December 18, 2012
LISA was pretty exceptionally late in the year this time, being only a couple of weeks before Christmas. The inevitable let-down of coming back to the "real world" where I've got to "work" and "do productive things" is always kind of a drag, but this year is a little different thanks to the proximity of the upcoming holiday plus the fact that I work for an .edu now.
Here at NEU, we actually have the entirety of next week off, plus we don't come back until Wednesday the 2nd. Like, the whole week plus! I first heard about this back in August when I started, and I was like, "oh man! That's great! We're going to have so much time to do infrastructure work. We can take down the whole network and no one will care". Because, you know, I'm crazy like that. My coworkers quickly mutinied against my ideas because, well, it's a week off. I'm beginning to see the wisdom of their mentality, and I've made plans to head back to Ohio to visit with family for the Christmas break.
I still do kind of wish I could spend some time in the server room fixing things up, but I'll take care of it next year. I have some pretty large plans, and since Amy and I will be taking the train to Pittsburgh (it was actually the cheapest way to get there - I can't believe it either), I'll have plenty of time to make plans and write. I'm really looking forward to the trip.
Here are some of the things I'm working on:
- VLAN Renumbering Project
- Server Room Rebuild
- Network Core Upgrade
Our network design is actually pretty archaic. We've got several networks where desktops and servers are in the same subnet (what I call a hybrid network - and warn people against). I'm going to be dividing them up. Plus, we've got all kinds of subnets which have the same sort of security needs, but are in separated networks for no reason that I can discern.
I've worked up a security zone "map" of all of the types of access that servers need (and need to provide), and I'll spend some time on the train figuring out what logical grouping of servers, desktops, and appliances makes the most sense. I'm sick enough that I actually kind of like stuff like this.
We have the cheapest racks known to mankind. Well, ok, second cheapest - they do have four arms. But they're really bad. They're round-holed, have no cable management features, and the one attribute they have that I don't hate is...wait, no, I don't think there's anything I don't hate about them.
As part of the three year budget estimate that I submitted, I included a request for a new set of racks in the server room. I also want to change the way that the server room is laid out. At the moment, we've got three rows of racks, and, well, the airflow is kind of interesting:
It's not just me - that's crazy, right?
Anyway, I've done a survey, and of the 882 rack units in that room, we're using in the neighborhood of 350. Most of everything else is taken up by free space or by shelves holding up desktop machines turned into servers, most of which we don't want to keep around anyway. So yeah, here's what I want to do:
I think that makes a lot more sense. We still have over 500 rack units of space, plus we get a much better airflow with less mixing, and we can use panels to further help separate the hot and cold aisles. It should be a lot more energy efficient. Plus, I can get rid of these damned round-hole telco racks. Yech.
Not only is our 6509 our core, it's also, in a large way, our distribution switch. Well, one of them, anyway. It's stacked full of 48 port gigabit blades (including a couple of really crappy cards that don't even support the crossbar). I want to fix this.
My thought is that it makes a lot of sense to replace our one 6509 with two 6506Es, and use a "top of rack" (ToR) switch network design where we actually have a ToR switch every other rack or so, then wire every ToR switch to both 6506Es for failover. The number of ports we'll have at our disposal is higher, we'll have a more robust design, and unicorns will pop into existence ready to cater to our every whim.
Related to the weird networking layout, we've got an array of firewall boxes, some pfsense, some bluesocket. Apparently, the bluesocket machines fail pretty frequently. I haven't seen it yet, but I believe them. The replacement of the existing array into one or two (clustered, of course).
So that's what I'm working on. I'd also like to get further into coding some scripts for AWS. I found out about a great python library called boto. It's completely full-featured. The only drawback is that it's written in python ;-)
As a side effect of doing some preliminary coding with boto, I've been working on IDEifying my vim. Those of you who use vim (and you should) may want to check into these plugins if you aren't already: NERDTree, snipmate, and vim-surround. I'll be doing a vim-specific post at some point, so if you have any awesome plugins, let me know in the comments.
That's it for now. It's a short week, so back to work!