Dev Environment Technitium DNS Server

Windows:

$technitiumPortableDownload="https://download.technitium.com/dns/DnsServerPortable.zip"
$tempDir="C:\Temp";
$extractionDir="C:\Technitium"
$destinationFile = "$tempDir\DnsServerPortable.zip";
try{[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12}catch{}
New-Item -ItemType Directory -Force -Path $tempDir
New-Item -ItemType Directory -Force -Path $extractionDir
$webclient = New-Object System.Net.WebClient;
$WebClient.DownloadFile($technitiumPortableDownload,$destinationFile);
expandZipfile $destinationFile -Destination $extractionDir

Linux Manual methods:

# Download Technitium DNS Server portable
wget https://download.technitium.com/dns/DnsServerPortable.tar.gz sudo mkdir -p /etc/dns/ sudo tar -zxf DnsServerPortable.tar.gz -C /etc/dns/
# Call DNS Server Daemon from startup script
cd /etc/dns/ sudo ./start.sh

# Systemd
sudo cp /etc/dns/systemd.service /etc/systemd/system/dns.service sudo systemctl enable dns.service sudo systemctl start dns.service
# Monitor the service
journalctl --unit dns --follow

Ubuntu:

curl -sSL https://download.technitium.com/dns/install-ubuntu.sh | sudo bash

Raspbian

curl -sSL https://download.technitium.com/dns/install-raspi.sh | sudo bash

PowerShell: Scan a Subnet for Used and Unused IPs

Script:
function scanForAvailableIPs{
param(
$cidrBlock=$(
$interfaceIndex=(Get-WmiObject -Class Win32_IP4RouteTable | where { $_.destination -eq '0.0.0.0' -and $_.mask -eq '0.0.0.0'} | Sort-Object metric1).interfaceindex;
$interfaceObject=(Get-NetIPAddress -InterfaceIndex $interfaceIndex|select IPAddress,PrefixLength)[0];
"$($interfaceObject.IPAddress)/$($interfaceObject.PrefixLength)";
)
)

function Get-IPrange{
<# This Get-IPrange function has been obtained at https://gallery.technet.microsoft.com/scriptcenter/List-the-IP-addresses-in-a-60c5bb6b
Snippet Author: BarryCWT
.SYNOPSIS
Get the IP addresses in a range
.EXAMPLE
Get-IPrange -start 192.168.8.2 -end 192.168.8.20
.EXAMPLE
Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0
.EXAMPLE
Get-IPrange -ip 192.168.8.3 -cidr 24
#>

param (
[string]$start,
[string]$end,
[string]$ip,
[string]$mask,
[int]$cidr
)

function IP-toINT64 () {
param ($ip)

$octets = $ip.split(".")
return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])
}

function INT64-toIP() {
param ([int64]$int)

return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() )
}

if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}
if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }
if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}
if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}
if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}

if ($ip) {
$startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring
$endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring
} else {
$startaddr = IP-toINT64 -ip $start
$endaddr = IP-toINT64 -ip $end
}


for ($i = $startaddr; $i -le $endaddr; $i++)
{
INT64-toIP -int $i
}

}

# Regex values
$regexIP = [regex] "\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
$regexCidr=[regex] "\/(.*)"
$regexFourthOctetValue=[regex] ".+\..+\..+\.(.+)"

# Value Extractions
$ip=$regexIP.Matches($cidrBlock).Value
$cidr=$regexCidr.Matches($cidrBlock).Groups[1].Value
$allIPs=Get-IPrange -ip $ip -cidr $cidr

# Remove fourth octet values matching 0,1, and 255
if($regexFourthOctetValue.Matches($allIPs[0]).Groups[1].Value -eq 0){$first, $rest= $allIPs; $allIPs=$rest;}
if($regexFourthOctetValue.Matches($allIPs[0]).Groups[1].Value -eq 1){$first, $rest= $allIPs; $allIPs=$rest;}
if($regexFourthOctetValue.Matches($allIPs[$allIPs.length-1]).Groups[1].Value -eq 255){$allIPs = $allIPs | ? {$_ -ne $allIPs[$allIPs.count-1]}}

# Display sweep scanning output
#$allIPs | ForEach-Object {if(!(Get-WmiObject Win32_PingStatus -Filter "Address='$_' and Timeout=200 and ResolveAddressNames='true' and StatusCode=0" | select ProtocolAddress*)){$_}}

# Collect unpingable IPs
"Collecting available IPs. Please wait awhile..."
$GLOBAL:availableIPs=$allIPs | ForEach-Object {if(!(Get-WmiObject Win32_PingStatus -Filter "Address='$_' and Timeout=200 and ResolveAddressNames='true' and StatusCode=0" | select ProtocolAddress*)){$_}}

# Also, export unavailableIPs just because I can
$GLOBAL:unavailableIPs=Compare-Object $allIPs $availableIPs -PassThru
}


scanForAvailableIPs;
"`r`nAvailable IPs:`r`n------------------------------------------------`r"
$availableIPs;

"`r`nUnavailable IPs:`r`n------------------------------------------------`r"
$unavailableIPs;
Sample Output:
Available IP:
------------------------------------------------

192.168.10.2
192.168.10.3
192.168.10.4
192.168.10.5
-- Omitted for brevity --
192.168.10.250
192.168.10.251
192.168.10.252
192.168.10.253
192.168.10.254


Unavailable IP:
------------------------------------------------

192.168.10.51
192.168.10.52
192.168.10.102
192.168.10.103

Some Useful Windows Commands to Troubleshoot Networking on Windoze

# Check this computer's trust relationship to its domain controllers
$domainName="intranet.kimconnect.com"
PS C:\Windows\system32> nltest /SC_QUERY:$domainName
Flags: 0
Trusted DC Name
Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully

# Reset computer account password
$domainController="DC01.intranet.kimconnect.com"
$domainAdmin="domainAdmin"
netdom.exe resetpwd /s:$domainController /ud:$domainAdmin /pd:*

Output:
PS C:\Windows\system32> netdom.exe resetpwd /s:$domainController /ud:$domainAdmin /pd:*
Type the password associated with the domain user:
The machine account password for the local machine could not be reset.
The network path was not found.
The command failed to complete successfully.

# Check network interfaces
PS C:\Windows\system32> get-netadapter *
Name InterfaceDescription ifIndex Status MacAddress LinkSpeed
---- -------------------- ------- ------ ---------- ---------
DEV Cisco VIC Ethernet Interface #4 15 Up 00-25-B5 10 Gbps
iSCSI-A Cisco VIC Ethernet Interface #3 14 Up 00-25-B5 10 Gbps
CLUSTER Cisco VIC Ethernet Interface #2 8 Up 00-25-B5 10 Gbps
iSCSI-B Cisco VIC Ethernet Interface 2 Up 00-25-B5 10 Gbps

# Restart a NIC
PS C:\Windows\system32> get-netadapter -Name "PROD" | Restart-NetAdapter

# Overload a NIC with additional IP address(es)
$availableIP="x.x.x.x"
$cidrMask=24
$adapterName="DEV"
New-NetIPAddress –IPAddress $availableIP –PrefixLength $cidrMask –InterfaceAlias $adapterName –SkipAsSource $True

PS C:\Windows\system32> New-NetIPAddress –IPAddress $availableIP –PrefixLength $cidrMask –InterfaceAlias $adapterName –SkipAsSource $True
IPAddress : x.x.x.x
InterfaceIndex : 15
InterfaceAlias : PROD
AddressFamily : IPv4
Type : Unicast
PrefixLength : 24
PrefixOrigin : Manual
SuffixOrigin : Manual
AddressState : Tentative
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : True
PolicyStore : ActiveStore

# Attempt to ping DNS1 from the new IP - failure means no ICMP outbound allowed
PS C:\Windows\system32> ping 1.1.1.1 -i x.x.x.x
Pinging 1.1.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 1.1.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

# Set static route. Warning: don't do this unless you really know routing and switching!
$subnet="1.1.1.0"
$cidrMask=24
$ifIndex=15
$nextHop="1.1.1.1"
New-NetRoute -DestinationPrefix "$subnet`/$cidrMask" -InterfaceIndex $ifIndex -NextHop $nextHop
Get-NetRoute

Troubleshooting Issues with Inconsistent Access Certain Websites

1. Establish Baseline

Collect this info when the network is healthy. It should be used as a control factor to compare with deviations of network performance and issues.

H:\>pathping google.com

Tracing route to google.com [172.217.5.110]
over a maximum of 30 hops:
0 Komputer [192.168.1.500]
1 192.168.12.1
2 192.168.255.1
3 47.180.200.1
4 172.102.104.220
5 ae8---0.scr02.lsan.ca.frontiernet.net [74.40.3.49]
6 ae1---0.cbr01.lsan.ca.frontiernet.net [74.40.3.214]
7 74.40.26.254
8 * * *
Computing statistics for 175 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 0 Komputer [192.168.1.500]
0/ 100 = 0% |
1 0ms 0/ 100 = 0% 0/ 100 = 0% 192.168.12.1
0/ 100 = 0% |
2 0ms 0/ 100 = 0% 0/ 100 = 0% 192.168.255.1
0/ 100 = 0% |
3 2ms 2/ 100 = 2% 2/ 100 = 2% 47.180.200.1
0/ 100 = 0% |
4 5ms 1/ 100 = 1% 1/ 100 = 1% 172.102.104.220
0/ 100 = 0% |
5 --- 100/ 100 =100% 100/ 100 =100% ae8---0.scr02.lsan.ca.frontiernet.net [74.40.3.49]
0/ 100 = 0% |
6 5ms 0/ 100 = 0% 0/ 100 = 0% ae1---0.cbr01.lsan.ca.frontiernet.net [74.40.3.214]
1/ 100 = 1% |
7 4ms 1/ 100 = 1% 0/ 100 = 0% 74.40.26.254

Trace complete.
2. Compare to a known problematic URL
H:\>pathping outlook.office.com

Tracing route to SJC-efz.ms-acdc.office.com [52.96.55.194]
over a maximum of 30 hops:
0 Komputer [192.168.1.500]
1 192.168.12.1
2 192.168.255.1
3 47.180.200.1
4 172.102.104.220
5 ae8---0.scr02.lsan.ca.frontiernet.net [74.40.3.49]
6 ae1---0.cbr01.lsan.ca.frontiernet.net [74.40.3.214]
7 ae11-0.lax-96cbe-1a.ntwk.msn.net [207.46.36.168]
8 be-61-0.ibr01.lax03.ntwk.msn.net [104.44.8.104]
9 be-4-0.ibr01.by2.ntwk.msn.net [104.44.4.3]
10 be-5-0.ibr03.by21.ntwk.msn.net [104.44.18.104]
11 ae120-0.icr01.by21.ntwk.msn.net [104.44.22.166]
12 * * *
Computing statistics for 275 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 KDoan-HPZ.corp.vectorusa.com [192.168.13.21]
0/ 100 = 0% |
1 0ms 0/ 100 = 0% 0/ 100 = 0% 192.168.12.1
0/ 100 = 0% |
2 0ms 0/ 100 = 0% 0/ 100 = 0% 192.168.255.1
0/ 100 = 0% |
3 2ms 1/ 100 = 1% 1/ 100 = 1% 47.180.200.1
0/ 100 = 0% |
4 5ms 1/ 100 = 1% 1/ 100 = 1% 172.102.104.220
0/ 100 = 0% |
5 --- 100/ 100 =100% 100/ 100 =100% ae8---0.scr02.lsan.ca.frontiernet.net [74.40.3.49]
0/ 100 = 0% |
6 4ms 0/ 100 = 0% 0/ 100 = 0% ae1---0.cbr01.lsan.ca.frontiernet.net [74.40.3.214]
2/ 100 = 2% |
7 --- 100/ 100 =100% 98/ 100 = 98% ae11-0.lax-96cbe-1a.ntwk.msn.net [207.46.36.168]
0/ 100 = 0% |
8 --- 100/ 100 =100% 98/ 100 = 98% be-61-0.ibr01.lax03.ntwk.msn.net [104.44.8.104]
0/ 100 = 0% |
9 --- 100/ 100 =100% 98/ 100 = 98% be-4-0.ibr01.by2.ntwk.msn.net [104.44.4.3]
0/ 100 = 0% |
10 --- 100/ 100 =100% 98/ 100 = 98% be-5-0.ibr03.by21.ntwk.msn.net [104.44.18.104]
0/ 100 = 0% |
11 13ms 2/ 100 = 2% 0/ 100 = 0% ae120-0.icr01.by21.ntwk.msn.net [104.44.22.166]

Trace complete.

Interpretation:
– There appears is a connection problem between hop 4 (172.102.104.220)and 5 (ae8—0.scr02.lsan.ca.frontiernet.net [74.40.3.49]). However, that could be caused by ping blocking between this client and such node.
– The final hop #11 shows a 2% loss. That indicates reachability with some packet losses. This usually leads to inconsistent accessibility.

