Thursday, October 29, 2015

Majorbacon's 6 steps guide to easy IPv4 Subnetting

Subnetting is a process that you just have to practice. Here's what I do so that I can quickly work through subnetting test questions (or real life situations... there's a reason these are on tests you know)

THE PROCESS:

  1. Read the question.  Know what network ID you are starting with and what your GOAL is: Do you need to obtain a certain number of subnets out of your original network or do you need to ensure a certain number of hosts are available in each subnet?
  2. Write your binary table on your paper.  If you can multiply by two, you can do this
  3.  Use one of two magic formulas to determine the number of bits that will be used in the new subnet mask
    • 2n  >= your desired number of subnets, where n is the number of new ones in the new subnet mask.  The rest of the subnet mask will be composed of binary zeros.
    • 2h-2 >= your desired number of hosts, where h is the number of zeros left in the new subnet mask.  The rest of the subnet mask will be composed of binary ones.

  4. Based on this, write out your new subnet mask (in binary, counting ones or zeros as necessary).
  5. In order to figure out the number of hosts you have in each subnet, use 2h-2, where h is the number of zeros in your subnet mask. 
  6. In order to figure out the total number of subnets you have, use 2n, where n is the number of new ones (not total ones) in your subnet mask.
  7. In order to determine your subnet IDs we need to find the block value. Start with your original network ID for the first subnet, but remember it has a new subnet mask. Your next subnet will be one block value away.  How much is your block value?  It’s determined by the “least significant bit”, the last one in the subnet mask.  Look up the column value for this bit in the table because this bit will be the increment from one network to the next, in that same octet!  
    • Or Skip the table and use this trick: 256 minus the last positive octet will also yield the block value of the networks

WORK THE EXAMPLE:


1.    You have a Class C network, 202.5.4.0 that you want to subnet into 6 subnets.
2.    We write down the all-important table:


3.    2n  >= your Goal, therefore 23 = 8 >= 6 desired subnets.


4.    A Class C subnet mask is 255.255.255.0, so if we add 3 ones, it will be 255.255.255.11100000 or 255.255.255.224 - that's 27 binary ones in the subnet mask, so our CIDR notation will be /27. (If you remember that a class C address starts as a CIDR /24 then you could just do /24+3 bits = /27)

5.    We have five zeros in the subnet mask, so 25-2=30 hosts per subnet, and we have added 3 ones to the subnet mask, so 23=8 new subnets


6.    Our increment is based on the least significant bit in the subnet mask, which in binary was 255.255.255.11100000.  If we examine the last octet compared to our table we see that the last one is in the thirty-two column.  (Also, 256-224=32)


That was 6 steps - so we should be done! Let's review:
  • So, our network started as 202.5.4.0/24 (the /24 being CIDR notation for a 24-bit 255.255.255.0 subnet mask). 
  • Now we have a new subnet mask 255.255.255.224, CIDR notation /27
  • Our first subnet ID is the same as the original network ID but with a new subnet mask: 205.5.4.0/27
  • We determined our block value is by 32 in the fourth octet
    • Therefore our second subnet would be: 202.5.4.32/27, 
    • Third: 202.5.4.64/27
    • Fourth: 202.5.4.92/27
    • Fifth: 202.5.4.128/27
    • Sixth: 202.5.4.160/27
    • Seventh: 202.5.4.192/27
    • and finally Eighth: 202.5.4.224/27
  • So there are the 8 subnets that each have 30 hosts per subnet, as expected!

Please note that if you count all of those subnets up, you have 8 of them.  The amount we predicted back in step 3. Great job!

More subnetting examples and practice to come:
Keep practicing - here are some random subnetting question generators:
http://david.clauss.us/Subneting/
http://www.subnettingquestions.com/

Have fun!

Thursday, October 22, 2015

Resetting your Cisco Router Password via ROMMON

How to perform password recovery on your Cisco IOS router

Here's the tools you will need
1) Router/Switch
2) Rollover cable
3) Terminal Emulator Program such as Tera Term or Putty
4) Knowledge of Register values


