Unifi USG – VLAN and Routing Configuration

INTRODUCTION:

A virtual LAN (vLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2) (wikipedia)

vLANs works by applying tags to network frames and handling these tags in networking systems.

——

I love how USG has faced up the vLAN challenge.

Their starting point is working with vLAN as if it were a layer 3 object and not layer 2 of the OSI model.

The idea behind USG is thinking vLAN is a new LAN with a different IP Address”.  Are you a little bit confused? Yes? I also was at the beginning but now I’m enthusiastic of this new approach.

Let’s explain better with an example directly from my Lab Network.

In my Environment I needed to create 2 vLAN. The first one to address the iSCSI protocol and the second to manage the Backup traffic.

I chose #40 to point up iSCSI vLAN and #50 the Backup.

I went directly to USG user interface and created the vLANs from Network menu  as shown in figure 1, 2 and 3

Figure 1

Figure 2

Figure 3

The next step is enabling routing between the new networks and the original  LAN.

The task is performing selecting Switch ports from Profiles Menu.

As shown on figure 4 I set up  an easy rule to let the networks talk to “each other”. In this case LAN to iSCSI as Figure 4

Figure 4

Now the last step. Enabling traffic from and to the Networks. In a simple word I worked at Firewall level.

I spent some hours to understand the options the USG can offer to their customers because it’s possible to set up many rules to manage traffic among LAN (LAN-IN and OUT), WAN (WAN-IN and OUT), GUEST (IN and OUT) and LOCAL (WAN/LAN/GUEST)

Really many many options but with a little patience, you can tune your networks answering to any security design.

In this example, I just created rules to manage the traffic LAN IN (FIGURE 5 and 6)

https://lnx.gable.it/wp-content/uploads/2020/05/4-vlan.jpg

FIGURE 5

FIGURE 6

Before ending this article two more notes:

If you want to grant the Servers connected to LAN to surf on Internet,  you just  need to set up a LAN-IN and a LAN-OUT rule.

To work with vLAN you need to buy an Ethernet Switch vLAN compliant

Unifi USG – Setup and configuration

Last device I added to my lab is the Ubiquity Unify Security Gateway (from now on USG)

I need it because I have to work with a great number of vLAN in my demo lab.

Let’s see what I learned in the last test weeks and how I set it up to address my needs.

The hardware installation is quite easy. After unpacking the box you just need to plug-in the power supply and two ethernet cables, the first one on LAN Port and the second to WAN port.

The USG setup is composed of 5 configuration phases

  1. LAN / WAN
  2. Unifi-Controller
  3. VPN
  4. VLAN
  5. Routing

In this first article, we are going to cover the three first phases.

I – LAN /WAN Configuration

  1. On your PC set up the Ethernet IP Address as 192.168.1.x/24 and plug the LAN cable. Now ping the 192.168.1.1 address to be sure you can reach the USG. Open a Browser and  you’ll be able to configure LAN and WAN interfaces from 192.168.1.1 address.

Figure 1

My personal router works on 192.168.18.x while I choose to set up the LAN on 192.168.16.x address

After “applying the changes”, you have to re-change the IP address of your PC to a LAN address (192.168.16.99 for example) and test the USG answer to ping.

II Unify Controller

After creating an account on the Ubiquity site (https://account.ui.com/register), download and install the Unifi Controller (https://www.ui.com/download/unifi-switching-routing) on your local PC.

Let’s see the most important steps on the wizard:

Click on “Launch a Browser to manage the network” button (Figure 2)

Figure 2

Log-in to Ubiquiti account

Figure 3

Checking if the USG device is properly discovered

Figure 4

After the wizard has been completed you can start to play with the friendly user interface. Figure 5 and 6 show the USG Device status (the fourth icons on the left panel (device))

Figure 5

Figure 6

III VPN Creation

The Wizard consists in:

  1. Creating a new Network (Figure 6) selecting the options “Remote user VPN” and L2PT server. On Radius menu you must add a new profile as shown in (Figure 7)

Figure 6

Figure 7

2) Enable Radius Server as shown in figure 8

Figure 8

Now you can set on your windows/linux/mac/android device the VPN connection and test it

Before ending the article two more notes.

  1. If you see the provisioning entry on the web interface, it means USG is loading and saving the new configuration.
  2. You can have all detail about USG products at the following internet address:  https://www.ui.com/unifi-routing/usg/

Object Storage & VBR integration

This is the second article and we are going to discover how to integrate Wasabi with Veeam.

If you want to know how to configure Wasabi, please refer to my previous article (Wasabi configuration)

The two steps we’re going to follow are:

  1. Adding Wasabi Repository
  2. Creating SOBR

Let’s start

Figure 1,2,3,4 are images showing the wizard:

Figure 1

Figure 2

Figure 3

Figure 4

In figure 4 you can find two interesting options

The first sets the software capacity limit for the object storage. This check is performed at the beginning of the job not when it is running.

