How To: Firmware Upgrade on an VSF-Stack

Having created a VSF stack of Aruba 2930Fs, the immediate need of firmware maintenance is obviously raising the question of how!. Dealing with that, luckily a new software had been released and I was able to test.

Daring the result … it was shocking simple and runs as every other Aruba / Procurve firmware upgrade and you just have to cover the second vsf stack member.


vsf member 1
copy tftp flash 192.168.2.5 WC_16_07_0002.swi primary
vsf member 2
copy tftp flash 192.168.2.5 WC_16_07_0002.swi primary

 

Verify the upload with a show flash the firmware image something like, even you may Continue reading

How To: IRF Caveats on FF5700 Flex Fabric

Some time ago, I posted on the configuration of an IRF independent resilient fabric with the HPE Flex Fabric FF5700 datacenter switches. During the operation some things arose to my attention which either have been corrected or perhaps not necessarily clear from the first place.

1.) Activate MAD

There needs to be a mechanism to detect multiple actives. This could be considered something like a quorum for the switch-cluster, intended to prohibit split brains. In my case I preferred to do so with LACP. This brings MAD (Multiple Active Detection) to the layer two and is rather simple. It should be configured on an appropriate Bridge Aggregation Group – resulting in an configuration like:

interface Bridge-Aggregation1
description DOWNLINK_SOMESTRANGESWITCH_WITH_MAD_ENABLED_ON_THE_SAME_LAG
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
mad enable

so specifically pay attention to the last command: Continue reading

EU-GDPR and OptIn (Professional) Social Media

An all die Schlauwischlümpfe, die mich auf den zur Verfügung stehenden Kanälen bombardieren – vorzugsweise in professionellen sozialen Netzen. Die Behauptung “ich hätte mit der Veröffentlichung meiner Informationen” bei einem spezifischen Unternehmen der Verarbeitung durch “sie” [ edit 22.05.2018- mitnichten Mitarbeiter oder Auftragsverarbeiter des Selbigen ] – zugestimmt ist eine Gegenstandslose Schutzbehauptung die in jeder Hinsicht falsch ist.

Der Dataprocessor brauch durch den DataOwner einen schriftlichen Consent – das OptIn mit dem das Individuum der Verarbeitung seine personenbezogenen Daten Continue reading

HowTo: Enable Traceroute on HPE FF5700

On HPEs Comware based FlexFabric switches by default answering to traceroute is disabled. To enable traceroute on a FF5700 families switch you need to activate:


ip unreachable enable
ip ttl-expires enable

As of then, the switch should show up in traceroutes with something different than timeouts.

Kyp. F.

HowTo: Broken SMB Communication through PanOs 8.1. Firewalls Fix

Anybody who installed PanOS 8.1 on his Palo Alto firewall – we use the PA 220 in quite some numbers, may have experienced quite some strange behaviour if through IPSEC tunnels connected file shares user SMB. So did I.

With the latest firmware upgrade, no write or read jobs through any of these VPN tunnels succeded. The mapped drives lit up in the file explorer. in some cases even browsing directories may have succeded … perhaps even two or three levels down. Then the explorer started to hang, crashed, even some systems blue screened. Copied files showed perhaps up in the destination with a filename aka. directory entry but never any content showed up.

Since we updated the Microsoft world on top, the assumption some backward compatibility stack or group policy setting may have caused the headache. Many Continue reading

Building HP-VSA virtualized storage on VMWare

Konkret sieht die Installation der Software zur Storage Virtualisierung wie folgt aus:

Ich installiere zuerst auf zwei Hosts vmWare vSphere 5.5 und lizenziere diese mit Enterprise Plus. Danach installiere ich einen vCenter Server – oder nehme denjenigen, der in meiner Umgebung zur Verfügung steht. Die VMWare Installation lasse ich an dieser Stelle außen vor – zu berücksichtigende Konfigurationen oder Ausstattungen folgen später im Thread.

Drittens installiere ich die VSA Appliances mit dem entsprechenden Installer. Auch hier fasse ich mich recht kurz, da das zuvor schon gepostet wurde.

VSAInstallationProgress3

Hierbei sind im Wesentlichen drei Dinge zu beachten:

Continue reading

PanOS – Palo Alto basic commands after web console lockout

Since I’m still a big fan of the Palo Alto firewall family, there are some things, which really feel strangely disturbing. Nothing functional, otherwise I won”t be as convinced but in terms of administration. The most advanced network security device is better managed by webinterface – something every network guru feels goosebumps in his neck.

The worse it is, if the webinterface hangs and you need to use the unfamiliar command line interface. Whereas many vendors simply follow SNMP logic and somehow end up with something similar to the industry standard context setup, PanOs CLI feels strangely different.

Here are your survival commands to make login on the web interface work again:

  1. Have you rebooted the System?
    request restart system
  2. Did you restart the management service?
    debug software restart process management-server
  3. Did you check the file system and free space?
    show system disk-space
  4. In case you need to delete crash dumps or free space anyway:
    delete debug-log mp-log file *
  5. And finally if the system still does not respond due to hanging commits:
    commit force

This list is far from being complete, but after experiencing one software version which filled up the root file system after failed content updates and locking out the admins from the web interface, combinations of these commands helped to make the firewall accessible again.

To be fair, this was a one time error in three years running twelve of these boxes, nevertheless it felt quite uncomfortable.

Kyp. F.

Musings zu Composable Infrastructure, Memory Centric Computing und Next Generation IT Operations

Vorsicht Buzzword Bingo:

Unlängst hatte ich mal wieder die Gelegenheit ganz grundsätzlich über IT Architekturen nach zu denken. Anlass war für mich der Besuch der Discover 2017 Europe und die Eindrücke die ich rund um The Machine sammeln durfte. Ein Ausflug den ich nicht ohne Grund angetreten habe, sondern ganz grundsätzlich vor dem Hintergrund der Aussage, daß Composable Infrastructure das nächste große Ding nach Hyperconvergenz wäre.

The Machine

Nach ersten Diskussionen um CI und den Erfahrungen aus dem Software Defined Storage Projekt der letzten zwei Jahre gab es hier reichlich Klärungsbedarf. Und dieser kolliderte dann zügig mit den einschlägigen Mindsets etablierter Hersteller. Hinzu  Continue reading

How To Configure Multiple VLANs on one Synology Bond

Some times you may need perhaps more than one network at home connected to your Synology NAS. You are a geek and want to do srange VMWare things or you simply want your kids friends not to find the private family pictures.

Accessrights are one thing, hard network separation probably something entirely different. Even id you don’t want to separate traffic but want to support storage in different subnets probably you don’t want your homeuse- router do handle storage traffic. At least it is very smart to avoid that.

Conceptional this may be solved by interface overloading on the network interface of the storage device. You may have different network cards, to separatre traffic, but why would Continue reading