Without being able to pin-point a “root cause,” these would be the possibilities for consideration:

  1. External ISP routing issues
  2. Internal multi-paths routing issues

PowerShell: DHCP Server Scope Options Editing

Occasionally, internal DNS server changes as machines are refreshed and/or decommissioned. DHCP servers should also update according to these changes. Here is a PowerShell snippet that will ensure that this task is as painless as possible

# Set global variables
$dhcpServer1="DC01.kimconnect.com"
$dnsDomain="intranet.kimconnect.com"
$router="192.168.1.1"
$dnsClientServerIP1="10.10.10.10"
$dnsClientServerIP2="10.10.10.11"
[System.Collections.ArrayList]$dnsArray = $dnsClientServerIP1,$dnsClientServerIP2 #or convert to Array via method {$dnsArray}.Invoke()
$scopes=(Get-DhcpServerv4Scope).ScopeID.IPAddressToString

# Use this function only if all scopes are using the same DNS Client Server IP addresses
function setStandardizedDns{
foreach ($scope in $scopes){
Set-DhcpServerv4OptionValue -ComputerName $dhcpServer1 -Force -ScopeId $scope -DnsServer $dnsArray -WinsServer $dnsArray # Optional for edits: -DnsDomain $dnsDomain -Router $router
}
}

# Use this function for one-off scopes that have different primary Client DNS Server IP than the standardized $dnsArray
function setUniqueDNS($scopeID,$scopeClientPrimaryDNS){
$thisScope=$scopeID
$thisDnsArray=,$scopeClientPrimaryDNS+$dnsArray
Set-DhcpServerv4OptionValue -ComputerName $dhcpServer1 -ScopeId $thisScope -DnsServer $thisDnsArray -WinsServer $thisDnsArray -Force
}

function setServerDns{
Set-DhcpServerv4OptionValue -ComputerName $dhcpServer1 -DnsServer $dnsArray -WinsServer $dnsArray -DnsDomain $dnsDomain
}

setStandardizedDns;
setServerDns;

PowerShell: Set DNS Servers on Localhost

Display the current DNS Server Entries

PS C:\Users\KimConnect> Get-DnsClientServerAddress

InterfaceAlias Interface Address ServerAddresses
Index Family
-------------- --------- ------- ---------------
Ethernet 2 6 IPv4 {192.168.1.5, 127.0.0.1}
Ethernet 2 6 IPv6 {::1}
Loopback Pseudo-Interface 1 1 IPv4 {}
Loopback Pseudo-Interface 1 1 IPv6 {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}
isatap.{65BFBD6D-9E20-4A2... 7 IPv4 {192.168.1.5, 127.0.0.1}
isatap.{65BFBD6D-9E20-4A2... 7 IPv6 {::1}

Note the Interface indexes and run these commands to set them:

$peerDnsServerIp="192.168.1.10"
Set-DnsClientServerAddress -InterfaceIndex 6 -ServerAddresses ($peerDnsServerIp,"127.0.0.1")
Set-DnsClientServerAddress -InterfaceIndex 7 -ServerAddresses ($peerDnsServerIp,"127.0.0.1")

Domain Controllers with DNS integration should have their DNS Client server  address set as their counterparts to avoid “island” effects. Secondary entry should be their loop-back interface – rather than their routable IPs for increased querying efficiency.

The DNS Client service queries the DNS servers in the following order:

  1. The DNS Client queries the first DNS server on the preferred adapter’s list of DNS servers and waits 1 second.

  2. If the DNS Client receives no response, then it queries to the first DNS servers on All Adapters and waits 2 seconds.

  3. If the DNS Client still receives no responses, it queries all DNS servers on All Adapters and waits another 2 seconds.

  4. If no responses again, it queries to all DNS servers on all adapters and waits 4 seconds.

  5. If void condition persists, the DNS client sends queries to all DNS servers on all adapters and waits 8 seconds for a response.

  6. Finally, the DNS client gives up and curses mother nature.

Overview of Microsoft Azure Networking

Private connections into Azure are either via ExpressRoute (comparable to AWS DirectConnect) or VPN. The former is more expensive than the latter with the benefits of providing an additional layer of security – routing packets through non-public Internet. Here is the run-down of Azure networking with some practical examples.

Virtual Network (VNet)

  • No overlapping subnets
  • Can contain multiple subnets
  • No multicast and broadcast spanning between VNets
  • First 5 IP addresses in any subnets are reserved for Azure
  • IP addresses in VNets are classless; thus, Classless Inter-Domain Routing (CIDR) convention is used (e.g. x.x.x.x/8 or x.x.x.x/29)
  • Peering or Virtual Network Gateway are common practices
  • Private DNS can be set to bypass the default Azure assignment
  • VNet-2-VNet and VNet peering are options to securely joint disparate subnets within Azure

Network Security Group (NSG)

  • uses Access Control List (ACL) to filter traffic. 
  • Default outbound traffic is unrestricted.
  • A typical setup would include two (2) NSGs: (1) to for Backend subnet and (1) for Frontend subnet. 
  • Not application aware (layer 7)
  • 100 rules limit per region
  • Inbound/Outbound rule labels:
    • Service
    • Port range
    • Priority
    • Name
    • Description

Virtual Network Gateway

  • Connects on-prem networks into Azure Vnets
  • Types
    • VPN: uses public routing. 4 SKU’s with speed-based pricing. Basic 100Mbps, VpnGw1 650Mbps, VpnGW2 1Gbps, VpnGW3 1.25Gbps
    • ExpressRoute: uses MPLS circuits, logical dual BGP circuit on layer 3 (requires 2 x x.x.x.x/30 subnets per peer), typical providers are Equinix or Megaport, Azure private peering is matched with tunnel on-prem using BGP
    • Hybrid: Site-2-site and/or Point-2-site
  • Must be connected to an existing VNet
  • Route based: dynamic and most common
  • Policy based: static and does not support IKEv2
  • Site-to-site: supports active-active and active-passive. BGP, Available on SKU VpnGw1 and above
  • Point-to-site: supports only active-passive
  • Limit of 1 gateway per VNet

How to Create VPN Gateway in Azure

Access Azure portal > select Create a resource > Networking Services > choose Local Network Gateway > input sample values in these fields and wait 29 minutes 59 seconds

  • Name: VPN1
  • Address space (local summarized subnets): 
  • Subscription: default
  • Resource group: create if one doesn’t exist
  • Region: US West
  • Type: VPN
  • VPN type: Route based
  • SKU: VpnGw1 (default)
  • VNET: Dev
  • Public IP: Create new
  • IP Name: VPN1_GW
  • Active-active: Disabled
  • BGP: Disabled

How to Create Site-to-site VPN in Azure

Access Azure portal > select Create a resource > Networking Services > Add Connection > fill in the blanks

  • Name: S2S_VPN
  • Connection type: site-to-site
  • Local network gateway > click Create
    • Local_Gateway
    • IP address: x.x.x.x (this is the public IP of the on-prem gateway)
    • Address space: x.x.x.x/CIDR_MASK
    • Shared Key: PSK_somestring
    • RSG: locked

How to Create Point-to-site in Azure

Access Azure portal > select Create a resource > Networking Services > Add Connection > fill in the blanks

  • Name: P2S_VPN
  • Address Pool: x.x.x.x/CIDR_MASK (this is the local subnet)
  • Tunnel Type: Open VPN
  • Auth Type: Azure Cert

How to Create ExpressRoute Gateway

Access Azure portal > select Create a resource > Networking Services > choose Express Route Gateway > input these values

  • Subscription: Default
  • Resource Group: Derived
  • Name: ER_Gateway
  • Region: US West
  • Type: Express Route
  • SKU: Standard
  • VNET: Create new or use existing
  • Virtual Network: ER_VNnet
  • Virtual Network IP: x.x.x.x/CIDR_MASK
  • Public IP: Create new
  • IP Name: ER_Public_IP

How to Create ExpressRoute Circuit

Access Azure portal > Home > Express Route Circuits > fill in the blanks

  • Circuit Name: ExpressRoute
  • Provider: T&TA
  • Peering Location: <blank>
  • Bandwidth: 50Mbps
  • SKU: Standard
  • Billing model: metered
  • Sub: Free Trial
  • Resource Group: Some_RG
  • Location: US West

Cisco Fabric Switch – MDS Zoning Template

<# What this script does:
1. Checks to see if an Internet connection via PowerShell exists, if not fixes it for this session
2. Adds VMware.PowerCLI module if one doesn't already exist in host system
3. Asks for vSphere Administrator credential then checks whether it's valid; then, saves that credential into a XML hash file
4. Connects to each vSphere server as specified in the header section and parse through all hosts that is attached to each cluster
5. Obtains PWWN information of all nodes
6. Skips any node that has certificate issues
7. Displays the nodes for user to chose as an index number
8. Shows an "MDS Template" configuration basing on the user's selection in the step prior
9. Exits the program upon user request
10. Asks the user whether the saved credentials be deleted or retained for future use

What it doesn't do:
1. Does not do anything that's not listed above, including NOT fixing certificate errors in vSphere
2. Does not write to ESXi hosts
3. Does not open a SSH session and automatically commit configurations into MDS switches

How to use it:
1. Copy the entire contents of this into a file onto your desktop with a name such as "mds-script.ps1"
2. Right-click and select "Run with Powershell"
3. Copy the output and paste into your targeted Cisco Nexus Operating System (NX-OS) SAN switches, not sandwiches.

#>

# Header Section: update variables only in these lines
$vSpheres="vCenter01","vCenter02"
$proxy="http://proxy:8080"
$exclusionList="localhost;*.kimconnect.com"
$vsans=("VSAN 10","001","011","111","211","311"),("VSAN 20","002","012","112","212","312")


# Ensure that script is ran in the context of an Administrator
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)

# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
{
# We are running "as Administrator" - so change the title and background color to indicate this
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "Black"
clear-host
}
else
{
# We are not running "as Administrator" - so relaunch as administrator

# Create a new process object that starts PowerShell
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";

# Specify the current script path and name as a parameter
$newProcess.Arguments = $myInvocation.MyCommand.Definition;

# Indicate that the process should be elevated
$newProcess.Verb = "runas";

# Start the new process
[System.Diagnostics.Process]::Start($newProcess);

# Exit from the current, unelevated, process
exit
}

# Put error log in same directory as script
$scriptName=$MyInvocation.MyCommand.Path
$scriptPath=(Get-Item -Path ".\").FullName
$errorLogPath=($scriptPath+"\$scriptName`_Errors.txt")

function checkProxy{
try{
$connectionTest=iwr download.microsoft.com
#$connectionSucceeds=Test-NetConnection -Computername download.microsoft.com -Port 443 -InformationLevel Quiet
if ($connectionTest){
return $True;
}
}
catch{
return $False
}
}

function fixProxy{
# Check if proxy is enabled on the system and fix it
$proxyKey=(Get-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings")
if ($proxyKey.ProxyEnable){
# Set http proxy for browsers
Set-Itemproperty -path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name 'ProxyServer' -value $proxy

# Set winhttp proxy for PowerShell
netsh winhttp set proxy $proxy $exclusionList

[system.net.webrequest]::defaultwebproxy = New-Object system.net.webproxy($proxy)
[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
}

if (checkProxy){
"Proxy is now good to go..."
}
else{
"Proxy problems..."
break;
}
}

if(!(checkProxy)){"Internet issues detected. Fixing now..."; fixProxy;}

# Set PowerShell Gallery as Trusted to bypass prompts
$trustPSGallery=(Get-psrepository -Name 'PSGallery').InstallationPolicy
If($trustPSGallery -ne 'Trusted'){
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted -Confirm:$false
}

# Include the required WMWare PowerCLI module from the PowerShell Gallery
if (!(Get-InstalledModule -Name VMware.PowerCLI)) {

Install-Module -Name VMware.PowerCLI -AllowClobber -Force; #Warning: this module will clobber some commmands from Microsoft SQL PowerShell module

# Ignore cert errors and other messages
Set-PowerCLIConfiguration -ParticipateInCeip $False -Confirm:$False;
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$False;
}
else{
# Ignore cert errors and other messages
Set-PowerCLIConfiguration -ParticipateInCeip $False -Confirm:$False;
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$False;
cls;
}

<#
# Check if proxy is enabled, then assign the proper proxy server
if((Get-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings").ProxyEnable) {
Set-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ProxyServer -value $proxy
$PSDefaultParameterValues = @{ "*:Proxy"=$proxy}}
#>

<#
# Future development:
# function validateAdmin
# function checkIfRecordsExist
# Apply script to targets
#>


# Save Credentials into XML file for future use
$domain=$env:USERDOMAIN
$goodCredential=$False
$credentialsFolder="$scriptPath\Credentials"
$credentialsFolderExists=[System.IO.Directory]::Exists($credentialsFolder)
if(!($credentialsFolderExists)){mkdir $credentialsFolder;}

