Working with NIC Teaming in Windows Server 2012

Of the many networking features introduced in Hyper-V 3.0 on Windows Server 2012, several were added to enhance the overall capability for networking virtual machines (VMs). One of the features introduced in Hyper-V 3.0 is a collection of components for configuring NIC teaming on virtual machines and the Windows operating system.

Originally designed for Windows Server 2012, NIC Teaming can also be used to configure teamed adapters for Hyper-V virtual machines. Since our primary focus in this article is to provide an overview of NIC Teaming in Windows Server 2012 and later versions, we will not cover in detail the steps needed to configure NIC Teaming for operating systems and virtual machines.

In earlier versions of Hyper-V (version 1.0 and version 2.0), the Windows operating system did not provide any utility to configure NIC Teaming for physical network adapters, and it was not possible to configure NIC teaming for virtual machines. A Windows administrator could configure NIC teaming on Windows by using third-party utilities but with the following disadvantages:

• Support was provided by the vendor and not by Microsoft.
• You could only configure NIC Teaming between physical network adapters of the same manufacturer.
• There are also separate management UIs for managing each third-party network teaming if you have configured more than one teaming.
• Most of the third-party teaming solutions do not have options for configuring teaming options remotely.

Starting with Hyper-V version 3.0 on Windows Server 2012, you can easily configure NIC Teaming for Virtual Machines.

This article expounds on the following topics:

• NIC Teaming Requirements for Virtual Machines
• NIC Teaming Facts and Considerations
• How NIC Teaming works

NIC Teaming Requirements for Virtual Machines

Before you can configure NIC Teaming for virtual machines, ensure the following requirements are in place:

• Make sure you are running minimum Windows Server 2012 version as the guest operating system in Virtual Machine.
• Available physical network adapters that will participate in the NIC Teaming.
• Identify the VLAN number if the NIC team will need to be configured with a VLAN number.

NIC Teaming Facts and Considerations

It is necessary to follow several guidelines while configuring NIC Teaming, and there are also some facts you should keep in mind that are highlighted in bullet points below:

• Microsoft implements a protocol called "Microsoft Network Adapter Multiplexor" (explained shortly) that helps in building the NIC Teaming without the use of any third-party utilities.
• Microsoft's teaming protocol can be used to team network adapters of different vendors.
• It is recommended to always use the same physical network adapter with the same configuration, including configuration speed, drivers, and other network functionality, when setting up NIC Teaming between two physical network adapters.
• NIC teaming is a feature of Windows Server, so it can be used for any network traffic, including virtual machine networking traffic.
• NIC teaming is set up at the hardware level (physical NIC).
• By default, a Windows Server can team up to 32 physical network adapters.
• Only two physical network adapters in teaming can be assigned to a virtual machine. In other words, a network teamed adapter cannot be attached to a virtual machine if it contains more than two physical network adapters.
• NIC Teaming can only be configured if there are two or more 1 GB or two or more 10 GB physical network adapters.
• Teamed network adapters will appear in the "External Network" configuration page of Virtual Machine settings.
• NIC Teaming can also be referred to as NIC bonding, load balancing and failover or LBFO.

How Does NIC Teaming Work?

Microsoft developers have designed a new protocol for NIC Teaming specifically. The new protocol, known as Microsoft Network Adapter Multiplexor, assists in routing packets from physical network adapters to NIC teaming adapters and vice versa. This protocol is responsible for diverting the traffic from a teamed adapter to the physical NIC. The protocol is installed by default as part of the physical network adapter initialization for the first time.

The Microsoft Network Adapter Multiplexor protocol is checked in the teamed network adapter and unchecked in the physical network adapters that are part of the NIC Teaming. For example, if there are two physical network adapters in a team, the Microsoft Network Adapter Multiplexor protocol will be disabled for these two physical network adapters and checked in the teamed adapter as shown in the below screenshot:

As shown in the above screenshot, the Microsoft Network Adapter Multiplexor protocol is unchecked in the properties section of the Physical Network Adapter named "PNIC5," and the Microsoft Network Adapter Multiplexor protocol is checked in the property of "Hyper-VTeaming" teamed network adapter. "Hyper-VTeaming" is a teamed network adapter.

Any network traffic generated from the teamed adapter will be received by one of the physical NICs participating in the Teaming. The teamed adapter talks to the Microsoft Network Adapter Multiplexor protocol bound in the physical NIC.

If this protocol is unchecked in one of the physical network adapters, then the Teamed adapter will not be able to communicate with the physical network adapters participating in the Teaming. Third-party teaming utilities might have a different protocol designed for this, but the one offered by Microsoft can be used with any vendor network card — so this protocol is vendor- and network adapter-independent.

