Rob Golding

While improving the network at my house (an indeed, the network which supports this very web server), I started to explore the world of network monitoring and reporting. I had heard quite a bit about Cacti before, but never considered installing it. That was mostly due to the stories I had heard about how unholy difficult the damn thing is to get working properly. “Don’t even go there” was my mindset. Until now, that is.

Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality.

Brilliant. Network graphing is good, I want to see pretty charts and graphs about how my network is doing. So I gave it a go. Here’s some of my ups-and-downs, and the end result.

First, I needed a linux machine to try this on. Cacti itself obviously wasn’t enough of a challenge for me, I wanted to get it to work on an operating system with which I had very little experience. I chose Ubuntu Server 7.10 - I’ve worked with Ubuntu before, and I like the Aptitude package manager which would make this project somewhat easier for me.

So first of all, I installed the O/S. I’m using a Virtual Machine on my main VM host, which had some RAM to spare. I only have the machine 128MB, as I’m not going to be asking too much of it (hopefully). I didn’t specify a LAMP install, even though that is exactly what would be required. I wanted to do all the fiddly stuff later on.

Once the O/S was on, I needed to install the required packages, and then Cacti itself. Cacti requires a web server, with PHP and GD (the image library), and a MySQL server. I followed this guide to get them all installed on this new machine, and then extracted and set up Cacti.

Worth noting here, is that when importing the cacti.sql file into the MySQL database, I first created the database called “cacti”, then modified the cacti.sql file, adding “use cacti” to the beginning of the file - otherwise an error stating “no database selected” would appear.

Once the database was setup, and Cacti was extracted - I pointed Firefox to http://cacti/cacti (I had a creative moment and called the Cacti server cacti). The setup process was web-based from here-on, and Cacti was installed in a matter of seconds.

So, now I added my hosts (after enabling the SNMP service on my Windows Servers, and configuring the community), and created some graphs. Just network traffic graphs at first. After a few polls, I was amazed to see the graphs populating perfectly. After following these instructions I made them look so much better (maybe not sexy, though!), and the result was something like this:

Wonderful. Pretty graphs showing me how much the internet connection is being used. 100k eh? Somehow I think paying for 20Mb isn’t worth it!

OK, so now I have lots of nice graphs, I wanted to get a Network Weathermap working - which is like a virtual network diagram, showing the traffic between each node on the map - as it reads the data from the same source as Cacti.

This was much easier than I thought - after adding the nodes and links into the config file, the values took on the colours of my scale as they should - and I had a lovely diagram of my network with automatically updating traffic information! Here’s the end result.

And there we have it! Not at all as bad as I was expecting. I do hope this will be of help to anyone wanting to do something similar.

As an update to the previous post regarding the installation of a new IPCop as my network firewall, I have finally completed the configuration of its VPN service for use as a Roadwarrior. I can now connect to the IPCop machine from my laptop, using the OpenVPN client from anywhere in the world.

I was surprised with the ease of configuration once an addon called “Zerina” was installed. This made the process extremely simple to complete, even offering to package up an OpenVPN configuration file and certificate combination - so all that is needed to connect is one click!

With regards to the IPCop machine itself, it is one of the most stable servers I have ever put into operation. I literally installed the O/S (about 50mb) a couple of weeks ago - and since then there has been not one issue. Not even a restart - it’s just been chugging away on that old 400MHz Pentium II. I am in awe of the little thing - which is actually proving to be a damn sight faster than the overpowered and clunky ISA Server that I used to use.

Also, with the terrible OpenVPN logo, and the lack of suitable IPCop art, I hope the visio diagram to the left bears a resemblance to this post that could be appreciated by the reader. I definitely think it makes the post something special, would you not agree?

My latest project, to replace the bulky overpowered ISA firewall on my home network with a lean mean IPCop machine, was declared a great success a few days ago.

I am familiar with IPCop, as I used to use it a long time ago. Since then it has matured somewhat, but the feature set is pretty much the same as I remember. The new machine is a 400MHz PII, with 192mb RAM. It is sitting in the place of a Sempron 3000+ with 1GB RAM. Amazing, it’s doing the same job with a fraction of the power. And also, it uses a third of the electricity - 30W in total. Good news given the rise in energy prices!

The main challenge so far, which I still haven’t overcome, is how to get RoadWarrior VPN working, using the windows built-in VPN client, with L2TP/IPSec. This used to be trivial with ISA Server, but this isn’t quite the case with a linux firewall. I have been looking at other distributions such as monowall and pfSense, niether of which seem to spell out their ability to achieve this clearly. I am playing with a few of these on Virtual Machines, so hopefully I will come accross a way to do this before long - I’m starting to miss my RoadWarrior VPN server. How sad, eh?

