Networking for OpenStack
When using Mirantis Fuel Web to build up an OpenStack cloud, it
requires 6 separate networks to be created. Simplest way to do this is
by using virtual networks (VLANs), however this presents a few
challenges because of the complexities of configuring VLANs.
This post is specific to Cisco switches, but may be relevant for other networking equipment as well.
For test purposes, this was all done on one switch and each bare metal server had one interface cabled to the switch. In production environments, it is likely that, at a minimum, a completely separate storage network would also exist, but more complicated networking schemes are quite possible.
For each port on the switch that will be connected to one of the bare metal servers, the following needs to be done:
For each interface, it's a good practice to specify which vlans it is allowed to handle.
Trunk native tells the switch that untagged traffic goes over this vlan. VLAN tags are the mechanism that allows a network interface to communicate over multiple discrete subnets. So in this case, only traffic going over vlans 100 through 104 will be tagged.
Spanning-tree portfast trunk tells the switch that this port is a trunk connected to a server or PC and to bypass the usual network loop checks.
Switchport nonegotiate forces the switch to treat this interface as a trunk because the connected device does not understand the protocol the switch uses to negotiate trunking vs access modes.
In the switch config the VLANs also need to be activated using:
I am not a networking expert so some particulars here may have been missed, but I hope this is helpful.
This post is specific to Cisco switches, but may be relevant for other networking equipment as well.
For test purposes, this was all done on one switch and each bare metal server had one interface cabled to the switch. In production environments, it is likely that, at a minimum, a completely separate storage network would also exist, but more complicated networking schemes are quite possible.
For each port on the switch that will be connected to one of the bare metal servers, the following needs to be done:
switchport mode trunk switchport trunk allowed vlan 10,100-104 switchport trunk native vlan 10 spanning-tree portfast trunk switchport nonegotiateTrunking mode must be used because each interface needs to be able to handle all 6 of the virtual networks. In the normal access mode, an interface can only communicate over a single VLAN.
For each interface, it's a good practice to specify which vlans it is allowed to handle.
Trunk native tells the switch that untagged traffic goes over this vlan. VLAN tags are the mechanism that allows a network interface to communicate over multiple discrete subnets. So in this case, only traffic going over vlans 100 through 104 will be tagged.
Spanning-tree portfast trunk tells the switch that this port is a trunk connected to a server or PC and to bypass the usual network loop checks.
Switchport nonegotiate forces the switch to treat this interface as a trunk because the connected device does not understand the protocol the switch uses to negotiate trunking vs access modes.
In the switch config the VLANs also need to be activated using:
vlan10,100,101,102,103,104For those who normally work with vlans in switchport access mode, the switch automatically does this, but apparently, when working with trunks, adding a vlan to a port does not automatically create and enable that vlan.
I am not a networking expert so some particulars here may have been missed, but I hope this is helpful.
Friday, May 03, 2013 in Cloud Computing, Goat, Misc IT, Network Administration, Network Hardware, Open Source Software, OpenStack, Server Operating Systems | Permalink
|
Comments (0)
|
TrackBack (0)
Microsoft Camera Codec Pack
If you are a digital photographer that takes most of their pics
in RAW format like I do and you do most or all of your photo editing on a
Windows system, you simply must get the Microsoft Camera Codec Pack.
It enables Windows users the ability to view their RAW pictures as thumbnails when in Windows Explorer, which is super helpful when trying to move pictures between folders or choose which ones to move to your hard drive from the flash stick.
Sadly, GIMP 2 does not use this functionality.
It enables Windows users the ability to view their RAW pictures as thumbnails when in Windows Explorer, which is super helpful when trying to move pictures between folders or choose which ones to move to your hard drive from the flash stick.
Sadly, GIMP 2 does not use this functionality.
Uninstall Windows Live Essentials using command line on Windows 7
As you may or may not know, Microsoft is discontinuing support
for their MSN Messenger/Live Messenger service in favor of Skype soon.
Since Live Messenger is no longer needed on my system and this is part of Live Essentials, I tried to uninstall Live Essentials using the uninstall option of Programs and Features.
This repeatedly failed with error code 0x8007064c.
I did some searching and found this page which supplied the following solution:
Below are the steps on how to uninstall Windows Live Essentials via CMD line parameter.
Since Live Messenger is no longer needed on my system and this is part of Live Essentials, I tried to uninstall Live Essentials using the uninstall option of Programs and Features.
