The Cruft Of My Brain

I made another attempt at using VT-d for my cameras by going with Zoneminder under Linux. This actually worked and seemed to work ok but I really dislike Zoneminder! I tried Motion and kMotion instead and the good news is it works…for longer. I’m still having problems with kernel crashes after a day or two. It’s encouraging but I’m not sure I want to fuss with it anymore. Maybe I’ll try Zoneminder one more time just in case the kernel wants to behave.

Actually, it works but with limitations. No shock there. It turns out the PV-149 CCTV capture card I’m trying to pass through presents each channel as a separate Video and Audio device. What that means is I end up with 8 PCI devices that need to be extended. I’m running into a problem that might be specific to VMWare or VT-d where I can’t passthrough more than 6 PCI devices. This isn’t too big a deal as I don’t use the audio channels but I’m worried now that the missing audio is causing some BSOD’s. I’m still investigating.

Otherwise, vSphere is running pretty nice.

Everything’s working great so far with a few exceptions I can live with. I have 5 VM’s running, mostly lightweight stuff, including my security camera system. For that I’m using Win XP and feeding the PV-149 CCTV capture card through via VT-d. Video streaming from BlueIris is working just fine and I also have PIAF running all of the phones, PFSense as a server on a stick running DHCP and DNS forwarding and the VMWare mobile appliance so I can watch it on my iPad.

I’ve started to install SageTV but it’s not done yet. So far everything’s got plenty of pep. No quality problems with PIAF so far either.

Speaking of PIAF, the years old post about SIP trunking between Asterisk and a Cisco 1760 that has gotten so much attention, yeah, that’s old school now! I just converted to a Linksys SPA3102 for my PSTN connectivity and it’s working perfectly. I think it might forward calls through a little more quickly too. The 1760 developed a bad fan and I couldn’t see spending money on it. I’ll probably try to ebay it.

Finally, I’m thinking about passing through the USB bus for SageTV to take advantage of the improved throughput but I believe I’ll need to be careful not to allocate the same bus that has the keyboard (KVM) on it. More later…

I’ve just started my quest to get this working. It’s been difficult finding examples of success from others but I finally found a reference to a specific motherboard and CPU combo that has worked for others.
HomeServerShow

I’m using an Intel DQ67SWB3 motherboard with an i5-2400 CPU. Of course I had to get a separate Intel NIC since the onboard isn’t supported.

My plan is to use this for a number of servers including my CCTV security camera system. This is using a PV-149 PCI video capture card which would have to be passed through via VT-d for the VM Guest to see it. I’ve successfully installed ESXi 4.1 update 1 via a USB key and I’m in the process of adding some VM’s. A couple of issues have come up. First, I don’t have performance stats updating in vSphere client. I’m not sure if this is a driver issue with the “unsupported” motherboard or if it’s a problem with the ESXi install. I can see the overall utilization on the summary pages though so it’s not like I’m blind. Also, I’m able to add devices via VT-d but it’s not clear to me yet if I can pass-through multiple devices to a single Guest.

I’m installing XP in a Guest right now and as soon as that’s done patching (lot’s of patches) I’ll be working on getting that capture card visible.

I also plan on running PIAF (Asterisk) and SageTV in other VMs. I’m probably going to need a really basic DNS server as well. At some point I might try passing through the onboard NIC to a firewall VM, perhaps PFSense or Untangle. Not sure about that yet.

It’s taken me a while but I finally have another review to provide. I was due for my CCNP recert so I decided to go for the Switching test, 642-813. I started with this book:

My focus was on the switching section so this review really only addresses that part. I’ve been taking Cisco tests for a while so the process was familiar to me. I also had a good foundation in switching technologies. The book does a good job of breaking down the separate areas that the test focuses on. You couldn’t use this book to study for the CCNP if you’re coming right from the CCNA. It’s strictly a refresher level of knowledge. What I found was that there were several parts of the test that were more obscure but were referenced in the book. It wasn’t verbatim of course, but it was familiar enough to help me pass.

