PeerApp UltraBand 1000 Administration Guide - Grid Configuration

UltraBand 1000 Administration Guide
UltraBand 1000 Grid Configuration Version 2.3
Release 1.3.0
Copyright
Copyright 2008 by PeerApp.
If you require any assistance, please contact us: PeerApp Headquarters PeerApp Inc. Echo Bridge Office Park 381 Elliot Street, Suite 140LNewton Upper Falls MA 02464, USA http://www.peerapp.com support@peerapp.com
Table of Contents
About This Guide ....................................................................................................... 1 Chapter Summaries ........................................................................................................ 1 Acronyms ........................................................................................................................ 2 Chapter 1 Overview ................................................................................................................... 3 The Building Blocks of the Solution ................................................................................ 3 Hardware Architecture ................................................................................................... 4 Network Connectivity ..................................................................................................... 5 Software Architecture .................................................................................................... 5 Management .................................................................................................................. 6 Management Connectivity ............................................................................................. 6 System Configuration ..................................................................................................... 7 System Monitoring ......................................................................................................... 7 Software Upgrades ......................................................................................................... 7 Typical Network Configurations ..................................................................................... 8 Working With UltraBand 1000 Management Tools ................................................... 10 Working With the CLI ...................................................................................................11
Getting Started with the CLI ................................................................................................ 11 CLI Command Editing Features ............................................................................................ 12 CLI Modes ............................................................................................................................ 13
Chapter 2
TFTP Server ...................................................................................................................14 Working With the Configuration File............................................................................15

Configuration File Sections .................................................................................................. 16
Accessing UltraBand 1000 SNMP Information .............................................................16 Chapter 3 Configuring UltraBand 1000 ..................................................................................... 17 Main Operational Features (Quick Jumpstart) .............................................................18 The UltraBand 1000 Platform Features ........................................................................18
Caching Specific Features .................................................................................................... 19 Platform Specific Features ................................................................................................... 21
UltraBand 1000 Administration Guide - Grid Configuration
Platform Operational Specific Features ............................................................................... 21 Traffic Specific Features ....................................................................................................... 23
CLI-based Configuration ...............................................................................................23

Configuring Passwords......................................................................................................... 23 Recovering Passwords ......................................................................................................... 23 Configuring Management Network ..................................................................................... 24 Configuring Local Time ........................................................................................................ 24 Managing the Caching Service ............................................................................................. 25 Managing Servers ................................................................................................................ 25 Resetting Management Service ........................................................................................... 26
File-based Configuration ..............................................................................................26

Configuring SNMP ................................................................................................................ 26 Configuring L4/L7 Switch Type ............................................................................................ 26 Configuring P2P Protocols ................................................................................................... 27 Configuring Bandwidth Management ................................................................................. 27 Configuring Traffic Forwarding Options .............................................................................. 28 Configuring Caching Policies ................................................................................................ 28 Configuring Server Virtual IP Address .................................................................................. 29 Configuring Server Data IP Address ..................................................................................... 29
Upgrading the System ..................................................................................................30

Upgrading UltraBand 1000 Software ................................................................................... 30 Upgrading UltraBand 1000 License ..................................................................................... 30
Chapter 4
UltraBand 1000 CLI Commands ................................................................................ 32 Regular Mode Commands ............................................................................................33 Enable Mode Commands .............................................................................................51 Monitoring UltraBand 1000...................................................................................... 81 Supported Setups .................................................................................................... 83 Using PBR on High Ports ...............................................................................................84
Alteon DPI with Asymmetric and UltraBand 1000 ............................................................... 84
Chapter 5 Chapter 6
Using Promiscuous Mode with Allot ............................................................................84

Asymmetric Inline UltraBand 1000 with Allot 2540 ............................................................ 84 Asymmetric Inline UltraBand 1000 Grid with Allot 2540..................................................... 86
Using Bounce Mode with Sandvine ..............................................................................87

Asymmetric Grid UltraBand 1000 and PBR High Ports ........................................................ 87 Forwarding Flow ............................................................................................................ 88 Cache-out Flow .............................................................................................................. 89 Failure Handling ............................................................................................................. 90
Chapter 7
Sample Configuration Setups ................................................................................... 91 PBR Configuration.........................................................................................................91

ISP Router Configuration ..................................................................................................... 91 Cisco Router ................................................................................................................... 91 Juniper M/T Series Routers ............................................................................................ 92 UltraBand 1000 Configuration ............................................................................................. 95 PeerApp Router Configuration ............................................................................................ 96 Alteon Configuration ........................................................................................................... 98
Multi-Tunnel Mode.....................................................................................................105
ISP Router Configuration ................................................................................................... 105
ii
UltraBand 1000 Configuration ........................................................................................... 106 PeerApp Router Configuration .......................................................................................... 107 Alteon Configuration ......................................................................................................... 107
Multi-Tunnel and VLAN Mode ....................................................................................107

ISP Router Configuration ................................................................................................... 107 UltraBand 1000 Configuration ........................................................................................... 110 Alteon Configuration ......................................................................................................... 111
Promiscuous Mode .....................................................................................................112

ISP Router Configuration ................................................................................................... 112 UltraBand 1000 Configuration ........................................................................................... 112
Bounce Mode .............................................................................................................113

ISP Router Configuration ................................................................................................... 113 UltraBand 1000 Configuration ........................................................................................... 114 Sandvine Configuration ..................................................................................................... 115
Appendix A CLI Reference......................................................................................................... 117 Regular Mode .............................................................................................................117 Enable Mode...............................................................................................................118 Configuration Mode ...................................................................................................120 Server Mode ...............................................................................................................120
iii
About This Guide

This guide describes PeerApps UltraBand 1000 P2P caching appliance. The UltraBand 1000 is a network appliance designed for ISPs that localizes and reduces P2P traffic on your networks by up to 70%. The UltraBand 1000 intercepts P2P traffic on your network, monitors P2P activity, caches requests, and serves the requested P2P files from the cache instead of the wide area network. The UltraBand 1000 is a family of products that can be configured as a single cache-engine server (UltraBand 1000 Standalone Configuration) or a set of cache-engine servers (UltraBand 1000 Grid Configuration).
Chapter Summaries
This document is organized into the following chapters:
Overview This chapter introduces the UltraBand 1000, explains the parts and
components, and helps you understand the concepts required to use the rest of this guide.
Working With UltraBand 1000 Management Tools This chapter describes how to use the
management tools provided by the UltraBand 1000, including the CLI, file upload and download capabilities, the configuration file, and SNMP. The information provided in this chapter is required to perform the management tasks in the remaining chapters.
Configuring UltraBand 1000 This chapter describes how to configure and perform
maintenance on the UltraBand 1000, including system configuration, network configuration, and the P2P software functionality.
UltraBand 1000 CLI Commands This chapter describes how to work with the
UltraBand 1000 CLI.
Monitoring UltraBand 1000 This chapter describes how to monitor the UltraBand 1000
by viewing networking and cache statistics.
Supported Setups This chapter defines the setups that are supported in UltraBand 1000
installations.
Sample Configuration Setups This chapter presents the sample configuration files for the
various setups that are supported in UltraBand 1000 installations.
CLI Reference This appendix presents all the commands available in the CLI along with
brief explanations for each of them.
Acronyms
Table 1: Acronyms
Acronym HASH ID UB1000
Stands for A unique identifier for a file that is retrievable using peer to peer protocol. UltraBand 1000.
1
Overview
The UltraBand 1000 is a network appliance designed for ISPs that localizes and reduces P2P traffic on your networks by up to 70%. The UltraBand 1000 intercepts P2P traffic on your network, monitors P2P activity, caches requests, and serves the requested P2P files from the cache instead of the wide area network. The UltraBand 1000 P2P easily integrates into your network. Its scalable architecture grows with your network requirements and can scale to a multi-gigabit solution.
The Building Blocks of the Solution

The UltraBand 1000 solution is built on three key elements, which together provide the optimal answer to your needs. The elements are all carrier grade, providing redundancy at all levels and include:
Powerful L4/L7 switch The switch is responsible for redirection of P2P traffic to the
caching engine and is placed seamlessly in the existing network. The configuration is based on P2P protocol specific L4/L7 signatures, which ensure the P2P, and only the P2P, traffic is forwarded to the Caching engine. The switch is introduced into the network as a Layer 2 switch connected with GbE links. The switch provides added value services, such as applying policies (for example: capping, coloring packets, and blocking) to specific types of traffic and the ability to provide detailed reporting and network analysis. It is important to emphasize that the Switch does not interact in any way with the adjacent equipment beyond the Layer 2 level. This is to say that there is no change to SRC or Destination IPs.
The switch is only mandatory for promiscuous and bounce PBR mode.
Caching engine with multiple I/O processing modules The heart of the UltraBand 1000
caching solution is the Caching Engine. The Caching Engine is based on a modular technology, which can scale to a multiGigabit solution. The Caching engine analyzes the
P2P traffic and is in charge of the actual bandwidth savings achieved by caching and retrieving files from the centralized storage.
Centralized storage array The storage array is a high performance system selected to
answer the extreme demands posed by the P2P traffic. Centralized storage eliminates content duplication, providing a scalable platform for increased bandwidth. Figure 1 illustrates the UltraBand 1000 solution elements, L4/L7 switch, modular caching engine, and centralized storage.
Figure 1: Solution Elements
The UltraBand 1000 solution is managed through an out-of-band network, which is separate from the data flow, providing the ultimate security.
Hardware Architecture
The UltraBand 1000 is a carrier grade platform. The platform is made of four building blocks:
Management server
Dual Core Intel Xeon. 2.0GB, 677MHz FBD. Dual Gigabit Ethernet.
Cache engine server

