Spanning-tree root switch determination

STP, RSTP and MSTP are well known solutions for both loop detection and redundancy. Spanning-tree will determine the root switch and from that point it will calculate the link cost to the device. After the determination of the shortest path it will disable the more costly paths.

But this won’t always result in the best network topology. So how is this root switch appointed? Root switches are chosen because of two things their priority settings and after that who has the lowest MAC-address. This is why if you just let it determine the paths it won’t always be the best topology.

HP ProCurve (and maybe also other) switches are configured with the default priority 8. This way when you enable STP on them they just look at the lowest MAC-address. To optimize the topology you might want to set the priority of your main switch lower as the default priority (8). This way your switch is chosen as root switch and all paths are calculated from there.

The way to change the priority on HP ProCurve switches from CLI goes as follows:

[hostname]#config
[hostname](config)#spanning-tree priority [n]
[hostname](config)#write mem

[n] can be anything from 0 to 15. 0 being the highest priority and 15 being the lowest.

Using a custom stylesheet in MOSS 2007

Lately I’m working a lot with Microsoft Office Sharepoint Server 2007. To customize the look of a Sharepoint site you can achieve a lot by customizing the CSS. When you load this CSS in your site this CSS will overwrite the standard CSS. I wanted to make an article about how to do it, but why would I do this if there is already a great article out there written by Shane Perran. It’s called Kickstart to editing styles in MOSS 2007 and it describes perfectly how to do it. Here is a small excerpt:

Set up an Alternate CSS URL:

• Create a Publishing Site. Select Site Actions, Create Site. Then select the Publishing Tab and finally choose Publishing Site. It will take a few moments for your site to provision.
• Open your editor of choice and create a new file and add /* Custom Styles */ to it.
• Save it as “Custom.CSS”. If you are using notepad don’t forget to select “All Files” from the “Save as Type” drop down menu before saving, otherwise you will have a .txt extension.

Read the rest here at Kickstart to editing styles in MOSS 2007.

IE Developer Toolbar doesn’t show DOM tree in IE7

To customize the look of a Sharepoint site you can achieve a lot by making a CSS which overrides the standard CSS (on that subject more later). To determine what part of the standard stylesheet I have to override the IE Developer Toolbar is an absolute must have.

However when installing in Internet Explorer 7 it didn’t show me the DOM tree in the left screen. This worked flawless in Internet Explorer 6 so I was a bit surprised about the empty screen.

I looked around on the internet and though the solution is out there I didn’t see a clear answer. So this is a reminder for myself and hopefully for more people out there looking for the solution. To enable the DOM tree you need to ‘Enable’ the option Script ActivX controls marked safe for scripting. This can be found in Tools > Internet Options > Security Tab > Custom level....

Here you have to scroll down a bit and then you can put Script ActivX controls marked safe for scripting to enable and after you do a restart of Internet Explorer the IE Developer Toolbar should be fully functional.

Beacon probing resulting in excessive broadcasts

Not so long ago I posted a link to a VMWare blog in which beacon probing was demystified. This article stated that you only should use beacon probing when there is no link state tracking on the physical switches and you could consider beacon probing as a nice software solution for replacing it.

Well we’ve got our ESX environment set up by a local supplier and they advised us to use beacon probing instead of link state tracking. But for some reason beginning from that moment I got major events from my ProCurve switches stating excessive broadcasts. This wasn’t often, but especially during peak hours I was getting this notification.

When I started sniffing the network packets on the uplink of the switches I noticed what kind of packets it were. It was an almost continuous flow of RARP packets coming from the ESX servers. RARP packets are meant as MAC address table updates for switches. This way when a node is suddenly available on a different MAC address the switch already knows the new path. This is also what happens when a virtual switch detects a link is not functional. It will switch the uplink and notify the switches. When beacon probing isn’t working as expected ESX constantly thinks the uplink isn’t functional so it is constantly switching the uplink and as a result constantly sending out RARP packets.

While you can define both the notify switches parameter and the network failure detection, it isn’t good to just put notify switches to ‘No’. This way the failover is still constantly changing uplinks and this can result in errors (in my case timeouts with TFTP). The real problem was the failure detection. Beacon probing for some reason just didn’t work in our environment. When I changed the failure detection to ‘Link Status only’ all the RARP packets disappeared and my excessive broadcasts were gone.

In my case just link status only is sufficient, but I can imagine there are cases where you would want to use beacon probing. If you enable beacon probing and this results in excessive broadcasts (or just more broadcasts) I do advise to look if you could find those RARP packets. This can indicate that beacon probing is just not working correctly in your environment.

