Network

Administration

March 2003

Net Admin 1

Objectives
When you have completed this module you will be able
to do the following:

Describe interfaces supported by NetCache

Describe Virtual Interfacing
Describe routing on a NetCache appliance
View Routing Tables
Configure bandwidth allocation
Configure DNS

March 2003

Net Admin 2

Interface Names
C1200/2100/6100
NetCache supports these
network types:

- 10 Mbit Ethernet
- 100 Mbit Ethernet
- Gigabit Ethernet (1000 Mbit)
- FDDI (C6100 & C3100)
- CDDI (C6100 & C3100)

Interfaces names MUST

have:
Network type
Slot number
Port number (if multi-port
adapter card)

March 2003

Net Admin 3

Setup > Network > General

Network General
This page is used to configure port, interface, and IP address settings to control incoming
and outgoing traffic for the NetCache appliance.
Refer to Online Help for specific configuration information.

March 2003

Net Admin 4

Network Configuration contd.

Refer to Online Help for specific configuration information.

March 2003

Net Admin 5

Network Configuration contd.

Refer to Online Help for specific configuration information.

March 2003

Net Admin 6

Configure Interfaces

Network Interfaces
The options on this page are used to view, configure, or change information about each
network interface. This page is also used to create, configure, or destroy a virtual
interface on this NetCache appliance using the Virtual Interfaces tab
Refer to Online Help for specific configuration information.

March 2003

Net Admin 7

Virtual Interface
Aggregate multiple ethernet links into a single
logical channel between two devices
Clients access a single virtual IP address
Etherchannel
Switch
e1
e2
e3
e4

Load Balancing

Virtual IP address

Virtual Interfaces (VIF) are a logical group of interfaces

To get the security of fail over or the throughput that multiple interfaces working as one
interface can provide, you can group up to four Ethernet interfaces into a virtual interface.
You group them into a logical interface unit known as a trunk or a VIF. A VIF is
composed of links, each of which is a physical interface.

March 2003

Net Admin 8

Single-mode Trunk
Provides fail over capabilities

Switch

Switch

e0 fails
e0

e1
vif0

e0

e1
vif0

Single-mode Trunk
In a single-mode, only one of the interfaces is active. The other interfaces are on standby,
ready to take over if the active interface fails.
In the figure above, e0 and e1 are part of the SingleTrunk1 single-mode trunk. The active
interface, e0, fails. Failure means that the link status of the interface is down, which
signals that the interface has lost connection with the switch. The e1 interface takes over
and maintains the connection. The interface e1 also takes over the MAC address of the e0
interface.
With single-mode trunks, the NetCache performs takeover based on the absence of a link.

March 2003

Net Admin 9

Multi-mode Trunk

Switch

e0

e1 e2 e3
MultiTrunk1

Multiple-mode trunks
In a multiple-mode trunk all the interfaces are active. This provides greater speed than a
single interface if there are multiple hosts accessing the NetCache. This will not improve
performance for a single host.
A multiple-mode trunk requires a switch that supports manually configurable trunking.
The switch determines how the load is balanced among the interfaces.
In the figure above, e0, e1, e2, and e3 are part of the MultiTrunk1 multiple-mode trunk.
All four interfaces in the MultiTrunk1 multiple-mode trunk are active.

Hardware requirements for trunks

To use a multiple-mode trunk, you need a switch that supports manually configurable
trunking over multiple port connections. The switch determines how to forward incoming
packets to the NetCache, so you configure the switch so that all the port connections are
part of a single logical port. For information about configuring the switch, see the switch
documentation.
NetCache network interfaces that are part of the same trunk do not have to be on the
same network card, but some Ethernet switches and routers require that all members of
the trunk be either half-duplex or full-duplex

March 2003

Net Admin 10

Configuring VIF

Configuring a VIF
This page is used to create, destroy, add physical interfaces to, or to change the mode of,
a virtual interface on the NetCache appliance.
Refer to Online Help for specific configuration information.

March 2003

Net Admin 11

Virtual Interface Commands

The "-set" option is used to record the
changes to disk so that changes will be
persistent across reboots
Usage:
>vif
>vif
>vif
>vif
>vif
>vif

create [single|multi] <vif_name> [<interface_list>] [vif_-set]

destroy <vif_name> [vif_-set]
add <vif_name> <interface_list> [vif_-set]
{favor|nofavor} <interface> [vif_-set]
status [<vif_name>] [vif_-set]
stat vif_name [interval] [vif_-set]

Virtual Interface Commands

Refer to the command line help for specific additional information.