  1. Connect the rollover cable's RJ-45 interface to your device and the serial or USB interface into to your computer
  2. Picture thanks to: https://es.wikibooks.org/wiki/Planificaci%C3%B3n_y_Administraci%C3%B3n_de_Redes/Tema_6/Texto_complete
  3. Fire up your terminal emulator
  4. Connect to the appropriate COM port (remember the appropriate serial settings)
    • 9600 baud rate
    • No parity
    • 8 data bits
    • 1 stop bit
    • No flow control
  5. Reboot the Router
  6. Send the break signal to the Router - the keystroke to signal break varies by terminal emulator
  7. The break signal drops you into ROMMON mode instead of booting the IOS in this low level mode (kind of like booting to BIOS/CMOS on a desktop) you get different options such as configuring the boot register (like changing the boot order or hardware in BIOS)
  8. To tell the system to boot normally, except without loading the startup configuration type:
    • ROMMON>confreg 0x2142
  9. To reboot type:
    • ROMMON>reset
  10. When the system boots you may be prompted to configure setup using the prompts - if so type:
    • no
  11. You have an un-configured system - log on by typing:
    • Router#enable
  12. Now load your startup configuration by typing:
    • Router#copy start run
    • (DO NOT DO THE OPPOSITE (copy run start) OR YOU WILL LOSE THE STARTUP CONFIG!!!)
    • Yes, I did that once. Thank God for TFTP backups.
  13. Now your configuration has loaded but you're already in, without having to have typed the official password! Sneaky! Now you can set the password to access privileged mode by typing:
    • Router#conf t
    • Router(config)#enable secret <enter your secret here>
  14. Reset the device to boot normally instead of skipping the startup config by typing:
    • Router(config)#config-register 0x2102 
    • Router(config)#end
  15. Backup your current configuration to survive rebooting by typing:
    • Router#copy run start
    • (if you type the opposite you will lose all your hard work and it will revert to the unknown secret)
  16. Reboot the device to prove correct configuration and trigger all interfaces to return to an up / up status by typing
    • Router#Reload
And that's how I get into all those systems where no one knows the password because it was set by a contractor who emailed the password to the guy who quit six months ago!

Hope it helps!

Cisco Spanning Tree Portfast and BPDUGuard

There are two powerful tools available for those of us (the majority I believe) that are still relying on Spanning Tree Protocol (STP) for our switch loop protection. They are Portfast! and BPDUGuard! (Don't the sound impressive with those exclamation points?)

Portfast!

Enabling PortFast on a switchport skips the listening and learning states when a device is plugged in (you know, that annoying wait time with the amber light?). From an STP perspective the port is set to a forwarding state immediately, This works out great for most accessthat are trustworthy to be connected only to a single device such as a server or workstation

Here are a couple of key commands related to basic portfast:

To globally set PortFast on all NON-Trunking ports:
Switch (config)#spanning-tree portfast default

To locally set PortFast on a particular interface:
Switch (config-if)#spanning-tree portfast

BPDUGuard!

PortFast is designed for access ports that do not receive Switch to Switch BPDU packets from STP. It is possible to have non-trunking ports that connect two switches, however, which can then cause spanning tree loops. With BPDUGuard enabled on top of PortFast the receipt of a BPDU packet over a PortFast interface triggers the port to move into an err-disabled state instead of configuring the port in an STP blocking port configuration which would look like this:
Switch#show interfaces gigabitethernet 1/1 status
Port    Name               Status       Vlan       Duplex  Speed Type
Gi1/1                      err-disabled 100          full   1000 1000BaseSX

This security measure then leads a network administrator to either:
a) unplug the switch from this port and move it to a correct port
b) change the port to a trunking port rather than an access port so that STP can function normally

 Here are a couple of key commands related to basic BPDUGuard:

To globally set BPDUGuard on all NON-Trunking ports:
Switch (config)#spanning-tree portfast bpduguard default

To locally set BPDUGuard on a particular interface:
Switch (config-if)#spanning-tree bpduguard enable

To recover from the err-disabled state:
Switch(config-if)#spanning-tree portfast disable

TestTakers!

  1. Note the similarities and differences between the PortFast and BPDUGuard commands
  2. Consider the order in which you would set them (Portfast first!)
  3. Recognize Err-Disabled as a possibly a BPDUGuard issue
Err-Disabled triggers include:
  • BPDU guard violation
  • Duplex mismatch
  • Port channel misconfiguration
  • UniDirectional Link Detection (UDLD) condition
  • Late-collision detection
  • Link-flap detection
  • Security violation
  • Port Aggregation Protocol (PAgP) flap
  • Layer 2 Tunneling Protocol (L2TP) guard
  • DHCP snooping rate-limit
  • Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
  • Address Resolution Protocol (ARP) inspection
  • Inline power
 Hope that keeps it all straight in your head!

Wednesday, October 21, 2015

Understanding Recursive Lookups in Cisco routing tables


First, the term "Recursive"

While recursion can just refer generically to repetition, the term in Information Systems and Technology contexts almost always refers to using a tool to enable the use of the same tool. Think of using a mirror to reflect a mirror (an example of infinite recursion).
Examples: 

1) A DNS server receives a DNS query for which it doesn't know the answer. It performs recursion by sending it's own DNS query to root DNS server to discover the answer for the client.

