Opus Interactive | If These Servers Could Talk

There are many free or low cost tools available today to help a Network Administrator run and manage an efficient and well documented network.  I’m going to discuss a few of those and how they assist me in this endeavor. 

Most network devices have the ability to log system messages to a syslog server.  For Cisco and other vendors, these messages will range in severity.  For example, a notification message with a severity = 5 is a ’notification’event where severity = 2 is a ‘critical’. The syslogging server will collect these messages from all your network devices (even if they are in multiple locations) and store them in a central location for review and archival.  When reviewing these logs you may avoid a network situation which could result in a loss of service.  Kiwi Enterprises (now Solarwinds) makes a popular syslogging server called Kiwi Syslog.  This software can also be used to parse the logs and alert you via email or SMS based on the severity of the syslog message. This is an especially convenient time saving tool.

Another great Kiwi application is Kiwi CatTools.  CatTools can be configured to log into your network devices and perform pre-configured or scripted activities.  I use CatTools’ pre-configured activity to backup the running-config of our Cisco and HP devices.  I also use its simple scriptable activity to make batched configuration changes- say you want to update the NTP server address on all your routers and switches.  CatTools allows you to do this without logging into each device.  Again, a really nice time saving tool! Once you have setup the activity, it will SSH or telnet into your device, execute the commands, and copy the running-config to startup-config. 

CatTools also offers change management features.  When using their activity to backup the running-config, CatTools will create an archive copy of configs that have been changed.  You can even get it to send HTML email reports detailing any lines that have changed. Pretty cool feature I’d say!

For devices that support Netflow or other flow protocols, I use Scrutinizer, which is a free flow collector, and setup the devices to send ‘flows’ to the collector.  A network flow is a unidirectional sequence of packets containing IP information.  When setup with a collector, you can see detailed information about your net work traffic including ingress interface, source IP, destination IP, and Source/Destination port for TCP and UDP. The screen shot here shows you some of that reporting functionality.

These are just a few simple and low cost systems you can apply to your network to immediately improve overall efficiency, helping you proactively learn about unwanted network events and save critical time when troubleshooting.

VLAN tagging allows a single network interface to access multiple networks at the same time. The multiple VLANs are presented as individual “virtual” NICs to the operating system. Each virtual NIC can have its own IP configuration.

VLAN tagging is useful when your server needs to connect to multiple networks but has a limited number of physical network adapters, or when the physical adapters are “trunked” into a single interface for speed or redundancy.

The underlying protocol is 802.1q and the server operating system, network adapter and the connected switch must support the protocol. There is other functionality within 802.1q but here we are only concerned with VLAN tagging.

The switch port(s) connected must also be configured for VLAN tagging. I will not go into switch configuration or VLAN theory and planning here.

Although I did not test it, IPv6 settings should work as well when applied to the VLANs.

————————————————————-

Manual settings

The VLAN interfaces can be turned up and configured manually at the command line.

Create the VLANs:

# ifconfig vlan_device vlan vlan_id vlandev parent_device

vlan_device is a number you assign to the interface.
vlan_id is the VLAN number to use that is configured on the connected switch.
parent_device is the physical interface name this VLAN is running on.

Example

# ifconfig vlan0 vlan 101 vlandev fxp0

Assign IP settings:

# ifconfig vlan_device ip address netmask netmask

Example

# ifconfig vlan0 10.20.30.1 netmask 255.255.255.0

An ifconfig vlan0 or an ifconfig –a will now show a vlan0 interface with the assigned IP settings.

Remove:

# ifconfig vlan0 destroy

————————————————————-

Permanent settings

The following configurations will allow the VLANs to be setup at server boot time.

1.) Edit /etc/rc.conf

The cloned_interfaces parameter will create the desired VLAN interfaces:

cloned_interfaces=”vlan20 vlan30″

Add ifconfig lines for each vlan device:

ifconfig_vlan20=”inet 192.168.0.3 netmask 255.255.255.0 vlan 20 vlandev fxp0″
ifconfig_vlan30=”inet 172.17.16.3 netmask 255.255.255.0 vlan 30 vlandev fxp0″

If the physical interface will not have its own IP address assigned, bring it up explicitly:

ifconfig_fxp0=”up”

2.) Reboot the server to verify your configurations work at boot time.

————————————————————-

Notes:

– Whether configured manually or at boot time you should see a kernel module loaded for VLAN operation.

kldstat returns a list of loaded modules. You should see if_vlan.koin the list when using VLANs.

– It is good practice to avoid using VLAN ID 1 anywhere as it is usually reserved as the Primary/Native VLAN on switches.

– Not all NICs support 802.1Q VLANs – look for VLAN_MTU and VLAN_HWTAGGING options for your NIC in ifconfig. man vlan provides further info. I found though that my adapter (bce0) was not listed in man vlan but it did support the necessary options and worked with VLAN tagging.

————————————————————-

Older versions of FreeBSD

Older versions of FreeBSD may not load the kernel module automatically. In these cases you will need to modify your kernel to enable the VLAN tagging functionality.

To compile this driver into the kernel, place the following lines in your kernel configuration file:

device miibus
device vlan

- or add something like the following line to add the vlan devices directly into the kernel

pseudo-device vlan 2 # IEEE 802.1Q VLAN Support

Alternatively, to load the driver as a module at boot time, place the following line in loader.conf (/boot/loader.conf):

if_vlan_load=”YES”

Note: I did not test these kernel settings on older versions of FreeBSD myself. This was gleaned from other sources on the Internet.