The following steps are the most basic, essential steps to get a Netscaler Application Switch up and running.
#set root password
set system user nsroot newpasswd1
#add mapped ip, this is the interface for connections to servers (inside)
add ns ip x.x.x.x 255.255.255.0 -type mip
#set netscaler ip (nsip), this ip used for administration only
set ns config -ipaddress x.x.x.x -netmask 255.255.255.0
#set default gateway on nsip
add route 0.0.0.0 0.0.0.0 x.x.x.x
#save config
save ns config
reboot
#open the gui
http://nsip/
=====
Friday, December 28, 2007
Wednesday, December 5, 2007
Using IP's instead of domain names for NTP server configuration
To prevent devices from the extra step of having to resolve domain name, I often use the IP for NTP servers references. These IP's dont change very often, so its a pretty safe bet to use IP's and not the domain names. Typically I configure NTP with a list of 5-10 servers.
Typically I set my monitoring server up as the NTP check point for all the other servers and network devices in my network. But I also provide each system with a list of fallback servers.
I like to use the pool servers from ntp.org
There are about 1700 active servers, today.
Typically I set my monitoring server up as the NTP check point for all the other servers and network devices in my network. But I also provide each system with a list of fallback servers.
I like to use the pool servers from ntp.org
There are about 1700 active servers, today.
Thursday, November 15, 2007
Configuring NTP in Cisco IOS
ntp server 69.60.124.59
ntp server 98.172.32.171
ntp server 208.113.193.9
ntp server 216.184.20.83
ntp server 66.250.45.2
clock timezone PST -8
ntp server 98.172.32.171
ntp server 208.113.193.9
ntp server 216.184.20.83
ntp server 66.250.45.2
clock timezone PST -8
Configuring NTP in Windows
w32tm /config /manualpeerlist:"72.167.54.201, 74.53.76.34, 209.67.219.106, 209.132.176.4, 72.36.170.170, 67.18.208.203, 69.36.240.252, 216.14.98.234, 64.202.112.65, 65.49.42.8,0x8" /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync
net stop w32time
net start w32time
w32tm /resync
Configuring NTP in *nix or BSD
edit /etc/ntp.conf
---------------------------
server 0.pool.ntp.org # A stratum 1 server at ntp.org
server 1.pool.ntp.org # A stratum 1 server at ntp.org
server time.nist.gov # A stratum 2 server at nist
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict time.nist.org mask 255.255.255.255 nomodify notrap noquery
restrict 10.10.1.0 mask 255.255.255.0 nomodify notrap
restrict 127.0.0.1
---------------------------
On linux systems that use chkconfig utility:
---------------------------
chkconfig ntpd on
service ntpd start
service ntpd stop
service ntpd restart
---------------------------
On other systems:
---------------------------
pkill -HUP -x ntpd
---------------------------
Verify that ntpd is running:
---------------------------
ps auxwww | grep ntpd
---------------------------
Syncronize
check the date: `date`
stop ntpd: `pkill -x ntpd`
run ntpdate: `ntpdate -u`
note: its possible that this command may need to be run several times.
use the offset to determine acceptable offset values.
start ntpd:
check sync: `ntpq -p`
---------------------------
server 0.pool.ntp.org # A stratum 1 server at ntp.org
server 1.pool.ntp.org # A stratum 1 server at ntp.org
server time.nist.gov # A stratum 2 server at nist
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict time.nist.org mask 255.255.255.255 nomodify notrap noquery
restrict 10.10.1.0 mask 255.255.255.0 nomodify notrap
restrict 127.0.0.1
---------------------------
On linux systems that use chkconfig utility:
---------------------------
chkconfig ntpd on
service ntpd start
service ntpd stop
service ntpd restart
---------------------------
On other systems:
---------------------------
pkill -HUP -x ntpd
---------------------------
Verify that ntpd is running:
---------------------------
ps auxwww | grep ntpd
---------------------------
Syncronize
check the date: `date`
stop ntpd: `pkill -x ntpd`
run ntpdate: `ntpdate -u
note: its possible that this command may need to be run several times.
use the offset to determine acceptable offset values.
start ntpd:
check sync: `ntpq -p`
Monday, October 15, 2007
Using Native VLAN's for improved security and redundancy
We have three zones. Public, DMZ, and Inside. I created vlan 20 for Public, 30 for DMZ, and vlan 40 for Inside. Then i created vlan dummy_vlan2, dummy_vlan3, and dummy_vlan4, then i went into the vlan database and suspended each. Then, I went to each access port (via the interface-range qualifier) and assigned the native vlan and set the vlan membership explicitly, nearly the same as you showed in your article (you showed an example of allowing all vlans). Finally, I explicited allowed only vlans 20,30, and 40 on the Trunk.
