Skip to content

Posts from the ‘Networking’ Category

2
Jun

DNS, Server Replacements, and IPv6

Last week I encountered a briefly puzzling situation that’s worth noting as a tip when replacing a server on the network and needing to keep the same hostname. We’re a Microsoft shop, so this speaks to Microsoft DNS and VMs running Windows Server (2008 R2 and 2012 R2), but DNS being what it is, this is likely to apply to BIND, Linux, and the rest.

In this case, we were following a very simple server replacement process with these short steps, much as one would back in the 1990’s.

  1. Rename the old server (i.e. svrsyslog –> svrsyslogold)
  2. Build the new server with the original name (svrsyslog)
  3. Set the new static IP

The relevant difference between the 90’s and now, though, is IPv6 (among many other things). Thus, in DNS, we have two records resembling those of a standard syslog server below.

dns-ipv6-1

 

What doesn’t stand out in those records, however, is the IPv4 portion of the IPv6-encapsulating address. So when we changed the server name to “…old”, everything looks fine, because the “Host (A)” record updates to the new name and a corresponding “IPv6 Host (AAAA)” record follows right below.

The key here is that the IPv6 record below the updated “svrsyslog” IPv4 record may not match. In our case, the old IPv6 record never updated; only the IPv4 did. This creates problems when connecting to the new server in a dual-stacked IPv4/IPv6 environment. IPv6-aware systems attempt to resolve the new “svrsyslog” with DNS and get the old IPv6 address (because the rebuilt server didn’t update the v6 record). IPv4 points one place, while IPv6 points to another.

The solution is as simple as it is in IPv4; obscurity and unfamiliarity with IPv6 is all that makes it elusive. Open the IPv6 record of the new/original server name (in this example, SVRSYSLOG) and edit the decimal portion of the IP address. Microsoft is kind enough to translate it from hex for us is the dialog box. Make that last chunk match, and you’re good to go.

dns-ipv6-2

 

——————————————————

By Chris Gurley, MCSE, CCNA
Last updated: June 3, 2014

29
May

Hyper-V / VMM 2012 R2 and VMQ, Part 1

Microsoft has been gaining ground in the virtualization sphere one step at a time since Hyper-V first premiered. While the some increments were negligible (or merely painstakingly obvious), they achieved significant breakthroughs in late 2013 with the release of all things “2012 R2”. The puzzle piece on which we’ll focus here is VMQ (specifically dynamic VMQ, or dVMQ).

VMQ gives Hyper-V and System Center Virtual Machine Manager (VMM) Logical Switches what Receive Side Scaling (RSS) provides to physical servers; namely, it leverages multiple compute cores/interrupts to increase network traffic efficiency. The network teaming (or Load-Balancing Fail-Over, LBFO) configuration is important here, because it affects how VMQ maps queues to processors. The full table of possibilities is given halfway down the page of TechNet’s VMQ Deep Dive, Part 2. In a nutshell, some configurations need NIC queues to overlap the same processors (so that all queues are everywhere), while others need segregation (so every queue has its own unique core).

Read moreRead more

31
Aug

VMworld: SRM 5.0 & vSphere Replication (BCO1562)

Speakers: Lee Dilworth, Clive Wenman (VMware)

Understanding the Use Cases and Implementation Options

Prior to SRM 5, relied on array-based replication
– requires same versions of vCenter and SRM but ESX versions can vary
SRM 5 now supports vSphere Replication (in addition to array-based)
– vSphere Replication requires parity of all versions of vSphere

SRM: Site Recovery Manager
SRA: Storage Replication Adapter

SRM 5 UI allows seeing both sites from one interface

vSphere Replication offers a cost-effective choice/alternative to array-based
– does not replace array-based for the foreseeable future

Read moreRead more

30
Aug

VMworld: Distributed vSwitch Best Practices (VSP2894)

Speaker: Vyenkatesh Deshpande (VMware)

Agenda:
– Overview of VDS
– vSphere 5 New Features
– VDS Best Practices
– VDS Myths

# Overview
– unified network virtualization management in dependent of physical fabric
– manage datacenter-wide switch vs. individual switches per host
– vMotion-aware: statistics and policies follow the VM simplifying debugging and troubleshooting

