Sunday, March 20, 2011

Experience with installing VMware Server 2.0 on windows 7

I was helping a friend to install Ubuntu 10.10 Linux on Windows 7 using VMware server 2.0.

I  had few hiccups, but finally could do it.
  • Installation of VMware Server was a breeze.  No issue found in downloading and installing.  Just follow the instructions given in VMware site. 
  • After VMware Server was installed, you would see few entries  at "Start"  of windows 7,  All Programs->VMWare->VMware Server->VMware Server Home Page.   Click on it.   It opens your browser.
  • It asks for user name and password.  This is where I was stuck.  I was giving all my windows 7 user names and passwords, it could not succeed.  Finally, I found from searching VMware site that VMware server always expects the user name "Administrator".  By default windows 7 does not enable administrator account with "Administrator" name.  To do this, you need to execute following command at the command line prompt. 
    • Command window must be opened with "Run as Administrator".  You can do this by going to "All Programs->Accessories".  Here you would see "Command Prompt".  Take your cursor there and press right click on that line.  You would see "Run as Administrator".  Click on that. It opens the command prompt window.
    • There you should type "net user administrator /active:yes".  This would be enable hidden "Administrator" user.
    • Next step is to assign the password to "Administrator" user.  Go to 'Control Panel->User Accounts and Family Safety->Add or remove user accounts".  Here you would see "Administrator" user. Click on it and add a password to it.
  • Now you should be able to login in to the VMware server using "Administrator" and password you have set for the user.
  • Then I was trying to install Ubuntu.  First step is to create a virtual machine. You could do this using "Virtual machine" menu.  Click on "Create Virtual Machine" item.  It takes you to set of screens to assign the memory,  hard drive space,  network etc..  These are all simple and you could follow the documentation.  As far as the Ubuntu image is concerned, I thought I could have iso image in my windows hard drive somewhere and could point to that. But I was not successful in giving the path for ISO image anywhere.  Finally I decided to burn the ISO image on CD and selected 'DVD' option.
  • So far so good.
  • Once the virtual machine is created, I started it.  I wanted to see the console of virtual machine. Selected "console" menu.   It asked to install a plugin.  Clicked on it, it installed the plugin. Then it asked me to click on anywhere on the window to open the console.  Unfortunately, I keep getting error that "request timed out".  Finally, I found that Firefox can't be used to open the console.  So, make sure that you always use "Internet Explorer".  Once I started using Internet Explorer, I could see new console window getting opened.
  • After that,  ubuntu installation started on that console window and now I have ubuntu working on Windows 7 using VMware 2.0
Hope it helps.

Srini

Saturday, March 12, 2011

IGMP Filtering - Developer tips

IGMP protocol allows hosts to report their interest in Multicast address membership with adjacent routers.  These adjacent routers in turn propagate the consolidate membership with upstream routers using PIM-SM or using IGMP proxy functionality.

IGMP protocol sits right on top of IP layer, at the same level as ICMP, UDP and TCP.  IGMPv1 and IGMPv2 protocols are older protocols to IGMPv3.  IGMPv1 and IGMPv2 join the multicast membership by providing Multicast address in IGMP report message.  IGMPv3 takes one step further and even ask for membership with respect to source.  That is, there could be  multiple Multicast sources  sending same streams using one Multicast address. Hosts have choice of receiving the Multicast traffic only from some specific sources - It can specifically include the source addresses in the report message or can exclude some specific sources.

Typical firewalls today don't have capability to restrict the hosts on a specific interface from joining specific Multicast stream.  Firewalls today can allow or deny the IGMP packets on a specific interface though. But this is not sufficient.  It should be possible to restrict a given multicast stream on a specific interface.  This is possible only if firewall on the router deny only IGMP reports having restricted Multicast addresses.

IGMP filtering functionality in routers expected to provide following functions.  Some vendors call this 'IGMP filtering for Multicast authentication'.  I never understood why they use term 'Authentication' though.

  • Provide facility for admin user on per interface basis 'Allow Only List' or 'Disallow list'.  Each list contains multiple records. 
    • Multicast Address,  Source address.
    • Source address can be 'ALL'.  
Some implementation considerations:

It is always good to implement this module separate from IGMP Router or IGMP Proxy modules.  In case of IGMPv1 and IGMPv2,  each membership report message only contains one Multicast address.  If this multicast address is to be restricted,  then the complete message can be dropped.  In case of IGMPv3,  one membership report message can contain multiple Group records with each group record having multicast address, source addresses and qualifier to all the source addresses listed in the group record - include or exclude.  IGMP filter module needs to do quite a bit of work to identify the group records and corresponding sources and remove only the affected ones from the message.  Then rest of the message should be allowed to pass through.  If the complete Multicast address is restricted as per configuration, then the complete Group record from the IGMP report message can be removed.  It is not as simple as though.  From the configuration, some times only specific source addresses are to be removed from the group record in the message. That is, IGMP filter is expected to selectively remove not only group records, but also source addresses selectively in the group records.