I want to thank Scott Lowe for giving me a push in the right direction.

What’s in your Request for Change document

I’m part of a relatively new IT department and we’re (re)building our processes. Part of those processes is change management. I think change management is really important in guaranteeing your uptime to your users. You just don’t want to change something big without a lot of research and testing.

Whenever we wanted to make a change we just needed to go to our supervisor and we would assess the situation together. There was no form of documentation and no documentation why the change was implemented in the first place. So this week I was wondering what would be useful to be on the document without being it too bureaucratic so that a change would take weeks/months.

As a result I built a form which anyone of the IT department could use. There were a bunch of fields which I thought was the least information what was needed. And I also applied a way of controlling and reviewing requests in the form.

So for those who are interested I will post here the questions I will ask in the document and a short description of what I expect as response. Continue reading →

Connecting USB HD in ESX for back-up

As the new year begun some servers were due to be moved to another place more permanent burial place. Our ‘expensive’ SAN storage space is too small to keep the old servers on it so it was time to move them to a USB harddisk. But I had no idea how I could attach it to the ESX. Well for those of you who want to know for the future here is how I did it.

Well first of all I hooked the USB drive onto the ESX server (HP Proliant DL380g5). When I logged onto the console the first thing I did was execute cat /var/log/messages. This gave me following lines:

kernel: Initializing USB Mass Storage driver...
kernel: usb.c: registered new driver usb-storage
kernel: scsi3 : SCSI emulation for USB Mass Storage devices
kernel: Vendor: WD Model: 10EAVS External Rev: 1.05
kernel: Type: Direct-Access ANSI SCSI revision: 02


And a couple of lines further:

kernel: VMWARE: Unique Device attached as scsi disk sdc at scsi3, channel 0, id 0, lun 0
kernel: Attached scsi disk sdc at scsi3, channel 0, id 0, lun 0
kernel: SCSI device sdc: 1953525168 512-byte hdwr sectors (1000205 MB)
kernel: sdc: sdc1
kernel: USB Mass Storage support registered.


From this information I concluded that the USB drive was recognised and was emulated as SCSI, hence the sdc. My harddrive already contained a NTFS partition, but ESX doesn’t have the NTFS drivers. Thats why it will mount the partition using FAT32. This would pose a problem because FAT32 doesn’t support files bigger as 4Gb and my vmdk’s are much bigger. So I decided to format the disk with EXT2 so I could move the files.

I first deleted all the existing partitions with fdisk and after that I created a new primary partition with partition type Linux. After formatting it with the command mke2fs /dev/sdc1 I had a working Linux partition. If you by any chance would want to have an EXT3 disk you could use mke2fs -j /dev/sdc1.

So now I got a working disk and a working partition. First I needed a mount point before I could actually mount the USB drive. So I made a directory in /mnt called ‘usb’ with mkdir /mnt/usb and I executed the following command:

mount /dev/sdc1 /mnt/usb

Now I could access the disk at /mnt/usb and copy all the old VM’s from /vmfs/volumes/[datastorename]. If you want to copy entire directory’s make sure you use the '-R' parameter with cp.

Virtualizing Red Had Enterprise Linux 2 (and all the troubles I had with it)

For some time I wanted to virtualize the only non-Windows server we had. It was a Red Hat Enterprise Linux 2 server serving some old legacy application. This server had to be preserved en kept running for archiving purposes. So instead of letting it run consuming power and hope it wouldn’t fail (+-7 year old hardware?) we wanted it to be virtual. This way we weren’t reliable on old hardware and we had a flexible way of turning it on whenever we needed it.

With great enthusiasm I went to the datacenter with the VMWare converter CD and I performed a quick and smooth virtualization of the machine. However when I started the machine I got kernel panics and notifications of partitions that couldn’t be found.

Well after quite some time (it wasn’t the highest priority) and a lot of searching I finally found a blogpost called Virtualize a Linux Server with VmWare Converter 3.0.1. “This is exactly what I am looking for!” was my first thought. Well although the article is really clear (well done Manlio Frizzi) it helped me only a bit further.

So my first steps were those that Manlio Frizzi described on his blog. Virtualized the system to my ESX environment. After i’ve done that I downloaded the rescue iso of Fedora Core 3 (FC2 wasn’t available) and mounted this in the virtual cd-rom drive. After selecting “Rescue installed system” from the bootscreen it started loading the BusLogic driver. Then I selected English as my language and US as my keyboard lay-out.