  • DNS uses DNS to answer DNS.


2) In a Microsoft SQL database server there is a database called Master that is recursively used by SQL to find and reference the high level properties of all the other attached databases that are used by end-users.

  • SQL uses SQL to manage SQL.


Now for understanding Cisco routing recursion:

A Recursive lookup refers to routes for which the router must look up the connected route to a next-hop gateway in order to route the packet to its ultimate destination.

  • The Router uses Routes to 
    • a) find the next router in the route path and 
    • b) to Route to the next Router

This is because in a routing table the gateway for a routed network can be defined as an interface or as an IP address.

Using an interface works great when the router is referring to directly connected routes like this:
Router4#show ip route
Gateway of last resort is not set

     172.16.0.0/30 is subnetted, 1 subnets
C       172.16.100.0 is directly connected, Serial0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0 

or to point-to-point links in which there is only one possible intended destination:

Router5(config)#ip route 192.168.0.0 255.255.0.0 se 0/0
Router5(config)#end
%SYS-5-CONFIG_I: Configured from console by console
Router5#show ip route

Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       172.16.1.0/24 is directly connected, FastEthernet0/0
C       172.16.100.0/30 is directly connected, Serial0/0
S    192.168.0.0/16 is directly connected, Serial0/0

However, routes that reference an endpoint on multi-access networks like Ethernet or Frame Relay need a logical destination, since the physical interface could connect to many devices. This is where we see our standard routing entries that indicate an IP address as the gateway value:

Router4(config)#ip route 172.16.1.0 255.255.255.0 172.16.100.1
Router4(config)#end
%SYS-5-CONFIG_I: Configured from console by console
Router4#show ip route

Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S       172.16.1.0/24 [1/0] via 172.16.100.1
C       172.16.100.0/30 is directly connected, Serial0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0

So now you need to think like a router
1) You receive an incoming packet destined for 172.16.1.5
2) You find that the best route is the static route 172.16.1.0/24 (remember to always choose the longest subnet mask / slash notation that is a match)
3) You discover the gateway for that route is 172.16.100.1
4) As a router, you have multiple interfaces. Which one should you use to contact 172.16.100.1?
5) You look up 172.16.100.1 in the routing table
6) You find that the best route is the connected route 172.16.100.0/30
7) You forward the packet over the Serial 0/0 interface

You just used your routing table to figure out how to route the packet to the gateway you found in your routing table - Recursion!!!

Test Tip: Watch out for how this could apply to a gateway of last resort - your 0.0.0.0/0 route!

Hope this helps clear things up for everyone!

Monday, October 19, 2015

Majorbacon's take on cloud computing

According to NIST, Cloud computing is:

"a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources such as networks, servers, storage, applications, and services. The services can be rapidly provisioned and released with minimal management effort or service provider interaction."

NIST further defines cloud computing with 5 characteristics, 3 service models, and 4 deployment models

 
NIST says that cloud computing can be  recognized by the following characteristics:

  • On-demand self-service
  • Broad network access
  • Resource pooling
  • Rapid elasticity
  • Measured service
Or, to put it another way, Cloud computing is what I want, when I want it, where I want it, and yes I want fries with it!
 
To support cloud computing, organizations lean on reliable datacenters that provide agile resource allocations through abstractions. Cloud customers don't need to know what the wires and servers behind the scenes look like. Each cloud customer is carved a piece of the datacenter pie that appears to be an isolated silo of data. Behind the scenes, however, what they are using may be several resources lumped together, and those resources may be shared between multiple customers. This is where the analogy of "tenants" comes in, where you have a landlord renting space to multiple tenants who each have their own key to their apartment, but are really using the apartment owner's space. If an apartment owner wants to knock out a wall and make one large apartment out of two smaller ones, he certainly could.
 

