I posted my first official post on Coho Data’s blog page. It’s all about the Virtualization Field Day (#VFD3) experience last week.

Jump on over here to read the details: http://www.cohodata.com/blog/2014/03/07/field-day-delegates-descend-on-coho-data/

Remember, there’s less than a week left to vote for the best virtualization blogs. Perhaps you want to add some of the VFD3 delegates to your top 10?

 

A quick note to let everyone know that I’ll be at Virtualization Tech Field Day (#VFD3)  tomorrow for the Coho Data session . Andy Warfield will lead the charge and I’ll be there delivering a short session.

I’m really looking forward to meeting all the delegates – Steven Foskett and his staff have gathered a great crowd again. I’ve met several of them before, if not person, then in some virtual capacity. It’s always fun reconnecting with folk from our community, and having the opportunity to make new friends as well.

So clear your schedule for tomorrow morning: 8am to 10am (Pacific). Andy treated everyone to fascinating session at the last Storage Field Day, and I think the virtualization community are going to really enjoy a deep-dive into the Coho Data technology during this session. Tune in to the live broadcast here: http://info.cohodata.com/VFD3reg.html

VFD-Logo-150x150

 

This is a four-part series of posts explaining how to install and configure a Linux-based appliance in your vSphere lab environment to take the role as a Windows Domain Controller.

Creating the accounts

Completing all three previous parts take us to the dashboard which has a great layout. At this stage, if you chose to set this as a standalone domain, you’re done! The domain controller is configured and ready to use.

13 Dashboard

Before we can join any clients to it, we’ll add a regular Domain Admin account (not to be confused with the zentyal admin account created during the install).

  • Under the Users and Computers menu, select Manage. I highlighted the Users OU and clicked the green Plus sign.

14 Users and Computers

The admin account you create during the install and the “Administrator” account seems to be hidden reserved account names.

  • I created a cunningly obfuscated account called domainadmin and added it to the Domain Admins group.

15 Domain admin

  • At this stage it’s probably worth creating another user account for regular vSphere administration. Something like vi-admin.

GPOs

Before I move onto the vCenter configuration, it’s worth pointing out that the dashboard shows the GPOs applied across the domain. But there’s no way in the Zentyal GUI to create or edit them. To do this:

“Even if you don’t have any Windows Servers in your domain, it’s still possible to create and enforce any GPO using a Windows client joined to the domain. Installing Microsoft RSAT tools and logging into the client using the Domain Administrator LDAP account, you will use RSAT interface to design the desired GPO. The GPOs will be automatically added to the domain SYSVOL and enforced by the Zentyal server.”

Configuring vCenter

You can use your newly formed Domain Controller with either a Window-based vCenter, or the Linux-based VCSA. I’m guessing for the same reasons you’re looking not to use a Windows Domain Controller, you’re probably the clever type of chap or chapess that would favour VCSA. Suffice it to say that it should work well in either case.

There are plenty of good guides on the web explaining how to stand-up a VCSA v5.5, but just to prove that I haven’t forgotten my l33t vSphere admin skills, here’s a quick summary:

  • Deploy the VCSA ova
  • Power it on
  • If the subnet has DHCP, then log into https://your.ip.address:5480 page (default username and password is root / vmware)
  • If the subnet doesn’t have DHCP:
    • Login into the VCSA console and run
/opt/vmware/share/vami/vami_config_net

     and follow the menu prompts the set the IP configuration required

  • Once you can log into the admin console:
    • Accept the EULA
    • Accept the default settings
    • Set the hostname setting with an FQDN

It’s now relatively straightforward to join your vCSA to a domain:

  • On the vCenter Server Appliance admin web interface > vCenter Server > Authentication, and fill in the domain, username and password. 

16 Joining VCSA to domain

  • Stop the vCenter service
  • Set the password for the [email protected] SSO user
  • Start the vCenter service

Now you can log into the Web Client as the [email protected] user.

