Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Release 1.3.0
Copyright
Copyright 2008 by PeerApp.
If you require any assistance, please contact us: PeerApp Headquarters PeerApp Inc. Echo Bridge Office Park 381 Elliot Street, Suite 140LNewton Upper Falls MA 02464, USA http://www.peerapp.com support@peerapp.com
Table of Contents
About This Guide ....................................................................................................... 1 Chapter Summaries ........................................................................................................ 1 Acronyms ........................................................................................................................ 2 Chapter 1 Overview ................................................................................................................... 3 The Building Blocks of the Solution ................................................................................ 3 Hardware Architecture ................................................................................................... 4 Network Connectivity ..................................................................................................... 5 Software Architecture .................................................................................................... 5 Management .................................................................................................................. 6 Management Connectivity ............................................................................................. 6 System Configuration ..................................................................................................... 7 System Monitoring ......................................................................................................... 7 Software Upgrades ......................................................................................................... 7 Typical Network Configurations ..................................................................................... 8 Working With UltraBand 1000 Management Tools ................................................... 10 Working With the CLI ...................................................................................................11
Getting Started with the CLI ................................................................................................ 11 CLI Command Editing Features ............................................................................................ 12 CLI Modes ............................................................................................................................ 13
Chapter 2
Accessing UltraBand 1000 SNMP Information .............................................................16 Chapter 3 Configuring UltraBand 1000 ..................................................................................... 17 Main Operational Features (Quick Jumpstart) .............................................................18 The UltraBand 1000 Platform Features ........................................................................18
Caching Specific Features .................................................................................................... 19 Platform Specific Features ................................................................................................... 21
Chapter 4
UltraBand 1000 CLI Commands ................................................................................ 32 Regular Mode Commands ............................................................................................33 Enable Mode Commands .............................................................................................51 Monitoring UltraBand 1000...................................................................................... 81 Supported Setups .................................................................................................... 83 Using PBR on High Ports ...............................................................................................84
Alteon DPI with Asymmetric and UltraBand 1000 ............................................................... 84
Chapter 5 Chapter 6
Chapter 7
Multi-Tunnel Mode.....................................................................................................105
ISP Router Configuration ................................................................................................... 105
ii
UltraBand 1000 Configuration ........................................................................................... 106 PeerApp Router Configuration .......................................................................................... 107 Alteon Configuration ......................................................................................................... 107
Appendix A CLI Reference......................................................................................................... 117 Regular Mode .............................................................................................................117 Enable Mode...............................................................................................................118 Configuration Mode ...................................................................................................120 Server Mode ...............................................................................................................120
iii
Chapter Summaries
This document is organized into the following chapters:
Overview This chapter introduces the UltraBand 1000, explains the parts and
components, and helps you understand the concepts required to use the rest of this guide.
Working With UltraBand 1000 Management Tools This chapter describes how to use the
management tools provided by the UltraBand 1000, including the CLI, file upload and download capabilities, the configuration file, and SNMP. The information provided in this chapter is required to perform the management tasks in the remaining chapters.
Configuring UltraBand 1000 This chapter describes how to configure and perform
maintenance on the UltraBand 1000, including system configuration, network configuration, and the P2P software functionality.
UltraBand 1000 CLI Commands This chapter describes how to work with the
UltraBand 1000 CLI.
Monitoring UltraBand 1000 This chapter describes how to monitor the UltraBand 1000
by viewing networking and cache statistics.
Supported Setups This chapter defines the setups that are supported in UltraBand 1000
installations.
Sample Configuration Setups This chapter presents the sample configuration files for the
various setups that are supported in UltraBand 1000 installations.
CLI Reference This appendix presents all the commands available in the CLI along with
brief explanations for each of them.
Acronyms
Table 1: Acronyms
Stands for A unique identifier for a file that is retrievable using peer to peer protocol. UltraBand 1000.
1
Overview
The UltraBand 1000 is a network appliance designed for ISPs that localizes and reduces P2P traffic on your networks by up to 70%. The UltraBand 1000 intercepts P2P traffic on your network, monitors P2P activity, caches requests, and serves the requested P2P files from the cache instead of the wide area network. The UltraBand 1000 P2P easily integrates into your network. Its scalable architecture grows with your network requirements and can scale to a multi-gigabit solution.
Powerful L4/L7 switch The switch is responsible for redirection of P2P traffic to the
caching engine and is placed seamlessly in the existing network. The configuration is based on P2P protocol specific L4/L7 signatures, which ensure the P2P, and only the P2P, traffic is forwarded to the Caching engine. The switch is introduced into the network as a Layer 2 switch connected with GbE links. The switch provides added value services, such as applying policies (for example: capping, coloring packets, and blocking) to specific types of traffic and the ability to provide detailed reporting and network analysis. It is important to emphasize that the Switch does not interact in any way with the adjacent equipment beyond the Layer 2 level. This is to say that there is no change to SRC or Destination IPs.
The switch is only mandatory for promiscuous and bounce PBR mode.
Caching engine with multiple I/O processing modules The heart of the UltraBand 1000
caching solution is the Caching Engine. The Caching Engine is based on a modular technology, which can scale to a multiGigabit solution. The Caching engine analyzes the
P2P traffic and is in charge of the actual bandwidth savings achieved by caching and retrieving files from the centralized storage.
Centralized storage array The storage array is a high performance system selected to
answer the extreme demands posed by the P2P traffic. Centralized storage eliminates content duplication, providing a scalable platform for increased bandwidth. Figure 1 illustrates the UltraBand 1000 solution elements, L4/L7 switch, modular caching engine, and centralized storage.
The UltraBand 1000 solution is managed through an out-of-band network, which is separate from the data flow, providing the ultimate security.
Hardware Architecture
The UltraBand 1000 is a carrier grade platform. The platform is made of four building blocks:
Management server
Dual Core Intel Xeon. 2.0GB, 677MHz FBD. Dual Gigabit Ethernet.
L2 Ethernet switch
Aggregating iSCSI storage, control, and management traffic. CISCO 2960 with 24/48 ports.
Network Connectivity
The external interfaces towards the network are GbE links. These interfaces can either be single/multi mode fiber or copper. Internal links between the Caching engines, management server, and storage arrays are GbE copper links.
Software Architecture
PeerApp has developed a high-performance caching engine, which provides efficient manipulation of traffic. There are four distinct layers in the software architecture networking, application, storage, and distributed file system. The network layer does not rely on previous L4/L7 detection of P2P, although this would result in greatly improved performance. The classifier manages the TCP sessions and is capable of basic detection of P2P protocols. Non-P2P sessions, in the case of a miss in the L4/L7 switch or the use of a Layer 4 redirection scheme, are forwarded transparently. The inspection module works hand-in-hand with the classifier defining how to treat each session. This module is protocol aware. Once the session has been established, the classifier directs the session to the caching module, which either saves the data to disk and continues forwarding it to the client, or intercepts the connection and serves the content from disk. The storage layer is responsible for saving and retrieving data from the Distributed file system. The disk manager decides what to save and maintains a local database, synchronized with all the other caching servers, of all the content available.
All four layers are accessible via a management API and are centrally controlled by the management server.
Management
The UltraBand 1000 utilizes a centralized management system. The management server is responsible for configuration, monitoring, and data collection from all the elements within the solution (switches, storage, I/O servers, chassis). There are two ways to interact with the centralized management system:
CLI A familiar context-based interface for easy configuration and basic monitoring. The
CLI is accessible via a text-based interface via the console cable and remote SSH (v2).
SNMP The UltraBand 1000 provides a private MIB (SNMP v2) for easy access to all the
counters and information provided by the UltraBand 1000. This is especially useful for customers who prefer using already existing 3rd party software solutions. Monitoring via the private MIB offers centralized access to the UltraBand 1000.
Management Connectivity
The UltraBand 1000 provides two physical means of connection to the management system:
RS-232 Console connection to the CLI text based configuration and monitoring system. Out-of-band Ethernet TCP/UDP connectivity to the management system. Remote access
is via SSH V2 (CLI) or SNMP.
In an out-of-band management network, the network access control should allow access to the following ports for complete management functionality: TCP 22 (SSH), 161 (SNMP). UDP 161(SNMP). The UltraBand 1000 provides two security levels for users regular and enabled. The user database is stored locally on the appliance Enabled users are permitted to perform configuration commands, maintenance procedures, and low level debugging functionality. The regular level is permitted read-only commands, providing monitoring and basic debugging functionality.
System Configuration
Configurations are saved in text format and can be backed up on remote servers via TFTP. Although not recommended, the text based configuration files may be manipulated remotely and then downloaded to the UltraBand 1000 management server, providing a means of easily maintaining and altering configurations of multiple appliances.
System Monitoring
The UltraBand 1000 provides the ability to remotely monitor the system, via the CLI when the user is online, or via third party monitoring system, which uses SNMP and SNMP traps.
SNMP Provides access to all the statistics and environmental information in real-time. SNMP Traps Provides alarm triggered notification, including hardware failures (fans,
temperature, power, physical interfaces) and performance thresholds such as CPU utilization, and bandwidth consumption.
Software Upgrades
The UltraBand 1000 has two levels of software which are maintained the OS and application. OS upgrades are done infrequently and are usually security patches.
PBR/VRF routing solution This topology is used when the L4/L7 is not inline and the
router forwards at L4.
Basic inter-route solution This topology is for an ISP that wishes to put the L4/L7 inline. CMTS solution This topology is used when a cable service provider wishes to save
bandwidth within its network.
BRAS aggregation solution This topology is the same as CMTS but traffic is further
aggregated.
Asymmetric data solutions These topologies may be used in cases where ingress and
egress traffic may traverse in different routes.
Asymmetric topology with transparent forwarding solution This topology is used for
integration with Allot NetEnforcer in an asymmetric network topology.
Transparent forwarding solution This topology is used for integration with Allot
NetEnforcer using port-based redirection. The UltraBand 1000 is scalable to a multi-gigabit system and has been designed to grow with the network requirements. The basic unit consists of L4/L7 switch, multi-IO server chassis, 5 IO servers, single management server and a single storage array. Introducing this solution to a network provides redundancy of I/O data engines, management functionality, and the raid disk array. To supply redundancy for L4/L7 switch, another L4/L7 switch should be deployed in a hot-standby topology, much like that used in common networks. Scaling up the solution is obtained by adding additional caching engines per chassis, multiple chassis and increasing the storage.
2
Working With UltraBand 1000 Management Tools
This chapter describes how to use the management tools provided by the UltraBand 1000, including the CLI, file upload and download capabilities, the configuration file, and SNMP. The information provided in this chapter is required to perform the management tasks in the remaining chapters. The UltraBand 1000 uses a number of different tools to help you configure, manage, and monitor its performance. For some management tasks you may have a choice of which tool to use. For instance, you can view all statistics both using SNMP and using the CLI. Table 2 lists the different management tools that the UltraBand 1000 uses. Further information about these tools is available in the remainder of this chapter.
Table 2: Management Tools
Reference Use the CLI to perform most configuration and management tasks. For a complete description of the UltraBand 1000 CLI commands, refer to UltraBand 1000 CLI Commands on page 32. PeerApp provides license and software upgrades through the use of upgrade files that are downloaded to the UltraBand 1000 using a TFTP server. In addition, the configuration is modified by downloading a configuration file using TFTP.
TFTP
Use the configuration file to configure operational modes, caching, and SNMP settings. Use SNMP to monitor or view operational statistics of the UltraBand 1000. All the information available via SNMP is also available using the CLI.
10
Serial console The serial console is used to access the standard CLI and the rescue CLI.
The rescue CLI is used to enter the basic network and login information that you need to get the system up and running and is only available from the serial console. To access the standard CLI, login as admin. To access the rescue CLI, login as rescue. UltraBand 1000 ships with default passwords for both admin and rescue users set to system serial number. Please make sure to change them. For instructions to change passwords, refer to Configuring Passwords below.
11
Before configuring the network settings for the UltraBand 1000, or if you have changed your network settings so that UltraBand 1000 is inaccessible from outside, you must use the serial console connection. To log into the CLI using the serial console: 1. Connect to the USB port on the leftmost server in the chassis using USB-to-serial dongle. Use the following serial settings: 57600,N,1; hardware and software flow control disabled. After connecting to console of the management server the system prompts you for login. 2. Enter the special maintenance login rescue and press Enter. 3. Enter the password for rescue user at the password prompt and press Enter. The setup script is executed. After the setup script is finished, the system automatically logs you out. To log into the CLI using ssh over a local area network connection: 1. Connect to the UltraBand 1000 using ssh from any machine on your LAN. A login prompt is displayed. 2. Enter admin at the login prompt and press Enter. 3. Enter the password at the password prompt and press Enter. The CLI prompt (console>) is displayed. To get help in the CLI:
The ? key displays command and parameter hints. When basic command is incomplete,
this key displays multiple completion options, one per line together with a brief description. If a command is complete, pressing space + ? displays the next parameter hint.
12
CLI Modes
The UltraBand 1000 supports several CLI modes:
Regular Mode In Regular mode you can view system configuration and statistics, but
cannot change any settings. While in Regular mode you are prompted with the regular CLI prompt: console>. From Regular mode you can enter Enable mode or exit the CLI.
Enable Mode In Enable mode, you can update the license or software, set the date,
configure the login name and password. While in Enable mode you are prompted with the enabled CLI prompt: console#. From Enable mode, you can enter Configuration mode or Server mode, or return to Regular mode by the exit command.