Another thing I found relevant is that the distilled information in this book is good for reminding me of the little things that can be done to tweak a network. I think most of us are content to worry about HSRP priorities and STP roots. We don’t so much focus on the other loop prevention tools that Cisco’s made available. Thanks to the short and direct content in this book, you can quickly get a sense for the other technologies at your disposal.

And I passed. Highly recommended!

Wow…4+ years later and I’m finally posting part 2. Yep, the original config didn’t work quite right but I did get it working. Here’s the result:

On the Cisco switch:
interface Port-channel98
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet8/5
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 98 mode on

etc...


On the Extreme switch:
enable sharing 1:1 grouping 1:1,1:2,1:3,1:4 algorithm port-based
configure vlan "out_of_band" ipaddress 172.16.0.254 255.255.254.0
configure vlan "out_of_band" add port 7:1 untagged
configure vlan "out_of_band" add port 1:1 tagged

out_of_band was used for testing. I put a PC on port 7:1 on the Extreme switch to make sure I could get to a PC on the Cisco switch.

Turns out I did full documentation on the test process and actually kept the doc! I was amazed! My notes suggest the only delay was when re-connecting ports that are part of the group they would not start forwarding for about 3 seconds. Otherwise it worked great!

Got PIAF purple installed and patched over the weekend. Setting up two of the 1535s to register and do video calling was pretty trivial. There’s a little bit of lag in the video but it’s not too bad. I also called the test numbers and there was no problem with the audio quality. Nice and sharp without drops, latency or jitter. This is running in VirtualBox with the extensions installed on a Pentium dual core. I’ve assigned 1gb of ram to the VM.

To turn on the video capability you have to add the following to sip_extensions_custom in the asterisk directory:

videosupport=true
allow=h264
allow=h263

Don’t forget to reload the configs!

Next up is getting Google Voice to work.

Wow, it’s been a while. I scored some of the Nortel IP 1535′s thanks to NerdVittles and this gives me a good opportunity to try to upgrade my Asterisk system to the latest and greatest version. Naturally I want to go with PIAF and they just patched to Asterisk 1.8. I’ve considered using the Incredible PBX build but I don’t think I need all that stuff so I’m going to try straight PIAF first and see if I can get the Google Voice parts working at least.

First up, I’ve installed it in VirtualBox. Now, I’m concerned that there might be a stuttering problem because it’s virtualized. No way to know until I get a phone online. I’m hoping this will help but I installed the VB additions. It was relatively painless following the steps at if (!1) 0 with the exception of changing the kernel version to match. Rebooted and it looks ok so far.

More to come as I get phones online.

It’s now a month or so after the release of iOS4 and the Cisco Anyconnect Secure Mobile Client for iPhone is nowhere to be found. What’s up Cisco??? I want my Anyconnect!

And anyone believes they’ll actually ship the Cius? HA!

I previously posted about some luck I had getting IPSEC VPN to work from my iPhone to my IOS router/firewall. That post is now kind of useless because the source blog disappeared about a year ago. So, in order to make this useful again I’m posting my full IOS code (obfuscated for obvious reasons). Change the IP addresses and the group name and password and you should be good to go. This uses the new(ish) method in IOS of zone based firewall. It’s overly complex and really hard to parse for anything remotely complicated but it’s what I’m working with. You’ll notice I used the SDM for most of the config. Yep, I’m lame and I’m not afraid to admit it. All of that zone config typing would have been a pain in the butt! Also, be sure to use a pool that is different from your “inside” subnet. Won’t work otherwise. Also, it should be obvious but this config uses local users so you need to add at least one of those.

Keep in mind this will all change when iPhone OS4 comes out as it’s supposed to support SSL VPN’s. Finally. The IPSEC works perfectly fine for now though. I’ve not tested this on my iPad yet since I haven’t had it out of the house…and it’s not a 3G model. Don’t see why it wouldn’t work though.

And now the code:

aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization network sdm_vpn_group_ml_2 local

ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any