  • Go to Administration > Single Sign-On > Configuration > Identity Sources tab

17 Adding domain in web client

  • Click the green plus sign
  • Select Active Directory (Integrated Windows Authentication) and add in your domain name

18 Adding domain in web client 2

  • Highlight the domain in the list and set it as the default domain (the blue circle with an arrow pointing into it)

19 Domain added

  •  Log out and log back in with your domain admin account

20 Logging into web client

  •  Success!

21 Success

At this stage, if you’ve created a domain account for vSphere administrative work, you should head to the appropriate level in the vCenter hierarchy and give the account the appropriate permissions. For example, if you created a vi-admin account, you could go to the root object and give the account the Administrator role.

We’re done creating and configuring your Domain Controller and successfully joining vCenter to it. For bonus points, you could now start joining your ESXi hosts to AD. Either way, the panda is super happy.

12 Panda

 

This is a four-part series of posts explaining how to install and configure a Linux-based appliance in your vSphere lab environment to take the role as a Windows Domain Controller.

Selecting the roles

Following on from part 3, log into the administrative web page with the username and password you provided whilst deploying the appliance.  You’re presented with 4 standard Server Roles, each of which selects a subset of appropriate Modules, or you can individually select Modules.

6 Zentyal package selection

I could have chosen the Infrastructure Role as the basis for this Domain Controller and tweaked it, but instead I individually selected the following Modules. The “File Sharing and Domain Services” Module is all you need to select for a Domain Controller and the other Modules are pulled in as dependencies, but I thought the other packages I picked would be useful in my lab.

  • Click Install at the bottom right of the grid.

7 Zentyal packages selected

  • Confirm to go ahead with the module installs (a number of other dependency packages are picked up).

8 Zentyal package confirmation

Configuring the appliance

Once the packages are installed the configuration stage begins. First, you set which network interfaces are trusted. In my case I didn’t create a multi-homed VM so there was only once interface to set. This is my lab so I threw caution to wind and set it to Internal.

9 Network interfaces

  • Set a static IP address

10 IP settings blanked

  •  I’m not joining this to an existing domain, so kept this a Standalone server and set the domain name.

11 Standalone domainMore module changes are made which can take a few minutes.  Once the changes are complete a friendly Panda invites you to click onwards to the Dashboard.

12 Panda

Part 4 concludes this series and explains how to configure vCenter to connect to your Zentyal appliance.

 

This is a four-part series of posts explaining how to install and configure a Linux-based appliance in your vSphere lab environment to take the role as a Windows Domain Controller.

An existing domain

First off, I’m assuming you’re creating a new lab domain. You can join a Zentyal instance to your existing lab domain, promote it to act as a Domain Controller, handover the FSMO roles, then retire your Windows-based Domain Controller. Any existing GPOs will be available in the transferred domain. However that’s more than I want to get into for this series of posts. I like to rebuild my lab from scratch on occasion, to clear up the cruft that appears in a setup that lacks disciplined change management. But if you’ve built a complex setup, and the thought of rebuilding it all seems like too much work, then we’d love to hear your battle stories in the comments section below.  Here are a couple of pointers to the online documentation that might help you.

Joining Zentyal server to an existing domain:
http://doc.zentyal.org/en/filesharing.html#joining-zentyal-server-to-an-existing-domain

Total Migration (transferring FSMO roles):
http://doc.zentyal.org/en/filesharing.html#total-migration

An existing server

If you already have an existing Ubuntu (or Debian) server, you can install the Zentyal package. Again, this is out of the scope of these posts, but here’s a couple of pointers if that’s what you want to do.

Zentyal 3.3 is developed and tested with Ubuntu 12.04.3 (Precise) Server Edition, and hasn’t been tested with other versions - YMMV.

  • Add their repository to your /etc/apt/sources.list:
  deb http://archive.zentyal.org/zentyal 3.3 main extra
  • To authenticate the packages in the Zentyal repository you can import its public key with the following command:
  wget -q http://keys.zentyal.org/zentyal-3.3-archive.asc -O- | sudo apt-key add -
  • The base package is called “zentyal” – suprise! So this will get you started:
  sudo apt-get update
  sudo apt-get install -y zentyal

A new server

Zentyal does provide pre-built VMDK images here, but I’d recommend just rolling your own. It’s simple and that way you can choose the modules you need from the outset. Go here to grab the latest release: http://www.zentyal.org/server/

I created a VM shell with these specs:

Guest OS: Ubuntu 64-bit
vCPU: 1
vRAM: 1GB
Disk: 10 GB (thinly provisioned)
Disk Controller: LSI Logic

I suspect you could run this off 512MB of memory for a lab if you’re in tight squeeze but I haven’t tested it.

