0

Synology DS1513+ Released

DS1513+The Synology DS1512 has been a popular choice for many home labs in recent years. I hoped that the company’s raft of recent product updates would reach this model eventually. Well my wish was granted as Synology have announced the DS1513+.

There are a few modifications to note. The one that stands out the most at first glance is the doubling of LAN capability.  The DS1513+ boasts no fewer than 4 RJ45 ports. That does seem like quite a lot. It does open up some interesting possibilities though…

The full specifications for the DS1513+ can be found here.

0

Nutanix Bloggers’ Session 08/10/2012

I was invited to a briefing by the vendor Nutanix on Monday at VMworld. Now there are a lot of new / recent startups in the storage space and keeping a handle on them all could occupy my time completely so I did hesitate to accept the invitation at first.

I had heard some good things about Nutanix from other bloggers though and, after looking at their website, I was intrigued to find out a little more. Along with a few other bloggers I found my way to the Tryp Apolo hotel in Barcelona where we were greeted by a number of Nutanix employees from EMEA and the US along with London VMUG’s very own Jane Rimmer.

Perhaps now is a good time to explain what it is that Nutanix do. They claim to be a software company but their software is only available on their hardware. I would perhaps think of them more as a storage solutions company. Anyway, that’s semantics.

Nutanix’s product aims to provide a full virtualization platform that performs consistently well, scales linearly and, most importantly, does not requires any shared storage. That’s right, no shared storage. No SAN.

Each node (host) is a fairly standard x64 architecture server with dual processors. Presently each node comes equipped with 320Gb of PCIe SSD (fusionio), 300Gb of SATA SSD and 5Tb of SATA HDDs. Each node also has 1x10GbE and 2x1GbE networking connections. Nodes are manufactured in blocks of 4 and each node has VMware ESXi pre-installed on it.

Aside from combining the hardware, Nutanix’s secret sauce comes in when it comes to presenting that local storage to ESXi. When the nodes are clustered, the available storage is combined and presented as a VMFS datastore to all of the hosts in the cluster. VMs provisioned on a host will have their files stored locally although it will appear like they are being stored on a shared datastore when viewed through the vSphere Client. Behind the scenes the Nutanix software actually replicates those files to other hosts within the cluster (imagine that there are more hosts than shown below – this was just a quick diagram that I knocked up):

The fact that the datastore is presented to all hosts means that vMotion and HA both work as intended. If a VM ends up on another host Nutanix will move that VM’s files to the correct host in the background and completely transparently.

With respect to scaling, Nutanix say that you can just add blocks to an existing deployment. As each node has its own storage, each node should have more than adequate storage performance to handle the VM load placed on it. Clever stuff but does it really work and does it really scale?

Being the diligent bloggers that we are, we asked plenty of questions and Nutanix seemed to have all of the right answers. For me, the idea of scaling in that way is perfect for a growing business. More established enterprises may be too heavily invested in existing technologies to consider it though. Technically it’s a clever solution too, no doubt about that, but perhaps they may need to introduce a few more sizing options for the hosts over time or the software up to being used on other hardware platforms.

After that, Nutanix gave us some insights into the future development of their product. I can’t go into details unfortunately but I look forward to seeing how they progress.

Thanks to Jane and Nutanix for organising the session (and the drinks afterwards) and talking with us all.

0

QNAP VAAI Details

I did promise to pop back to QNAP’s stand at VMworld Europe when I posted yesterday about them introducing VAAI across their range of storage appliances. True to my word, I popped in for a chat.

As a reminder, VAAI (vStorage APIs for Array Integration) enables ESXi hosts to offload specific virtual machine and storage management operations to compliant storage hardware – basically talking some of the storage load from the hosts and letting the storage hardware handle it.

Now whilst the functionality will be available across their range of products with release 3.8, it seems likely that they are only going to certify it on the x79 series. It will work on all of their current and past models however. The features to be implemented are:

  • Block Zeroing – used during the creation of vmdk disk files
  • Block Copy – used when deploying and cloning VMs / templates. Rather than the ESXi host copying vmdk files from the storage and re-writing them back, the copy is performed by the storage hardware.
  • Hardware accelerated locking – (aka Atomic Test & Set) used during the creation and locking of files on a volume
  • vSphere Client Integration – allows provisioning and management of datastores from within the vSphere client

QNAP said that 3.8 will be available as of November sometime although their website makes no mention of it currently. I did ask about other features, such as VASA (vStorage APIs for Storage Awareness), but there’s no word on those yet. Personally I suspect they knew a little more than they were letting on.

