How to rebuild an F5 Physical Load Balancer

Because I forget this and it always seems to cause me more pain than it should to have to rebuild one. I’ve had this happen 3 times in the 8 years of dealing with the physical 1600 LTMs all of them have failed due to some power problem that won’t let them startup completely and I end up spending 8 or more hours having to rebuild them and figure out what the heck happened to them. Luckily they have always been in a fault tolerant pair so I haven’t been down completely, but have never wanted to push the amount of time one is down because of how important they are to my company.

Steps:

Call into Support and open a ticket with the s/n of the failed unit and the error message on the screen.

If you don’t already have enhanced 4 hour replacement ask for an upgrade to it via credit card. Waiting more than 4 hours is very painful and dangerous for us.

Wait 4 hours for the new unit to come in.

While waiting:
Unrack the currently failed unit making sure that all of the cables are correctly labeled and ready to be plugged into the new unit.

Download the current version ISO along with any hot fixes to match the current install version. Download your latest backup for the unit and have it all ready and waiting to go on your laptop.

On the active unit make sure to clear out any ssh keys if needed from the failover interface

Also Reset the Device Trust under Device Management/Device Trust on the active unit

When the new unit finally arrives rack it and plug in at least the serial cable and the management ethernet cable. Before powering on plug in the recovery USB stick if it came with one that has the version of LTM that you need on it. This will greatly simplify the upgrade process and get it to at least the major version you need.

Once the unit has been upgraded to at least the major base version that you need. Login via the serial console with root/default and type config. This will let you set the management IP address for the unit.

Once the management address is set, connect to it via the browser with admin/default and start going through the licensing and configuration process.

Upload the hot fixes if necessary to the replacement unit and update to the version needed to restore the backup file. Once the hot fixes are done updating go ahead and restore the backup to the failed unit.

Hookup the failover ethernet cable.

Set backup the HA configuration between the units and ensure that you can ssh between the units on their failover interfaces.

Push the configuration from the Active unit to the new unit with an override, if it fails or there is any issue during the time run this command on the failed unit to see what the issue is:

tmsh show cm sync-status

Once it’s all done and happy it should be back in sync and in an active/standby state.

Then plug in the last of the cables for the internal/external interfaces and then you should be done.

Pack the old unit up and ship it out.

Retrieve SSID info from Meraki Wireless Network

I support multiple Meraki Wireless networks and I wanted the ability to pull in pertinent data from the wireless networks that I support. This will allow me to pull in the data and then upload it into the wireless mapping programs and design software. This will also allow me to easily pull the channels, power settings, SSIDs, and other pertinent information. Here is the link to my GitHub site where I will be keeping the most up to date program as I fix things and work to improve it.

#!/usr/bin/env python

#import necessary modules
import cred
import requests
#Meraki site information
MERAKI_DASHBOARD = 'https://api.meraki.com'
HEADERS = {'X-Cisco-Meraki-API-Key': (cred.key), 'Content-Type': 'application/json'}
#NETWORK = input(str("What network are we looking at? "))
NETWORK = cred.network
NETWORK_URL = MERAKI_DASHBOARD + '/api/v0/networks/%s/devices' % NETWORK
NETWORK_GET = requests.get(NETWORK_URL, headers=HEADERS)
NETWORK_RESPONSE = NETWORK_GET.json()
#Create a function pull in the information
def WIRELESS_SETTINGS():
WIRELESS_SETTINGS_URL = MERAKI_DASHBOARD + '/api/v0/networks/%s/devices/%s/wireless/status' % (NETWORK, DEVICE['serial'])
WIRELESS_SETTINGS_GET = requests.get(WIRELESS_SETTINGS_URL, headers=HEADERS)
WIRELESS_SETTINGS_RESPONSE = WIRELESS_SETTINGS_GET.json()
for SSIDS in WIRELESS_SETTINGS_RESPONSE['basicServiceSets']:
if SSIDS['enabled'] == True:
print("SSID " + (SSIDS['ssidName']) + " BAND " + (SSIDS['band']) + " BSSID " + str(SSIDS['bssid']) + " Channel " + str(SSIDS['channel']) + " Power " + str(SSIDS['power']))
#Loops through the network and the devices to find all of the information.
for DEVICE in NETWORK_RESPONSE:
if DEVICE['model'] == "MR42":
print("AP " + DEVICE['name'])
WIRELESS_SETTINGS()

Passing the CWAP

Last weekend I was able to pass the CWAP exam on my second attempt. The first time through the exam I was thrown by some of the questions and didn’t have as good a grasp on some of the random things that were asked for. So I spent 2 weeks between exam takes watching all of the videos again and then going through all of my notes and flash cards that I had made. I also spent a good amount of time looking at packet traces and figuring out where all of the information and how Transmit Beamforming works with NDP. Overall I felt it was a good exam even though it took me two times to pass it. I definitely feel a lot better now about the information and that I was able to absorb it for the exam. So now I get to use the cool CWAP image for things:Cwap 200x200 My next exam will be the CWSP exam as I work my through to the CWNP.

Here are some of the resources that I used while for the CWAP:
CWNP – Video training
CWNP – Practice Tests
WIFItraining – CWAP Workbook
CWNP – Official CWAP Study Guide

Meraki Script to pull LTE Card Signal

Script for pulling the make and signal strength of wireless cards

We are trying to continually audit our LTE cards in the Meraki Routers so we wanted to be able to monitor the stores LTE connections and see the signal strength and then determine which if any needed to be swapped out. However that data is only stored at the device level so you have to iterate through the whole Organization then by network and then by device in the network. Meraki has a polling limit for how many times you can poll the cloud per second so I put a 1 second delay in there to keep the program from overwhelming everything and causing issues for itself or for our users monitoring on the website.

