Proofread concept

Piplup

–

Sorry I have another question about FOG
We were supposed to think of a fictional company that hired us to fix a problem,
a problem we had to make up. I wanted to try local Imaging with FOG, reasoning they might lease Hardware that needs imaging.

The structure at the client is as follows:

192.168.5.0/24 for the whole LAN

1 Router - with no PXE Next server configuration option
1 Layer 3 Switch
X Layer 2 Switches
102 Clients, dynamic IP, Range 20-200
1 Printer - static IP
3 Server - static IP

One of those is supposed to be a cheap fileserver server running fog, providing easy and cheap Win10 Image deployments for new Clients or swapped ones that need imaging. It’s also a DHCP proxy running dnsmasq because the router doesnt have a next server option.

The problem is, its probably too simple. No subnetting, No VLANs.
I’d create some VLANs for different company departments, but I don’t know anything about them or how to make it work with FOG. Also, I’m lacking reason to do this besides adding a layer of complexity.

Tldr:
What would you add to make it look more professional? If VLANs, how do I make that work with FOG? I imagine VLANs killing DHCP which is crucial.

george1421

The concept you might start with is a small training/learning center that has 3 computer labs with 20 computers in each lab. Each lab has their own vlan to contain the traffic inside each of their vlans. Each lab has its own local printer and a central file server in the data center. That file server can be windows or linux based. If its linux based and the client computers are windows then you will need to add in samba onto your file server. Your fog server can double as a file server if you install samba on it after fog is installed. You will also need a windows domain controller on your network to push gpo policies to the client computers and for windows authentication. In addition you may need a utility windows server for dhcp/dns or use your main router. So you will have your ISP router and then you will also enable the router on your L3 switch to route between the subnets. Since your main dhcp server is on vlan 1 in your datacenter you will need to install a service on your L3 switch/router that is called a dhcp-relay or dhcp-helper service (depends on what the mfg calls it). This dhcp relay service will listen on all of the vlan interfaces for a dhcp request and forward the request to your main dhcp server. To make dnsmasq work in this environment you will need to add the fog server as the last dhcp server in the dhcp-relay server list.

Now from a routing level you will need to create a static route on your ISP router that defines each vlan beyond your L3 switch/router via the vlan 1 interface of your L3 router. Your L3 router will have a default route of the lan interface of your ISP router.

Once that is setup then you can image the computers in your training labs from the FOG server located on your datacenter vlan (1).

Piplup

Thanks, I see now!
So basically, please correct me if I’m mistaken - You create VLANs at the Layer 3 Switch. I imagine, you assign these hardware network Ports to the VLANs you create. Then, each VLAN network needs their own dhcp and dns server (?).

Imagine I have a 24 Port Layer 3 Switch. I assign every 6 Ports to 1 of 3 VLANs. (Vlan 100, 200, 300) The remaining ports serve as redundancy, with 1 of them having a connection with the ISP Router. Now, the FOG Server is on VLAN 100 with dnsmasq running.

Now, somehow, I “enable the router on your L3 switch to route between the subnets.”
After that, I install a DHCP relay on the Layer 3 Switch that forwards any broadcast DHCP request (because of network boot) from Vlan 200 and 300 to vlan 100, where dnsmasq responds to the dhcp request sender with his own IP Adress, because it also happens to be the PXE / FOG Server.

Is this correct? (also, seriously, very fast response. awesome community, thank you!)

george1421

@Piplup said in Proofread concept:

You create VLANs at the Layer 3 Switch. I imagine, you assign these hardware network Ports to the VLANs you create.

You will create the vlans on both the L2 and L3 switches. The L3 switches will then have router interfaces defined on each vlan. You will create a vlan trunk port between the L2 and L3 switches so the vlans can cross the link between the two switches.

Then, each VLAN network needs their own dhcp and dns server (?).

No the dhcp and dns servers will come from your datacenter network. For dhcp you define the dhcp-helper service on the L3 switch to listen on the interfaces without any dhcp servers and to point to the main dhcp server. That way the dhcp discovers will be sent to your main dhcp server. The fog server needs to know about the dhcp discover too so it (dnsmaq) can send the pxe boot info.

Imagine I have a 24 Port Layer 3 Switch. I assign every 6 Ports to 1 of 3 VLANs. (Vlan 100, 200, 300) The remaining ports serve as redundancy, with 1 of them having a connection with the ISP Router. Now, the FOG Server is on VLAN 100 with dnsmasq running.

Good so far

Now, somehow, I “enable the router on your L3 switch to route between the subnets.”

The L3 router will know what subnets it has interfaces connected to. So it will route the data correctly. The issue is the ISP router doesn’t know what interfaces are behind the L3 router. In this case you need to create static routes on your ISP router to the subnets behind the L3 router.

After that, I install a DHCP relay on the Layer 3 Switch that forwards any broadcast DHCP request (because of network boot) from Vlan 200 and 300 to vlan 100, where dnsmasq responds to the dhcp request sender with his own IP Adress, because it also happens to be the PXE / FOG Server.

