networking

RHEV: How to Configure LACP Ports on a Cisco Catalyst Switch

/ Christopher Paquin / Leave a comment

data_sheet_c78-530976-1

Here is how to configure ports on a Cisco Switch for use as LACP (mode 4) uplinks for RHEV (Red Hat Enterprise Virtualization). Note that the configuration that I have defined below may need to be tweaked a bit depending on your configuration. I am not exactly using the most recent equipment in my lab at home.

Note that all configurations are on a Cisco 3560G unless otherwise noted.

RHEV Uplink Ports – Trunk Mode

Configure your port channel similar to what is shown below. This configuration allows you to trunk multiple vlans. VLAN tagging will be required on the RHEV side.

interface Port-channel1
description trunk to RHEV Host1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 101,192
switchport mode trunk
spanning-tree portfast disable
spanning-tree bpduguard disable
spanning-tree guard root

Below is the configuration for the first physical port in the port channel.

interface GigabitEthernet0/9
description uplink to ETH0, RHEV Host1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 101-104,192
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

Below is the configuration for the second physical port in the port channel.

interface GigabitEthernet0/10
description uplink to ETH1, RHEV Host1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 101-104,192
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

RHEV Uplink Ports – Access Mode

Configure your port channel similar to what is shown below. In this configuration you are configuring an access port. No VLAN tagging required on the RHEV Side

interface Port-channel2
description Uplink to RHEV02
switchport access vlan 101
switchport mode access
spanning-tree portfast disable
spanning-tree bpduguard disable
spanning-tree guard root

Below is the configuration for the first physical port in the port channel.

interface GigabitEthernet0/5
description Uplink to RHEV02 – ETH0
switchport access vlan 101
switchport mode access
channel-protocol lacp
channel-group 2 mode active

Below is the configuration for the first physical port in the port channel.

interface GigabitEthernet0/6
description Uplink to RHEV02 – ETH1
switchport access vlan 101
switchport mode access
channel-protocol lacp
channel-group 2 mode active

Additional Information

The port configuration that you need to use for RHEV (or KVM, or XEN) is going to be a bit different than what your network administrator may be used to configuring for ESX.  There are actually three settings which might give your network admin might be initially opposed to.  A bit about those below.

> spanning-tree portfast disable

Portfast is enabled when connecting to an end device such as a server, and is disabled when connecting to another layer 2 device such as a switch. With RHEV you are creating a software switch internal to the server, so portfast needs to be disabled.

> spanning-tree bpduguard disable

A Bridge Protocol Data Unit, is a data message sent between switches. Since we are creating software switches in RHEV, we need to allow BPDU. So we need to disable BPDU guard which will down a port if a BPDU data message is received.

> spanning-tree guard root

Root Guard allows the port to participate in STP. However, unlike BPDU Guard which will disable a port upon receipt of a BPDU data unit, the Spanning Tree Root Guard feature will allow BPDU’s through a port to maintain the spanning tree topology, however if it receives a superior BPDU, which indicates that another switch is trying to become the root bridge it will err-disable the port.

Addendum

Below is the configuration that I have in place on a Cisco 2950.

Below is the configuration on the Port-Channel itself.

interface Port-channel2
description LACP to RHEV
switchport trunk allowed vlan 101-104,192
switchport mode trunk
flowcontrol send off
spanning-tree portfast disable
spanning-tree bpduguard disable
spanning-tree guard root

Below is the configuration on the first physical port in the bond

interface FastEthernet0/20
description port-chan 2 interface
switchport trunk allowed vlan 101-104,192
switchport mode trunk
channel-group 2 mode active
channel-protocol lacp

Below is the configuration on the second physical port in the bond

interface FastEthernet0/21
description lacp port channel 2
switchport trunk allowed vlan 101-104,192
switchport mode trunk
channel-group 2 mode active
channel-protocol lacp

OpenStack Packstack – How to configure an External Facing Bridged Interface

/ Christopher Paquin / Leave a comment

openstack

Specifically these directions are applicable to my experience with the OpenStack Packstack Installer, specifically when installing RHEL OpenStack 6 on RHEL 7. Plus, to get more specific (if that’s even possible — why yes it is), you will only need to follow the following steps on your Controller Node.

Note that I am installing OpenStack on two VMs in my HomeLab for testing purposes. Once machine will serve as a ‘All-In-One”  Controller/Compute/Network/Storage node and the other machine will serve as a Compute Node.

Basically what I am doing here is configuring networking in such a way to allow inbound access from my “public
lab network. Without this I would not be able to SSH to the Floating IP addresses that are assigned to my instances.

Note that my public interface is ens192 and has an ip address of 10.1.3.10. Here I copy ifcfg-ens192 to ifcfg-br-ex., which will be my external bridge. Note: br-ex is short for bridge external, however br-int is not short for bridge internal, rather it is short for integration bridge….not that we are talking about br-int, but I figured it was worth a mention.