0

QNAP Gets VAAI

I purposefully wandered past the QNAP booth in the Solutions Exchange at VMworld Europe 2012 yesterday as I have one of their devices at home connected up to my lab (although as it gets older and my demands get higher I find that I’m using it less and less). I also know a few other individuals (e.g. Jeremy – co-author on this site) who have one in their home lab setup and QNAP have a good presence in the SMB market.

As the title suggests, QNAP are going to deliver VAAI functionality very shortly. The really good thing though is that this does not mean that you need to buy a new model. As QNAP use the same OS package on all of their devices, the whole range will get the functionality as of version 3.8. Geeks (with QNAPs) everywhere will rejoice and dance in the streets!

I plan to pop back past later on and find out more about it.

0

New HP Proliant Microserver N40L

HP have recently updated their Proliant Microserver to sport a slightly nippier processor. As well as the 250Gb SATA drive it also now comes with 2Gb RAM as standard – although if you’re thinking of using one for a home lab Virtual Infrastructure you’d need to replace that with 2 x 4Gb sticks anyway.

HP’s ongoing cashback deal for this little gem is still running too. Before cashback they’re about £200 + VAT meaning that once you get your cheque back from HP, they work out at only £120 each. Not bad at all for a home lab and the AMD NEO N40L 1.5Ghz dual-core processor should be enough to handle a reasonable lab-like load.

ServersPlus are one of the places in the UK to pick one of these servers up. They even offer an ESXi 5 testbed bundle that includes the 8Gb RAM and an optical drive.

These little servers are great lab servers if you need something small and quiet. I have 3 of them running more or less full time at home and my wife hasn’t complained about the electricity bill… yet.

0

Pimp My Microserver!

I’m not normally in the habit of posting this sort of thing but I do own a number of these MicroServers and they’re great for home lab use. They may only take up to 8Gb RAM and have single, dual-core chips in them but they don’t eat much power and don’t make much noise. They’re also as “cheap as chips” to buy!

Enough about why I have them. ServersPlus are running a competition of sorts to design a cosmetically pimped up MicroServer. If you submit what becomes the winning design you get the first one of the batch for free.

Submissions have to be in on 11th November and voting runs until 30th November.

0

Creating VLANs in DD-WRT (Part 3)

In the second part of this post I completed the setup of VLANs on my WNR3500L router. To make them available to hosts (and VMs) I now have to configure my Cisco SLM2008 switches.

Fortunately that turns out to be fairly simple. The SLM 2008 has a web-based GUI that does the job nicely. Once logged in it’s a matter of opening the VLAN >> VLAN Settings page. Then just tap in the VLAN ID that you want to create and click “Add”.

This then drops you into an additional page where you choose which ports to associate the VLAN with. I picked all of the ports on this switch (where my ESX hosts are located). Then I clicked “Save”.

It’s just then a case of repeating for the other VLANs that are required. And that’s the switches done. The default configuration of them doesn’t require any further tweaking.

Within vSphere, the configuration required should be obvious. Here’s a screenshot from my ESX host with a portgroup called “Test” defined.

It has a VLAN ID of 6 and one VM in it with an IP Address of 192.168.6.41. It can reach the router’s primary network, the internet and be contacted from my main network and wireless clients.

Exactly what I want for now.

0

Creating VLANs in DD-WRT (Part 2)

In the first part of this post I created some VLANs on my NetGear WNR3500L router that I’ve flashed with DD-WRT firmware. In this second part of the post I will be assigning IP address ranges to those VLANs and configuring the router’s firewall.

I want the VLANs that I setup previously to use separate IP Address ranges. To do this it’s back into to the telnet session and enter the following command:

[text]nvram set rc_startup=’
#!/bin/ash
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
ifconfig vlan6 192.168.6.254 netmask 255.255.255.0
ifconfig vlan7 192.168.7.254 netmask 255.255.255.0
ifconfig vlan8 192.168.8.254 netmask 255.255.255.0
ifconfig vlan9 192.168.9.254 netmask 255.255.255.0
ifconfig vlan10 192.168.10.254 netmask 255.255.255.0
ifconfig vlan11 192.168.11.254 netmask 255.255.255.0
ifconfig vlan12 192.168.12.254 netmask 255.255.255.0
ifconfig vlan13 192.168.13.254 netmask 255.255.255.0
ifconfig vlan14 192.168.14.254 netmask 255.255.255.0
ifconfig vlan15 192.168.15.254 netmask 255.255.255.0

ifconfig vlan6 up
ifconfig vlan7 up
ifconfig vlan8 up
ifconfig vlan9 up
ifconfig vlan10 up
ifconfig vlan11 up
ifconfig vlan12 up
ifconfig vlan13 up
ifconfig vlan14 up
ifconfig vlan15 up
‘[/text]

(There is actually a way to do this step through the router’s GUI too.)