Deploying the appliance

  • Boot up the VM (with the downloaded ISO image attached)
  • Keep English as the highlighted language and press enter
  • Select the default option of “Install Zentyal 3.3 (delete all disk)”

1 boot screen

  • Select your location

2 install language

  • Detect keyboard layout – I selected the default of No and moved on to select my keyboard from the list in the subsequent 2 screens (English US)
  • The installer then started to copy base packages to the disk
  • Then the installer asked what the hostname should be – I was happy to keep it as zentyal for my lab.

3 install hostname

  • Next, you’re asked for an administrator’s username – I was happy to keep it simple, avoid any pesky security best practises, and used zentyal for my lab

4 install username - zentyal

  • Stick in the password when requested
  • Set the time zone
  • The installer then copies the remainder of the base packages to the disk
  • Once the base install is complete, disconnect the CD ISO image and reboot
  • Upon reboot the Zentyal core packages get installed
  • It then boots to a Ubuntu desktop (XFCE or LXDE desktop?) with Firefox open at a login screen

5 initial login blank

At this point in the proceedings I increased the size of the desktop resolution beyond the default 800 x 600. To do this click in the bottom left desktop icon > Preferences > Monitor Settings – Make sure you “Apply” the setting, not just “Save”.

All of this hard work make the Zentyal panda very happy. You should be too. We’re half way to building a Linux-based Domain Controller.

12 Panda

Part 3 of this series explains how to configure the Zentyal instance.

 

This is a four-part series of posts explaining how to install and configure a Linux-based appliance in your vSphere lab environment to take the role as a Windows Domain Controller.

Why

Microsoft has produced the de facto Directory Services tool with its Active Directory (AD) software ever since it nudged past Novell Directory Services (NDS) over ten years ago. Microsoft has dominated the market ever since with probably the stickiest piece of infrastructure in any large enterprise today. Whether you like Microsoft’s solution or not, it has become central to most business’s application soup.  It’s a key dependency for many applications, relying on it for things like Identification (user management), Authorization (Role Based Access Control [RBAC]), Authentication (password management); along with a raft of other AD integrated features. SaaS is probably the only application trend that is actively pushing in the opposite direction. Add to this the key role that AD plays in managing Windows clients and servers, and we realize that AD is very, very sticky.

In a vSphere environment, an AD domain (or even Windows itself) isn’t strictly a requirement. ESXi doesn’t need it and vCenter can run without it. VMware produces its vCenter Server Appliance (VCSA) which is a Linux-based server, and the Web Client can be run in non-Windows client browsers. As vCenter evolves, it increases the integration with its own Single Sign On (SSO) component. VMware’s SSO does “identity management” and “federates authentication services”, which sounds a lot like the basis for a Directory Services model, but in its current incarnations it doesn’t service requests like a real LDAP store and VMware has said they have no interests in creating an AD competitor.

There are VMware components that require AD, e.g. View Connection servers (and things like vSphere Update Manager that needs Windows). And if you’re building a vSphere lab the chances are that you’re also interested in testing other pieces of software that also need/want AD services. We don’t live in VMware bubble.

So why try to replace the Microsoft Domain Controller in your lab?

So if Microsoft’s AD is so prevalent and effectively necessary, why don’t we accept the fact that we need at least one Microsoft Windows server in our labs to run as a Domain Controller?