Dual Quad Core Intel Xeon. 8GB 677MHz FBD.
Dual Gigabit Ethernet (onboard). Quad Port Gigabit network card.
L2 Ethernet switch
Aggregating iSCSI storage, control, and management traffic. CISCO 2960 with 24/48 ports.
L2/L3 Ethernet switch

Depending on implementation (aggregating incoming/outgoing traffic). If you are using UltraBand 2000, the modules are blades and not servers.
Network Connectivity
The external interfaces towards the network are GbE links. These interfaces can either be single/multi mode fiber or copper. Internal links between the Caching engines, management server, and storage arrays are GbE copper links.
Software Architecture
PeerApp has developed a high-performance caching engine, which provides efficient manipulation of traffic. There are four distinct layers in the software architecture networking, application, storage, and distributed file system. The network layer does not rely on previous L4/L7 detection of P2P, although this would result in greatly improved performance. The classifier manages the TCP sessions and is capable of basic detection of P2P protocols. Non-P2P sessions, in the case of a miss in the L4/L7 switch or the use of a Layer 4 redirection scheme, are forwarded transparently. The inspection module works hand-in-hand with the classifier defining how to treat each session. This module is protocol aware. Once the session has been established, the classifier directs the session to the caching module, which either saves the data to disk and continues forwarding it to the client, or intercepts the connection and serves the content from disk. The storage layer is responsible for saving and retrieving data from the Distributed file system. The disk manager decides what to save and maintains a local database, synchronized with all the other caching servers, of all the content available.
All four layers are accessible via a management API and are centrally controlled by the management server.
Figure 2: Software Architecture
Management
The UltraBand 1000 utilizes a centralized management system. The management server is responsible for configuration, monitoring, and data collection from all the elements within the solution (switches, storage, I/O servers, chassis). There are two ways to interact with the centralized management system:
CLI A familiar context-based interface for easy configuration and basic monitoring. The
CLI is accessible via a text-based interface via the console cable and remote SSH (v2).
SNMP The UltraBand 1000 provides a private MIB (SNMP v2) for easy access to all the
counters and information provided by the UltraBand 1000. This is especially useful for customers who prefer using already existing 3rd party software solutions. Monitoring via the private MIB offers centralized access to the UltraBand 1000.
Management Connectivity
The UltraBand 1000 provides two physical means of connection to the management system:
RS-232 Console connection to the CLI text based configuration and monitoring system. Out-of-band Ethernet TCP/UDP connectivity to the management system. Remote access
is via SSH V2 (CLI) or SNMP.
In an out-of-band management network, the network access control should allow access to the following ports for complete management functionality: TCP 22 (SSH), 161 (SNMP). UDP 161(SNMP). The UltraBand 1000 provides two security levels for users regular and enabled. The user database is stored locally on the appliance Enabled users are permitted to perform configuration commands, maintenance procedures, and low level debugging functionality. The regular level is permitted read-only commands, providing monitoring and basic debugging functionality.
System Configuration
Configurations are saved in text format and can be backed up on remote servers via TFTP. Although not recommended, the text based configuration files may be manipulated remotely and then downloaded to the UltraBand 1000 management server, providing a means of easily maintaining and altering configurations of multiple appliances.
System Monitoring
The UltraBand 1000 provides the ability to remotely monitor the system, via the CLI when the user is online, or via third party monitoring system, which uses SNMP and SNMP traps.
SNMP Provides access to all the statistics and environmental information in real-time. SNMP Traps Provides alarm triggered notification, including hardware failures (fans,
temperature, power, physical interfaces) and performance thresholds such as CPU utilization, and bandwidth consumption.
Software Upgrades
The UltraBand 1000 has two levels of software which are maintained the OS and application. OS upgrades are done infrequently and are usually security patches.
Typical Network Configurations

Introducing the UltraBand 1000 into a network can be done in one of two ways - centralized solution or localized per network zone (Metropolitan, POP, cable). When doing network design, it is important to verify that the L4/L7 switch is placed on a link where both directions of the session pass. This means that specific sessions always go through the same L4/L7 switch. This limitation is due to the nature of P2P traffic and the necessity to intercept the bi-directional connections. The following diagrams show typical ways of deploying the UltraBand 1000.
Figure 3: PeerApp Network Solutions
The following describes the various solutions shown in Figure 3:
PBR/VRF routing solution This topology is used when the L4/L7 is not inline and the
router forwards at L4.
Basic inter-route solution This topology is for an ISP that wishes to put the L4/L7 inline. CMTS solution This topology is used when a cable service provider wishes to save
bandwidth within its network.
BRAS aggregation solution This topology is the same as CMTS but traffic is further
aggregated.
Asymmetric data solutions These topologies may be used in cases where ingress and
egress traffic may traverse in different routes.
Asymmetric topology with transparent forwarding solution This topology is used for
integration with Allot NetEnforcer in an asymmetric network topology.
Transparent forwarding solution This topology is used for integration with Allot
NetEnforcer using port-based redirection. The UltraBand 1000 is scalable to a multi-gigabit system and has been designed to grow with the network requirements. The basic unit consists of L4/L7 switch, multi-IO server chassis, 5 IO servers, single management server and a single storage array. Introducing this solution to a network provides redundancy of I/O data engines, management functionality, and the raid disk array. To supply redundancy for L4/L7 switch, another L4/L7 switch should be deployed in a hot-standby topology, much like that used in common networks. Scaling up the solution is obtained by adding additional caching engines per chassis, multiple chassis and increasing the storage.
2
Working With UltraBand 1000 Management Tools
This chapter describes how to use the management tools provided by the UltraBand 1000, including the CLI, file upload and download capabilities, the configuration file, and SNMP. The information provided in this chapter is required to perform the management tasks in the remaining chapters. The UltraBand 1000 uses a number of different tools to help you configure, manage, and monitor its performance. For some management tasks you may have a choice of which tool to use. For instance, you can view all statistics both using SNMP and using the CLI. Table 2 lists the different management tools that the UltraBand 1000 uses. Further information about these tools is available in the remainder of this chapter.
Table 2: Management Tools
Management Tool Command-Line Interface (CLI)
Reference Use the CLI to perform most configuration and management tasks. For a complete description of the UltraBand 1000 CLI commands, refer to UltraBand 1000 CLI Commands on page 32. PeerApp provides license and software upgrades through the use of upgrade files that are downloaded to the UltraBand 1000 using a TFTP server. In addition, the configuration is modified by downloading a configuration file using TFTP.
TFTP
Configuration File SNMP
Use the configuration file to configure operational modes, caching, and SNMP settings. Use SNMP to monitor or view operational statistics of the UltraBand 1000. All the information available via SNMP is also available using the CLI.
10
Working With the CLI

The Command-Line Interface (CLI) can be used to perform configuration, management, and monitoring tasks required to manage the UltraBand 1000, including:
Configuring management settings, which includes:

Configuring passwords. Configuring management IP addresses. Configuring local time.
Performing system maintenance, which includes:

Managing the caching service. Managing servers.
Monitoring the system.

You can also use SNMP to monitor the system.
Upgrading the system, which includes:

Upgrading software. Upgrading license. Upgrading the system software or license is performed by downloading a new software or license file to the UltraBand 1000. For a complete list of all CLI commands, refer to CLI Reference on page 117.
Getting Started with the CLI

There are two ways to access the system CLI:
Serial console The serial console is used to access the standard CLI and the rescue CLI.
The rescue CLI is used to enter the basic network and login information that you need to get the system up and running and is only available from the serial console. To access the standard CLI, login as admin. To access the rescue CLI, login as rescue. UltraBand 1000 ships with default passwords for both admin and rescue users set to system serial number. Please make sure to change them. For instructions to change passwords, refer to Configuring Passwords below.
Local area network (LAN) connection using ssh.

Use ssh to connect to the CLI over a LAN connection for regular access to the CLI. When accessing the CLI using a LAN connection, use the login admin.
11
Before configuring the network settings for the UltraBand 1000, or if you have changed your network settings so that UltraBand 1000 is inaccessible from outside, you must use the serial console connection. To log into the CLI using the serial console: 1. Connect to the USB port on the leftmost server in the chassis using USB-to-serial dongle. Use the following serial settings: 57600,N,1; hardware and software flow control disabled. After connecting to console of the management server the system prompts you for login. 2. Enter the special maintenance login rescue and press Enter. 3. Enter the password for rescue user at the password prompt and press Enter. The setup script is executed. After the setup script is finished, the system automatically logs you out. To log into the CLI using ssh over a local area network connection: 1. Connect to the UltraBand 1000 using ssh from any machine on your LAN. A login prompt is displayed. 2. Enter admin at the login prompt and press Enter. 3. Enter the password at the password prompt and press Enter. The CLI prompt (console>) is displayed. To get help in the CLI:
To view a list of available commands in the CLI, enter help or press ?.

