Thanks to the Packet Pushers!

A few years back I came across the Packet Pushers Podcast, which introduced me to a new medium for learning. Since then I’ve listened to every episode ever recorded! Prior to Packet Pushers I’d heard of Software Defined Networking, Storage, etc, but it wasn’t until I listened to Greg Ferro and Ethan Banks show, I really begun to understand where the industry was going and how new technologies could be useful in my day job.

If you’re new to networking or IT in general and haven’t heard of the Packet Pushers, check it out! From a personal perspective I subscribe to the “Fire Hose”. It provides access to all of the shows including Packet Pushers, The Network Break and the Community Show. Even the odd server guy will benefit from the podcast and will enjoy some occasional banter about why the problem is never the network!

I would like to thank Greg and Ethan for everything they do for the community. You guys inspired me to create my own blog, hopefully my thoughts and ideas will help others, like yours have helped me.

Advertisements

FortiManager Incompatibility

I’ve been recommending and installing Fortinet Firewalls since 2003. I first saw the product when working in the higher education sector, back then it was my first look at a UTM. I was excited by the features and capabilities, plus I enjoyed making changes and policy via a Web UI.

Over the years, I’ve continued to buy and deploy Fortinet Firewalls. In recent times I have even deployed Fortigates into AWS from the Market Place. The Firewall itself just works. Fortinet have continued to improved the software, it now has a huge range of features and I find there aren’t too many problems it can’t solve. No doubt some would argue enabling all these features slows a UTM appliance, but for me the answer is foresight and planning.

I like the Fortigate! I hope I made that obvious! I unfortunately don’t have the same enthusiasm for Fortinet’s central management platform, FortiManager.

My main gripe is with compatibility. Fortinet always release upgrade code for the Fortigate prior to that of the FortiManager. If your device is managed by a FortiManager, you are locked to versions supported by the manager itself. If there’s a critical update, you have little choice but to drop the firewall from the FortiManager and upgrade it manually. Once it’s finally supported (which often takes time) you can add it back and start over…

I’m sure this problem isn’t unique to Fortinet. I understand it’s difficult to build software and have releases align with other products… But if you offer a solution, especially one that is designed to simplify management, please ensure it can perform the most basic of tasks.

Note: My intention is not to disrespect Fortinet. I’ve been a supporter for years and issues with the FortManager will not turn me away from the firewall product. I see potential and opportunity for this platform, I would like to see Fortinet harness it by releasing a product that is as good as the Fortigate itself. 

Nutanix: Restarting Prism

UPDATE: The new version of “Nutanix: Restarting Prism” can be found here.  

_________________________

While running NOS 4.0.2.2 on a cluster of 3061s, there’s a bug that causes the Nutanix Web Interface, Prism, to become unresponsive. After raising a ticket with support, turns out there’s a fix in NOS 4.1.1. If you’re like me and can’t arrange the software update immediately, it’s possible to restart the service by performing the following steps:

Determine the current Prism Cluster Leader by running
ssh -t nutanix@prism_member_ip_addr 'curl http://localhost/prism/leader'

Returns: prism_leader_ip_addr:9443

Restart the Prism Service on the Leader
ssh -t nutanix@prism_leader_ip_addr 'curl http://localhost/h/exit'

Returns: Exiting in 1s

To verify the change, re run step 1 and check the prism_leader_ip_addr has changed to another member of the cluster.

To get this working you require Nutanix CVM username and password, plus a machine installed with Curl. If you’re running other operating systems and you’re a registered Nutanix customer, you can find more detail here.

Why is it so: Telco Service

In my day job I have the arduous task of working with Telcos from across the globe. I’ve been working in and around networking for 14 years so it’s nothing new, carriers are a fact of life, part of a network guys existence, however from experience it never gets any easier.

In the last 4 weeks, my colleagues and I have been dealing with 2-3 outages per week, none of them planned or changes we’ve made. Each time the issue was solely the fault of the provider… I completely understand, providers have faults, failure happens and you need to plan for it! That’s why we have backup services, alternate connectivity and strategies for dealing with outages.

However what really bugs me is the response, or more like lack of response during failures. Thinking back, I can’t remember a good experience with a Telco NOC in recent times. Support Engineers working in these NOCs are hidden away behind ticketing systems or email. There is almost no direct access and there is little regard for fixing your problem in a timely manner.