# cp ifcfg-ens192 ifcfg-br-ex

I then modify the file as shown below. The device br-ex will effectively take the reins on hosting our external facing ip address. By moving ens192 to br-ex we are allowing Openvswitch to ‘hang’ additional ip addresses on this interface. “DEVICETYPE=ovs” tells the networking service that this device uses Openvswitch. “TYPE=OVSBridge” lets the networking service that this device will act as a bridge

DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=10.1.3.10
NETMASK=255.255.255.0
GATEWAY=10.1.3.1
ONBOOT=yes

We also need to create a new ifcfg-ens192 file. Follow the template below. “TYPE=OVSPort” tells your networking service that this device is a port on an OVS bridge, while “OVS_BRIDGE” tells networking the name of the bridge where we need to attach.

DEVICE=ens192
ONBOOT=yes
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex

Now you should be able to restart networking. Make sure that you have console access before you attempt the restart, just in case you fat-fingered something.

If you are unable to ping your floating ip addresses from the public network, you have screwed something up.

Visio Network Stencils for Cisco Routers and Switches

/ Christopher Paquin / 1 Comment

27a8f-6a00e551c39e1c8834015439094705970c-pi

Looking for Cisco Visio StencilsAccess the entire Cisco Visio template library via the links below. I have tossed in a couple of extra links that should pretty much meet any of your Visio needs.

Since my last post on Cisco UCS Stencils seems to get a good deal of traffic each day, I figured I would toss another post out into the ether that pertained to Cisco and Visio Stencils:

Cisco: Visio Stencils

http://www.cisco.com/c/en/us/products/visio-stencil-listing.html

Cisco: Network Topology Icons:

http://www.cisco.com/web/about/ac50/ac47/2.html

Cisco: Visio Stencil How To Guide

http://www.cisco.com/c/en/us/products/microsoft-visio-stencils-faq.html

How to Add a Static Route on the ASUS RT-AC66U

/ Christopher Paquin / 26 Comments

ASUS_RT-AC66U_newsBased on the popularity of my previous ASUS RT-AC66U post regarding SNMP, I have decided to put together a simple post on how to configure static routing on the home router known as the Dark Knight.

In my humble abode, the RT-AC66U is the core of my home network, providing DHCP and Wireless to a plethora of devices. However, I am also running a small home lab which I need to be able to access from my home desktop. Hence the need for static routes.

Specifically, my home lab hosts the following networks; 10.1.0.0/24, 10.2.0.0/24, 10.3.0.0/24. The IP address of my ASUS RT-AC66U is the default one of 192.168.0.1. My desktop is on the 192.168.0.0/24 network.

In order for me to access my lab from my desktop (and from the rest of my home network), I need to tell my ASUS how to route traffic destined for my 10. networks.

In order to accomplish this, we first need to navigate to LAN on the left pane, and then selecting the Route tab.

static_routes_asus_rt-AC66u

As shown in the screenshot above, we first need to select the “YES” radio button to “Enable Static Routes”. Next we enter a network ip (or static ip — if that’s what we are up to) into the “Network/Host IP “field. Then we enter our netmask into the field that is not surprisingly labeled Netmask”. In my case my netmask is 255.255.255.0.

Now we move on to the field labeled “Gateway”. Here we need to enter what the next network hop for that a packet that is needs to route to our lab network. In my environment, this is 192.168.0.11, which is another router.

Then select “LAN” from the drop down as all our traffic will route to the internal LAN only, and not out to the internet or WAN. Now click the plus sign to add your new route.

Now when a packet destined for one of my lab networks outlined above hits my ASUS router, it will be forwarded to 192.168.0.11, which is my lab router.

Note that you can also add static routes via the busybox command line, however I am not going to go into that today. Its simple enough to add them in the WebUI.

How to Add and Delete Persistant Routes in AIX

/ Christopher Paquin

Chatter-phone-300x234Wow, AIX does not like to make anything easy. Nor do they like to make things intuitive. Need to remove a route from AIX, well get ready to have one command to temporariliy remove a route and another command to remove the route for good. Same goes with adding a route. "Quit your bitching, and use Smitty", you say? Well smitty does not make anything any easier, especially since the UI likes to show you fields that you does not necessarily need you to use. Oh, plus they let you type in them. Asking me for a netmask when adding a static route does not seem like a crazy request to me? But jokes on you, you were not supposed to type anything there.

Anyway, I was tasked with cleaning up a few bad routes that were added to a handful of servers. Note that I was not interested in adding the routes temporarily before I added them as persistent routes. These were simple one liners that I felt very comfortable adding to the ODM right out the gate.

So first we need to check the ODM for the routes that we need to remove. In this example we want to delete the route fro 10.11.1.56, so lets find just that route. Note all of these are host routes.