To log out of the system:
Enter exit at the CLI prompt.
CLI Command Editing Features

The TAB key provides auto-completion of command. If multiple choices are available, they
are displayed, option per line.
The ? key displays command and parameter hints. When basic command is incomplete,
this key displays multiple completion options, one per line together with a brief description. If a command is complete, pressing space + ? displays the next parameter hint.
Use the up and down arrow keys to navigate commands history
12
CLI Modes
The UltraBand 1000 supports several CLI modes:
Regular Mode In Regular mode you can view system configuration and statistics, but
cannot change any settings. While in Regular mode you are prompted with the regular CLI prompt: console>. From Regular mode you can enter Enable mode or exit the CLI.
Enable Mode In Enable mode, you can update the license or software, set the date,
configure the login name and password. While in Enable mode you are prompted with the enabled CLI prompt: console#. From Enable mode, you can enter Configuration mode or Server mode, or return to Regular mode by the exit command.
Configuration Mode In Configuration mode you can configure any settings on the
system. While in Configuration mode you are prompted with the config CLI prompt: configuration#. From Configuration mode, you can return to Enable mode by exit command. Please note that only one user may use Configuration mode at any given time. If you exit Configuration mode without applying your changes, these changes are lost.
Server Mode In Server mode, you can start, stop, or restart an individual server. You can
also set the servers log level. While in Server mode you are prompted with the CLI server prompt: oper server <server number> # (for instance: oper server 1#). From Server mode, you can exit back to Enable mode by exit command.
Rescue CLI In addition to the standard CLI modes, the rescue CLI is to be used to recover
incorrect management network configuration and lost or forgotten CLI passwords. While in rescue CLI mode you are prompted with the rescue CLI prompt: rescue@ce-1#. In the rescue CLI mode, you can execute the following commands: access Reset the white and black management access lists. passwords Reset the admin and rescue passwords. network Configure following network parameters: IP address, netmask, default gateway, and DNS server. exit Exit the rescue CLI mode. help Print the list of rescue CLI commands. This command can also be executed by entering ? at the rescue CLI prompt. After executing one of the above commands, you can perform another command or exit the rescue CLI mode.
13
To switch from normal mode to Enable mode: 1. Enter enable at the CLI prompt. A password prompt is displayed. 2. Enter the Enable mode password and press Enter. You are now logged in to Enable mode. The prompt changes to the enabled CLI prompt. The default password for Enable mode is equal to system serial number. Please make sure to change it following the installation. For instructions on how to change passwords, refer to Configuring Passwords on page 23. While logged into Enable mode, you may sometimes need to run configuration commands. To do this you must change to Configuration mode. To switch to Configuration mode:
Enter config at the enabled CLI prompt. You are now in Configuration mode.
To exit Configuration mode:
Enter exit at the CLI config prompt. You are returned to Enable mode.
To switch to Server mode:
Enter oper server <server number> at the enable CLI prompt, where
<server number> is the number of the server you want to control (for instance: 1). You
are now in Server mode. To exit Server mode:
Enter exit at the CLI server prompt. You are returned to Enable mode.
To switch from the enabled user to the normal user:
Enter exit at the enabled CLI prompt. You are returned to the Regular mode.
TFTP Server
To set up UltraBand 1000 for files uploading and downloading, you must have an external TFTP server running. You download files to the UltraBand 1000 using a TFTP server in order to:
Update the UltraBand 1000 software. Update the UltraBand 1000 license. Update the configuration by means of changes to the configuration file.
Before downloading a file to the UltraBand 1000, place the file onto the TFTP server.
14
Working With the Configuration File

The configuration file is used to configure the operational modes, cache settings, and SNMP settings for the UltraBand 1000. The configuration file is a well-formed, valid XML file. To change the configuration file: 1. Download the current configuration file: Enter export <IP address> <filename> at the CLI config prompt, where <IP address> is the IP address of your TFTP server and <filename> is the name of the file to which to write the current configuration. The configuration file is then uploaded to your TFTP server. 2. Edit the configuration file using a text or XML editor. When editing the file, ensure that you only edit the field values and do not change or erase the XML markup tags. If you inadvertently change the XML tags, the configuration will be rejected when you attempt to load it. 3. When you have completed editing the file, save your changes. 4. Download the changed configuration file to the UltraBand 1000:
a.
Ensure that the changed configuration file is located on your TFTP server.
b. Enter import <IP address> <filename> at the CLI config prompt, where <IP address> is the IP address of your TFTP server and <filename> is the name of
the changed configuration file. After performing the above steps, the changed configuration is downloaded to the system, but it is not yet loaded as the new configuration. 5. You can display or discard the new configuration before loading it. To display the currently loaded configuration, enter show config at the CLI prompt. To display the new configuration, which was loaded, but not yet applied, enter display at the CLI config prompt. To show the differences between the current configuration and the downloaded changed configuration, enter diff at the CLI config prompt. To apply the new configuration in place of the current configuration, enter apply at the CLI config prompt. To discard the new configuration without making any changes to the current configuration, enter discard at the CLI config prompt. To restore the old configuration after applying a new configuration, enter restore at the CLI config prompt.
15
Each time you enter restore you revert to an older version of the configuration. After reverting to an older configuration, the newer configuration is discarded and cannot be restored.
Configuration File Sections

The configuration file has three main sections:
mgmt-config The information in this section is for informational purposes only. After
downloading the configuration file from the system, this section displays the network settings on the system.
common Use this section to define the default settings for all servers. Any settings in the
individual server sections override the fields in this section.
server id=<#>, where <#> is the number of the caching engine server (slot number
minus 1). Use this section to define the settings for an individual server. Aside from the network configuration section, the fields in this section are contained in a service sub-section and are identical to the fields in the service sub-section of the common section. The settings in this section override the fields in the common section.
Accessing UltraBand 1000 SNMP Information

The UltraBand 1000 provides a robust set of SNMP status information, which you can monitor using any standard SNMP tools. All status information available via SNMP is also available using status commands in the CLI. The SNMP is provided using a private MIB (SNMP v2) environment.
16
3
Configuring UltraBand 1000
This chapter describes the steps necessary to configure and perform maintenance on the system if you need to make any changes. The types of configuration described in this chapter include the following:
The main Operational Features (Quick Jumpstart). CLI-based configuration:

Configuring Passwords. Configuring Management Network. Configuring Local Time.
File-based configuration:
Configuring SNMP. Configuring L4/L7 Switch. Configuring P2P Protocols. Configuring Bandwidth Management. Configuring Traffic Forwarding Options. Configuring Caching Policies. Configuring Server Virtual IP Address. Configuring Server Data IP Address.
17
Main Operational Features (Quick Jumpstart)

The following configuration elements need to be configured initially, to jumpstart the system. Detailed configuration instructions are provided later-on in this chapter.
CLI-based configuration:
Configuring Management Network.
File-based configuration:
Configuring SNMP/NTP. Configuring P2P Protocols. Configuring Traffic Forwarding Options When deploying a UB1000 Grid platform, there are several different supported layer7 devices configurations that can be used. Symmetric / asymmetric connection modes with single/multiple port connections are possible, when configuring layer7 devices with the UB1000 Grid platform. Supported configurations are outlined hereafter.
Allot 2500 integration. Sandvine integration in divert mode. Multi-port network link failure handling. VLAN tagging full support. UB1000 Grid Allot integration - work with Allot as a redirector. Multi-Alteon support.
Asymmetric traffic support:
The ability to work with more than one tunneling mode with Allot.
Multi interface support:
Improve connectivity options, by adding support to work with more than one
physical Ethernet interface. Support is available for:
Allot in promiscuous mode. Alteon in multi-tunnel mode.

VLAN tagging (802.1q) support (partial only for asymmetric & one port). The ability to work with packets that have the VLANS tagged.
The UltraBand 1000 Platform Features

The following is a list of system features that are available in the UltraBand platform. Some of these features are configurable through the platform configuration file and some through the CLI.
18
Caching Specific Features

Black list of hashes Specific HASHes can be marked as non-cacheable. These HASHes will
not be cached or provided to the users if already cached starting from the time a command to do so is given. The black list is maintained using CLI, allowing the administrator to add, remove or view the list of HASH-ID(s) in the black-list.
Selective caching Deals with the ability to control and dynamically change the popularity
decisions related to file caching. Stages will be changed dynamically as oppose to fixing a decision through a static configuration.
Small memory buffer When the traffic is very low because of a configuration of the
shaper, the memory buffer size might be too large (in memory) for this shaper. This feature allows control over the buffer size, to optimize memory use and tailor it to the way the traffic is shaped. If the buffer size does not match the shaped traffic size the cache will be filled-up too slow. Controlling the buffer size is done through the cluster-conf, using the following statement:
<memory> <small_io_blocks>8000</small_io_blocks> </memory>
Bandwidth-per-connection management Allows control (Bandwidth - management)