Configuration Mode In Configuration mode you can configure any settings on the
system. While in Configuration mode you are prompted with the config CLI prompt: configuration#. From Configuration mode, you can return to Enable mode by exit command. Please note that only one user may use Configuration mode at any given time. If you exit Configuration mode without applying your changes, these changes are lost.
Server Mode In Server mode, you can start, stop, or restart an individual server. You can
also set the servers log level. While in Server mode you are prompted with the CLI server prompt: oper server <server number> # (for instance: oper server 1#). From Server mode, you can exit back to Enable mode by exit command.
Rescue CLI In addition to the standard CLI modes, the rescue CLI is to be used to recover
incorrect management network configuration and lost or forgotten CLI passwords. While in rescue CLI mode you are prompted with the rescue CLI prompt: rescue@ce-1#. In the rescue CLI mode, you can execute the following commands: access Reset the white and black management access lists. passwords Reset the admin and rescue passwords. network Configure following network parameters: IP address, netmask, default gateway, and DNS server. exit Exit the rescue CLI mode. help Print the list of rescue CLI commands. This command can also be executed by entering ? at the rescue CLI prompt. After executing one of the above commands, you can perform another command or exit the rescue CLI mode.
13
To switch from normal mode to Enable mode: 1. Enter enable at the CLI prompt. A password prompt is displayed. 2. Enter the Enable mode password and press Enter. You are now logged in to Enable mode. The prompt changes to the enabled CLI prompt. The default password for Enable mode is equal to system serial number. Please make sure to change it following the installation. For instructions on how to change passwords, refer to Configuring Passwords on page 23. While logged into Enable mode, you may sometimes need to run configuration commands. To do this you must change to Configuration mode. To switch to Configuration mode:
Enter config at the enabled CLI prompt. You are now in Configuration mode.
To exit Configuration mode:
Enter exit at the CLI config prompt. You are returned to Enable mode.
To switch to Server mode:
Enter oper server <server number> at the enable CLI prompt, where
<server number> is the number of the server you want to control (for instance: 1). You
Enter exit at the CLI server prompt. You are returned to Enable mode.
To switch from the enabled user to the normal user:
Enter exit at the enabled CLI prompt. You are returned to the Regular mode.
TFTP Server
To set up UltraBand 1000 for files uploading and downloading, you must have an external TFTP server running. You download files to the UltraBand 1000 using a TFTP server in order to:
Update the UltraBand 1000 software. Update the UltraBand 1000 license. Update the configuration by means of changes to the configuration file.
Before downloading a file to the UltraBand 1000, place the file onto the TFTP server.
14
Ensure that the changed configuration file is located on your TFTP server.
b. Enter import <IP address> <filename> at the CLI config prompt, where <IP address> is the IP address of your TFTP server and <filename> is the name of
the changed configuration file. After performing the above steps, the changed configuration is downloaded to the system, but it is not yet loaded as the new configuration. 5. You can display or discard the new configuration before loading it. To display the currently loaded configuration, enter show config at the CLI prompt. To display the new configuration, which was loaded, but not yet applied, enter display at the CLI config prompt. To show the differences between the current configuration and the downloaded changed configuration, enter diff at the CLI config prompt. To apply the new configuration in place of the current configuration, enter apply at the CLI config prompt. To discard the new configuration without making any changes to the current configuration, enter discard at the CLI config prompt. To restore the old configuration after applying a new configuration, enter restore at the CLI config prompt.
15
Each time you enter restore you revert to an older version of the configuration. After reverting to an older configuration, the newer configuration is discarded and cannot be restored.
mgmt-config The information in this section is for informational purposes only. After
downloading the configuration file from the system, this section displays the network settings on the system.
common Use this section to define the default settings for all servers. Any settings in the
individual server sections override the fields in this section.
server id=<#>, where <#> is the number of the caching engine server (slot number
minus 1). Use this section to define the settings for an individual server. Aside from the network configuration section, the fields in this section are contained in a service sub-section and are identical to the fields in the service sub-section of the common section. The settings in this section override the fields in the common section.
16
3
Configuring UltraBand 1000
This chapter describes the steps necessary to configure and perform maintenance on the system if you need to make any changes. The types of configuration described in this chapter include the following:
File-based configuration:
Configuring SNMP. Configuring L4/L7 Switch. Configuring P2P Protocols. Configuring Bandwidth Management. Configuring Traffic Forwarding Options. Configuring Caching Policies. Configuring Server Virtual IP Address. Configuring Server Data IP Address.
17
CLI-based configuration:
Configuring Management Network.
File-based configuration:
Configuring SNMP/NTP. Configuring P2P Protocols. Configuring Traffic Forwarding Options When deploying a UB1000 Grid platform, there are several different supported layer7 devices configurations that can be used. Symmetric / asymmetric connection modes with single/multiple port connections are possible, when configuring layer7 devices with the UB1000 Grid platform. Supported configurations are outlined hereafter.
Allot 2500 integration. Sandvine integration in divert mode. Multi-port network link failure handling. VLAN tagging full support. UB1000 Grid Allot integration - work with Allot as a redirector. Multi-Alteon support.
Asymmetric traffic support:
The ability to work with more than one tunneling mode with Allot.
Multi interface support:
Improve connectivity options, by adding support to work with more than one
physical Ethernet interface. Support is available for:
18
Selective caching Deals with the ability to control and dynamically change the popularity
decisions related to file caching. Stages will be changed dynamically as oppose to fixing a decision through a static configuration.
Small memory buffer When the traffic is very low because of a configuration of the
shaper, the memory buffer size might be too large (in memory) for this shaper. This feature allows control over the buffer size, to optimize memory use and tailor it to the way the traffic is shaped. If the buffer size does not match the shaped traffic size the cache will be filled-up too slow. Controlling the buffer size is done through the cluster-conf, using the following statement:
<memory> <small_io_blocks>8000</small_io_blocks> </memory>
Administrative state Locked Allows locking a specific server from handling traffic. (This
feature applies only to UltraBand 1000 systems)
<cache-engine> <admin_states> locked</admin_states> </cache-engine>
Upstream caching Last mile architecture suffers from limited upstream resources which
are gravely affected from Peer-to-Peer symmetrical traffic pattern. Upstream caching relives network congestion by providing cached pieces to Peers in other zones, directly from the cache instead of the last mile user.
HTTP caching UltraBand caches any large HTTP documents (such as, video files, video
streaming and images) in order to reduce bandwidth usage, and to improve user experience through accelerated document download time. Transparent HTTP caching is
19
implemented; therefore any standard HTTP contained document can be cashed regardless of the URL associated with it. Support for this protocol is configured through the cluster.conf file. Add the following configuration statement to the <protocols> section in Cluster.conf for the platform to support the HTTP protocol:
<enable-http>1</enable-http>
ARES protocol support Ares Galaxy is an open source P2P file sharing application and
protocol that uses its own decentralized supernode/leaf network. Support for this protocol is configured through the cluster.conf file. Add the following configuration syntax to the <protocols> section in Cluster.conf for the platform to support the ARES protocol:
<enable-ares>1</enable-ares>
Foxy support Foxy is a Gnutella client. Support for this protocol is configured through the
cluster.conf file. Add the following configuration syntax to the <policy> section in Cluster.conf for the platform to support the Foxy client:
<policy> <gnutella_foxy_support>1</gnutella_foxy_support> </policy>
PANDO support The UltraBand platform supports the PANDO protocol. Pando is a
proprietary software for P2P file sharing. It's mainly aimed at sending files using both Peerto-peer and Client-server architectures that would normally be too large to send via more conventional means. Pando uses a 256-bit end-to-end encryption method to secure communication among peers. The primary difference with traditional BitTorrent file transfer operation is that a copy of the shared file is uploaded to Pando's servers and remains there for a limited time, seeding it. In this way, the file remains available even after the original sender goes offline. Support for this protocol is configured using the cluster.conf file. Add the following configuration syntax to the <protocols> section in Cluster.conf for the platform to support the PANDO protocol:
<enable-pando>1</enable-pando>
20
Start/stop forwarding using a CLI command is supported. Please refer to the eventlog forward/stop commands in Enable Mode Commands on page 51.
Automatic idle session logout The timeout interval of an idle CLI session, after which the
session is terminated. Can be configured through a CLI command.
Management ACL (Access Control List) Provides an approved (white list) and a denied
(black-list) of system management features of the platform. These are the CLI and the WEB (UBview) management interfaces. This is done using IP subnet ranges (added/removed through the linux firewall). Configuration is done using the cluster.conf configuration file. There are two options for specifying the ACLs: Option 1 Allow some IP address and block all the rest. This can be done by defining some good IPs in the white list, and block all the rest:
<white_access_list> <access_entry>192.168.1.1</access_entry> <access_entry>192.168.1.2</access_entry> </white_access_list>
SNMP Traps forwarding The platform generates SNMP traps upon certain events.
Forwarding these traps to an external server is supported.
21
Controlling the traps forwarding is done through the clusted.conf file, with the following statements related to the IP of the traps server, SNMP communities etc. The following statements needs to be present in the cluster.conf:
<snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>ffff</snmp-trap-community> </snmp>
E-mail alerts In addition to SNMP traps, it is possible to forward critical platform alerts to
a specific e-mail server. This is controlled through the cluster.conf file, where the following statements needs to be added:
<mgmt-config> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> </mgmt-config>
Export CDR The platform tracks each cache-out session and writes out a CDR record
related to the session when it ends. The CDR recording files are created periodically and can be retrieved using FTP. The set of CDR files are created managed periodically. The following is a sample CDR record:
Time 06-07-08 07:38:16.980 Protocol HTTP, bytes sent 4751360, Downloader ip:port 213.190.209.114:1531, thread_id 0x51822940 log info [cdr:Statistics]
hash reason for closure 75053B09EC96DAE2D47748DA18F3EF8A618D1738, DOWNLOADER, connection length in seconds 12, uploader ip:port 74.125.4.150:80
UB1000 using iSCSI and Dell PowerVault MD3000i The UB1000 platform is now fully
integrated with the Dell MD3000i SAN storage solution. The Dell PowerVault MD3000i can consolidate up to sixteen (16) fully redundant hosts, expand to support up to 5.7TB of data (using 380GB SAS drives) and provides wizard based installation, intuitive management, advanced data protection software. Supporting the PowerVault MD3000i increases the storage capacity of the UB1000 platform and allows the creation of a clustered file-system (using two or more UB1000 platforms).
22
CLI-based Configuration
Configuring Passwords
To change the password required to log in to the CLI:
Enter access user-password <new password> at the enabled CLI prompt, where
<new password> is the new password for the normal user. The password is changed.
Enter access enable-password <new password> at the enabled CLI prompt, where
<new password> is the new password for the enabled user. The password is changed.
Recovering Passwords
Should you lose or forget the initial CLI password or Enable mode password, you can reset them to their default values through special rescue CLI. The rescue CLI is available from serial console only. For further information, refer to Rescue CLI on page 13.
23
24
Using the CLI: 1. Enter config at the enabled CLI prompt. You are now in Configuration mode. 2. Enter ntp server-ip <IP address> at the CLI config prompt, where <IP address> is the IP address of the NTP server. Instead of <IP address>, you can enter <127.127.1.0> for the local server. 3. Enter ntp timezone <timezone> at the CLI config prompt, where <timezone> is the local time zone according to its GMT offset. 4. Apply configuration using apply. Using the configuration file:
Managing Servers
To stop, start, or reset a single server:
25
File-based Configuration
When configuring software settings in the configuration file, you can set fields in the common section to apply to all servers, or in the specific section for an individual server. The fields in the individual servers section override the fields in the common section for that server. Sample configuration files can be found in Sample Configuration Setups on page 91.
Configuring SNMP
To set up SNMP:
26
common (or server<#>) service net switch-type Enter either L4 or L7 to select the desired switching type.
27
Corresponding Topology Single router is on either side of L4/L7 switch. Subscribers side of the L4/L7 switch has multiple routers. The L4/L7 switch forwards traffic via two dedicated ports without changing L2 addresses (as-is). The platform sends packets back using the same interface while swapping the source and destination MAC addresses.
1: enabled. 0: disabled.
28
common (or server<#>) service policy cache-direction Indicates in which direction to enable caching:
WORLD2ISP: traffic coming into the ISP en-route to subscribers machines. ISP2WORLD: traffic from subscribers going out to the Internet. ALL: all traffic in either direction.
common (or server<#>) service policy upload_cache_out Indicates the percentage of upstream P2P traffic that must come from the internal cache:
0%: disabled (all the upstream traffic can come from local peers). 1-99%: the specified percentage of the upstream traffic must come from the
UltraBand 1000 cache storage and the remainder can come from local peers.
100%: the upstream traffic can only come from the internal cache.
29
server<#> ipaddr The IP address of data interface of the server. server<#> netmask The IP netmask of data interface of the server.
New software You download new software versions of the UltraBand 1000, which are
delivered as a file.
New software license You download new versions of the UltraBand 1000 software
license, which is delivered as a file.
Enter show license at the CLI prompt. Information about the installed license is
displayed, including the version number and enabled features.
30
To install a new software license: 1. Place the new license file on your TFTP server. 2. Enter license get <tftp server> <file> at the enabled CLI prompt, where <tftp server> is the IP address of your TFTP server and <file> is the name of the new license file 3. Enter license activate to apply the license.
31
4
UltraBand 1000 CLI Commands
The UltraBand 1000 platform is controlled using a set of CLI commands, allowing full control over its operational states. The CLI commands are divided into two categories:
Enable mode commands Provides full control over the system configuration, cache
content manipulation, networking behavior, licensing, platform operation state, and managing the software version the system runs. This CLI interpreter is accessible through a unique username and password. The username is admin and the password is platform specific. The following is a sample authentication session:
login as: admin Using keyboard-interactive authentication. Password: PeerApp management: Cli version - 2.3.124 Snmp version - PeerApp management node software version 2.3.124 console>
This chapter provides a reference for all the CLI commands. Refer to CLI Reference on page 117 for a full list of available CLI commands.