This repeatedly failed with error code 0x8007064c.
I did some searching and found this page which supplied the following solution:
Below are the steps on how to uninstall Windows Live Essentials via CMD line parameter.
a. Go to Start->All Programs->Accessories
b. Right click on Command Prompt and select Run as Administrator
c. Run the following commands to uninstall Windows Live Essentials:
· (64 bit) "c:\program files (x86)\windows live\installer\wlarp.exe" /cleanup:all /q
· (32 bit) "c:\program files\windows live\installer\wlarp.exe" /cleanup:all /q
d. A dialog box shows status until uninstallation has completed
Note: The uninstaller for Windows Live Essentials 2011 can also be downloaded fromhttp://g.live.com/1rewlive4arp/wlarp.exe if the local copy is corrupted.
The command worked successfully.b. Right click on Command Prompt and select Run as Administrator
c. Run the following commands to uninstall Windows Live Essentials:
· (64 bit) "c:\program files (x86)\windows live\installer\wlarp.exe" /cleanup:all /q
· (32 bit) "c:\program files\windows live\installer\wlarp.exe" /cleanup:all /q
d. A dialog box shows status until uninstallation has completed
Note: The uninstaller for Windows Live Essentials 2011 can also be downloaded fromhttp://g.live.com/1rewlive4arp/wlarp.exe if the local copy is corrupted.
To run scheduled scans or not
Is it still necessary to do weekly scheduled antimalware scans these days in addition to real-time scans?
It just seems like more and more that antimalware software is used to meet compliance obligations and not as a real security layer. I say this because as we see in breach after breach reported in the news that antimalware software effectively offers little in the way of real protection against modern malware threats these days.
Some people might say that you leave an enterprise appreciably open to infection by not running scheduled scans along with real-time scans, but is this true? By some reports, antimalware software can only detect about 60-70% of all known infectuous software, regardless of scan type.
So the question is, if something is only 60-70% effective today against malware, how is performing a scheduled scan going to help you? Once a box is infected despite real-time scanning protections, the malware is very likely to hide itself from the antimalware or disable the antimalware software altogether.
In my mind, it just seems like best practice is to use either real-time scanning or scheduled scans, but not both. Use real-time scanning on systems where performance isn't a critical issue and use scheduled scans on systems that require every bit of computing power.
What do you think?
It just seems like more and more that antimalware software is used to meet compliance obligations and not as a real security layer. I say this because as we see in breach after breach reported in the news that antimalware software effectively offers little in the way of real protection against modern malware threats these days.
Some people might say that you leave an enterprise appreciably open to infection by not running scheduled scans along with real-time scans, but is this true? By some reports, antimalware software can only detect about 60-70% of all known infectuous software, regardless of scan type.
So the question is, if something is only 60-70% effective today against malware, how is performing a scheduled scan going to help you? Once a box is infected despite real-time scanning protections, the malware is very likely to hide itself from the antimalware or disable the antimalware software altogether.
In my mind, it just seems like best practice is to use either real-time scanning or scheduled scans, but not both. Use real-time scanning on systems where performance isn't a critical issue and use scheduled scans on systems that require every bit of computing power.
What do you think?
Tuesday, February 26, 2013 in Antimalware/Antivirus, Computer Security, Cyber Security, IT Security | Permalink
|
Comments (0)
|
TrackBack (0)
How best to tell users that their systems are part of a botnet
This article is pretty interesting http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/240149075/how-best-to-break-the-news-to-users-that-they-re-a-bot.html Talks about the most effective methods ISPs used to notify customers that their computers were part of a botnet.
One takeaway is that both Windows AND Mac computers became part of the botnet, so that should dispel the myth that Macs do not get infected with malware.
One takeaway is that both Windows AND Mac computers became part of the botnet, so that should dispel the myth that Macs do not get infected with malware.
Friday, February 22, 2013 in Computer Security, Cyber Security | Permalink
|
Comments (0)
|
TrackBack (0)
Microsoft's "Innovative" New UI
I'm not a big fan of Microsoft's new UI that they created for
WinMo 7 and Windows 8. It feels unfinished and unpolished like a cheap
piece of IKEA furniture. I never thought that any developers would find
it innovative enough to copy it, but that's exactly what the devs at
Slacker did for their new UI. In terms of usability, the UI is good, but
the blue squares thing just doesn't look good at all when compared to
stuff like Android or iOS.
Hakuna maoni:
Chapisha Maoni