04/my-infosmack-prognostications/

Book looks pretty cheap – might be quite interesting to read. The only other one I’ve read was HP’s Introduction to SAN – and evidently this is extremely HP specific and it is quite “high level” like the theory and intentions for a SAN. But it does go through the basics. Sometimes it is like reading a brochure.

I wonder if the Storage Brain is then focused on Netapp products?

Some more tips can be found in this HP forum thread if you are interested.

For example I really recommend Brocade’s FC 101 training. Excellent start for SAN – the networking part of storage. But there is a lot more: disk arrays, tape libraries, host side stuff like multipathing and why not disaster recovery, redundancy or replication.