Tuesday, November 13, 2018

How to make bootable ESXi 6.7 USB stick on Ubuntu 18

A.K.A. "Format a USB Flash Drive to Boot the ESXi Installation or Upgrade"

I got new hard drives for my home server and decided that it is a good time to update ESXi to version 6.7. The question came up: how to make a bootable USB stick with ESXi 6.7 iso image on Linux?

 There is no Windows PC at home. I don't have a Mac either. Luckily, VMWare prepared a doc about the topic - it is a part of ESXi 6.7 User Guide. My happiness didn't last for long. I followed the steps: created FAT32 partition, marked it bootable, installed syslinux and copied files, moved and updated syslinux.cfg. But it didn't work.

Apparently, VMWare 6.7 ISO image is not compatible with current syslinux used by Ubuntu 18.04:
syslinux -v
syslinux 6.03  Copyright 1994-2014 H. Peter Anvin et al
When I tried to boot the server from USB stick I started to see all kinds of error messages like:
Failed to load COM32 file menu.c32
I even tried to copy syslinux files as recommended here. But it didn't help. Then I tried some other options and got another error:
Loading -c... failed! No files found!"
The problem is clear. When I compared the steps for ESXi 5.1 and 6.7 - I found a difference. In 5.1 VMWare clearly states that they're using syslinux 3.86:
Verify that the machine opn which you are performing this procedure has access to syslinux version 3.86. This procedure requires syslinux version 3.86.

Let's try with syslinux 3.86:

1. Download syslinux-3.86 archive from here and unpack it.
2. If you've never done any development on your ubuntu machine, you may require to install multiple packages such as (maybe you will need something else as well):
sudo apt install nasm build-essential uuid-dev
3. When you're done installing dependencies, compile the installer:
~/Downloads/syslinux-3.86$ make installer
4. If everything goes fine, you're ready to install syslinux 3.86 binary on your ESXi USB stick. I'm assuming your USB stick device is /dev/sdb1. If you follow the steps in official VMware ESXi 6.7 documentation then you have to adjust step 4. In the manual you have this:
/usr/bin/syslinux /dev/sdb1
cat /usr/lib/syslinux/mbr/mbr.bin > /dev/sdb
Assuming, you have your syslinux-3.86 source code located in ~/Downloads/syslinux-3.86, do the following:
cd ~/Downloads/syslinux-3.86
mtools/syslinux /dev/sdb1
cat mbr/mbr.bin > /dev/sdb
5. In step 9 official manual recommends to add "-p 1" to APPEND line in syslinux.cfg. SKIP this step.
6. Follow other steps as usual and you should be able to boot from the USB stick.

Wednesday, February 21, 2018

PlayStation 4 - 5 years

It's Sony PlayStation 4 birthday.

When it got released, it didn't have any IPv6 support whatsoever. But over last5 years IPv6 got some traction in PS development roadmap.

Here is a ~2 years old post by Tore Anderson about PS4 IPv6 "capabilities". There is no public information available in Internet, so we can only rely on experimentation.

Wednesday, February 7, 2018

Cisco living in the past?



It is 2018. Cloud Computing era. Era of commodity network platforms and open source software. High capacity network switches are deployed by dozens or hundreds. Modern network requires more bandwidth with lower cost per bit and higher port density.

Today, I got an email from Cisco - VIRL PE 1.5 is released. I follow the link. They offer Personal License for 20 devices. What can you do with 20 devices? You emulate campus network or 10 years old service provider network architecture.

Greg is right to the point:


Cisco, it's time to change.

Tuesday, January 30, 2018

update on the certification

Here is an update - few years later I still haven't received my number. I tried to pass the lab few times (was it 2 or 3?) but it was quite obvious to me that I have to type faster - every time I was running out of time. And at this point I ran out of money for this hobby project.