Seeing as I’m getting into virtualization more and more recently, I decided to give the new beta of VMware Server 2.0 a go. I have a virtual machine for testing purposes on my desktop machine (a Dell Dimension 9200, E6600, 2GB RAM) – so this should prove a perfect test bed for the software.

I have a particular personal interest in VMware. The server that so many of my posts have been about as of late runs VMware - it and a couple of virtual machines provide me with my email, directory, file servers and websites. Because of this, I’m quite excited about the next release of VMware – and hopefully the transition won’t be too difficult.

Starting with the interface, which is the first noticeable difference one the installation is completed – there is nothing that has been kept from version 1 – a complete overhaul. It’s now based totally in the browser – on port 8222 (8333 for https) – using its own installation of Tomcat to be precise. This brought back bad memories of managing Microsoft Virtual Server 2005 on a client’s system – but once I started using the new interface, I began to like it more and more. It’s definitely an improvement over Microsoft’s attempt, and with the browser plug-in for Virtual Machine Remote Control (VMRC), it provides all the functionality of the previous console and more; even in firefox!

I can definitely say that the performance of VMware itself has improved in the new version, although I am running it on a Vista installation. The only real reason for this noticeable change is that the previous release would hang for a number of seconds when a virtual machine was started or stopped in Vista. It feels as though this is an issue that has been addressed in the beta, and so hopefully performance overall will have had the same attention.

Just a few shots of the new UI, first we have the login screen for the web-based management interface. My desktop is joined to the domain at my house, and the only account I could use to login was the builtin domain administrator account. Strange.

Next, the summary screen which shows some info about the host machine, which will be nice on a production server as it details the RAM usage. This will be something I look forward to using on my main server Zeus:

Finally, a shot of the only VM I have on this machine. In this case the VM is stopped, and it shows the hardware configured for the machine, and the 1×2.338GHz CPU looks promising - I could assign another!

That’s all I have on this for now, but if I find any more interesting stuff I’ll be sure to post an update. If you’re interested you can grab a copy from here: http://www.vmware.com/beta/server/.

OK, so seeing as the last post is about worrying errors reported by the RAID controller on my main server, Zeus, I’ve decided to do something about the heat that caused the errors in the first place.

The drive caddy in Zeus holds 4 drives, but they are far too close together, so I’ve spread them out somewhat, and added another fan, although it took some pursuation to get it in (by pursuation I mean using tinsnips to cut a hole in the front of the server). This is proving to work really well, now I just need to figure out how to get another exhaust fan in there somewhere.

Also, I have recabled the switch with colour-coded Cat5. We have red cables for the internet VLAN, yellow for the perimeter VLAN, and blue for the internal network. This has also been a good time to start wiring for gigabit, so I’ve ran the first cable to my desktop from the switch. All I need now is a few gigabic NICs and I’ll be all set.

Update: I’ve got some pictures up now. We have zeus with its new ghetto fan mod at the front, blowing nice cool air over a terabyte worth of data in the first two. Then the new switch and the lovely neat wiring job in the last one. On a side note, I’m really happy with the switch, it’s proving worth the cost after all. Looks pretty good as well sitting in the cabinet :). Now, if only I could get round to painting the inside of that server cupboard. It’s shameful!

Error occurred on Primary Master device on adapter 0. Primary Master - CDB 2a 00 01 58 aa 5d 00 00 01 00.

This is what I was greeted with in my inbox, as I started the day yesterday. It looks like at some time around 4am, the primary drive on my main server, Zeus, had been having a few problems to say the least. The drive gave about a hundred of the above errors, and then dropped off the RAID1 array. I opened up the case to see what was going on, and it would seem that heat was the killer, if anything. I shutdown the server, moved the drives around a bit to allow for better airflow, stuck an extra fan in, and booted it back up. The drive came back to life, and is rebuilding as I type this.

I am now, however, looking at a new SATA controller and 2×80GB Western Digital drives. Hopefully these will run cooler, faster, and allow for better airflow than their IDE counterparts.

The new core switch that was due to arrive has finally come, with no real delays which is surprising, since it was sent using Royal Mail. The new Netgear has really good management features, and the web interface is pretty detailed. Most of all though, I’m enjoying the ability to have a few VLANs, and a reasonable amount of traffic without the thing crashing on me every five minutes (thanks Planet).

I’m going to be doing some bandwidth testing soon as well, just to see what kind of speeds I’m getting, but I’m expecting it to do fine.

