So I recently was lucky enough to come into a cheap HP ProCurve 5406ZL setup. I’m talking sub $200 cheap, with 4 blades, and dual power supplies. This gave me 96 POE gig ports, plus power redundancy plus two empty slots I could fill at some other time. (note there is also the HP5412ZL which is 2x the size of the 5406 but is often cheaper due to it’s increased size, the power supplies and modules are interchangeable).
As I was searching for a deal on one, I noticed the HP Advanced Service module w/Vmware. At $4k+ retail and $1500+ on eBay it was out of reach.
The idea however, of having a redundant hypervisor or Pfsense blade with TWO 10GB uplinks built in got me thinking….
As I researched it more, I found HP also had a wireless controller option, that could be had as cheap as $50 (or less) on eBay and was extremely plentiful (at the time I wrote this it was, now they are $150+ and not as common dirt cheap…). It also appeared to have a large heatsink and DIMM slots + a SATA hardive option and a CF card slot. Seemed PC like to me… The part # may either be: msm765zl or J9154A
On a whim I ordered one to see what I could do with it….
The unit had no front serial/VGA connection and I’d never seen/used one before. It arrived minus hard drive and a wiped CF card. So I threw a USB drive in the front with VMWARE 5.5 on it, a kickstart file to auto install, and prayed for the best.
I followed the instructions from here: http://www.virten.net/2014/12/unattended-esxi-installations-from-an-usb-flash-drive/
Note that I needed a longer password than their example or it failed!
I waited about an hour, then reset the module by reseating it. I checked and saw a new DHCP lease, so tried it an VIOLA! I was in VMWARE!
Turns out the module has a Core 2 Duo T7500 processor at 2.2Ghz, and 4GB of ram. I then added a normal SATA laptop hard drive, restarted the module and formatted that drive as VMFS5. (the auto install will install to the CF card by default). You also get two Intel 82598EB 10GB AT CX4 network connections to the 5406ZL.
Then I hit a problem, the VWMARE windows management tool was timing out and slow to gain access, I couldn’t figure it out – I had a 10GB link why so slow…. I checked the switch and all looked ok, until I ran a sho run. The running config had added 2 lines, each line was rate limiting the interface ports on the wireless controller (now vmware box) to 100kbps (I assume a safegaurd for new installs). I simply issued a No rate-limit in command on both interfaces to undo what it auto-did, in my case interfaces E1 and E2 and all was good.
The bummer is that these things are limited to 4GB of ram, so pretty limited for VMWARE use. However perefect for pfSense, or running Pfsense virtualized but redundant. I went ahead and created a Trunk (team/port group depending on switches you are use to) that created a LACP group of the two 10GB interfaces then used VLAN’s and VMWARE vswitches to divy up the different networks I needed. pfSense does install without a hitch and detects the 10GB interfaces just fine.
I decided to try and figure out as much of these little controllers as I could so I then started studying the circuit board and I found a 10pin connector labeled “VGA”. After probing I was able to identify the ground pins (easy!) and 3 pins that had 70-75ohms of resistance to ground (my R/G/B signals). All I had left was vsync and hsync. I broke a VGA connector out to a bread board and on my first try had the pinout right (graphic below). Ok not perfect, the image is fuzzy if anyone knows why let me know! It was good enough to see what was going on. I went to get into the BIOS and was presented with a “PASSWORD:” prompt – DOH! But with some luck and the Hiren’s boot CD, I got the password, “PCMFG”. That let me check out the bios settings, I ended up not changing anything but was interesting to poke around. Here is a pinout for the header labeled VGA:
For now I plan to install pfsense bare-metal on the hardware and forgo VMWARE. ESXi itself takes 1gb of ram idle with no VM’s installed/running and since I don’t own licenses for home use I can’t benefit from the cool failover features.
At this point you are probably asking – why the hell does this guy have a 5406ZL at his house?
I have the entire house networked. It’s no Taj, but I have network up and downstairs in about every room. I work from home and support the network of the company I work for, including hosting some “DR” servers at my home. I need 24/7 VPN from the corporate office to my home for replication, but also want to isolate that traffic from my normal “home” network. I have PBXinaFlash running a few PoE IP phones (1 has registrations to both corporate and home phone). I use the IP phones built in intercom function to communicate from my office to upstairs and vice-versa. I also have roughly 8 IP cameras for home security, two AP’s to cover the house, and a ton of network devices for other “stuff”. I had purchased a 24Port managed POE switch and amazingly it cost me more than the 5406! I got 4x the ports, redundant power, plus now a redundant pfsense install with 20GB of throughput.
Oh – and the managed switch w/GBICs requirement came after losing a TON of network equipment to lightning last year. See this post on how and why I went this route…