Archive for June, 2011
Recently I have been researching HP C7000 chassis connectivity options extensively. Prior to diving deep into it, Virtual Connect FlexFabric seemed like a no brainer. On the surface, it has many advantages.
The cabling / port reduction is an obvious win, as is the ability to have some control over WWID and MAC assignment to blades. Moving East / West traffic between chassis without having to go Northbound to a ToR or EoR switch is attractive as well. Of course these are all things that are just standard with UCS, but I digress.
After many meetings with HP, I still had some questions that were unanswered. I turned to the many thousands of pages of HP documentation on the subject. Sifting through all the “cookbooks” and the in-depth guides to Virtual Connect, and talking with some current users of FlexFabric, I came to the conclusion that it is missing some key features that are needed in a VMware environment. In fact, I would say that for Cisco shops running VMware, HP FlexFabric makes little sense.
The biggest problem I have with Virtual Connect FlexFabric is the lack of any real QoS. Once traffic enters the Virtual Connect module, it’s anarchy. There are no controls in there for prioritization or control of bandwidth. In a VMware environment, where there will be multiple types of traffic, each capable of generating significant load, the only control you have on VC is egress rate limiting.
It’s akin to limiting the number of people one can put in a single car, right before driving through the middle of Rome.
For those who haven’t had that experience, trust me, it’s the same type of anarchy that occurs inside VC. The only rule is try not to die.
Here’s a nice diagram showing Virtual Connect and VMware traffic flow design from M. Sean McGee’s blog:
When you have a Cisco 1000V on the ESXi host and a Nexus 5K on the other end, it makes little sense, in my opinion, to completely break awesome features like Priority Flow Control and Bandwidth Management. HP states that they do support FCoE and DCB (CEE), which should include the above features, but their own guys cannot really say how one would configure, or troubleshoot it. That’s part of the problem. VC is a black box that abstracts your ability to see what is going on inside.
One of my other negatives for VC FlexFabric is that I have no choice but to split my 10GbE pipe into smaller pipes if I want to run an HBA off the adapter. If I use the exact same onboard CNA without FlexFabric, I don’t have to do that. This can be solved with separate HBA’s, or 10Gb NIC’s, but that negates the alleged cost savings. So now I’m forced to try and guess how much bandwidth I need for each traffic class, when I already own switching infrastructure that is smart enough to do that for me.
In my opinion, this is akin to disabling DRS. DRS is smarter than you, and faster. Why would anyone disable it? Cisco QoS is certainly smarter than me, as is VMware NetIOC. So why would I want to throw some arbitrary limits on my huge pipe? VMware admins understand that shares are better than reservations or limits. The reasoning is the same on the networking side.
There are other problems I see with this solution, but I don’t want to bore you. One complaint I have heard from close associates is the HP recommended method of “stacking” VC modules is problematic. Not only do you have to give up 3 of the 8 ports per module for stacking, but it can create bandwidth issues as well. Recently, a friend of mine had to completely revamp his setup to uplink everything, as opposed to stacking, which was allegedly causing bandwidth problems in his environment. Ohh, and in addition to all this, the FlexFabric module will take FCoE and pass it North as standard Ethernet. So you lose any of the FCoE features provided by your Nexus switch.
Companies that are not virtualizing certain applications, but will run them on blades, may find that the advantages of moving around MAC and WWID’s outweigh the potential disadvantages of FlexFabric. Everything on my blades will be ESXi, so I don’t really have a need for quick physical ID recovery.
As of right now, I plan to use passthrough modules on the C7000’s. At least until a better alternative comes out. Passthrough is slightly more expensive on the uplink port side, but it doesn’t prevent my networking team from having end to end visibility and management. And that takes some of the guesswork, and the administration off of my team, which is a good thing! I would be interested to hear your experiences in the comments below.
I came across this tip from a fellow colleague today and wanted to share it with everyone. You can run Zimbra Desktop in your default web browser. My default web browser is Chrome and I have found running Zimbra Desktop in Chrome to be very responsive.
First step is to open the native Zimbra Desktop Client and then click Setup in the upper right corner.
This will open the setup screen for the Zimbra Desktop Client. Located in the bottom right you will see an option for open in web browser; click this link.
This will open Zimbra Desktop in your default web browser, once it opens click Launch Desktop.