Continue reading →

Standard ESX networking tasks from command line (Part 2)

In part 1 I covered some NIC operations from command line. In part 2 I will cover some standard virtual switch tasks like adding and deleting a virtual switch and making and configuring PortGroups. So here goes for virtual switch operations…

Listing all virtual switches

esxcfg-vswitch -l

This commands gives you a list of all the configured virtual switches with their PortGroups and connected uplinks. Further more a lot of properties are shown about the vSwitches and PortGroups. For vSwitches it shows among other things the name, the uplinks, the number of used ports and the number of configured ports. For PortGroups it shows the PortGroup name, VLAN ID and uplinks.

Add a virtual switch called ‘TestSwitch1′

It’s really simple to add a virtual switch to an ESX server. You simply use the following command:

esxcfg-vswitch -a TestSwitch1

This creates a virtual switch with the name ‘TestSwitch1′. It still has no PortGroups and it has been set with the default amount of configured ports (64). To see all the properties use the command provided earlier to list the virtual switches. If you want to specify the number of configured ports you can use the following command:

esxcfg-vswitch -a TestSwitch1:16

This gives you a virtual switch named ‘TestSwitch1′ with 16 configured ports.

Continue reading →

Standard ESX networking tasks from command line (Part 1)

As I was looking around in the command line interface (which is pretty new for me) I came around the esxcfg- command set. In particular the commands to manage the NIC’s (part 1) and the vSwitches (part 2) raised my interest. I decided to explore a bit further and write down how to do some standard actions. So here goes for NIC operations…

Listing all NIC’s

esxcfg-nics -l

This commands gives you a nice list of all the available NIC’s and all their properties. Those properties include name, link, speed, duplex and description.

Setting a specific link speed and duplexity of a NIC

The thing I want to do here is set my ‘vmnic3′ (the name I got from my previous command) to a speed of 100Mbps and I want to set it to full duplex. The command to do this is:

esxcfg-nics -s 100 -d full vmnic3

The ‘-s’ parameter defines the speed. This parameter can hold the values 10, 100, 1000 and 10000 respectively defining the speed to 10Mbps, 100Mbps, 1000Mbps and 10000Mbps.

The ‘-d’ parameter defines the duplexity. This parameter can hold the value ‘full’ for full duplex and ‘half’ for half duplex.

Setting link speed and duplexity of a NIC to automatic detection

To set my ‘vmnic3′ back to automatic detection I use the following command:

esxcfg-nics -a vmnic3

The ‘-a’ parameter simply sets the link speed and duplexity of the NIC back to automatic.

I hope this was useful to someone. At least I got better understanding and a little reminder for myself how to do these things. In part 2 I will cover some standard networking tasks considering virtual switches using the command esxcfg-vswitch.

Switch meshing ProCurve switches unless…

… you are using those switches for routing. Great so the only option for improving my networking environment for load balancing my ESX environment was crushed by these two HP documents: Switch Meshing and LAN Aggregation Through Switch Meshing.

Apparently there is a whole list of requirements for switch meshing. This list is most clearly defined in Switch Meshing (starting from page to 5 and ending at page 7). Just a short beginning of the list:

• A meshed switch can have some ports in the meshed domain and other ports outside the meshed domain. That is, ports within the meshed domain must be configured for meshing, while ports outside the meshed domain must not be configured for meshing.
• Meshed links must be point-to-point switch links.
• On any switch, all meshed ports belong to the same mesh domain.
• A switch can have up to 24 meshed ports.
• A mesh domain can include up to 12 switches.
• Up to five inter-switch, meshed hops are allowed in the path connecting two nodes through a switch mesh domain. A path of six or more meshed hops between two nodes is unusable. However, in most mesh topologies, there would normally be a shorter path available, and paths of five hops or fewer through the same mesh will continue to operate.
• ….

I have four HP ProCurve 5300 series switches and they all do routing. Switch meshing was my only option left after exploring NIC teaming articles from Scott Lowe and Lukas Kubin. Those articles describe perfectly how you could do NIC teaming and VLAN trunking on one ProCurve switch, but not how to do it with two of them. After some searching the only option to accomplish what I wanted was a HP patented technique called switch meshing.

So this is not an article explaining how to configure switch meshing for use with ESX, but to warn people for all the requirements. If your environment complies with all the requirements made for switch meshing the two documents named above will do sufficiently as far as it goes how to configure and what switch meshing exactly is.

If I ever end up in an environment where I am able to configure switch meshing I will certainly post how I did it. During my search for what switch meshing was I found out about another technology called XRRP. With that technology at least I can make a really good failover for my gateways, but later more on that.