# Obtain username to check whether such credential has been saved prior
$user=(Read-Host -Prompt 'Input a vSphere Administrator Username');
$credentialFile="$credentialsFolder\"+"$user`.clixml"
$credentialFileExists=[System.IO.File]::Exists($credentialFile)
if(!($credentialFileExists)){
"This credential has not been saved previously.";
$GLOBAL:reaskUsername=$False;
$goodCredential=$False;
}

function getCredential{
if ($reaskUsername){
$GLOBAL:user=(Read-Host -Prompt 'Input a vSphere Administrator Username');
}
$GLOBAL:credentialFile="$credentialsFolder\"+"$user`.clixml"
$userID = "$domain\"+"$user"
$securedValue = (Read-Host -AsSecureString -Prompt "Input the password for account $userID")
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue))
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$GLOBAL:cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userID,$pass
$GLOBAL:credentialFile="$credentialsFolder\"+"$user`.clixml"
$GLOBAL:credentialFileExists=[System.IO.File]::Exists($credentialFile)
}

function testCredential{
$connection=connect-viserver $vSpheres[0] -Protocol https -Credential $cred -ErrorAction SilentlyContinue
if($connection -eq $null) {
write-host "No connected servers or credential doesnt work."
$GLOBAL:goodCredential=$false;
$GLOBAL:reaskUsername=$True;
}
else{
#"Credential works. Thus, it has been saved at $credentialFile for future use."
Disconnect-VIServer -Server $global:DefaultVIServers -Force -Confirm:$false
cls;
$cred | Export-Clixml $credentialFile;
#$GLOBAL:goodCredential=$True;
break;
}
}

if(!($credentialFileExists)){
# Test credential and reprompt if it doesn't work
while ($goodCredential -eq $False){
getCredential;
testCredential;
}
}

function selectRecord{
$display
$count=$collection.count-1

# Require user input with a loop
$index="";
while ($index.ToLower() -ne "exit"){
try {
[string]$index=Read-Host -Prompt "Please type the index number from 0 to $count`. To Exit, type 'exit' or press Ctrl+C";
if ($index.ToLower() -eq "exit"){break;}
if ([int]$index -gt $count -or [int]$index -lt 0){
"Please pick a number within the range of 0 to $count";
}
else{
generateScript $collection[$index];
}
}
catch {
#$_.Exception.Message;
}
}#end while
}

function vConnect ($vCenterName,$credential) {

#Connect-Viserver $vCenterName -Credential $cred
$hosts=Connect-Viserver $vCenterName -Protocol https -Credential $credential -ErrorAction SilentlyContinue
if($hosts -eq $null) {
# Newer version of PowerCLI doesn't work with vCenter 5.5; thus PowerCLI 6.5R1 is required
"Unable to connect to $vCenterName. That vSphere and its associated clusters scanning have been skipped...";
$GLOBAL:skip = $True;
}
else{
"Scanning $vCenterName..."
$GLOBAL:skip = $False;
}
}

function retrieveRecords{
$records=@()

# Ensure that TLS 1.2 is used
[Net.ServicePointManager]::Expect100Continue = $true;
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

$cred=(Import-clixml $credentialFile)

try{
foreach ($vSphere in $vSpheres){
try{
#Connect-VIServer -Server $vSphere -Protocol https -credential $cred
vConnect $vSphere $cred

if (!($skip)){
$GLOBAL:esxHosts = Get-VMHost # All hosts connected in vCenter
foreach ($esx in $esxHosts){
$hbas = Get-VMHostHba -VMHost $esx -Type FibreChannel
$esxName=($esx.Name -split '\.')[0]

$portNames=@()
$record=@()

foreach ($hba in $hbas){
$wwpn = ("{0:x}" -f $hba.PortWorldWideName) -replace '..(?!$)', '$&:'
#$wwnn = ("{0:x}" -f $hba.NodeWorldWideName) -replace '..(?!$)', '$&:'
#$portNames += $wwnn,$wwpn
$portNames += $wwpn
}
$record += @($esxName,@($portNames))
$records+=,@($record)
}
Disconnect-VIServer -Server $global:DefaultVIServers -Force -Confirm:$false
}

}
catch{continue;}
}
} #closure of try
catch{
$errorMsg = (Get-Date -Format g)+": "+ $_.Exception.Message
$errorMsg
# Add-Content $errorLogPath $errorMsg
# "There was an error, and the log is updated at this location: '$errorLogPath'."
Break;
}
finally{
$count=$records.count
$show="`n--------------------------------------------------`nThere are $count ESXi hosts with HBA connection records: `n--------------------------------------------------`n"
for ($row=0;$row -le $records.count-1;$row++){
$server=$records[$row][0]
$show += "$row" + ": " + "$server" + "`n"
}
}
$GLOBAL:collection=$records
$GLOBAL:display=$show
}

function generateScript($item){
$output=""
$hostName=$item[0]
$wppns=$item[1]
# $firstChars=(-join ($hostName.ToCharArray() | Select-Object -First 2)).ToUpper()
$firstChars=[string]$hostName.Substring(0,2)


for ($i=0;$i -le $specialConfigs.count-1; $i++){
if ($firstChars -eq $SpecialConfigs[$i][0]){
$writeConfig=$specialConfigs[$i][1];
}
}

<#
Note: This is for an environment without iSCSI
vmhba0 is the internal Smart Array controller; this its PWWN shall not be used to configure the Cisco SAN switches.
vmhba64 is associated with VSAN10 and vmhba65 with VSAN20.
#>
"`n############################# Configuration Script for $($hostName.ToString().ToUpper()) ########################################"
foreach ($vsan in $vsans) {
$firstElement=$vsan[0]
$secondElement=$vsan[1]
$thirdElement=$vsan[2]
$fourthElement=$vsan[3]
$fifthElement=$vsan[4]
$sixthElement=$vsan[5]

# There should be 2 items in the wppns array: first item will associate with VSAN 10, and second with VSAN 20
if($firstElement -eq "VSAN 10"){$thisWPPN=$wppns[0];}
else{$thisWPPN=$wppns[1];}

# Different versions of firmware may require varying last commit lines
Switch ($firstChars){
"mp"{$lastLines="copy running-config startup-config`ny"}
"lp"{$lastLines="zone commit $firstElement`ncopy running-config startup-config fabric"}
"rp"{$lastLines="copy running-config startup-config`ny"}
}

# The first characters of hostname will correspond to its regional 3PAR SAN storage name
$sanName="h3pss001"
Switch ($firstChars){
"mp"{$sanName="mp"+"$sanName"+"_";}
"lp"{$sanName="lp"+"$sanName"+"_";}
"rp"{$sanName="mp"+"$sanName"+"_";}
}

$output += "
##################################################################################################################################
######### SAN Name: $sanName`: $firstElement #########
config t

fcalias name $hostName`_"+"$secondElement $firstElement
member pwwn $thisWPPN
exit

zone name $hostName`_"+"$secondElement`-$sanName"+"$thirdElement $firstElement
member fcalias $hostName`_"+"$secondElement
member fcalias $sanName"+"$thirdElement
exit

zone name $hostName`_"+"$secondElement`-$sanName"+"$fourthElement $firstElement
member fcalias $hostName`_"+"$secondElement
member fcalias $sanName"+"$fourthElement
exit

zone name $hostName`_"+"$secondElement`-$sanName"+"$fifthElement $firstElement
member fcalias $hostName`_"+"$secondElement`
member fcalias $sanName"+"$fifthElement
exit

zone name $hostName`_"+"$secondElement`-$sanName"+"$sixthElement $firstElement
member fcalias $hostName`_"+"$secondElement`
member fcalias $sanName"+"$sixthElement
exit

zoneset name ZoneSet01 $firstElement
member $hostName`_"+"$secondElement`-$sanName"+"$thirdElement
member $hostName`_"+"$secondElement`-$sanName"+"$fourthElement
member $hostName`_"+"$secondElement`-$sanName"+"$fifthElement
member $hostName`_"+"$secondElement`-$sanName"+"$sixthElement
exit

zoneset activate name ZoneSet01 $firstElement
$lastLines

### Useful show commands #########################################################################################################
# show zoneset | inc '$hostName' # To check zonesets for matches of the new servername
# show zoneset active | inc '$thisWPPN' # To check active zoneset for matches of a specific wppn
# show flogi database | inc '$thisWPPN' # To show the Fabric Login database for matches of a specific wppn
# show fcalias name $hostName`_"+"$secondElement $firstElement # To check VSAN 10 for any entries of the specific fcalias
# show fcalias $firstElement # To display the long output of all VSAN 10 configs. Useful to perform verification holistically
##################################################################################################################################
"
}
$output
selectRecord
}

function askRemoveCredential{
$GLOBAL:cleanCred=Read-Host -Prompt "`nRecords have been retrieved using a saved credential on this computer. Would you like to remove that credential file now? 'Yes' or 'No'"
if ($cleanCred.ToLower() -eq 'yes' -or $cleanCred.ToLower() -eq 'y' ){
Remove-Item -path $credentialFile;
}
}

retrieveRecords
askRemoveCredential
selectRecord

Output:

PS C:\Scripts> C:\Scripts\MDS-Zoning.ps1
Input the Admin Username: kim

Name Port User
---- ---- ----
vcenter01.kimconnect.com 443 KIMCONNECT\kim

--------------------------------------------------
There are 8 ESXi hosts with HBA connection records:
--------------------------------------------------
0: irv-esxi02b
1: irv-esxi01b
2: aws-esxi01c
3: irv-esxi01d
4: irv-esxi02d
5: irv-esxi01a
6: irv-esxi02a
7: irv-esxi03a

Please type the index number corresponding to the desired ESXi Host to generate a MDS Zoning Configuration template.
To end program, please type 'exit' and press [Enter]: 1

############################# Configuration Script for irv-ESXI01B #############################

##############################################################
## VSAN01 ##
config t

fcalias name irv-esxi01b_001 VSAN01
member pwwn 88:88:88:88:4e:d0:00:20
exit

zone name irv-esxi01b_001-fl-3par01_011 VSAN01
member fcalias irv-esxi01b_001
member fcalias fl-3par01_011
exit

zone name irv-esxi01b_001-fl-3par01_111 VSAN01
member fcalias irv-esxi01b_001
member fcalias fl-3par01_111
exit

zone name irv-esxi01b_001-fl-3par01_211 VSAN01
member fcalias irv-esxi01b_001
member fcalias fl-3par01_211
exit

zone name irv-esxi01b_001-fl-3par01_311 VSAN01
member fcalias irv-esxi01b_001
member fcalias fl-3par01_311
exit

zoneset name ZoneSet01 VSAN01
member irv-esxi01b_001-fl-3par01_011
member irv-esxi01b_001-fl-3par01_111
member irv-esxi01b_001-fl-3par01_211
member irv-esxi01b_001-fl-3par01_311
exit

zoneset activate name ZoneSet01 VSAN01
copy running-config startup-config
show fcalias VSAN01

### Useful show commands ###
# show fcalias vsan VSAN01
# show zoneset active
# show flogi database | inc '88:88:88:88:4e:d0:00:20'
##############################################################

##############################################################
## VSAN02 ##
config t

fcalias name irv-esxi01b_002 VSAN02
member pwwn 88:88:88:88:4e:d0:00:22
exit

zone name irv-esxi01b_002-fl-3par01_012 VSAN02
member fcalias irv-esxi01b_002
member fcalias fl-3par01_012
exit

zone name irv-esxi01b_002-fl-3par01_112 VSAN02
member fcalias irv-esxi01b_002
member fcalias fl-3par01_112
exit

zone name irv-esxi01b_002-fl-3par01_212 VSAN02
member fcalias irv-esxi01b_002
member fcalias fl-3par01_212
exit

zone name irv-esxi01b_002-fl-3par01_312 VSAN02
member fcalias irv-esxi01b_002
member fcalias fl-3par01_312
exit

zoneset name ZoneSet01 VSAN02
member irv-esxi01b_002-fl-3par01_012
member irv-esxi01b_002-fl-3par01_112
member irv-esxi01b_002-fl-3par01_212
member irv-esxi01b_002-fl-3par01_312
exit

zoneset activate name ZoneSet01 VSAN02
copy running-config startup-config
show fcalias VSAN02

### Useful show commands ###
# show fcalias vsan VSAN02
# show zoneset active
# show flogi database | inc '88:88:88:88:4e:d0:00:22'
##############################################################


--------------------------------------------------
There are 8 ESXi hosts with HBA connection records:
--------------------------------------------------
0: irv-esxi02b
1: irv-esxi01b
2: aws-esxi01c
3: irv-esxi01d
4: irv-esxi02d
5: irv-esxi01a
6: irv-esxi02a
7: irv-esxi03a

Please type the index number corresponding to the desired ESXi Host to generate a MDS Zoning Configuration template.
To end program, please 'exit' and press [Enter]: exit
Program Exited.

Cisco VSAN: MDS Zoning Configuration for ESXi Host – Step by Step

Step 1: gather information

A. VSAN Nodes

Each site shall have two sets of MDS Switching fabrics. In our case, we are targeting the Florida data center that hosts FL-FABRICA and FL-FABRICB that are dedicated to VSAN 10 & VSAN 20, respectively. Each fabric may consist of multiple switches of various generations being chained together using specialized cables [to connect the back-planes]. Our use-case also includes a 3PAR branded SAN storage array with four (4) controllers. Each controller carries one (1) fiber optic connection toward FL-FABRICA, and one (1) toward FL-FABRICB. Thus, there are eight (8) paths from the SAN fabrics to reach the 3PAR SAN. Below are the IP addresses of these devices.

  • FL-FABRICA: 10.10.8.1
  • FL-FABRICB: 10.10.8.2
  • FL-3PAR01: 10.10.10.1
B. Host to Fabric Connections

Before starting any configuration, it’s important to verify physical connections between a newly installed ESXi host toward each of the switching fabric. In this example, FL-ESX007 HBA port 1 is plugged into FABRIC-A fiber channel 4 port 1 (fabric-a fc4/1), and FL-ESX007 HBA port 2 is attached to FABRIC-B fiber channel 4 port 1 (fabric-b fc4/1). Here is the illustration.

FL-ESX007 HBA port 1 <==1 connection==> fabric-a fc4/1 <==4 connections==> FL-3PAR01
FL-ESX007 HBA port 2 <==1 connection==> fabric-b fc4/1 <==4 connections==> FL-3PAR01
C. Use Configuration Template to Generate Configs and Review for Accuracy

This can be done with a PowerShell Script here. You’re welcome.

