Search This Blog

Tuesday, 4 December 2012

Upgrade to my Cisco Lab

Hi everyone,

I'm spending a lot of spare time working towards extra Cisco certification, in particular the CCIE routing and switching. No matter what exams i take, i always seem to find something enjoyable about seeing networks converge and routers relearning different routes around a network after a failure.

So i've invested in some more kit (off ebay) for my home lab to give me some more flexibility for different Cisco certifications.

My 1/2 rack now looks like this:
The kit list is as follows (top to bottom)
Cisco 1603 router (spare, as no power supply)
GTA Gnatbox 1000 firewall (Uses RIP v1 and V2 for dynamic routing. Can be a BB router for labs or, when i purchase an access server - segmentation for potentially renting this out for other Cisco students)
Cisco 1601 router (used as BB router for BGP/ospf/eigrp etc)
Cisco 861 router (used as BB router for RIP - access to home LAN via NAT)
Cisco 3524 switch
Cisco 2950 switch
Cisco 1841 router (R4 in lab 1x WIC 1T, 2xFE)
Cisco 2621 router (R5 in lab 2x WIC 1T, 2xFE)
Cisco 2621 router (R7 in lab 1x WIC 1T, 1x ISDN WIC, 2xFE)
Cisco 3640 router (Frame Relay Switch. 1x 4 port asyn serial , 1x 4 port sync serial, 1x 10base-t for management)
Cisco 2801 router (R6 in lab 1x WIC 1T, 2xFE)
Cisco 2501 router (R8 in lab 2x serial, 1x ethernet)
Cisco 2611 router (R3 in lab 1x WIC 1T, 1xFE)
Cisco 2501 router (R2 in lab 2x serial, 1x ethernet)
Cisco 1760 router (R1 in lab 1x WIC 1T, 1x vwic 1mft-g703)
Cisco 3550 switch (SW1 in lab with EMI IOS) 

Other than the addition of another 3550, i'm really happy with this setup.  The frame relay switch is connected to every Rx router in the rack, which prevents me from re-cabling, all i have to do is change the DLCI which the router is using, giving me endless possibilities for a topology. Every router is connected to their correspending switch port on SW1 (R1 - FE0/1, R2 - FE0/2 etc) and if they have multiple ethernet interfaces, the 2nd interface goes to SW2 with SW1 and SW2 being ether channeled together.

 Also i run an old desktop PC with VMware ESXi free edition into one of the switches using a trunk port which allows me to put pc clients on different networks and look at the network traffic passing through any topology which i create on here.

For anyone that wants it. Here is the config of the ports on the frame relay switch.

interface Serial0/2
 no ip address
 encapsulation frame-relay
 clockrate 128000
 frame-relay intf-type dce
 frame-relay route 201 interface Serial0/1 102
 frame-relay route 203 interface Serial0/3 302
 frame-relay route 204 interface Serial1/0 402
 frame-relay route 205 interface Serial1/1 502
 frame-relay route 206 interface Serial1/2 602
 frame-relay route 207 interface Serial1/3 702
 no shutdown
interface Serial0/3
 no ip address
 encapsulation frame-relay
 clockrate 128000
 frame-relay intf-type dce
 frame-relay route 302 interface Serial0/2 203
 frame-relay route 301 interface Serial0/1 103
 frame-relay route 304 interface Serial1/0 403
 frame-relay route 305 interface Serial1/1 503
 frame-relay route 306 interface Serial1/2 603
 frame-relay route 307 interface Serial1/3 703
 no shutdown
interface Serial1/0
 no ip address
 encapsulation frame-relay
 clockrate 128000
 frame-relay intf-type dce
 frame-relay route 402 interface Serial0/2 204
 frame-relay route 403 interface Serial0/3 304
 frame-relay route 401 interface Serial0/1 104
 frame-relay route 405 interface Serial1/1 504
 frame-relay route 406 interface Serial1/2 604
 frame-relay route 407 interface Serial1/3 704
 no shutdown
interface Serial1/1
 no ip address
 encapsulation frame-relay
 clockrate 128000
 frame-relay intf-type dce
 frame-relay route 502 interface Serial0/2 205
 frame-relay route 503 interface Serial0/3 305
 frame-relay route 504 interface Serial1/0 405
 frame-relay route 501 interface Serial0/1 105
 frame-relay route 506 interface Serial1/2 605
 frame-relay route 507 interface Serial1/3 705
 no shutdown
interface Serial1/2
 no ip address
 encapsulation frame-relay
 clockrate 128000
 frame-relay intf-type dce
 frame-relay route 602 interface Serial0/2 206
 frame-relay route 603 interface Serial0/3 306
 frame-relay route 604 interface Serial1/0 406
 frame-relay route 605 interface Serial1/1 506
 frame-relay route 601 interface Serial0/1 106
 frame-relay route 607 interface Serial1/3 706
 no shutdown
interface Serial1/3
 no ip address
 encapsulation frame-relay
 clockrate 128000
 frame-relay intf-type dce
 frame-relay route 702 interface Serial0/2 207
 frame-relay route 703 interface Serial0/3 307
 frame-relay route 704 interface Serial1/0 407
 frame-relay route 705 interface Serial1/1 507
 frame-relay route 706 interface Serial1/2 607
 frame-relay route 701 interface Serial0/1 107
 no shutdown