Read More

LMMC header on DLink router file, decoding the zlib zpipe Plaintext password

Tested on a DLink DSL-G604T

Downloading the config file dumps a config.bin file. The first line of the file has a LMMC which indicates a zlib header

Convert the file to a .Z file
dd if=config.bin of=test.config.bin.z bs=20 skip=1

download the zlib source and extract it. http://zlib.net/zlib-1.2.7.tar.gz
go to the examples folder
compile zpipe.c using the command
gcc -o zipe zpipe.c -lz
now you will have something called zpipe

copy the zpipe command where the config files are and execute the command
./zpipe -d < test.config.bin.z > config.txt

now open config.txt and view it plaintext!

Read More

LMCC and Router Configs

I contacted ACA and TT (through their website forms) about the Internet Filtering plan that the Australian Government is pushing through.

I’ve been really vocal about this previously, but now I think it’s time to start committing myself into writing and helping others get their letters written and sent to the people both responsible and the people letting this happen.

Click on the article to see the full text I submitted.
Read the rest of this entry »

Tags: censorship, filtering, Internet Filtering
Posted in Internet Filtering | No Comments »
LMCC and Router Configs
October 22nd, 2008

Source code attached, see end of article.

I had to pull the password for the internet connection out of a router at work recently and stumbled upon a problem that didn’t seem to have much of a solution, the router allows you to save a binary copy of the config, but it didn’t appear to be a known format.

kosh@aerith ~ $ file config.bin
config.bin: data

So after a little digging I found a Zlib header in the file and found a resource on the internet that had a windows only decoder (which failed for me :( ) so I proceeded to figure it out for myself.

kosh@aerith ~ $ hexdump -C config.bin | head -n 2
00000000 4c 4d 4d 43 00 03 00 00 c9 1a 00 00 8d 0e 8d cb |LMMC............|
00000010 e0 a2 00 00 78 9c ed 3d 6b 73 db 38 92 9f ef 7e |....x..=ks.8...~|

You can see the Zlib style magic at the 20-byte mark (0x14, “78 9c”). I tested my theory by grabbing zpipe.c from the zlib website and using dd to decode it.

kosh@aerith ~ $ dd if=config.bin of=test.bin.Z bs=20 skip=1
342+1 records in
342+1 records out
6857 bytes (6.9 kB) copied, 0.0165227 s, 415 kB/s
kosh@aerith ~ $ ./zpipe -d < test.bin.Z
....

But considering I was 5 minutes from a simple working setup, I hacked zpipe.c down and made zlmcc.c from it. I've made zlmcc.c available for anyone else that wants to deflate these files quickly.

Usual guarantee applies, if it blows up the world, not my fault. I only tested it on my system and with my single config file, using the above steps you should be able to figure it out if they change the format by a little (offset, etc)

via Kosh's

Read More

Firefox 20 : Open new windows in a new tab instead

Just recently my Firefox v20 "Open new windows in a new tab instead" were working properly but after installing some addons it always give me a new windows which hate it so much. Googling around the net didn't give me a good result as I want it the normal opening "new tad instead a new windows".

I don't want to go back with my old Firefox v11 which I have used it for a long period of time without any issue. According to this link the Tab preferences and settings which I have followed that give me no different result by unchecking the Open new windows in a new tab instead.

I still can not figure it out where I did something wrong since only five addons only I have installed, uninstalling one by one was my trial and error to see it it works. After undoing all my Firefox v20 addons and open up my browser the Open new windows in a new tab instead works as it is normal.

Installing again the addons one by one and see if the Open new windows in a new tab instead still working? Then, only I knew it that the SEO Toolbar 1.3.5.1 that gives me the error that prevents from opening my new tab instead a new windows. Adding a new SEO Toolbar or uninstalling it that solve my issue. Enjoy reading!

Read More

ZyXEL P-663H-51 ADSL2+ 4-port Bonding Gateway Review

ZyXEL's New P-663H-51 ADSL 2/2+ modem / router supports speeds of up to 48mbps downstream and 4mbps upstream, and includes four 10/100 Ethernet LAN ports. It also provides TR069 protocol for remote management, SPI firewall and DOS protection for security, and advanced QoS and multicasting features for triple play services.

Features at a Glance

• ADSL2/2+, Annex L and Annex M
• 2 ADSL2+ port bonding
• Stateful Packet Inspection
• Anti Denial-of-Service attack and port scanning
• IGMP proxy/snooping for IP multicast
• Port-based VLAN to support triple-play services

ZyXEL's P-663H-51 is an all-in-one ADSL2+ gateway for Home, SOHO and SMB applications. Featuring two ADSL2+ WAN ports and four 10/100Mbps Ethernet LAN ports, the P663H-51 provides SPI (Stateful Packet Inspection), anti-DOS (Denial of Service) and many Firewall security features to protect against network intrusion and attacks.