32
Description Displays ARP table. Provides access to cache operations. Calculates the visible subnets on the interface. Displays the dmesg. Displays the Report Central Processing Unit (CPU), physical disks, network, paging and operating-system statistics, and I/O statistics. Enters Enable mode. Provides access to event log operations. Exits the current mode. Displays the list of Regular mode commands. Displays the interface(s). Displays extended I/O statistics. Sends jumbo echo messages. Sends echo messages. Displays run-time information. Dumps the traffic on the appropriate network interface. Displays the route used by the packet to reach its destination. Displays the list of users who are currently logged in.
enable eventlog exit help ifconfig iostat jumbo ping show tcpdump traceroute who
arp
The arp command displays the ARP table.
Command Parameters
None.
33
Sample Use
cache
The cache command provides access to the cache operations that are available in Regular mode.
Command Parameters
hash displays the cache metadata using a hash ID. list displays cache content in one of the following modes:
display displays cache content. export exports cache content to a TFTP server, where the server name and file location are specified as: <tftp server address> <filename>. The file to which the content is exported must exist, and must have write access to all. If localhost is used as the <tftp server address> parameter, then the file will be located under the /tftpboot/ folder. You can only use localhost if you have root access on the localhost server. Otherwise, you must use an external tftp server and not the caching server. Additional parameters for this command are available in Enable mode. Refer to cache on page 53 for a description of the Enable mode parameters.
34
Sample Use
35
######################################################### EDK: Number of total hashes 0 Number of files 0 BTR: Number of total hashes 0 Number of files 0 PANDO: Number of total hashes 0 Number of files 0 GNUTL: Number of total hashes 0 Number of files 0 ARES: Number of total hashes 0 Number of files 0 HTTP: Number of total hashes 821460 Number of files 821460 KAZ: Number of total hashes 0 Number of files 0 ######################################################### Avarage file size in storage HTTP: 10328523.72 bytes [9.85 MB] ######################################################### Full file size in cmdb: EDK 0 Full file size in cmdb: BTR 0 Full file size in cmdb: PANDO 0 Full file size in cmdb: GNUTL 0 Full file size in cmdb: ARES 0 Full file size in cmdb: HTTP 798356 Full file size in cmdb: KAZ 0 ######################################################### EDK average age of: hashes none stored files none BTR average age of: hashes none stored files none PANDO average age of: hashes none stored files none GNUT average age of: hashes none stored files none ARES average age of: hashes none stored files none HTTP average age of: hashes 369844 stored files 369844 KAZ average age of: hashes none stored files none ######################################################### BTR: Max piece 0 average pieces per file none ######################################################### Console>
direction
The direction command calculates the visible subnets on the specified interface.
Command Parameters
36
dmesg
The dmesg command displays the message buffer of the kernel (dmesg).
Command Parameters
None.
Sample Use
37
Netfilter messages via NETLINK v0.30. nf_conntrack version 0.5.0 (2047 buckets, 16376 max) monitor[4050]: segfault at 0000000000002336 rip 0000000000002336 rsp 00000000407e4088 error 14 monitor[19592]: segfault at 0000000000002336 rip 0000000000002336 rsp 00000000407e4088 error 14 monitor[13295]: segfault at 0000000000002336 rip 0000000000002336 rsp 00000000407e4088 error 14 monitor[6335]: segfault at 0000000000002336 rip 0000000000002336 rsp 00000000407e4088 error 14 device eth1 entered promiscuous mode audit(1222071719.088:6): dev=eth1 prom=256 old_prom=0 auid=4294967295 device eth1 left promiscuous mode audit(1222071730.929:7): dev=eth1 prom=0 old_prom=256 auid=4294967295 device eth1 entered promiscuous mode audit(1222071730.949:8): dev=eth1 prom=256 old_prom=0 auid=4294967295 device eth1 left promiscuous mode audit(1222071863.612:9): dev=eth1 prom=0 old_prom=256 auid=4294967295 device eth0 entered promiscuous mode audit(1222071878.921:10): dev=eth0 prom=256 old_prom=0 auid=4294967295 device eth0 left promiscuous mode audit(1222071878.945:11): dev=eth0 prom=0 old_prom=256 auid=4294967295 device eth0 entered promiscuous mode audit(1222071878.965:12): dev=eth0 prom=256 old_prom=0 auid=4294967295 device eth0 left promiscuous mode audit(1222071890.950:13): dev=eth0 prom=0 old_prom=256 auid=4294967295 (END)
dstat
The dstat command displays a report of the Central Processing Unit (CPU), physical disks, network, paging and operating-system statistics, and I/O statistics.
Command Parameters
[-N <ethx,total>] [<count>]
Where:
ethx a physical Ethernet interface on the server that runs the dstat command (i.e., the
management server). For example: eth0, eth1, or eth2.
total the accumulated traffic on all Ethernet interfaces on the server. count the number of updates to display before exiting. If omitted, the output will
continue to display until stopped with <CTRL-C>.
Sample Use
38
1 0 1 0 0 1 0 1 0 0 2 30 22 0 2 0 1 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0| 0 95k| 22k 0| 0 6827B| 20k 0| 0 20k| 22k 0| 0 17k| 20k 0| 0 0 | 21k 0| 0 44k| 20k 0| 0 0 | 20k 0| 0 61k| 21k 0| 0 56k| 22k 1| 0 0 | 182k 1| 249k 231k| 28k 0|2769k 855k| 27k 0|7723k 568k| 28k 0| 0 43k| 26k 0|2731B 1392k| 25k 0| 0 0 | 27k 0| 0 176k| 25k 0| 0 0 | 24k 0| 0 99k| 25k 1| 0 0 | 185k
11k| 9447B| 10k| 9526B| 10k| 9435B| 9703B| 9853B| 10k| 182k| 16k| 17k| 16k| 14k| 13k| 15k| 14k| 14k| 14k| 185k|
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
| 430 | 400 | 418 | 402 | 418 | 422 | 403 | 416 | 428 |2254 | 534 |1197 | 756 | 446 | 457 | 450 | 449 | 428 | 453 |2251
1034 1155 1210 1231 1246 1438 1096 1065 1071 4811 1762 2785 3762 1302 1240 1158 1087 1156 1315 4863
enable
The Enable command enables you to switch to Enable mode. Enable mode provides access to CLI commands which enables you to make configuration changes. These configuration changes include cache content manipulation, networking behavior, licensing, and managing the software version the system runs.
Command Parameters
None. The user is prompted for a password. The default password for the enable command is configured when the system is installed and defaults to the system-id. You can view the system-id by using the show systemid command. It is strongly recommended to change the default enable command password immediately after the initial installation.
Sample Use
39
eventlog
The eventlog command enables the user to view or export the content of the event log. The event log lists all log messages sent to the system log by all the UltraBand service components (applications, CLI and SNMP).
Command Parameters
export exports event log content to a TFTP server, where the server name and file
location are specified as: <tftp server address> <filename>.
The file to which the content is exported must exist, and must have write access to all.
40
Sep 22 13:19:52 ce-9 logger: snmpd Cache synchronization finished . Sep 22 13:21:17 ce-4 pang[27529]: volume stat availability owner total free used usage Sep 22 13:21:17 ce-4 pang[27529]: /mnt/vol7 mounted active ce-4 364 28 336 92.30 Sep 22 13:21:17 ce-4 pang[27529]: /mnt/vol17 mounted_cmdb active ce-4 271 22 249 91.75 Sep 22 13:21:17 ce-4 pang[27529]: /mnt/vol20 mounted active ce-4 364 31 333 91.47 Sep 22 13:25:10 ce-1 pang[5949]: volume state availability owner total free used usage Sep 22 13:25:10 ce-1 pang[5949]: /mnt/vol25 mounted_cmdb active ce-1 271 29 242 89.28 Sep 22 13:25:10 ce-1 pang[5949]: /mnt/vol26 mounted active ce-1 271 23 248 91.49 Sep 22 13:25:10 ce-1 pang[5949]: /mnt/vol30 mounted active ce-1 364 31 333 91.43
exit
The exit command exits the current CLI session and mode. If in Enable mode, the exit command returns the session to Regular mode. If already in Regular mode, the session terminates and the user is logged out of the current session.
Command Parameters
None.
Sample Use
help
The help command displays the CLI commands with a short description for the current mode. In other words, if the user is in Regular mode, then the help command displays the Regular mode commands with a short description of each command. The help command can also be accessed by typing <space> + ?. The ? is not echoed on the screen.
Command Parameters
None.
41
Sample Use
Display the list of CLI commands that are available in Regular mode.
console> help apache_restart arp cache direction dmesg dstat enable eventlog exit help ifconfig iostat jumbo ping show tcpdump traceroute who Restart apapche Show arp table Cache operations Calculate seen subnets on interface Display dmesg Display a report of the Central Processing Unit (CPU), physical disks, network paging and operating system statistics and I/O statistics Enter privileged mode Event log commands Exit current mode Commands description Display interface(s) Display IO statistics Send jumbo echo messages Send echo messages Show run-time information Dump traffic on appropriate network interface Discover the route to destination Show currently logged users
ifconfig
The ifconfig command displays details of the interface(s).
Command Parameters
None.
Sample Use
42
inet addr:10.11.18.1 Bcast:10.11.18.255 Mask:255.255.255.0 inet6 addr: fe80::214:22ff:feb1:a0b4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10524402 errors:0 dropped:0 overruns:0 frame:0 TX packets:10319345 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5678122056 (5415.0 Mb) TX bytes:771163658 (735.4 Mb) eth0:1 Link encap:Ethernet HWaddr 00:14:22:B1:A0:B4 inet addr:192.168.3.170 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Link encap:Ethernet HWaddr 00:14:22:B1:A0:B5 inet6 addr: fe80::214:22ff:feb1:a0b5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:38002 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:4000 RX bytes:2280120 (2.1 Mb) TX bytes:468 (468.0 b) Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:652978316 errors:0 dropped:0 overruns:0 frame:0 TX packets:652978316 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:68844152406 (65654.8 Mb) TX bytes:68844152406 (65654.8 Mb)
eth1
lo
iostat
The iostat command reports Central Processing units (CPU) statistics and input/output statistics for devices and partitions.
Command Parameters
[-t <interval> [-k <count>]]
Where:
interval the amount of time in seconds between each report. The default is 5. count used in conjunction with the interval parameter. If the count parameter is
specified, the count determines the number of reports generated at the specified interval. If the interval parameter is specified without the count parameter, the iostat command generates reports continuously.
Sample Use
43
Time: 05:32:36 PM avg-cpu: %user %nice %system %iowait 9.89 0.00 3.48 0.70 Device: sda sdb tps 4.77 0.00 kB_read/s 5.43 0.00
%steal 0.00 kB_wrtn/s 256.50 0.00 %steal 0.00 kB_wrtn/s 0.00 0.00 %steal 0.00 kB_wrtn/s 24.24 0.00 %steal 0.00 kB_wrtn/s 12.00 0.00
%idle 85.93 kB_read 7072540 531 %idle 99.25 kB_read 16 0 %idle 94.68 kB_read 0 0 %idle 96.01 kB_read 0 0 kB_wrtn 24 0 kB_wrtn 48 0 kB_wrtn 0 0 kB_wrtn 334162881 0
Time: 05:32:38 PM avg-cpu: %user %nice %system %iowait 0.00 0.00 0.00 0.75 Device: sda sdb tps 1.50 0.00 kB_read/s 8.00 0.00
Time: 05:32:40 PM avg-cpu: %user %nice %system %iowait 2.78 0.00 2.28 0.25 Device: sda sdb tps 1.01 0.00 kB_read/s 0.00 0.00
Time: 05:32:42 PM avg-cpu: %user %nice %system %iowait 3.49 0.00 0.00 0.50 Device: sda sdb tps 1.50 0.00 kB_read/s 0.00 0.00
jumbo
The jumbo command sends jumbo echo messages.
Command Parameters
[-c <counter>] [-I <ip|interface>] dest
Where
counter the number of times the request is generated. interface interface ip or name from which to send an echo request to a destination.
Sample Use
44
8980 bytes from 192.168.3.170: icmp_seq=3 ttl=64 time=0.091 ms 8980 bytes from 192.168.3.170: icmp_seq=4 ttl=64 time=0.133 ms 8980 bytes from 192.168.3.170: icmp_seq=5 ttl=64 time=0.094 ms --- 192.168.3.170 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.091/0.106/0.133/0.019 ms console>
ping
The ping command uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway, and displays the round-trip time for the echo response to arrive back to the server the command was issues on.
Command Parameters
[-c count] [-I interface or address] destination
Where:
count represents the number of icmp echo requests to be sent to the destination server. interface or address sets source address to specified interface address. Argument may
be numeric IP address or name of device.
Sample Use
45
64 64 64 64
ms ms ms ms
show
The show command displays run-time information related to the operational environment of the UltraBand software.
Command Parameters
Depending upon the parameters, the show command displays the following information:
eventlog displays the platform event log (same result as the eventlog show command). leader displays the hostname of the current cluster leader. The cluster leader manages
resources used by the UltraBand platform.
mount displays the currently mounted file-system volumes on the server on which the
command is run.
process displays the status of the UltraBand components (pang, spread, apache, and ntp)
as they run on the platform. The output of this command is relevant for maintenance engineers. An equivalent Server mode command is available for each of the servers that are part of the UltraBand cluster: process_server.
status displays the cluster administrative and application status. systemid displays the system serial number. time displays the system date and time. uptime displays the cluster uptime. version displays the software version. volumes displays the mounted volumes.
