0%

Objective

Upgrade Intel NIC firmware (5.02->5.05) on VMWare ESXi for make sure the DirectPath I/O can work well

Environment

  • ESXi-6.0.0-20160302001
  • Intel XL710
    • Including vmnic{2-5}
Read more »

(Working…)

Environment

Topology

1
2
3
4
5
+--------+   Port+-----------------------+Port   +--------+
| | 1| AS5712-54X |2 | |
| Host A +-------+ ONL: 2.0.0 Deb8 +-------+ Host B |
| | | OFDPA: 3.0.3 EA2 | | |
+--------+ +-----------------------+ +--------+

L2 Switching

1
ovs-ofctl

Flow tables ID

Table Name Table ID
Ingress Port 0
Port DSCP Trust 5
Port PCP Trust 6
Tunnel DSCP Trust 7
Tunnel PCP Trust 8
Injected OAM 9
VLAN 10
VLAN 1 11
Ingress Maintenance Point 12
MPLS L2 Port 13
MPLS DSCP Trust 15
MPLS PCP Trust 16
L2 Policer 18
L2 Policer Actions 19
Termination MAC 20
L3 Type 21
MPLS 0 23
MPLS 1 24
MPLS 2 25
MPLS-TP Maintenance Point 26
MPLS L3 Type 27
MPLS Label Trust 28
MPLS Type 29
Unicast Routing 30
Multicast Routing 40
Bridging 50
Policy ACL 60
Color Based Actions 65
Egress VLAN 210
Egress VLAN 1 211
Egress Maintenance Point 226
Egress DSCP PCP Remark 230
Egress TPID 235

Setting

1
2


References

採用

來建立 PKI CA, 必需要有 Root CA, 可參考 [PKI Lab$1 Create Root CA](http://blog.pichuang.com.tw/pki-lab-1-create-root-ca/) 做建立的動作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

### Step by Step
- Setting vars for Root CA
> export KEY_SIZE=2048
export CA_EXPIRE=365
export KEY_EXPIRE=365
export KEY_COUNTRY="TW"
export KEY_PROVINCE="Taiwan"
export KEY_CITY="HsinChu"
export KEY_ORG="Night9 Studios"
export KEY_EMAIL="[email protected]"
export KEY_OU="www.night9.cc"
export KEY_NAME=""
export KEY_CN="*.night9.cc"

- [Source](https://github.com/pichuang/easy-rsa/blob/ucc/vars)
- 重點在於 ```KEY_CN```, 此設定可以 match ```www.night9.cc``` ```roan.night9.cc```, 但不能 match ```night9.cc

  • Create UCC Key

    source ./vars
    ./build-key-server *.night9.cc
    <enter>…<enter>

  • Check Root CA key and crt

    ls -la ./keys/*.night9.cc.{key,crt}

    • 建議將 *.night9.cc 做個改名的動作
  • Check *.night9.cc crt Info

    openssl x509 -in *.night9.crt -text -noout

  • Show

Reference

採用

來建立 PKI CA, 必需要有 Root CA, 可參考 [PKI Lab$1 Create Root CA](http://blog.pichuang.com.tw/pki-lab-1-create-root-ca/) 做建立的動作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

### Step by Step
- Setting vars for Root CA
> export KEY_SIZE=2048
export CA_EXPIRE=365
export KEY_EXPIRE=365
export KEY_COUNTRY="TW"
export KEY_PROVINCE="Taiwan"
export KEY_CITY="HsinChu"
export KEY_ORG="Night9 Studios"
export KEY_EMAIL="[email protected]"
export KEY_OU="www.night9.cc"
export KEY_NAME=""
export KEY_CN="roan.night9.cc"

- [Source](https://github.com/pichuang/easy-rsa/blob/single/vars)
- 重點在於 ```KEY_CN```, 此設定可以 match ```roan.night9.cc```, 但不能 match ```night9.cc``` ```xxx.night9.cc

  • Create Key

    source ./vars
    ./build-key-server roan.night9.cc
    <enter>…<enter>

  • Check key and crt

    ls -la ./keys/roan.night9.cc.{key,crt}

  • Check roan.night9.cc crt Info

    openssl x509 -in roan.night9.crt -text -noout

  • Show

Reference

採用

來建立 PKI CA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

### Step by Step
- Setting vars for Root CA
> export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="TW"
export KEY_PROVINCE="Taiwan"
export KEY_CITY="HsinChu"
export KEY_ORG="Night9 Studios"
export KEY_EMAIL="[email protected]"
export KEY_OU="www.night9.cc"
export KEY_NAME=""
export KEY_CN="Night9 Local Authority Root CA"

- [Source](https://github.com/pichuang/easy-rsa/blob/root_ca/vars)
- 上面的寫法參考許多現有的 Root CA 的寫法, 特別是 ```KEY_CN KEY_NAME

  • CA_EXPIRE KEY_EXPIRE 建議設長一點, 如果設太短, 只要 Root CA expire 底下的 key 就得全部重簽
  • Create Root CA

    source ./vars
    ./build-ca
    <enter>…<enter>

  • Check Root CA key and crt

    ls -la ./keys/ca.{key,crt}

  • Check Root CA crt Info

    openssl x509 -in ca.crt -text -noout

  • Show

    - 因為 Root CA 已經是最上層的, 沒人可以幫他驗證, 所以只能自己簽自己

Reference

現在製作 win7 USB 安裝碟變得十分容易, 只要下載 Windows 7 USB Download Tool 把 iso 放進去即可

但很多時候會遇到一個問題 We were unable to copy your files. Please check your USB device and the selected ISO file and try again. 此時就需要對 USB 做 Format 的動作

Read more »