I hope this is the appropriate place for it, but here is how I set it up, straight from the documentation I wrote.
——
+ Set up the Aggregated Ports
Set up PAGP on Switch01 side
# conf t
(config)# interface range gi 1/43 - 44
(config-if-range)# channel-group 1 mode desirable
Set up PAGP on Switch02 side
(config)# interface range gi 1/43 - 44
(config-if-range)# channel-group 1 mode desirable
port-channel 1 is the resulting virtual interface
The following command will verify what has been set up.
# show etherchannel summary
Set up the IEEE 802.1Q Trunk
SW02
(config)# interface port-channel 1
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
SW01
(config)# interface port-channel 1
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
+ Configure VTP
SW01
(config)# vtp mode server
(config)# vtp domain xxxxxxx
(config)# vtp password xxxxxxxxxxxxxxx
SW02
(config)# vtp mode server
(config)# vtp domain xxxxxxx
(config)# vtp password xxxxxxxxxxxxxxx
+ Vlan Configuration
SW01
Create Dummy VLANs
(config)# vlan 2
(config-vlan)# name dummy_vlan2
(config)# vlan 3
(config-vlan)# name dummy_vlan3
(config)# vlan 4
(config-vlan)# name dummy_vlan4
(config)# end
Suspend dummy_vlan’s
#vlan database
#vlan 2 state suspend
#vlan 3 state suspend
#vlan 4 state suspend
Create Active VLAN’s
#vlan 20
#name PUBLIC_VLAN
#interface range 1/1 - 4
#switchport access vlan 20
#switchport trunk native vlan 2
#vlan 30
(config-vlan)#name DMZ_VLAN
(config-vlan)#interface range 1/17 - 32
(config-vlan)#switchport access vlan 30
(config-vlan)#switchport trunk native vlan 3
#vlan 40
(config-vlan)#name INSIDE_VLAN
(config-vlan)#interface range 1/33 - 35
(config-vlan)#switchport access vlan 40
(config-vlan)#switchport trunk native vlan 4
Configure Trunk Interface
(config)# interface port-channel 1
(config-if)# switchport trunk allowed vlan 20,30,40
(config-if)#end
# wr mem
Monday, August 27, 2007
Calculating Power Requirements for our Data Center
Calculating power requirements is pretty straight-forward. I gathered up all the data sheets on all the equipment we planned for our data center and recorded the avg and max values in Watts. Some manufacturers provide the power requirements in amps at a specific voltage, and some provide a value in watts. Some manufacturers provide both average and max values, but if they only provide a single value, its usually the maximum.
Its simple to get the wattage: volts · amps = watts
Next I designated which devices should be grouped and started playing with the elevations. Then I added up all the max watts of the individual pieces of equipment in each rack and divided by the number of circuits going into that rack (4). Essentially, the load will be distributed over four circuits. Should one of the circuits go down, we'd want to be able to run everything connected to a given PTXL unit on a single branch circuit. Because we can only draw 80% of the power available on a single circuit at any given moment (16A / circuit in this case), our goal is to stay well below 40% utilization on each circuit to allow for a complete failover and allow some room for growth.
So, to begin I subtracted that sum of all the equipment destined for a single rack from 3840W ((120 · 20)2 · 0.8) , which is 80% of the total watts available between the two primary circuits, and that gives me a gross approximation on the max wattage for that rack. Next I divided the equipment between the 2 PTXL units within each cage (see below about PTXL). Typically when a server starts up, the device temporarily draws more power during the POST, spinning up all fans and whatnot. However, a device will typically idle at half or a third of its max wattage. So, in a rack where your power margins are getting thin, you'll want to consider a device like the PTXL which allows you to prioritize power ports and set delays on them. Why? In a catastrophic power-loss scenario, a well designed implementation would stage the start-up sequence such that the storage devices would come up first, then probably the switches would come up, then the routers, and then the hosts. Each environment is different, so it varies.
