Developers Club geek daily blog

Cisco IOS shellcode: All-in-one

1 year, 1 month ago


This post is the answer to the recent publication on a resource Habrakhabr from the Russian representative office of Cisco.

The author – that "unripe" and "beginning" researcher from the Digital Security company mentioned in article of the representative of Cisco.

Strange, the representative office of so known company dares to use so low syllable in the official blog, and also gives comments, based on surface outputs, but not on technical details. Let's look what it was made by our research center and with what could not or specialists of Cisco did not want to understand.

Read more »

Reservation of internal and external communication channels, static routing, corporate network on MikroTik

1 year, 1 month ago
I work as the technical support engineer in ISP. In article I will share experience of creation of a corporate network with static routing and reservation of communication channels, and also automatic informing on accident on email, at the limited budget for a distribution network of shops. For experienced network engineers article will hardly be interesting. This article can be useful for administrators to whom the similar task is set.

I consider that dynamic routing in this task would work not so quickly and possibly reliably as that is demanded by the project. I have nothing against dynamic routing, but negative responses about its work on the equipment MikroTik and some specifics of a network (about it below), influenced the choice towards a statics and scripts.

Read more »

FlexPod DataCenter: Direct-Attached Storage

1 year, 1 month ago
In the previous article I told about "a не-FlexPod of DC" to architecture which can be supported from "one hands" according to the Cisco "Solution Support for Critical Infrastructure" (SSCI) program. Its main feature consists that in it there are no Nexus series switches and if there to add them, such architecture can become full-fledged FlexPod DataCenter.

Here the speech about new design of a network, for FlexPod DataCenter, with a live broadcast of SHD NetApp will go to the UCS domain. Difference from standard architecture of FlexPod DataCenter is that the switches Nexus are located not between UCS and NetApp, and "over" UCS.

In spite of the fact that and before SHD NetApp of the FAS series it was possible to connect directly to Fabric Interconnect (FI), officially the architecture of FlexPod DataCenter did not predusmarivat such design. Now the design with a live broadcast is supported and to saportitsya as FlexPod DataCenter architecture.

The general design of the FC and FCoE network with a live broadcast
Opisny switching circuits on the image are higher
Simultaneous connection on FC and FCoE is represented for two reasons:
  1. It is so really possible to make and it will work
  2. To show that it is possible for FC and/or FCoE.

Ethernet connection between two NetApp FAS controllers are represented for two reasons:
  1. To show that it is two notes of one NA of system (if it is more notes, on the picture surely there would be cluster switches).
  2. External cluster link obligatory accessory of the Clustered DataONTAP operating system.

FC a link from FI to Nexus of the switch is represented for two reasons:
  1. For the future. When we need to switch NetApp to Nexus switches and FI got access to the Lun'am. Then the scheme will become more scaled, it will be possible to add still UCS domains.
  2. To take away resources from storage from other servers which do not enter the UCS domain. For example UCS Rack of servers (UCS C a series) not connected to FI or servers of other vendors.

For traffic Ethernet jointly as with a live broadcast and the iSCSI protocol, and a live broadcast and the FCP protocol — by means of the multipasing which is built in these protocols there are no problems in setup of fault tolerance and balancing on links.
And here for NAS protocols, with a live broadcast (NFS v2/NFS v3 and CIFS v1/CIFS v2), in a type of lack of balancing of loading and a multipasing in these protocols, their function have to fulfill some other, underlying protocols, such as LACP and vPC (FI does not support vPC), thus fault tolerance for Ethernet of a network will have to build somehow in a different way. For example fault tolerance for Ethernet can be made at the level of a virtual switch (that can have problems with performance of such switch) or by means of active-passive of switching of the aggregated network link, without LACP (that the traffic on all available links will not allow to balance), ifgrp link for this purpose aggregated, from SHD, has to be configured in the single-mode mode.
The question with a live broadcast for NAS protocols not so sharply looks for NFS v4 and CIFS v3.0, but demands support of these protocols on the party of clients and SHD (all systems of FAS with cDOT are supported by NFS v4 and CIFS v3.0) as both protocols at last purchased a certain similarity of a multipasing.
to configure FCoE and CIFS/NFS a traffic over one link
  • First the version of a firmware Cisco UCS firmware 2.1 or above is necessary
  • Secondly the storage with 10GB CNA/UTA ports is necessary

Further we go on settings:
From NetApp storage it is necessary to transfer ports to CNA status (existence of CNA ports, normal Ethernet 1/10Gbs is necessary ports of it do not support), by means of the ucadmin command on SHD (restart of SHD will be required). In system independently "virtual" ports Ethernet and "virtual" FC ports, separately will be displayed (though the physical port for one such "virtual" Ethernet and one "virtual" FC will be used one). Such ports separately as normal physical ports are configured.
On FI it is necessary to include the FC mode in a status of "Switching mode", in the Fabric A/B settings on the Equipment tab. This setup will demand restart of FI.
After restart of FI on the Equipment tab it will be necessary to transfer convergent ports to the Appliance port mode, after several seconds the port will pass into online mode. Then recustomize port in the FCoE Storage Port mode, on the right panel you will see type of Unified Storage port. Now will be vozmozhnocht to select VSAN and VLAN for such port. And the important point created earlier VSAN has to have included "FC zoning" on FI to execute a zoning.