############################# Configuration Script for FL-ESX007 #############################

##############################################################
## FL-FABRICA : VSAN 10 ##
config t

fcalias name fl_esx007_001 VSAN 10
member pwwn xx:xx:xx:xx:xx:xx:xx:xx
exit

zone name fl_esx007_001-fl_3par01_011 VSAN 10
member fcalias fl_esx007_001
member fcalias fl_3par01_011
exit

zone name fl_esx007_001-fl_3par01_111 VSAN 10
member fcalias fl_esx007_001
member fcalias fl_3par01_111
exit

zone name fl_esx007_001-fl_3par01_211 VSAN 10
member fcalias fl_esx007_001
member fcalias fl_3par01_211
exit

zone name fl_esx007_001-fl_3par01_311 VSAN 10
member fcalias fl_esx007_001
member fcalias fl_3par01_311
exit

zoneset name ZoneSet01 VSAN 10
member fl_esx007_001-fl_3par01_011
member fl_esx007_001-fl_3par01_111
member fl_esx007_001-fl_3par01_211
member fl_esx007_001-fl_3par01_311
exit

zoneset activate name ZoneSet01 VSAN 10
copy running-config startup-config fabric

########################################################
##############################################################
## FL-FABRICB : VSAN 20 ##
config t

fcalias name fl_esx007_002 VSAN 20
member pwwn xx:xx:xx:xx:xx:xx:xx:xx
exit

zone name fl_esx007_002-fl_3par01_012 VSAN 20
member fcalias fl_esx007_002
member fcalias fl_3par01_012
exit

zone name fl_esx007_002-fl_3par01_112 VSAN 20
member fcalias fl_esx007_002
member fcalias fl_3par01_112
exit

zone name fl_esx007_002-fl_3par01_212 VSAN 20
member fcalias fl_esx007_002
member fcalias fl_3par01_212
exit

zone name fl_esx007_002-fl_3par01_312 VSAN 20
member fcalias fl_esx007_002
member fcalias fl_3par01_312
exit

zoneset name ZoneSet01 VSAN 20
member fl_esx007_002-fl_3par01_012
member fl_esx007_002-fl_3par01_112
member fl_esx007_002-fl_3par01_212
member fl_esx007_002-fl_3par01_312
exit

zoneset activate name ZoneSet01 VSAN 20
copy running-config startup-config fabric

##############################################################

Step 2: Perform the Configuration

SSH into FL-FABRICA
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2018, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Before going any further, it’s important to confirm that FL-FABRICA is connected to FL-3PAR01

FL-FABRICA# show fcalias | inc 'fl_3par01'
fcalias name fl_3par01_011 vsan 10
fcalias name fl_3par01_111 vsan 10
fcalias name fl_3par01_211 vsan 10
fcalias name fl_3par01_311 vsan 10

The result above shows that there are four (4) paths to fl_3par01 (note: we use lowercase names in Cisco configs as a standard). Run the same command without filter to check pwwn associations of the FL-3PAR01 SAN. Be advised that this list will most likely be long. Have patience in the manual process of scanning through the values to derive at the desired information.

fabric-a(config)# show fcalias
-- Truncated for brevity --
-- Many records omitted --
fcalias name fl_3par01_011 vsan 10
pwwn xx:xx:xx:xx:xx:xx:xx:xx

fcalias name fl_3par01_111 vsan 10
pwwn xx:xx:xx:xx:xx:xx:xx:xx

fcalias name fl_3par01_211 vsan 10
pwwn xx:xx:xx:xx:xx:xx:xx:xx

fcalias name fl_3par01_311 vsan 10
pwwn xx:xx:xx:xx:xx:xx:xx:xx

Next, check for interface statuses with the focus of verifying port fiber channel 4/1

FL-FABRICA# show interface br
-------------------------------------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
-------------------------------------------------------------------------------
fc4/1 10 FX on down swl F 8 --
fc4/2 1 FX on up swl F 8 --
fc4/3 10 FX on up swl F 8 --
-- Truncated for brevity --

-------------------------------------------------------------------------------
Interface Status Speed
(Gbps)
-------------------------------------------------------------------------------
sup-fc0 up 1

-------------------------------------------------------------------------------
Interface Status IP Address Speed MTU
-------------------------------------------------------------------------------
vsan1 down -- 1 Gbps 1500
vsan10 up -- 1 Gbps 1500

-------------------------------------------------------------------------------
Interface Status IP Address Speed MTU
-------------------------------------------------------------------------------
mgmt0 up 10.10.8.1/24 1 Gbps 1500

If the target interface status is down (shutdown mode), then it will be necessary to change it to up (no shutdown mode) so that the directly attached HBA’s WWPN would register with the MDS fabric.

FL-FABRICA# conf t
Enter configuration commands, one per line. End with CNTL/Z.
FL-FABRICA(config)# int fc4/1
FL-FABRICA(config-if)# no shut
FL-FABRICA(config-if)# exit
FL-FABRICA(config)# exit

Check for Port Name (WWPN) association toward interfaces

# Checking the specific interface fc4/1
FL-FABRICA# show flogi database | inc 'fc4/1'
fc4/1 1 0xc70100 10:00:d0:67:xx:xx:xx:xx 20:00:d0:67:xx:xx:xx:xx
# Checking all interface associations
FL-FABRICA# show flogi database
--------------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
--------------------------------------------------------------------------------
fc4/1 10 0x8c0000 20:11:00:02:xx:xx:xx:xx 2f:f7:00:02:xx:xx:xx:xx
-- Truncated for brevity --
sup-fc0 10 0x8c0dc0 10:00:00:0d:xx:xx:xx:xx 20:00:00:0d:xx:xx:xx:xx

Total number of flogi = 109.

Check to see whether fl_esx007 has been configured on this MDS fabric.

fabric-a# show zoneset active | inc 'fl-esx007'
zone name fl_esx007_001-ca_3par01_011 vsan 10
zone name fl_esx007_001-ca_3par01_111 vsan 10
zone name fl_esx007_001-ca_3par01_211 vsan 10
zone name fl_esx007_001-ca_3par01_311 vsan 10

The result above indicates that zoneset associations for node fl_esx007 port 001 (a host in Florida) has been incorrectly configured with ca_3par01 (a MDS fabric in California). Thus, it will be necessary to delete these zones as a precursor to starting over.

FL-FABRICA# conf t
Enter configuration commands, one per line. End with CNTL/Z.
FL-FABRICA(config)# no zone name fl_esx007_001-ca_3par01_011 vsan 10
FL-FABRICA(config)# no zone name fl_esx007_001-ca_3par01_111 vsan 10
FL-FABRICA(config)# no zone name fl_esx007_001-ca_3par01_211 vsan 10
FL-FABRICA(config)# no zone name fl_esx007_001-ca_3par01_311 vsan 10
FL-FABRICA(config)# exit
FL-FABRICA#

Check to see whether WWPN has been associated with VSAN 10

FL-FABRICA# show fcalias vsan 10 | inc '10:00:ba:4e:xx:xx:xx:xx'
pwwn 10:00:ba:4e:xx:xx:xx:xx

The result above shows that FL-ESX007 WWPN has been configured to associate with VSAN 10. Thus, a repeat of re-association is unnecessary. For purposes of demonstration, we shall apply the prepared MDS Zoning template as shown in step 1C to observe any anomalies.

FL-FABRICA# config t
Enter configuration commands, one per line. End with CNTL/Z.
FL-FABRICA(config)# fcalias name fl_esx007_001 VSAN 10
FL-FABRICA(config-fcalias)# member pwwn 10:00:ba:4e:4e:d0:00:24
Duplicate member
FL-FABRICA(config-fcalias)# exit
FL-FABRICA(config)# zone name fl_esx007_001-fl_3par01_011 VSAN 10
FL-FABRICA(config-zone)# member fcalias fl_esx007_001
FL-FABRICA(config-zone)# member fcalias fl_3par01_011
FL-FABRICA(config-zone)# exit
FL-FABRICA(config)# zone name fl_esx007_001-fl_3par01_111 VSAN 10
FL-FABRICA(config-zone)# member fcalias fl_esx007_001
FL-FABRICA(config-zone)# member fcalias fl_3par01_111
FL-FABRICA(config-zone)# exit
FL-FABRICA(config)#
FL-FABRICA(config)# zone name fl_esx007_001-fl_3par01_211 VSAN 10
FL-FABRICA(config-zone)# member fcalias fl_esx007_001
FL-FABRICA(config-zone)# member fcalias fl_3par01_211
FL-FABRICA(config-zone)# exit
FL-FABRICA(config)#
FL-FABRICA(config)# zone name fl_esx007_001-fl_3par01_311 VSAN 10
FL-FABRICA(config-zone)# member fcalias fl_esx007_001
FL-FABRICA(config-zone)# member fcalias fl_3par01_311
FL-FABRICA(config-zone)# exit
FL-FABRICA(config)#
FL-FABRICA(config)# zoneset name ZoneSet01 VSAN 10
FL-FABRICA(config-zoneset)# member fl_esx007_001-fl_3par01_011
FL-FABRICA(config-zoneset)# member fl_esx007_001-fl_3par01_111
FL-FABRICA(config-zoneset)# member fl_esx007_001-fl_3par01_211
FL-FABRICA(config-zoneset)# member fl_esx007_001-fl_3par01_311
FL-FABRICA(config-zoneset)# exit
FL-FABRICA(config)#
FL-FABRICA(config)# zoneset activate name ZoneSet01 VSAN 10
Zoneset activation initiated. check zone status
FL-FABRICA(config)# copy running-config startup-config
[########################################] 100%
Copy complete.

Verify that FL-ESX007 has been associated with FL-3PAR01

fabric-a(config)# show zoneset active | inc 'rpsesxi02b'
zone name fl_esx007_001-fl_3par01_011 vsan 10
zone name fl_esx007_001-fl_3par01_111 vsan 10
zone name fl_esx007_001-fl_3par01_211 vsan 10
zone name fl_esx007_001-fl_3par01_311 vsan 10

fabric-a(config)# show zoneset active | inc 'rpsesxi02b_001-mph3pss001'
zone name fl_esx007_001-fl_3par01_011 vsan 10
zone name fl_esx007_001-fl_3par01_111 vsan 10
zone name fl_esx007_001-fl_3par01_211 vsan 10
zone name fl_esx007_001-fl_3par01_311 vsan 10

To view additional details, run the same command without filtering. Scroll toward the bottom of the output to view the latest entries

fabric-a(config)# show zoneset active
zoneset name Default_zoneset vsan 1
zone name Default_zone vsan 1
pwwn 50:01:43:80:xx:xx:xx:xx
pwwn 50:0a:09:84:xx:xx:xx:xx
pwwn 50:0a:09:84:xx:xx:xx:xx
-- Truncated for brevity --
-- Many records omitted --
zoneset name ZoneSet01 vsan 10
-- Truncated for brevity --
-- Many records omitted --
zone name fl_esx007_001-fl_3par01_011 vsan 10
* fcid 0x8c0000 [pwwn 20:11:00:02:xx:xx:xx:xx]
* fcid 0x8c1999 [pwwn 10:00:ba:4e:xx:xx:xx:xx]

zone name fl_esx007_001-fl_3par01_111 vsan 10
* fcid 0x8c0001 [pwwn 21:11:00:02:xx:xx:xx:xx]
* fcid 0x8c9999 [pwwn 10:00:ba:4e:xx:xx:xx:xx]

zone name fl_esx007_001-fl_3par01_211 vsan 10
* fcid 0x8c0002 [pwwn 22:11:00:02:xx:xx:xx:xx]
* fcid 0x8c9999 [pwwn 10:00:ba:4e:xx:xx:xx:xx]

zone name fl_esx007_001-fl_3par01_311 vsan 10
* fcid 0x8c0003 [pwwn 23:11:00:02:xx:xx:xx:xx]
* fcid 0x8c9999 [pwwn 10:00:ba:4e:xx:xx:xx:xx]

This is the final verification that the four paths are active as indicated by the asterisks “*” signs

fabric-a# show zoneset active | inc '10:00:da:3c:7b:00:00:00'
* fcid 0x0b0085 [pwwn 10:00:da:3c:7b:00:00:00]
* fcid 0x0b0085 [pwwn 10:00:da:3c:7b:00:00:00]
* fcid 0x0b0085 [pwwn 10:00:da:3c:7b:00:00:00]
* fcid 0x0b0085 [pwwn 10:00:da:3c:7b:00:00:00]

Summary of useful show commands

### Useful show commands ###
# show fcalias vsan 10 # Displays the long output of all VSAN 10 configs
# show zoneset active | inc '10:00:da:3c:7b:00:00:00' # Checks active zoneset for matches of a specific wppn
# show flogi database | inc '10:00:da:3c:7b:00:00:00' # Shows the Fabric Login database for matches of a specific wppn
# show zoneset | inc 'fl_esx007' # Check zonesets for matches of the new servername config
# show fcalias name fl_esx007_001 VSAN 10 # Check VSAN 10 for any entries of the specific fcalias

The asterisk symbol next to Fiber Channel ID (fcid) indicates that the connection is active. The newly configured zones should have their PWWN set as active. Also, the fcid 0x8c1999 [pwwn 10:00:ba:4e:xx:xx:xx:xx] must match the fcalias name fl_3par01_011 vsan 10 record gathered at the initiation step of this configuration procedure. Once these two things established, we may reasonably assume that the networking portion of ESX to SAN connectivity is “good to go” for ESXi HBA Port 1 of 2.

ESXi HBA Port 2 of 2 configuration would just be a repeat of “Step 2” (this section).