The script can be found here:

https://github.com/undrwatr/MERAKI_CARD_SIGNAL

How I handle credentials and shared variables in Python

How to handle common variables between programs

I have been writing a lot of python programs lately for interacting with the Meraki Platform. I was tired of copying and pasting my variables and credentials between programs, plus I wanted the ability to easily upload the programs to GitHub without having to worry about sanitizing the program of my companies or personal data. I did some searching and didn’t find a lot so what I figured I would do is put this information into a python module and then I could call that module from within my programs and then I wouldn’t have to worry about keeping all of my data secure. I decided to call my module cred.py and then I could call it from within the program with just a “import cred”. I used to copy this file into each of the directories where I was working on a program. Then I ran into a problem where I had to change an API key, I then had to go through and find all of the cred.py files I had created and then update the data in them. That proved to be more of a pain than I wanted to deal with so I decided to place it in a central directory for all of my programs. This proved much easier, but then I had to figure out how to call it from within Python without making it a module in the install path.

That is where I came up with this:

import sys

#Import the CRED module from a separate directory
sys.path.insert(0,’../CRED’)
import cred

With this it allows me to keep one central directory to store all of my credentials, but also commonly needed variables. I call it from within the program and can then run my programs easily. Love to hear how others are handling this or if there is a better way for me to do it.

And now for something completely different – Storage with Brocade

So as attrition has struck and we have lost staff, I am now taking over Storage duties.  It’s a switch right, it should work just like a network switch.  That is the thinking of people above me, I think they have been away from hands on work for too long. I understand iSCSI, that’s simple.  This FC stuff, I have a bit of a curve in front of me.

First order of the day….  Assess where we are and if we need a firmware update to maintain our pci compliance.  Nothing like getting thrown in and going from there.  Well at least I know we have Brocade Swithces so I am starting off with at least one advantage.   So after finding the username and password to log into them, I then needed to find out what version we had.  This website was invaluable in determing that:

http://www.boredsysadmin.com/2009/05/how-to-find-out-brocade-switch-model.html

If you scroll down to the comments someone has updated with the later versions, but I put the instructions here just as a quick look along with the meanings of the different Switchtypes.

Open web browser at http://hostname of switch/SwitchInfo.html

While I am surprised about the amount of information that is given away for free, I am glad that it is at least available for me to help me out.

Scroll down till you see in List of Ports: switchType:    xx.x

Switch Type Switch Name translation for xx.x
1 Brocade 1000 Switches
2,6 Brocade 2800 Switch
3 Brocade 2100, 2400 Switches
4 Brocade 20×0, 2010, 2040, 2050 Switches
5 Brocade 22×0, 2210, 2240, 2250 Switches
Switch Types and Product Names
Generated by Jive SBS on 2011-01-06-07:00
2
7 Brocade 2000 Switch
9 Brocade 3800 Switch
10 Brocade 12000 Director
12 Brocade 3900 Switch
16 Brocade 3200 Switch
17 Brocade 3800VL
18 Brocade 3000 Switch
21 Brocade 24000 Director
22 Brocade 3016 embedded Blade Switch
23 8Gbit 10-port embedded fabric switch
26 Brocade 3850 Switch
27 Brocade 3250 Switch
29 Brocade 4012 Embedded Blade Switch
32 Brocade 4100 Switch
33 Brocade 3014 Switch
34 Brocade 200E Switch
36 Brocade FR4-18i Director Blade
37 Brocade 4020 Embedded Blade Switch
38 Brocade 7420 SAN Router
40 Fibre Channel Routing (FCR) Front Domain
41 Fibre Channel Routing (FCR) Xlate Domain
42 Brocade 48000 Director
43 Brocade 4024 Embedded Blade Switch
44 Brocade 4900 Switch
45 Brocade 4016 Embedded Blade Switch
46 Brocade 7500 Switch
Switch Types and Product Names
Generated by Jive SBS on 2011-01-06-07:00
3
47 Brocade FC4-16IP Director Blade
50 Brocade 4GB FC Port Blade
51 Brocade 4018 Embedded Blade Switch
55 Brocade FA4-18i Extension Director Blade
55,2 Brocade 7600 Switch
58 Brocade 5000 Switch
62 Brocade DCX Backbone
63 Brocade 8Gb Backbone Core Fabric Switch
64 Brocade 5300 Switch
66 Brocade 5100 Switch
67 Brocade Encryption Switch
68 Brocade 8Gb 16 FC 2 GigE ports Director Encryption
Blade
69 Brocade 5410 Blade
70 Brocade 8GB 10 Port Embedded Fabric Switch
71 Brocade 300 Switch
72 Brocade 5480 Embedded Blade Switch
75 Brocade M5424 Embedded Blade Switch
76,6 Brocade 8000 FCoE Switch
77,3 Brocade DCX-4S
82 Brocade 8Gb 24-port Embedded Blade Switch
83 Brocade 16-FC port, 6-GE port, auto sensing 1, 2, 4 or
8Gbit Switch
86 Brocade 8Gbit 26-port embedded Switch
88 Brocade 10Gb 24 GigE ports DCE Blade
Switch Types and Product Names
Generated by Jive SBS on 2011-01-06-07:00
4
89 Brocade 8Gb 12 FC, 1Gb 10 GigE FCIP Blade, 10Gb 2
GigE ports FCR
Now at least I am off and running to the Brocade site to find out exactly how many versions I am back.
I also needed to determine the serial number so as I found out that “?” didn’t do anything for me, I then tried “help” and that listed all of the commands on the switch quite a few.  I figured the command had to start with switch, chassis, or hardware.  I looked through and was able to find this command:
“chassisshow”
Luckily this gives me everything I need now and can open my support case or get access to the support site to find the information for myself.