Reboot the router again for the changes to take effect.

The final configuration that needs to be made is to the internal firewall of the router. With all of these new interfaces created, we need to define some rules to permit (or deny) traffic between them.

Now I could have just turned the firewall off but that wouldn’t be a very good idea. Instead I modified the rules. For a single VLAN (VLAN 6 for example) the following commands were required:

[text]iptables -I INPUT -i vlan6 -j ACCEPT
iptables -I FORWARD -i vlan6 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o ppp0 -m state –state NEW -j ACCEPT[/text]

The first line allows traffic from VLAN6 to talk to the router. The second line allows VLAN6 to talk to the default LAN network (VLAN1). The final line allows VLAN6 to access the WAN interface (internet).

There are two ways of applying these rules. The first is by executing the following on the router’s telnet interface:

[text]nvram set rc_firewall=’
iptables -I INPUT -i vlan6 -j ACCEPT
iptables -I FORWARD -i vlan6 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o ppp0 -m state –state NEW -j ACCEPT'[/text]

The other method is to use the GUI. Under Administration >> Commands there is a text are to enter the commands. Then all you need to do is click the “Save Firewall” button to have the commands take effect at the next reboot of the router. Additionally you can click the “Run Commands” button to execute them immediately. (Bear in mind though that commands run immediately are not persistent across a reboot.)

I thought that would sort everything out so I made the same changes for all of the VLANs. However, when it came to using those VLANs I discovered that although the could “talk” to the internet and to wireless clients, they could not “talk” to each other. This meant a revision to the firewall rules that I set out above was required.

Whilst working out what I needed, I discovered that a wildcard character exists and that what I wanted to achieve could be done in just 4 lines:

[text]iptables -I INPUT -i vlan+ -j ACCEPT
iptables -I FORWARD -i vlan+ -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan+ -o vlan+ -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan+ -o ppp0 -m state –state NEW -j ACCEPT[/text]

Line 1 accepts input from any of the VLAN interfaces into the router.

Line 2 allows any traffic coming from the VLAN interfaces to access the bridge (this is connected to the RJ45 ports and the wireless)

Line 3 allows traffic to come from any VLAN and go to any VLAN (this was the rule I was missing the first time around)

Line 4 allows traffic coming from any of the VLANs to go to the internet.

However, a quick word on the internet (WAN) interface, ppp0, and security in general. The WNR3500L router does not have an ADSL modem in it. (I have a separate one of those (Draytek Vigor 120)). Configuration of the WAN for my environment is therefore completed using the PPPoE protocol and hence the WAN interface gets called ppp0. If you use this router with cable broadband (e.g. Virgin Media) you may end up with a different WAN interface name. Not only will you have to adjust the rules above accordingly, you need to make sure that you don’t inadvertently open up a gaping security hole!

Which is why it might be best to stick the following rules into the router instead of the ones above:

[text]iptables -I INPUT -i vlan6 -j ACCEPT
iptables -I FORWARD -i vlan6 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o ppp0 -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan7 -j ACCEPT
iptables -I FORWARD -i vlan7 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan7 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan8 -j ACCEPT
iptables -I FORWARD -i vlan8 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan8 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan9 -j ACCEPT
iptables -I FORWARD -i vlan9 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan9 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan10 -j ACCEPT
iptables -I FORWARD -i vlan10 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan10 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan11 -j ACCEPT
iptables -I FORWARD -i vlan11 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan11 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan12 -j ACCEPT
iptables -I FORWARD -i vlan12 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan12 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan13 -j ACCEPT
iptables -I FORWARD -i vlan13 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan13 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan14 -j ACCEPT
iptables -I FORWARD -i vlan14 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan14 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan15 -j ACCEPT
iptables -I FORWARD -i vlan15 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan15 -o vlan+ -m state –state NEW -j ACCEPT[/text]

Whilst it’s not as elegant a solution as the one with the wildcards, it is more specific and hence more secure and I’m not an iptables expert so I’m going for the safer option. Also note that in the above example, I’ve only given VLAN6 access to the ppp0 (internet / WAN) interface.

That’s just the simple firewall changes that can be made. More complex setups can be achieved but you need to know what you’re doing. There’s an introduction to IPTABLES that can be found on the DD-WRT site.

