Net_Admin

March 2003 Net Admin 1

Network Administration


ObjectivesWhen you have completed this module you will be able

to do the following:• Describe interfaces supported by NetCache• Describe Virtual Interfacing• Describe routing on a NetCache appliance• View Routing Tables• Configure bandwidth allocation• Configure DNS


Interface NamesC1200/2100/6100• NetCache supports these

network types:– - 10 Mbit Ethernet – - 100 Mbit Ethernet – - Gigabit Ethernet (1000 Mbit) – - FDDI (C6100 & C3100)– - CDDI (C6100 & C3100)

• Interfaces names MUST have:– Network type– Slot number– Port number (if multi-port

adapter card)


Setup > Network > General

Network – General This page is used to configure port, interface, and IP address settings to control incoming and outgoing traffic for the NetCache appliance.

Refer to Online Help for specific configuration information.


Network Configuration cont’d.



Configure Interfaces

Network – Interfaces The options on this page are used to view, configure, or change information about each network interface. This page is also used to create, configure, or destroy a virtual interface on this NetCache appliance using the Virtual Interfaces tab



Virtual Interface

Virtual IP address

Switche1e2e3e4

Load Balancing

Etherchannel

• Aggregate multiple ethernet links into a single logical channel between two devices

• Clients access a single virtual IP address

Virtual Interfaces (VIF) are a logical group of interfaces To get the security of fail over or the throughput that multiple interfaces working as one interface can provide, you can group up to four Ethernet interfaces into a virtual interface. You group them into a logical interface unit known as a trunk or a VIF. A VIF is composed of links, each of which is a physical interface.


Single-mode Trunk

e0 e1vif0

Switch

e0 e1vif0

Switch

e0 fails

Provides fail over capabilities

Single-mode Trunk In a single-mode, only one of the interfaces is active. The other interfaces are on standby, ready to take over if the active interface fails.

In the figure above, e0 and e1 are part of the SingleTrunk1 single-mode trunk. The active interface, e0, fails. Failure means that the link status of the interface is down, which signals that the interface has lost connection with the switch. The e1 interface takes over and maintains the connection. The interface e1 also takes over the MAC address of the e0 interface.

With single-mode trunks, the NetCache performs takeover based on the absence of a link.


Multi-mode Trunk

Switch

e0 e1 e2 e3MultiTrunk1

Multiple-mode trunks In a multiple-mode trunk all the interfaces are active. This provides greater speed than a single interface if there are multiple hosts accessing the NetCache. This will not improve performance for a single host.

A multiple-mode trunk requires a switch that supports manually configurable trunking. The switch determines how the load is balanced among the interfaces.

In the figure above, e0, e1, e2, and e3 are part of the MultiTrunk1 multiple-mode trunk. All four interfaces in the MultiTrunk1 multiple-mode trunk are active.

Hardware requirements for trunks To use a multiple-mode trunk, you need a switch that supports manually configurable trunking over multiple port connections. The switch determines how to forward incoming packets to the NetCache, so you configure the switch so that all the port connections are part of a single logical port. For information about configuring the switch, see the switch documentation.

NetCache network interfaces that are part of the same trunk do not have to be on the same network card, but some Ethernet switches and routers require that all members of the trunk be either half-duplex or full-duplex


Configuring VIF

Configuring a VIF This page is used to create, destroy, add physical interfaces to, or to change the mode of, a virtual interface on the NetCache appliance.



Virtual Interface Commands

• The "-set" option is used to record the changes to disk so that changes will be persistent across reboots

• Usage:

>vif create [single|multi] <vif_name> [<interface_list>] [vif_-set] >vif destroy <vif_name> [vif_-set] >vif add <vif_name> <interface_list> [vif_-set] >vif {favor|nofavor} <interface> [vif_-set] >vif status [<vif_name>] [vif_-set] >vif stat vif_name [interval] [vif_-set]

Virtual Interface Commands Refer to the command line help for specific additional information.