And there you go, the Zimbra Desktop Client running in a web browser, in this case Chrome.
A couple notes:
The native Zimbra Desktop Client must remain open, so I just minimize the native Zimbra Desktop Client.
You have to “launch in a web browser” each time you close your web browser or the native Zimbra Desktop Client.
Charge-back, Show-Back, Shmargeback, call it what you will but get off your duff and do it. As I travel around and work with customers on building out their Private/Hybrid cloud strategies I’m amazed at how few organizations actually have a clue about what it costs to deliver IT services. Sure, the CFO could look at his budget and say, “Mmmm, yup you guys cost me X.” Ok, but what are you actually delivering for X??
Can you clearly articulate, “I deliver this, this, and that at these service levels that backstop and deliver this revenue for the business”?
Increasingly IT is being questioned: “What do you actually provide me?” and “Is there another way I could do it more efficiently (cheaper in CFO speak)?” VMware’s Paul Maritz like to point out that for the first time in IT’s recent history, corporate IT now has an external (competitive) rate card against what their services can be compared. It’s easy today for a Line of Business to go to Amazon, Rackspace, you-name-it, and simply procure IT services. Sure, it’s fraught with issues and considerations (that the business user won’t consider) but at the end of the day, it’s cheap, easy and moves at their pace — NOW!
I firmly believe corporate IT still can provide HUGE value to the business, but to maintain relevance it needs to dramatically change. You MUST be able to articulate what it costs to deliver a given service. You MUST be able to differentiate your services and the value you provide to the business in terms they understand and care about. The fundamental basis for doing so is measurement. So what should you do?
- Examine yourselves.
- Procure the tools needed to start metering your services.
- Deploy those tools
- It’s amusing how often people buy capabilities yet never deploy them….usually because they are too busy or lack the skills in-house.
- Differentiate your services, for example:
- Compute and Storage Performance tiers
- RTO/RPO tiers
- Start providing your LOB’s with metrics of what they are actually consuming and the associated costs for those services (showback, baby!)
- If you don’t do Chargeback today this will start to condition the business to see your services defined in these terms, all-the-while setting the stage for moving to a chargeback model.
- This will also give you an internal scorecard by which you can measure yourself against those external providers. Believe me, if you are not already, your internal customers are.
- For new services/requests, begin engaging in meaningful business-based conversations about what is actually needed for a given service. Show the consumer the costs associated with the various tiers of service (“NO, DR isn’t free”, it costs $20/month/VM”, for example).
At the end of the day it’s economics. When we as IT service providers can define various levels of service at graduating degrees of cost, the business will decide what they are willing to pay for based upon their requirements. Furthermore, you will be able to truly measure yourself against external providers and clearly articulate your value-add.
Without it, your days are numbered.
“This aint’ your Daddy’s Oldsmobile”
The CCNA Exam is much more difficult than the VMware VCP Certification. There are a number of reasons why this is the case. Mainly the format of the exam goes against the way that I’ve studied for other tests. The content is also very broad for an ‘entry level’ certification. I compared the difficulty of content and interaction to the EMC Proven Professional Specialist exams or possibly to the VCAP-DCD. Consider this exam as a mid-level certification (AKA Don’t overestimate its difficulty) and you will start off in a better place in your preparation.
To study for this exam will interrupt some part of your life. To get the ‘speed and accuracy’ required to get through the questions and not make mistakes, was to learn the content first and then learn how the content applied in the test. I felt like I knew the content and went to the practice exams and found I missed one of 2-3 correct choices more often than I expected. Effectively, I was aware of the content but hadn’t studied it. I made more than 2 runs at the exam and came out with my tail between my legs. I was confident; but wrong. I was discouraged.
I selected the combined exam because it matched my training class content, but I entered the decision blind. The CCNA 802 exam is much more intense, on fewer questions, that have to be completed in 90 minutes. No rest for the wicked. This is the path we will discuss in more detail; let’s see where the rabbit hole goes.
Read / Review the material and then study for 1-2 hours a day. I had the luxury of a week long bootcamp class with an instructor, but work had a few interruptions during the IP portion of the training. I thought I could miss that part, I already knew IP, but I was wrong.