Today, I prefer to learn more useful skills such as programming, software architecture and related disciplines. I don't feel that there is any drastic change in the way how we operate networks: routing protocols are still the same, network hardware works in the same way as before - everything gets bigger and faster. You can probably disagree and say: "Look! There are so many SDN projects around!" - but I'll reply: "Yes, but what exactly do they change?" By moving complexity to the different place in the network you will probably make it look more novel... But based on the history we just repeating the pattern: centralized vs distributed architecture and control. While we, network engineers, were building distributed networks, the mobile industry were building very centralized instead. Now, traditional packet networking is switching to centralized (with all kinds of controllers) and mobile industry is switching to distributed because packet gateways cannot handle so much traffic in the central location. So, what exactly have we accomplished, as an industry, in the last 5 years?

Just my .05 cents.

Thanks for reading.

Monday, January 29, 2018

Cisco Configuration for Comcast IPv6

Looking for IPv6 config for the Cisco IOS router? Here it is!

Here is an example of Comcast IPv6 config I have at home. I have the router with 3 GigE interfaces: g0/0 is LAN, g0/2 is Comcast Cable modem connected in the bridge mode.

The router gets /56 IPv6 prefix assigned through DHCP-Prefix Delegation and use it to assign the address on the internal g0/0 interface. Also, it assigns a separate /64 subnet on the g0/1 interface where all of my IPv6 servers are connected. I rely on Google DNS instead of Comcast.

Basic management access list prevents ingress ssh connections from non-whitelisted subnets.

router#show running-config
Building configuration...

Current configuration : 3497 bytes
!
upgrade fpd auto
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname <my-router>
!
boot-start-marker
boot system disk0:/ciscoXXXX.bin
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$secret
!
aaa new-model
!
!
!
!
aaa session-id common
no ip source-route
ip cef
!
!
!
ip dhcp pool homenet
   network 10.0.1.0 255.255.255.0
   domain-name domain.net
   dns-server 8.8.8.8 8.8.4.4
   default-router 10.0.1.1
!
!
ip domain name domain.net
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool homenet6
 dns-server 2001:4860:4860::8888
 dns-server 2001:4860:4860::8844
 domain-name domain.net
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$adminpassword//
archive
 log config
  hidekeys
!
!
!
!
!
ip tcp ecn
ip tcp path-mtu-discovery
ip ssh version 2
!
!
!
!
interface GigabitEthernet0/0
 description <<home network>>
 ip address 10.0.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 media-type rj45
 no negotiation auto
 ipv6 address comcast ::1/64
 ipv6 nd other-config-flag
 ipv6 dhcp server homenet6
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 media-type rj45
 no negotiation auto
 ipv6 address comcast ::1:0:0:0:1/64
!
interface GigabitEthernet0/2
 description <<comcast cable modem>>
 ip address dhcp
 ip access-group internet_in in
 no ip unreachables
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 media-type rj45
 no negotiation auto
 ipv6 address dhcp rapid-commit
 ipv6 address autoconfig default
 ipv6 enable
 ipv6 dhcp client pd hint ::/60
 ipv6 dhcp client pd comcast rapid-commit
 no cdp enable
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex half
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface GigabitEthernet0/2 overload
!
ip access-list standard remote_management
 permit 10.0.1.0 0.0.0.255 log
 deny   any log
!
ip access-list extended internet_in
 deny   ip 0.0.0.0 0.255.255.255 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 100.64.0.0 0.63.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 169.254.0.0 0.0.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.0.0.0 0.0.0.255 any
 deny   ip 192.0.2.0 0.0.0.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 198.18.0.0 0.1.255.255 any
 deny   ip 198.51.100.0 0.0.0.255 any
 deny   ip 203.0.113.0 0.0.0.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   icmp any any echo log
 deny   icmp any any redirect log
 deny   icmp any any timestamp-request log
 deny   icmp any any information-request log
 deny   icmp any any mask-request log
 permit ip any any
!
access-list 10 permit 10.0.0.0 0.0.0.255
access-list 10 permit 10.0.1.0 0.0.0.255
!
!
!
!
!
!
ipv6 access-list remote_mangement_v6
 permit ipv6 dead:beef:c0ff:D0::/64 any
 deny ipv6 any any log
!
control-plane
!
!
!
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 transport output all
 stopbits 1
line aux 0
 transport output all
 stopbits 1
line vty 0 4
 access-class remote_management in
 ipv6 access-class remote_mangement_v6 in
 transport input ssh
 transport output all
line vty 5 15
 access-class remote_management in
 ipv6 access-class remote_mangement_v6 in
 transport input ssh
 transport output all
!
end