Routing on the NetCache

• Does not function as a router• routed daemon

– Listens to the network for RIP packets– Adds routes based on ICMP redirects– Checks the status of the default router

Network - Routing Typically, the NetCache Appliance learns explicit routes through the ICMP redirect messages it receives from the default router. The NetCache Appliance relies on the default route and explicit routes for routing its own packets. If, for some reason, your NetCache Appliance cannot learn an explicit route, you can add the route here. If the NetCache Appliance cannot find an explicit route in the routing table for a particular destination, it uses the default route.

How NetCache routes Even though the NetCache Appliance can have multiple network interfaces, it does not route packets between its interfaces on behalf of other network hosts.

About routed Routed is a simple routing daemon that is enabled at boot time. Routed helps manage multiple routers and enables you to create redundant routing schemes. It listens for Routing Information Protocol (RIP) packets to determine which routers on the network are alive. The NetCache Appliance does not rely on routed to construct the routing table. You can turn off routed on the Network Settings page. If you do so, ensure that a default router is designated on the Basic Configuration Settings page.


Configure Routing

Configure Routing This page is used to configure routing on the NetCache. This tab is accessed at Setup > Network >Routing.



Viewing Routes

Viewing Routes This page is used to view routing configurations on the NetCache. This tab is accessed at Setup > Network >Routing.



Adding Static Routes

netcache>config.system.routes = \\net 10.41.66.1 10.41.6.1 1\\

CLI:

Adding Static Routes This page is used to add or delete static routes on the NetCache. This tab is accessed at Setup > Network >Routing.



Bandwidth Allocation

• Limit bandwidth usage for certain classes of traffic

• Other products classify traffic based on TCP/IP headers only

• NetCache can classify traffic based on attributes of higher level protocols

Bandwidth Allocation The NetCache bandwidth allocation feature enables you to control the total bandwidth capacity that specified categories of connections can collectively consume on the NetCache appliance. Using the NetCache Manager fields associated with bandwidth allocation, you can:

• Set aside portions of your total NetCache bandwidth capacity into various-size\ capacity bandwidth pipes.

• Assign connections matching a specified set of properties, such as protocol, source or destination IP addresses, and inbound (server side) or outbound (client side) communication to a bandwidth pipe.

All connections assigned to a specific bandwidth pipe share the total bandwidth space allocated for that bandwidth pipe. The NetCache appliance enforces the bandwidth limit, if necessary, by using buffers to space out both incoming and outgoing packets. As a result, TCP connections, as well as protocol connections based on UDP, gracefully use the specified bandwidth pipe with a minimum of burstiness, allowing NetCache to enforce the bandwidth allocation rules efficiently.


Bandwidth Allocation Uses Practical uses for the bandwidth allocation management feature include the ability to:

• Limit all inbound streaming traffic to a given maximum bandwidth

• Restrict aggregate bandwidth by single protocol (IP, TCP, UDP, MMS, RTSP, HTTP) or by a streaming protocol set (both RTSP and MMS)

• Limit aggregate bandwidth to or from a client or origin server

• Limit the bandwidth usage on any given interface


Bandwidth Allocation Rules

• Rules control network connection bandwidth capacity• Rules set aside a portion of total NetCache

bandwidth capacity for a specified capacity "bandwidth pipe"

• Rules assign connections to a bandwidth pipe based on a specified set of properties

• All connections to a specific bandwidth pipe share the total bandwidth limit

Bandwidth allocation rules Bandwidth allocation rules control the total bandwidth capacity that network connections belonging to one or more specified categories can collectively use up on the NetCache appliance. The bandwidth allocation rule that you configure on this page enables you to:

• Set aside a portion of your total NetCache bandwidth capacity for a specified capacity "bandwidth pipe."

• Assign connections to a bandwidth pipe based on a specified set of properties, such as protocols, source or destination IP addresses and port numbers, inbound or outbound status, or other properties.