March 2003

Net Admin 12

Routing on the NetCache

Does not function as a router
routed daemon
Listens to the network for RIP packets
Adds routes based on ICMP redirects
Checks the status of the default router

Network - Routing
Typically, the NetCache Appliance learns explicit routes through the ICMP redirect
messages it receives from the default router. The NetCache Appliance relies on the
default route and explicit routes for routing its own packets. If, for some reason, your
NetCache Appliance cannot learn an explicit route, you can add the route here. If the
NetCache Appliance cannot find an explicit route in the routing table for a particular
destination, it uses the default route.

How NetCache routes

Even though the NetCache Appliance can have multiple network interfaces, it does not
route packets between its interfaces on behalf of other network hosts.

About routed
Routed is a simple routing daemon that is enabled at boot time. Routed helps manage
multiple routers and enables you to create redundant routing schemes. It listens for
Routing Information Protocol (RIP) packets to determine which routers on the network
are alive. The NetCache Appliance does not rely on routed to construct the routing table.
You can turn off routed on the Network Settings page. If you do so, ensure that a default
router is designated on the Basic Configuration Settings page.

March 2003

Net Admin 13

Configure Routing

Configure Routing
This page is used to configure routing on the NetCache. This tab is accessed at Setup >
Network >Routing.
Refer to Online Help for specific configuration information.

March 2003

Net Admin 14

Viewing Routes

Viewing Routes
This page is used to view routing configurations on the NetCache. This tab is accessed at
Setup > Network >Routing.
Refer to Online Help for specific configuration information.

March 2003

Net Admin 15

Adding Static Routes

CLI:
netcache>config.system.routes = \\
net 10.41.66.1 10.41.6.1 1
\\

Adding Static Routes

This page is used to add or delete static routes on the NetCache. This tab is accessed at
Setup > Network >Routing.
Refer to Online Help for specific configuration information.

March 2003

Net Admin 16

Bandwidth Allocation
Limit bandwidth usage for certain
classes of traffic
Other products classify traffic based on
TCP/IP headers only
NetCache can classify traffic based on
attributes of higher level protocols

Bandwidth Allocation
The NetCache bandwidth allocation feature enables you to control the total bandwidth
capacity that specified categories of connections can collectively consume on the
NetCache appliance. Using the NetCache Manager fields associated with bandwidth
allocation, you can:

Set aside portions of your total NetCache bandwidth capacity into various-size\
capacity bandwidth pipes.

Assign connections matching a specified set of properties, such as protocol,

source or destination IP addresses, and inbound (server side) or outbound (client
side) communication to a bandwidth pipe.

All connections assigned to a specific bandwidth pipe share the total bandwidth space
allocated for that bandwidth pipe. The NetCache appliance enforces the bandwidth limit,
if necessary, by using buffers to space out both incoming and outgoing packets. As a
result, TCP connections, as well as protocol connections based on UDP, gracefully use
the specified bandwidth pipe with a minimum of burstiness, allowing NetCache to
enforce the bandwidth allocation rules efficiently.

March 2003

Net Admin 17

Bandwidth Allocation Uses

Practical uses for the bandwidth allocation management feature include the ability to:

Limit all inbound streaming traffic to a given maximum bandwidth

Restrict aggregate bandwidth by single protocol (IP, TCP, UDP, MMS, RTSP,
HTTP) or by a streaming protocol set (both RTSP and MMS)

Limit aggregate bandwidth to or from a client or origin server

Limit the bandwidth usage on any given interface

March 2003

Net Admin 18

Bandwidth Allocation Rules

Rules control network connection bandwidth capacity
Rules set aside a portion of total NetCache
bandwidth capacity for a specified capacity
"bandwidth pipe"
Rules assign connections to a bandwidth pipe based
on a specified set of properties
All connections to a specific bandwidth pipe share the
total bandwidth limit

Bandwidth allocation rules

Bandwidth allocation rules control the total bandwidth capacity that network connections
belonging to one or more specified categories can collectively use up on the NetCache
appliance. The bandwidth allocation rule that you configure on this page enables you to:

Set aside a portion of your total NetCache bandwidth capacity for a specified capacity
"bandwidth pipe."

