(TIL) Today I Learned...

Started by Seittit, January 13, 2015, 03:50:21 AM

Previous topic - Next topic

deanwebb

It's the truth, I tell you.

I also learned that even after I provide an IP address, host name, physical location of the VBlock hardware, Remedy ticket number for the initial build, and the day we made it active, the VM guys *still* can't find the VM I requested to be decommed so that we can reclaim the license on that box.  :wall:

What scares me most is that we have a directive to place more networking infrastructure into the virtual environment, to cut costs.  :glitch:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

LynK

Quote from: deanwebb on June 17, 2015, 10:40:51 AM
What scares me most is that we have a directive to place more networking infrastructure into the virtual environment, to cut costs.  :glitch:

Do not be scared. Virtualization is amazing. The effective removal of all hardware issues due to automated vmotion. Trust me... it is a good thing.
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

deanwebb

Quote from: LynK on June 17, 2015, 12:39:38 PM
Quote from: deanwebb on June 17, 2015, 10:40:51 AM
What scares me most is that we have a directive to place more networking infrastructure into the virtual environment, to cut costs.  :glitch:

Do not be scared. Virtualization is amazing. The effective removal of all hardware issues due to automated vmotion. Trust me... it is a good thing.
Well, we already lost SPAN ports because of virtualization, and when we talk about piping Netflow to those boxes, the data center guys break out in hives. "Our bandwidth! Our bandwidth!" they cry. And then there's the question of how competent the guys in charge of the VMs are, since they shied away from a complicated solution that would allow us to have SPAN ports and, of course, the IP address mess that I mentioned.

But I will grant that I didn't have to set up HA for these boxes. HA is usually a pain, regardless of platform, so that is a good thing.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

NetworkGroover

Quote from: deanwebb on June 17, 2015, 01:16:59 PM
Quote from: LynK on June 17, 2015, 12:39:38 PM
Quote from: deanwebb on June 17, 2015, 10:40:51 AM
What scares me most is that we have a directive to place more networking infrastructure into the virtual environment, to cut costs.  :glitch:

Do not be scared. Virtualization is amazing. The effective removal of all hardware issues due to automated vmotion. Trust me... it is a good thing.
Well, we already lost SPAN ports because of virtualization, and when we talk about piping Netflow to those boxes, the data center guys break out in hives. "Our bandwidth! Our bandwidth!" they cry. And then there's the question of how competent the guys in charge of the VMs are, since they shied away from a complicated solution that would allow us to have SPAN ports and, of course, the IP address mess that I mentioned.

But I will grant that I didn't have to set up HA for these boxes. HA is usually a pain, regardless of platform, so that is a good thing.

Why not sFlow?  And regarding monitoring your network, what about physical taps and a tap aggregation/network packet broker solution like:

http://www.arista.com/en/solutions/technology-bulletins/585-tap-aggregation
Engineer by day, DJ by night, family first always

deanwebb

Vendor is working on a flow importer. And as for tap aggregation... we'd have to pay for those things, right? Maybe some other project will need them, so we won't have to use our budget for that...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

Some cool things I learned the other day Studying for the VCP-NV.

1. ESXi 5.5 using a vDS can do netflow. Easy to setup, but no clue how much of a load it would put on a production system.
2. ESXi can SPAN the vSwitch to a VM. Set Host affinity, and setup one VM per hypervisor to do capture of virtual traffic. Have not tested sending the SAPN out a physical NIC.
3. ESXi has a packet capture utility at the command line. The console output sucks, but it can save as a pcap.

-Otanx

wintermute000

Hahaha my VCPN exam is on July fourth. Good luck to you

SimonV

Quote from: Otanx on June 17, 2015, 04:34:56 PM
2. ESXi can SPAN the vSwitch to a VM. Set Host affinity, and setup one VM per hypervisor to do capture of virtual traffic. Have not tested sending the SAPN out a physical NIC.

Hi Otanx

Can you SPAN an entire VLAN that way? We have an issue with a couple of N5K's because they can only capture ingress or egress for VLANs, not both.

Otanx

Quote from: wintermute000 on June 17, 2015, 09:13:43 PM
Hahaha my VCPN exam is on July fourth. Good luck to you

Good luck to you as well.

Quote from: SimonV on June 18, 2015, 02:52:47 AM
Can you SPAN an entire VLAN that way? We have an issue with a couple of N5K's because they can only capture ingress or egress for VLANs, not both.