All connections assigned to a specific bandwidth pipe share the total bandwidth space assigned to that bandwidth pipe. NetCache enforces the bandwidth limit by using buffers to "space out" both incoming and outgoing packets in compliance with that pipe's bandwidth limit.

As a result, TCP connections, as well as protocol connections based on UDP, gracefully use the specified bandwidth pipe with a minimum of burstiness, allowing NetCache to enforce the bandwidth allocation rules efficiently.


Configuring BW Allocation at the CLI

• config.ipfw.bwmgr.buckets– pipe 1 bw 50Kbit/s– pipe 2 bw 200Kbit/s

• config.ipfw.rules– pipe 1 streaming inbound time 9AM-7PM– pipe 2 streaming inbound

• config.ipfw.enable– on/off

Refer to the command line help for specific additional information.


Bandwidth Allocation EnableSetup > Network > Bandwidth Allocation

This page is used to enable bandwidth allocation.



Bandwidth Buckets

Setup > Network > Buckets Tab

config.ipfw.bwmgr.buckets


Bandwidth Allocation RulesSetup > Network > Bandwidth Allocation


Defining Rules

Defining Riles Options on the Setup > Network > Bandwidth Allocation page are used to create, enable, delete, or edit NetCache aggregate bandwidth management rules.




Defining Rules Cont’d


DNS Caching

DNS Caching

You can expand NetCache DNS capability by configuring a NetCache Appliance to function as a DNS proxy cache for use by clients. Clients send DNS queries to the NetCache Appliance. If the appliance has the host name to IP addresses mapping in its cache, it can resolve the DNS query without contacting the DNS nameserver. If the appliance cannot resolve a DNS query, it contacts a DNS nameserver to resolve the query, caches the host name and IP addresses resulting from the query, and returns the host’s IP addresses to the client.

NetCache always caches the results of lookups that it initiated and sent to a DNS nameserver. (DNS nameservers are identified in the Nameservers option on the Setup > DNS > General page in the NetCache Manager utility.) NetCache then serves the host’s IP address for NetCache internal processes without having to query the DNS nameserver with subsequent requests for the same host name. This type of DNS caching is not configurable.


DNS Configuration

DNS Configuration Options on the Setup tab > DNS > General page are used to set up the NetCache appliance to use domain name service (DNS) for host name resolution.



DNS Tree Search

DNS Tree Search This option enables and disables DNS domain-tree searching.

DNS Search Paths Identifies the paths that NetCache should follow when trying to resolve a host name if the domain name in the URL is not fully qualified.


Error! Not a valid link.

Hosts File This option allows you to input DNS entries (host names and the associated IP addresses) that enable NetCache to carry out domain-name resolution locally when it needs tofetch data from an origin server in response to client requests

DNS Caching Enable When DNS caching is enabled, this NetCache appliance acts as a DNS cache for client-initiated DNS lookups. NetCache caches DNS A- type records (a mapping of host name to IP addresses) and proxies all other DNS-related information.


Asynchronous DNS

• Options for retries and retransmit timeouts are configurable to overcome bottleneck

• Now DNS resolution is accomplished differently in the code to support Asynchronous DNS

• Nothing to configure - Shipped with Asynchronous DNS enabled


Iterative DNS• Resolution

– get IP from name– get name from IP

• Recursive query– Ask that the answer be explicitly returned– Return an answer (or error)– If no answer, do not look for it – return an error

• Iterative query –– Resolve DNS queries through repetitive queries– If the answer is not found, go to another DNS server

NetCache 5.3 caches:

• MX records (mail exchange)

• SOA records (start of authority)

• PTR records (ip_addr-to-hostname)

NetCache 5.3 uses a full service resolver.


DNS Resolution

A

CB

D

Resolver

1query

2query

4query

3referral

5referral

6query

7answer

8answer

Albitz, P. and Liu, C., DNS and BIND 4th Ed., O”Rielly & Associates, Inc, 2001, pp.31.

