Useful details in the data center: Wi-Fi IP KVM
KVM over IP, or simply IP KVM, is a way to remotely connect to the server console via TCP. You cannot do without it when the regular remote access via the Internet (RDP, SSH) disappears, the server needs to be restarted or the OS needs to be urgently reset.
Usually in IP data centers, KVM is a separate service, which is often saved when ordering colocation or dedicated servers. When, in case of force majeure, the client still calls for IP KVM, then access to the console has to wait: the provider needs to cross-connect, organize and configure a separate Internet channel to the rack where the affected server is located. For such an emergency, we did a Wi-Fi version of IP KVM. It turned out angrily, but effectively.
The DataLine wireless data center network consists of 66 access points of Cisco AIR-LAP1041N and AIR-CAP1602I models running three Cisco 2504 controllers (Wireless LAN controller, WLC), one of which is redundant. OST area with a total area of ​​10,000 square meters. m covered by 37 access points. 29 access points operate in NORD data centers .
')
Using multiple SSIDs allows you to use the same access points and a controller for several needs: Wi-Fi telephony, guest and local wireless networks. On the controller, each SSID has its own VLAN. For IP KVM, separate SSIDs and VLANs are allocated. Wi-Fi network is protected using WPA2-Enterprise (AES encryption algorithm) and RADIUS.
One of the access points, mounted on the tray of the SCS machine room. For halls up to 200 sq. M - one access point, from 200-400 square meters. m - two.
Access points are installed in the engine room. The ATEN CN8000 IP KVM switch connects via the Trendnet TEW-800 Wi-Fi bridge to a data center Wi-Fi network.
In relation to the controller (WLC), the KVM is a passive equipment with a static IP address. By default, the WLC works as proxy-ARP, i.e. responds to external ARP requests independently, knowing the IP address of the wireless subscriber. When a device has a static IP address, the WLC does not know its IP address and cannot respond to an ARP request. Therefore, when connecting a KVM switch to a wireless network, we must activate the Passive client option on the WLC. In this case, ARP requests will be sent directly to end devices without WLC participation.
Now, when the client suddenly needs a remote connection to the server console, the duty engineer simply connects the KVM switch to the equipment. An account is created for the owner of the equipment, the external IP and the credentials for accessing the IP KVM are reported.
From the moment of receipt of the application to connect the client to the console now takes no more than 30 minutes.
At the request of the client, an IP KVM connected to the Wi-Fi-bridge is delivered to the rack. It looks like this.
The user can connect to the KVM through a browser using a Win or Java application.
KVM CN8000 interface. To open the console, you need to click “Viewer” and download the application .
Log in to the console through the Win-application.
Console equipment. At the top of the fixed toolbar. allows you to adjust the picture, the keyboard, mouse and other settings.
At first we looked for IP-KVM with an integrated Wi-Fi module, but there was no ready, boxed option. Earlier, ATEN released a wireless version of the IP KVM - KW1000 , but the model was discontinued.
Then we began to select a separate device as a Wi-Fi-bridge for a typical IP KVM switch. Structurally, the Wi-Fi-bridge should be compact and convenient to use, preferably with minimal heat dissipation: a bunch of “KVM - Wi-Fi-module” is used in hot corridors of data center machine halls.
The first idea was to use a Cisco Aironet 1600 access point as a Wi-Fi bridge in Workgroup Bridge mode. The solution was cumbersome, and using the whole access point for this task was irrational. We decided to experiment a little with the Raspberry PI 2B microcomputer in combination with the USB Wi-Fi module edup N8508GS.
Single board computer Raspberry PI 2B based on Broadcom BCM2836 processor and Wi-Fi module edup N8508GS.
Raspberry PI 2B supports a variety of operating systems. If desired, it can be adapted to various tasks. We put the Raspbian OS on it, connected the edup N8508GS usb Wi-Fi module to it and began to use it as a Wi-Fi router.
In this scheme, the Raspberry-based Wi-Fi router performs the function of NAT — translates public IP addresses into internal IP addresses (private).
Wireless KVM scheme with Raspberry PI 2B and Wi-Fi module edup N8508GS .
This bundle worked, but was not stable: sessions were often interrupted. When it was possible to connect, due to large jitter and packet loss, the picture on the user side hung up a lot.