Configuring Virtual Storage Area Networks (VSANs)

NX-OS Overview

Source: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/clibook/dpvm.html

Storage Area Network (SAN) has been around for ages. During the early days, physical SANs are used to separate SAN traffic of different requirements, and from isolating storage traffic from users traffic. Moreover, the idea is to segregate access to LUN targets of different groups such as separating Accounting data from Marketing or marking bandwidths between disparate VMWare ESXi host bus adapters (HBAs).

Recently, Virtual SANs (VSANs) have been a standard of practice, whereby multiple SANs are configured within a set of VSAN capable switches. Another way to understand this concept is use switches that can assign VSAN traffic per port instead of per switch.

Within a VSAN, Zones can be configured. Zones are always contained within a single VSAN and will not span between VSANs. These are useful as labeling targets by the node name for administering and troubleshooting purposes. Furthermore, multiple zones can be grouped together as a zone set.

For the purpose of this article, VMWare VSAN is out of scope of the document. There are design considerations of that technology that is very different from a Cisco implementation. Hence that topic could be covered in another essay.

By design:

– A SAN does not provide file abstraction, only block-level operations
– SAN does not operate on TCP/IP; thus, its blocks contain less overhead compared to TCP/IP packets.
– VSAN 1 should not be used for production
– VSAN 4094 is called isolated VSAN. Its purpose is to host interface members of deleted VSANs and to act as a default holder for non-trunking ports
– User VSANs range from 2 to 4093

This statement displays interfaces that are not configured with a user-defined VSAN

IRV-SAN-SW01# show vsan 4094 membership
vsan 4094(isolated_vsan) interfaces:
[empty]

Creating a VSAN

config t #enter config mode
vsan database #enter vsan database edit mode
vsan 10 #use vsan 10
vsan 10 name VSAN10 #name it
end #exit config mode

Assigning Ports to VSAN

config t
vsan database
vsan 10
vsan 10 interface fc1/1 #set fiber channel module 1 slot 1 as member of vsan 10
end

Load Balancing

config t
vsan database
vsan 10
vsan 10 loadbalancing src-dst-ox-id #using sourceID, destID, and OX_ID(default) in selection process
# vsan 10 loadbalancing src-dst-id #only using source and destination ID in selection process
end

Check Load Balancing Config

IRV-SAN-SW01# show vsan 10
vsan 10 information
name:VSAN0010 state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:up

Dynamic Port VSAN Membership (DPVM)

Enabling DPVM

config t
feature dpvm

DPVM has “autolearn” features that will sense device pWWNs being connected F ports (FL ports are unsupported) and populate its database

Enabling Auto-Learn

config t
dpvm auto-learn

Display association between interfaces, VSAN numbers, and Port Names:

IRV-SAN-SW01# show flogi database
--------------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
--------------------------------------------------------------------------------
fc1/2 10 dddd dd:dd:dd:dd:dd:dd:dd:dd dd:dd:dd:dd:dd:dd:dd:dd
fc1/2 10 ...Information ommitted...
fc2/7 1

Enable Name Server Proxies:

config t
fcns proxy-port 00:00:00:00:00:00:00:xx vsan 10 #Configures a proxy port for the specified VSAN.

Rejecting Duplication pWWNs to ensure integrity of existing pWWN in the database. This overrides the default behavior.

config t
fcns reject-duplicate-pwwn vsan 10

Display Name Server Database Statistical Information

IRV-SAN-SW01# show fcns database

VSAN 1:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x8301a0 N ..Information Omitted.. (HP) scsi-fcp:target

Total number of entries = 1

VSAN 10:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0xxxxxxx N ..Information Omitted.. scsi-fcp:target
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (Emulex) scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init 248
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init
0xxxxxxx N ..Information Omitted.. scsi-fcp:init 248
0xxxxxxx N ..Information Omitted.. scsi-fcp:target
0xxxxxxx N ..Information Omitted.. scsi-fcp:target
0xxxxxxx N ..Information Omitted.. scsi-fcp:target
0xxxxxxx N ..Information Omitted.. scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (NetApp) scsi-fcp:init 248
0xxxxxxx N ..Information Omitted.. (NetApp) scsi-fcp:init 248
0xxxxxxx N ..Information Omitted.. (Emulex) scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (Emulex) scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (Emulex) scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (Emulex) scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (Emulex) ipfc scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (Emulex) scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (Cisco) npv
0xxxxxxx N ..Information Omitted.. (Emulex) scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (Cisco) npv
0xxxxxxx N ..Information Omitted.. (Cisco) npv
0xxxxxxx N ..Information Omitted.. (Cisco) npv
0xxxxxxx N ..Information Omitted.. (Cisco) npv
0xxxxxxx N ..Information Omitted.. (Emulex) scsi-fcp:init
0xxxxxxx N ..Information Omitted.. (Cisco) npv
0xxxxxxx N ..Information Omitted.. (Cisco) npv
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target
0xxxxxxx N ..Information Omitted.. (HP) scsi-fcp:target

Total number of entries = 47

Fabric-Device Management Interface (FDMI) can display this information about attached HBAs:

  • Manufacturer, model, and serial number
  • Node name and node symbolic name
  • Hardware, driver, and firmware versions
  • Host operating system (OS) name and version number
IRV-SAN-SW01# show fdmi database
Registered HBA List for VSAN 10
xx:xx:xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx:xx:xx
IRV-SAN-SW01# show fdmi database detail
Registered HBA List for VSAN 10
-------------------------------
HBA-ID: ..Information Omitted..
-------------------------------
Node Name :..Information Omitted..
Manufacturer :QLogic Corporation
Serial Num :U15309
Model :QLE2562
Model Description:PCI-Express Dual Channel 8Gb Fibre Channel HBA
Hardware Ver :
Driver Ver :8.05.00.03.06.0-k
ROM Ver :0.00
Firmware Ver :8.04.00 (9095)
Port-id: xx:xx:xx:xx:xx:xx:xx:xx
Supported FC4 types:scsi-fcp
Supported Speed :1G 2G 4G
Current Speed :Unknown
Maximum Frame Size :2048
OS Device Name :qla2xxx
-------------------------------
HBA-ID: ..Information Omitted..
-------------------------------
Node Name :..Information Omitted..
Manufacturer :QLogic Corporation
Serial Num :P11473
Model :QLE2662
Model Description:QLogic QLE2662 Dual Port FC16 HBA
Hardware Ver :
Driver Ver :8.05.00.03.06.0-k
ROM Ver :0.00
Firmware Ver :8.04.00 (d0d5)
Port-id: xx:xx:xx:xx:xx:xx:xx:xx
Supported FC4 types:scsi-fcp
Supported Speed :1G
Current Speed :Unknown
Maximum Frame Size :2048
OS Device Name :qla2xxx

Display registering devices

VSAN01# show rscn scr-table vsan 10

SCR table for VSAN: 10
---------------------------------------------
FC-ID REGISTERED FOR
---------------------------------------------
0xxxxxxx fabric and nport detected rscns
0xxxxxxx fabric and nport detected rscns
0xxxxxxx fabric and nport detected rscns
0xxxxxxx fabric and nport detected rscns
0xxxxxxx fabric and nport detected rscns
0xxxxxxx fabric and nport detected rscns
0xxxxxxx fabric and nport detected rscns
0xxxxxxx fabric and nport detected rscns

Total number of entries = 8
IRV-SAN-SW01# show rscn statistics vsan 10

Statistics for VSAN: 10
-------------------------

Number of SCR received = 717
Number of SCR ACC sent = 717
Number of SCR RJT sent = 0
Number of RSCN received = 0
Number of RSCN sent = 6771
Number of RSCN ACC received = 6766
Number of RSCN ACC sent = 0
Number of RSCN RJT received = 0
Number of RSCN RJT sent = 0
Number of SW-RSCN received = 1057
Number of SW-RSCN sent = 100
Number of SW-RSCN ACC received = 100
Number of SW-RSCN ACC sent = 1057
Number of SW-RSCN RJT received = 0
Number of SW-RSCN RJT sent = 0
Show RSCN Timer

VSAN01# show rscn event-tov vsan 10
Event TOV : 2000 ms

Show RSCN Time Configuration Distribution

VSAN01# show cfs application name rscn

Enabled : No
Timeout : 20s
Merge Capable : Yes
Scope : Logical
Use Case

Enough academic background information. Let’s dive into a real-world Use Case.

Scenario:
– 2 Data Center Locations that are geographically divided. Let’s call them California and Florida.
– At the Florida location, there are 2 DS-C9513 VSAN enclosures
– Each enclosure connects to one of the four 3Par 7400C Controllers
– Each controller shall have 1 port dedicated to VSAN 10 and 1 port to VSAN 20
– Each ESXi host shall have 2 Fiber Optic connections going to FABRIC01 and FABRIC02
– Each ESXi host shall have 2 Ethernet links to the core Cisco Nexus 5548UP switches
– The Core switches shall have fiber connectivity to the SAN Fabric switches

Physical SAN switches in Florida:

Credits: I’ve pulled the Cisco object drawings from here http://www.visiocafe.com/downloads/vsdfx/VSDfx-Cisco.zip

Note: the drawing has omitted a link between this Florida site with the California site. If you will, imagine a High Bandwidth MPLS line between these sites to connect from FABRIC01 & FABRIC02 (Florida Data Center) with FABRIC03 & FABRIC04 (California Data Center) in a mesh configuration. VSAN10 / VSAN20 will be trunked into this MPLS link. On the WAN aspects, ISR routers need to be configured to use vlan based L2TPv3 for the L2 point to point transport service. IPSec is optional as this is MPLS rather than VPN. Drawing this would exceed the succinctness of this article.

Sample Configuration of Adding ESXi Host pWWN into the Fabric

Checking configuration of FABRIC01

FLO-SAN-SW01# show ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie
s_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
BIOS: version 1.0.19
loader: version N/A
kickstart: version 5.2(8d)
system: version 5.2(8d)
BIOS compile time: 02/01/10
kickstart image file is: bootflash:///m9200-s2ek9-kickstart-mz.5.2.8d.bin
kickstart compile time: 12/25/2020 12:00:00 [04/09/2014 06:42:37]
system image file is: bootflash:///m9200-s2ek9-mz.5.2.8d.bin
system compile time: 2/19/2014 14:00:00 [04/09/2014 08:15:36]


Hardware
cisco MDS 9222i ("4x1GE IPS, 18x1/2/4Gbps FC/Sup2")
Motorola, e500v2 with 1036300 kB of memory.
Processor Board ID XXXXXXXXXX

Device name: FLO-SAN-SW01
bootflash: 1000440 kB
Kernel uptime is 1494 day(s), 4 hour(s), 9 minute(s), 13 second(s)

Last reset at 345795 usecs after Fri Mar 27 18:42:26 2015

Reason: Reset due to upgrade
System version: 5.0(4b)
Service:

Check Existing VSAN Config

FLO-SAN-SW01# show vsan 20
vsan 20 not configured
FLO-SAN-SW01# show vsan 10
vsan 10 information
name:VSAN0010 state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:up

Configuring a new ESXi host into VSAN

## FLO-SAN-SW01 VSAN10 WPPN1 ##
config t #Enter config mode

fcalias name ESX007-PWWN1 VSAN 10 #Create fiber channel alias with a meaningful name and associate it with VLAN 10
member pwwn xx:xx:xx:xx:xx:xx:xx:xx #Include the pwwn of ESX007-PWWN1 as a member
exit

zone name ESX007-PWWN1-FABRIC01_011 VSAN 10 #Create a dedicated zone in VSAN10 for ESX007-PWWN1 for
member fcalias ESX007-PWWN1 #Include ESX007-PWWN1 into this zone
member fcalias FABRIC01_011 #Include Fabric01_controller:index0-bus:1-port:1 into this zone
exit

zone name ESX007-PWWN1-FABRIC01_111 VSAN 10
member fcalias ESX007-PWWN1
member fcalias FABRIC01_111 #Controller2
exit

zone name ESX007-PWWN1-FABRIC01_211 VSAN 10
member fcalias ESX007-PWWN1
member fcalias FABRIC01_211 #Controller3
exit

zone name ESX007-PWWN1-FABRIC01_311 VSAN 10
member fcalias ESX007-PWWN1
member fcalias FABRIC01_311 #Controller4
exit

zoneset name ZoneSet01 VSAN 10 #Create a zoneset named ZoneSet01 in VSAN 10
member ESX007-PWWN1-FABRIC01_011 #Add zone names as members of this ZoneSet01
member ESX007-PWWN1-FABRIC01_111
member ESX007-PWWN1-FABRIC01_211
member ESX007-PWWN1-FABRIC01_311
exit

zoneset activate name ZoneSet01 VSAN 10 #Set ZoneSet01 as active
zone commit VSAN 10 #Commit configuration changes
copy running-config startup-config fabric #Write to startup config

## FABRIC02 VSAN20 WPPN2 ##
config t

fcalias name ESX007-PWWN2 VSAN 20
member pwwn xx:xx:xx:xx:xx:xx:xx:xx
exit

zone name ESX007-PWWN2-FABRIC02_011 VSAN 20
member fcalias ESX007-PWWN2
member fcalias FABRIC02_011
exit

zone name ESX007-PWWN2-FABRIC02_111 VSAN 20
member fcalias ESX007-PWWN2
member fcalias FABRIC02_111
exit

zone name ESX007-PWWN2-FABRIC02_211 VSAN 20
member fcalias ESX007-PWWN2
member fcalias FABRIC02_211
exit

zone name ESX007-PWWN2-FABRIC02_311 VSAN 20
member fcalias ESX007-PWWN2
member fcalias FABRIC02_311
exit

zoneset name ZoneSet01 VSAN 10
member ESX007-PWWN2-FABRIC02_011
member ESX007-PWWN2-FABRIC02_111
member ESX007-PWWN2-FABRIC02_211
member ESX007-PWWN2-FABRIC02_311
exit

zoneset activate name ZoneSet01 VSAN 20
zone commit VSAN 20
copy running-config startup-config fabric

Explanations:

The term fabric, in this context, means back-plane connectivity. Allowable bandwidth of these MDS 9222i back-planes are extremely high. Any module installed on the same switch chassis will have access to this fabric. Nowadays, this also includes fiber optic channels or specialized 8-channel data direct connections to adjacent network devices. According to this Use Case, FLO-SAN-SW01 & FLO-SAN-SW02 are two separate fabrics. Although they are connected with two High Availability links, those are not configured as such mesh has been unnecessary. Each new ESXi host shall be confined within its zone set so that its HBA will not see LUN intended for other hosts. Each zone set has 4 paths being made accessible for each of the 2 pWWNs of an ESXi host, so there are a total of eight paths to the serial attached storage array.