Additional parameters for this command are available in Enable mode. Refer to the show command in Enable mode for a description of these parameters.
Sample Use
46
May 21 10:22:25 ce-1 pang[1787]: all interfaces (1) are down , will go to disable mode May 21 10:22:25 ce-1 pang[1787]: Operational state has been set to disabled May 21 10:22:25 ce-1 pang[1787]: detected major: operational mode has been changed May 21 10:23:41 ce-1 pang_cli[3341]: Enter enable mode . . . /var/log/peerapp/peerapp_system2008.05.21.log (END)
47
root 16142 1 0 Sep18 ? 00:15:31 /opt/pang/mgmt/avalon/sbin/snmpd -f -A -LF e /opt/pang/mgmt/avalon/var/log/snmpd.log -LS c u 192.168.3.170 root 16144 1 0 Sep18 ? 00:00:00 /opt/pang/mgmt/avalon/sbin/snmptrapd -f -Osq -Ls user -c /opt/pang/mgmt/avalon/sbin/snmptrapd.conf 10.11.12.1 admin 21048 21047 0 11:03 pts/2 00:00:00 -pang_cli admin 22269 22268 0 12:47 pts/1 00:00:00 pang_cli wwwrun 27926 3882 0 12:56 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf admin 28134 27740 0 12:05 pts/3 00:00:00 -pang_cli console>
48
/mnt/vol2 /mnt/vol3 /mnt/vol4 /mnt/vol5 /mnt/vol6 /mnt/vol7 /mnt/vol8 /mnt/vol9 /mnt/vol10 /mnt/vol11 /mnt/vol12 /mnt/vol13 /mnt/vol14 /mnt/vol15
mounted mounted mounted mounted mounted mounted mounted mounted mounted mounted mounted mounted mounted not mounted
ce-1 ce-1 ce-2 ce-1 ce-2 ce-1 ce-2 ce-1 ce-2 ce-3 ce-3 ce-3 ce-3
tcpdump
The tcpdump command dumps traffic on the appropriate network interface.
Command Parameters
-i <interface> -c <count>
Where
Interface the network interface for which to display the traffic. count the number of reports to generate.
Sample Use
traceroute
The traceroute command tracks a packets route across a TCP/IP network on its way to a given host. It utilizes the IP protocol's time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host/destination.
49
Command Parameters
[-n] destination
Where:
-n forces the traceroute command not to try to map IP addresses to host names when
displaying them.
50
160.515 ms 150.818 ms
169.750 ms 152.432 ms
165.760 ms 152.434 ms
who
The who command displays the users who are currently logged in.
Command Parameters
None.
Sample Use
Display a list of users who are currently logged into the system.
console> who admin pts/0 console> May 21 17:16 (10.1.1.78)
Command access apache_restart cache config eventlog help license oper reset rollback
Description Enables users to manage system access parameters. Restarts apache. Enables users to manage additional cache operations. Enters Configuration mode. Provides access to eventlog Enable mode commands. Displays commands available in Enable mode. Enables users to manage the system license. Provides access to system management operations. Resets management services. Rollback to the last good software version of UltraBand.
51
show upgrade
Provides access to additional show Enable mode commands. Downloads and installs software image file.
access
The access command enables the user to manage system access parameters, such as:
idle-session-timeout sets the timeout after which the telnet session is terminated (both
for the Enable mode and the Regular mode commands). The default timeout value is NO timeout i.e., the sessions are always available and will never be terminated.
enable-password when used, the CLI prompts the user for a new password, and then
requests the user to re-enter the new password to ensure there are no mistyped characters. If both passwords match, the enable-password is modified to the new password. The new password should be at least four characters long.
idle-session-timeout sets the idle-session timeout value. This command requires the
following parameter: <timeout value (secs)> the value, in seconds, for the new idle-timeout value. The default value is zero seconds which disables the timeout.
user-password when used, the CLI prompts the user for the new password, and then
requests the user to re-enter the new password to ensure there are no mistyped characters. If both passwords match, the user-password is modified to the new password. The new password should be at least four characters long, and is then verified against a set of rules which forces a complex password standard.
Sample Use
52
console#
apache_restart
The apache_restart command restarts the apache server.
Command Parameters
None.
Sample Use
cache
The cache command allows the user to manage cache parameters, such as:
black_list manages the cache black list. hash displays the files metadata using a hash ID. list displays and exports the list of cache content. This command is also available in
Regular mode.
remove removes a file from the cache using hash ID. summary displays CMDB statistics summary. sync verifies and synchronizes the cache metadata.
53
For the cache parameters available in Regular mode, refer to cache on page 34. The following are the parameters available in Enable mode:
dump displays (dumps) the entire black list. export exports the black list to a TFTP server, where the server name and file location are specified as: <tftp server address> <filename>. The file to which the content is exported must already exist, and must have write access to all. remove removes a file from the black list using a hash ID and protocol. This parameter should be followed by the hash ID associated with the file to be added to the black list, and the protocol this entry applies to. The following is the syntax for the hash-ID and protocol:
<hash id EDK|BT|KAZ|GNUTL|ARES|HTTP|PANDO>
remove removes a file from cache using a hash ID. Add the hash ID to this parameter
using the following syntax: hash <hash_id> where the hash ID should match a hash ID that exists in the system cache. For a list of hash IDs stored in the system, use the cache list command.
sync verifies and synchronizes the cache metadata. The platform is fully accessible during
this process. Note that synching the cache can take a few hours.
volume manipulates the cache file system volumes. Using this command you can
activate, deactivate, and remove file system volumes. These sets of commands are mainly used for maintenance purposes usually for hard drive maintenance. You can use the show volume command for a list of currently used volumes. The volumes that can be used for these commands can be viewed using the show volume command. When the volume command is used, it should be followed by one of the following parameters: activate request the system to activate a cache volume. deactivate request the platform to stop using a specific volume for caching.
54
remove remove all hash IDs associated with the specific volume from within the configuration management database (CMDB), so that the system will not cache these hash IDs anymore. This command removes ALL information cached on this volume from the CMDB, which is a non-reversible process. Following these parameters, a volume number should be added, which has the following syntax: <1-15> represents the volume number to be used for this command.
Sample Use
55
This process may take several hours. Start a cache verification and synchronization process.
console# cache sync Proceeding cache to metadata sync. Some data in the cache might be lost. Are you sure (y/n)? y Starting cache synchronization...
config
The config command enters Configuration mode, which enables you to platform configuration changes. The user prompt changes to configuration# while in Configuration mode. Use the exit command to leave Configuration mode. These configuration changes include:
56
When you enter Configuration mode, all configuration change requests are accumulated and are NOT implemented until you use the apply command to request the platform to commit (execute) the changes. You can request configuration changes using the following set of commands while in Configuration mode:
apply applies the configuration changes requested until now. diff shows the pending configuration changes. discard discards the pending changes. display displays the current configuration. exit exits Configuration mode. export exports the cluster configuration to the TFTP server. help displays the command syntax for each configuration command. import imports the cluster configuration from the TFTP server. network configures the management network interface. ntp configures the management NTP parameters. restore restores the last good configuration. time sets the system date and time.
Configuration Commands and Parameters
diff this command does not have parameters. It displays the proposed configuration
changes. The new configuration parameters are marked with a + sign as the first character on the line, and the current configuration parameters are marked with a - sign as the first character on the line. See the sample below.
exit this command has no parameters. It immediately exits Configuration mode and
returns to Enable mode. If you created some configuration changes but did not use the apply command to apply the changes to the system, a warning message appears as follows:
Exiting configuration mode without apply, will discard changes. Are you sure? [N/y] n
57
export exports the current configuration to a TFTP server, where the server name and
file location are specified as: <tftp server address> <filename>. The file to which the configuration is exported must already exist, and must have write access to all. If localhost is used as the <tftp server address> parameter, then the file is located under the /tftpboot/ folder.
help this command has no parameters. It displays help for all the CLI Configuration mode
commands.
import import the configuration from a TFTP server, where the server name and file
location are specified as: <tftp server address> <filename>. The file to which the configuration is imported must already exist, and must have write access to all. If localhost is used as the <tftp server address> parameter, then the file must be located under the /tftpboot/ folder.
ntp modifies the IP address associated with the NTP server or the time zone where the
UltraBand server is located. The additional parameters for this command are one of the following: server the IP address where an NTP server is running or a specific address for using the localhost as the NTP server. The following syntax applies:
<ip address or 127.127.1.0 for local>
timezone followed by the time zone name. One should look under the /usr/share/zoneinfo folder and select the correct time zone name that fits the time zone where the system is located. For example:
58
An up-to-date timezone table can easily be found on the Internet, by searching for list of zoneinfo timezones and using the value displayed in the TZ environment variable that matches your timezone.
restore restores the latest configuration before the last changes were applied. You must
still use the apply command to apply the restored configuration to the system. You can also use the discard command to discard the restored configuration.
time enables you to modify the system time. The command should be followed by the
current time, using the <MMDDYYhhmm> format.
Sample Use
59
<snmp-trap-community>nkppui</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> <enable-pando>1</enable-pando> </protocols> <net> <fwd-mode>PROMISC</fwd-mode> <bridge id='0'> <interface-world>iff2</interface-world> <interface-isp>iff1</interface-isp> </bridge> </net> <policy> <selective_cache_in_threshhold>3</selective_cache_in_threshhold> </policy> </service> </common> <servers>1</servers> <server id='1'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </server> </cluster>
60
<snmp-trap-community>nkppui</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> <enable-pando>1</enable-pando> </protocols> <net> <fwd-mode>PROMISC</fwd-mode> <bridge id='0'> <interface-world>iff2</interface-world> <interface-isp>iff1</interface-isp> </bridge> </net> <policy> <selective_cache_in_threshhold>3</selective_cache_in_threshhold> </policy> </service> </common> <servers>1</servers> <server id='1'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </server> </cluster> configuration#
configuration# import 192.168.0.97 current-config configuration# diff <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.97</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.1</default-gw> + <default-gw>192.168.0.2</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K office - promisc </site_name> </mgmt-config> <web-config></web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> + <server-ip>192.43.244.18</server-ip> <timezone>America/Chicago</timezone> </ntp> ..
Modify the default GW for this server. In addition, modify the configure management
network interface address.
configuration# network default_gw 192.168.0.2 configuration# configuration# network ip 192.168.0.97 255.255.255.0 configuration#
Change the current time server used by the platform as the source for its time
synchronization. In addition, modify the time zone where the platform is located.
configuration# ntp server <ip address or 127.127.1.0 for local> configuration# ntp server 192.43.244.18 configuration# ntp timezone "Pacific/Auckland" configuration# diff <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.97</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K office - promisc </site_name> </mgmt-config> <web-config></web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>America/Chicago</timezone> + <server-ip>192.43.244.18</server-ip> + <timezone>Pacific/Auckland</timezone> </ntp> . . configuration# apply
62
Restore the previous configuration. Note that restoring the configuration still requires the
use of the apply command to make the previous configuration the active configuration.
configuration# restore configuration# diff <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.97</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K office - promisc </site_name> </mgmt-config> <web-config></web-config> <common> Current configuration <ntp> <server-ip>192.43.244.18</server-ip> <timezone>Pacific/Auckland</timezone> + <server-ip>127.127.1.0</server-ip> + <timezone>America/Chicago</timezone> </ntp> New configuration . . configuration# apply applying configuration... Configuration applied configuration#
eventlog
The eventlog command enables you to view or export the content of the event log. The term event log refers to all log messages sent to the system log by all the UltraBand service components (applications, CLI, and SNMP). Enable mode eventlog commands include the additional parameters shown here. These are used specifically when duplicating the event log information to an external SYSLOG server. The syslog server is configured within the system configuration file. Adding an external syslog server to the platform is performed by adding the following statements to the system configuration:
<mgmt-config>
63
<external_syslog_ip>192.168.0.154</external_syslog_ip> </mgmt-config>
The IP address associated with the external syslog server should replace the IP address shown above. To obtain the system configuration:
Export the system configuration to a TFTP server and edit it manually. (Use the
Configuration mode export command.)
Add the above statements with the IP address associated with the syslog server to the
<mgmt-config> section and save the file.
Import the configuration file back to the system. (Use the Configuration mode import
command.)
Apply the new configuration to the system. (Use the Configuration mode apply command.)
Command Parameters
For the parameters available in Regular mode, refer to eventlog on page 40. The following are the parameters available in Enable mode:
forward starts event log forwarding to a previously configured syslog server. stop stops event log forwarding to a previously configured syslog server.
Sample Use
license
The license command enables you to manage the UltraBand platform system license. The UltraBand license controls operational parameters, such as the supported protocols and features and the maximum cache bandwidth.
Command Parameters
The license command must have one of the following parameters associated with it:
64
activate activates the system license. get imports a license from the TFTP server. show displays the currently licensed operational parameters.
Sample Use
65
oper
The oper command controls the running state of the platform: such as starting, stopping, or restarting the platform software and all its services. In addition, this command provides server specific operation state changes.
Command Parameters
server goes into a server specific command mode, allowing the operations command to
go directly to the specific server. The command uses <server number> as a parameter, and the prompt changes to:
oper server x#
Within the oper server mode, the following commands are supported: arp_server show server's arp table. direction_server calculate visible subnets on interface. dmesg_server display dmesg. dstat_server display IO/CPU/Networking statistics. exit exit current mode. fdisk_server display available caching block devices.