A provider I deal with recently started creating pre-emptive tickets in their system for site down emergencies, but do they do anything with them? Arh no! During site outages, you’re the one responsible for contacting them. It’s you that needs to chase ETRs and the NOC shows no interest or urgency in fixing your problem.

9 out of 10 times, I’m forced to escalate the fault to my local Account Manager, who then contacts the Duty Manager, who then ups the priority on the case. Why is service so poor? We pay good money for these services and expect to receive the appropriate level of service.

In 2015 I’ll be looking into my options here, there is a lot of talk about SDN WAN, after the last few weeks it’s now at the top of my priority list.

Nutanix Hidden Contrast Feature for Google Chrome

A few months back I was speaking with Sudheesh Nair, (@sudheenair on twitter) from Nuntaix about the slightly washed out look of the Nutanix Prism interface. Both myself and a colleague mentioned the interface was difficult to present on a large screen, something we’d been doing a bunch since installing Nutanix in our environment.

Sudheesh gave us the heads up on a hidden feature that enables the user to select “normal” or “high” contrast when using Google Chrome. It was in early stages of development and would drop in a later release.

A few days back we performed a rolling upgrade from 4.0.2.2 to 4.1.1. The upgrade went through without issue so when I jumped into Chrome, first port of call was the contrast feature. I couldn’t remember the required key strokes so Cameron Stockwell (@ccstockwell) pointed me to KB 2021 which described the process. Turns out the key sequence is easy, Click Shift on the User Menu.

Standard Click on User Menu

NutanixUserMenu1

Shift Click on User Menu

NutanixUserMenu2

Click on Adjust Contrast and you’ll see the contrast box pop up at the bottom of the screen.

NutanixContrastWindow

Of course there are other wonderful and no doubt more important features in this release, the hypervisor one click upgrade comes to mind, but for some reason I was looking forward to this one given the number of complaints I’d had from people when displaying it on a large HDTV.

Nutanix Prism Central Basic Setup and Config

Recently I’ve been working with the hyper-converged compute and storage platform Nutanix. For those who haven’t heard of it, check out the Nutanix Bible written by Steven Poitras for all the in and outs of the product, including actual technical explanation of how it works! In short it’s a distributed compute and storage solution, based off concepts taken from the large web companies like Google and Facebook. The idea is simple, build a modular scale out solution that grows with you, don’t spend a bomb on massive and costly storage arrays and hope it performs for 5 years, do it over time on commodity hardware with predictable performance.

We decided to start with a 5 node cluster of 3061s in Sydney and a 4 node cluster of 3061s in Brisbane. In future posts I plan to blog about why I decided on Nutanix, the design, business case, setup and and lessons learned.

Jumping ahead, the clusters have now been operating for 4-5 months and the experience has been stress free. The product works, its doing what was advertised which I find refreshing.

Now things are up and running I decided to deploy Prism Central, the single pane of glass management console (yes I hear you grown!). The deployment was straight forward, jump into vCentre and deploy the 14GB ova, start the VM, jump into the console and edit the network settings, giving the box a static IP:

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
NM_CONTROLLED="no"
ONBOOT="yes"
BOOTPROTO="none"
IPADDR="10.0.20.20"
PREFIX="255.255.255.0"
GATEWAY="10.0.20.254"
DNS1="10.0.254.198"
DNS2="10.0.254.199"

$ sudo service network restart

I jumped onto my mac and did the ping of the box, no problems, working great… I then tried to hit the web UI and got an error, something like “Oops Server Error”. After some searching around on the Nutanix portal, I came across the fix. Turns out you need to bind the new IP address to the Nutanix cluster running on the machine with the following command:

$cluster --cluster_function_list="multicluster" -s 10.0.20.20 create

**Note remember to change the command to your IP Address**

Refresh the webpage, admin/admin and you’re in…

PrismCentral

In future posts I’ll detail how to add clusters and if it lives up to the single pane of glass reference.

Too long ago

It has been far too long since making a post on my blog! Way way too long a time has gone by, and even this post is a quick one.

I have been working now for about 4 weeks and so far I am really enjoying the job. Starting to learn the ins and outs of the company, and learning more and more about business daily.

Britta is now here in Australia! She has been here for just over a week, and I am really enjoying having her back here with me. We are now working on getting the visa, and on the weekend we bought a car!! Toyota for those that are interested.

The weekend is all but over, and it is time to sleep and get ready for the upcoming week. I still haven’t forgotten about making a post about our Amsterdam trip, and will do a proper catch up soon.

Best to all! Scott