To get the most for our money, and to use the power most efficiently, we'd want to pull in 3-phase power, but for some reason the data center services are all freaked out about an extra wire, the cost is 3-times that of single phase power. Anyhow, I contacted the data center (Equinix) to learn their max power/sq ft. It basically worked out to 80A/rack or four 120V/20A branch circuits for each rack (two are primary, two are redundant). I picked the NEMA L5-20 twist-n-lock plug type, specifically because I knew that the data center facility provides the power drops above the rack, with the plug receptacle facing down.
Another consideration when ordering power at a data center is where the circuit will be internally sourced. Be sure that redundant circuits from are sourced from different power banks than the primary circuit. Get a map from the data center on their power layout, it will allow you to double check the work that has been done by the facility engineers. Its always a good idea to make friends with these guys...
I bought two ServerTech Power Tower XL (PTXL) HF16 units per rack and everything has been working out very well. Each unit is IP addressable and has a web interface control panel, that's rather smartly designed, though I have never used it and disabled it. I can also fold the monitoring of these systems into my own monitoring framework because of SNMP (and it does support SNMPv3), and I can simply walk up to the rack and see what our load is at any time. Much to my surprise, the tty and www administration consoles are equivalent. Nice work ServerTech!
Its simple to get the wattage: volts · amps = watts
Next I designated which devices should be grouped and started playing with the elevations. Then I added up all the max watts of the individual pieces of equipment in each rack and divided by the number of circuits going into that rack (4). Essentially, the load will be distributed over four circuits. Should one of the circuits go down, we'd want to be able to run everything connected to a given PTXL unit on a single branch circuit. Because we can only draw 80% of the power available on a single circuit at any given moment (16A / circuit in this case), our goal is to stay well below 40% utilization on each circuit to allow for a complete failover and allow some room for growth.
So, to begin I subtracted that sum of all the equipment destined for a single rack from 3840W ((120 · 20)2 · 0.8) , which is 80% of the total watts available between the two primary circuits, and that gives me a gross approximation on the max wattage for that rack. Next I divided the equipment between the 2 PTXL units within each cage (see below about PTXL). Typically when a server starts up, the device temporarily draws more power during the POST, spinning up all fans and whatnot. However, a device will typically idle at half or a third of its max wattage. So, in a rack where your power margins are getting thin, you'll want to consider a device like the PTXL which allows you to prioritize power ports and set delays on them. Why? In a catastrophic power-loss scenario, a well designed implementation would stage the start-up sequence such that the storage devices would come up first, then probably the switches would come up, then the routers, and then the hosts. Each environment is different, so it varies.
To get the most for our money, and to use the power most efficiently, we'd want to pull in 3-phase power, but for some reason the data center services are all freaked out about an extra wire, the cost is 3-times that of single phase power. Anyhow, I contacted the data center (Equinix) to learn their max power/sq ft. It basically worked out to 80A/rack or four 120V/20A branch circuits for each rack (two are primary, two are redundant). I picked the NEMA L5-20 twist-n-lock plug type, specifically because I knew that the data center facility provides the power drops above the rack, with the plug receptacle facing down.
Another consideration when ordering power at a data center is where the circuit will be internally sourced. Be sure that redundant circuits from are sourced from different power banks than the primary circuit. Get a map from the data center on their power layout, it will allow you to double check the work that has been done by the facility engineers. Its always a good idea to make friends with these guys...
I bought two ServerTech Power Tower XL (PTXL) HF16 units per rack and everything has been working out very well. Each unit is IP addressable and has a web interface control panel, that's rather smartly designed, though I have never used it and disabled it. I can also fold the monitoring of these systems into my own monitoring framework because of SNMP (and it does support SNMPv3), and I can simply walk up to the rack and see what our load is at any time. Much to my surprise, the tty and www administration consoles are equivalent. Nice work ServerTech!