UltraBand 1000 Administration Guide - Grid Configuration 66
help commands description. ifconfig_server display interface(s). iostat_server display I/O statistics. jumbo_server echoing Jumbo packets. lock locks the server in out-of-service mode. The server remains out of service, even when the system is rebooted, until an unlock command is used to bring it back to in-service mode. powercycle gracefully shutdown server. process_server display process status for pang, spread, apache, ntp. restart restarts the server UltraBand application (no reboot is performed). start starts the server UltraBand application (no reboot is performed). stop stops the server UltraBand application (no reboot is performed). systemid_server shows chassis ID. tcpdump_server tcpdump on appropriate server: -i<interface> -c<count> unlock unlocks the server state from out-of-state and returns it to in-service mode.
67
0 0 91 0 0 0 90 0 0 0 90 1 0 0 90 0 0 0 90 1 1 0 90 0 0 0 90 1 0 0 92 0 0 0 91 0 0 0 90 0 0 0 91 0 0 0 91 0 oper server 1#
1 1 1 1 1 1 1 1 1 1 1 1
8| 9| 8| 8| 7| 8| 8| 7| 8| 9| 8| 8|
0 0 0 0 0 0 0 0 0 0 0 0
13k| 12k| 25k| 9557B| 31k| 5461B| 93k| 13k| 16k| 13k| 8192B| 13k|
137M 73M 139M 71M 125M 72M 140M 64M 134M 74M 131M 64M
138M| 73M| 139M| 71M| 125M| 72M| 140M| 64M| 134M| 74M| 131M| 64M|
0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0
| | | | | | | | | | | |
16k 16k 16k 16k 15k 16k 15k 14k 15k 16k 15k 15k
1897 1905 1926 1908 2373 2293 1893 1891 1896 1886 1901 1886
Display interfaces.
oper server 1# ifconfig_server eth0 Link encap:Ethernet HWaddr 00:15:C5:FD:75:FF inet addr:10.11.12.2 Bcast:10.11.12.255 Mask:255.255.255.0 inet6 addr: fe80::215:c5ff:fefd:75ff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1036442 errors:0 dropped:0 overruns:0 frame:0 TX packets:814534 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:892179796 (850.8 Mb) TX bytes:98705052 (94.1 Mb) Interrupt:16 Memory:f8000000-f8012100 eth1 Link encap:Ethernet HWaddr 00:15:C5:FD:76:01 inet addr:10.11.14.1 Bcast:10.11.14.255 Mask:255.255.255.0 inet6 addr: fe80::215:c5ff:fefd:7601/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:1018629 errors:0 dropped:0 overruns:0 frame:0
68
TX packets:980630 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3326668370 (3172.5 Mb) TX bytes:1984275704 (1892.3 Mb) Interrupt:16 Memory:f4000000-f4012100 eth2 Link encap:Ethernet HWaddr 00:15:C5:F8:B8:78 inet6 addr: fe80::215:c5ff:fef8:b878/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1560 Metric:1 RX packets:3932 errors:0 dropped:0 overruns:0 frame:0 TX packets:3357 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:4000 RX bytes:257558 (251.5 Kb) TX bytes:221024 (215.8 Kb) Base address:0xecc0 Memory:f3ee0000-f3f00000 Link encap:Ethernet HWaddr 00:15:C5:F8:B8:79 inet6 addr: fe80::215:c5ff:fef8:b879/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1560 Metric:1 RX packets:590795355 errors:0 dropped:159 overruns:0 frame:0 TX packets:590791778 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:4000 RX bytes:605997482182 (577924.2 Mb) TX bytes:605996527953 (577923.3 Base address:0xec80 Memory:f3ec0000-f3ee0000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:463572 errors:0 dropped:0 overruns:0 frame:0 TX packets:463572 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:42442651 (40.4 Mb) TX bytes:42442651 (40.4 Mb)
eth3
Mb)
oper server 1#
Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s sz avgqu-sz await svctm %util sda 32.44 126.61 3.78 31.90 93.33 1267.05 38.12 17.36 486.39 4.26 15.20 sdb 0.10 0.00 0.06 0.00 0.95 0.45 23.45 0.00 1.89 1.40 0.01 sdc 0.11 0.00 0.06 0.00 0.95 0.45 22.90 0.00 2.99 1.88 0.01 sdd 0.10 0.00 0.29 0.00 59.98 0.45 206.88 0.00 2.45 1.53 0.04 sde 0.11 0.00 0.06 0.00 0.95 0.45 22.90 0.00 3.65 2.11 0.01 sdf 0.10 0.00 0.04 0.00 0.89 0.45 28.18 0.00 3.17 2.06 0.01 sdg 0.11 0.00 0.52 0.00 119.00 0.45 226.94 0.00 2.45 1.53 0.08 sdh 0.10 0.00 0.04 0.00 0.89 0.45 28.87 0.00 2.94 1.87 0.01 sdi 0.11 0.00 0.04 0.00 0.89 0.45 28.01 0.00 3.99 2.30 0.01
69
sdj 28.36 sdk 28.01 sdl 28.78 sdm 28.87 sdn 28.01 sdo 6.45 sdp 27.53 sdq 235.74 sdr 22.59 sds 23.45 sdt 22.59 sdu 28.36 sdw 28.78 sdv 28.01 sdx 34.71 sdy 27.93 sdz 5.70 sdaa 28.01 sdab 28.87 sdac 12.90 sdad 28.01 sdae 15.17
0.10 0.00 0.04 0.00 0.00 3.05 2.02 0.01 0.11 0.00 0.04 0.00 0.00 3.91 2.34 0.01 0.10 0.00 0.04 0.00 0.00 3.17 2.14 0.01 0.10 0.00 0.04 0.00 0.00 3.46 2.25 0.01 0.11 0.00 0.04 0.00 0.00 3.80 2.44 0.01 29.39 0.00 5.67 0.01 0.00 0.80 0.47 0.27 0.11 0.00 0.05 0.00 0.00 4.12 2.49 0.01 0.10 0.00 0.75 0.00 0.00 2.03 1.29 0.10 0.11 0.00 0.06 0.00 0.00 3.16 1.99 0.01 0.10 0.00 0.06 0.00 0.00 2.69 1.61 0.01 0.11 0.00 0.06 0.00 0.00 3.28 1.93 0.01 0.10 0.00 0.04 0.00 0.00 3.59 2.41 0.01 0.10 0.00 0.04 0.00 0.00 3.02 1.91 0.01 0.11 0.00 0.04 0.00 0.00 3.39 2.04 0.01 55.92 2.28 13.91 3.42 0.14 7.63 0.72 1.25 0.11 0.00 0.04 0.00 0.00 4.66 2.52 0.01 84.83 0.00 18.33 0.02 0.01 0.78 0.47 0.86 0.11 0.00 0.04 0.00 0.00 5.74 3.41 0.02 0.10 0.00 0.04 0.00 0.00 3.03 2.01 0.01 0.11 0.00 0.10 0.00 0.00 1.98 1.29 0.01 0.11 0.00 0.04 0.00 0.00 4.12 2.62 0.01 116.38 0.00 22.03 0.17 0.15 6.98 0.53 1.18
0.89 0.89 0.89 0.89 0.89 36.04 0.90 178.03 0.95 0.95 0.95 0.89 0.89 0.89 209.12 0.89 103.98 0.89 0.89 0.89 0.89 199.59
0.45 0.45 0.45 0.45 0.45 0.67 0.45 0.45 0.45 0.45 0.45 0.45 0.45 0.45 392.27 0.45 0.62 0.45 0.45 0.45 0.45 137.18
0.45 0.45 0.45 0.45 0.45 18.02 0.45 89.01 0.48 0.47 0.48 0.45 0.45 0.45 104.56 0.45 51.99 0.45 0.45 0.45 0.45 99.80
0.23 0.23 0.23 0.23 0.23 0.33 0.23 0.23 0.23 0.23 0.23 0.23 0.23 0.23 196.13 0.23 0.31 0.23 0.23 0.23 0.23 68.59
Time: 02:49:43 PM avg-cpu: %user %nice %system %iowait 0.13 0.00 9.01 0.75 Device: rrqm/s wrqm/s r/s w/s sz avgqu-sz await svctm %util sda 0.00 3.98 0.00 1.49 32.00 0.03 22.67 22.67 3.38 sdb 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdc 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdd 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sde 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdf 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdg 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
%steal 0.00
%idle 90.11 rkB/s 0.00 0.00 0.00 0.00 0.00 0.00 0.00 wkB/s avgrq23.88 0.00 0.00 0.00 0.00 0.00 0.00
70
sdh 0.00 sdi 0.00 sdj 0.00 sdk 0.00 sdl 0.00 sdm 0.00 sdn 0.00 sdo 0.00 sdp 0.00 sdq 0.00 sdr 0.00 sds 0.00 sdt 0.00 sdu 0.00 sdw 0.00 sdv 0.00 sdx 0.00 sdy 0.00 sdz 0.00 sdaa 0.00 sdab 0.00 sdac 0.00 sdad 0.00 sdae 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
oper server 1#
71
powered on powered on
enabled enabled
started started
unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 Status powered powered powered powered powered Operational state on enabled on enabled on enabled on enabled on enabled Device state started started started started started Administrative state unlocked unlocked unlocked unlocked unlocked
72
on on on on on
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 Status powered powered powered powered powered Operational state on enabled on enabled on enabled on enabled on enabled Device state started starting started started started Administrative state unlocked unlocked unlocked unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered Operational state on enabled on enabled on enabled on enabled on enabled Device state started started started started started Administrative state unlocked unlocked unlocked unlocked unlocked
oper server 2# restart Are you sure (y/n)? y Restarting server 2 oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered on on on on on Operational state enabled enabled enabled enabled enabled Device state started starting started started started Administrative state unlocked unlocked unlocked unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered on on on on on Operational state enabled enabled enabled enabled enabled Device state started starting started started started Administrative state unlocked unlocked unlocked unlocked unlocked
Stop the UltraBand software on the server, and leave it in stopped state (a start is then
required to restart it).
oper server 2# stop Are you sure (y/n)? y Stopping server 2 oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered on on on on on Operational state enabled N/A enabled enabled enabled Device state started N/A started started started Administrative state unlocked unlocked unlocked unlocked unlocked
Unlock the server state from out-of-service mode and return it to in-service mode. Note
that unlock goes through a stop and start cycle for the UltraBand application.
UltraBand 1000 Administration Guide - Grid Configuration 74
console# oper server 2 oper server 2# unlock Unocking server... Unlocked oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 Status powered powered powered powered powered on on on on on Operational state enabled N/A enabled enabled enabled Device state started N/A started started started Administrative state unlocked unlocked unlocked unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered on on on on on Operational state enabled enabled enabled enabled enabled Device state started starting started started started Administrative state unlocked unlocked unlocked unlocked unlocked
75
reset
The reset command resets the management services. Note that resetting the management services will disconnect YOUR current administration session, and you will have to login again.
Command Parameters
None.
Sample Use
Restart the platform UltraBand management software and all its services.
console# reset Are you sure (y/n)? y . .Connection terminated .
rollback
The rollback command rolls back to the last good software version of UltraBand.
Command Parameters
all rollback servers to the previous version. server<#> rollback to the previous version for specific server.
Sample Use
76
Proceeding cache to metadata sync. Some data in the cache might be lost. Are you sure (y/n)? y Starting cache synchronization... Done console#
show
The show command displays runtime information related to the operational environment of the UltraBand software. The Enable mode show command includes the parameters available in the Regular mode show command (refer to show on page 46) and the following additional parameters.
Command Parameters
77
<external_syslog_ip>10.1.1.50</external_syslog_ip> </mgmt-config> <web-config> <controller> <ip>10.11.18.200</ip> </controller> <controller> <ip>10.11.18.201</ip> </controller> </web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>Asia/Jerusalem</timezone> </ntp> <snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>ffff</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> <enable-pando>1</enable-pando> </protocols> <net> <fwd-mode>PROMISC</fwd-mode> <bridge id='0'> <interface-world>iff1</interface-world> <interface-isp>iff2</interface-isp> </bridge> </net> </service> </common> <blades>3</blades> <blade id='1'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </blade> <blade id='2'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </blade> <blade id='3'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </blade> </cluster>
78
upgrade
The upgrade command upgrades the software version of UltraBand.
Command Parameters
all|management|server <tftp server> <file>
Where:
all downloads and installs software image file. management downloads and installs software image file for management server. server downloads and installs software image file for specific server. <tftp server> is the hostname or IP address of a tftp server accessible from the UltraBand
server on which you are running the upgrade command.
<file> is the name of the file containing the software version package received from a
PeerApp representative. Note that if the tftp server is running on one of the PeerApp servers, then the directory from where the upgrade command will try to retrieve the file is /tftpboot/. If you do not have root access, the file can also be uploaded to the /tftpboot/ folder using the UBView Config Files Management option. For more information, see Managing the Configuration Files in the UBView User Guide. After uploading the file, you can upgrade using the upgrade command.