Windows 2016: NIC Teaming

Assumptions
  1. OS: Microsoft Windows Server 2016
  2. Network Switch: Cisco Nexus 9000 NX-OS with dual supervisors, named SW1 & SW2
  3. Physical connections: 2 x 10G-Base Ethernet cables connecting the server to 2 switches
Switch Configuration

Ports eth1/1,2/1 native vlan 100 lacp lag group1 access mode

Windows Configuration

Run these PowerShell Commands

# Initialize Teaming
Add-NetLbfoTeamNIC -Team "Team1" -VlanID 100

# Set Teaming mode
Set-NetLbfoTeam -Name "Team1" -TeamingMode LACP -LoadBalancingAlgorithm Dynamic

# Add Team members
Add-NetLbfoTeamMember -Name "Embedded FlexibleLOM 1 Port 1 2" -Team "Team1"
Add-NetLbfoTeamMember -Name "Embedded FlexibleLOM 1 Port 2 2" -Team "Team1"

# Check Teaming setup
Get-NetLbfoTeam

Sample Result:

Name : Team1
Members : {Embedded FlexibleLOM 1 Port 1 2, Embedded FlexibleLOM 1 Port 2 2}
TeamNics : Team1
TeamingMode : Lacp
LoadBalancingAlgorithm : Dynamic
LacpTimer : Fast
Status : Up
Want to See Pictures?

Open Server Manager > Local Server > Under Properties, locate “NIC Teaming” > click Enabled or Disabled > NIC Teaming windows should appear

Within the ADAPTERS AND INTERFACES, hold Ctrl key while selecting the 2 NICs to be grouped > right-click on them > click Add to New Team > expand Additional properties > set the Teaming mode = LACP, Load balancing mode = Dynamic > OK

Run: ncpa.cpl > verify that Team1 network adapter appears on the list

Default Ports for Various Common Services

Although it is recommended that these default ports be changed whenever possible to add an additional layer of security (via obfuscation), default ports are a good rule of thumb for Network Engineers to begin troubleshooting connectivity issues. Moreover, security penetration testing often reference these numbers during port scanning, prior to applying exploit plugins.

FTP:
21/TCP
TFTP:
69/UDP
8099/TCP (user interface to TFTP service traffic)
SMB:
445/TCP
137,138/UDP
139/TCP (NetBIOS)
Active Directory:
53/UDP
636/UDP,TCP
88/UDP,TCP 464/UDP,TCP
3268/UDP,TCP
RDP:
3389/TCP
WinCollect:
135/TCP (Microsoft Endpoint Mapper)
137/UDP (NetBIOS name service)
138/UDP (NetBIOS datagram service)
139/TCP (NetBIOS session service)
445/TCP (Microsoft Directory Services for file transfers that use Windows share)
49152-65535/TCP (Default dynamic port range for TCP/IP)
OpenLDAP:
389/TCP
636/TCP (LDAP SSL)
NTP:
123/UDP
RPC:
135/TCP (default listener)
49152-65535/TCP (RPC outgoing port range)
Websense Proxy:
80,443/TCP (incoming requests)
9443,19448/TCP (UI Browsing)
22/TCP (Protector)
https://www.websense.com/content/support/library/deployctr/v76/triton_ports.aspx
Squid:
3128,3129/TCP (HTTP default port)
PostgreSQL:
8432/TCP
MySQL
3306/TCP
Microsoft SQL
--------------------------
Inbound:
1433/TCP (default listener)
1434/UDP (browser service)
4022/TCP (service broker)
5022/TCP (AlwaysOn High Availability default)
135/TCP (Transaction SQL Debugger)
2383/TCP (Analysis Services)
2382/TCP (SQL Server Browser Service)
500,4500/UDP (IPSec)
137-138/UDP (NetBios / CIFS)
139/TCP (NetBios CIFS)
445/TCP (CIFS)

Outbound:
49152-65535
Oracle SQL:
1521/TCP
1630/TCP
3938/HTTP
MongoDB:
27017,27018,27019/TCP
Veeam:
80/TCP (download updates)
443/TCP (HTTPS license auto-update)
10443/TCP (HTTPS)
902/TCP (Data Transfer)
22/TCP (control channel)
1433/TCP (Microsoft SQL backup via Veeam)
53/UDP (DNS communication)
9501/TCP (communication between Veeam Broker Service and its components)
9392/TCP (Replication)
10003/TCP (Veeam Cloud Connect)
2500/TCP (transmission channels)
6160/TCP (Veeam installer service)
6161/TCP (Veeam vPower NFS Service)
6162/TCP (Data Mover service)
RPC
SMB
HPE StoreOnce
111/TCP (mountd service used by NFS and DDBOOST)
2049 (NFS)
2052 (NFS mountd)
HPE StoreOnce
9387,9389/TCP
Norton
139,445/TCP
137,138/UDP
22/TCP
2967,2968/TCP
2638/TCP
1433/TCP
8443,8444/TCP
9090/TCP
8014/TCP
443/HTTPS
8081/HTTP
8082/HTTPS
8445,8446,8447/TCP
8765/TCP
1100/TCP
514/UDP
WhatsUpGold
ICMP
20/TCP (inbound FTP)
21-23/TCP (outbound FTP)
25/TCP (outbound mail)
53/UDP (outbound DNS)
80/TCP (outbound monitoring)
80,443/TCP (inbound webserver)
https://community.ipswitch.com/s/article/Network-ports-used-by-Ipswitch-Network-Management-products-1307717736810
SNMP:
161,162/UDP,TCP
Altiris:
5663/TCP
50124/TCP
KMS:
1688/TCP
SSH:
22/TCP
HTTP:
80/TCP
443/TCP
SMTP:
25/TCP (Non-Encrypted, Auth)
587/TCP (Secure TLS, StartTLS)
465/TCP (Secure SSL, SSL)
POP3:
110/TCP (Unencrypted, Auth)
995/TCP (Secure SSL, SSL)

IP Helper Address

What is it and how to use it?

When the DHCP Server is placed on a different subnet from the all its clients. It is important that the router at the disparate subnets be configured with an “IP helper-address” specifying the Server as its pass-through broadcast node. Here is a sample command to enable such configuration:

CORE01 (config-if)#ip helper-address 192.168.0.1

Be advised that the “IP-Helper” feature opens up a suite of ports:

Protocol

UDP Port

Timeserver (not same as NTP port UDP 123)

37

TACACS

49

DNS

53

BOOTP/DHCP Server

67

BOOTP/DHCP Client

68

TFTP

69

NetBIOS name   service

137

NetBIOS datagram   service

138

IEN-116 name   service

42

To enhance the network security posture, it may be necessary to close any unused port with commands such as this (Cisco):

CORE01 (config-if)#no ip forward-protocol udp 49

How to Discover Active Ports on a Windows Machine

PS C:\Users\kimconnect> get-nettcpsetting | select SettingName,DynamicPortRangeStartPort,DynamicPortRangeNumberOfPorts

SettingName DynamicPortRangeStartPort DynamicPortRangeNumberOfPorts
----------- ------------------------- -----------------------------
Automatic
InternetCustom 49152 16384
DatacenterCustom 49152 16384
Compat 49152 16384
Datacenter 49152 16384
Internet 49152 16384

Step 1: discover inbound ports that are actively used

netstat | findstr -i "ESTABLISHED LISTEN CLOSE_WAIT TIME_WAIT"

Step 2: find all outbound dynamic ports that are expected to be allowed through the firewalls

netsh int ipv4 show dynamicport tcp

Please note that the output of this command does not explicitly provide the named end-port. Thus, we must add the “starting port” number with the “number of ports” to derive at that value. In the example below, 49152 + 16384 = 65536

PortQuery GUI Version

It’s always a good idea to verify that there’s nothing on the network and application stack that would prevent certain services from operating as intended. This checking should be done in some of these scenarios:

  • Verify firewall permissiveness prior to site-to-site [virtual] machine migration
  • Check that Read-Only Domain Controllers in the DMZ can communicate with the Servers in the Production Data (Tier 3A) subnets
  • Confirm that Applications such as FTP and OpenVPN are able to respond to incoming requests at port 443 inbound from the Internet Zone by setting outgoing traffic from the DMZ (Web Tier 1A). 

Although I favor the CLI version of this Systernal utility, The GUI version is useful as well. Let’s take a quick look at the PortQuery thingy.

Link to download: http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/portqryui.exe

Extract: once the portqryuil.exe has been triggered, it shall self-extract. Click on the Unzip button.

Extracted: within a few seconds, this content would be generated. PortQry.exe should be moved into the Environment path (e.g. C:\Windows\System32), and portqueryui.exe the user interface wrapper for such tool. Note that the UI does include some predefined services within the config.xml. Hence, additional preset services can be added within that file.

Execute: this is an example of using PortQueryUI to check for Domains and Trusts network ports feasibility between a PC on the user’s subnet and my domain controller. The screenshot shows the UI and the pasted blob is expanded result as indicated as a “Query Result.”

=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 135 -p TCP ...

Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 135 (epmap service): LISTENING

Using ephemeral source port
Querying Endpoint Mapper Database...
Server's response:

UUID: d95afe70-a6d5-4259-822e-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49152]

UUID: 897e2e5f-93f3-4376-9c9c -Frs2 Service
ncacn_ip_tcp:DC01.KIMCONNECT.COM[5722]

UUID: 6b5bdd1e-528c-422c-af8c- Remote Fw APIs
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49242]

UUID: 12345678-1234-abcd-ef00- IPSec Policy agent endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49242]

UUID: 367abb81-9844-35f1-ad32-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49240]

UUID: 50abc2a4-574d-40b3-9d66-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49234]

UUID: eb107bd0-c461-11cf-9522- CpqRcmc3
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\cpqrcmc]

UUID: e3514235-4b06-11d1-ab04- MS NT Directory DRS Interface
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: e3514235-4b06-11d1-ab04- MS NT Directory DRS Interface
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: e3514235-4b06-11d1-ab04- MS NT Directory DRS Interface
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: e3514235-4b06-11d1-ab04- MS NT Directory DRS Interface
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: f5cc5a18-4264-101a-8c59- MS NT Directory NSP Interface
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: f5cc5a18-4264-101a-8c59- MS NT Directory NSP Interface
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: f5cc5a18-4264-101a-8c59- MS NT Directory NSP Interface
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: f5cc5a18-4264-101a-8c59- MS NT Directory NSP Interface
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: 12345778-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: 12345778-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: 12345778-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: 12345778-1234-abcd-ef00-
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: 12345778-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: 12345778-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: 12345778-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: 12345778-1234-abcd-ef00-
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: 12345778-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49159]

UUID: 12345678-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: 12345678-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: 12345678-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: 12345678-1234-abcd-ef00-
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: 12345678-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49159]

UUID: 7f1343fe-50a9-4927-a778- DfsDs service
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\wkssvc]

UUID: 3473dd4d-2e88-4006-9cba- WinHttp Auto-Proxy Service
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\W32TIME_ALT]

UUID: 1ff70682-0a51-30e8-076d-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 378e52b0-c0a9-11cf-822d-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 86d35949-83c9-4044-b424-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 86d35949-83c9-4044-b424-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: 98716d03-89ac-44c7-bb8c- XactSrv service
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 98716d03-89ac-44c7-bb8c- XactSrv service
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: a398e520-d59a-4bdd-aa7a- IKE/Authip API
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: a398e520-d59a-4bdd-aa7a- IKE/Authip API
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: a398e520-d59a-4bdd-aa7a- IKE/Authip API
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: 552d076a-cb29-4e44-8b6a- IP Transition Configuration endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 552d076a-cb29-4e44-8b6a- IP Transition Configuration endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: 552d076a-cb29-4e44-8b6a- IP Transition Configuration endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: c9ac6db5-82b7-4e55-ae8a- Impl friendly name
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: c9ac6db5-82b7-4e55-ae8a- Impl friendly name
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: 30b044a5-a225-43f0-b3a4-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 30b044a5-a225-43f0-b3a4-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: 30b044a5-a225-43f0-b3a4-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: 7d814569-35b3-4850-bb32- IAS RPC server
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 7d814569-35b3-4850-bb32- IAS RPC server
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: 7d814569-35b3-4850-bb32- IAS RPC server
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: f6beaff7-1e19-4fbb-9f8f- Event log TCPIP
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\eventlog]

UUID: f6beaff7-1e19-4fbb-9f8f- Event log TCPIP
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49153]

UUID: 30adc50c-5cbc-46ce-9a0e- NRP server endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\eventlog]

UUID: 30adc50c-5cbc-46ce-9a0e- NRP server endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49153]

UUID: 3c4728c5-f0ab-448b-bda1- DHCPv6 Client LRPC Endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\eventlog]

UUID: 3c4728c5-f0ab-448b-bda1- DHCPv6 Client LRPC Endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49153]

UUID: 3c4728c5-f0ab-448b-bda1- DHCP Client LRPC Endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\eventlog]

UUID: 3c4728c5-f0ab-448b-bda1- DHCP Client LRPC Endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49153]

UUID: 76f226c3-ec14-4325-8a99-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\InitShutdown]

UUID: d95afe70-a6d5-4259-822e-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\InitShutdown]

Total endpoints found: 62

==== End of RPC Endpoint Mapper query response ====
portqry.exe -n DC01.KIMCONNECT.COM -e 135 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 389 -p BOTH ...

Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 389 (ldap service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 389...

LDAP query response:

currentdate: 04/03/2019 20:38:12 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=kimconnect,DC=com
dsServiceName: CN=NTDS Settings,CN=DC01,CN=Servers,CN=KIMCONNECT,CN=Sites,CN=Configuration,DC=KIMCONNECT,DC=COM
namingContexts: DC=KIMCONNECT,DC=com
defaultNamingContext: DC=KIMCONNECT,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=KIMCONNECT,DC=com
configurationNamingContext: CN=Configuration,DC=KIMCONNECT,DC=com
rootDomainNamingContext: DC=KIMCONNECT,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 684952787
supportedSASLMechanisms: GSSAPI
dnsHostName: DC01.KIMCONNECT.COM.KIMCONNECT.com
ldapServiceName: KIMCONNECT.com:DC01.KIMCONNECT.COM$@KIMCONNECT.com
serverName: CN=DC01.KIMCONNECT.COM,CN=Servers,CN=KIMCONNECT,CN=Sites,CN=Configuration,DC=KIMCONNECT,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 4
forestFunctionality: 4
domainControllerFunctionality: 4

======== End of LDAP query response ========

UDP port 389 (unknown service): LISTENING or FILTERED

Using ephemeral source port
Sending LDAP query to UDP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query

portqry.exe -n DC01.KIMCONNECT.COM -e 389 -p BOTH exits with return code 0x00000001.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 636 -p TCP ...

Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 636 (ldaps service): LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 636 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 3268 -p TCP ...

Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 3268 (msft-gc service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 3268...

LDAP query response:

currentdate: 04/03/2019 20:38:49 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=KIMCONNECT,DC=com
dsServiceName: CN=NTDS Settings,CN=DC01.KIMCONNECT.COM,CN=Servers,CN=KIMCONNECT,CN=Sites,CN=Configuration,DC=KIMCONNECT,DC=com
namingContexts: DC=KIMCONNECT,DC=com
defaultNamingContext: DC=KIMCONNECT,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=KIMCONNECT,DC=com
configurationNamingContext: CN=Configuration,DC=KIMCONNECT,DC=com
rootDomainNamingContext: DC=KIMCONNECT,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 684953041
supportedSASLMechanisms: GSSAPI
dnsHostName: DC01.KIMCONNECT.COM.KIMCONNECT.com
ldapServiceName: KIMCONNECT.com:DC01.KIMCONNECT.COM$@KIMCONNECT.com
serverName: CN=DC01.KIMCONNECT.COM,CN=Servers,CN=KIMCONNECT,CN=Sites,CN=Configuration,DC=KIMCONNECT,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 4
forestFunctionality: 4
domainControllerFunctionality: 4


======== End of LDAP query response ========
portqry.exe -n DC01.KIMCONNECT.COM -e 3268 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 3269 -p TCP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 3269 (msft-gc-ssl service): LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 3269 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 53 -p BOTH ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 53 (domain service): LISTENING

UDP port 53 (domain service): LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 53 -p BOTH exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 88 -p BOTH ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 88 (kerberos service): LISTENING

UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n DC01.KIMCONNECT.COM -e 88 -p BOTH exits with return code 0x00000002.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 445 -p TCP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 445 (microsoft-ds service): LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 445 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 137 -p UDP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...


Name resolved to 192.199.199.63

querying...

UDP port 137 (netbios-ns service): NOT LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 137 -p UDP exits with return code 0x00000001.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 138 -p UDP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...


Name resolved to 192.199.199.63

querying...

UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n DC01.KIMCONNECT.COM -e 138 -p UDP exits with return code 0x00000002.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 139 -p TCP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 139 (netbios-ssn service): NOT LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 139 -p TCP exits with return code 0x00000001.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 42 -p TCP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 42 (nameserver service): NOT LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 42 -p TCP exits with return code 0x00000001.

RJ45 Ethernet & RJ11 Telephone Cables

Standard, Straight-Through Wiring (both ends are the same):

RJ45 Pin #

Wire Color
(T568A)

Wire Diagram
(T568A)

10Base-T Signal
100Base-TX Signal

1000Base-T Signal

1

White/Green

Transmit+

BI_DA+

2

Green

Transmit-

BI_DA-

3

White/Orange

Receive+

BI_DB+

4

Blue

Unused

BI_DC+

5

White/Blue

Unused

BI_DC-

6

Orange

Receive-

BI_DB-

7

White/Brown

Unused

BI_DD+

8

Brown

Unused

BI_DD-

Straight-Through Cable Pin Out for T568A

RJ45 Pin #

Wire Color
(T568B)

Wire Diagram
(T568B)

10Base-T Signal
100Base-TX Signal

1000Base-T Signal

1

White/Orange

Transmit+

BI_DA+

2

Orange

Transmit-

BI_DA-

3

White/Green

Receive+

BI_DB+

4

Blue

Unused

BI_DC+

5

White/Blue

Unused

BI_DC-

6

Green

Receive-

BI_DB-

7

White/Brown

Unused

BI_DD+

8

Brown

Unused

BI_DD-

Straight-Through Cable Pin Out for T568B

Pair 1 (T1 & R1)

Usually the primary dial tone or talk circuit is wired to the center two pins (pins 3 & 4) and is the white/blue and blue/white pair (AKA: T1 & R1 – tip 1 and ring 1). A standard single line phone draws dial tone from these center pins.

NOTE: The type of wiring shown here is known as USOC (pronounced U-sock). See background below.

The multi-conductor cables attached to RJ11 connectors usually have colored sheaths.

position

RJ25 pin

RJ14 pin

RJ11 pin

Pair

T/R

±

Cat 5e/6 colors

Colors

Old colors

1

1

   

3

T

+

white/green

white/green

white

2

2

1

 

2

T

+

white/orange

white/orange

black

3

3

2

1

1

R

 blue

blue/white

red

4

4

3

2

1

T

+

white/blue

white/blue

green

5

5

4

 

2

R

 orange

orange/white

yellow

6

6

   

3

R

 green

green/white

blue

Sample Port Mappy in the Year of 66203545 A.D.

Building:  Marketing Division

Notice: Blanks next to Patch ID means they were not found.

Patch ID                                Name

1 Conference Room Achelousaurus

2 Conference Room Achillobator

3B                                          Aardonyx

4A                                          Abelisaurus

5

6

7A                                          Acrocanthosaurus

8A                                          Aegyptosaurus

8B                                          Afrovenator

9A                                          Agilisaurus

10

11A                                         DCasse

12B                                         AJames

13

14B                                        Alamosaurus

15B                                        Albertaceratops                                    

16B                                        Albertosaurus

17                                           Alioramus

18A                                        Alectrosaurus

18B                                        Alvarezsaurus

19A                                        Allosaurus

20DOA                                  Amargasaurus

21A                                        Ammosaurus

22A                                         JChandler

23DOA                                  Amygdalodon

24                                          Ampelosaurus

25DOA                                  Anchiceratops

Building:  R&D Division

 Notice: Blanks next to Patch ID means they were not found.

  Patch ID                                Name/Location

Segisaurus

  • R&D Lab
  • Secernosaurus
  • Guests

4                                            Anchisaurus

5                                            Ankylosaurus

6                                            Anserimimus

7                                            Antarctosaurus

8                                            Apatosaurus

9                                            Aragosaurus

10                                          Aralosaurus

11

12

  • Attached to an 8-port hub (under set of computers on the right when entering R&D office). JetDirect: LaserJet 4V, HP LaserJet IIP
  • R&D Conference room (Not in use)

EN15/UNIX61                      Archaeoceratops

16 (LAN Conn.)                  Archaeopteryx

16 (Unix Conn.)                  Archaeornitho-mimus

17                                          Argentinosaurus

18                                          Arrhinoceratops

D12                                        Atlascopcosaurus

D22                                        Aucasaurus

D23                                        Austrosaurus

Division:  Customer Service

Notice: Blanks next to Patch ID means they were not found.

Patch ID                                Name/Location

 Unix   13                              Avaceratops

LAN    13                                Avimimus 

Unix   14                              Bactrosaurus

LAN    14                                Bagaceratops  

Unix   15                              Bambiraptor

LAN    15                              Barapasaurus

 

Unix   16                              Baryonyx

LAN    16                              Barosaurus

 

Unix   17                              Becklespinax

LAN    17                                Beipiaosaurus 

Unix   18                              Bellusaurus

LAN    18                                Borogovia 

Unix   19                              Brachiosaurus

LAN    19                                Brachylopho-saurus 

Unix   20

LAN    20 

Unix   21                              Brachytrachelopan

LAN    21                                Buitreraptor 

Unix   22                              Centrosaurus

LAN    22                                Ceratosaurus 

Unix   23                              Cetiosauriscus

LAN    23                                Cetiosaurus  

Patch ID                                

Unix   24                              Chasmosaurus

LAN    24                                Chaoyangsaurus 

Unix   25                            Chindesaurus

LAN    25                                Chinshakiango-saurus 

Unix   26

LAN    26 

Unix   27                              Chirostenotes

LAN    27                                Chubutisaurus 

Unix   28

LAN    28                               

Unix   29                              Chungkingo-saurus

LAN    29                                Citipati 

Division:  Purchasing/Quality Control

Notice: Blanks next to Patch ID means they were not found.

Patch ID                                Name

 301E                                      Coelophysis

301F                                      Coelurus

 302E                                      Coloradisaurus

302F                                      Compsognathus

 303E                                      Conchoraptor

303F                                      Confuciusornis

 304E                                      Corythosaurus

304F                                      Cryolophosaurus

 305E                                      Dacentrurus

305F                                      Daspletosaurus

 306E                                      Datousaurus

306F                                      Deinocheirus

 307E                                      Deinonychus

307F                                      Deltadromeus

 308E                                      Dicraeosaurus

308F                                      Dilophosaurus

 309E                                      Diplodocus

309F                                      Dromaeosaurus

 310E                                      Dromiceiomimus

310F                                      Dryosaurus

 311E                                      Dryptosaurus

311F                                      Dubreuillosaurus

 

 

 

Patch ID                                Name

 312E                                      Edmontonia

312F                                      Edmontosaurus

 313E                                      Einiosaurus

313F                                      Elaphrosaurus

 314E                                      Emausaurus

314F                                    Eoraptor

 315E                                      Equijubus

315F                                      Eotyrannus

 316C                                    Erketu

316D                                    Erlikosaurus

 317E                                      Euhelopus

317F                                      Euoplocephalus

 319     (Left port)            Europasaurus

319     (Right port)              Eustrepto-spondylus

Division:  Finance

Notice: Blanks next to Patch ID means they were not found.

 

 

Patch ID                                Name

 Unix   47                              Fukuiraptor

LAN    47                              Fukuisaurus

Unix   48                              Gallimimus

LAN    48                                Gargoyleosaurus 

Unix   49                              Garudimimus

LAN    49                              Gasosaurus

Unix   50                              Gasparinisaura

LAN    50                              Gastonia

51E                                        Giganotosaurus

51F                                         Gilmoreosaurus 

Unix   53                              Giraffatitan

LAN    53                            Gobisaurus

Unix   54                              Gorgosaurus

LAN    54                                Goyocephale 

Unix   55                              Graciliceratops

LAN    55                                Gryposaurus 

Unix   56                              Guaibasaurus

LAN    56                              Guanlong

Unix   57                              Hadrosaurus

LAN    57                                Hagryphus 

Unix   58                              Haplocantho-saurus

LAN    58                              Harpymimus

 

 

 

Patch ID                                Name

Unix   59                              Herrerasaurus

LAN    59                                Hesperosaurus 

LAN    79                                Heterodonto-saurus 

Unix  80                              Heyuannia

LAN    80                              Homalocephale

320A                                      Huayangosaurus

320B                                    Hylaeosaurus

320C                                    Hypacrosaurus

320D                                    Hypsilophodon

320E                                      Iguanodon

320F                                      Indosuchus

322E                                      Irritator

322F                                       Isisaurus 

323E                                      Janenschia

323F                                      Jaxartosaurus

Division:  WareHouse

Notice: Blanks next to Patch ID means they were not found.