over the cache-out sessions. This allows placing a top limit on the cache-out sessions. This is controlled in the cluster.conf file, by adding the following statements:
<bandwidth-management> <enable-bandwidth-management>1<enable-bandwidth-management> <bandwidth-per-connection>100000<bandwidth-per-connection> </bandwidth-management>
Administrative state Locked Allows locking a specific server from handling traffic. (This
feature applies only to UltraBand 1000 systems)
<cache-engine> <admin_states> locked</admin_states> </cache-engine>
Upstream caching Last mile architecture suffers from limited upstream resources which
are gravely affected from Peer-to-Peer symmetrical traffic pattern. Upstream caching relives network congestion by providing cached pieces to Peers in other zones, directly from the cache instead of the last mile user.
HTTP caching UltraBand caches any large HTTP documents (such as, video files, video
streaming and images) in order to reduce bandwidth usage, and to improve user experience through accelerated document download time. Transparent HTTP caching is
19
implemented; therefore any standard HTTP contained document can be cashed regardless of the URL associated with it. Support for this protocol is configured through the cluster.conf file. Add the following configuration statement to the <protocols> section in Cluster.conf for the platform to support the HTTP protocol:
<enable-http>1</enable-http>
ARES protocol support Ares Galaxy is an open source P2P file sharing application and
protocol that uses its own decentralized supernode/leaf network. Support for this protocol is configured through the cluster.conf file. Add the following configuration syntax to the <protocols> section in Cluster.conf for the platform to support the ARES protocol:
<enable-ares>1</enable-ares>
Foxy support Foxy is a Gnutella client. Support for this protocol is configured through the
cluster.conf file. Add the following configuration syntax to the <policy> section in Cluster.conf for the platform to support the Foxy client:
<policy> <gnutella_foxy_support>1</gnutella_foxy_support> </policy>
PANDO support The UltraBand platform supports the PANDO protocol. Pando is a
proprietary software for P2P file sharing. It's mainly aimed at sending files using both Peerto-peer and Client-server architectures that would normally be too large to send via more conventional means. Pando uses a 256-bit end-to-end encryption method to secure communication among peers. The primary difference with traditional BitTorrent file transfer operation is that a copy of the shared file is uploaded to Pando's servers and remains there for a limited time, seeding it. In this way, the file remains available even after the original sender goes offline. Support for this protocol is configured using the cluster.conf file. Add the following configuration syntax to the <protocols> section in Cluster.conf for the platform to support the PANDO protocol:
<enable-pando>1</enable-pando>
20
Platform Specific Features

CFS: Cluster File System A distributed file-system, which can operate seamlessly over ntimes storage devices/disks. This provides a very large storage for each cache engine, enabling very fast data retrieval of cached data. The CFS is a content aware file-system, optimized specifically for the content it stores. It uses less IO operations to service the amount of cached information it serves. Faster data throughput is achieved.
Platform Operational Specific Features

Duplicate logs to external syslog The ability to duplicate the eventlog sent to syslog and
transfers the information to a syslog external server, while the system is running. This is configurable through the cluster.conf file (Configuring the IP of the external syslog in the cluster.conf):
<mgmt-config> <external_syslog_ip>192.168.0.154</external_syslog_ip> </mgmt-config>
Start/stop forwarding using a CLI command is supported. Please refer to the eventlog forward/stop commands in Enable Mode Commands on page 51.
Automatic idle session logout The timeout interval of an idle CLI session, after which the
session is terminated. Can be configured through a CLI command.
Management ACL (Access Control List) Provides an approved (white list) and a denied
(black-list) of system management features of the platform. These are the CLI and the WEB (UBview) management interfaces. This is done using IP subnet ranges (added/removed through the linux firewall). Configuration is done using the cluster.conf configuration file. There are two options for specifying the ACLs: Option 1 Allow some IP address and block all the rest. This can be done by defining some good IPs in the white list, and block all the rest:
<white_access_list> <access_entry>192.168.1.1</access_entry> <access_entry>192.168.1.2</access_entry> </white_access_list>
Option 2 Block some IPs, allow the rest:

<black_access_list> <access_entry>80.122.12.1</access_entry> <access_entry>80.122.12.2</access_entry> </black_access_list>
SNMP Traps forwarding The platform generates SNMP traps upon certain events.
Forwarding these traps to an external server is supported.
21
Controlling the traps forwarding is done through the clusted.conf file, with the following statements related to the IP of the traps server, SNMP communities etc. The following statements needs to be present in the cluster.conf:
<snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>ffff</snmp-trap-community> </snmp>
E-mail alerts In addition to SNMP traps, it is possible to forward critical platform alerts to
a specific e-mail server. This is controlled through the cluster.conf file, where the following statements needs to be added:
<mgmt-config> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> </mgmt-config>
Export CDR The platform tracks each cache-out session and writes out a CDR record
related to the session when it ends. The CDR recording files are created periodically and can be retrieved using FTP. The set of CDR files are created managed periodically. The following is a sample CDR record:
Time 06-07-08 07:38:16.980 Protocol HTTP, bytes sent 4751360, Downloader ip:port 213.190.209.114:1531, thread_id 0x51822940 log info [cdr:Statistics]
hash reason for closure 75053B09EC96DAE2D47748DA18F3EF8A618D1738, DOWNLOADER, connection length in seconds 12, uploader ip:port 74.125.4.150:80
UB1000 using iSCSI and Dell PowerVault MD3000i The UB1000 platform is now fully
integrated with the Dell MD3000i SAN storage solution. The Dell PowerVault MD3000i can consolidate up to sixteen (16) fully redundant hosts, expand to support up to 5.7TB of data (using 380GB SAS drives) and provides wizard based installation, intuitive management, advanced data protection software. Supporting the PowerVault MD3000i increases the storage capacity of the UB1000 platform and allows the creation of a clustered file-system (using two or more UB1000 platforms).
22
Traffic Specific Features

TOS coloring support Add ability to color packets so that the shaper or another
network entity can follow these marks (for example: not shape these packets). Here is an example of how to color only CACHE_OUT with 8:
<tos_markup> <tos_overwrite>0</tos_overwrite> <class name="cache-out"> <out_mode>CACHE_OUT</out_mode> </class> <action name="mark-with-8"> <dscp>8</dscp> </action> <rule id="1"> <enable_rule>1</enable_rule> <priority>20</priority> <class_name>cache-out</class_name> <action_name> mark-with-8</action_name> </rule> </tos_markup>
CLI-based Configuration
Configuring Passwords
To change the password required to log in to the CLI:
Enter access user-password <new password> at the enabled CLI prompt, where
<new password> is the new password for the normal user. The password is changed.
To change the password required to access Enable mode:
Enter access enable-password <new password> at the enabled CLI prompt, where
<new password> is the new password for the enabled user. The password is changed.
Recovering Passwords
Should you lose or forget the initial CLI password or Enable mode password, you can reset them to their default values through special rescue CLI. The rescue CLI is available from serial console only. For further information, refer to Rescue CLI on page 13.
23
Configuring Management Network

You must configure the IP address, netmask, and gateway address for the management server in order to access the CLI using a LAN connection. To set up IP address: 1. Enter network ipaddr <IP address> <netmask> at the CLI config prompt, where <IP address> is the IP address you want to use for the UltraBand 1000, and <netmask> is the netmask in xxx.xxx.xxx.xxx. notation. 2. Enter network default_gw <gateway address> at the CLI config prompt, where <gateway address> is the IP address of the desired gateway. After performing the above steps, IP networking is set up for the management server. To test the IP setup: 1. Enter ping <IP address> at the enabled CLI prompt, where <IP address> is an IP address on your local area network. This tests the connectivity from the UltraBand 1000 to the entered IP address. If you cannot reach the destination, check your IP address and netmask settings. 2. Enter traceroute <IP address> at the enabled CLI prompt, where <IP address> is an IP address to which you want to trace a connection. This shows the network routing between the management interface of UltraBand 1000 and the entered IP address. If you cannot reach the desired destination, check your IP address and gateway address settings.
Configuring Local Time

You configure local time on the UltraBand 1000 either manually or through the use of a Network Time Server via NTP. To view the time on the system:
Enter show time at the CLI prompt.

To configure local time manually:
Enter time <MMDDYYhhmm> at the configuration# CLI prompt, where <MMDDYYhhmm> is

the new date and time (two digits each for month, date, year, hours, and minutes). The date and time are set. Please note that the configuration# CLI prompt requires Enabled mode privileges. For more information, see UltraBand 1000 CLI Commands on page 32. To configure local time using NTP: You can configure NTP either using the CLI or using the configuration file.
24
Using the CLI: 1. Enter config at the enabled CLI prompt. You are now in Configuration mode. 2. Enter ntp server-ip <IP address> at the CLI config prompt, where <IP address> is the IP address of the NTP server. Instead of <IP address>, you can enter <127.127.1.0> for the local server. 3. Enter ntp timezone <timezone> at the CLI config prompt, where <timezone> is the local time zone according to its GMT offset. 4. Apply configuration using apply. Using the configuration file:
Edit the following fields in the configuration file:

common ntp server-ip The IP address of the NTP server. common ntp timezone The time zone according to its GMT offset. After one of the above procedures, NTP is configured.
Managing the Caching Service

To stop, start, or restart the UltraBand 1000:
Enter oper service <stop|start|restart> at the enabled CLI prompt, where:

stop stops the caching service. start starts the service after it has been stopped. restart performs a soft restart of the caching service by stopping and restarting each server one-by-one. This option should be used to restart caching service with minimal impact to the transit traffic. The caching service stops, starts, or restarts as specified.
Managing Servers
To stop, start, or reset a single server:
Enter stop, start, or restart at the CLI server prompt, where:

stop stops the servers operation. start starts the server after it has been stopped. Restart performs a soft reload by stopping and restarting the server.
25
The server changes operation as specified.
Resetting Management Service

In Configuration mode, only one user can perform configuration operations at a time. Should this user terminal get stuck, in order to recover the ability to configure the system, you need to reset the management service. To reset the UltraBand 1000:
Enter reset at the CLI server prompt.

