My Blog has a copy, Beware of counterfeits : TAKE 2

Today I realized another blog stealing my precious content :) This time it's under blogger.com domain.

http://microsoft-systemengineer.blogspot.com/

I even see this guy's blog posts have higher page ranking in Google for some of my articles. How fair !

Hyper-V Best Practices Analyzer

Microsoft released a best practices analyzer for Hyper-V on Windows 2008 R2 only which can be found on the following link :
http://support.microsoft.com/kb/977238/en-us

Hotfix : Windows 2008 R2 + Hyper-V + Intel Nehalem = Blue Screen

If you have Windows 2008 R2 + Hyper-V running on Nehalem CPU(Intel Xeon 5500 or Core-i) and getting blue screen messages with 0x00000101 - CLOCK_WATCHDOG_TIMEOUT stop code then you will definetly need to check the KB below :

http://support.microsoft.com/default.aspx/kb/975530

Before applying the Hotfix to your platform take into account the warning from MS :

Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

Windows 2008 R2 Migration Utilities for Hyper-V

Windows 2008 R2 Migration utilities has been updated with support for Hyper-V. Now it's possible to migrate your Hyper-V setup including VMs,Virtual Switches,VMQ,Chimney Settings etc.. to a Windows 2008 R2 host. The support is from :

Windows 2008 x64 Full Only
Windows 2008 R2 x64 Core or Full Edition to :

Windows 2008 R2 x64 Core or Full Editions. Also from documentation the scenarios that are not supported are  :

• The saved state of a virtual machine under one of the following conditions:
  
  • When moving from Hyper-V in Windows Server 2008 to Hyper-V in Windows Server 2008 R2.
  • When moving between physical computers that have different processor steppings or vendors—for example, migrating from a computer with an Intel processor to a computer with an AMD processor.
• Virtual machine configuration under one of the following conditions:
  
  • When the number of virtual processors configured for the virtual machine is more than the number of logical processors on the destination server.
  • When the memory configured for a virtual machine is greater than the available memory on the destination server.
• Consolidation of physical servers to virtual machines, or consolidation of multiple instances of Hyper-V to one instance.

http://www.microsoft.com/downloads/details.aspx?FamilyID=5c1ec14a-e9d7-46ea-9c6e-73d6bc4219b4

Documentation:

http://technet.microsoft.com/en-us/library/ee849855(WS.10).aspx

F5 System Engineer LTM Certified

Yesterday I passed the second and final exam in the F5 System Engineering track F50-522. Without breaking NDA lets go into an overview of the exam :
- As I mentioned in LTM Essentials F50-521 exam, the questions are mostly based on theory. So you need to know hot things works instead of how things are done. Having more then 3 years of hands on with those devices, I really had hard time on some of the questions :)
- Majority of the questions requires you to have a deep understanding of Virtual Server types (network,transparent,forwarding), SNAT/NAT concepts like automap and how source and destination IP@ changes from client to member node.
- Master the iRules. Know the context for each method. Know how context changes the behavior of local_address/remote_address etc..
- Master TCL functions like findstr,starts_with,ends_with etc..
- Know variety of logging options like alertd,syslog-ng and snmpd
- And for sure you need to have a good understanding of how HTTP works. Cookies, Keep-alive messages and their interaction with One-Connect profiles, XForward headers etc..

Hyper-V Live Migration Network Configuration Guide from Microsoft

Microsoft just released a network configuration guide for Windows 2008 R2 Hyper-V Live Migration feature. It's short but useful article at least for design perspective.

This guide describes how to configure your network to use the live migration feature of Hyper-V™. It provides a detailed list of the networking configuration requirements for optimal performance and reliability, as well as recommendations for scenarios that do not meet these requirements.

 http://technet.microsoft.com/en-us/library/ff428137(WS.10).aspx

Microsoft recommends Increasing VMBus buffer size on Hyper-V for better network throughput

I read an article on Windows Server Performance team blog. Basically it's recommending increasing the VmBus buffer size from 1MB to 2MB to get a better network throughput and a less chance of packet loss for VMGuest NICs on Hyper-V. 