Sample Use
done
79
Starting syslog services Stopping any running daemons .. Removing old agent directory /opt/pang/mgmt/avalon Installing SNMP agent in /etc/inittab Installing SNMP trap daemon in /etc/inittab Installing monitoring daemon in /etc/inittab Installing Analyzer Backing up analyzer configuration ... Done Upgrade install install install existing web installation... mrtg... libapr0... php...
done
Web installation finished successfully :) Starting upgrade... Starting software installation... Doing pre-installation sanity tests Done Installing SNMP agent Backing up old logs Stopping any running daemons .. Removing old agent directory /opt/pang/cache/avalon Installing SNMP agent in /etc/inittab Installing standalone caching engine... Waiting while caching engine is shutting down... Upgrading caching engine ... Installing Spread environment Stopping spread daemon... Installing Spread files Restarting Spread daemon Done Done Succeeded
console#
80
5
Monitoring UltraBand 1000
All statistical information regarding bandwidth utilization, caching statistics, and server status of the UltraBand 1000 is available via both SNMP and the CLI. To view system uptime:
Enter show <type> [<options>] at the CLI prompt, where <type> is the type of
status or statistics that you want to view, and [<options>] are any options required. The possible values for <type> include: config Current active configuration in XML format (privileged command available in Enabled mode). eventlog Display the content of the event log. Leader Displays the current cluster leader. license Current active license (privileged command available in Enabled mode). mount Display mounted volumes. process Display the process status for various UltraBand software components (pang, spread, apache, ntp). status Includes service status, physical slot status, per server, server administration status (enabled/disabled) and operational status per server. systemid Unique system identifier, used for support and licensing purposes. uptime Display cluster uptime.
81
version The installed software version for management server and per caching engine server. For more information on available CLI monitoring commands, refer to CLI Reference on page 117. To view status and statistics using SNMP, use any SNMP monitoring tool.
82
6
Supported Setups
This chapter defines the setups that are supported in UltraBand 1000 installations. An asymmetric topology contains connections that are actually asymmetric as well as symmetric, depending on the Border Gateway Protocol (BGP) routing decisions. For some P2P protocols, the PeerApp New Generation (PANG) decision regarding cache-out is made at the first packet seen on those connections. In these cases PANG cannot categorize the connections as symmetric or asymmetric. In other P2P connections, at least two packets are seen before the cache-out decision one from each direction. In these cases, PANG is able to categorize the connections as symmetric or asymmetric. The following methods are used for handling cache-out connections:
Send all the cache-out packets to the same link as the one that the request came from. In the group of protocols that enable classification of the connection as symmetric or
asymmetric, use the classification to select the cache-out link in order to match the link of the original connection (for example, if it was asymmetric send it via the other link to the request). The advantage of the first method is that it is simple and similar to all setups and connections. The advantage of the second method is that it makes the solution more transparent, even though it is not useful in all setups. This chapter presents setups based on the second method.
83
Figure 4: Alteon DPI with Asymmetric and UltraBand 1000 Grid Configuration
For sample configuration information about this setup, refer to PBR Configuration on page 91.
84
setup, as each of the asymmetric links is represented and configured with a pair of gateways of the routers on both sides of the Allot. The topology appears as follows.
Figure 5: Asymmetric Inline UltraBand 1000 Grid Configuration with Allot 2540
Send cache-out traffic to the same interface as the incoming of the request:
For example, a request from GW21 that reaches the Allot is redirected to the switch in the red link and this link forwards the packet to the MAC address of GW22. GW22 is through the port-channel that distributes the connections between the servers (load balancing):
85
The server that captures the packet in Promiscuous mode decides to send a reply from cache (cache-out). It sends the reply to the same Rx port with the MAC addresses replaced (src dest :: G22G21 ). The switch then sends based on the destination MAC address (G21) to the red link, which then reaches the Allot and is sent to the requesting user.
Error scenarios:
If a server fails, the others take its load. If all servers fail, the bypass forwards all the traffic. If a link to the Allot fails, the port teaming feature drops the bypass link and the port teaming on the other switch loses that bypass link. It then uses its own port teaming feature to close the link to the Allot (two red links or two blue links), which forces the Allot to bypass all the traffic within the Allot (see the dotted line in the Allot device, in Figure 5).
86
The following sections describe the flows of Forwarding traffic and Cache-out traffic, where Promiscuous mode denotes that forwarding traffic is sent to the remote port and cache-out traffic is sent back on the Rx port. For more information, see Forwarding Flow on page 88 and Cache-out Flow on page 89.
87
Forwarding Flow
The following figure displays the forwarding flow of a forwarded packet (the red line).
Figure 7: Asymmetric Grid UltraBand 1000 and PBR High Ports Forwarding Flow
The router redirects the traffic of a port number below 1024 to one of the switches. The switch routes the packet using one of the physical ports that has one of the servers
(ce), based on a PBR to the address of the remote port-channel 1.
The ce captures the packet in Promiscuous mode and decides to forward the packet. It
sends the packet to the remote port.
The traffic reaches the remote switch and based on the PBR, it redirects via the bypass to
the remote port-channel 2 address (via the bypass link).
The original switch/router receives the packet and forwards the packet back to the
network router, based on the PBR.
88
Cache-out Flow
There can be two types of cache-out flows symmetric and asymmetric. Ideally, the cache-out should obey the original direction of each specific connection, regardless of whether it is a symmetric or asymmetric connection. However, for simplicity and since no problem is anticipated (both way can reach the local peer), in either type of connection the cache-out traffic is always treated the same. The following figure displays the cache-out flow (the blue line represents the flow of the request that triggered the cache-out and the brown line represents the cache-out traffic).
Figure 8: Asymmetric Grid UltraBand 1000 and PBR High Ports Cache-out Flow
The request packet (blue line) reaches the server (ce) that is responsible for this
connection (based on etherchannel load balancing).
The server decides that it is a cache-out connection and as in Promiscuous mode, it sends
the cache-out traffic back on the same interface to the original switch.
The traffic reaches the original switch and based of the PBR, it redirects via the bypass to
the remote port-channel 2 address (via the bypass link).
The remote switch/router receives the packet and forwards the packet to the network
router, based on the PBR.
89
For more information, see the introduction in Supported Setups on page 83. If it is ever required to preserve the direction in cache-out, a new type of forwarding mode will be required. For example, if a request is not the first redirected packet in a symmetric connection.
Failure Handling
If a switch/router fails, the servers close the remote port. This forces the closure of the
other switch in the chain via the bypass link (due to port teaming).
If a switch/router fails to resolve the inline routers address, it should close the ports to the
switches (port teaming) until all the addresses are resolved. This creates a fail link that eventually causes the PBRs on the inline links to stop redirection.
90
7
Sample Configuration Setups
This chapter provides sample configuration setups per forwarding mode for both the UltraBand 1000 and the routers or switches. For information about the relevant forwarding modes to these setups, see Supported Setups on page 83.
PBR Configuration
ISP Router Configuration
In tunnel mode, the following ports should be redirected:
High ports (1024) for P2P. Port 80 for HTTP to the Alteon DPI.
Cisco Router
The exact configuration depends on the Cisco router version and the platform. The following is a sample of the PBR configuration:
interface FastEthernet6/37 ip address 192.168.1.1 255.255.255.0 ip police route-map ISP ! interface FastEthernet6/38 ip address 192.168.2.1 255.255.255.0 ip police route-map World ! interface FastEthernet6/41 ip address 192.168.100.2 255.255.255.0 ! interface FastEthernet6/42 ip address 192.168.200.2 255.255.255.0 ! access-list 2001 permit tcp 192.168.1.0 0.0.0.255 gt 1024 any gt 1024 access-list 2002 permit tcp any gt 1024 192.168.1.0 0.0.0.255 gt 1024 !
91
route-map ISP permit 2001 match ip address 2001 set ip next-hop 192.168.100.1 ! route-map World permit 2002 match ip address 2002 set ip next-hop 192.168.200.1 !
The above sample shows how the ACLs 2001 and 2002 that permit all ports above 1024 and are used in the PBRs World and ISP force that traffic to the UltraBand 1000. The following sample shows how to use a PBR for HTTP (port 80):
access-list access-list access-list access-list 2002 2002 2001 2001 remark permit remark permit world tcp any eq www any gt 1024 ISP tcp any gt 1024 any eq www
In the above sample, www represents port 80. The GSR router does not support source port range in ACL. Therefore, only TCP without source port can be implemented. Router 6500 uses the same MAC in a singe device. Therefore, a PBR loop (router redirects to itself) is impossible to create. The following are sample configurations for the Cisco 3560 / 3750 router:
route-map CLIENTS permit 5 match ip address AVALANCHE_59 set ip next-hop 10.205.1.254 ! route-map CLIENTS permit 6 match ip address AVALANCHE_61 !
92
80 port term 15 { from { destination-address { 219.87.16.117/32; 124.9.128.0/19; 124.9.160.0/19; 124.9.192.0/19; 124.9.224.0/19; 124.9.96.0/19; } protocol tcp; source-port 80; } set interfaces ge-0/2/0 description World set interfaces ge-0/2/0 unit 0 family inet filter input DST2 set interfaces ge-0/2/0 unit 0 family inet address 10.10.1.1/30 set interfaces ge-0/3/0 description ISP set interfaces ge-0/3/0 unit 0 family inet filter input DST set interfaces ge-0/3/0 unit 0 family inet address 10.10.2.1/26 set set set set set set routing-options routing-options routing-options routing-options routing-options routing-options rib-groups dest import-rib inet.0 rib-groups dest import-rib next-hop_1.inet.0 rib-groups dest2 import-rib next-hop_1.inet.0 rib-groups dest2 import-rib next-hop_2.inet.0 rib-groups dest2 import-rib inet.0 forwarding-table export load-balancing-policy next-hop_1 instance-type forwarding next-hop_1 routing-options static route 0.0.0.0/0 nextnext-hop_2 instance-type forwarding next-hop_2 routing-options static route 124.9.0.0/24 next-hop_2 routing-options static route 124.9.1.0/24 next-hop_2 routing-options static route 124.9.2.0/24 next-hop_2 routing-options static route 124.9.3.0/24 next-hop_2 routing-options static route 124.9.4.0/24 next-hop_2 routing-options static route 124.9.5.0/24 next-hop_2 routing-options static route 124.9.6.0/24 next-hop_2 routing-options static route 124.9.7.0/24 next-hop_2 routing-options static route 124.9.8.0/24 next-hop_2 routing-options static route 124.9.9.0/24 next-hop_2 routing-options static route 124.9.10.0/24 next-hop_2 routing-options static route 124.9.11.0/24 next-hop_2 routing-options static route 124.9.12.0/24 next-hop_2 routing-options static route 124.9.13.0/24
set routing-instances set routing-instances hop 60.199.17.14 set routing-instances set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10
93
set routing-instances next-hop_2 routing-options static route 124.9.14.0/24 next-hop 60.199.17.10 set routing-instances next-hop_2 routing-options static route 124.9.15.0/24 next-hop 60.199.17.10 set set set set set set set set set firewall firewall firewall firewall firewall firewall firewall firewall firewall filter filter filter filter filter filter filter filter filter DST DST DST DST term term term term 10 10 10 20 from from then then source-address 124.9.1.0/22 destination-port 80 routing-instance next-hop_1 accept destination-address 124.9.1.0/22 protocol tcp source-port 80 routing-instance next-hop_2 accept
10 10 10 10 20
set routing-instances next-hop_1 instance-type forwarding set routing-instances next-hop_1 routing-options static route 0.0.0.0/0 nexthop 60.199.17.10 set routing-instances set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 next-hop_2 instance-type forwarding next-hop_2 routing-options static route 124.9.0.0/24 next-hop_2 routing-options static route 124.9.1.0/24 next-hop_2 routing-options static route 124.9.2.0/24 next-hop_2 routing-options static route 124.9.3.0/24 next-hop_2 routing-options static route 124.9.4.0/24 next-hop_2 routing-options static route 124.9.5.0/24 next-hop_2 routing-options static route 124.9.6.0/24 next-hop_2 routing-options static route 124.9.7.0/24 next-hop_2 routing-options static route 124.9.8.0/24 next-hop_2 routing-options static route 124.9.9.0/24 next-hop_2 routing-options static route 124.9.10.0/24 next-hop_2 routing-options static route 124.9.11.0/24 next-hop_2 routing-options static route 124.9.12.0/24 next-hop_2 routing-options static route 124.9.13.0/24 next-hop_2 routing-options static route 124.9.14.0/24 next-hop_2 routing-options static route 124.9.15.0/24
94
95
The XML file is a cluster level file (i.e., it configures all the servers in the solution):
The common element defines the attributes that relate to the entire cluster:
The NTP servers address for time synchronization. The SNMP issues. The service element of the UltraBand 1000, that includes the served protocols (protocols that are allowed by the license), the network configuration that includes the forwarding mode (for example, Tunnel mode), the tunnel interface, and interfaces IP addresses (GW and Default GW).
The server element is repeated according to the number of servers in the cluster. For
each server, this element defines: The Virtual IP (VIP) to which the Alteon can turn. The real interface IP address.