This will reset all active CLI sessions in the system. Please use this option with caution.
File-based Configuration
When configuring software settings in the configuration file, you can set fields in the common section to apply to all servers, or in the specific section for an individual server. The fields in the individual servers section override the fields in the common section for that server. Sample configuration files can be found in Sample Configuration Setups on page 91.
Configuring SNMP
To set up SNMP:

common snmp trap-ip The IP address of the SNMP trap server. common snmp snmp-read-community The SNMP read community name, for viewing network status and statistics. common snmp snmp-write-community The SNMP write community name, for executing commands on the system. common snmp snmp-trap-community The SNMP trap community name for receiving SNMP traps.
Configuring L4/L7 Switch Type

To configure L4/L7 switch type:
Edit the following field in the configuration file:
26
common (or server<#>) service net switch-type Enter either L4 or L7 to select the desired switching type.
Configuring P2P Protocols

To configure P2P protocols:

common (or server<#>) service proto enable-kazaa Enables or disables the Kazaa protocol. 1: enabled, 0: disabled. common (or server<#>) service proto enable-bittorrent Enables or disables the BitTorrent protocol. 1: enabled, 0: disabled. common (or server<#>) service proto enable-edk Enables or disables the eDonkey protocol. 1: enabled, 0: disabled. common (or server<1>) service proto enable-gnutella Enables or disables the gnutella protocol. 1: enabled, 0: disabled. common (or server<1>) service proto enable-ares Enables or disables the Ares protocol. 1: enabled, 0: disabled. common (or server<1>) service proto enable-http Enables or disables the HTTP protocol. 1: enabled, 0: disabled.
Configuring Bandwidth Management

To configure bandwidth management:

common (or server<#>) service bandwidth-management enable-bandwidth-management Enables or disables the bandwidth management service. 1: enabled, 0: disabled. common (or server<#>) service bandwidth-management bandwidth-per-connection Sets the maximum bandwidth per connection, in bytes/second.
27
Configuring Traffic Forwarding Options

These options must match your network configuration, and should not be changed unless you change gateway configuration on your network. UltraBand 1000 supports the following traffic forwarding modes:
Table 3: Traffic Forwarding Modes
Forwarding Mode TUNNEL MULTI_GW PROMISCUOUS BOUNCE
Corresponding Topology Single router is on either side of L4/L7 switch. Subscribers side of the L4/L7 switch has multiple routers. The L4/L7 switch forwards traffic via two dedicated ports without changing L2 addresses (as-is). The platform sends packets back using the same interface while swapping the source and destination MAC addresses.
To configure traffic forwarding options:

common (or server<#>) service net fwd-mode The forwarding mode as described above. common (or server<#>) service net gw<#> IP addresses of two edges of the tunnel, gw1 and gw2, are specified here . This configuration is used only when TUNNEL forwarding mode is configured. common (or server<#>) service net default-gw IP address of the default gateway in data network. Please note that in TUNNEL mode either gw1 or gw2 should be used as default gateway.
Configuring Caching Policies

The following general caching policy settings can also be set in the configuration file. To configure caching policies:

common (or server<#>) service policy enable-uploaderdisconnect Enables or disables automatically disconnecting a download from the cache if the remote peer (uploader) shuts down a connection or becomes unavailable:
1: enabled. 0: disabled.
28
common (or server<#>) service policy cache-direction Indicates in which direction to enable caching:
WORLD2ISP: traffic coming into the ISP en-route to subscribers machines. ISP2WORLD: traffic from subscribers going out to the Internet. ALL: all traffic in either direction.
common (or server<#>) service policy upload_cache_out Indicates the percentage of upstream P2P traffic that must come from the internal cache:
0%: disabled (all the upstream traffic can come from local peers). 1-99%: the specified percentage of the upstream traffic must come from the
UltraBand 1000 cache storage and the remainder can come from local peers.
100%: the upstream traffic can only come from the internal cache.
Configuring Server Virtual IP Address

Each individual server has a virtual IP address that must match the IP address in the L4/L7 switch. This IP is used for health monitoring, load balancing and forwarding from the L4/L7 switch. Certain redirectors can use virtual IP addresses to query cache server health. While the redirector receives responses on this virtual IP address, it can also redirect traffic there. Therefore, defining a number of virtual IP addresses per server regulates the amount of redirected traffic by dividing the traffic into manageable chunks. The TUNNEL and MULTI_GW traffic forwarding modes can be used with these redirectors. Specify a virtual IP address or multiple virtual addresses for these modes in each server section of the cluster configuration file. Up to 10 different virtual IP addresses can be configured on each server. To set the virtual IP address for a server:

server<#> vip The virtual IP address of the server. Each server can have up to 10 virtual IP addresses.
Configuring Server Data IP Address

Each individual server has a data IP address that must be in the same subnet with the gateways.
29
server<#> ipaddr The IP address of data interface of the server. server<#> netmask The IP netmask of data interface of the server.
Upgrading the System

This section describes how to upgrade the UltraBand 1000 in the following cases:
New software You download new software versions of the UltraBand 1000, which are
delivered as a file.
New software license You download new versions of the UltraBand 1000 software
license, which is delivered as a file.
Upgrading UltraBand 1000 Software

To install a new software version: 1. Enter show systemid at the CLI prompt. The system serial number is displayed. 2. Send a request by email for a software upgrade along with the serial number to PeerApp. PeerApp will send you a software upgrade file. 3. Place the new software upgrade file on your TFTP server. 4. Enter upgrade <tftp server> <file> at the enabled CLI prompt, where <tftp server> is the IP address of your TFTP server and <file> is the name of the new software upgrade file. An automatic upgrade process will start. If the version upgrade includes changes to management service, your CLI session may be disconnected in the end of upgrade process. If the management service is running, it is automatically restarted after the upgrade process is complete.
Upgrading UltraBand 1000 License

To view information about your installed license:
Enter show license at the CLI prompt. Information about the installed license is
displayed, including the version number and enabled features.
30
To install a new software license: 1. Place the new license file on your TFTP server. 2. Enter license get <tftp server> <file> at the enabled CLI prompt, where <tftp server> is the IP address of your TFTP server and <file> is the name of the new license file 3. Enter license activate to apply the license.
31
4
UltraBand 1000 CLI Commands
The UltraBand 1000 platform is controlled using a set of CLI commands, allowing full control over its operational states. The CLI commands are divided into two categories:
Regular mode commands Provides the ability to display versioning/licensing information

and to access/manipulate the system log. This mode does not support system configuration changes.
Enable mode commands Provides full control over the system configuration, cache
content manipulation, networking behavior, licensing, platform operation state, and managing the software version the system runs. This CLI interpreter is accessible through a unique username and password. The username is admin and the password is platform specific. The following is a sample authentication session:
login as: admin Using keyboard-interactive authentication. Password: PeerApp management: Cli version - 2.3.124 Snmp version - PeerApp management node software version 2.3.124 console>
This chapter provides a reference for all the CLI commands. Refer to CLI Reference on page 117 for a full list of available CLI commands.
32
Regular Mode Commands

The following commands are accessible in Regular mode. These commands are also available in Enable mode.
Table 4: Regular Mode Commands
Command arp cache direction dmesg dstat
Description Displays ARP table. Provides access to cache operations. Calculates the visible subnets on the interface. Displays the dmesg. Displays the Report Central Processing Unit (CPU), physical disks, network, paging and operating-system statistics, and I/O statistics. Enters Enable mode. Provides access to event log operations. Exits the current mode. Displays the list of Regular mode commands. Displays the interface(s). Displays extended I/O statistics. Sends jumbo echo messages. Sends echo messages. Displays run-time information. Dumps the traffic on the appropriate network interface. Displays the route used by the packet to reach its destination. Displays the list of users who are currently logged in.
enable eventlog exit help ifconfig iostat jumbo ping show tcpdump traceroute who
arp
The arp command displays the ARP table.
Command Parameters
None.
33
Sample Use
Display the ARP table.

console> arp Address ce-3 ce-5 ce-7 ce-1 ce-2 ce-6 192.168.3.4 ce-8 ce-9 10.11.18.200 10.11.18.202 10.11.18.201 ce-4 console> HWtype ether ether ether ether ether ether ether ether ether ether ether ether ether HWaddress 00:15:C5:FD:75:A0 00:15:C5:FD:32:89 00:15:C5:FD:2F:B9 00:15:C5:FD:75:FF 00:15:C5:FD:7C:F8 00:15:C5:FD:77:BC 00:17:65:C7:10:46 00:15:C5:FD:74:DD 00:15:C5:FD:38:E7 00:1E:C9:D6:37:F3 00:1E:4F:23:B9:06 00:1E:C9:D6:9C:3D 00:15:C5:FC:FF:0D Flags Mask C C C C C C C C C C C C C Iface eth0.50 eth0.50 eth0.50 eth0.50 eth0.50 eth0.50 eth0 eth0.50 eth0.50 eth0.60 eth0.60 eth0.60 eth0.50
cache
The cache command provides access to the cache operations that are available in Regular mode.
Command Parameters
hash displays the cache metadata using a hash ID. list displays cache content in one of the following modes:
display displays cache content. export exports cache content to a TFTP server, where the server name and file location are specified as: <tftp server address> <filename>. The file to which the content is exported must exist, and must have write access to all. If localhost is used as the <tftp server address> parameter, then the file will be located under the /tftpboot/ folder. You can only use localhost if you have root access on the localhost server. Otherwise, you must use an external tftp server and not the caching server. Additional parameters for this command are available in Enable mode. Refer to cache on page 53 for a description of the Enable mode parameters.
summary displays CMDB statistics summary.
34
Sample Use
Display the cache metadata using a hash ID.