ICMP requests to Raspberry look like this:
The next option was to test the unpretentious home Trendnet TEW-800 . The device has a low power consumption of 12 W (built on an ARM processor), and slightly heated. It works in two bands - 2.4 and 5 GHz.
Wi-Fi-bridge Trendnet TEW-800.
We used Raspberry PI 2B as a router with the NAT function: the external IP “looks” on the Wi-Fi-air, and the internal one - on the KVM. Trendnet TEW-800 in our scheme acts as a Wi-Fi-bridge, that is, at the data link layer (L2) it connects the Wi-Fi environment and the KVM switch. The public IP address is on the IP KVM itself. This simplifies the scheme, removes unnecessary packet analysis (lookup) on the transit node and NAT connection tracking data.
The scheme of wireless KVM with the participation of Wi-Fi-bridge Trendnet TEW-800.
ICMP requests to Trendnet look like this:
Chose from two models - D-Link DKVM IP1 and Aten CN8000. We traditionally used the D-Link model for the wired IP KVM version.
For the task of connecting via Wi-Fi, both models were suitable, but the Aten CN8000 had more options for a wired connection. Wi-Fi IP KVM is still an emergency option, and for a constant time it is better to use a wired connection.
Aten CN8000.
In the wired version, it is possible to organize the management of all switches and users through a centralized server. Aten provides the CC2000 software management tool for this . In the unified interface of the Personal Account, the engineer from the data center can manage user credentials, view the access event log, manage all IP KVM switches. User access to the Personal Account is via https.
Connection diagram of the engineer to the KVM-infrastructure of the data center of the center via CC 2000.
The interface of the Personal Account CC 2000. The tab with users.
If remote access is needed all the time, it is better to use the wired version. It provides a stable quality of work with IP KVM, which is not affected by the distance between the IP KVM switch and the access point. But Wi-Fi IP KVM will save when trouble struck the equipment and you need to connect to it quickly.
Usually in IP data centers, KVM is a separate service, which is often saved when ordering colocation or dedicated servers. When, in case of force majeure, the client still calls for IP KVM, then access to the console has to wait: the provider needs to cross-connect, organize and configure a separate Internet channel to the rack where the affected server is located. For such an emergency, we did a Wi-Fi version of IP KVM. It turned out angrily, but effectively.
Scheme of work
The DataLine wireless data center network consists of 66 access points of Cisco AIR-LAP1041N and AIR-CAP1602I models running three Cisco 2504 controllers (Wireless LAN controller, WLC), one of which is redundant. OST area with a total area of ​​10,000 square meters. m covered by 37 access points. 29 access points operate in NORD data centers .
')
Using multiple SSIDs allows you to use the same access points and a controller for several needs: Wi-Fi telephony, guest and local wireless networks. On the controller, each SSID has its own VLAN. For IP KVM, separate SSIDs and VLANs are allocated. Wi-Fi network is protected using WPA2-Enterprise (AES encryption algorithm) and RADIUS.
One of the access points, mounted on the tray of the SCS machine room. For halls up to 200 sq. M - one access point, from 200-400 square meters. m - two.
Access points are installed in the engine room. The ATEN CN8000 IP KVM switch connects via the Trendnet TEW-800 Wi-Fi bridge to a data center Wi-Fi network.
In relation to the controller (WLC), the KVM is a passive equipment with a static IP address. By default, the WLC works as proxy-ARP, i.e. responds to external ARP requests independently, knowing the IP address of the wireless subscriber. When a device has a static IP address, the WLC does not know its IP address and cannot respond to an ARP request. Therefore, when connecting a KVM switch to a wireless network, we must activate the Passive client option on the WLC. In this case, ARP requests will be sent directly to end devices without WLC participation.
Now, when the client suddenly needs a remote connection to the server console, the duty engineer simply connects the KVM switch to the equipment. An account is created for the owner of the equipment, the external IP and the credentials for accessing the IP KVM are reported.
From the moment of receipt of the application to connect the client to the console now takes no more than 30 minutes.
At the request of the client, an IP KVM connected to the Wi-Fi-bridge is delivered to the rack. It looks like this.
The user can connect to the KVM through a browser using a Win or Java application.
KVM CN8000 interface. To open the console, you need to click “Viewer” and download the application .