"Your workloads and networking traffic may not need increased buffers; however, these days, 4Mb of RAM isn’t a tremendous amount of memory to invest as an insurance policy against packet loss. Now, if only I could increase a few buffers and alleviate congestion on my daily commute!"

http://blogs.technet.com/winserverperformance/archive/2010/02/02/increase-vmbus-buffer-sizes-to-increase-network-throughput-to-guest-vms.aspx

In order to make the change (source above) :
On the Guest OS , In the Network Adapter Properties dialog, select the Details tab. Select Driver Key in the Property pull-down menu as shown in figure 1 (click the images to see a version that's actually readable):

 

Record the GUID\index found in the Value box, as shown in figure 1, above. Open regedit and navigate to:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{GUID}\{index} as shown in figure 2:

 

Right click the index number and create two new DWORD values, entitled ReceiveBufferSize and SendBufferSize (see figure 3). These values measure the memory allocated to buffers in 1Kb units. So, 0x400 equates to 1,024Kb buffer space (the default, 640 buffers). In this example, we’ve doubled the buffer size to 0x800, or 2,048Kb of memory, as shown in figure 3:

 

F5 BigIP Virtual Edition

F5 released a trial version of their famous LTM (Local Traffic Manager) product. The product is valid for 90 days trial use. It can be a great candidate for testing the product for your virtual environment or building a home lab for your F5 Certification studies.(F50-521 and F50-522 exams)

First download the file for your VMware virtual platform (ESX(i) vSphere or Workstation 7)

https://downloads.f5.com/esd/product.jsp?sw=BIG-IP&pro=big-ip_ve&prodesc=BIG-IP+Virtual+Edition

Then generate a registration key for your product that will be used to create the dossier file for activation during initial setup. You can have up to 4 registration keys e-mailed to you :

https://www.f5.com/trial/secure/generate-eval-key.php

The virtual machine has :

1 GB RAM
3 NIC (should be possible to additional NIC for redundant pair heartbeat traffic)
10 GB vdisk

NOTE : Don't try to decrease memory, otherwise you will have problems allocating additional modules to LTM.

You can find the detailed installation document on :
https://support.f5.com/kb/en-us/products/big-ip_ve/releasenotes/product/relnotes_ve_10_1_0.html

My Blog has a copy, Beware of counterfeits :)

Today while I was checking my Google Alerts RSS feed, I realized a post I sent was replicated to another site. After entering to the website I got shocked. It was a complete replica of my blog. Check below :

http://systemengineer.blogcu.com/

I hope I didn't promote this fake blog giving its URL:) Btw I sent an email to the blogcu.com for further action. Hope they will take care asap.

Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service - 977894

A new security bulletin by Microsoft has been published today. This DoS vulnerability effects the x64 editions of Windows 2008 and R2 including the Core installations.
http://www.microsoft.com/technet/security/Bulletin/MS10-010.mspx

This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

How to test the throughput/performance of your network using Netperf - Part 1

In this multi-part series, I will explain how to use GNU tools and Linux to have a free network throughput test setup. In Part 1 of the series we will use only one NIC to create single unicast TCP/UDP stream to saturate the linkspeed.
First of all what I used to have this test setup (you can adapt it to your needs)

HW :
- 2 HP Blade on same enclosure chassis with 10Gig HP Flex NICs. (servers)
- HP VC Flex 10 (the network device)

Software :- Centos 5.4 x64
- I only installed core GNU packages + development libraries. No unnecessary service/software loaded. Even I took XWindow(Gnome/KDE) out of the package and run the system in rulevel 3.
- Disable Firewall/SELinux
- netperf rpm (ftp://ftp.netperf.org/netperf/netperf-2.4.5.tar.gz)

I made the first run of the test using single Vnet (counterpart of VLANs in HP Virtual Connect). You can also use the same tools to create a setup that utilize Shared Uplink Sets (trunk links on VC). In order to set this up create a Vnet for your load VLAN(Vnet_LOAD). Create the profiles for the blades and assign one FlexNIC with 100Mb to management VNet and the other one to VNet_LOAD (10Gb)

Netperf is based on client server model. After installing the software on both blades you execute different processes on different nodes. netserver as the name states is the server part of the test suite. You can also use the

[root@SERVER ~]# netserver
Starting netserver at port 12865
Starting netserver at hostname 0.0.0.0 port 12865 and family AF_UNSPEC

while netperf is the tool that executes the test and gives output.

[root@CLIENT ~]# netperf -H SERVER -l 15
TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to SERVER (*******) port 0 AF_INET
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec
 87380  16384  16384    15.00    9387.92

The default test is TCP_STREAM you can also define other tests like UDP Request Response to fully saturate Full Duplex Link :

[root@CLIENT ~]# netperf -t UDP_RR -H SERVER -l 15

UDP REQUEST/RESPONSE TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to SERVER (*********) port 0 AF_INET

Local /Remote

Socket Size   Request  Resp.   Elapsed  Trans.

