Monthly Archives: August 2015

Setup Infoblox IPAM Express on ESXi

You are running out of budget this moment but you really need an IPAM system to manage your IPs (IPv4 and v6) and leave away the old excel which you worked for a long time. For me using or not an IPAM system will depend of the environment size, it’s need to be reasonable and rational.

This free version supports 2000 hosts and multi-discovery, so not bad for a free product

The requirements to run this version from Infoblox are low (1vcpu, 1GB memory, 50GB), and it’s supported in VMware Player, VMware Workstation or VMware Fusion

I’ve tried convert strait away to vSphere 6 but didn’t work, so i started my journey until get this working, and i did it.

First we need to download the free copy, unzipped and use vCenter Converter to convert the image to our environment and play it.

Virtual Machine Properties

These are properties i used to setup my IPAM Express

2015-07-29_170529

2015-07-29_170542

2015-07-29_170545

Since IPAM Express doesn’t support a fixed IP, you need get a DHCP working for that subnet

2015-07-29_170600

After register you will receive an email like one below, open a browser https://ip-ipam and use credentials and download code provided

2015-07-29_173806

Importing Subnets and Hosts using a CSV file

To import a CSV you will need to respect a strict field format, you can use just a file for subnets and hosts, but i found it insane sometimes. For that reason i imported using different files.

File content subnets.csv

header-network;address*;netmask*;comment;disabled
network;10.1.0.0;255.255.255.0;VLAN1;FALSE
network;10.0.0.0;255.255.255.0;VLAN10;FALSE
network;10.200.50.0;255.255.255.0;VLAN200;FALSE
network;10.100.0.0;255.255.255.0;VLAN100;FALSE
network;200.0.0.0;255.255.255.0;VLAN666;FALSE

File content hosts.csv

header-hostrecord;FQDN;addresses;configure_for_dns
hostrecord;host_NS1;10.1.0.1;FALSE
hostrecord;host_NS2;10.1.0.2;FALSE
hostrecord;Firewall.eth0/0;10.1.0.254;FALSE
hostrecord;FW-DC1_standby.10.0.0.253;10.0.0.253;FALSE
hostrecord;FW-DC1_active.10.0.0.254;10.0.0.254;FALSE
hostrecord;NAS;10.1.0.100;FALSE
hostrecord;DC2;10.1.0.144;FALSE
hostrecord;WSUS;10.1.0.181;FALSE
hostrecord;IPAM;10.1.0.184;FALSE
hostrecord;NAS_NAT;200.0.0.100;FALSE

Click on CSV Import on your left

2015-07-29_174609

Click on + signal

2015-07-29_170753

Select a CSV file to import, you can also use Options to control what you want to change. Press Start :)

2015-07-29_174744

2015-07-29_170943
After a successful import, you will see occupation of each subnet

2015-07-29_222827

Click on a subnet 10.1.0.0/24, you can show hosts using an IP Map or List

2015-07-29_180223

2015-07-29_180236

Drop me a comment if you need my ova file

White box with Cumulus Networks

Probably you heard about “white box” term or Open Networking, which is a new move in the Networking Industry. It’s pretends decouple hardware from software in network device sold by vendor. Have you imagined running NX-OS in x86 server for a network fabric (leaf?) purpose? What do you earn doing this? It would be cheaper off course but you will need Network/Ops teams evolve with that (skill gap?). Some Service Providers like AT&T are moving on white box solutions, they are testing Provider Edge (PE) modes in  MPLS network, replacing expensive boxes from vendors which doing basic functions. At the moment Cisco is not getting there with any product! Juniper is doing some advances, his new product OCX 1100 you can run Cumulus. But what is Cumulus? It’s full-featured Linux OS for networking hardware!
I’ve had an opportunity to play with Cumulus (2 spines/leafs with OSPF, BGP, VXLAN, Bridging), and it seems interesting, but i would expect a more readable CLI. Are we be able to learn another CLI? Absolutely!

Recently Cumulus Networks launch a Virtual Edition called Cumulus VX , it’s available for different Hypervisors, so Network Engineers  will not be in the dark any more. Another benefit with Virtual editions is run a demonstration to customers is a few clicks.

Cumulus-VX-logo

Juniper vSRX 2.0 is out

Juniper released a new version of vSRX (formerly known as Firefly Perimeter) running Junos OS 15.1X49-D15) with more features, and forwarding capacity. The latest version was Junos 12.1 , so moving to 15.1 code is a big jump…I hope it doesn’t hurt!