Read moreRead more

30
Aug

VMworld: Designing Network for Multisite vSphere (VSP3122)

Speakers: Sanjay Aiyagari (VMware), Simon Hamilton-Wilkes (F5)

Journey of IT Transformation: Accelerate and Amplify
– moving from server consolidation to being able to monitor and manage your applications
– and from there to hosting multiple instances of your application in the cloud provisioned independently for varied users

The Journey: Stage 1 – Infrastructure Focus
+ shared resource pools
+ elastic capacity
– no business continuity

The Journey: Stage 2 – Application Focus
+ zero-touch infrastructure
+ increased control and service assurance
– possible downtime
– idle infrastructures
– infrastructure dependencies

The Journey: Stage 3 – Business Focus
+ service definition
+ self-service
+ chargeback
– isolation between instances
– application configuration updates reflect infrastructure

Read moreRead more

11
Apr

IPv6: RFC 6177 obsoletes RFC 3177

In what we believe to be a VERY wise revision, the IETF (Internet Engineering Task Force) has issued RFC 6177 to change the recommendation of indiscriminate issuing of /48 IPv6 address blocks to sites and organizations. Under RFC 3177, end sites were to be given /48 blocks, regardless of size. Thus, if an organization had multiple sites–whether a collection of small doctor’s offices or a multinational conglomerate–each of those sites would be assigned a /48.

Granted, IPv6 provides an unprecedented number of addresses and blocks, but discussions leading up to RFC 6177 argued that such a practice could be tantamount to declaring that 640K of memory is all anyone would ever need. It also was reminiscent of the early days of IPv4 when it wasn’t uncommon to give out /16’s, /12’s or even /8’s to organizations. And we all know how that ended up…

With the publication of RFC 6177 in March 2011, IETF’s recommendation has changed to assignments between /48 and /64, depending on the request. The provision and original intent of RFC 3177 to minimize hurdles in getting sufficient blocks for years ahead has still been preserved, so that end sites can maintain existing subnetting and transition to IPv6 without inordinate difficulties. The allowance, though, to assign a /56 or smaller block where appropriate will help keep IPv6’s options open as use cases and its evolution develops.

Kudos to IETF for learning from history!

Sources:

3
Mar

IPv6: Cisco IOS

Addressing. Routing. DHCP. EIGRP. HSRP. Mobility. After consuming Cisco’s 706-page IOS IPv6 Configuration Guide, these are just a few of the areas we’re processing as the deployment plan starts coming together. If you’re running something other than Cisco, some of the commands below, and of course EIGRP, may not directly apply, but perhaps you can abstract the concepts and use them in your own network.

Here’s a rundown of the IOS commands we’ll be utilizing as we begin to implement:

  • ipv6 address: (Interface) Apply to VLAN interfaces, routing interfaces, etc (i.e. vlan20, g1/10, g2/0/23)
  • ipv6 general-prefix: (Global) Specifies the prefix of your IPv6 address space (i.e. 2001:d8:91B5::/48)
  • ipv6 unicast-routing: (Global) Enables IPv6 routing on the switch/router
  • ip name-server: (Global) Not specific to IPv4 or v6, but necessary to add IPv6 name server addresses
  • ipv6 dhcp relay destination: (Interface) Configure on all interfaces that need DHCP relaying
  • ipv6 eigrp: (Interface) Unlike IPv4, EIGRP is interface-specific (no “network” statements); apply to routing interfaces
  • ipv6 router eigrp: (Global) Creates the EIGRP router process on the switch
  • ipv6 hello-interval eigrp: (Interface) Configured on interfaces using EIGRP to set the frequency of hello packets to adjacent routers
  • ipv6 hold-time eigrp: (Interface) Configured on interfaces using EIGRP to tell neighbors how long the sender is valid

Coming next: a consolidated IPv6 deployment plan, derived from NIST Guidelines for the Secure Deployment of IPv6

——————————————————

By Chris Gurley, MCSE, CCNA
Last updated: March 3, 2011

1
Mar

Updated: DNS resolution issues in DFW area

Beginning around 0700 CST, we detected DNS resolution issues in the DFW area (north Texas), particularly on AT&T’s network (i.e. iPhones using 3G), but also with corporate DNS servers going to the root hint servers. Time Warner Cable seems to be unaffected and neither does Airband (a local microwave-based ISP).