In addition, advanced features such as IP multicasting, IGMP proxy/snooping, fast leave and IP QoS fulfill the need of triple-play services, while the G.bond-based port bonding feature groups the 2 ADSL2+ physical ports into a logical link. The link not only provides VDSL-equivalent bandwidth with much longer loop length, its load-balance feature between the two ports also makes P-663H-51 the best choice for business and high-end market applications.

ZyXEL P-663H-51 Features

Higher-speed Broadband Access

The ZyXEL P-663H-51 has two ADSL2/2+ WAN ports. With the ATM-based multi-paired bonding feature, the two ports can be grouped into a logical link boasting the bandwidth twice as fast as a single ADSL2/2+ port, and the bit rates of each individual port can be freely and independently changed by their respective PHY layer. If one of the member ports fails, the conveyed traffic will be moved to the other port. When the failed port recovers, it will seamlessly return to the logical link and share the transmission/reception of the upper-layer traffic.

Compliant all standard ADSL2/ADSL2+ features

In addition to delivering increased data rates over greater distance than the basic ADSL2/ADSL2+, the P663H-51 also supports traditional ADSL2+ standards, such as Annex L, Annex M, DELT, SRA and dying gasp functions.

Robust, State-of-the-Art IP Security

The ZyXEL Prestige 663H-51 provides state-of-the-art standard Firewall features including, Stateful Packet Inspection, anti-DoS (Denial of Service) and IP/MAC address spoofing protection for basic defense against hackers, network intruders and other hazardous threats.

Sophisticated QoS for Triple-Play Services

The P-663H-51 comes with complete integrated ATM and Ethernet QoS mechanisms, as well as various IP QoS features (Packet classification/Rate Limitation/Queue Scheduling). The seamless QoS-mapping not only allows consistent and appropriate traffic treatment of packets, but also enables fulfillment of triple-play services. The IGMP proxy/snooping and fast leave (v1, v2) features also supports IP multicasting services.

ADSL Layer Features

• ADSL2/2+, Annex L and Annex M
• Support DELT (dual ended loop test)
• Seamless Rate adaptation (SRA)
• Dying Gasp

ATM Layer Features

• Multiple PVC support
• RFC1483/2684 multiple protocol over AAL5

RFC2516 PPPoE

• VC and LLC Multiplexing
• Traffic Shaping UBR, CBR, VBR-nrt
• OAM F4/F5 end-to-end loopback
• ATM-based Multi-Pair Bonding (G.998.1) support

Security Features

• Three level management login
• WAN & LAN Service access control
• Service access control based on source IP address
• Anti-Denial of Service, SYNC flooding, IP Smurfing, Ping of Death, Fraggle,Teardrop, LandAnti-port scanning

TCP/IP/port/Interface filtering rules, Protect against IP and MAC address spoofing

• Stateful Packet Inspection

Logging Features

• User selectable levels
• Local display and/or send to remote syslog server
• ADSL up/down, PPP up/down
• Intrusion alert
• Primary DNS server status monitor
• XML config file failures

Network Protocols

• IP routing

TCP, UDP, ICMP, ARP

• VPN (IPSec, PPTP, L2TP) pass-through *
• DHCP Server/Relay/Client
• RADIUS client
• DNS rely/proxy
• Dynamic DNS
• RIP/RIP v2 routing functions
• NAT/PAT/NAPT
• IGMP Proxy/snooping and fast leave (v1, v2 and v3)
• IP QoS
• UPnP IGD 1.0

Ethernet L2 Features

• Default Bridging for user traffic
• ARP
• 802.1Q Tag-Based VLAN
• 802.1P CoS with priority queuing

Hardware Specifications

• Power input & Power consumption

12VDC (1.5A), 15 watt

• Power Adaptor Input 100~ 240VAC, 0.5A, 50~60Hz, 40~60VA, Output 12VDC, 1.5A, 18W
• LAN 4-Port RJ-45 connectors for 10/100Mbps with Auto MDI/MDIX. Support both Half and Full Duplex
• ADSL one RJ-11 connector for 2 ADSL2+ ports

Physical Specifications

• Dimension

205(W)x 145(D)x 32(H)mm

Environmental Specification

• Temperature Operating 0 ~ 40, Storage -30 ~ 60
• Humidity Operating 20 ~ 85% (non-condensing), Storage 10 ~ 95% (non-condensing)

Certification

• RoHS & WEEE
• Safety

- UL1950 - CSA C22.2 No. 950

• EMC - FCC Part 15 & Part 68Class B

The ZyXEL P-663H-51 ADSL2+ 4-port Bonding Gateway review can be read on this forum.

Read More