DNSMASQ will hear the dhcp discover packet and send its own dhcp offer packet. So will the main dhcp server. The client can tell the difference between an dhcp offer and a proxydhcp offer packet.

Piplup

@george1421
I’ll have to leave it that for now.
Thank you for taking time to explain!

One last question.
https://imgur.com/a/2FszAoH

This is my network. I know it looks amateur as hell. But since I can’t confidently create VLANs at least for now, this is how it looks.

My question is, are there any stupid flaws in a network as simple as this I’m not seeing? The components are:

passive:
Cat. 6A cables and patch panel to server room

active:
L2 Switches = 1 Gigabit/s
L3 Switches = 10 Gigabit/s
(Router) = 10 Gigabit/s

FOG Server = 4x 1 Gbit/s LAN port | Running on old harddrives
Client = 1x 1 Gbit/s LAN port | Running on SSD

My project is to configure an old server to an FOG Deployment Server, like in my first post, to work in an office. Because it’s perfect, the desktop PC’s are already cable connected to the LAN, if you want to image a PC or delete a hard drive - press F12, enter the credentials the admin gives you, done.

I figured my bottleneck is the FOG Server, because even with all 4 1Gbit NICs bonded, the Server cannot deliver more than the Read Speed of the HDD. I calculated that with average 200Mbit/s and an image size of 15 GByte it would take 10 min to download an image. Easily fixed with SSD upgrades in the future.

Currently I want to configure FOG to be able to queue up to 100 Clients to image, imaging on at a time, possibly some clients with different images and then I’m all set.

All of this makes sense so far? Or did I miss anything stupid?
Sorry to bother with this, this thing is 50% of my final exam mark and I grow paranoid trying to find a mistake.

george1421

@Piplup Just so I set the right understanding you will build this configuration in the real world or is this just an on paper project?

Piplup

@george1421 Sorry, paper project.

george1421

@Piplup said in Proofread concept:

@george1421
One last question.
https://imgur.com/a/2FszAoH

If you were to document the lines being vlan 100, 200, 300 it would be a bit easier to read the drawing. Also on the drawing for your L3 switch identify the IP address of the L3 interface on that vlan. While this doesn’t have a bearing on your paper design, typically what I like doing is connecting the IP address of the subnet to the VLAN. So lets say I have a subnet of 192.168.100.0/24 I’ll make the vlan ID 100. For a subnet of 192.168.150.0/24 I’ll make the vlan ID of 150. That way by either looking at the subnet or the VLID I have an idea of what is going down the wire. It it totally personal preference but it make things easier to associate. The last part is you need to label the servers and what they are doing for your network.

My question is, are there any stupid flaws in a network as simple as this I’m not seeing? The components are:

passive:
Cat. 6A cables and patch panel to server room

active:
L2 Switches = 1 Gigabit/s
L3 Switches = 10 Gigabit/s
(Router) = 10 Gigabit/s

FOG Server = 4x 1 Gbit/s LAN port | Running on old harddrives
Client = 1x 1 Gbit/s LAN port | Running on SSD

Looking at your drawing it appears as you have {many} 2 port switches and not 2 switches with multiple ports.

My project is to configure an old server to an FOG Deployment Server, like in my first post, to work in an office. Because it’s perfect, the desktop PC’s are already cable connected to the LAN, if you want to image a PC or delete a hard drive - press F12, enter the credentials the admin gives you, done.

I figured my bottleneck is the FOG Server, because even with all 4 1Gbit NICs bonded, the Server cannot deliver more than the Read Speed of the HDD. I calculated that with average 200Mbit/s and an image size of 15 GByte it would take 10 min to download an image. Easily fixed with SSD upgrades in the future.

Yes the fog server on old hardware is possible but not recommended. With a single sata drive I would expect to see between 90 and 110MB/s transfer rates between the single HHD and the server. And that number may be a bit high. To go faster than that you will need to use a sata/sas raid controllers and add many disks or an SSD. I did some benchmark testing on a Dell 790 several years ago if you need real numbers. https://forums.fogproject.org/topic/10459/can-you-make-fog-imaging-go-fast?_=1602015864377

Now remember with a 4 link LAG network connection, between any 2 hosts you can not transfer faster than the slowest link in your LAG. Think of network link as a 1 lane road. The speed limit on that 1 lane road is 100kph. If you add more lanes to the road (LAG group) you can carry more traffic, but the speed limit is still 100kph. The same rules with networking. If you only have a fog server and one target computer imaging, only one link will ever be used. But add a second target computer than both links could be used.

Currently I want to configure FOG to be able to queue up to 100 Clients to image, imaging on at a time, possibly some clients with different images and then I’m all set.

FOG doesn’t have the capability to serially batch deploy computers. It only does a deploy now, or deploy later at a specific time. Sequential batch deployments would be a cool feature but it is not currently supported. And since you are only talking about a single spindle hard drive I’ll mention this. Consider you sending an image to a single target computer. Consider the image files are written sequentially on the FOG server’s hard drive. That hard drive should have no problem reading each block and sending it to the target computer. Now consider adding a second target computer imaging at the same time. That read head is going to be bouncing around that HDD trying to service both imaging requests because they will be at different spots and maybe different files. So the head will be bouncing around the hard drive trying to keep up. Now HDD seek time comes in and delays the data being sent to the target computers. And lastly during testing I found that I can saturate a 1GbE FOG server link by imaging 3 computers simultaneously.