Log in to the console through the Win-application.
Console equipment. At the top of the fixed toolbar. allows you to adjust the picture, the keyboard, mouse and other settings.
Choosing a Wi-Fi connection method
At first we looked for IP-KVM with an integrated Wi-Fi module, but there was no ready, boxed option. Earlier, ATEN released a wireless version of the IP KVM - KW1000 , but the model was discontinued.
Then we began to select a separate device as a Wi-Fi-bridge for a typical IP KVM switch. Structurally, the Wi-Fi-bridge should be compact and convenient to use, preferably with minimal heat dissipation: a bunch of “KVM - Wi-Fi-module” is used in hot corridors of data center machine halls.
The first idea was to use a Cisco Aironet 1600 access point as a Wi-Fi bridge in Workgroup Bridge mode. The solution was cumbersome, and using the whole access point for this task was irrational. We decided to experiment a little with the Raspberry PI 2B microcomputer in combination with the USB Wi-Fi module edup N8508GS.
Single board computer Raspberry PI 2B based on Broadcom BCM2836 processor and Wi-Fi module edup N8508GS.
Raspberry PI 2B supports a variety of operating systems. If desired, it can be adapted to various tasks. We put the Raspbian OS on it, connected the edup N8508GS usb Wi-Fi module to it and began to use it as a Wi-Fi router.
In this scheme, the Raspberry-based Wi-Fi router performs the function of NAT — translates public IP addresses into internal IP addresses (private).
Wireless KVM scheme with Raspberry PI 2B and Wi-Fi module edup N8508GS .
This bundle worked, but was not stable: sessions were often interrupted. When it was possible to connect, due to large jitter and packet loss, the picture on the user side hung up a lot.
ICMP requests to Raspberry look like this:
The answer from 10.7.19.50: the number of bytes = 32 time = 42 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 77 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 106 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 34 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 66 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 7 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 132 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 84 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 81 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 96 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 232 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 68 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 86 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 111 ms TTL = 63
The answer from 10.7.19.50: the number of bytes = 32 time = 33 ms TTL = 63
The next option was to test the unpretentious home Trendnet TEW-800 . The device has a low power consumption of 12 W (built on an ARM processor), and slightly heated. It works in two bands - 2.4 and 5 GHz.
Wi-Fi-bridge Trendnet TEW-800.
We used Raspberry PI 2B as a router with the NAT function: the external IP “looks” on the Wi-Fi-air, and the internal one - on the KVM. Trendnet TEW-800 in our scheme acts as a Wi-Fi-bridge, that is, at the data link layer (L2) it connects the Wi-Fi environment and the KVM switch. The public IP address is on the IP KVM itself. This simplifies the scheme, removes unnecessary packet analysis (lookup) on the transit node and NAT connection tracking data.
The scheme of wireless KVM with the participation of Wi-Fi-bridge Trendnet TEW-800.
ICMP requests to Trendnet look like this:
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 3 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 2 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 2 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 2 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 2 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 2 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
The answer from 10.7.19.80: the number of bytes = 32 time = 1 ms TTL = 127
Choosing a KVM Switch IP
Chose from two models - D-Link DKVM IP1 and Aten CN8000. We traditionally used the D-Link model for the wired IP KVM version.
For the task of connecting via Wi-Fi, both models were suitable, but the Aten CN8000 had more options for a wired connection. Wi-Fi IP KVM is still an emergency option, and for a constant time it is better to use a wired connection.
Aten CN8000.
In the wired version, it is possible to organize the management of all switches and users through a centralized server. Aten provides the CC2000 software management tool for this . In the unified interface of the Personal Account, the engineer from the data center can manage user credentials, view the access event log, manage all IP KVM switches. User access to the Personal Account is via https.
Connection diagram of the engineer to the KVM-infrastructure of the data center of the center via CC 2000.
The interface of the Personal Account CC 2000. The tab with users.
Instead of conclusion
If remote access is needed all the time, it is better to use the wired version. It provides a stable quality of work with IP KVM, which is not affected by the distance between the IP KVM switch and the access point. But Wi-Fi IP KVM will save when trouble struck the equipment and you need to connect to it quickly.
Source: https://habr.com/ru/post/313448/
All Articles