 

 

Patch ID                                Name

67f                                        Jingshanosaurus

318 (left port)                      Jinzhousaurus

318 (right port)                    Jobaria 

357A                                      Juravenator

354B                                    Kentrosaurus

357C                                    Khaan

357D                                      Kotasaurus 

2                                            Kritosaurus

Parts/Stockroom 

380                                      Lambeosaurus

381                                        Lapparentosaurus

LAN68                                  Leaellynasaura

368A                                      Leptoceratops

368B                                      Lesothosaurus 

382                                         Liaoceratops 

348                                        Ligabuesaurus

LAN 74                              Liliensternus

4-71                                      Lophorhothon

Visibar Nodes 

354a                                      Lophostropheus

Patch ID                      Name                                                                      

 

Visibar Nodes (Continued) 

354b                         Open     

355a                          Lufengosaurus                             

355b                                       Lurdusaurus 

356A                                      Lycorhinus

356B                                      Magyarosaurus 

369a                                    Maiasaura

369b                                       Majungasaurus 

370a                                      Malawisaurus

370b                                       Mamenchisaurus 

371a                                      Mapusaurus

371b                                       Marshosaurus 

372a                                      Masiakasaurus

375a                                      Massospondylus

375b

376a                                    Maxakalisaurus

376b                                      Megalosaurus

Division:  Human Resources

Notice: Blanks next to Patch ID means they were not found.

Tylocephale

Tuojiangosaurus

Patch ID                       Name

Tyrannosaurus

Last Office (Auditors)

Unix 3                                    Melanorosaurusen

LAN                                      Metriacantho-saurus

373A                                      Microceratus

117                                        Micropachy-cephalosaurus

374 A                        Microraptor

374 B                        Minmi

383                                        Monolophosaurus

384                                        Mononykus

385                                        Mussaurus

386                                        Muttaburrasaurus

387                                        Nanshiungosaurus

388                                        Nedoceratops

390                                        Nemegtosaurus

 

Server Room 

349                                        Neovenator

350                                        Neuquenosaurus

351                                        Nigersaurus

352                                        Nipponosaurus

372B                                    Noasaurus

372C                                    Nodosaurus

372D                                    Nomingia

372E                                      Nothronychus

372F                                    Nqwebasaurus

372G                                    Poekilopleuron

372H                                    Polacanthus

 

 

Patch ID                       Name/Location 

372I                                      Podokesaurus

372J                                       Omeisaurusn

391                                        Opisthocoeli-caudia

392                                        Ornitholestes

393                                      Ornithomimus

394                                        Orodromeus

EN10                                    Oryctodromeus

EN11                                    Ouranosaurus

EN12                                    Othnielia

UNIX10                                Oviraptor

UNIX11                                Pachycephalo-saurus

UNIX12                                Pachyrhinosaurus

UNIX85                                Panoplosaurus

  • Pantydraco
  • Paralititan
  • Parasaurolophus
  • Parksosaurus
  • TP4
  • Patagosaurus
  • Pelicanimimus
  • Pentaceratops
  • Piatnitzkysaurus
  • Pinacosaurus
  • Plateosaurus
  • Prenocephale
  • Probactrosaurus

 

Conference Room H/R 

330A                                      Proceratosaurus

330B                                    Pro-compsognathus

330C                                      Prosaurolophus 

UNIX1                                  Protarchaeopteryx

LAN1                                      Protoceratops 

UNIX5                                    Quaesitosaurus                                

 

 

Patch ID                       Name 

UNIX6                                  Protohadros

LAN6                                      Rebbachisaurus 

LAN7                                    Rhabdodon

UNIX7                                    Rhoetosaurus 

LAN54                                  Rinchenia

UNIX54                                Riojasaurus

Division:  Executive

Notice: Blanks next to Patch ID means they were not found.  

Patch ID                       Name 

324E                                      Rugops

324F                                       Psittacosaurus 

325E                                       Terranosaurus

325F                                       Talarurus 

326E                                      Tanius

326F                                       Tarbosaurus 

UNIX33                                Telmatosaurus

LAN33                                   Tarchia 

UNIX41                                  Open (Conference Room)

LAN41                                  Tenontosaurus

UNIX34                                Thecodontosaurus

LAN34                                   Therizinosaurus 

UNIX36                                  Thescelosaurusn

LAN36                                   Torosaurus 

UNIX38                                Torvosaurus

LAN38                                   Troodon 

LAN42                                   Triceratops 

43                                            Tsagantegia 

LAN 32                                  Tsintaosaurus

Function to Import PortQry (a Systernal Utility)

Original version

function importPortQry{
# This function is currently imperfect because I have not yet figured out how to extract PortQryV2.exe with pure command-line, no GUI, and no confirmation. Security errors abound.


# Change these values to reflect your desired downloads
[string]$fileSource = "https://kimconnect.com/wp-content/uploads/2019/05/PortQry.zip";
$fileName="portqry.exe"
[string]$saveAs = "C:\Temp\$fileName";
$destination="C:\WINDOWS\System32\SysInternals\";

$fileExists=Test-Path $destination$fileName -PathType Leaf
"File exists: $fileExists"

if (!($fileExists)){
# Create temp folder to hold the downloads
New-Item -ItemType Directory -Force -Path C:\Temp | Out-Null

# Download
$source = "https://kimconnect.com/wp-content/uploads/2019/05/PortQry.zip";
$destination = "C:\Temp\PortQry.zip";
$download = (New-Object System.Net.WebClient).DownloadFile($source,$destination)

# Extract
$log="C:\Temp\kbLog.txt"
$extractFolder="C:\temp\PortQry\"
New-Item -ItemType Directory -Force -Path $extractFolder | Out-Null
expand-archive $destination $extractFolder

# Put the excutable in its expected directory
New-Item -ItemType Directory -Force -Path C:\WINDOWS\System32\SysInternals | Out-Null
cp "$extractFolder`PortQry.exe" C:\WINDOWS\System32\
}
else{"portqry.exe already exists at $saveAs.";}
}
importPortQry

Buggy version

function importPortQry{
# This function is currently imperfect because I have not yet figured out how to extract PortQryV2.exe with pure command-line, no GUI, and no confirmation. Security errors abound.


# Change these values to reflect your desired downloads
[string]$fileSource = "https://download.microsoft.com/download/0/d/9/0d9d81cf-4ef2-4aa5-8cea-95a935ee09c9/PortQryV2.exe";
$fileName="portqry.exe"
[string]$saveAs = "C:\Temp\$fileName";
$destination="C:\WINDOWS\System32\SysInternals\";

$fileExists=Test-Path $destination$fileName -PathType Leaf
"File exists: $fileExists"

if (!($fileExists)){
# Change this value to reflect your proxy node
$proxy="http://hqproxy:80";

# Check Proxy and configure when necessary
$proxyEnabled=(Get-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings").ProxyEnable
if ($proxyEnabled){
"Proxy Enabled: $proxyEnabled"
$PSDefaultParameterValues = @{"*:Proxy"="$proxy";}
"Setting proxy toward: $proxy"
}

# Check for the BitsTransfer module and import when necessary
if(!(Get-Module BitsTransfer)){
"Importing BitsTransfer Module...";
Import-Module BitsTransfer;
}

$download=Start-BitsTransfer -Source $fileSource -Destination $saveAs -Asynchronous;

While( ($download.JobState.ToString() -eq 'Transferring') -or ($download.JobState.ToString() -eq 'Connecting') )
{
$percent = [int](($download.BytesTransferred*100) / $download.BytesTotal)
Write-Progress -Activity "Downloading..." -CurrentOperation "$percent`% complete"
}
Complete-BitsTransfer -BitsJob $download

# Run the Install
C:\Temp\portqry.exe /Q /T:C:\Temp

# Most systems will not allow scripted extraction of files. Thus this manual workaround is used.
"Please click on the extract button with this default location C:\PortQryV2`nYou have 10 seconds to complete this task or this function must be repeated."

sleep 10

# Does't work as $zip.items = $null
#$path = Split-Path $saveAs
#pushd $path
#mv portqry.exe C:\Temp\portqry.zip
#$shell = new-object -com shell.application
#$zip = $shell.NameSpace('C:\Temp\portqry.zip')
#foreach($item in $zip.items()){
# $shell.Namespace('C:\Temp\').copyhere($item)
# }
#

# This commands gives an error
# start-process $saveAs -Argumentlist "/a"

# This causes error: New-Object : Exception calling ".ctor" with "3" argument(s): "End of Central Directory record could not be found."
# Perhaps, portqry.exe was formed differently than other archives. "notmyfault.exe" was generated when calling these commands
#$path = Split-Path $saveAs
#pushd $path
#mv portqry.exe portqry.zip
#Expand-Archive -Path portqry.zip
#popd

# Error: Exception calling "ExtractToDirectory" with "2" argument(s): "End of Central Directory record could not be found."
#$path = Split-Path $saveAs
#add-type -AssemblyName System.IO.Compression.FileSystem
#[system.io.compression.zipFile]::ExtractToDirectory($path)
#

}
else{"portqry.exe already exists at $saveAs.";}
cp C:\PortQryV2\PortQry.exe C:\WINDOWS\System32\SysInternals\
}
importPortQry

Storage & Transfer Speed Unit of Measurement

Intro

What’s all this talk about bits and bytes? Why do hard drive manufacturers measure by the unit of bytes, while telecommunication companies opt for the unit of bits?

In Computer Science, a bit is the smallest unit of value representing either a 1 or 0. An octet of bits are used to convert to a human readable character. Hence, 1 character on a Western keyboard takes 1 byte to store. Some of the other common values are:

Tiny Int = 1 Byte ( -128 to 127)
Int = 4 Bytes (-2147483648 to 2147483647)

Storage and Memory

At the junction of mathematics and computer science, A Kilo is defined two to the tenth power, 210. Therefore, 1 kilobyte (KB) is 210or 1,024 bytes; 1 megabyte (MB) is 220or 1,048,576 bytes. The correct way to express these units is by using capital letters (KB, MB, GB, TB, etc.). Hence, the “power of two” or 210 is used to represent a byte in storage measurements. An ascension from byte to Megabyte is by a factor of 210 or 1024, not 1000 as compared to bits to megabits. Microsoft file size and storage calculations are based on this math. and its generalized conversion table resembles this:

Byte = 8 bits
Kibibyte = 1024 bytes or 8192 (8 x 1024) bits
Mebibyte = 1024 Kibibytes or 1,048,576 (1024 x 1024) bytes or 8,388,608 bits
Gibibyte = 1024 Mebibytes or 1,073,741,824 bytes or 8,589,934,592 bits
Tebibyte = 1024 Gibibytes or 1,099,511,627,776 bytes or 8,796,093,022,208 bits

Sample Calculations:
512 kbps / 8 = 64,000 bytes
64,000 bytes / 1,024 = 62.5 Kibibytes/s or KB/s

Do you notice anything confusing about the table above in correspondence to its preceding paragraph? Yes, I’ve switched terms such as Kilobytes to Kibibytes. That is because the original usage of the metric prefix to describe storage has been improper. Unfortunately, this has become the prevalent expression. Thus, big guys such as the International Electrotechnical Commission (IEC) have come up with words such as Kibibytes, Megibyte, and Gibibytes to distinguish between the two types of measurements. Until this day, marketers still use Gigabytes to sell hard drives, while Microsoft still measures in Gigibytes. If memory and hard drive distributors are honest, 1 TB should be labeled a 931 GB instead.

Transfer Speed

Communication transfers at the wire is done as transmission of 1’s and 0’s. Hence, the standard unit of measurement telecommunication is calculated as bits, instead of bytes. Bits are being counted similarly to a  metric system (e.g. millimeter, centimeter, meter, kilometer). Each ascension is to a factor of 1000. Hence:

bits per second (bps) = 1 bit/s
Kilobits per second  (Kbps) = 1000 bits/s
Mbps = 1000 Kbits/s or 1,000,000 bits/s
Gbps = 1000 Mbit/s or 1,000,000,000 bits/s
Tbps = 1000 Gbit/s or 1,000,000,000,000 bits/s

256 kbps (kilobits per second) = 31.25  KB/s (Kibibytes per second)
512 kbps = 62.5 KB/s
1 mbps = 122.1 KB/s
1.5 mbps = 183.15 KB/s (this is known as T-1)
5 mbps = 610.3 KB/s
10 mbps = 1220.7 KB/s
 

Let us do some practical math:

Suppose you would like to download a file with the size of 640 Mebibytes (MBs). The factor to convert from Mebibytes to Kibibytes is via a multiplier of 1024. Hence 640 MBs x 1024 KB/MB = 655,360 Kibibytes, which will then converts 671,088,640 bytes. There are 8 bits in each byte; thus, 671,088,640 bytes x 8 bits/byte = 5,368,709,120 bits.

Now, if your Internet speed is 1 megabits per second or Mbps, you will download at 1,000,000 bits per second. It will then take 5368.71 seconds to finish with downloading the file. Divide that by 60, the result is 89.48 minutes.

On the same token, 1 MBps consists of eight times more bandwidth than 1 Mbps. The same file above would have taken 11.185 minutes to download. The only difference here is “MB” vs “Mb.”

Summary

To be precise in writing,  a byte should be expressed using an uppercase ‘B’, and a bit is a lowercase ‘b’. Better yet, put the ‘i’ in the middle to avoid confusion. Thus, ‘MiB’ will mean Mebibyte or 1024 Kibibytes (KiB). That is in contrast with ‘Mb’, ‘mb’ or megabit. Therefore, a KiB is way more  more than a Kb or kb, etc. What about those guys on Amazon and Ebay selling Samsung SSDs? They sell “Terabytes” or “TB” things that really should be marked as “terabits” or “tb”. All we can do is to do the reverse conversion in our minds and accept that life is full of these anomalies.