console> cache hash 8486EE794FCA431669A7B504E525D151819F1C78 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP 8486EE794FCA431669A7B504E525D151819F1C78 ST:WATCHED HITS:4 IPS:1 VL:9 SZ:10491894 MP:0 FF:yes FS:1221182430 LS:1221399563 CO:10 MB FF:100.00 PFF:0.00 ch ecksum 2184D853EED84F9B752C8A70D31E602B2C82B4DA Hits: 4 First seen: Fri Sep 12 04:20:30 2008 Last access: Sun Sep 14 16:39:23 2008 Volume id: 9 Cached File size: 10491894 Max piece: 0 Full File: yes Full File Size: 10491894 BT_last_start: 0 BT_last_end: 10491894 max known bt piece size 0 cache out in MB 10 File fill factor 100.00 total full pieces 0 (0.00) HTTP checksum is 2184D853EED84F9B752C8A70D31E602B2C82B4DA piece bit mask 0x20 RANGES -------------- RANGES 0 00000000[00000000] 10491894[10491894] (END)
Display cache content.

console> cache list display HASH 77AF15685AD9D74912F62B8DE0E6DF7E210EF763 040E590F65C21581564842CCBAA21762739407D3 D76BF54B923A5F56496160481247F9188924E7C2 5F7A7BF126D70F109DD6FB8A65F7AF305B5B8C53 C98700E8AF5F86AD5C9820626FA19459121860DD 4AB73FDBCF01795C683F2DD14DA2D2DA71C73BF8 14E757C83703F829A04E226F5946D1FC67652E5F DAF5A753A66B0905B90A8E8461CF26D7F5E9A5B8 PROTOCOL HTTP HTTP HTTP HTTP HTTP HTTP HTTP HTTP SIZE 10145830 10536367 10592621 10493439 10631808 10383044 10631280 10554929 AGE 8 89 12 11 11 11 89 10
Export cache content to a file on a TFTP server.

console> cache list export 192.168.77.14 cache-list console>
Display CMDB statistics summary.

Console> cache summary hashes counter is 821461 Version Verify success ********************************************** ######################################################### Total size in DB: EDK 0 bytes [0.00 MB] [0.00 GB] Total size in DB: BTR 0 bytes [0.00 MB] [0.00 GB] Total size in DB: PANDO 0 bytes [0.00 MB] [0.00 GB] Total size in DB: GNUTL 0 bytes [0.00 MB] [0.00 GB] Total size in DB: ARES 0 bytes [0.00 MB] [0.00 GB] Total size in DB: HTTP 8484469097815 bytes [8091420.27 MB] [7901.78 GB] Total size in DB: KAZ 0 bytes [0.00 MB] [0.00 GB]
35
######################################################### EDK: Number of total hashes 0 Number of files 0 BTR: Number of total hashes 0 Number of files 0 PANDO: Number of total hashes 0 Number of files 0 GNUTL: Number of total hashes 0 Number of files 0 ARES: Number of total hashes 0 Number of files 0 HTTP: Number of total hashes 821460 Number of files 821460 KAZ: Number of total hashes 0 Number of files 0 ######################################################### Avarage file size in storage HTTP: 10328523.72 bytes [9.85 MB] ######################################################### Full file size in cmdb: EDK 0 Full file size in cmdb: BTR 0 Full file size in cmdb: PANDO 0 Full file size in cmdb: GNUTL 0 Full file size in cmdb: ARES 0 Full file size in cmdb: HTTP 798356 Full file size in cmdb: KAZ 0 ######################################################### EDK average age of: hashes none stored files none BTR average age of: hashes none stored files none PANDO average age of: hashes none stored files none GNUT average age of: hashes none stored files none ARES average age of: hashes none stored files none HTTP average age of: hashes 369844 stored files 369844 KAZ average age of: hashes none stored files none ######################################################### BTR: Max piece 0 average pieces per file none ######################################################### Console>
direction
The direction command calculates the visible subnets on the specified interface.
Command Parameters
interface name the interface for which to display the subnets.

Sample Use
Display the visible subnets on the interface eth0.

console> direction eth0 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10 packets captured 24 packets received by filter 0 packets dropped by kernel /opt/pang/bin/check_direction.sh: line 7: [: =: unary operator expected tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 1000 packets captured 2001 packets received by filter 0 packets dropped by kernel 6 00:14:22:6e:32:33
36
959 00:14:22:b1:a0:b4 4 00:17:65:c7:10:01 31 00:17:65:c7:10:46 console>
dmesg
The dmesg command displays the message buffer of the kernel (dmesg).
Command Parameters
None.
Sample Use
Display the dmesg.

console> dmesg e1000: eth0: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX ip_tables: (C) 2000-2006 Netfilter Core Team 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com> All bugs added by David S. Miller <davem@redhat.com> eth0.50: add 01:00:5e:00:00:01 mcast address to master interface eth0.60: add 01:00:5e:00:00:01 mcast address to master interface Loading iSCSI transport class v2.0-724. iscsi: registered transport (tcp) IA-32 Microcode Update Driver: v1.14a <tigran@aivazian.fsnet.co.uk> e1000: eth1: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX Installing knfsd (copyright (C) 1996 okir@monad.swb.de). NET: Registered protocol family 10 lo: Disabled Privacy Extensions eth0.50: add 33:33:00:00:00:01 mcast address to master interface eth0.50: add 33:33:ff:b1:a0:b4 mcast address to master interface eth0.60: add 33:33:00:00:00:01 mcast address to master interface eth0.60: add 33:33:ff:b1:a0:b4 mcast address to master interface Mobile IPv6 NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory NFSD: starting 90-second grace period iscsi: registered transport (iser) eth0.60: no IPv6 routers present eth0: no IPv6 routers present eth0.50: no IPv6 routers present eth1: no IPv6 routers present e1000: eth1: e1000_watchdog_task: NIC Link is Down e1000: eth1: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None NET: Registered protocol family 17 device eth1 entered promiscuous mode audit(1220975346.793:2): dev=eth1 prom=256 old_prom=0 auid=4294967295 device eth1 left promiscuous mode audit(1220975347.669:3): dev=eth1 prom=0 old_prom=256 auid=4294967295 device eth0 entered promiscuous mode audit(1220975351.138:4): dev=eth0 prom=256 old_prom=0 auid=4294967295 device eth0 left promiscuous mode audit(1220975353.134:5): dev=eth0 prom=0 old_prom=256 auid=4294967295 ip6_tables: (C) 2000-2006 Netfilter Core Team
37
Netfilter messages via NETLINK v0.30. nf_conntrack version 0.5.0 (2047 buckets, 16376 max) monitor[4050]: segfault at 0000000000002336 rip 0000000000002336 rsp 00000000407e4088 error 14 monitor[19592]: segfault at 0000000000002336 rip 0000000000002336 rsp 00000000407e4088 error 14 monitor[13295]: segfault at 0000000000002336 rip 0000000000002336 rsp 00000000407e4088 error 14 monitor[6335]: segfault at 0000000000002336 rip 0000000000002336 rsp 00000000407e4088 error 14 device eth1 entered promiscuous mode audit(1222071719.088:6): dev=eth1 prom=256 old_prom=0 auid=4294967295 device eth1 left promiscuous mode audit(1222071730.929:7): dev=eth1 prom=0 old_prom=256 auid=4294967295 device eth1 entered promiscuous mode audit(1222071730.949:8): dev=eth1 prom=256 old_prom=0 auid=4294967295 device eth1 left promiscuous mode audit(1222071863.612:9): dev=eth1 prom=0 old_prom=256 auid=4294967295 device eth0 entered promiscuous mode audit(1222071878.921:10): dev=eth0 prom=256 old_prom=0 auid=4294967295 device eth0 left promiscuous mode audit(1222071878.945:11): dev=eth0 prom=0 old_prom=256 auid=4294967295 device eth0 entered promiscuous mode audit(1222071878.965:12): dev=eth0 prom=256 old_prom=0 auid=4294967295 device eth0 left promiscuous mode audit(1222071890.950:13): dev=eth0 prom=0 old_prom=256 auid=4294967295 (END)
dstat
The dstat command displays a report of the Central Processing Unit (CPU), physical disks, network, paging and operating-system statistics, and I/O statistics.
Command Parameters
[-N <ethx,total>] [<count>]
Where:
ethx a physical Ethernet interface on the server that runs the dstat command (i.e., the
management server). For example: eth0, eth1, or eth2.
total the accumulated traffic on all Ethernet interfaces on the server. count the number of updates to display before exiting. If omitted, the output will
continue to display until stopped with <CTRL-C>.
Sample Use
Display the accumulated traffic on all Ethernet interfaces on the server.