96
service password-encryption ! hostname PeerApp_SWB ! logging buffered 20000 debugging enable secret 5 $1$hdXq$92wHQaUqadLDkRFUZN6vb/ enable password 7 144F4A1C05172233212D3D ! no aaa new-model clock timezone AEST 10 clock summer-time AEDST recurring last Sun Oct 2:00 1 Sun Apr 3:00 system mtu routing 1500 link state track 1 link state track 2 ip subnet-zero ip routing ! ! ! ! ! ! no errdisable detect cause pagp-flap no errdisable detect cause dtp-flap no errdisable detect cause link-flap no errdisable detect cause l2ptguard no errdisable detect cause sfp-config-mismatch no errdisable detect cause gbic-invalid no errdisable detect cause dhcp-rate-limit no errdisable detect cause arp-inspection no errdisable detect cause loopback errdisable recovery cause udld errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause channel-misconfig errdisable recovery cause pagp-flap errdisable recovery cause dtp-flap errdisable recovery cause link-flap errdisable recovery cause sfp-config-mismatch errdisable recovery cause gbic-invalid errdisable recovery cause l2ptguard errdisable recovery cause psecure-violation errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast-flood errdisable recovery cause vmps errdisable recovery cause storm-control errdisable recovery cause inline-power errdisable recovery cause arp-inspection errdisable recovery cause loopback no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! interface GigabitEthernet0/1 no switchport ip address 192.168.200.2 255.255.255.0 desc World link state group 1 downstream ! interface GigabitEthernet0/2 no switchport ip address 192.168.100.2 255.255.255.0
97
desc ISP speed 1000 duplex full link state group 1 upstream ! ! interface GigabitEthernet0/24 no switchport desc Manegment ip address 10.11.12.90 255.255.255.0 secondary ip address 220.233.2.19 255.255.255.248 ! interface GigabitEthernet0/25 ! interface GigabitEthernet0/26 ! interface GigabitEthernet0/27 ! interface GigabitEthernet0/28 ! interface Vlan1 no ip address ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.200.1 ip route 58.96.0.0 255.255.128.0 192.168.100.1 ip route 58.96.0.4 255.255.255.255 192.168.100.1 ip route 58.96.64.0 255.255.192.0 192.168.100.1 ip route 220.233.0.0 255.255.0.0 192.168.100.1 ip http server ip http secure-server ! ! control-plane ! ! line con 0 line vty 0 4 password 7 1016510E0C041A13090124 login line vty 5 15 password 7 014B5E1352180E17244940 login ! ntp clock-period 36028937 ntp server 220.233.0.3 ntp server 128.250.36.2 ntp server 128.250.36.3 ntp server 220.233.0.50 ntp server 192.189.54.33 end PeerApp_SWB#
Alteon Configuration
The following is a sample configuration file for the Alteon DPI:
>> Main# /c/d script start "Nortel Application Switch 3408" 4 /**** DO NOT EDIT THIS LINE!
98
/* Configuration dump taken 7:19:21 Thu Apr 13, 2008 /* Configuration last applied at 12:37:39 Fri Mar 3, 2008 /* Configuration last save at 12:39:09 Fri Mar 3, 2008 /* Version 23.2.1.1, Base MAC address 00:16:ca:51:51:00 /c/sys/mmgmt addr 64.76.163.86 mask 255.255.255.248 broad 64.76.163.87 gw 64.76.163.81 dns mgmt ntp mgmt radius mgmt smtp mgmt snmp mgmt sonmp mgmt syslog mgmt tftp mgmt wlm mgmt report mgmt ena /c/sys/mmgmt/port speed any mode full auto on /* PeerApp L7 switch /c/sys idle 60 bannr "PeerApp L7 redirector" /c/sys/access snmp w tnet ena tnport 2323 /c/sys/access/user admpw "04c31a5604020a02078af3b7c7b2a9f0f2467b4f14d61dd4cadf8d7f91707f21" /c/sys/access/port/rem 1 /c/sys/access/port/rem 2 /c/sys/access/port/rem 3 /c/sys/access/port/rem 4 /c/sys/access/port/rem 5 /c/sys/access/port/rem 6 /c/sys/access/port/rem 7 /c/sys/access/port/rem 9 /c/sys/access/port/rem 10 /c/sys/access/port/rem 11 /c/sys/access/port/rem 12 /c/sys/ssnmp name "PeerApp L7 switch" locn "PeerApp @ IFX" cont "PeerApp support@PeerApp.com" auth ena rcomm "gdcbhv" wcomm "nkppui" /c/port 1 name "Cache" pvid 9 /c/port 3 name "WORLD" pvid 9 /c/port 3/cop speed 1000 fctl both mode full auto on /c/port 4
99
name "ISP" pvid 9 /c/port 4/cop speed any fctl both mode full auto on /c/port 5 name "WORLD" pvid 9 /c/port 5/cop speed any fctl both mode full auto on /c/port 6 name "WORLD" pvid 9 /c/port 6 pref sfp back copper /c/port 6/cop speed 1000 fctl none mode full auto on /c/port 8 name "CACHE" pvid 9 /c/port 8/gig speed any fctl both mode full auto on /c/l2/vlan 1 learn ena def 2 7 9 10 11 12 /c/l2/vlan 9 ena name "VLAN 9" learn ena def 1 3 4 5 6 8 /c/l2/vlan 10 ena name "VLAN 10" learn ena def 0 /c/l2/vlan 15 ena name "VLAN 15" learn ena def 0 /c/l2/vlan 50 ena name "VLAN 50" learn ena def 0 /c/l2/vlan 101 ena name "VLAN 101" learn ena def 0 /c/l2/vlan 152 ena name "VLAN 152"
100
learn ena def 0 /c/l2/vlan 197 ena name "VLAN 197" learn ena def 0 /c/l2/vlan 200 ena name "VLAN 200" learn ena def 0 /c/l2/vlan 209 ena name "VLAN 209" learn ena def 0 /c/l2/vlan 263 ena name "VLAN 263" learn ena def 0 /c/l2/stg 1/clear /c/l2/stg 1/add 1 9 10 15 50 101 152 197 200 209 263 /c/l2/stg 1/port 3/off /c/l2/stg 1/port 4/off /c/l2/stg 1/port 6/off /c/l2/stg 1/port 8/cost 100 /c/sys/sshd/ena /c/sys/sshd/on /c/l3/if 1 ena ipver v4 addr 192.168.1.1 vlan 9 /c/slb on /c/slb/adv direct ena /c/slb/real 1 ena ipver v4 rip 192.168.1.111 maxcon 0 name "\"UB1000 Grid\"" /c/slb/real 1/adv proxy dis /c/slb/real 20 ena ipver v4 rip 192.168.1.120 maxcon 0 tmout 4 name "HTTP" /c/slb/group 1 ipver v4 metric hash rmetric hash health icmp add 1 /c/slb/group 20 ipver v4 metric hash rmetric hash health icmp
101
add 20 /c/slb/layer7/redir urlal dis nocache dis /c/slb/layer7/slb case dis ren 2 "301" ren 11 "BINMATCH=474554202F2E686173683D" 40 0 eq ren 12 "BINMATCH=4749564520" 40 0 eq ren 13 "BINMATCH=E3" 40 0 eq ren 14 "BINMATCH=0000" 43 0 eq ren 15 "BINMATCH=134269" 40 0 eq ren 16 "BINMATCH=474554202F7572692D7265732F" 40 0 eq ren 17 "BINMATCH=474554202F6765742F" 40 0 eq ren 18 "BINMATCH=47495620" 40 0 eq ren 19 "BINMATCH=C5" 40 0 eq ren 20 "BINMATCH=50" 32 0 gt ren 21 "BINMATCH=474554202F2E686173683D" 40 40 eq ren 22 "BINMATCH=4749564520" 40 40 eq ren 23 "BINMATCH=E3" 40 40 eq ren 24 "BINMATCH=0000" 43 40 eq ren 25 "BINMATCH=134269" 40 40 eq ren 26 "BINMATCH=474554202F7572692D7265732F" 40 40 eq ren 27 "BINMATCH=474554202F6765742F" 40 40 eq ren 28 "BINMATCH=47495620" 40 40 eq ren 180 "BINMATCH=474554202f" 40 0 eq ren 301 "STRMATCH=flv" 45 430 ren 302 "STRMATCH=wmv" 45 430 ren 303 "STRMATCH=mpeg" 45 430 ren 304 "STRMATCH=swf" 45 430 ren 305 "STRMATCH=exe" 45 430 ren 306 "STRMATCH=zip" 45 430 ren 307 "STRMATCH=nup" 45 430 ren 308 "STRMATCH=msi" 45 430 ren 309 "STRMATCH=tar" 45 430 ren 310 "STRMATCH=cab" 45 430 ren 311 "STRMATCH=lin" 45 430 ren 312 "STRMATCH=mp3" 45 430 ren 313 "STRMATCH=bin" 45 350 ren 330 "STRMATCH=ontent-Type: vid" 50 350 /c/sec/pgroup 1 name "BT" add 15 /c/sec/pgroup 2 name "EDK" add 13 add 14 /c/sec/pgroup 3 name "FastTrack" add 11 /c/sec/pgroup 4 name "FastTrack PUSH" add 12 /c/sec/pgroup 5 name "Gnutella #1" add 16 /c/sec/pgroup 6 name "Gnutella #2" add 17 /c/sec/pgroup 7 name "Gnutella #3" add 18 /c/sec/pgroup 8 name "Emule" add 14
102
add 19 /c/sec/pgroup 11 name "BT tcp options" add 20 add 25 /c/sec/pgroup 12 name "EDK tcp options" add 20 add 23 add 24 /c/sec/pgroup 13 name "FastTrack tcp options" add 20 add 21 /c/sec/pgroup 14 name "FastTrack PUSH tcp options" add 20 add 22 /c/sec/pgroup 15 name "Gnutella #1 TCP options" add 20 add 26 /c/sec/pgroup 16 name "Gnutella #2 TCP options" add 20 add 27 /c/sec/pgroup 17 name "Gnutella #3 TCP options" add 20 add 28 /c/sec/pgroup 180 name "GET" add 180 /c/sec/pgroup 301 name "FLV" add 301 /c/sec/pgroup 302 name "wmv" add 302 /c/sec/pgroup 303 name "mpeg" add 303 /c/sec/pgroup 304 name "swf" add 304 /c/sec/pgroup 305 name "exe" add 305 /c/sec/pgroup 306 name "zip" add 306 /c/sec/pgroup 307 name "nup" add 307 /c/sec/pgroup 308 name "msi" add 308 /c/sec/pgroup 309 name "tar" add 309 /c/sec/pgroup 310 name "CAB" add 310 /c/sec/pgroup 311 name "lin"
103
add 311 /c/sec/pgroup 312 name "mp3" add 312 /c/sec/pgroup 313 name "bin" add 313 /c/slb/filt 180 name "Http-Client" ena action redir ipver v4 sip any smask 0.0.0.0 dip any dmask 0.0.0.0 proto tcp dport http group 20 rport 0 vlan 9 /c/slb/filt 180/adv/layer7 parseall dis /c/slb/filt 180/adv/redir fwlb ena /c/slb/filt 281 name "Http-Server" ena action redir ipver v4 sip any smask 0.0.0.0 dip any dmask 0.0.0.0 proto tcp sport http group 20 rport 0 vlan 9 /c/slb/filt 281/adv/layer7 parseall dis /c/slb/filt 281/adv/redir fwlb ena /c/slb/filt 281/adv/security parseall dis addgrp 301 addgrp 302 addgrp 303 addgrp 304 addgrp 305 addgrp 306 addgrp 307 addgrp 308 addgrp 309 addgrp 310 addgrp 311 addgrp 312 addgrp 313 /c/slb/filt 1001 name "L7 redir" ena action redir ipver v4 sip any smask 0.0.0.0
104
dip any dmask 0.0.0.0 proto tcp sport 1024-65534 dport 1024-65534 group 1 rport 0 vlan 9 /c/slb/filt 1001/adv/layer7 l7lkup ena /c/slb/filt 1001/adv/security pmatch ena matchall ena parseall dis addgrp 1 addgrp 2 addgrp 8 /c/slb/filt 1005 name "L4 ARES" dis action redir ipver v4 sip any smask 0.0.0.0 dip any dmask 0.0.0.0 proto tcp sport 1024-65534 dport 1024-65534 group 1 rport 0 vlan 9 /c/slb/port 3 filt ena add 180 add 1001 /c/slb/port 4 filt ena add 180 add 1001 /c/slb/port 5 filt ena add 281 add 1001 /c/slb/port 6 filt ena add 281 add 1001 /c/sys/access/https/https e / script end /**** DO NOT EDIT THIS LINE!
Multi-Tunnel Mode
ISP Router Configuration
This configuration is similar to that in Tunnel mode. In this case, the ISP router configuration applies to more routers, for all the tunnels. For more information on Tunnel mode configurations, see PBR Configuration on page 91.
105
106
<vip>192.168.2.2</vip> <vip>192.168.3.2</vip> <interface name="iff1"> <ipaddr>172.160.253.101</ipaddr> <netmask>255.255.255.0</netmask> </interface> <interface name="iff2"> <ipaddr>172.160.254.101</ipaddr> <netmask>255.255.255.0</netmask> </interface> </network> <service> </service> </cache-engine> </server> </cluster>
This configuration file takes one tunnel into account. When there are multiple tunnels connected to the same UltraBand 1000 cluster, the configuration file has the following difference:
In the common > service > net element, there should be a tunnel interface
element for each tunnel. This element should include the IP addresses of the pair of GWs (world and ISP) per tunnel.
Alteon Configuration
This configuration is similar to the Alteon configuration in the Tunnel forwarding mode. For more information on the Alteon configuration in Tunnel mode, see Alteon Configuration on page 98.