As a stop-gap, we implemented forwarders (4.2.2.2, 4.2.2.3) and regained a significant amount of resolution. At this point (0826 CST), we’re seeing resolution starting to come back, but certain sites like www.msn.com fail to load content.

Are you seeing anything in your part of the world?

Update from our ISP:

At approximately 3:30 a.m., <DFW provider> began experiencing intermittent internet connectivity.  While troubleshooting we realized we could get to some networks and could not reach other networks.  We narrowed the issue to Level3 who is having a problem with a BGP router located here in Dallas.  We have a ticket open with them and they will inform us once they have resolved their issue.  In the mean time, we have shutdown our Level3 connectivity until this issue is resolved.  We will advise you when we have restored the link after Level 3 has resolved the their issue…

Thus, it appears we have our root cause for north Texas issues: Level3. This also coincides with the partially successful use of Level3 forwarders (4.2.2.2, .3) for DNS because it kept resolution on their network (connectivity to other backbones may have been an issue).

22
Feb

IPv6: An Intro

IPv6, for those unfamiliar, is the Internet Protocol version 6, the next evolution of network addressing and the internet. Just like Bill Gates’ famous statement about 640KB being all that we’d ever need in computing, so the designers of IPv4 (Internet Protocol version 4) thought of the 4.3 billion addresses in the 32 bits of IPv4. Surely that’s enough! Nearly one per every person on earth?!? But how many of us have a smart phone (iPhone, Android, BlackBerry, etc), a home computer, an Xbox or PS3…not to mention any internet-connected devices at your place of employment?

Those 4.3B quickly disappear, especially when a lot of blocks were eliminated from distribution from day 1 (10.x.x.x, 172.16.x.x-172.31.x.x, 192.168.x.x, and all the multicast and experimental chunks). Add to that the Class A’s (16 million address blocks) wastefully given to large corporations, and you can see where the addresses went. Two weeks ago, the last Class A and thus, the last allotment from the centralized addressing authority, IANA, was dispensed. In technical terms, IPv4 is officially spent. Sure, ISPs still have supplies, but those are now a non-replenishable  resource.

Enter IPv6. 128 bits of addressing glory. The IETF (Internet Engineering Task Force) decided that once was enough with regards to running out of space (at least until we expand to other worlds). How many addresses is that, you ask? Read moreRead more

14
Feb

Coming Attractions: Service Manager & IPv6

On this fine evening, we wanted to share with you a little preview of coming attractions, which will hopefully appear in future posts. Two of our projects revolve around Microsoft System Center Service Manager and IPv6 (separate endeavors). Both of these hold good promise for our organization and where we go with each may help you as well.

Through the years, we’ve used a couple different help desk and change management tools–Track-It! and Alloy Navigator–and in each, we’ve run into issues and shortcomings. Track-It! was fine as a ticketing system, but provided very little correlation (if any), no audit trail, and sparse asset management. Alloy is a step in the right direction with a pretty comprehensive set of features, ranging from Purchase Orders to Incident and Change Management to Asset tracking, but the application and system itself are fraught with bugs, counter-intuitive processes, etc. In other words, lots of ongoing work which is worthy of many tickets itself.

So we’re venturing into Microsoft’s Service Manager territory and are very interested in the integration with the rest of the System Center suite (Configuration Manager and Operations Manager), as well as Active Directory. We’re also checking out Provance IT Asset Management, a management pack for SM, which enhances the product and provides an otherwise absent financial piece. Looking good so far!

On the networking side, we’ve been in the R&D phase with IPv6 (Internet Protocol version 6) for a few months now since receiving our own /48 block of addresses from ARIN. The documentation online is a bit sparse and mostly targeted to either consumers (Teredo) or ISPs, but we’re finding some nuggets in the digging.  Some good resources thus far are:

IPv6 is quite the undertaking, but as we work to roll it out in our organization, we’ll be sharing info to help in yours.