  • Microsoft is big and evil and must be banished? No, I don’t believe this, but I do believe that diversity in any ecosystem is a good thing. Competition is healthy, drives innovation, and helps prevent unhealthy market practices.
  • Cost. Windows server licenses aren’t cheap and can have a sizeable impact on the cost of standing up a lab environment. Microsoft’s TechNet subscription service, used by many IT professionals in their labs, is ending soon. Microsoft (and VMware) are keen for individuals to uses their online lab services as an alternative, but there is a lot to be said for getting your hands dirty and standing up your own lab.
  • Windows based. Conspiracy theories aside, a lot of folks prefer non-windows based server tools. And this extends to their lab environments. Windows 2012 is less familiar to many folk, and does need a certain amount of hardware resources to do its thing.
  • Resources. A lab is often hardware constrained, particularly in the memory department . A small, tuned Linux appliance can arguably run on a lighter footprint (Windows domain controllers can run in fairly minimal setups, but this requires more Windows setup and management foo than many of us want to get into in a vSphere-focused lab).
  • It’s kool – even the Unicorn Kool-Aid guy thinks so.

Unicorn kool-aid guy

I’m sure there are plenty of other good reasons why you want to try this in your lab. Tell us your story in the comments below.

What

There are a few software options to build a Linux-based Domain Controller, mostly based on the work being done in the Samba 4 project.  I’m going to use a tool called Zentyal, which is a slick, free to download application suite that runs on Ubuntu Linux and can impersonate a Windows Domain Controller by implementing SMB, managing the domain and setting up Kerberos for authentication services.

Zentyal_logo_horizontal

“Zentyal is a drop-in replacement for Microsoft Small Business Server and Microsoft Exchange Server, that you can set up in less than 30 minutes.”

One of the great things about using Zentyal as a Domain Controller is how simple it was to set up. The last time I rebuilt my lab’s Windows Domain Controller from scratch I followed this great post series. Setting up Zentyal was even easier and more intuitive.

When we’re done we’ll have an Active Directory server which is fully compatible with vCenter 5.5 SSO’s ”Active Directory Integrated Windows Authentication” configuration, can used by your lab’s Windows clients/servers, and your ESXi hosts or vSphere Management Assistant (vMA) if you join them to the domain.

At this stage it’s worth pointing out the current limitations of Zentyal as of version 3.3:

  • Only one domain in the forest, Samba doesn’t support multiple domains
  • Functional Domain level min 2003, current max 2008R2
  • Trust relationships between domains and forests are not supported
  • GPOs will be synced from Windows servers to Zentyal servers, but not the other way around

None of which seems like a deal beaker for my small lab!

Part 2 of this series explains how to deploy a Zentyal instance into your lab.

 

I’m excited to tell everyone that starting next week I’m joining the Coho Data team as their Technical Product Manager.

Up until now, working as a Technical Architect but being so involved in blogging, authoring a few books, speaking at conferences, and generally communitizing the community; I’ve often been asked if (actually, usually when) I’d be jumping ship and working for a vendor. The fact is I’ve enjoyed being a Technical Architect with all its associated technical and business challenges. But I also recognize the need to grow, to engage less flexed abilities, and to innovate in a meaningful way. I’m a big believer in moving away from your comfort zone and scaring yourself once in a while.

So why Coho Data? Fatalistic beliefs aside (see the footnote tale), the decision to join Coho Data came down to a couple of key things.

The right product

First, from what I’ve already been able to garner (and it’s early days on my technical discovery), I can already tell that Coho has a remarkable product on offer.

 

  • Incredibly fast back-end storage (all writes go straight to PCIe flash – that’s screamin’ supersonic disks via honking wide bus connections)
  • Super efficient data throughput (a data hypervisor, that just like a Virtual Machine Monitor avoids interfering with the IO path)
  • Built for the latest advanced hardware (and ready to take advantage of tomorrow’s hardware)
  • Scales out to cloud proportions with linear performance gains for each new node (i.e. scales-out properly)
  • A clean, gorgeous looking, piece-of-cake management UI
  • Is overflowing with Software Definededness (SDN, SDS, …)
  • Bacon scented aromatherapy candles inside each unit (okay, I made that one up)
And I know I’m only scratching the surface. Honestly, this stuff is mind blowing and I can’t wait to dig deeper.
Mind = Blown

Mind = Blown

The right role

I know several friends who have taken their careers forward as local SEs (Sales Engineers), and others that have taken the Technical Marketing path. But Technical Product Management is a bit of a different step.  Here, the role involves understanding the potential markets, what those markets want to buy now and in the future, and ensuring that that’s the product you’re delivering. In my new role I’ll be working with the developers, helping them understand what Coho’s customers need so they can build the best possible storage solution.