console> dstat -N total ----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system-usr sys idl wai hiq siq| read writ| recv send| in out | int csw 10 3 86 1 0 1|5431B 253k| 0 0 | 15B 27B|1917 3308
38
0 0 99 0 0 100 2 0 97 0 0 99 0 0 100 5 4 90 0 0 100 0 0 99 0 0 99 5 2 92 69 15 13 50 14 5 30 9 38 0 0 99 1 1 96 3 0 97 1 0 97 0 0 99 2 0 98 7 1 91 console>
1 0 1 0 0 1 0 1 0 0 2 30 22 0 2 0 1 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0| 0 95k| 22k 0| 0 6827B| 20k 0| 0 20k| 22k 0| 0 17k| 20k 0| 0 0 | 21k 0| 0 44k| 20k 0| 0 0 | 20k 0| 0 61k| 21k 0| 0 56k| 22k 1| 0 0 | 182k 1| 249k 231k| 28k 0|2769k 855k| 27k 0|7723k 568k| 28k 0| 0 43k| 26k 0|2731B 1392k| 25k 0| 0 0 | 27k 0| 0 176k| 25k 0| 0 0 | 24k 0| 0 99k| 25k 1| 0 0 | 185k
11k| 9447B| 10k| 9526B| 10k| 9435B| 9703B| 9853B| 10k| 182k| 16k| 17k| 16k| 14k| 13k| 15k| 14k| 14k| 14k| 185k|
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
| 430 | 400 | 418 | 402 | 418 | 422 | 403 | 416 | 428 |2254 | 534 |1197 | 756 | 446 | 457 | 450 | 449 | 428 | 453 |2251
1034 1155 1210 1231 1246 1438 1096 1065 1071 4811 1762 2785 3762 1302 1240 1158 1087 1156 1315 4863
enable
The Enable command enables you to switch to Enable mode. Enable mode provides access to CLI commands which enables you to make configuration changes. These configuration changes include cache content manipulation, networking behavior, licensing, and managing the software version the system runs.
Command Parameters
None. The user is prompted for a password. The default password for the enable command is configured when the system is installed and defaults to the system-id. You can view the system-id by using the show systemid command. It is strongly recommended to change the default enable command password immediately after the initial installation.
Sample Use
Switch to Enable mode.

console> enable Password: console#
39
eventlog
The eventlog command enables the user to view or export the content of the event log. The event log lists all log messages sent to the system log by all the UltraBand service components (applications, CLI and SNMP).
Command Parameters
export exports event log content to a TFTP server, where the server name and file
location are specified as: <tftp server address> <filename>.
The file to which the content is exported must exist, and must have write access to all.
show displays the event log entries.

Additional parameters for this command are available in Enable mode. Refer to eventlog on page 63 for a description of the Enable mode parameters.
tail displays the online event log entries.

Sample Use
Export event log content to a file on a TFTP server.

console> eventlog export 192.168.77.14 eventlog-exported console>
Display event log content.

console> eventlog show May 21 10:22:21 ce-1 pang[1787]: stored byte count 16214342008, found byte count 16214342008 May 21 10:22:21 ce-1 pang[1787]: CMDB verified May 21 10:22:22 ce-1 pang[1787]: Operational state has been set to enabled May 21 10:22:22 ce-1 pang[1787]: Device state has been set to started May 21 10:22:22 ce-1 pang[1787]: PANG started May 21 10:22:25 ce-1 pang[1787]: all interfaces (1) are down , will go to disable mode May 21 10:22:25 ce-1 pang[1787]: Operational state has been set to disabled May 21 10:22:25 ce-1 pang[1787]: detected major: operational mode has been changed May 21 10:23:41 ce-1 pang_cli[3341]: Enter enable mode . . . /var/log/peerapp/peerapp_system2008.05.21.log (END)
Display event log online entries.

console> eventlog tail Sep 22 13:19:34 ce-9 logger: snmpd Cache synchronization The list of orphaned fs files is in fs_diff.4353
40
Sep 22 13:19:52 ce-9 logger: snmpd Cache synchronization finished . Sep 22 13:21:17 ce-4 pang[27529]: volume stat availability owner total free used usage Sep 22 13:21:17 ce-4 pang[27529]: /mnt/vol7 mounted active ce-4 364 28 336 92.30 Sep 22 13:21:17 ce-4 pang[27529]: /mnt/vol17 mounted_cmdb active ce-4 271 22 249 91.75 Sep 22 13:21:17 ce-4 pang[27529]: /mnt/vol20 mounted active ce-4 364 31 333 91.47 Sep 22 13:25:10 ce-1 pang[5949]: volume state availability owner total free used usage Sep 22 13:25:10 ce-1 pang[5949]: /mnt/vol25 mounted_cmdb active ce-1 271 29 242 89.28 Sep 22 13:25:10 ce-1 pang[5949]: /mnt/vol26 mounted active ce-1 271 23 248 91.49 Sep 22 13:25:10 ce-1 pang[5949]: /mnt/vol30 mounted active ce-1 364 31 333 91.43
exit
The exit command exits the current CLI session and mode. If in Enable mode, the exit command returns the session to Regular mode. If already in Regular mode, the session terminates and the user is logged out of the current session.
Command Parameters
None.
Sample Use
Exit the current CLI session.

console> exit >
help
The help command displays the CLI commands with a short description for the current mode. In other words, if the user is in Regular mode, then the help command displays the Regular mode commands with a short description of each command. The help command can also be accessed by typing <space> + ?. The ? is not echoed on the screen.
Command Parameters
None.
41
Sample Use
Display the list of CLI commands that are available in Regular mode.
console> help apache_restart arp cache direction dmesg dstat enable eventlog exit help ifconfig iostat jumbo ping show tcpdump traceroute who Restart apapche Show arp table Cache operations Calculate seen subnets on interface Display dmesg Display a report of the Central Processing Unit (CPU), physical disks, network paging and operating system statistics and I/O statistics Enter privileged mode Event log commands Exit current mode Commands description Display interface(s) Display IO statistics Send jumbo echo messages Send echo messages Show run-time information Dump traffic on appropriate network interface Discover the route to destination Show currently logged users
ifconfig
The ifconfig command displays details of the interface(s).
Command Parameters
None.
Sample Use
Display the interface details.

console> ifconfig eth0 Link encap:Ethernet HWaddr 00:14:22:B1:A0:B4 inet6 addr: fe80::214:22ff:feb1:a0b4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1463990287 errors:3758 dropped:0 overruns:0 frame:3758 TX packets:675895448 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:4000 RX bytes:302621863774 (288602.6 Mb) TX bytes:58113731670 (55421.5 Mb) eth0.50 Link encap:Ethernet HWaddr 00:14:22:B1:A0:B4 inet addr:10.11.12.1 Bcast:10.11.12.255 Mask:255.255.255.0 inet6 addr: fe80::214:22ff:feb1:a0b4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1447835692 errors:0 dropped:0 overruns:0 frame:0 TX packets:659332108 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:275154029204 (262407.3 Mb) TX bytes:54568703151 (52040.7 Mb) eth0.60 Link encap:Ethernet HWaddr 00:14:22:B1:A0:B4
42
inet addr:10.11.18.1 Bcast:10.11.18.255 Mask:255.255.255.0 inet6 addr: fe80::214:22ff:feb1:a0b4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10524402 errors:0 dropped:0 overruns:0 frame:0 TX packets:10319345 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5678122056 (5415.0 Mb) TX bytes:771163658 (735.4 Mb) eth0:1 Link encap:Ethernet HWaddr 00:14:22:B1:A0:B4 inet addr:192.168.3.170 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Link encap:Ethernet HWaddr 00:14:22:B1:A0:B5 inet6 addr: fe80::214:22ff:feb1:a0b5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:38002 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:4000 RX bytes:2280120 (2.1 Mb) TX bytes:468 (468.0 b) Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:652978316 errors:0 dropped:0 overruns:0 frame:0 TX packets:652978316 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:68844152406 (65654.8 Mb) TX bytes:68844152406 (65654.8 Mb)
eth1
lo
iostat
The iostat command reports Central Processing units (CPU) statistics and input/output statistics for devices and partitions.
Command Parameters
[-t <interval> [-k <count>]]
Where:
interval the amount of time in seconds between each report. The default is 5. count used in conjunction with the interval parameter. If the count parameter is
specified, the count determines the number of reports generated at the specified interval. If the interval parameter is specified without the count parameter, the iostat command generates reports continuously.
Sample Use
Display the I/O statistics.

console> iostat -t 2 -k 4 Linux 2.6.21-affined-8-default (mg-1) 09/24/2008
43
Time: 05:32:36 PM avg-cpu: %user %nice %system %iowait 9.89 0.00 3.48 0.70 Device: sda sdb tps 4.77 0.00 kB_read/s 5.43 0.00
%steal 0.00 kB_wrtn/s 256.50 0.00 %steal 0.00 kB_wrtn/s 0.00 0.00 %steal 0.00 kB_wrtn/s 24.24 0.00 %steal 0.00 kB_wrtn/s 12.00 0.00
%idle 85.93 kB_read 7072540 531 %idle 99.25 kB_read 16 0 %idle 94.68 kB_read 0 0 %idle 96.01 kB_read 0 0 kB_wrtn 24 0 kB_wrtn 48 0 kB_wrtn 0 0 kB_wrtn 334162881 0
jumbo
The jumbo command sends jumbo echo messages.
Command Parameters
[-c <counter>] [-I <ip|interface>] dest
Where
counter the number of times the request is generated. interface interface ip or name from which to send an echo request to a destination.
Sample Use
Send jumbo echo messages.