# lsattr -El inet0 | grep 10.11.1.56
route host,-hopcount,0,,-if,en1,,,,-static,10.11.1.56,10.22.13.1 Route True

 

Now lets delete the route above

# chdev -l inet0 -a delroute=10.11.1.56,10.22.13.1

 

We have a second route to delete so lets kill that one too

# chdev -l inet0 -a delroute=10.11.1.57,10.22.13.1

 

Now lets add the correct routes – the format is as shown below

chdev -l inet0 -a route=host,-hopcount,1,-netmask,netmask,network,gateway

 

Now on a few of the servers I was working on I had to remove network routes as well as host routes. You need to know that the syntax is anoyingly different adding network routes. In the example below I first need to remove the network route.

chdev -l inet0 -a delroute="net,-hopcount,0,,,,,,-static,10.11.1.56,10.11.1.254"

 

Now lets add our new and correct route

chdev -l inet0 -a route="host,-hopcount,0,,,,,,-static,10.11.1.56,172.30.150.190"

Related articles

Basic AIX Performance Troubleshooting Commands
How to Add Multiple Routes in Linux Using ip Command Examples
PowerPath, AIX 5.3, and LTG: Solutions

Subnetting for Complete Idiots: Part I

/ Christopher Paquin

Little-professor-1Let me first start off by saying that I do not actually think that I am a complete idiot, however it being educated by the Georgia Public School system I can safely say that there are a few subjects where my knowledge is lacking. Specifically mathematics. Honestly everything else that you might have missed learning in high school you can pretty much pick up along the way just by picking up a book or through a bit of on the job training. But not math — its just one of those things that you are never going to find yourself learning for fun.

 

Now why are we talking about mathematics? Because we are about to jump face first into Subnetting. But instead of attempting to cram every bit of it in our brains in one sitting, we are going to sit back and take our time and learn it step by step. As a matter of fact we are not even really going to talk about subnetting today. Rather we are just going to talk a bit about binary math.

 

Now, I'm not about to write an article explaining binary or base-2 number systems, no there are plenty of articles our there that explain it. Here and here are a couple.

What I am going to show you is this little table, which you need to memorize.

 

Binary-chart2-e1348114238651

 

You need to memorize 20 through 27th. You need to know that if you add up sum of 20 to 27th it equals 256. You need to memorize.

 

Why is this important – well if you recall an IP address is 32 bits in lenght and is made up for 4 seperate octets. The chart above represents an octet with the maxiumim number possible being 256 and the minimum being one.

Note that this is where we are going to stop for today — all you need to walk away with is an understanding of how the chart above relates to an octet of a IP address.

 

Related articles

Subnets and prefixes
Understanding and performing IPv4 subnetting
Calculating the number of bits in a Subnet Mask in C#
Netting the concept of subnets

Install and Configure SNMP on the Asus RT-AC66U Router

/ Christopher Paquin

ASUS_RT-AC66U_newsOk first off let me start by saying that this is probably the coolest piece of home computing hardware that I have ever laid my hands on. Yes the setup was easy, and yes the thing is rock solid, and yes wireless range is awesome. But for approx $200 USD you really should not expect anything less.  I’m not going to go into its specs or features, as I’ll leave that to the professionals. Read up on it here.

Anyway out of the box it supported telnet, but I wanted ssh, so I dropped the default firmware and went with Asuswrt-Merlin. It was at this point I started to explore the Busybox OS and decided I wanted to monitor the device via my HomeLab Zenoss install.

However, much to my chagrin net-snmp was not installed out of the box.

So how do you install it you ask? Would you believe via a package manager?

First, you need to find the package name

#ipkg list | grep snmp

Then install the snmp package

#ipkg install net-snmp

Then configure it to start at boot time.

#app_set_enabled.sh net-snmp yes

In order to configure it, you are going to have to search for the snmp.conf

#find / -name snmpd.conf

I found two files and one of them clearly states that you should not edit it directly. The other one does not so this is the one that I modified to include my custom rocommunity. See below.

rocommunity  lab

Now I just need to figure out how to allow port 161 udp/tcp on my local LAN segment and I am in business. However, I will probably tackle that tomorrow.

 

Additional Info (2016)

Note, you can restart snmp as shown below.

Stopping:

admin@RT-AC66U:/tmp/home/root# app_stop.sh net-snmp
killall: dm2_transmission-daemon: no process killed
killall: asus_lighttpd: no process killed
killall: dm2_snarfmaster: no process killed
killall: dm2_nzbget: no process killed
killall: dm2_amuled: no process killed
iptables: No chain/target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)

Starting:

admin@RT-AC66U:/tmp/home/root# app_set_enabled.sh net-snmp yes
The field(Enabled) was set “yes” already.
Restarting the package…

 

2016 Update – Configuring SNMP via the WebUI

Figured that I would add an update to this post as it seems that there are plenty of folks who are looking to setup SNMP on their Asus routers. Note that SNMP can now be configured directly from the WebUI.

In the left pane, click on “Advanced Setting”. Then click on the “SNMP” tab. See example below. Note that the webui does not seem to pick up your configuration if you have configured it via the cli. I have not tested to see if the WebUI overwrites the CLI configuration or if it creates another configuration file.

asus-4.png

Additional Resources

Fatmin: How to Add a Static Route on the Asus RT-AC66U

Fatmin: Install and Configure SNMP on the Asus RT-AC66U