107
exit bridge multicast filtering interface ethernet g1 switchport mode general exit vlan database vlan 2-6 exit interface range ethernet g(2-3,11) switchport access vlan 2 exit interface range ethernet g(4-5,12) switchport access vlan 3 exit interface range ethernet g(6-8,13) switchport access vlan 4 exit interface range ethernet g(9-10,14) switchport access vlan 5 exit interface vlan 1 ip address 1.1.1.100 255.255.255.0 exit username PAswAdmin password dedb6ffd09a5ac5024a339d6198330cf encrypted username iz password a1a3bc11067d3cb33e76ebe2ba1b5305 level 15 encrypted username root password dedb6ffd09a5ac5024a339d6198330cf level 15 encrypted console# configure console(config)# interface range ethernet g(6-8,13) console(config-if)# no switchport access vlan 06-Feb-2000 06:24:52 %LINK-W-Down: Vlan 4 console(config-if)# exit console(config)# interface range ethernet g(6-7,13) console(config-if)# switchport access vlan 4 06-Feb-2000 06:25:33 %LINK-I-Up: Vlan 4 console(config-if)# console(config-if)# console(config-if)# exit console(config)# exit console# show running-config interface ethernet g13 spanning-tree disable exit interface ethernet g13 spanning-tree link-type shared exit bridge multicast filtering interface ethernet g1 switchport mode general exit vlan database vlan 2-6 exit interface range ethernet g(2-3,11) switchport access vlan 2 exit interface range ethernet g(4-5,12) switchport access vlan 3 exit interface range ethernet g(6-7,13) switchport access vlan 4 exit interface range ethernet g(9-10,14) switchport access vlan 5
108
exit interface range ethernet g(15-16) switchport access vlan 6 exit interface vlan 1 ip address 1.1.1.100 255.255.255.0 exit username PAswAdmin password dedb6ffd09a5ac5024a339d6198330cf encrypted username iz password a1a3bc11067d3cb33e76ebe2ba1b5305 level 15 encrypted username root password dedb6ffd09a5ac5024a339d6198330cf level 15 encrypted console# configure console(config)# interface range ethernet g(9-10,14) console(config-if)# no switchport access vlan 06-Feb-2000 06:26:07 %LINK-W-Down: Vlan 5 console(config-if)# exit console(config)# interface range ethernet g(8-10,14) console(config-if)# switchport access vlan 5 06-Feb-2000 06:26:39 %LINK-I-Up: Vlan 5 console(config-if)# exit console(config)# exit console# console# console# console# console# console# console# show vlan Vlan Name Ports Type Authorization ---- ----------------- -------------------- ----------- -------------1 1 g1,ch(1-8) other Required 2 2 g(2-3,11) permanent Required 3 3 g(4-5,12) permanent Required 4 4 g(6-7,13) permanent Required 5 5 g(8-10,14) permanent Required 6 6 g(15-16) permanent Required console# console# console# show running-config interface ethernet g13 spanning-tree disable exit interface ethernet g13 spanning-tree link-type shared exit bridge multicast filtering interface ethernet g1 switchport mode general exit vlan database vlan 2-6 exit interface range ethernet g(2-3,11) switchport access vlan 2 exit interface range ethernet g(4-5,12) switchport access vlan 3 exit interface range ethernet g(6-7,13) switchport access vlan 4 exit interface range ethernet g(8-10,14) switchport access vlan 5` exit
109
interface range ethernet g(15-16) switchport access vlan 6 exit interface vlan 1 ip address 1.1.1.100 255.255.255.0 exit username PAswAdmin password dedb6ffd09a5ac5024a339d6198330cf encrypted username iz password a1a3bc11067d3cb33e76ebe2ba1b5305 level 15 encrypted username root password dedb6ffd09a5ac5024a339d6198330cf level 15 encrypted console# 06-Feb-2000 06:27:24 %LINK-W-Down: g8 06-Feb-2000 06:27:24 %STP-W-PORTSTATUS: g8: STP status Forwarding 06-Feb-2000 06:27:24 %LINK-I-Up: g8 06-Feb-2000 06:27:24 %LINK-W-Down: g8 06-Feb-2000 06:27:24 %STP-W-PORTSTATUS: g8: STP status Forwarding 06-Feb-2000 06:27:24 %LINK-I-Up: g8
110
<enable-ares>1</enable-ares> </protocols> <net> <fwd-mode>TUNNEL</fwd-mode> <tunnel interface="iff1"> <gw_world>172.160.253.254</gw_world> <gw_isp>172.160.253.253</gw_isp> <tunnel_vlan_tag>3</tunnel_vlan_tag> </tunnel> <tunnel interface="iff2"> <gw_world>172.160.254.254</gw_world> <gw_isp>172.160.254.253</gw_isp> <tunnel_vlan_tag>2</tunnel_vlan_tag> </tunnel> <vlan_mode>ON</vlan_mode> </net> </service> </common> <servers>1</servers> <server id="1"> <cache-engine> <network> <vip>192.168.2.2</vip> <vip>192.168.3.2</vip> <interface name="iff1"> <ipaddr>172.160.253.101</ipaddr> <netmask>255.255.255.0</netmask> </interface> <interface name="iff2"> <ipaddr>172.160.254.101</ipaddr> <netmask>255.255.255.0</netmask> </interface> </network> <service> </service> </cache-engine> </server> </cluster>
When multiple tunnels are connected to the same UltraBand 1000 cluster and each tunnel runs in a different VLAN, (or a single tunnel, which is an IEEE 802.1Q trunk with multiple VLANs), the configuration file has the following difference:
In the common > service > net element, there should be a tunnel interface
element for each tunnel. Each defined tunnel should include the VLAN ID of the tunnel and a global configuration for all tunnels that sets VLAN mode to ON.
Alteon Configuration
The Alteon configuration is similar to the Alteon configuration including Tunnel and VLAN support. For more information on the Alteon configuration in Tunnel mode, see Alteon Configuration on page 98.
111
Promiscuous Mode
ISP Router Configuration
This configuration is identical to that in Tunnel mode. For more information, see ISP Router Configuration on page 91.
112
</service> </common> <servers>1</servers> <server id="1"> <cache-engine> <network> </network> </cache-engine> </server> </cluster>
The promiscuous mode has fewer configurable elements due to its nature (it receives every packet it sees). This configuration has the following differences from the Tunnel modes:
Virtual IPs (VIPs) are not defined under the interfaces since Promiscuous mode does not
target addresses.
Bounce Mode
ISP Router Configuration
The following sample assumes that the subscribers aggregation router(s) are attached to interface G3/2, that the Internet is linked to this router on G3/1, and that the UltraBand 1000 is attached to G3/3.
access-list 105 permit tcp any gt 1023 any access-list 105 permit tcp any eq www any access-list 106 permit tcp any gt 1023 any access-list 106 permit tcp any any eq www route-map PeerApp-internet permit 10 match ip address 105 set ip next-hop 172.16.1.2 route-map PeerApp-subscribers permit 10 match ip address 106 set ip next-hop 172.16.1.2 interface G3/1 desc Wrold ip Address 10.1.2.1 255.255.255.0 ip policy route-map PeerApp-subscribers interface G3/2 desc Subscribers ip Address 10.1.1.1 255.255.255.0 ip policy route-map PeerApp-internet gt 1023 gt 1023
113
Notes:
If more than one interface is attached (to the subscribers or to the Internet), one of the
following lines should be added on these interfaces: ip policy route-map PeerApp-subscribers Or ip policy route-map PeerApp-internet
The interface to the UltraBand 1000 Grid servers should be directly attached to the
UltraBand 1000 (and not via a switch) on a routed port (and not on an interface associated to a VLAN with an Interface Vlan interface assigned to it).
If necessary, the redirect can be limited to specific subnets by modifying the Access-list 105
and 106 as shown in the following example.
access-list 105 permit tcp any gt 1023 10.175.64.0 0.0.63.255 gt 1023 access-list 105 permit tcp any eq www 10.175.64.0 0.0.63.255 access-list 106 permit tcp 10.175.64.0 0.0.63.255 gt 1023 any gt 1023 access-list 106 permit tcp 10.175.64.0 0.0.63.255 any eq www
114
<enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> <enable-pando>1</enable-pando> </protocols> <net> <fwd-mode>BOUNCING</fwd-mode> <bounce id='0'></bounce> <network_interfaces number='1'> <nic nic_index='0'> <name>eth2</name> <nic_detail>IFF_PF_PACKET</nic_detail> </nic> </network_interfaces> <subnet_range_per_link name='a'> <cidr_range>8.8.1.0/24</cidr_range> <cidr_range>164.70.18.0/24</cidr_range> <cidr_range>164.70.10.0/24</cidr_range> <cidr_range>164.70.11.0/24</cidr_range> <cidr_range>144.90.10.0/23</cidr_range> <cidr_range>144.90.8.0/23</cidr_range> </subnet_range_per_link> </net> <policy> <selective_cache_in_threshhold>1</selective_cache_in_threshhold> </policy> </service> </common> <servers>1</servers> <server id='1'> <cache-engine> <network> <vip>192.168.22.2</vip> </network> <service></service> <cdr_log_level>LOG_INFO</cdr_log_level> </cache-engine> </server> </cluster>
The cluster configuration for Bounce mode has the following differences:
The fwd-mode element is configured to BOUNCING. Each server contains an interface with its local VIP address for Bounce mode.
Sandvine Configuration
The following is the sample UltraBand 1000 configuration .txt file with Sandvine divert mode:
file : policy.conf
##################### ### Divert Policy ### ##################### # Each specific PeerApp box needs to be a distinct "destination" destination "peerapp1" divert ip 10.10.10.11 reset_server false
115
# This defines the health checking type and parameters. healthcheck "check1" ping interval 2 seconds timeout 500ms # This defines a "group" of destinations for load-balancing purposes. # It also enables the health checking. destination "peerapp" group destinations "peerapp1" healthchecks "check1" ## This is the rule to select which traffic goes to an element of the group ## subject to load balancing. # If layer4protocol TCP then divert destination "peerapp" if protocol "http" or protocol "bittorrent" or protocol "edonkey" or protocol "ares" or protocol "youtube" \ or protocol "Gnutella" then divert destination "peerapp" (NWTNSDVN:wheel)#
116
A
CLI Reference
The following is a tree structure of the commands in the CLI provided with the UltraBand 1000.
Regular Mode
arp cache hash list display export summary direction dmesg dstat enable eventlog export show tail exit help ifconfig iostat jumbo ping show Display ARP table Cache operations Display cache metadata using hash ID Cache list operations Display cache content Export cache content Display CMDB statistics summary Calculate the visible subnets on the interface Display the dmesg Display hardware, software, and I/O statistics Enter Enable mode Event log commands Export event log to TFTP server Display event log Display online event log Logs you out from the CLI Display CLI commands Display the interface(s) Display extended I/O statistics Send jumbo echo messages Send echo messages Show run-time information
117
eventlog leader mount process status systemid time uptime version volumes tcpdump traceroute who
Display event log Display current cluster leader Display currently mounted file-system Display status of UltraBand components Display cluster administrative and application status Display system serial number Display system date and time Display cluster uptime Display software version Display mounted volumes Dump traffic on a network interface Display a packets route Show users logged in to CLI
Enable Mode
Includes all commands available in Regular mode, the whole list is as follows:
access Manage system access parameters Enable mode password Set idle session timeout value Regular mode password Restart apache Display ARP table Cache operations Manage cache black list Add file to black list Display entire black list Export black list Remove file from black list Display cache metadata using hash ID Cache list operations display export remove summary sync volume Display cache content Export cache content Remove file from cache Display CMDB statistics summary Verify and synchronize cache metadata Manage cache volumes add dump export remove hash list black_list
118
activate deactivate remove config direction dmesg dstat eventlog export forward show stop tail exit help ifconfig iostat jumbo license activate get show oper ping reset rollback all server<#> show config eventlog leader license mount process status systemid time
Activate a cache volume Stop using a specific volume for caching Remove all hash IDs from a specific volume Enter Configuration mode Calculate the visible subnets on the interface Display the dmesg Display hardware, software, and I/O statistics Event log commands Export event log to TFTP server Starts event log forwarding Display event log Stops event log forwarding Display online event log Logs you out from the CLI Display CLI commands Display the interface(s) Display extended I/O statistics Send jumbo echo messages Manage system license Activate system license Import license from TFTP server Display current license System management operations Send echo messages Reset management services Rollback UltraBand software version Rollback all servers to previous version Rollback specific server to previous version Show run-time information Display running configuration Display event log Display current cluster leader Display system license information Display currently mounted file-system Display status of UltraBand components Display cluster administrative and application status Display system serial number Display system date and time
119
uptime version volumes tcpdump traceroute upgrade all management server who
Display cluster uptime Display software version Display mounted volumes Dump traffic on a network interface Display a packets route Upgrade UltraBand software version Upgrade UltraBand software on all servers Upgrade UltraBand software for management server Upgrade UltraBand software for specific server Show users logged in to CLI
Configuration Mode
apply diff discard display exit export help import network default_gw ip ntp server timezone restore time Apply config changes Show pending changes Discard pending changes Display pending configuration Exit current mode Export cluster configuration to TFTP server Commands description Import cluster configuration from TFTP server Configure management network interface Configure default gateway Configure management network interface Configure management NTP parameters Configure management NTP server Configure management NTP timezone Restore last good configuration Set system date and time
Server Mode
arp_server direction_server dmesg_server dstat_server exit fdisk_server Display servers ARP table Calculate visible subnets on interface Display dmesg Display I/O, CPU, and networking statistics Enter Enabled mode Display available caching block devices
120
help ifconfig_server iostat_server jumbo_server lock powercycle process_server restart start stop systemid_server tcpdump_server unlock service restart start stop
Display available commands Display interface(s) Display I/O statistics Echo jumbo packets Lock server in out-of-service mode graceful server shutdown display process status for pang, spread, apache, and ntp Restart server UltraBand application Start server UltraBand application Stop server UltraBand application Show chassis ID Tcpdump on appropriate server Unlock server from out-of-state to in-service mode Manage services Restart UltraBand software and all its services Start UltraBand software and services Stop UltraBand software and all its services
121