Restart a single context on an ASA with virtual instances

The Cisco ASA firewall can run as virtual host for multiple virtual ASA’s known as contexts.  We recently ran into an issue where a memory leak made one context inoperable.  Rather than reload the entire ASA and take out the other contexts we wanted to only restart the context that was having problems.  Unfortunately there is no way to reboot an individual context as the reload command does not exist inside a context.  The solution is to delete the context and recreate it.  This may sound daunting, but it takes a few seconds and your config is restored.  First login to the ASA and change to the context that’s having problems and save the config.  In our case the context named “transparent” was the one that stopped working.  (You may not want to save the config if a configuration issue broke the context.  If so this step is optional.) login as: admin admin@10.10.10.1’s password: Type help or ‘?’ for a list of available commands. ASA5525/admin> ASA5525/admin> en Password: ************ ASA5525/admin# changeto context transparent ASA5525/transparent# wr mem Then switch to the system context (the hypervisor layer) and show the context information.  In our case we have three contexts: admin, customer and transparent. ASA5525/transparent# changeto system ASA5525# show run context ! admin-context admin context admin   allocate-interface GigabitEthernet0/0   allocate-interface GigabitEthernet0/1   allocate-interface GigabitEthernet0/1.2   allocate-interface Management0/0   config-url disk0:/admin.cfg ! context customer   allocate-interface GigabitEthernet0/0   allocate-interface GigabitEthernet0/1.499   config-url disk0:/customer.cfg ! context transparent   allocate-interface GigabitEthernet0/3 outside   allocate-interface GigabitEthernet0/4 inside   config-url disk0:/transparent.cfg ! Copy the config for the context causing you problems.  Then remove the context. ASA5525# conf t ASA5525(config)#...

Tuning VMware vSphere ESXi for an EqualLogic iSCSI SAN

Tips on tuning VMware ESXi for EqualLogic SANs. Install Dell MEM Download from here: https://eqlsupport.dell.com/support/download.aspx?id=1484 Important: Unzip the package and inside the package is another zip file.  That’s the file that should be uploaded to a datastore so that it’s accessible from the host. SSH into the host and run the following (substituting your version of MEM).  I found that sometimes I needed to use the actual path name instead of the datastore friendly name in order to work: esxcli software vib install –depot /vmfs/volumes/vmfsvol/dell/dell-eql-mem-esx5-1.2.292203.zip (There are two dashes in front of “depot”, WordPress may format it differently.) Before rebooting complete next section. Disable large receive offload (LRO) Fist check to see if it’s enabled: esxcfg-advcfg -g /Net/TcpipDefLROEnabled If enabled disable it: esxcfg-advcfg -s 0 /Net/TcpipDefLROEnabled Reboot Tune the virtual and physical networks Change the MTU to 9000 on the virtual iSCSI switch and virtual iSCSI NICs Change the MTU on the physical iSCSI switches.  On some Cisco switches this is a global config and others this is an interface config (and possibly both) Tune the iSCSI Initiator Go to the host -> Configuration tab -> Storage Adapters -> iSCSI Initiator -> Properties -> Advanced Change LoginTimeout from 5 to 60 DelayedAck should be unchecked  (Update: for the delayed ACK setting to take effect, the static and dynamic iSCSI discoveries need to be deleted and the server needs to be rebooted.) Tune the VM Put all VMDKs on a separate virtual SCSI/SAS controller (i.e. node 1:0, 2:0, 3:0, NOT 1:0, 1:1, 1:2) Format the partitions with 64K cluster (allocation unit) size For VMs that need high IOPs, convert your virtual storage...

VMDirectPath on Dell PowerEdge Servers with SD card for ESXi

We recently encountered an issue with VMware ESXi USB passthrough that is worth noting. On a Dell PowerEdge R and T series servers (T710, R710, R610, etc) you can opt to install ESXi on the embedded SD card. It works great and allows the OS disk to be completely separate from the datastore disk (which is great if problems arise).  If you want to use VMDirectPath for USB passthrough then you need to be aware that one of the EHCI controllers is where the SD card is connected!  The same controller that feeds the front 2 USB ports is also attached to the internal USB port on the motherboard and the SD card.  If you pass that controller through then 1) the SD card becomes inaccessible to VMware and you will not be able to save any changes on the VMware host, 2) you will not be able to access the /bootbank directory, and 3) if you run “lsusb” you will not see any output. After some trial and error we found that the EHCI controller at 00:1a:7 is the controller for the front and the controller at 00:1d:7 is the controller for the back. If you accidentally have forwarded the front USB controller then boot from the ESXi installation media and choose to do a repair install.  Keep in mind that a repair install does not save any host settings, so make sure you take good notes on your network config and any other customizations on the host before running the repair install.  Once you come back up go into the datastore and right click on each .VMX...