Setup of a zoning for FI:
SAN-> Storage Cloud-> Fabric X-> VSANs-> Create "NetApp-VSAN-600"->
VSAN ID: 600
FCoE VLAN ID: 3402
FC Zonning Settings: FC Zonning-> Enabled

SAN-> Policies-> vHBA Templates-> Create "vHBA-T1"-> VSAN "NetApp-VSAN-600"

SAN-> Policies-> Storage Connectivity Policies-> Create "My-NetApp-Connectivity"-> Zoning Type-> Sist (or Simt if is necessary)-> Create->
FC Target Endpoint: "NetApp LIF's WWPN" (begins with 20:)

SAN-> Policies-> SAN Connectivity Policies-> Create "NetApp-Connectivity-Pol1"-> vHBA Initiator Group->
Create "iGroup1"-> Select vHBA Initiators "vHBA-T1"
Select Storage Connectivity Policy: "My-NetApp-Connectivity"

During creation of Server Profile to use the created politicians and vHBA a template.

Read more »

RDMA: look from within

1 year, 1 month ago
Growth of popularity of cluster systems as environments for high-performance calculations or HPC (High Performance Computing) brings a problem of ensuring effective interaction of the platforms forming a cluster to the forefront.

Картинка для привлечения внимания

Read more »

Network monitoring: as we monitor that all nodes worked for the large companies

1 year, 1 month ago

By the form this optics going on the wood to a collector it is possible to conclude that the assembler did not observe technology a little. Fastening on a photo also prompts that it is, probably, the seaman – a node sea.

I from command of ensuring physical operability of a network, in other words – the technical support which is responsible for that bulbs on routers blinked as it is necessary. We have "under a wing" different large companies with infrastructure over all country. In their business we do not climb, our task – that worked a network at the physical control layer and the traffic passed as it is necessary.

The general sense of work – permanent poll of nodes, removal of telemetry, runs of tests (for example, check of settings for search of vulnerabilities), ensuring working capacity, application monitoring, a traffic. Sometimes inventories and other perversions.

I will tell how it is organized also to steam of stories from departures.

Read more »

In 600 000 Arris modems found a backdoor in a backdoor

1 year, 1 month ago

According to the specialist in the field of safety, 600 000 cable modems Arris will surprise users with not palatable surprise under the name "backdoor in a backdoor".

The software tester from Globo TV Bernardo Rodriguez published the report on the hidden libraries found in three cable modems Arris. In turn, thanks to the search engine Shodan allowing to investigate data on all devices connected to a network similar defects in 600 000 modems were revealed.

Read more »

Inconvenient questions of architecture of RDMA

1 year, 1 month ago
We saved up an array of the materials connected with studying of architecture of Remote Direct Memory Access. During its forming a number of the moments became more clear, but mechanisms of some implementations still remained only in the form of assumptions. Unfortunately, the existing perspective of remote access directly to memory is reduced to a reduced model of failure from excess transfers. It is obvious that in a case with RDMA we deal with the entity generating new quality of cross-platform interaction which basis is mortgaged by such corner concepts as IfiniBand and NUMA.

Read more »

Technologies of virtualization of Cisco switches and Hewlett Packard Enterprise

1 year, 1 month ago

Today enough similar would be desirable to talk about two technology of virtualization of switches which allow to integrate several switches in one logical. It will be a question about the Cisco Virtual Switching System (VSS) and HPE Intelligent Resilient Framework (IRF) technologies. Within article we will consider in more detail as the VSS technology then we will talk about the IRF technology works.

Read more »

The first-ever floating data-center was floated

1 year, 1 month ago

The startup of Nautilus Data Technologies surprised many with the idea of creation of floating data-centers. Or rather, even not the idea, and the fact that the company began to implement the project on creation at once of two data-centers which will be not on the earth, and on water. For the first time the company declared itself at the beginning of a year, and declared quite loudly, having submitted to the public plans for construction of floating commercial data-centers. Data-centers were going to be used for placement of server hardware, that is Nautilus Data Technologies acts as kolokeyshn-provider.

According to founders of the company, Arnold Magkeyl (Arnold Magcale) and Deniyeloa Kekay (Daniel Kekai), floating data-centers have several benefits in comparison with normal DTs. First, it is an opportunity to quickly move a data-center from place to place, in case of need. Secondly — lack of such factors as natural disasters — earthquakes, wars, etc. Of course, there is also a possibility of a storm, but DTs are quite well adapted for heavy sea of any force. But at such object always available coolant is water which the system takes away from under the vessel bottom.

Read more »

Matrix of opportunities of modern messengers with the emphasis on safety

1 year, 1 month ago
Hi, % %Username!

Decided to make the table of features of modern messengers with a careful eye to safety and a threshold of an input. Perhaps, to someone it will help to make a choice of the suitable tool for communication.
About what at me turned out — under a cat.

Read more »