On a well managed 1GbE network you should see imaging rates of 5.5 to 6.2 GB/min. That number is really dependent on the target computer because during imaging the target computer does all of the work and the fog server is only management. But imaging to a modern computer with an nvme drive you should see about 6GB/m imaging rate as reported by Partclone.

All of this makes sense so far? Or did I miss anything stupid?
Sorry to bother with this, this thing is 50% of my final exam mark and I grow paranoid trying to find a mistake.

Piplup

@george1421
You misunderstood me.

I discarded the VLAN idea because it’s too late to implement safely now for me.
You’re right - there is 1 L3 10 Gigabit Switch and A lot of L2 1 Gigabit Switches
My question was, is a network as described with the network plan I provided realistic?

I worried that because everything is in one LAN (192.168.5.0/24), and the ISP router is effectively the DHCP Server, that this may lead to broadcast storming or other fatal performance loss in the network because every Client has a dynamic IP. I discarded setting up a DMZ because the local network is not supposed to be accessed from outside, only traffic going outwards, like Webbrowsing, going through a STI firewall built in the router.

Regarding the HDD - it’s supposed to be 2 SAS HDD’s in RAID 1, because these are the only harddrives in the paper server. So effectively 1 HDD. I know 200 Mbit’s is much, I’m still debating in changing it to 2 SSD’s. I was just worried they would break faster.

I wanted to configure fog to image only 1 Client at a time. I interpreted the wiki as this:
https://wiki.fogproject.org/wiki/index.php/Multicasting

I have X Clients I want to image. I got to every client, go into network boot and select the image I want to deploy. After the first PC, every Client afterwards is automatically joining a queue until the first one has finished the download, then the second … until every Client is done.

Last thing regarding the Bottleneck … So, the image server cannot deploy faster than his own read speed and the write speed of the Client, right?

I know I said it a lot, but thank you again.

george1421

@Piplup said in Proofread concept:

I discarded the VLAN idea because it’s too late to implement safely now for me.
You’re right - there is 1 L3 10 Gigabit Switch and A lot of L2 1 Gigabit Switches
My question was, is a network as described with the network plan I provided realistic?

I worried that because everything is in one LAN (192.168.5.0/24), and the ISP router is effectively the DHCP Server, that this may lead to broadcast storming or other fatal performance loss in the network because every Client has a dynamic IP.

No worries for the number of hosts. With tcpip there is not really an issue with broadcast storms. If you are using an old lan technology like netbeui, spx, or banyan vines then broadcasts would be a concern. With TCP the main type of broadcast are ARP messaging (in general).

Regarding the HDD - it’s supposed to be 2 SAS HDD’s in RAID 1, because these are the only harddrives in the paper server. So effectively 1 HDD. I know 200 Mbit’s is much, I’m still debating in changing it to 2 SSD’s. I was just worried they would break faster.

One HDD or 2 in Raid-1 same difference since only one is the leader disk an the other is the mirror or follower disk. If you are using a traditional RAID controller then the onboard cache memory will help a bit with performance. But remember you are dealing with multi GB files for imaging so the cache will only help so much. In regards to SSDs, for FOG imaging they will not break faster than HDD. What breaks SSDs is many writing to the drive. In the case of standard fog imaging its a write once, deploy (read) many times. SSDs are ideally suited for FOG imaging. I would say the HDD would have a shorter life because of the head thrashing about the disk when you have multiple imaging going on at the same time.

Last thing regarding the Bottleneck … So, the image server cannot deploy faster than his own read speed and the write speed of the Client, right?

Here are actually the bottlenecks in imaging. Lets assume a deployment here server->client

1. FOG Server disk to network
2. Network infrastructure
3. Network to fog imaging
4. Fog imaging to disk

In the case of a FOG deployment, the fog server does very minimal work. On the FOG server it only moves data from the disk storage to the network adapter and then manages the overall progress of imaging. If you wanted to you could run the FOG server on a Raspberry PI 4 server. The key is getting a fast data path from disk to the network.

For fog imaging the target computer does all of the work. The target computer takes in the image from the network, decompresses the image dynamically, and then writes the image to the local hard drive on the target computer. So impacts on deployment speed is network, CPU (Ghz and number of cores), memory speed, and local storage drive.

So if you were to setup FOG and deploy to a computer the program that writes the image to disk is called PartClone. PartClone gives a performance number. This is usually in GB/min. This number is actually a composite number that indicates how fast Partclone can write the image to disk. But behind that number is all of the defined bottlenecks. Lets say you take 2 computers one is a 2010 Core2 Duo with a HDD and the second is a 2019 Quad Core with an NVMe drive. Using that same FOG server the Core2 computer will probably deploy in the 4GB/m range (bottleneck is CPU or local HDD). Where that Quad Core with NVMe drive will deploy in the 6.5GB/min range (bottle neck is the 1GbE network)