To use Object Storage you need to create a Scale-Out Backup Repository (from now SOBR) that is composed of 2 different physical items.

The first one is called performance tier and it could be any classical Veeam Repository like Server, Network share, Deduplication appliances.

The second is the object storage we have already configurated.

A good suggestion: try to use a repository with good reading performances. In this way, you avoid having a bad performance of offload to Object Storage.

5 pics to understand how to easily configure the SOBR

Figure 5

Figure 6

Figure 7

Figure 8

Figure 9

Some good points to remember:

As you can see from picture 9 there are different options.
Move and copy seem to do the same work but it is not.

The move is the option (already available with version 9.5u4) to empty the Repository. The idea is to have an on-premises repository without any capacity limit (because blocks are moved to Object Storage)

On the other hand, the copy mode is a way to have the same Data in both repositories.

You can add both the two options to gain all the advantages of the integration.

Their main difference is when you need to perform a restore in the unlucky case you lose VBR (Veeam Backup & Replication).

Why?

If you select the move option you have to rebuild SOBR.

If you select the copy option you just need to add the Object storage, importing the bucket and start the restoration tasks.

you can find all detail here

How to find strings with PowerShell

An article to explain how easy it is to answer some working needs using Microsoft Powershell.

In my job, I happen to have the need to search some data written inside files.

Three classic requests:

1) I need to remember some info about a meeting (I take always notes during meetings)

2) I need to get a statistic about how many customers asked a particular feature

3) I need to search for some errors in application logs

In this short article, I show you how to answer.

In my example, I need to find  a string with the content “find me” in my Documents folder

The PowerShell command is:

Get-ChildItem -Recurse -Path “C:\Users\VBR\Documents\” | Select-String Pattern “find me”

it is composed of two parts separated by a vertical bar (|)

In the first part, the command will search all files into the path C:\Users\VBR\Documents\ (Recurse)

In the second will search the type (string) and the object (pattern)

I like the idea of saving the results of the command in a file and also having just the path of the string I searched.

The command is changed as you can see below:

Get-ChildItem -Recurse -Path “C:\Users\VBR\Documents\Test-Find” | Select-String -Pattern “find me” | select path | Out-File C:\Scripts\Results\search_script_out.txt

To remember:
All PowerShell commands support wild card (*, ?, [ ]), which means you can search any string in your environment.

Object Storage Integration – Wasabi

Object Storage is probably the main Backup & Replication feature used by Veeam Customers since his release (9.5 u4)

Today I’m going to cover the improvment now available with version 10 and I’ll show you how it works when it is coupled with Wasabi Object Storage.

Why Wasabi?
The reason is quite easy.
Any Veeam SE has 1 TB of available data to work with and this is a very appreciated gift because I can test VBR features in my personal lab.

So thank you in advance Wasabi guys.

This is the first of three articles where I’m going to show how to implement the Object Storage integration with VBR

  1. Configuring Wasabi Bucket
  2. Implementing Backup and Replication
  3. Performing test of backup and Restore

Let’s start with the first point !!!

After registering to wasabi site (https://wasabi.com/), sign-in and discover the main menu. What surprised me immediately is how easily you can work with the platform.

From “Users” just create a user following the wizard where you need to type name (Picture 1), optionally create a group (Picture 2)  and in the select the right permission in page three  (Picture 3) 

Picture 1

Picture 2

Picture 3

Now move on to the Access key menu and create the two keys. One good suggestion is to save keys on your PC downloading it. (Picture 4) 

Picture 4

Now it’s time to work with the Bucket menu and see how easy it is to create a new container (Picture 5).

Picture 5

Now we are ready to use it with VBR (Veeam Backup & Replication)

See you soon

XFS – Performace

In the previous two articles, I explained how to configure and set up an XFS Repository with Veeam Backup & Replication v.10 (VBR)

In this new article, I’m going to cover why this is a very useful technology and should be adopted as soon as possible.

The main reason is:

“XFS linked-clone technology helps VBR to transform the backup chain” 

Let’s see what happens with Synthetic Full.

What is Synthetic full?

It’s a smart way to help VBR to create a Full Restore point downloading just an incremental backup from production.

The process is composed of two phases.

Firstly it creates a normal incremental backup.

Then it creates a full backup file stacking all previous backups (full and incremental).

This process normally needs a lot of work because VBR commands the repository to copy, paste and delete the data blocks.

The XFS integration, allows the system to do not move any block. In fact, the filesystem is able to re-point his metadata creating a Full Backup in One-Shot.

The result is super fast Full Backup creation.

Let’s see with an example:

A classic Full Backup has lasted 7 mins (Picture 1).

Picture 1

An Incremental Backup has lasted 2 mins and 30 sec (Picture 2).

Picture 2

What about a Synthetic Full

Picture 3 shows that it needs less than 30 seconds (plus the time needs to download the incremental data).

So Amazing technology and Veeamzing integration!!!

Picture 3

That’s all, for now, guys, see you soon and take care.