Daz’s bits and bobs

The first one (that caused the outage) was due to a bug in the tg3 driver on the ESXi hosts (1gbit broadcom cards in the new hosts). If the network card is put under load and netqueue is enabled it will sometimes decide to drop all traffic. Essentially i’ve disabled netqueue and the problems have gone away…. as per this vm kb :

http://kb.vmware.com/kb/2035701

The isues will present themselves as log entires like so;

2012-11-19T18:58:52.137Z cpu17:4155)<6>tg3 : vmnic8: RX NetQ allocated on 1
2012-11-19T18:58:52.138Z cpu17:4155)<6>tg3 : vmnic8: NetQ set RX Filter: 1 [00:50:56:71:46:87 0]
2012-11-19T18:58:52.138Z cpu17:4155)<6>tg3 : vmnic7: RX NetQ allocated on 1
2012-11-19T18:58:52.138Z cpu17:4155)<6>tg3 : vmnic7: NetQ set RX Filter: 1 [00:50:56:71:46:87 0]
2012-11-19T18:59:12.139Z cpu21:4155)<6>tg3 : vmnic4: NetQ remove RX filter: 1
2012-11-19T18:59:12.139Z cpu21:4155)<6>tg3 : vmnic4: Free NetQ RX Queue: 1
2012-11-19T18:59:22.137Z cpu24:4155)<6>tg3 : vmnic4: RX NetQ allocated on 1
2012-11-19T18:59:22.138Z cpu24:4155)<6>tg3 : vmnic4: NetQ set RX Filter: 1 [00:50:56:71:46:87 0]
2012-11-19T18:59:42.138Z cpu21:4155)<6>tg3 : vmnic7: NetQ remove RX filter: 1
2012-11-19T18:59:42.138Z cpu21:4155)<6>tg3 : vmnic7: Free NetQ RX Queue: 1
2012-11-19T18:59:42.140Z cpu21:4155)<6>tg3 : vmnic4: NetQ remove RX filter: 1
2012-11-19T18:59:42.140Z cpu21:4155)<6>tg3 : vmnic4: Free NetQ RX Queue: 1
2012-11-19T19:00:02.139Z cpu28:4155)<6>tg3 : vmnic8: NetQ remove RX filter: 1

You might be able to do this via “host profiles” but if you do not have the licensing for it, this is the alternative. Very handy if you have over 50 or so port groups. It can be re-run to add to additional hosts as needed.

Install powercli, run the following to obtain your current list of virtual port groups off existing host;

Get-VirtualPortGroup -VirtualSwitch vSwitch0 -VMHost esx-01

Grab the output and place into CSV file or copy straght into Excel…

Following the formatting of the following “esx_switching-generic.csv” import the required data from aboves output. Note : the top line is the headers and should always be at the top of the CSV file.

Type,HostName,SwitchName,NIC,PortGroupName,VLAN,IP,Subnet,KernelGW
Portgroup,esx-02,vSwitch0,,Test_Network1,510,,,
Portgroup,esx-02,vSwitch0,,Test_Network2,511,,,

Place this file in a location that is called by this script –

#This script is designed to allow you to configure switches on multiple hosts by
#importing information from a prepopulated .csv file. vMotion switch created based
#on Mike Laverick's posting http://www.rtfm-ed.co.uk/?p=1514
#!!!!!!!Values passed for Type are Case sensitive since comparisons are being made.!!!!!!!

$getinfo = Import-Csv "D:\esx_switching-generic.csv" #need to input locatin of .CSV file

#Connect-VIServer -Server #Need to input appropriate vCenter Server

$getinfo | % {
$Type = $_.Type #!!!! Case Sensitive !!!!!!
$gethost = Get-VMHost -Name $_.HostName
$SwitchName = $_.SwitchName
$PortGroup = $_.PortGroupName
$Nic = $_.NIC
$VLAN = $_.VLAN
$IP = $_.IP
$Subnet = $_.Subnet
$kernelGW = $_.KernelGW

If ($Type -eq "Switch") {
$gethost | New-VirtualSwitch -Name $SwitchName -Nic $Nic
}

#Gets Switch object based on the value for SwitchName (required for several cmd-lets that do not accept Strings)
#'If' statement is used since a vMotion type does not already have a switch configured which will throw up an error.
If ($Type -ne "vMotion") {
$getswitch = Get-VirtualSwitch -VMHost $gethost -Name $SwitchName
}

#Add additional NIC to vSwitch to create a Team
If ($Type -eq "Team"){
$getswitch | Set-VirtualSwitch -Nic $Nic
}

$vmhostnetwork = get-vmhostnetwork $gethost
set-vmhostnetwork -network $vmhostnetwork -vmkernelgateway $kernelGW
}
}

Very good article here – http://networkingnerd.net/2011/02/02/when-is-a-trunk-not-a-trunk/

Particuly like setting of Native vLAN and tagged networks over an HP trunk;

So, if HP refers to an uplink carrying multiple VLANs are a tagged port, then does HP have a “trunk”? In fact they do. In HPvania, a trunk is a logical construct that aggregates multiple ports into one logical link. For those of you that might be out there scratching your heads about this one, this means that when you “trunk” a group of ports on an HP switch, you are creating one LACP link from up to four individual ports. This kind of configuration should look like this:

Switch(config)#trunk 19-24
Switch(config)#trk1
Switch(config-trk)#lacp
Switch(config-trk)#vlan 1
Swtich(config-vlan)#untagged trk1
Swtich(config-vlan)#vlan 10
Swtich(config-vlan)#tagged trk1
Swtich(config-vlan)#vlan 99
Swtich(config-vlan)#tagged trk1

Those of you that are fans of irony will appreciate that the above config sets up this LACP port aggregation to pass multiple VLANs to another switch. In other words, we are configuring a Cisco “trunk” on top of an HP “trunk”.

Great guide here – http://www.classhelper.org/articles/reverse-proxy-server-squid-debian/installing-squid-proxy-server.shtml

I’ve modified slightly for Ubuntu, but almost identical.

apt-get install squid
cp /etc/squid3/squid.conf /etc/squid3/squid.bak
rm /etc/squid3/squid.conf
nano /etc/squid/squid.conf

Modify your hosts file to include web1 and web2

nano /etc/hosts

192.168.0.13 web1
192.168.0.14 web2

Another good article about benefits of reverse proxy

http://2bits.com/articles/increasing-drupals-speed-squid-caching-reverse-proxy.html

There are some good windows web proxies about. The only problem with them is they sometimes dont natively act as a transparent proxy. i.e. typically you’ll need to set your client machines to a specific IP and port.

I’ve used squid historically when setting up transparent proxies (mainly since it actually has a transparent mode) and this has worked well. Recently i thought i’d have a go at some of the windows solutions to see how they pan out.

netsh is going to be the tool to assist in this case. Here is a typical use for netsh;

netsh

>add v4tov4 listenport=80 connectaddress=127.0.0.1  connectport=8080

This should grab all traffic that hits your machine bound for port 80 and redirect to port 8080.

You’ll also need to make sure that routing is enabled, so your machine can act as a gateway between the requests and the real outbound gateway (typically your dsl modem)