Archive

Archive for the ‘Data Center’ Category

Required ports for adding the ESX/ESXi host to an Active Directory domain

July 12th, 2014 Comments off

You need to open both TCP and UDP ports for the following

Port 88 – Kerberos authentication
Port 123 – NTP
Port 135 – RPC
Port 137 – NetBIOS Name Service
Port 139 – NetBIOS Session Service (SMB)
Port 389 – LDAP
Port 445 – Microsoft-DS Active Directory, Windows shares (SMB over TCP)
Port 464 – Kerberos – change/password changes
Port 3268- Global Catalog search

Cisco Nexus 1000v: VEM needs an VMK interface to connect to VSM

June 26th, 2014 Comments off

A VMK (VM Kernel) interface is a virtual interface that ESXi itself uses to connect to the outside world. When we first setup an ESXi, VMK0 is setup to be the management interface.

When you install Nexus 1000v, the VEM modules need a way to communicate to the VSM modules, and we need a VMK interface on the ESXi hosts to do this.

If you choose to use the management VMK interface (normally VMK0) for layer 3 control, that VMK will need to be moved over to the Nexus 1000V, where it will sit ‘behind’ the VEM or else VSM will not ‘see’ the VEM (i.e. it won’t appear in the output of ‘sh mod’) until the VMK interface is moved to the VEM.

esxi-vem1

For myself I prefer to have VMK0 interface “out of band”. I leave VMK0 with vSwitch0 and create a new VMK1 interface for the VEM communication

esxi-vem2

If you choose this option, you may need to configure static routes on the ESXi host if the two VMK interfaces are in different VLANs – for example, a default gateway would be configured via VMK0, while a more specific static route would be configured via VMK1 towards the VSM IP address.

EMC VNX – Updating firmware has crashed. Now what?

June 12th, 2014 Comments off

Today I downloaded the newest firmware update for a pair of VNX 5400. The first update went well. I then started to update the 2nd one. The process took about 2 hours for the first one. I didn’t want to wait so I left it there uploading. About 3 hours later, I went back and this had happened

java crashed

Now what ?

I started to check the VNX, logging in appeared to be fine. The software shows the correct latest version. I performed a few operations , created, deleted a few LUN, everything seemed fine. Should I leave it as that ? Do I want to call EMC and stay on the phone for 2 hours for EMC support helpdesk to check it ?

Luckily, I found out that USM does show the status of the last update. It also shows the time the Update started and the time it took to finish. Everything seems to be perfect.

Note that you can also run a “Health Check”. Click the picture for more details.

vnx-soft-check

Categories: Data Center, Storage

Java Application Error – Security Exception

April 28th, 2014 Comments off

I just updated Java to version 7 update 55 and I can’t login to EMC Navisphere anymore. Java V7u55 just decided to stop the local Java apps without even telling you why. I googled it, most website says you have to add the URL to the “Exception Site List” in the Security tab, but guess what, there is no “Exception Site List” any more.

p1

So you will have to do it the “Old school” way, edit file “exception.sites” and add in the URL at

C:\Users\lastname.firstname\AppData\LocalLow\Sun\Java\Deployment\security

Note that AppData directory is hidden.

p2

Categories: Data Center, Windows

Cisco Nexus VPC Domain ID

April 4th, 2014 Comments off

For the last 3 days, I’ve tried to configure vPC for a pair of Nexus 5548UP. No matter what I did, the pair just refused to connect and form vPC properly. So far I have tried:
- Upgrading to NX-OS version 6
- Upgrading to NX-OS version 7
- Restarting to factory default configs
- Restarting the switches many times
- Checking cables and connectors

The configurations I had for them were
1 diagram

Shared Config:

First switch

Second switch

And I kept getting this
2 vlan down

Therefore,
3 vpc bri

Do you see the problem? It turned out that’s because I used the same vPC Domain ID as my KeepAlive Port-Channel ID :101. A mistake that can be made easily in my effort of keeping the code clean.

I fixed it by changing everything I could about the configuration, eventually I changed the vPC domain ID and it works

Then I found this Cisco document:
vPC Domain ID Modification on an Active vPC Domain

The vPC peer devices use the vPC domain ID that you configure in order to automatically assign a unique vPC system MAC address. Each vPC domain has a unique MAC address that is used as a unique identifier for the specific vPC-related operations. However, the devices use the vPC system MAC addresses only for link-scope operations, such as LACP. Therefore, Cisco recommends that you create each vPC domain within the contiguous Layer 2 network with a unique domain ID.

Categories: Data Center, Networking

Cisco UCS : Tracing packet paths with a MAC address

March 14th, 2014 Comments off

In the UCS world where a virtual NIC on a virtual server is connected to a virtual port on a virtual switch by a virtual cable, it is not surprising that there can be confusion about what path packets are actually taking through the UCS infrastructure.

Similarly knowing the full data path through the UCS infrastructure is essential to understanding troubleshooting and testing failover.

In this post I will demonstrate how to trace the paths of the packets in a Cisco UCS Data Center.

The diagram below shows a Half width blade with a vNIC called eth0 created on a Cisco VIC (M81KR) with its primary path mapped to Fabric A. For simplicity only one IO Module to Fabric Interconnect link is shown in the diagram, as well as only one of the Host Interfaces (HIFs / Server facing ports) on the IO module.

1 overview

With the MAC address, you first need to find out the virtual circuit number with the following commands. Note that it will show nothing if you are in the wrong FI.

2 mac to veth

With the Veth#, now we can find the Chassis/Server ID with this command

3 veth to chassis-server

We can go further and find the Uplink/Border Interface where the Fabric Interconnect connects to the LAN with this command

4 veth to uplink

Next , we will find the FI port (Server port) that connect to this virtual circuit with the following command

Where Ethernet #/#/# is the “Bound Interface” you found above with the “show int veth #” command
3 veth to chassis-server

Now you should have the server port (Fabric-if), to find the
FEX Network Port
5 F-if to FEX-uplink

The steps above should help you identify the paths of the packets. For in depth network troubleshooting , see the following Cisco slide
ciscoslide

How to setup Minicom on a Kali (Debian) Linux computer

January 20th, 2014 Comments off

I needed to use the console port to configure some Cisco gears. Unfortunately, I only had my Kali Linux laptop with me. After a quick Google search, I found a package called “Minicom”, which could be used to connect to the serial ports on the laptop.

First, I went straight to “apt-get” to install the package, by using

But Kali Linux kicked back with error

1 apt-get

Turned out that the package ‘minicom’ placed in ‘universe’ repository. Check if that repository is enabled. The /etc/apt/sources.list must contain something like this:

Remember to run sudo apt-get update after changing the sources.list

2 sources list

Now I could install it

3 install

I also needed to get the serial port info with the following command:

4 dmesg

Then I could start Minicom and set it up with the information I have

5 minicom setup

Don’t forget to save the settings as default.
From now on, when I need to use the console port to config my Cisco gears, I just run Minicom and ready to go.

The last step would be, to Exit from minicom, Click Ctrl, A, Z then X.

Categories: Data Center, Linux
l>