The Resolution Process1 1. Name server A receives a recursive query from the resolver.

2. A sends an iterative query to B.

3. B refers A to other name servers, including C.

4. A sends an iterative query to C.

5. C refers A to other name servers, including D.

6. A sends am iterative query to D.

7. D answers.

8. A returns answer to resolver.

1 Albitz, P. and Liu, C., DNS and BIND 4th Ed., O”Rielly & Associates, Inc, 2001, pp.31.


Setup > DNS >General

Iterative Resolution Reverse Query Rules If iterative DNS query resolution is enabled, this option lists rules that specify on which IP addresses to carry out iterative or recursive reverse DNS lookups..

Syntax

{iterate|recurse} [!] ip_addr/{netmask|cidr} Where:

{iterate|recurse} specify whether the reverse DNS query will be iterative or recursive.

! optionally specifies that the iterative or recursive query be carried out on all IP addresses except those specified by the ip_addr/{netmask|cidr} parameter of this rule.

ip_addr/{netmask|cidr} is IP subnet in either IP address/netmask or IP address/CIDR notation of the IP address to be resolved..


Setup > DNS >General cont’d

Examples Rule Effect

iterate .192.0.0.0/8 NetCache iteratively resolves IP addresses specified by the 192.0.0.0/8 CIDR notation. For example: 192.10.10.19, 192.0.0.1, 192.111.111.111 and so forth.

iterate !10.0.0.0/255.255.255.0. NetCache iteratively resolves IP addresses that are not specified by the 10.0.0.0/255.255.255.0 IP address/netmask notation. For example: 10.1.1.1 is iteratively resolved by this rule while 10.0.0.1 is not iteratively resolved by this rule.

Iterative Resolution Reverse Query Default If iterative DNS query resolution is enabled, this setting specifies the reverse DNS query type, iterative, or recursive, to be applied to IP addresses that are not specified in the Iterative Resolution Reverse Query Rules option. Enter either: iterate or recurse.


Per Domain TTL ExpirationSetup > DNS > General

config.system.dns.domain_ttl=\\wireless.netapp.com.0.0.0.10.in-addr.arpa.\\


CLI Configuration

netcache>config.system.dns.ires.enable = on

netcache>config.system.dns.ires.forward = \\netapp.com.\\


Network Admin Exercises

• Set NIC parameters• Configure network interfaces• Explore the NetCache routing table • Configure DNS• Configure Split DNS


Network Admin Exercises

• 30 minutes in length• Utilizing Breakout rooms• Instructor will visit all rooms• Broadcast announcement 5 minutes

prior to regroup• Stay focussed, start telnet, start GUI• Share microphones, or no one else can

be heard


Network Administration Exercises

Objectives This module will help you become familiar with the following:

• Setting NIC parameters

• Load Balancing network interface cards

• Viewing and adding static routes to routing table

• Configuring DNS name servers

• Split DNS

• Configure NetCache to locate authenticating server without DNS

Time Estimate: 30 minutes

Required Hardware, Software, and Tools

Hardware

• PC Workstation

• NetCache appliance

• Two DNS name servers

Software • Two DNS domains

• NetCache 5.4

• Netscape Navigator 4.7 (Netscape 6.0 is not compatible with the NetCache Manager GUI at the date of this publication.)

• Internet Explorer 5.5 or later


Setting NIC parameters

Overview:

− In this exercise you will practice configuring NIC IP address and other parameters.

Configuration network interfaces: 1. Access the NetCache Manager

2. Select Setup > Network > Interfaces.

3. Select the Edit link beside e0a and review the parameters.

For a unique IP address, use the following IP address chart for the classroom network.