Looking to clarify the responsibilities, one of the more useful précis I’ve found is the following diagram:

So the Technical Product Managers’ responsibilities predominately lie in the pink circle. Yep, I’m meant to be the preppy-looking, lipstick-wearing dude listening to the market’s voice.  And when I look the list: things like Requirements, Roadmaps, and Innovation, then I know that many of the skills I’ve been practicing as an Architect should map well to the new role.  I’m also very happy that it should keep me pretty technically focused in areas such as storage, networking, and virtualization, that I love learning about. It’s a lissome team at Coho, so I expect that I’ll be able to breakout on occasions and branch into other areas such as creating collateral (things like white papers) and helping to drive the product portfolio forward. I’m sure it will be all-hands-on-deck sometimes.

 

I’m very excited to be joining Coho Data. They are an incredible team with a fantastic future. The storage market is full of great technologies at the moment, but I genuinely think that once you dig into Coho’s product a little further you’ll agree they have something very special to offer.

Footnote: Causality

I had a spooky case of happenstance which led me to this job. Back in November I’d heard rumblings on the intertubes about a newly uncloaked storage company called Coho Data. So I attended their first public webinar. That evening I was sat in my local Starbucks enjoying a pleasing late night highly-caffeinated beverage, while surfing the information superhighway. I was trying to find out the gory details about what made this new mystery Coho box-of-tricks tick. 

The Starbucks wifi connection kept dropping, and while trying to reconnect for the umpteenth time, I noticed an SSID called “cohodata”. Hang-on. But that was the web site I was looking at. Not the network to join. My natural reaction was think that an undercover Starbucks employee had managed to spike my coffee with one too many espresso shots; it was probably time to lie down, breathe deeply into a paper bag and recover from my coffee-induced palpitations.  But I rubbed my weary eyes and confirmed that there really was a local wifi network with the same name as the URL I was trying to load. I was literally across the street from Coho’s engineering office. Weird. Who’d a thunk it. Coincidence or fate? And as I perused their portal, dispelling thoughts of clandestine Starbucks’ operations, a job listing took my fancy…

Tagged with:
 

It’s great to announce the release of the new Mastering vSphere 5.5 book.

Mastering VMware vSphere 5.5

 

  

 

This is the updated version of Scott’s long revered mastering title, with all-new content covering vSphere 5.5. In this latest revision, industry leading virtualization experts explain new features such as VSAN, vFlash, and AppHA, along with the countless enhancements since 5.0. Everything from vSphere 5.5 (and 5.1) has been added. Mysteries around certificates and single-sign-on (SSO) are examined, and the book lays out the best paths for installing each component.

Despite the minor sounding update, 5.0 to 5.5; this new edition is a substantial rewrite.  Scott was joined by Nick Marshall who lead the charge.  Nick is a VMware PSO consultant based in Australia but most well-known for his work with the vBrownbag community. He has worked tirelessly this year to update the book and get it released into book stores as close to the official release date as possible. Like the book’s 5.0 predecessor, I had the great honour to join Nick and Scott’s efforts as a contributing author. Alongside me I was joined by the business critical applications (BCA) guru, Mr Matt Liebowitz; and the wizard of all things powershell and automation, Mr Josh Atwell.

 Wow, what a technical writing line-up! 

Mastering VMware vSphere 5.5 - authors

 

 

 

Scott Lowe - blog/twitter

Nick Marshall - blog/twitter

Myself (Forbes Guthrie) - blog/twitter

Matt Liebowitz - blog/twitter

Josh Atwell - blog/twitter

We’re all immensely proud of this book and truly believe that it’s a great resource for learning about vSphere 5.5. We hope you snag yourself a copy and enjoy reading it as much as we enjoyed writing it.
Mastering VMware vSphere 5.5

  

 

This is the third part in a series of three articles describing how I created a basic DNS/DHCP/NTP server for my lab that only uses 24MB RAM and 12MB disk space.