Convert thick disk to thin on ESXi free

Here are the steps to convert a thick VMDK file to thin.  Steps 2-4 are optional, but if you want to shrink it down as small as possible then don’t skip them! Evaluate how much space you have on the datastore.  You will be creating 2 copies of the .vmdk file before we’re all done, so don’t fill up the datastore and crash all the VMs! Within the VM run a defrag of the disk. (this is optional but recommended) Download MS Windows Sysinternals ‘SDelete’ exe to the VM:  http://technet.microsoft.com/en-us/sysinternals/bb897443  Run ‘sdelete -c’ on the the disk.  This will zero out unused space. Power offthe VM and make a note of what what datastore(s) the virtual disks are on and what they are named. SSH in to (or go the console of) the ESXi host and go to the path where the .vmdk files are.  (Somewhere under /vmfs/volumes/ ) Convert the original thick .vmdk into a 2GBspare one: vmkfstools -i SERVERNAME.vmdk -d 2gbsparse SERVERNAME-temp.vmdk (This will clone the file while shrinking it down) Now convert it again from the 2gbspare temp .vmdk to a thin disk.  (If you convert straight to a thin disk and skip the 2gbsparse conversion it will not shrink!) vmkfstools -i SERVERNAME-temp.vmdk -d thin SERVERNAME-thin.vmdk Now edit the settings of the VM and detach the thick drives and attach the thin drive(s).  Boot the VM and make sure everything is working. Delete the thick and temp 2gbspare .vmdk files. Profit...

Virtualization Now!

Ten Reasons You Should Already Be Using Virtualization For Your Server Environment According to Intel: Virtualization technology is possibly the single most important issue in IT and has started a top to bottom overhaul of the computing industry Virtualization is a relatively new technology, but it is not as new as one might think.  VMware, one of the pioneers of virtualization, has been creating and selling virtualization software for over 10 years now.  All 100 of the Fortune 100 companies are currently using virtualization, specifically VMware’s offerings.  Once the only player, VMware now has serious competition from Microsoft, Citrix, Oracle (who recently acquired Sun Microsystems), RedHat, and Novell. Ok, enough background, here’s the top 10 reasons you should already be using virtualization, falling into three categories: Savings #1 - Save on hardware expenses:  Server Consolidation; less hardware required due to the virtualization platform’s ability to maximize existing resources.  For example, $6,000 in hardware for (1) virtual server host machine can run upwards of (10) virtualized server instances.  Assuming a basic hardware cost of $3,000 per basic server, this would result in a net savings of $24,000! #2 - Save on administrative costs:  Virtualization reduces the amount of hardware to service, including routine hardware maintenance. #3 - Save on environmental costs:  Less cooling, less power, and less space required. #4 - Better Return on Investment:  Along with initial savings, companies need to be concerned with ROI, not only immediate cost.  Virtualization is an investment in a company’s technology infrastructure. Increased Predictability for IT Services #5 - Downtime/failures:  Recovery is quicker, less expensive, and less difficult when compared to non-virtualized environments....

Enabling jumbo frames in VMware ESX

To get the best performance out of VMware’s iSCSI initiator it’s a good idea to enable jumbo frames on the ESX hosts.  First configure a new vSwitch dedicated to the iSCSI network and if you’re doing this in the GUI delete the default port group that is created. Then hop into the command line and type: “esxcfg-vswitch -m 9000 vSwitch1” (where vSwitch1 matches the number of your virtual switch) Now your virtual switch has jumbo frames enabled but we need to add a port group with jumbo frames enabled so enter the following to create the port group and assign an IP address: esxcfg-vswitch -A iSCSI vSwitch1 esxcfg-vmknic -a -i 10.97.1.40 -n 255.255.255.0 -m 9000 iSCSI Check to make sure 9000 MTU is applied on the switch and port group by running the following: esxcfg-vswitch -l esxcfg-vmknic -l And lastly test a large packet by running: vmkping 10.97.1.10 -s 9000...