That’s it for the router’s configuration. In the third and final part of the post I describe how the VLANs are defined on the Cisco SLM2008 switches that I have connected to the router.

0

Creating VLANs in DD-WRT (Part 1)

I’m breaking this post up into 3 parts because it does go on a bit.

  • Part 1 – An overview of what I’m trying to do and creating VLANs on the router
  • Part 2 – Configuring IP ranges and the router’s firewall
  • Part 3 – Configuring VLANs on the SLM2008 switches

Recently I have flashed my home router (a NetGear WNR3500L) with DD-WRT firmware and performed some basic and intermediate configuration to connect it to the internet and direct DNS queries for my lab domain to the correct DNS server.

Now though I want to setup some VLANs. I want to be able to make use of some of the more advanced networking features in vSphere in my lab and this was one of the primary drivers for me selecting the router that I did.

I already have two Cisco SLM2008 smart switches in my lab. They are 8-port network switches that provide a number of useful features for the price. Simon Seagrave has a good description and review of the switches on his site, SLM2008 review. Upgrading and configuring my router to make better use of those features is what this post is about.

The standard DD-WRT interface allows you to assign single VLANs to individual ports but I want to go a step further than that and create 802.1q trunk ports. DD-WRT is capable of doing this but the configuration isn’t a point-and-click affair in the present build (so I understand).

Firstly, it might help to show the network topology that I’m aiming for here:

The rear of the NetGear router then looks like this:

The goal here is to create a small number of VLANs on the router and enable the two ports connected to the SLM2008 switches to carry 802.1q tagged packets. To do this we have to access the router via a telnet connection.

Enabling telnet on the router is fairly straightforward. On the Administration >> Management page, under Remote Access, it is simply a matter of enabling Telnet Management.

With that done you can use your favourite command line or terminal program to telnet to the router:

It’s worth noting that you have to login as “root” regardless of what you set the router’s username to be. The password will be whatever you set it to though.

The remainder of this article is based on the Switched Ports WIKI page on the DD-WRT site.

The first step is to examine the default VLAN configuration settings that are stored in NVRAM before we change them.

[text]nvram show | grep vlan.*ports[/text]

On the model of router that I’m using (WNR3500L in case you’d forgotten) you should get the following back:

[text]vlan2ports=0 8
vlan1ports=4 3 2 1 8*[/text]

(The results that you get back might vary if you have a different router.)

What this shows is that there are two VLANs in use by default. VLAN2 is assigned to the WAN port (port 0) and the internal CPU port (port 8). VLAN1 is assigned to all four LAN ports and the internal CPU port. The asterisk denotes that this is the default VLAN.

You’ll also want to run this command:

[text]nvram show | grep port.*vlans[/text]

That will return the following default settings:

[text]port5vlans=1 2 16
port3vlans=1
port1vlans=1
port4vlans=1
port2vlans=1
port0vlans=2[/text]

This shows that the LAN ports (1-4) are joined to VLAN1, the WAN port (0) is joined to VLAN2 and the internal CPU port (5 now and not 8 for some bizarre reason) is joined to VLANs 1 and 2 and is also Tagged (that’s what the 16 means).

And also this one:

[text]nvram show | grep vlan.*hwname[/text]

Results:

[text]vlan2hwname=et0
vlan1hwname=et0[/text]

Some of these settings might need some further explaining. The switched ports page on the DD-WRT WIKI explains them fairly well.

In order to configure / change these settings though we need to “set” them and not just “show” them.

[text]nvram set vlan6ports="2t 1t 8"
nvram set vlan7ports="2t 1t 8"
nvram set vlan8ports="2t 1t 8"
nvram set vlan9ports="2t 1t 8"
nvram set vlan10ports="2t 1t 8"
nvram set vlan11ports="2t 1t 8"
nvram set vlan12ports="2t 1t 8"
nvram set vlan13ports="2t 1t 8"
nvram set vlan14ports="2t 1t 8"
nvram set vlan15ports="2t 1t 8"[/text]

These lines associate the VLANs 6 to 15 with ports 1 and 2 (as well as the internal CPU port) and, more importantly, adds the VLAN tags to packets on these ports.

[text]nvram set port1vlans="1 6 7 8 9 10 11 12 13 14 15 16"
nvram set port2vlans="1 6 7 8 9 10 11 12 13 14 15 16"
nvram set port5vlans="1 2 6 7 8 9 10 11 12 13 14 15 16"[/text]

These lines associate all of the VLANs (except VLAN2 – the WAN) with ports 1 and 2. All VLANS (including the WAN) are associated with the internal CPU port. All three ports are tagged.