Micro infrastructure server with OpenWRT – part 1
Micro infrastructure server with OpenWRT – part 2

Setting up the services

If you’ve followed parts 1 and 2 correctly, you should be able to hit the web-based GUI now. By default you can access this on any of the interfaces configured. Log in with the root account and the password you just set.

Interface login

Clicking on the Network tab, followed by the Interface tab, shows the three interfaces that were manually configured in the /etc/config/network file. From here you can add new interfaces and edit existing ones.

Interface network

NTP

Configuring the OpenWRT instance to act as an NTP server is very straightforward. On the System > System tab, you can set the hostname and timezone. The Provide NTP server checkbox turns the OpenWRT VM into a local NTP server. The Enable NTP client checkbox keeps it’s local time synced with external time servers. You can set pool servers here as well. My lab is completely isolated from the outside world so I don’t set pool servers. If the time is out, I use the Sync with browser option to update it, which will then correct all my downstream devices. In the real world having accurate time is important for things like log files, but in my lab the important thing is that all the devices have the same time – this NTP server does that.

Once any changes have been made in the Web GUI, click Save & Apply in the bottom right corner.

ntp 2

General DHCP and DNS settings

On the Network > DHCP and DNS tab there are some general settings which apply to all the interfaces. If you can tick the This is the only DHCP on the local network then do so. Making it authoritative will speed up how quickly the clients get their leases. The Local Server setting is how non-FQDN hostnames get resolved by DNS, and the Local Domain setting is the default domain setting given out to DHCP clients.

The next section show the active DHCP leases. The last section is where you add your static DHCP reservations.

General DHCP DNS

DHCP pools

Each interface can be associated with a DHCP pool. On the Network > Interfaces page, click the Edit button next to the VLAN that you want DHCP leases to be provided. Below the Common Configuration section, is the DHCP server section. On the General Setup tab, the first checkbox will disable DHCP if ticked. Assuming this is a subnet where you want a DHCP scope, leave this unticked. You then set the starting address (for example 100  to start at x.x.x.100 on a /24 subnet), the number of leases (for example 99 which will make the pool x.x.x.100 to x.x.x.199), and the duration of the leases.

DHCP_general

On the Advanced Settings tab you can set the subnet mask and the scope options given out with each lease. In the screenshot below I’ve set option 3 to explicitly state the default gateway, and option 6 for the DNS servers.

DHCP_advanced 2

Remember to hit Save & Apply at the bottom of the page.

DNS hostnames

To set the DNS A records, select the Network > Hostnames tab and add in each record.

Hostnames

Review

To review the entire DNS and DHCP configuration, log into the console and take a look at the configuration file

cat /etc/config/dhcp

Backup

One last thing to do before finishing up. Click on the System > Backup/Flash Firmware tab. From here you can get a configuration backup exported as a compressed tarball. This is not only useful if you need to rebuild the server, but it’s an easy way to review all the important config files (it’s just a dump of those files in an archive file).

backup

When I get my SimpliVity sponsored Raspberry Pi delivered, I’ll try to follow up with another post to explain how to install OpenWRT on it.

 

This is the second part in a series of three articles describing how I created a basic DNS/DHCP/NTP server for my lab that only uses 24MB RAM and 12MB disk space.

Micro infrastructure server with OpenWRT – part 1
Micro infrastructure server with OpenWRT – part 3

Installation

To install OpenWRT as  VM, start by downloading the latest version. At the time of writing the latest version is the 12.09 release from April 2013. A pre-build virtual disk image is available from here:

http://downloads.openwrt.org/attitude_adjustment/12.09/x86/generic/openwrt-x86-generic-combined-ext4.vmdk

In your vSphere Web Client (or Windows Client) create a new VM. I based it on Ubuntu 32bit.