Assign connections to a bandwidth pipe based on a specified set of properties, such as

protocols, source or destination IP addresses and port numbers, inbound or outbound
status, or other properties.

All connections assigned to a specific bandwidth pipe share the total bandwidth space
assigned to that bandwidth pipe. NetCache enforces the bandwidth limit by using buffers
to "space out" both incoming and outgoing packets in compliance with that pipe's
bandwidth limit.
As a result, TCP connections, as well as protocol connections based on UDP, gracefully
use the specified bandwidth pipe with a minimum of burstiness, allowing NetCache to
enforce the bandwidth allocation rules efficiently.

March 2003

Net Admin 19

Configuring BW Allocation at the CLI

config.ipfw.bwmgr.buckets
pipe 1 bw 50Kbit/s
pipe 2 bw 200Kbit/s

config.ipfw.rules
pipe 1 streaming inbound time 9AM-7PM
pipe 2 streaming inbound

config.ipfw.enable
on/off

Refer to the command line help for specific additional information.

March 2003

Net Admin 20

Bandwidth Allocation Enable

Setup > Network > Bandwidth Allocation

This page is used to enable bandwidth allocation.

Refer to Online Help for specific configuration information.

March 2003

Net Admin 21

Bandwidth Buckets
Setup > Network > Buckets Tab

config.ipfw.bwmgr.buckets

March 2003

Net Admin 22

Bandwidth Allocation Rules

Setup > Network > Bandwidth Allocation

March 2003

Net Admin 23

Defining Rules

Defining Riles
Options on the Setup > Network > Bandwidth Allocation page are used to create,
enable, delete, or edit NetCache aggregate bandwidth management rules.
Refer to Online Help for specific configuration information.

Refer to Online Help for specific configuration information.

March 2003

Net Admin 24

Defining Rules Contd

March 2003

Net Admin 25

DNS Caching

DNS Caching
You can expand NetCache DNS capability by configuring a NetCache Appliance to
function as a DNS proxy cache for use by clients. Clients send DNS queries to the
NetCache Appliance. If the appliance has the host name to IP addresses mapping in its
cache, it can resolve the DNS query without contacting the DNS nameserver. If the
appliance cannot resolve a DNS query, it contacts a DNS nameserver to resolve the
query, caches the host name and IP addresses resulting from the query, and returns the
hosts IP addresses to the client.
NetCache always caches the results of lookups that it initiated and sent to a DNS
nameserver. (DNS nameservers are identified in the Nameservers option on the Setup >
DNS > General page in the NetCache Manager utility.) NetCache then serves the hosts
IP address for NetCache internal processes without having to query the DNS nameserver
with subsequent requests for the same host name. This type of DNS caching is not
configurable.

March 2003

Net Admin 26

DNS Configuration

DNS Configuration
Options on the Setup tab > DNS > General page are used to set up the NetCache
appliance to use domain name service (DNS) for host name resolution.
Refer to Online Help for specific configuration information.

March 2003

Net Admin 27

DNS Tree Search

DNS Tree Search

This option enables and disables DNS domain-tree searching.

DNS Search Paths

Identifies the paths that NetCache should follow when trying to resolve a host name if the
domain name in the URL is not fully qualified.
Refer to Online Help for specific configuration information.
Error! Not a valid link.

Hosts File
This option allows you to input DNS entries (host names and the associated IP addresses)
that enable NetCache to carry out domain-name resolution locally when it needs tofetch
data from an origin server in response to client requests

DNS Caching Enable

When DNS caching is enabled, this NetCache appliance acts as a DNS cache for clientinitiated DNS lookups. NetCache caches DNS A- type records (a mapping of host name
to IP addresses) and proxies all other DNS-related information.

March 2003

Net Admin 28

Refer to Online Help for specific configuration information.

March 2003

Net Admin 29

Asynchronous DNS
Options for retries and retransmit timeouts
are configurable to overcome bottleneck
Now DNS resolution is accomplished
differently in the code to support
Asynchronous DNS
Nothing to configure - Shipped with
Asynchronous DNS enabled

March 2003

Net Admin 30

Iterative DNS
Resolution
get IP from name
get name from IP
Recursive query
Ask that the answer be explicitly returned
Return an answer (or error)
If no answer, do not look for it return an error
Iterative query
Resolve DNS queries through repetitive queries
If the answer is not found, go to another DNS server

NetCache 5.3 caches:

MX records (mail exchange)

SOA records (start of authority)

PTR records (ip_addr-to-hostname)

NetCache 5.3 uses a full service resolver.