Monday, July 20, 2015

Cisco USB Console on a Mac

Simple bash script for Cisco USB console. It dynamically inserts device number into screen argument - very handy. Works only for one connected console at a time.

I keep it in my $HOME/bin/cisco-usb-console directory:

#!/bin/bash
PORT=$(ls  /dev/tty.usbmodem*)
exec screen $PORT 9600
Enjoy! :)  

Saturday, January 31, 2015

IOS XR: redistribution of EIGRP routes

Redistribution of EIGRP routes into MP-BGP seems to be very simple process. However, I spent 40 minutes troubleshooting the issue.

Simple scenario, PE-CE EIGRP and MP-BGP in the SP Core

PE Config:
RP/0/0/CPU0:XR1(config)#sh run router bgp
Tue Jan 31 11:53:35.119 PST
router bgp 100
 bgp router-id 19.19.19.19
 address-family vpnv4 unicast
 !
 neighbor 3.3.3.3
  remote-as 100
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 vrf VPN_B
  rd 100:2
  address-family ipv4 unicast
   redistribute eigrp core
  !
 !
RP/0/0/CPU0:XR1(config-bgp-vrf-af)#sho run router eigrp
Tue Jan 31 11:53:58.807 PST
router eigrp core
 vrf VPN_B
  address-family ipv4
   autonomous-system 1
   redistribute bgp 100
   interface GigabitEthernet0/0/0/2
   !
  !
According to IOS XR 5.2 Command Reference Guide "redistribute eigrp" syntax is pretty straightforward:
Enhanced Interior Gateway Routing Protocol (EIGRP)
redistribute eigrp process-id [ match { external | internal } ] [ metric metric-value ] [ route-policy route-policy-name ]
no redistribute eigrp process-id [ match { external | internal } ] [ metric metric-value ] [ route-policy route-policy-name
What is the process-id? According to the same reference guide:
process-id
For the eigrp keyword, an EIGRP instance name from which routes are to be redistributed.        

...but I don't see any vpnv4 routes from my PE (19.19.19.19):

R3#sh bgp vpnv4 unicast all summary
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 75, main routing table version 75
8 network entries using 1216 bytes of memory
8 path entries using 640 bytes of memory
8/8 BGP path/bestpath attribute entries using 1280 bytes of memory
8 BGP extended community entries using 1620 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 4756 total bytes of memory
BGP activity 27/19 prefixes, 31/23 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4          100     110     128       75    0    0 01:31:51        2
4.4.4.4         4          100     104     126       75    0    0 01:31:38        2
5.5.5.5         4          100     110     125       75    0    0 01:31:40        2
19.19.19.19     4          100      31      40       75    0    0 00:10:41        0

Then I realized that it could be something wrong with process-id - instead of the core I tried to use AS number inside vrf:

vrf VPN_B
  rd 100:2
  address-family ipv4 unicast
   redistribute eigrp 1
   redistribute eigrp core

And it worked!

R3#sh bgp vpnv4 unicast all summary
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 75, main routing table version 75
8 network entries using 1216 bytes of memory
8 path entries using 640 bytes of memory
8/8 BGP path/bestpath attribute entries using 1280 bytes of memory
8 BGP extended community entries using 1620 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 4756 total bytes of memory
BGP activity 27/19 prefixes, 31/23 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4          100     115     133       75    0    0 01:36:37        2
4.4.4.4         4          100     109     131       75    0    0 01:36:24        2
5.5.5.5         4          100     115     130       75    0    0 01:36:26        2
19.19.19.19     4          100      36      45       75    0    0 00:30:07        2