NIST defines three models of resource allocation through the cloud methodology:

  • IaaS (Infrastructure as a Service): virtualized infrastructure means the raw servers and network that the tenant can then install operating systems and applications on top of. Very open ended
  • PaaS (Platform as a Service): vitualized software platforms in which tenants can develop applications
  • SaaS (Software as a Service): virtualized applications that are available to the tenant using the cloud model
Each of these is really abstracting more and more. Infrastructure abstracts only the hardware. Platform abstracts the underlying operating system environment. Software abstracts even the platform so that all you work with is the software.
Each form of "As-a-service" builds on the one before it


Major cloud vendors have also put out another model:

  • XaaS (Anything or Everything as a Service): Cloud based services under the big three above that are more specific in nature:
    • Storage as a Service (Doesn't get to be SaaS because that's already taken: Cloud based data storage
    • DRaaS (Data Recovery as a Service): Backup/Restore solutions via the cloud
    • UCaaS (Unified Communication as a Service - voice/video/chat

 
All of these models have the following characteristics:
  • Low barriers to entry make "as a Service" offering appealing to small and medium sized businesses
    • Simple Infrastructure - tenants need little other than an internet connection
    • Device independence - most cloud technologies are available for access across a wide array of operating systems and devices
    • Location independence - remote access is assumed in these models
    • Low capital expenditure - as infrastructure is owned by the provider.
  • Scalability allows growth and large corporations to utilize datacenter scale technologies
  • Multitenancy enables the provider to allocate resources amongst many users without them being aware of their coexistence.

NIST defines the following Deployment Models:

  • Public Cloud: Any of the "as-a-service" models deployed for public consumption (usually for a subscription fee)
  • Private Cloud: Any of the "as a service" models deployed for intra-business use only (ie, you have access to your resources or software from anywhere, any device, etc., but only as long as you are an employee, because the infrastructure is managed by the business)
  • Community Cloud: Think of it as a shared private cloud, or a limited public cloud. Governments or Universities, for example collaborating together with shared "as-a-service" resources and infrastructure that only they can access.
  • Hybrid Cloud: A company may choose to deploy their own private cloud infrastructure for some resources that need to follow a compliance model dictated by regulation, but also partake of public cloud subscriptions that are available. This conglomerate would be known as a Hybrid cloud.
 

There's a recycle bin for your Site Collection! Thank you PowerShell

As a SharePoint infrastructure administrator, I'm all about being able to delegate the ability to manage site collections to the users that really care about the data in that site. HOWEVER, sometimes even the most well intentioned site collection administrator may do the unthinkable and delete their own site collection and all the sub-sites within! If that happens in SharePoint 2013, however, you have no need to panic. Because you get to have one of these:
You get to go dumpster diving in a SharePoint Site Collection Recycle Bin!
But wait, you say, how do I get to this recycle bin when the normal way to access the recycle bin is a that Site collection Root, which I just deleted? The answer is... you guessed it, PowerShell!

Since the recycle bin is really maintained at the database level your site collection is still available for recovery, it is just a matter of using the right commands to undelete your site collection!

It's going to be a one-two punch.
1) Get your deleted site collection ID
2) Restore the deleted site collection

1) Get-SPDeletedSite | Select Path, SiteID

This will give you a list all the deleted site collections with their site collection ID values

2) Restore-SPDeletedSite -identity 4bfa0e0c-4e34-3b2a-9134-a23b13ababe1

The second command will restore the site collection and all subwebs from the recycle bin - no DBAs need to be awakened from their slumber!

Happy restoring!

 




SharePoint correlation IDs don't have to drive you crazy!

I have a serious love / hate relationship with SharePoint correlation IDs. You know - the ones that tell you that there was an error but are otherwise not very informative?

example of SharePoint 2013 Correlation ID
The beauty of Correlation IDs is that it you are given a reference point to track down log entries of relevance. Remember, it's not an error code, it is what it says it is - a correlation ID - a tool to grab related events in the log to get a better picture of why something failed and had to show you an on-screen error message!

You can use a Microsoft's now official (it used to be on CodePlex) Unified Log Service (ULS) Viewer to view the logs and even search by correlation ID, but you can also just fire up a SharePoint enabled PowerShell prompt and use Merge-SPlogfile to get the information faster!

This simple PowerShell cmdlet will allow you to search all the farm servers and find any instances of the correlation ID and show you the issues!
For example, to grab all of the events with the correlation ID in the graphic above and place the results in a text file instead of dumping on screen I would use the following command:

Merge-SPlogfile –Path c:\Mergelog.txt –Correlation 3410f29b-b756-694c-7a574ff74cab


For example, just today I just was getting an error when viewing content based on an external data type and received a correlation ID type error with little information in the error itself.

I ran the above command then opened excel and used the data tab in the ribbon to get external data from a text file and chose Tab Delimited. Then I formatted the results as a table and hid a few columns I'm not interested in.

The results looked like this:
Click to see larger

As you can see, the correlation ID is the same for all results (that's the point) so as I troll through the results I see things like error in the execution of the web part (true) and an Access Denied message from the secure store - and this was my problem, my user account hadn't been mapped to be able to use the secure store target application ID!

Let me know if this worked for you or if you have any questions! Happy searching!