Subnetting is very important– Relearn IP Subnetting. I doubt that you are a wizard and can see the subnets instantly in a scenario . This is where I underestimated the material. – See http://subnettingquestions.com for practice exercises and see where you might fall in your understanding. Then watch this video of an important step to learn about IP subnetting:
PITStop – Mental Subnet Calculator
It’s a little quirky but important for the exam portion below.
That aside, I found that I couldn’t take the exam right after the week training. Nor would I suggest that you should. The need to run the content through lab scenarios for the simulator questions is something the week long training didn’t cover well. I needed to have good content to review beyond the classroom books I took home, which were mostly in slide-deck format.
Use Cisco’s Press CCNA Official Exam Certification Library which has the ICND1 and ICND2 books by Wendell Odom. These can be found at Amazon.com http://www.amazon.com/Official-Certification-Library-640-802 or your local bookstore. This book is great because the content comes in all the formats and questions you will see in the exams. Not the exact questions, but the types of questions you need to wire your brain into studying in the next part below.
I found the following from the Cisco Learning Network to describe the content of the ICND1 vs ICND2 topics I would expect to see on the exam:
- Exploring Wireless Networking
- Enabling RIP
- Understandin g the TCP/IP Internet Layer
- Cisco Security Device Manager
- Internet Connections with NAT and PAT
- Introducing Access Control List Operation
- Transitioning to IPv6
- Understanding VLANs and Trunks
- Spanning Tree
- Point-to-Point WAN Connection with PPP
Now I found that I could pick up a specific chapter every night after my work/family time calmed down in the evening and get a decent hour of focus on the topics. Mileage will vary, but having done this for a few weeks, in small chunks, helped when I moved over to the Study portion below. I didn’t have to argue if a trick question being presented. I knew that it was, an moved past to the correct answers.
Practice extensively on Simulators and Practice Tests for 3-4 days just before taking the exam. If you have a Cisco device on contract, you can build some part of the environment with GNS3 and follow the guide from http://freeccnaworkbook.com with the binaries of the device.
http://packetlife.net/lab/ and Cisco Packet Tracer (Cisco Academy Members) are two other tools that are good for use as practice for the lab questions. The difficulty here is building an environment that you can practice on without already knowing what is in the scenario. A new question will present a lab you have never seen and you will have to work through the unknown to find the right answers.
A huge find from the ICND1/ICND2 Cisco Press books was the Boson NetSim . It is found on the last CD of the ICND2 book. It allows you to run a full simulation of the Composite Exam with a time limit and the opportunity to watch your progress and get answers on each question. You can also just run without any hints and see how you do.
This sim made all the difference to me. It made the content I learned in the first part apply to the test scores. I hadn’t put myself in the right frame of mind to take the exam and succeed until I tried this simulator. TRY THIS SIM BEFORE ALL
Before the test begins you are provided with a sheet of paper – do a “brain dump” of any items like the PIT Stop calculator learned above. You can do this while the exam environment runs a demo in the beginning of your test time. Don’t worry it doesn’t count as part of your exam time. Cisco has a quick survey and this tutorial at the beginning of the test but not counted towards your time.
Example of Exam Environment
Other things to remember:
- Every exam center will generate the questions in a random order from a different pool
- Simulators may be at the beginning or the end.
- Once you answer a question you cannot go back to it.
- Do not spend a lot of time (5+ mins) on a single question take the hit and move on. ‘Tis better to guess and miss than miss all the questions. The simulators may be the last question when you are short on time.
- Some CLI “help commands” can be displayed on some of the simulator questions.
- Hitting tab twice will display the available commands.
- Hover over the host and switches on any Simulator Topology Map – some equipment can be accessed for testing of traffic patterns
- Sometimes a question might trigger your memory – write down any of these “triggers” on the paper provided for future questions
Remember it is a marathon more than a sprint. Cisco has done a good job of creating a challenging certification exam. They are good at it. Do not get discouraged. I think the first time pass is the exception to the rule on this exam. You will probably need two times at this one. Get prepared and do not underestimate the questions. Use this path and these tools first, and I’m sure you will come out of the experience with better knowledge of the content than breezing through it on the first try. I know I did.
Anyone wanting to talk about VLSM subnetting and the perils that are caused by a distance vector routing protocols in the present IPV4 versus the upcoming IPV6 orientation of Dual-Stack firewalls and Teredo Tunnels over Frame-Relay; I will be on twitter on any given #Beerfriday