Linux Fibre Channel SCSI Target using SCST

Fibre channel or Fiber Channel is also another way to present SCSI devices over a network medium using a complete different protocol suite then my previous article on iSCSI. With Fiber Channel transfer speeds and protocol delivery is much faster than iSCSI. The fundamental difference between the two is iSCSI uses TCP/IP protocol suite to deliver SCSI messages, and Fiber Channel uses Fiber channel to deliver SCSI message. This means that you will have to have network equipment that is Fiber Channel capable, such as Fiber Channel switches, Fiber Channel HBA (similar to TCP/IP NICs), etc. For the purposes of this article I will not go into how Fiber Channel works, or how it does it’s job of delivering SCSI messages two and from SCSI initiators and SCSI targets. This article will step through how to turn a Linux machine into a Fiber channel SCSI Target. There are a few things you will need to even attempt this:

  • A Linux machine running Kernel 3.2+
  • SCST and SCSTAdmin (see below steps)
  • A separate machine that will act as a Fiber channel initiator, this can be another Linux machine, or an ESX host, etc
  • At least two(2) Fiber channel HBA’s with one physical WWN port each installed in both machines
  • A OM2 or 3 Multi-mode Fiber cable with connectors capable of being used with the HBAs
  • Enough disk space to create a Virtual Disk so we may present it as a LUN
  • And lastly, some excitement!! you are about to enter the new world of Fiber Channel!!

Continue reading…

Cisco ASA 5505 Memory Upgrade

Hi Folks! So I was trying to update my Cisco ASA 5505 my buddy gave me from version 8.2 to 9.1. However upon reloading the device with the new 9.1 image file I got a warning on the console! I received the error of purchase Cisco item “ASA5505-MEM-512=”


Continue reading…

F5 BIGIP — Alternative using HAProxy and keepalived — Part 2

Okay we’re back!! Welcome to Part#2. If you’ve read my last post in this high availability and load balancing series(Part#1) you understand the need for HAProxy to complete our setup. If you recall, I am looking for a alternative solution to BIGIP F5 LTMs products. These products provide both high-availability fail-over via a Floating IP between LTMs, and the Load Balancing of requests to service endpoints. In the previous post, we managed to tackle the former part and provide High Availability, but not the Load Balancing part.

To complete this alternative we now add HAProxy into our setup.
Continue reading…

F5 BIGIP — Alternative using HAProxy and keepalived — Part 1

I come from a strong BIG IP F5 background and wanted to explorer alternatives to their LTM product line. BIG IP F5 LTMs are their Highly Availability and Load-Balancing network products, see here. They are primarily used as a means to mitigate infrastructure failover across server clusters. How this is done is by use of a floating IP address that is shared between two independent devices, in this case LTMs. One LTM is always active and responds to request for this Floating IP from client devices. In the event of a device failure, the secondary LTM will sense this via a variety of means and take over as the Active LTM. This essentially is how the High-Availability or failover is maintained at an infrastructure connectivity perspective. The second piece to these devices is their load-balancing functionality. Load-balancing has many forms, for this case, we are talking about network service load balancing (pretty much layer 4 and above. This allows more intelligence into the distribution of request to a server farm or cluster.

Now as I stated previously, I was looking into alternative solutions and I came across a GNU free software called keepalived which seemed to do exactly what I needed. Remember their are two pieces I wanted to fullfill as an alternative solution to LTM; it has to be able to maintain Network failover (seamlessly) and provide load-balancing for serivce endpoints. Also, surprisingly, much of the configuration statements in the keepalived.conf look very simlar to F5 LTM bigip.conf file.
Continue reading…

Cisco IOS –DHCP/DNS Authoritative Server on Router

I was trying to set up a SOHO router for a small client the other day and was having difficulty getting the DNS server to function the way I wanted on the router. I could get the DNS server to run on the Cisco Router, but it would only work on external domains. Any static record I added would not be resolvable for clients.

For starters, I will assume you have your own Cisco router running 12.4+ IOS firmware with ipservices.