Send   Recv   Size     Size    Time     Rate

bytes  Bytes  bytes    bytes   secs.    per sec

129024 129024 1        1       15.00    21045.72

Also you can fetch the CPU utilization info while doing the test using -c (local) and -C(remote) parameters

[root@CLIENT ~]# netperf -t UDP_RR -H SERVER -l 15 -c -C

UDP REQUEST/RESPONSE TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to SERVER (*******) port 0 AF_INET

Local /Remote

Socket Size   Request Resp.  Elapsed Trans.   CPU    CPU    S.dem   S.dem

Send   Recv   Size    Size   Time    Rate     local  remote local   remote

bytes  bytes  bytes   bytes  secs.   per sec  % S    % S    us/Tr   us/Tr

129024 129024 1       1      15.00   20964.03   2.06   2.03   15.759  15.481

For detailed documentation and command line options you can check :

http://www.netperf.org/netperf/training/Netperf.html#0.2.2Z141Z1.SUJSTF.8R2DBD.J

On the next parts of the series I will focus on different types of throughput/load tests like multi flow & multi IP throughput testing using netperf & some Linux tweaking and IP multicast testing using MGEN.

F5 Big IP LTM Certification

I've been planning to have F5 certification for a long time. Last Tuesday I had a chance to take and pass the fist exam of F5 System Engineering track which is the F50-521 LTM essentials exam. That makes me certified as F5 Product Consultant - Local Traffic Management. 10th IT certification in my museum :)

 As part of NDA I will not go into the details but will give an overview of the exam :

- First of all Student/Instructor guide is not alone sufficient for the exam. You should also take a look on product documentation. The exam is currently covering 9.4 material.
- Apart from the practical side of the devices, you should mostly focus on the theory. I didn't get any lab question like I had in Cisco exams.
- Knowing the theory of NAT/SNAT, iRule, some of the TCL function syntax, VS, Pool and Profile details, redundancy/failover concepts will help you a lot in the exam.
- You will need 76% to pass out of 50 questions. If all questions have the same weight that means you have a chance to make 12 mistakes.

Next week I will also take the F50-522 Advanced exam for the F5 System Engineer certification. Good luck to me ;-)

NOTE : I'm still preparing for the RHCE lab. I will also put updates on the blog about that.

Hyper-V Memory Overcommitment in new Service Pack for Windows 2008 R2

One of the features in Vmware Infrastructre that was missing in Hyper-V was over-provisioning of memory resources which is also known as memory overcommitment. A leaked screenshot from Softpedia shows that the dynamic memory management features is about to be included in the next Windows 2008 build.

http://news.softpedia.com/news/The-Windows-8-Start-Post-RTM-Windows-7-Build-6-1-7700-0-100122-1900-133746.shtml

Windows 2008: Modifying Network Bindings from CLI

Microsoft internals just released a tool called nvsbind. For our mass deployments I was using a powershell script which I wrote in order to change network bindings on specific interfaces (disable IPv6,File and Printer sharing etc..)This really requires lots of effort.(fetching registry hive,modfying it making queries to Inetcfg classes etc..)

With this tool it is now possible to make this via CLI. It can also change NIC binding order for specific protocols.
http://code.msdn.microsoft.com/nvspbind

Parameters are as below:

C:\>nvspbind /?

Hyper-V Network VSP Bind Application 6.1.7690.0.
Copyright (c) Microsoft Corporation. All rights reserved.

Usage: nvspbind [option] [NIC|*] [protocol|*]

Options:
   /n   display NIC information only
   /u   unbind switch protocol from specified nic(s)
   /b   bind switch protocol to specified nic(s)
   /d   disable binding of specified protocol from specified nic(s)
   /e   enable binding of specified protocol to specified nic(s)
   /r   repair bindings on specified nic(s)
   /o   show NIC order for specified protocol
   /+   move specified NIC up in binding order for specified protocol
   /-   move specified NIC down in binding order for specified protocol

Most options are documented in the readme which downloads with the install.
The NIC connection order options (o, + and -) show the NIC connection order, move NICs up and move NICs down.

Project Sikuli : Innovative approach to Scripting using image recognition.

Project Sikuli is a new automation scripting language developed by MIT students. This new development environment uses image recognition for processesing. So you can say click on this image on the screen then type this etc.. The syntax look like Python and the IDE is based on Java. So any machine with JRE can run this. I'm really planning to do some server side test case automation based on this new language. If you check the project site even the 0.9.7 release contains lots of features. For more information check :
http://sikuli.org/

For examples (especially the bejeweled bot shows the skills of this new IDE):
http://groups.csail.mit.edu/uid/sikuli/demo.shtml

0x80041002 Error while adding host to NLB Cluster

We were getting error 0x80041002 while adding host to a NLB cluster. After making some research I recognised that apart from being a NLB specific error this was related with WMI repositories.

As we started to have this error after a power failure, recreating WMI repositories made sense. In order to fix this error :

- Stop WMI service.
- Move contents of %windir%\system32\wbem\repository to a temp folder (if Windows doesnt allow do this in safe mode)
- Go to command prompt. Under %windir%\system32\webm execute :

mofcomp cimwin32.mof
mofcomp wlbsprov.mof
mofcomp nlbmprov.mof

 - Start the WMI service and try the NLB operation again.