For a while now, I’ve been having problems with the network’s core switch - it’s a Planet FGSW-2620. Yes, I know, it’s a Planet. My mistake in the first place, it wasn’t even worth the cheap price I paid for it. It crashes almost every day, when the traffic level gets above approximately zero. To put it lightly, it’s a nightmare. Even the management is terrible - it can only be managed by it’s serial interface, has no web server, not even an IP - so there’s no SNMP, no Telnet, nothing.

Anyway, lets get onto the new switch, that will be arriving any day now. It’s a Netgear FSM726, and it looks a damn sight better than this Planet I’ve been running for a few months. I know it’s no ProCurve, but it’s got all the functionality of a high level enterprise switch - all types of SNMP and RMON, a web interface, Telnet, VLANS, the works. As long as I can monitor it somewhat, and it doesn’t crash all the time, I’ll be happy. Plus it will make a nice addition to the new server closet I’ve just moved into.

Okay, so the network that I have been managing for some time now has just undergone a pretty big redesign. It’s actually a home network, but it spans 2 sites – my house and my friend’s house. They are “joined” by a site-to-site VPN connection, which gives us a load of benefits like easily sharing photos, programs, and an AD/Exchange forest.

Up until recently, the network was running with just one physical server at each site, we shall call them Site A and Site B, each with VMware Server installed. Both servers were configured almost identically, with the host machine running AD (Active Directory) and Exchange 2003, and a VM running ISA Server 2006 for the firewall/VPN. Another VM was used for hosting some websites in the Perimeter network.

The redesign saw one new server in at Site A and two new servers at Site B – although the main server at Site A has been upgraded significantly. The new servers were installed to take the firewall away from the Virtual Machine to a physical one – as this is much more secure. Also, the second new server at Site B hosts Exchange, while this is now on a VM at Site A.

This network doesn’t support many clients or users, but it used mostly for educational purposes. For that it is perfect. We have a multi-tree forest AD configuration, with one domain for each site (or each house!), and one Exchange organisation spans the entire forest, with one Exchange server at each site. This also helps if one server/network is down, as the other will pick up the email for both sites – so we have a failsafe if one network is having problems.

I have published a “public” version of the network diagram, with external IP addresses/names removed, just in case anyone might find it interesting. Just click the thumbnail for a fullsize version.

As you may have noticed, I’ve used the names of gods from Greek and Roman mythology for the servers. The web servers are the oldest ones there so they haven’t been renamed yet. Maybe an exiting project for the future!

Both networks now have a 20mb/784kb internet connection (up/down), so the VPN link is essentialy 784kb/sec both ways. That’s pretty good for things like AD replication, but not brilliant for sharing files and photos.

The active directory is the aspect of the network I am most proud of. Since the rebuild it has been working flawlessly, although I am forever looking at ways to expand the directory. The DC at each site hosts a DNS zone for both domains, which provides redundancy for DNS if one DC is down, and both servers hold a copy of the Global Catalog. This allows for fast directory searches from both sites, and gives each Exchange server a GC to look to.

The forest is split logically, as well as physically, into sites. This allowed me to easily alter the replication schedule for the Domain Controllers, although I decided to leave this at hourly intervals, as I saw no reason to alter this value.

Hopefully the AD forest and network infrastructure will provide a solid base to expand on, and I will post about any major additions to the network. At present the clients consist of XP and Vista machines, but we are soon to aquire a new desktop, which will be running Vista, that will make a nice addition to AD.

Up until yesterday, my Exchange server was my DC - they were one and the same. As anyone will tell you, this isn’t a particularly desirable configuration. For one thing, if you want to demote the DC, you have to uninstall Exchange first, and that means lots of migration and replication and…well it’s not very nice!

So, I finally took the big step, and migrated all the Exchange data off the DC, and uninstalled it. So now I have a seperate Exchange server, which means tons more RAM free on the DC.

This also allowed me to install something I’ve been looking at for quite some time now - WSUS 3. I now realise how useful this piece of software can be. I am only managing about 5 computers, plus a few servers, but this makes keeping the machines up-to-date so much easier. Plus, you get lovely graphs like this:

Also worth mentioning, is that the Exchange server I’ve been telling you about actually runs as a virtual machine under VMware on the DC. It has 2GB of RAM, and seems to be coping fine, but with 1GB assigned to the Exchange VM, and 384mb assigned to another VM I have running on there (a web server), task manager seems to be having problems getting the memory details correct:

So we have 1GB + 384mb + whatever else is running on there (WSUS, DC, DHCP etc), and we end up with 1.0GB (or there abouts). Something’s not right. Alas, the server seems to be handling the load fine, and with a gig of RAM apparently free, I have space to expand in the future. Brilliant.