DHCP first…

  1. First, let’s set up DHCP on the Router
    R1(config)# interface fastEthernet 0/1
    R1(config)# ip address 10.0.0.1 255.255.255.0
    R1(config)# no shutdown
    
  2. Enable DHCP service on that interface
    R1(config)# ip dhcp-server 10.0.0.1
  3. Configure DHCP settings
    R1(config)# ip dhcp pool dhcp-pool
    R1(config-dhcp)# network 10.0.0.0 255.255.255.0
    R1(config-dhcp)# domain-name yourdomain.local
    R1(config-dhcp)# dns-server 10.0.0.1
    R1(config-dhcp)# default-router 10.0.0.1
    R1(config-dhcp)# lease 7

    Continue reading…

Linux — MRTG in Minutes!

MRTG is one of those tools a Network Engineer has on his/her toolbelt. MRTG allows the graphing of trending network activity for a wide range of devices. It uses SNMP to query a host and poll it’s network information and statistics. It can be used with Routers, Switches, Linux Hosts, etc.

I’m going to run MRTG against a Linux Router(running IPtables), a HP PowerConnect Switch, a Cisco Router, and an ESXi host. Anyway….Let’s get started.

Continue reading…

Cisco IOS — Link Aggregation with LACP and NIC Teaming

Hi All!, been awhile since I posted an article and I don’t think I have ever posted one on Network Link Aggregation!! Link Aggregation is the physical combining of network links into one logical link. There are two main advantages to this practice. First is the increase throughput that you obtain by combining links, for example combining 2x 1GB links will increase your total bandwidth to 2GB.(Keep in mind this will not change your latency…) Secondly, link aggregation grants the benefits of redundancy. Imagine the setup above. If 1 of the 1GB links fails, you would still have the other 1GB link to fall back on, woot!.

Wikipedia Image
–Image From Wikipedia
Continue reading…

Squid Proxy — Splash Page

Hi All! So after my last article regarding securing a guest network web access with Squid and SquidGuard, I wanted to share how I came about creating a Splash Page for Guest users of my Free WiFi hotspot. My goal was to present new Guests with a splash page identifying certain Terms of Usage, etc. Basically we will need a HTML or PHP Splash Page, an ACL identifying the Guests by IP, an external ACL program (squid_session), and a Deny with Information (deny_info).
Continue reading…

Squid Proxy — Caching Proxy with SSL with Squid3.1

Hello, hello! Recently I posted a two part article on creating a Guest wireless network using OpenWRT, VLANs, and Firewall rules. Now we left things kinda open from a security standpoint. WE gave our Guest users full Internet access with no restrictions on sites, bandwidth usage, or ports!! Yikes! For this article I am going to walk you through the steps to close those gaps. We are going to first configure a Web Proxy server that will proxy outbound Internet connections. This allows us to check where and what are Guests are trying to get their hands on. Good and bad. We will also force Guests to connect to this Web Proxy server transparently. What I mean by that is the Guests will not be required to do anything on their side to connect, our firewall will take care of that. And lastly, I want only allow limited bandwidth of HTTP traffic. You will see later on how we can accomplish this. I’ve expanded upon this article of mine that uses squid proxy to filter Ads.
Continue reading…

Linux — dd Operations Notes

I recently was helping a friend with some computer trouble which resulting in me first creating a full disk Image backup using “dd”. I’ve done this before years ago, but I wanted to add some of the common dd backup/restore methods to my notepad. There are so many articles online on how to use dd to do a Full disk backup and restore it. I will be using similar methods.

dd Terms

  • if — input device (file,hardware,CD,etc).
  • of — output device (file,hardware,CD,etc).
  • bs — sets “dd” read and write size.
  • noerror — continues after read errors.
  • readom — CD to ISO utility.
  • mount — Linux command to mount file-systems
  • gz — gunzip is a compression utility which helps to reduce the size of images created with dd.
  • md5sum — a checksum utility to ensure integrity when moving large image files.

Continue reading…