[text]nvram set vlan6hwname=et0
nvram set vlan7hwname=et0
nvram set vlan8hwname=et0
nvram set vlan9hwname=et0
nvram set vlan10hwname=et0
nvram set vlan11hwname=et0
nvram set vlan12hwname=et0
nvram set vlan13hwname=et0
nvram set vlan14hwname=et0
nvram set vlan15hwname=et0[/text]

These lines simply associate the VLANs with the right hardware.

[text]nvram commit
reboot[/text]

Finally the changes are committed and the router rebooted.

(Note that unless specifically overwritten, the original settings that we saw earlier will remain in force. So ports 3 and 4 remain unchanged from their original configuration.)

In summary, what the commands above did is:

  • Created VLANs 6 to 15 inclusive
  • Tagged VLANs 1 and 6 to 15 on ports 1, 2 and 8 (the internal CPU port)

(I expected at that point to lose contact with my lab servers but it didn’t happen. It seems that DD-WRT enumerates the port numbers in reverse order to how they are labelled on the router. So the commands that I entered actually ran on ports 3 and 4! This I verified by re-patching my cables and losing connectivity.)

In the second part of this post I’m going to assign address ranges to my VLANs and configure the router’s firewall.

0

Basic Router Setup

Previously I have written about the router that I have selected for my home lab / home network and how I flashed it to use DD-WRT. Having done that successfully I need to perform some basic (and intermediate) configuration to get it ready for use.

Basic Setup

Unless you have a completely plug and play broadband router you will have seen most of these settings before. They just look a little different here and I’m including them for context also.

I won’t bother dealing with my broadband account details. First up then we look at the router’s basic network setup and DHCP options.

screenshot13

Relatively straightforward but the important options are ticked by default: “Use DNSMasq for DHCP” and “Use DNSMasq for DNS”.

Dynamic DNS

If you don’t have a static broadband IP Address then setting this up could be useful. Configuration is fairly straightforward so I’m not going to add any detail.

Wireless

I’m not going to go into any detail here. There’s plenty of documentation around for those that want to look it up. It is sufficient for me to say that I did it.

DHCP / DNS

This is the interesting bit. Did you think we’d done DHCP earlier on? Well I hadn’t quite finished. And I have some DNS configuration that I want to do too.

On the “Services” tab of the interface there is a text box for DNSMasq Options. In that I popped the following text in:

[text]domain-needed
bogus-priv
server=/www.vspecialist.co.uk/208.67.222.222
server=/vspecialist.co.uk/192.168.5.6
dhcp-option=option:domain-search,vspecialist.co.uk[/text]

screenshot16

(The “No DNS Rebind” option must be disabled for this to work.)

Update: 05/07/2011 – If the version of DD-WRT being used is older it may not have the option in the GUI. Instead, the following commands can be placed in the startup script to achieve the same thing (and make it persistent across router reboots):

[text]
sed -i ‘s/stop-dns-rebind//g’ /tmp/dnsmasq.conf
killall dnsmasq
dnsmasq –conf-file=/tmp/dnsmasq.conf[/text]

DNSMasq is a lightweight DNS forwarder and DHCP server. The options above will do the following:

  • Line 1: Doesn’t forward names without a dot in them. Public DNS servers can’t resolve these anyway but we’re just being considerate here.
  • Line 2: Doesn’t forward addresses in non-routed address spaces. Again for consideration.
  • Line 3: This tells DNSMasq to send DNS requests for “www.vspecialist.co.uk” to 208.67.222.222 which is an OpenDNS server. This means that I can work on my blog as normal.
  • Line 4: This tells DNSMasq to direct DNS queries for “*.vspecialist.co.uk” to 192.168.5.6, my internal AD server.
  • Line 5: This DHCP option adds the domain “vspecialist.co.uk” to the default domain search order for DHCP clients that support the option (not all do).

There are many other DNSMasq options that I will look into at some point but these important few will allow me to access my blog on the internet but have every other DNS request for the vspecialist.co.uk domain answered by the AD server in my lab.

The Result

Once everything was plugged in, I had a fully functional broadband and home lab router. Everything on the 192.168.5.0/24 network was talking to everything else. And do you recall the DNS configuration that I made above? Here it is in action with no changes made to the network configuration of my laptop:

screenshot18

The next stage is to configure VLANs on the router. That is a more advanced process for another time.