Sunday, August 12, 2007
My Favorite Citrix/Virtualization Websites
My Faves:
http://www.rtfm-ed.co.uk/
http://blog.scottlowe.org/
http://www.vmguru.com/
http://www.dabcc.com
http://virtrix.blogspot.com/
http://www.stefanschuller.com/
http://www.thin-world.com/
http://www.brianmadden.com
And a few others...
http://www.vmwarez.com/index.html
http://blogs.technet.com/virtualization/
http://x86virtualization.com/
http://www.rtfm-ed.co.uk/
http://blog.scottlowe.org/
http://www.vmguru.com/
http://www.dabcc.com
http://virtrix.blogspot.com/
http://www.stefanschuller.com/
http://www.thin-world.com/
http://www.brianmadden.com
And a few others...
http://www.vmwarez.com/index.html
http://blogs.technet.com/virtualization/
http://x86virtualization.com/
Wednesday, July 25, 2007
Terabyte, Petabyte, Exabyte, Zettabyte, Yottabyte
I copied this from somewhere on the web....found it buried in my e-mail, addressed to myself. :)
-----
After Terabyte comes a Petabyte then Exabyte then Zettabyte then Yottabyte
(not spelled after the great Jedi Master :-(
(interesting fact: 2 Pedabytes would store the entire contents of ALL US
academic libraries).
Megabyte = 1/1152921504606846976 yottabyte
= 1/1125899906842624 zettabyte
= 1/1099511627776 exabyte
= 1/1073741824 petabyte
= 1/1048576 terabyte
= 1/1024 gigabyte
= 1 megabyte
= 8 Megabits
= 1024 kilobytes
= 8192 Kilobits
= 1048576 bytes
= 2097152 nibbles
= 8388608 bits
gigabyte = 1/1125899906842624 yottabyte
= 1/1099511627776 zettabyte
= 1/1073741824 exabyte
= 1/1048576 petabyte
= 1/1024 terabyte
= 1 gigabyte
= 1024 megabytes
= 8192 Megabits
= 1048576 kilobytes
= 8388608 Kilobits
= 1073741824 bytes
= 2147483648 nibbles
= 8589934592 bits
terabyte = 1/1099511627776 yottabyte
= 1/1073741824 zettabyte
= 1/1048576 exabyte
= 1/1024 petabyte
= 1 terabyte
= 1024 gigabytes
= 1048576 megabytes
= 8388608 Megabits
= 1073741824 kilobytes
= 8589934592 Kilobits
= 1099511627776 bytes
= 2199023255552 nibbles
= 8796093022208 bits
petabyte = 1/1073741824 yottabyte
= 1/1048576 zettabyte
= 1/1024 exabyte
= 1 petabyte
= 1024 terabytes
= 1048576 gigabytes
= 1073741824 megabytes
= 8589934592 Megabits
= 1099511627776 kilobytes
= 8796093022208 Kilobits
= 1125899906842624 bytes
= 2251799813685248 nibbles
= 9007199254740992 bits
Exabyte = 1/1048576 yottabyte
= 1/1024 zettabyte
= 1 exabyte
= 1024 petabytes
= 1048576 terabytes
= 1073741824 gigabytes
= 1099511627776 megabytes
= 8796093022208 Megabits
= 1125899906842624 kilobytes
= 9007199254740992 Kilobits
= 1152921504606846976 bytes
= 2305843009213693952 nibbles
= 9223372036854775808 bits
Zettabyte = 1/1024 yottabyte
= 1 zettabyte
= 1024 exabytes
= 1048576 petabytes
= 1073741824 terabytes
= 1099511627776 gigabytes
= 1125899906842624 megabytes
= 9007199254740992 Megabits
= 1152921504606846976 kilobytes
= 9223372036854775808 Kilobits
= 1180591620717411303424 bytes
= 2361183241434822606848 nibbles
= 9444732965739290427392 bits
yottabyte = 1 yottabyte
= 1024 zettabytes
= 1048576 exabytes
= 1073741824 petabytes
= 1099511627776 terabytes
= 1125899906842624 gigabytes
= 1152921504606846976 megabytes
= 9223372036854775808 Megabits
= 1180591620717411303424 kilobytes
= 9444732965739290427392 Kilobits
= 1208925819614629174706176 bytes
= 2417851639229258349412352 nibbles
= 9671406556917033397649408 bits
-----
After Terabyte comes a Petabyte then Exabyte then Zettabyte then Yottabyte
(not spelled after the great Jedi Master :-(
(interesting fact: 2 Pedabytes would store the entire contents of ALL US
academic libraries).