There are other issues with the 5Ks and SPAN. Namely only being able to SPAN at 1G.  You can span an entire vSwitch so I would assume so. I have not actually done that in a production network. Wintermute posted this link on another topic, and it has hands on labs for VMWare. Look at the introduction to distributed switch lesson. It has a lab on the SPAN capabilities. That is where I found out about it.

http://labs.hol.vmware.com/HOL/catalogs/

-Otanx

burnyd

Quote from: Otanx on June 17, 2015, 04:34:56 PM
Some cool things I learned the other day Studying for the VCP-NV.

1. ESXi 5.5 using a vDS can do netflow. Easy to setup, but no clue how much of a load it would put on a production system.
2. ESXi can SPAN the vSwitch to a VM. Set Host affinity, and setup one VM per hypervisor to do capture of virtual traffic. Have not tested sending the SAPN out a physical NIC.
3. ESXi has a packet capture utility at the command line. The console output sucks, but it can save as a pcap.

-Otanx

1.) Use netflow and try to use network i/o control.
2.) Yes this works but it would be hella impossible to get a clean sniff unless you migrated a single vm to said host but it all depends on the issue.
3.) Yeah that works out really well if you do not have a external packet sniffing device then you can save that pcap to a data store and grab it yourself.

mmcgurty

Quote from: ristau5741 on June 17, 2015, 07:20:23 AM
Quote from: mmcgurty on June 17, 2015, 07:03:22 AM
Quote from: Mowery on June 01, 2015, 12:29:13 PM
Quote from: ristau5741 on May 27, 2015, 12:12:55 PM
TIL how to configure CIMC on a Cisco C220 series server
(note to future self, do not use the same IP for the server and for the CIMC configuration)

CIMC has saved my bacon more than once.

Do you guys know if you can setup the CIMC on a Cisco C240 M3 if it has never been setup without taking down the server?


You will need to reboot the server and enter the CIMC configuration utility to setup CIMC.

I was afraid that this would be the case from what I was seeing in the documentation.  If I hear differently I will let you know.

mmcgurty

Quote from: Mowery on June 17, 2015, 08:19:54 AM
Quote from: ristau5741 on June 17, 2015, 07:20:23 AM
Quote from: mmcgurty on June 17, 2015, 07:03:22 AM
Quote from: Mowery on June 01, 2015, 12:29:13 PM
Quote from: ristau5741 on May 27, 2015, 12:12:55 PM
TIL how to configure CIMC on a Cisco C220 series server
(note to future self, do not use the same IP for the server and for the CIMC configuration)

CIMC has saved my bacon more than once.

Do you guys know if you can setup the CIMC on a Cisco C240 M3 if it has never been setup without taking down the server?


You will need to reboot the server and enter the CIMC configuration utility to setup CIMC.

It would be really handy if CIMC would pick up a DHCP address so you could set i up later, in case you forgot. I know I have missed it once or twice, and sometimes taking the server down isn't an option during the day.

Sounds like a feature request!  Where are my Cisco SE's at?

NetworkGroover

Quote from: mmcgurty on June 19, 2015, 07:20:06 AM
Quote from: Mowery on June 17, 2015, 08:19:54 AM
Quote from: ristau5741 on June 17, 2015, 07:20:23 AM
Quote from: mmcgurty on June 17, 2015, 07:03:22 AM
Quote from: Mowery on June 01, 2015, 12:29:13 PM
Quote from: ristau5741 on May 27, 2015, 12:12:55 PM
TIL how to configure CIMC on a Cisco C220 series server
(note to future self, do not use the same IP for the server and for the CIMC configuration)

CIMC has saved my bacon more than once.

Do you guys know if you can setup the CIMC on a Cisco C240 M3 if it has never been setup without taking down the server?


You will need to reboot the server and enter the CIMC configuration utility to setup CIMC.

It would be really handy if CIMC would pick up a DHCP address so you could set i up later, in case you forgot. I know I have missed it once or twice, and sometimes taking the server down isn't an option during the day.

Sounds like a feature request!  Where are my Cisco SE's at?

After they've already made the sale?
:partay: :woohoo: :joy: :pub: :cheers:

:problem?:
Engineer by day, DJ by night, family first always

Otanx

TIL that VSphere usernames are case sensitive, and that the default account is "Administrator@vsphere.local" not "administrator@vsphere.local". 10 minutes of lab time I won't get back.

-Otanx

deanwebb

TIL that when AD is in a mixed 2003 and 2012 environment, everyone blames NAC when people get kicked off the wireless... because of AD doing weird stuff with reading the user certificates on the mobile devices...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.