March 2003

Net Admin 31

DNS Resolution

B
query
query

referral

C
referral

5
query

A
query

6
answer

1
answer

8
Resolver
Albitz, P. and Liu, C., DNS and BIND 4th Ed., ORielly & Associates, Inc, 2001, pp.31.

The Resolution Process1

1. Name server A receives a recursive query from the resolver.
2. A sends an iterative query to B.
3. B refers A to other name servers, including C.
4. A sends an iterative query to C.
5. C refers A to other name servers, including D.
6. A sends am iterative query to D.
7. D answers.
8. A returns answer to resolver.

Albitz, P. and Liu, C., DNS and BIND 4th Ed., ORielly & Associates, Inc, 2001, pp.31.

March 2003

Net Admin 32

Setup > DNS >General

Iterative Resolution Reverse Query Rules

If iterative DNS query resolution is enabled, this option lists rules that specify on which
IP addresses to carry out iterative or recursive reverse DNS lookups..
Syntax
{iterate|recurse} [!] ip_addr/{netmask|cidr}
Where:
{iterate|recurse} specify whether the reverse DNS query will be iterative or recursive.
! optionally specifies that the iterative or recursive query be carried out on all IP
addresses except those specified by the ip_addr/{netmask|cidr} parameter of this rule.
ip_addr/{netmask|cidr} is IP subnet in either IP address/netmask or IP address/CIDR
notation of the IP address to be resolved..

March 2003

Net Admin 33

Setup > DNS >General contd

Examples
Rule

Effect

iterate .192.0.0.0/8

NetCache iteratively resolves IP addresses specified

by the 192.0.0.0/8 CIDR notation. For example:
192.10.10.19, 192.0.0.1, 192.111.111.111 and so
forth.

iterate !10.0.0.0/255.255.255.0.

NetCache iteratively resolves IP addresses that are

not specified by the 10.0.0.0/255.255.255.0 IP
address/netmask notation. For example: 10.1.1.1 is
iteratively resolved by this rule while 10.0.0.1 is not
iteratively resolved by this rule.

Iterative Resolution Reverse Query Default

If iterative DNS query resolution is enabled, this setting specifies the reverse DNS query
type, iterative, or recursive, to be applied to IP addresses that are not specified in the
Iterative Resolution Reverse Query Rules option. Enter either: iterate or recurse.

March 2003

Net Admin 34

Per Domain TTL Expiration

Setup > DNS > General

config.system.dns.domain_ttl=\\
wireless.netapp.com.
0.0.0.10.in-addr.arpa.
\\

March 2003

Net Admin 35

CLI Configuration

netcache>config.system.dns.ires.enable = on
netcache>config.system.dns.ires.forward = \\
netapp.com.
\\

March 2003

Net Admin 36

Network Admin Exercises

Set NIC parameters

Configure network interfaces
Explore the NetCache routing table
Configure DNS
Configure Split DNS

March 2003

Net Admin 37

Network Admin Exercises

30 minutes in length
Utilizing Breakout rooms
Instructor will visit all rooms
Broadcast announcement 5 minutes
prior to regroup
Stay focussed, start telnet, start GUI
Share microphones, or no one else can
be heard

March 2003

Net Admin 38

Network Administration Exercises

Objectives
This module will help you become familiar with the following:

Setting NIC parameters

Load Balancing network interface cards

Viewing and adding static routes to routing table

Configuring DNS name servers

Split DNS

Configure NetCache to locate authenticating server without DNS

Time Estimate: 30 minutes

Required Hardware, Software, and Tools
Hardware

PC Workstation

NetCache appliance

Two DNS name servers

Software

Two DNS domains

NetCache 5.4

Netscape Navigator 4.7 (Netscape 6.0 is not compatible with the NetCache
Manager GUI at the date of this publication.)

Internet Explorer 5.5 or later

March 2003

Net Admin 39

Setting NIC parameters

Overview:
In this exercise you will practice configuring NIC IP address and other parameters.

Configuration network interfaces:

1.

Access the NetCache Manager

2.

Select Setup > Network > Interfaces.

3.

Select the Edit link beside e0a and review the parameters.

For a unique IP address, use the following IP address chart for the classroom network.