Megabyte = 1/1152921504606846976 yottabyte
= 1/1125899906842624 zettabyte
= 1/1099511627776 exabyte
= 1/1073741824 petabyte
= 1/1048576 terabyte
= 1/1024 gigabyte
= 1 megabyte
= 8 Megabits
= 1024 kilobytes
= 8192 Kilobits
= 1048576 bytes
= 2097152 nibbles
= 8388608 bits
gigabyte = 1/1125899906842624 yottabyte
= 1/1099511627776 zettabyte
= 1/1073741824 exabyte
= 1/1048576 petabyte
= 1/1024 terabyte
= 1 gigabyte
= 1024 megabytes
= 8192 Megabits
= 1048576 kilobytes
= 8388608 Kilobits
= 1073741824 bytes
= 2147483648 nibbles
= 8589934592 bits
terabyte = 1/1099511627776 yottabyte
= 1/1073741824 zettabyte
= 1/1048576 exabyte
= 1/1024 petabyte
= 1 terabyte
= 1024 gigabytes
= 1048576 megabytes
= 8388608 Megabits
= 1073741824 kilobytes
= 8589934592 Kilobits
= 1099511627776 bytes
= 2199023255552 nibbles
= 8796093022208 bits
petabyte = 1/1073741824 yottabyte
= 1/1048576 zettabyte
= 1/1024 exabyte
= 1 petabyte
= 1024 terabytes
= 1048576 gigabytes
= 1073741824 megabytes
= 8589934592 Megabits
= 1099511627776 kilobytes
= 8796093022208 Kilobits
= 1125899906842624 bytes
= 2251799813685248 nibbles
= 9007199254740992 bits
Exabyte = 1/1048576 yottabyte
= 1/1024 zettabyte
= 1 exabyte
= 1024 petabytes
= 1048576 terabytes
= 1073741824 gigabytes
= 1099511627776 megabytes
= 8796093022208 Megabits
= 1125899906842624 kilobytes
= 9007199254740992 Kilobits
= 1152921504606846976 bytes
= 2305843009213693952 nibbles
= 9223372036854775808 bits
Zettabyte = 1/1024 yottabyte
= 1 zettabyte
= 1024 exabytes
= 1048576 petabytes
= 1073741824 terabytes
= 1099511627776 gigabytes
= 1125899906842624 megabytes
= 9007199254740992 Megabits
= 1152921504606846976 kilobytes
= 9223372036854775808 Kilobits
= 1180591620717411303424 bytes
= 2361183241434822606848 nibbles
= 9444732965739290427392 bits
yottabyte = 1 yottabyte
= 1024 zettabytes
= 1048576 exabytes
= 1073741824 petabytes
= 1099511627776 terabytes
= 1125899906842624 gigabytes
= 1152921504606846976 megabytes
= 9223372036854775808 Megabits
= 1180591620717411303424 kilobytes
= 9444732965739290427392 Kilobits
= 1208925819614629174706176 bytes
= 2417851639229258349412352 nibbles
= 9671406556917033397649408 bits
Sunday, July 15, 2007
Saturday, July 14, 2007
Thursday, July 12, 2007
Wednesday, June 27, 2007
Find the largest files in *nix systems
find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
Sunday, June 17, 2007
Configuring SSH in Windows
Monday, May 14, 2007
Configuring SSH in Cisco IOS
To Configure SSH
1. Configure AAA
2. Configure SSH
3. Configure VTY
Configure AAA
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
Configure SSH
hostname
ip domain-name somedomain.com
crypto key generate rsa
ip ssh version 2
no ip ssh timeout
Configure VTY
line vty 0 4
login
transport input ssh
password 0
Check SSH Configuration
show ssh
show ip ssh
show ip ssh vty
1. Configure AAA
2. Configure SSH
3. Configure VTY
Configure AAA
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
Configure SSH
hostname
ip domain-name somedomain.com
crypto key generate rsa
ip ssh version 2
no ip ssh timeout
Configure VTY
line vty 0 4
login
transport input ssh
password 0
Check SSH Configuration
show ssh
show ip ssh
show ip ssh vty
Subscribe to:
Posts (Atom)