Wednesday, 18 July 2012

Setting up a new DHCP server

Hi all,

I was setting up some new domain controlers with DHCP and found that the customer had a lot of reservations. Rather than having to retype everything i found this great link to export the scope and import it back into the new server. I tested it from 2003 to 2008 and it worked perfectly.

Wednesday, 11 July 2012

The dangers of VMware snapshots.

I come across a lot of VMware environments where people have been miss-informed about the use of VMware snapshots and can later on, have a large detrimental effect on storage and performance of their live environments.

First of all, let’s define what a snapshot is. Wikipedia states it to be “Snapshot (computer storage), a set of computer files and directories kept in storage as they were sometime in the past”, or as a lot of people say “a point in time copy”. 

The above has lead people to believe the VMware snapshots can be used as backups or that it’s fine to leave several snapshots on a VM for its entire life, but unfortunately this is NOT how they function. 

VMware snapshots are Delta’s not a true snapshot, when initiated the original virtual disk (vmdk) is locked and made read only and a new delta disk is created which all future changes are made. If you were to then snapshot this again, the original disk is still locked, the 1st Delta disk is made read only and a 2nd delta disk is created which all changes are written to.

The 2nd delta disk is dependent on the 1st delta disk and the 1st delta disk is dependent on the original virtual disk of the VM and the more times you snapshot the VM, the more the dependency tree expands.

I have seen cases where by the original disk has been provisioned of 60GB on storage and then a further six 60GB delta drives had been created (all of various sizes on the storage) going back several years, all adding a massive overhead on storage. This also highlights why you cannot use VMware snapshots as backups due to the Delta tree dependency and that they are NOT point in time copies.
There is a well-known case where someone was miss-informed that VMware snapshots can be used as a backup and proceeded to snapshot their main mail system. Several weeks later their storage was reporting that it was nearly out of space and performance was really slow. They hired a VMware expert to investigate who found a 800gb Delta file and due to the amount of data that would be lost had no other options but to commit this snapshot to the VM, which subsequently took nearly a week to roll into the original disk and had a major impact on system performance.

Please use VMware snapshot responsibly; if you need to test a patch, clone the VM, put it on an internal test network in VMware (no physical NIC), patch the clone and test. If the test is successful you can then snapshot the original machine out of hours and patch knowing with confidence that the patch works with your application; after the install commit the snapshot immediately. The only reason I add the snapshot to patching the original VM is if something happens during the install nothing else. Other than this and its use with backup technologies (like backup exec, etc) which snapshot the VM to take a backup and then immediately commit the changes, there is no real reason they should be used.

Thanks for reading, and any comments or questions please feel free to ask.

Friday, 30 March 2012

Cisco UCS / Nexus

I'm just currently running through the Cisco DCUCI certification process, and are really impressed with concepts and business benefits for the high server farm / data centre operations user. Consolidating down the number of connections per rack, saving power on the switch and SAN elements, allowing full data centres to utilise this extra power and space to add extra compute power without the need to expand the physical building or relocate into another building which can be extremely costly.

Check out the Cisco Nexus platform and their UCS (not unified communications server :-)! ) platform.

Tuesday, 17 January 2012

VNXe NDMP backup Issue

Hi everyone,

I’ve been working with a client installing a VNXe for them along with VMware with Veeam backing up the VMware and Backup exec backing up the file shares on the VNXe and archiving backups to tape.

The setup is a pretty standard one with cisco switches and HP servers, but we ran into a problem when backing up the file shares on the VNXe (using NDMP) which backup exec, where the Backup Exec server would randomly skip a share or two one evening, and then skip a completely different one the following evening. The error that we were getting back was that the VNXe either could not be contacted or that a connection was refused.

The setup of the server was a HP network team in active / active (giving 2 Gbps) and two ports teamed on the VNXe for CIFS. The issues was raised with EMC, and it transpires, that this problem is caused by the HP network team and as soon as this was changed to NFT (active / passive), then the problem went away.

If I get the opportunity, I would like to test this with an Intel network team so see if it is vendor specific, but certainly something that you all might encounter.

Thanks for reading.