New Features

The following features are new in Junos OS Release 15.1X49-D15 for vSRX:

  • Naming update: the product formerly known as Firefly Perimeter is now vSRX.
  • vSRX includes DPDK packet I/O support for higher throughput.
  • SCSI virtual disk support has been added to existing IDE support for improved performance and to permit network-attached storage (NAS) integration.
  • vSRX includes SR-IOV vNIC and VMXNET3 vNIC support for greater performance and hypervisor compatibility.
  • vRAM has been increased to 4 GB and vDisk to 16 GB.
  • vSRX includes KVM Ubuntu 14.04 and CentOS 7.0 support to take advantage of Linux improvements and tools enhancements.
  • KVM images are downloaded in qcow2 format instead of the self-extracting .jva script used in previous releases.
  • vSRX includes VMware vSphere 5.1 and 5.5 support to take advantage of ongoing VMware improvements.
  • vSRX includes new architecture based on Linux and Junos OS for performance and flexibility.

vsrx_arch

References:

vSRX Tech Library Release Notes

SRX Series Features Not Supported on vSRX

Junos Genius 2.0 is out

Juniper redesign the interface of Junos Genius, and looks great.  There are other features included on this version: user profiles, fetch test exam questions, Sync Offline Data and much more
I really recommend it to practise before jump to a live exam, and it’s free!

Download the app now in the Apple AppStore or Google Play:

iPhone
iPad
Android

 junos_genius1  junos_genius2
junos_genius3 junos_genius4
junos_genius5

junos-genius

References:

Juniper Junos Genius

Dell FTOS Emulator

If you are a Dell Customer or Network Engineer who work with Dell gear, this is for you. Dell provide a Dell Networking OS Emulator for tests purpose, and gain experience with FTOS testing a few scenarios, there are a few limitations but still a good tool anyway. The best thing you can run it in VirtualBox which means you can easily integrate it with GNS3.
This emulator is based on 9.8 code, it is available for download here or get it directly from community:
Dell Emulator
User Guide

Supported Features

The Dell Networking Emulator supports the following features:
• Up to five data ports and one management port (five 40G or 10G ports)
• All management-related protocols and features such as simple network management protocol
(SNMP), telnet, secure shell (SSH)
• Layer 1 link up/down status when connected to another Dell Networking OS instance
• Optics emulation
• Layer 3 features such as routing and forwarding
• Routing protocols such as border gateway protocol (BGP), open shortest path first (OSPF),
intermediate system to intermediate system (ISIS), and routing information protocol (RIP)
• Management functionalities such as dynamic host configuration protocol (DHCP), Smartscripts,
authentication, authorization, and accounting (AAA), remote authentication dial-in user service
(RADIUS), terminal access controller access control system (TACACS+), management plane isolation
• Flash and nonvolatile random access memory (NVRAM)
• 40G and 10G interfaces
• Limited Layer 2 functionality such as LLDP, LACP

Unsupported Features

The Dell Networking Emulator does not support the following features:
• Most Layer 2 features
• Network boot
• Fast path
• Stacking
• virtual link trunking (VLT)
• Fast path features such as quality of service (QoS), buffer carving, Layer 2 virtual local area networks
(VLANs)

Minimum System Requirements

The Dell Networking Emulator Requires the following:
• Any X86-based PC
• Microsoft Windows 7 operating system
• 16GB hard disk space for installing the ISO file
• A minimum of 512MB RAM per virtual machine instance
• Oracle VirtualBox, VMware, or Qemu.

Diagram below is in user guide which provides a small network with OSPF

dell.emulator.topo

Proxy ARP in Check Point GAIA

Check Point trap me all the time because of Proxy ARP, for some reason after install a policy on a gateway the NAT didn’t come up AGAIN!

After do a capture i realized what could be the problem (too many arp requests)

Capturing traffic

[[email protected]:0]# tcpdump -i eth0 host 200.0.0.102
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:57.381730 arp who-has 200.0.0.102 tell 200.0.0.97
(omitted)

These are the default values of ARP in GAIA OS

set arp table cache-size 4096
set arp table validity-timeout 60
set arp announce 2

Adding in clish mode a static proxy arp entry

Setup Proxy ARP

FW-GAIA> add arp proxy ipv4-address 200.0.0.102 interface eth0

The GAIA command above convert it automatically to a file called local.arp

[[email protected]:0]# cat $FWDIR/conf/local.arp
# This file was AUTOMATICALLY GENERATED
# DO NOT EDIT
# Please use Gaia Portal or clish command to configure ARP proxy
200.0.0.102 00:50:56:01:00:a1

Checking Proxy ARP

Using clish

FW-GAIA> show arp proxy all
IP Address              MAC Address / Interface         Real IP Address
200.0.0.102           eth0

Using Expert Mode

[[email protected]:0]# fw ctl arp
(200.0.0.102) at 00-50-56-01-00-a1

Golden rule: Setup always a static proxy arp