− NetCache Host Name

− Internal IP Address for e0a

− External IP Address for e0a

− netcache101 − 10.32.69.101 − 64.94.95.101

− netcache102 − 10.32.69.102 − 64.94.95.102

− netcache103 − 10.32.69.103 − 64.94.95.103

− netcache104 − 10.32.69.104 − 64.94.95.104

− netcache105 − 10.32.69.105 − 64.94.95.105

− netcache106 − 10.32.69.106 − 64.94.95.106

− netcache107 − 10.32.69.107 − 64.94.95.107

− netcache108 − 10.32.69.108 − 64.94.95.108

4. Commit Changes.

Test configuration of network interface:

5. To check the configuration of your network interfaces type: ifconfig –a at the command line of your NetCache,


You should see all parameters for all network interface cards as configured.

Notice that you can also configure NICs from the command line with the ifconfig command. Please note that to use the ifconfig command to configure NICs, you would also need the ifconfig –set” command to set the configurations to be persistent across reboots.

6. To see that both network interface cards are alive on the network, go to the command prompt of your windows PC and ping the interface card.

Example:

ping 10.32.69.101

You should see a response from the NIC.


Getting Familiar with NetCache Routing Table 1. Select Setup > Network > Routing on the NetCache Manager.

2. Write down the Default Gateway shown on the General tab

3. Move to All Routes tab and view the routing table. (note: you can not delete the entry with the Destination Default)

4. From the NetCache command line interface, enter the command:

netcache> netstat -r

5. Does this routing table contain the same information as the NetCache Manager?

6. From the workstation command line interface, enter the command:

C:> ping 10.32.70.10

This host is in a different subnet from the NetCache appliance. You should be able to reach the host through the gateway router.


netcache> route delete default 10.32.70.10 This command removes the default gateway entry from the routing table.


netcache> netstat -r

9. Is the default route still in the routing table? If yes, wait a few moments and then run netstat –r again.

10. From the workstation command line interface, enter the command:

C:> ping 10.32.70.10

This host is in a different subnet from the NetCache appliance. This time you should not be able to reach this 10.32.70.10.


Configuring DNS name servers 1. Select Setup > DNS > General on the NetCache Manager

2. Verify that the NetCache Domain is the DNS domain is set to the same as the PC domain. (europe.demo.netapp.com)

3. From the NetCache command line interface, enter the commands:

netcache> show config.system.dns.nameservers netcache> show config.dns.enable The values should reflect your recent changes in the NetCache Manager.


netcache> ping pdc After about a minute you should receive an error message stating “error=No route to host”.

5. Verify that the nameserver is 10.32.70.10 using either the GUI or the CLI

6. Check the DNS name server configuration. From the NetCache command line interface, enter the command:

netcache> show config.system.dns.nameservers

7. Add the default route back into the routing table: From the NetCache command line interface, enter the command:

netcache> route add default 10.32.69.1 1 netcache> config.system.gateways.ip = 10.32.69.1

8. Issue the ping command again. You should see different results.


Viewing DNS lookup statistics 1. Select on the NetCache Manager.

2. Select Refresh Now.

3. From a browser that is proxied to your NetCache, go to a few sites.

4. Select Data > DNS > General on the NetCache Manager.

5. Record the number of DNS lookups that failed and succeeded

Failed ______

Succeeded_____

6. Open a browser client and ensure that it is configured to use the NetCache as a proxy.

7. Go to a few web locations.

8. Return to NetCache Manager and select Data > DNS > General

9. Observe the number of DNS lookups that failed and succeeded and compare them to the number you recorded above.

Failed ______

Succeeded_____

.


Configuring DNS 1. Select Setup > DNS > General on the NetCache Manager.

2. Ensure that the DNS is configured with the domain name: europe.demo.netapp.com and the name server is 10.32.69.20

3. Commit Changes.

4. Disable DNS Tree-Search.

5. Under DNS Search Paths, type demo.netapp.com and europe.demo.netapp.com

6. Commit Changes.

Net_Admin

Documents

Transcript of Net_Admin