Install - Ubuntu 32bit

Before powering on the VM, upload the openwrt-x86-generic-combined-ext4.vmdk image to the VM’s datastore folder. Then edit the VM’s settings to reduce the vRAM down (I run mine with 24MB, but you can probably go lower), make sure that only 1 vCPU is configured, delete the VMDK that was originally attached during the creation process, and attach the OpenWRT disk.

Install - Edit settings

Now that the install is complete, onto the configuration.

Configuration

Power on the VM and you’ll be faced with some console output:

Power on

Just hit enter and the command prompt is displayed:

Power on -enter

Set the password

First thing you’ll probably want to do is to set a password. By default the console will log you in as root and no password is required (it’s blank). So on the console:

passwd root

This ensures that the web interface, once it’s reachable via an IP interface, will have some protection. This by itself doesn’t force a login at the console. This is a lab so I’m not that concerned, but if you want to set this up there is a script here. (I think the reason is the OpenWRT image is primarily aimed at home routers, and you’d only see this if you were attached to it via a console serial cable. Telnet and Web access forces you to log in.)

Network setup

Please note: I’m only going to discuss the configuration of the VM and the host it sits on. How your hosts are connected to their switch, how the switch is configured and what it’s capable of (layer 3 switching?) is up to you.

Ordinarily, at least couple of interfaces are created (not including the loopback interface): lan and wan and they’re bridged together. But because we built a standard VM which only has a single vNIC, then only the lan interface is created. This is exactly what we want because we’re not planning on using this appliance for routing or firewalling traffic (although you could if you wanted to).

Initial network config

By default the lan interface is set to 192.169.1.1/24 so if the VM is on a subnet that you can connect to via this IP, then you should be able to connect with a web browser and configure everything in the GUI.

However, I want to set up DHCP for several trunked subnets and I’ve found it much quicker just to enter this straight into the config file from the outset. Here’s how I set it up.

vi /etc/config/network

I changed the lan (eth0) interface to remove the bridging and set the IP address appropriately.

I also added two virtual trunked interfaces (mgt and vms). The syntax to do this is eth0.x where x is the VLAN ID. For each virtual interface give it a name and an appropriate IP settings for that VLAN’s subnet. My lan interface doesn’t need VLAN tagged as it sits on the switch port’s default VLAN (PVID).

Here’s how I configured mine:

config interface 'loopback'
 option ifname 'lo'
 option proto 'static'
 option ipaddr '127.0.0.1'
 option netmask '255.0.0.0'
config interface 'lan'
 option ifname 'eth0'
 option proto 'static'
 option netmask '255.255.255.0'
 option gateway '192.168.1.254'
 option ipaddr '192.168.1.99'
config interface 'mgt'
 option proto 'static'
 option ifname 'eth0.1000'
 option ipaddr '10.0.0.99'
 option netmask '255.255.255.0'
 option gateway '10.0.0.1'
config interface 'vms'
 option proto 'static'
 option ifname 'eth0.1003'
 option ipaddr '10.0.3.99'
 option netmask '255.255.255.0'
 option gateway '10.0.3.1'

Top tip: in vi you can use yy to copy (yank) a line, and p to paste it.

Once you make any changes to the /etc/config/network file, you need to execute:

/etc/init.d/network reload

to stop and restart the network interfaces.

VM’s trunked connection

In most cases these days, a VM is a connected to a port group in ESXi using Virtual Switch Tagging (VST) – remember the contents of this classic white paper. But here we’re getting the guest OS in the VM to tag the traffic. We don’t want the port group to act as an access port, but we want it to act like a trunk port, sending and receiving traffic on multiple VLANs. To do this, create a new port group and set it to VLAN ID 4095:

VGT web

and set the port group as promiscuous:

Promiscuous web

Now, if everything is set correctly you should be able to ping each interface from something in each subnet (or from anywhere if you have layer 3 switching in your lab).

In the next post I describe how to configure NTP, DHCP and DNS services in OpenWRT.

Micro infrastructure server with OpenWRT – part 3

 
Set your Twitter account name in your settings to use the TwitterBar Section.
%d bloggers like this: