Known is a Drop; Unknown is an Ocean

Thursday, March 18, 2010

Linux Uninstall VMWare Server Software

In some cases I may need to uninstall VMware Server from my Linux system. I've VMWare server / Workstation software installed underCentOS / RHEL / Fedora Linux. How do I uninstall VMWare under Linux?

VMware Server (GSX Server) is an entry-level server virtualization software suite. VMWare can be uninstalled using rpm command or special uninstaller script.

You can easily uninstall VMWare server software under CentOS / RHEL / Fedora Linux. First, find out VMWare server rpm file name. Type the following command:
# rpm -qf /usr/bin/vmwareOR# rpm -qa | grep -i vmwareSample output:

VMware-server-2.0.0-122956

Use the following command to uninstall the RPM:
# rpm -e VMware-server-2.0.0-122956

A note about Build Installation

If you installed VMware without the RPM package, uninstall with the script, enter:
# vmware-uninstall.pl

Monday, March 15, 2010

Linux bond or team multiple network interfaces

Finally today I had implemented NIC bounding (bind both NIC so that it works as a single device). We have two Dell servers that need setup with Intel Dual Gig NIC. My idea is to improve performance by pumping out more data from both NIC without using any other method.

This box act as heavy duty ftp server. Each night I need to transfer over 200GB data from this box to another box. Therefore, the network would be setup is two servers on a switch using dual network cards. I am using Red Hat enterprise Linux version 4.0.

Linux allows binding multiple network interfaces into a single channel/NIC using special kernel module called bonding. According to official bonding documentation, "The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed."

Setting up bounding is easy with RHEL v4.0.

Step #1: Create a bond0 configuration file

Red Hat Linux stores network configuration in /etc/sysconfig/network-scripts/ directory. First, you need to create bond0 config file:
# vi /etc/sysconfig/network-scripts/ifcfg-bond0Append following lines to it:DEVICE=bond0 IPADDR=192.168.1.20 NETWORK=192.168.1.0 NETMASK=255.255.255.0 USERCTL=no BOOTPROTO=none ONBOOT=yesReplace above IP address with your actual IP address. Save file and exit to shell prompt.

Step #2: Modify eth0 and eth1 config files:

Open both configuration using vi text editor and make sure file read as follows for eth0 interface# vi /etc/sysconfig/network-scripts/ifcfg-eth0Modify/append directive as follows:DEVICE=eth0 USERCTL=no ONBOOT=yes MASTER=bond0 SLAVE=yes BOOTPROTO=noneOpen eth1 configuration file using vi text editor:# vi /etc/sysconfig/network-scripts/ifcfg-eth1Make sure file read as follows for eth1 interface:DEVICE=eth1 USERCTL=no ONBOOT=yes MASTER=bond0 SLAVE=yes BOOTPROTO=noneSave file and exit to shell prompt.

Step # 3: Load bond driver/module

Make sure bonding module is loaded when the channel-bonding interface (bond0) is brought up. You need to modify kernel modules configuration file:# vi /etc/modprobe.confAppend following two lines:alias bond0 bonding options bond0 mode=balance-alb miimon=100Save file and exit to shell prompt. You can learn more about all bounding options in kernel source documentation file (click here to read file online).

Step # 4: Test configuration

First, load the bonding module:# modprobe bondingRestart networking service in order to bring up bond0 interface:# service network restartVerify everything is working:# less /proc/net/bonding/bond0Output:

Bonding Mode: load balancing (round-robin) MII Status: up MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0  Slave Interface: eth0 MII Status: up Link Failure Count: 0 Permanent HW addr: 00:0c:29:c6:be:59  Slave Interface: eth1 MII Status: up Link Failure Count: 0 Permanent HW addr: 00:0c:29:c6:be:63

List all interfaces:# ifconfigOutput:

bond0     Link encap:Ethernet  HWaddr 00:0C:29:C6:BE:59  inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0  inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link  UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1  RX packets:2804 errors:0 dropped:0 overruns:0 frame:0  TX packets:1879 errors:0 dropped:0 overruns:0 carrier:0  collisions:0 txqueuelen:0  RX bytes:250825 (244.9 KiB)  TX bytes:244683 (238.9 KiB)  eth0      Link encap:Ethernet  HWaddr 00:0C:29:C6:BE:59  inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0  inet6 addr: fe80::20c:29ff:fec6:be59/64 Scope:Link  UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1  RX packets:2809 errors:0 dropped:0 overruns:0 frame:0  TX packets:1390 errors:0 dropped:0 overruns:0 carrier:0  collisions:0 txqueuelen:1000  RX bytes:251161 (245.2 KiB)  TX bytes:180289 (176.0 KiB)  Interrupt:11 Base address:0x1400  eth1      Link encap:Ethernet  HWaddr 00:0C:29:C6:BE:59  inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0  inet6 addr: fe80::20c:29ff:fec6:be59/64 Scope:Link  UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1  RX packets:4 errors:0 dropped:0 overruns:0 frame:0  TX packets:502 errors:0 dropped:0 overruns:0 carrier:0  collisions:0 txqueuelen:1000  RX bytes:258 (258.0 b)  TX bytes:66516 (64.9 KiB)  Interrupt:10 Base address:0x1480

Wednesday, January 27, 2010

MSS Exceeded Workaround

After installing a new ASA 5520, I noticed that a few websites were loading very slowly or not at all. The problem seemed to be very intermittent, but reproducible by revisiting the websites at any time of the day. Browsing to the site from outside of the firewall showed the site to be responsive.

I started to watch the live log while browsing to the site and noticed packets being dropped. The log read:

Dropping TCP packet from outside: to inside: , reason: MSS exceeded, MSS 1260, data 1460

Apparently, this is a new security feature for the 7.0+ code for the ASA. Normally, the client and server send their MSS (Maximum Segment Size) while establishing the TCP connection. Once this occurs, neither the client or server should send a packet larger than their peer’s MSS. However, some HTTP servers do not recognize the MSS and send packets that are too large, and are thus dropped by the ASA.

The workaround for this is to allow the firewall to pass the packets whose data exceeds the MSS. Let’s say the server causing the problems ip is 192.168.10.9. First, create and access-list for any host accessing that server.

access-list MSS_Exceeded_ACL permit tcp any host 192.168.10.9

And then create a class map.

class-map MSS_Exceeded_MAP
match access-list MSS_Exceeded_ACL
exit
tcp-map mss-map
exceeded mss allow

Create the policy map.

policy-map MSS_Exceeded_MAP
class MSS_Exceeded_MAP
set connection advanced-options mss-map

Apply the map to the outside interface.

service-policy MSS_Exceeded_MAP interface outside

If there is more than one site, just add the additional sites to the MSS_Exceeded_ACL access list or change it to allow all sites.

access-list MSS_Exceeded_ACL permit tcp any any

For more information about MSS and logging these events, check out the document from Cisco.