NetCache Host
Name

Internal IP Address
for e0a

External IP
Address for e0a

netcache101

10.32.69.101

64.94.95.101

netcache102

10.32.69.102

64.94.95.102

netcache103

10.32.69.103

64.94.95.103

netcache104

10.32.69.104

64.94.95.104

netcache105

10.32.69.105

64.94.95.105

netcache106

10.32.69.106

64.94.95.106

netcache107

10.32.69.107

64.94.95.107

netcache108

10.32.69.108

64.94.95.108

4.

Commit Changes.

Test configuration of network interface:

5.

To check the configuration of your network interfaces type: ifconfig a

at the command line of your NetCache,

March 2003

Net Admin 40

You should see all parameters for all network interface cards as configured.
Notice that you can also configure NICs from the command line with the
ifconfig command. Please note that to use the ifconfig command to
configure NICs, you would also need the ifconfig set command to
set the configurations to be persistent across reboots.
6.

To see that both network interface cards are alive on the network, go to the
command prompt of your windows PC and ping the interface card.
Example:
ping 10.32.69.101
You should see a response from the NIC.

March 2003

Net Admin 41

Getting Familiar with NetCache Routing Table

1.

Select Setup > Network > Routing on the NetCache Manager.

2.

Write down the Default Gateway shown on the General tab

3.

Move to All Routes tab and view the routing table. (note: you can not delete
the entry with the Destination Default)

4.

From the NetCache command line interface, enter the command:

netcache> netstat -r

5.
6.

Does this routing table contain the same information as the NetCache
Manager?
From the workstation command line interface, enter the command:
C:> ping 10.32.70.10
This host is in a different subnet from the NetCache appliance. You should
be able to reach the host through the gateway router.

7.

From the NetCache command line interface, enter the command:

netcache> route delete default 10.32.70.10
This command removes the default gateway entry from the routing table.

8.

From the NetCache command line interface, enter the command:

netcache> netstat -r

9.
10.

Is the default route still in the routing table? If yes, wait a few moments and
then run netstat r again.
From the workstation command line interface, enter the command:
C:> ping 10.32.70.10
This host is in a different subnet from the NetCache appliance. This time you
should not be able to reach this 10.32.70.10.

March 2003

Net Admin 42

Configuring DNS name servers

1.

Select Setup > DNS > General on the NetCache Manager

2.

Verify that the NetCache Domain is the DNS domain is set to the same as the
PC domain. (europe.demo.netapp.com)

3.

From the NetCache command line interface, enter the commands:

netcache> show config.system.dns.nameservers
netcache> show config.dns.enable
The values should reflect your recent changes in the NetCache Manager.

4.

From the NetCache command line interface, enter the command:

netcache> ping pdc
After about a minute you should receive an error message stating error=No
route to host.

5.
6.

Verify that the nameserver is 10.32.70.10 using either the GUI or the CLI
Check the DNS name server configuration. From the NetCache command
line interface, enter the command:
netcache> show config.system.dns.nameservers

7.

Add the default route back into the routing table: From the NetCache
command line interface, enter the command:
netcache> route add default 10.32.69.1 1
netcache> config.system.gateways.ip = 10.32.69.1

8.

Issue the ping command again. You should see different results.

March 2003

Net Admin 43

Viewing DNS lookup statistics

1.
2.
3.
4.
5.

Select on the NetCache Manager.

Select Refresh Now.
From a browser that is proxied to your NetCache, go to a few sites.
Select Data > DNS > General on the NetCache Manager.
Record the number of DNS lookups that failed and succeeded
Failed ______
Succeeded_____

6.
7.
8.
9.

Open a browser client and ensure that it is configured to use the NetCache as
a proxy.
Go to a few web locations.
Return to NetCache Manager and select Data > DNS > General
Observe the number of DNS lookups that failed and succeeded and compare
them to the number you recorded above.
Failed ______
Succeeded_____

March 2003

Net Admin 44

Configuring DNS
1.
2.
3.
4.
5.
6.

Select Setup > DNS > General on the NetCache Manager.

Ensure that the DNS is configured with the domain name:
europe.demo.netapp.com and the name server is 10.32.69.20
Commit Changes.
Disable DNS Tree-Search.
Under DNS Search Paths, type demo.netapp.com and
europe.demo.netapp.com
Commit Changes.

March 2003

Net Admin 45