I got a chance to write some F5 iRules for an engagement where we have to virtualise (load balance & intelligent route) DHCP traffic.
On a high level, these are what the iRule accomplishes:
1) Route DHCP Requests to DHCP server pool, based on Relay Agent IP
2) Forward DHCP Response back to Relay Agents or DHCP clients
3) Rewrite DHCP payload - mainly "DHCP Option 54" and "Next Server IP" BootP field to DHCP Server IP (Request) and Virtual Server IP (Response)
4) Intelligent detection for HA peer (another F5 unit deployed) in Active-Active setup
It worked well in Production and I think we achieve the customer needs for DHCP scalability.
Tuesday, July 27, 2010
Sunday, April 4, 2010
Ubuntu 9.04 is Cloud-enabled
Source: http://blog.gardeviance.org/2010/03/cloud-computing-made-simple.html
Considerations before moving to the Cloud
1. Determine your cloud objectives.
2. Pick an application that makes sense.
3. Involve the CSO/risk management team from the beginning.
4. Decide which cloud(s) are acceptable.
5. Create a sandbox where people can experiment.
Source: http://www.cloudswitch.com/page/true-isolation-makes-the-public-cloud-work-like-a-private-cloud
2. Pick an application that makes sense.
3. Involve the CSO/risk management team from the beginning.
4. Decide which cloud(s) are acceptable.
5. Create a sandbox where people can experiment.
Source: http://www.cloudswitch.com/page/true-isolation-makes-the-public-cloud-work-like-a-private-cloud
Sunday, January 3, 2010
Sunday, December 27, 2009
Firewall Migration (from Symantec to Fortinet)
Was engaged in doing a Firewall implementation project for a shipping customer. The project involved these preparation:
Pre-migration Preparation (Wed-Thu, 16-17 Dec)
1) Export & Review (current) Symantec Firewall Policies/NAT rules/objects
2) Create Firewall Policies on Fortinet Firewall
Migration Day (Sat-Sun, 2o-21 Dec)
1) Rack up 2 sets Fortinet Firewalls
2) Cables preparation (with Network Engineering team)
3) Initiate Cutover to new Fortinet Firewalls (Active/Passive mode)
4) Configure Fortinet Firewalls to Active/Active mode
5) Perform Firewall policies tests
6) Perform High Availability test (BGP routing test, L2 redundancy test and Firewall HA test)
7) Perform Fortinet Web Filtering test*
Post Migration Follow-Up (21 Dec Monday)
1) On next Business day, follow up with customer on Firewall performance and issues (if any)
2) Only 2 issues reported and 1 resolved on same day. 1 outstanding and customer reviewing their architecture for that issue.
Overall Project Review
================
- Pretty smooth migration on migration day with about 95% objectives achieved
- Issue with network design for 1 x Sonicwall IPSEC firewall (still oustanding)
=============
Project Statistics:
=============
Man-days consumed: 4 Man-days
No. of Fortinet Firewalls implemented: 2 sets
No. of rules migrated: 100+
Customer Satisfaction: Fairly Good
Pre-migration Preparation (Wed-Thu, 16-17 Dec)
1) Export & Review (current) Symantec Firewall Policies/NAT rules/objects
2) Create Firewall Policies on Fortinet Firewall
Migration Day (Sat-Sun, 2o-21 Dec)
1) Rack up 2 sets Fortinet Firewalls
2) Cables preparation (with Network Engineering team)
3) Initiate Cutover to new Fortinet Firewalls (Active/Passive mode)
4) Configure Fortinet Firewalls to Active/Active mode
5) Perform Firewall policies tests
6) Perform High Availability test (BGP routing test, L2 redundancy test and Firewall HA test)
7) Perform Fortinet Web Filtering test*
Post Migration Follow-Up (21 Dec Monday)
1) On next Business day, follow up with customer on Firewall performance and issues (if any)
2) Only 2 issues reported and 1 resolved on same day. 1 outstanding and customer reviewing their architecture for that issue.
Overall Project Review
================
- Pretty smooth migration on migration day with about 95% objectives achieved
- Issue with network design for 1 x Sonicwall IPSEC firewall (still oustanding)
=============
Project Statistics:
=============
Man-days consumed: 4 Man-days
No. of Fortinet Firewalls implemented: 2 sets
No. of rules migrated: 100+
Customer Satisfaction: Fairly Good
Saturday, September 5, 2009
ROBOCOPY (Windows utility for volume file copy)
I was doing a file server files migration to a SAN backend Windows File (Cluster) Server.
The total fileszie to transfer was about 450GB and using Windows Explorer style file copy/paste didnt work for huge folders. Then I found ROBOCOPY.exe as part of a Windows resource utility.
It can be downloaded here: http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
The total fileszie to transfer was about 450GB and using Windows Explorer style file copy/paste didnt work for huge folders. Then I found ROBOCOPY.exe as part of a Windows resource utility.
It can be downloaded here: http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
Thursday, September 3, 2009
VMFS
Was doing some researching into virtualisation and found the concept of VMFS
The whitepaper is available here:
http://www.vmware.com/pdf/vmfs-best-practices-wp.pdf
Subscribe to:
Posts (Atom)
