Thursday, 17 November 2016

Insert route using DHCP Option 249

Microsoft has introduced DHCP Option 249 to insert classless static routes into the DHCP client using DHCP Server.
You can add multiple routes into DHCP Client using Option 249.Each routes consists of the Destination descriptor and Router IP address.Destination descriptors describe the IP subnet number and subnet mask of a particular destination.If DHCP Client do not support this option will ignore if its recevied option 249 from a DHCP Server.If DHCP Client support option 33 and 249 and DHCP Server offer both option.The DHCP Client will ignore the option 33 and install route based on option 249. Option 33 will allow you to insert static routes on your DHCP configuration but it will only accept classful network.

Step 1 : By default Infoblox does not load with option 249 so we need to create option 249.Hence follow the steps below to create option 249.
Data Management ---> DHCP----> Option Space
Tick DHCP checkbox and click on Edit <right side corner)
Click on Plus sign to add new DHCP Option.
Name : option-249
Code : 249
Type : array of 8-bit unsigned integer

Save & close
















Step 2 : Now we need to configure Option 249 for the desired subnet.

Data Management ---> DHCP----> Networks
Tick Network(desired subnet) checkbox and click on Edit <right side corner)
Go on IPV4 DHCP Options and add the DHCP Option 249 in custom DHCP Option.
Note : If you are not seeing option 249 which means You have not configured the option 249 correctly.














Step 3 : Now you define the destination descriptor and route address.
<subnet Mask>,<IP address>,<Gateway>

22,192.168,1, 192,168,188,16
22 - Subnet mask
192,168,1 - Classless Subnet.
You do not need to define Zero into subnet.
192,168,188,16 - Route address

Please not all value you need to define by comma and you will need one space between destination descriptor and router address.

Save & Close

Step 4 : Restart the DHCP server as required to update the DHCP Client Config.

Once DHCP Client start asking for IP address , gateway etc.You will see client recevied the desired classless route in Option 249.

Wireshark View









Posted by at No comments:
Labels:

Wednesday, 16 November 2016

Create Bond Interface in Checkpoint Gaia

Creating a Bond Interface into Checkpoint Gaia

 Step 1: Identity the interface in your Checkpoint Firewall

 VSX-MGMT> show interfaces
eth0
eth1
eth2
lo

 Step 2 : Creating a bonding group .You can have 0 to 1024  bond group in Gaia.Create bond group 10(random number) and add desired interface in bond group.I have created the bond group for eth1 and eth2.
VSX-MGMT> add bonding group 10 interface

 eth1  eth2
VSX-MGMT> add bonding group 10 interface eth1
VSX-MGMT> add bonding group 10 interface eth2

 Step 3: Configure the primary inteface in bond group.
VSX-MGMT> set bonding group 10 primary eth1

 Step 4: Select the mode of your bond interface.
VSX-MGMT> set bonding group 10 mode

 round-robin    active-backup  xor            8023AD
• round-robin - Interfaces activated in order by ID (default)
• active-backup - On active interface down, failover to primary interface first, and to other interfaces if primary is down
• xor - Interface activation by TCP/IP layer (layer2 or layer3+4).
You can set the LACP packet transmission rate for xor mode or 8023AD mode. After you set one of these Load Sharing modes, enter this option: lacp-rate {slow | fast} where slow is every 30 seconds, and fast is every one second.
• 8023AD - Link Aggregation Control Protocol load shares traffic by dynamic interface activation, with full interface monitoring between gateway and switch. In this mode only, you can set the algorithm for interface selection, according to the specified TCP/IP layer: xmit-hash-policy {layer2 | layer3+4}
VSX-MGMT> set bonding group 10 mode 8023AD
Step 5 : Your bond interface is configured. and verify the setting
VSX-MGMT> show bonding group 10
Bond Configuration
    xmit-hash-policy layer2
    down-delay 200
    primary eth1
    lacp-rate slow
    mode 8023AD
    up-delay 200
    mii-interval 100
    Bond Interfaces
        eth1
        eth2
VSX-MGMT>
To make sure that a Link Aggregation is working for a bond interface, run this command in expert mode:

 [Expert@VSX-MGMT:0]# cat /proc/net/bonding/bond10
Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

 Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200

 802.3ad info
LACP rate: slow
Active Aggregator Info:
        Aggregator ID: 1
        Number of ports: 1
        Actor Key: 17
        Partner Key: 1
        Partner Mac Address: 00:00:00:00:00:00

 Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:70:21:f2
Aggregator ID: 1

 Slave Interface: eth2
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:70:21:fc
Aggregator ID: 2
[Expert@VSX-MGMT:0]#
Note :  Configuring of LACP rate can be produced only for 802.3ad mode
Transmit Hash Policy can be configured for 802.3ad and balance-xor modes only
Posted by at No comments:
Labels:

Disabling automatic configuration synchronization in FortiGate

In some situation you may need to stop configuration synchronization between the FortiGate cluster so you can disable the automatic synchronization of the primary unit configuration to all cluster units by using following command.Once You complete your task on one unit you can re-enable Configuration synchronization.

If vdom mode enable :
config global
config system ha
set sync-config disable/enable
end

If vdom mode disable:
config system ha
set sync-config disable/enable
end

disable : It will stop the config sync between cluster
enable : It will re-enable the config sync between cluster
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)