console> jumbo -I eth0 192.168.3.170 PING 192.168.3.170 (192.168.3.170) from 192.168.3.170 eth0: 8972(9000) bytes of data. 8980 bytes from 192.168.3.170: icmp_seq=1 ttl=64 time=0.094 ms 8980 bytes from 192.168.3.170: icmp_seq=2 ttl=64 time=0.120 ms
44
8980 bytes from 192.168.3.170: icmp_seq=3 ttl=64 time=0.091 ms 8980 bytes from 192.168.3.170: icmp_seq=4 ttl=64 time=0.133 ms 8980 bytes from 192.168.3.170: icmp_seq=5 ttl=64 time=0.094 ms --- 192.168.3.170 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.091/0.106/0.133/0.019 ms console>
Send two jumbo echo messages.

console> jumbo -c 2 -I eth0 192.168.3.170 PING 192.168.3.170 (192.168.3.170) from 192.168.3.170 eth0: 8972(9000) bytes of data. 8980 bytes from 192.168.3.170: icmp_seq=1 ttl=64 time=0.091 ms 8980 bytes from 192.168.3.170: icmp_seq=2 ttl=64 time=0.053 ms --- 192.168.3.170 ping statistics --2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.053/0.072/0.091/0.019 ms console>
ping
The ping command uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway, and displays the round-trip time for the echo response to arrive back to the server the command was issues on.
To abort the ping command, press <Ctrl-C>.
Command Parameters
[-c count] [-I interface or address] destination
Where:
count represents the number of icmp echo requests to be sent to the destination server. interface or address sets source address to specified interface address. Argument may
be numeric IP address or name of device.
Sample Use
Ping a remote server.

console> ping -I eth0 192.168.0.97 PING 192.168.0.97 (192.168.0.97) from 192.168.0.97 eth0: 64 bytes from 192.168.0.97: icmp_seq=1 ttl=64 time=0.065 64 bytes from 192.168.0.97: icmp_seq=2 ttl=64 time=0.046 64 bytes from 192.168.0.97: icmp_seq=3 ttl=64 time=0.047 64 bytes from 192.168.0.97: icmp_seq=4 ttl=64 time=0.046 64 bytes from 192.168.0.97: icmp_seq=5 ttl=64 time=0.047 56(84) bytes of data. ms ms ms ms ms
45
64 64 64 64
bytes bytes bytes bytes
from from from from
192.168.0.97: 192.168.0.97: 192.168.0.97: 192.168.0.97:
icmp_seq=6 icmp_seq=7 icmp_seq=8 icmp_seq=9
ttl=64 ttl=64 ttl=64 ttl=64
time=0.047 time=0.047 time=0.049 time=0.016
ms ms ms ms
show
The show command displays run-time information related to the operational environment of the UltraBand software.
Command Parameters
Depending upon the parameters, the show command displays the following information:
eventlog displays the platform event log (same result as the eventlog show command). leader displays the hostname of the current cluster leader. The cluster leader manages
resources used by the UltraBand platform.
mount displays the currently mounted file-system volumes on the server on which the
command is run.
process displays the status of the UltraBand components (pang, spread, apache, and ntp)
as they run on the platform. The output of this command is relevant for maintenance engineers. An equivalent Server mode command is available for each of the servers that are part of the UltraBand cluster: process_server.
status displays the cluster administrative and application status. systemid displays the system serial number. time displays the system date and time. uptime displays the cluster uptime. version displays the software version. volumes displays the mounted volumes.
Additional parameters for this command are available in Enable mode. Refer to the show command in Enable mode for a description of these parameters.
Sample Use
Show displays the platform event log.

console> show eventlog May 21 10:22:21 ce-1 pang[1787]: count 16214342008 May 21 10:22:21 ce-1 pang[1787]: May 21 10:22:22 ce-1 pang[1787]: May 21 10:22:22 ce-1 pang[1787]: May 21 10:22:22 ce-1 pang[1787]: stored byte count 16214342008, found byte CMDB verified Operational state has been set to enabled Device state has been set to started PANG started
46
May 21 10:22:25 ce-1 pang[1787]: all interfaces (1) are down , will go to disable mode May 21 10:22:25 ce-1 pang[1787]: Operational state has been set to disabled May 21 10:22:25 ce-1 pang[1787]: detected major: operational mode has been changed May 21 10:23:41 ce-1 pang_cli[3341]: Enter enable mode . . . /var/log/peerapp/peerapp_system2008.05.21.log (END)
Display the current cluster leader.

console> show leader ce-2
Display the currently mounted file-system volumes.

console> show mount rootfs / rootfs rw 0 0 udev /dev tmpfs rw 0 0 /dev/sda4 / ext3 rw,data=ordered 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 debugfs /sys/kernel/debug debugfs rw 0 0 devpts /dev/pts devpts rw 0 0 /dev/sda2 /opt ext3 rw,data=ordered 0 0 /dev/sda3 /var ext3 rw,data=ordered 0 0 /dev/sda2 /srv/ftp/cdrs ext3 rw,data=ordered 0 0 nfsd /proc/fs/nfsd nfsd rw 0 0
Display the status of the UltraBand components.

console> show process root 894 1 0 Sep18 ? 00:02:40 /opt/pang/mgmt/bin/monitor ntp 3762 1 0 Sep09 ? 00:00:00 /usr/sbin/ntpd -p /var/lib/ntp/var/run/ntp/ntpd.pid -u ntp -i /var/lib/ntp root 3882 1 0 Sep09 ? 00:00:03 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf spread 3911 1 2 Sep09 ? 06:36:39 /usr/bin/spread -n mg-1 -c /etc/spread.conf admin 4416 4414 0 14:01 pts/2 00:00:00 /bin/grep -E (pang)|(spread)|(apache)|(ntp) wwwrun 14348 3882 0 12:34 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 14349 3882 0 12:34 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 14350 3882 0 12:34 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 14351 3882 0 12:34 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 14352 3882 0 12:34 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 15134 3882 0 12:36 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf admin 15253 15252 0 Sep09 tty1 00:00:00 pang_cli root 15949 1 0 Sep18 ? 00:04:51 /sbin/syslog-ng -f /etc/syslogng/syslog-ng.conf -a /var/lib/ntp/dev/log root 15950 15949 0 Sep18 ? 00:00:00 /bin/bash /opt/pang/mgmt/bin/mailer.sh
47
root 16142 1 0 Sep18 ? 00:15:31 /opt/pang/mgmt/avalon/sbin/snmpd -f -A -LF e /opt/pang/mgmt/avalon/var/log/snmpd.log -LS c u 192.168.3.170 root 16144 1 0 Sep18 ? 00:00:00 /opt/pang/mgmt/avalon/sbin/snmptrapd -f -Osq -Ls user -c /opt/pang/mgmt/avalon/sbin/snmptrapd.conf 10.11.12.1 admin 21048 21047 0 11:03 pts/2 00:00:00 -pang_cli admin 22269 22268 0 12:47 pts/1 00:00:00 pang_cli wwwrun 27926 3882 0 12:56 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf admin 28134 27740 0 12:05 pts/3 00:00:00 -pang_cli console>
Display the cluster administrative and application status.

Console> show status Cluster state: degraded Blade Slot ce-1 ce-2 ce-3 Status Operational state powered on enabled powered on enabled powered on enabled Device state started started started Administrative state unlocked unlocked unlocked
Display the system serial number.

console> show systemid *591KQ2J 36V3K3J J5V3K3J 26V3K3J
Display the system date and time.

console> show time Wed May 21 2008 19:18:37 GMT+0300
Display the cluster uptime.

console> show uptime 0h:14m:19s.91th
Display the software version.

console> show version management PeerApp management cli version 2.3.124 management PeerApp management node software version 2.3.124 ce-1 2.3.124 ce-2 2.3.124 ce-3 2.3.124
Display the mounted volumes.

console> show volumes Volume name State /mnt/vol1 mounted Owner ce-2
48
/mnt/vol2 /mnt/vol3 /mnt/vol4 /mnt/vol5 /mnt/vol6 /mnt/vol7 /mnt/vol8 /mnt/vol9 /mnt/vol10 /mnt/vol11 /mnt/vol12 /mnt/vol13 /mnt/vol14 /mnt/vol15
mounted mounted mounted mounted mounted mounted mounted mounted mounted mounted mounted mounted mounted not mounted
ce-1 ce-1 ce-2 ce-1 ce-2 ce-1 ce-2 ce-1 ce-2 ce-3 ce-3 ce-3 ce-3
tcpdump
The tcpdump command dumps traffic on the appropriate network interface.
Command Parameters
-i <interface> -c <count>
Where
Interface the network interface for which to display the traffic. count the number of reports to generate.
Sample Use
Display two reports for the traffic on eth0.

console> tcpdump -i eth0 -c 2 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 2 packets captured 6 packets received by filter 0 packets dropped by kernel 12:19:50.181810 IP 192.168.3.170.22 > 10.1.1.41.1171: P 3891459921:3891460037(116) ack 225654864 win 23584 12:19:50.181826 IP 10.1.1.41.1171 > 192.168.3.170.22: . ack 0 win 65535 (END)
traceroute
The traceroute command tracks a packets route across a TCP/IP network on its way to a given host. It utilizes the IP protocol's time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host/destination.
49
Command Parameters
[-n] destination
Where:
-n forces the traceroute command not to try to map IP addresses to host names when
displaying them.
destination the name or IP address of the destination.

Sample Use
Traceroute to a remote destination/host.

console> traceroute 213.25.17.65 traceroute to 213.25.17.65 (213.25.17.65), 30 hops max, 40 byte packets 1 192.168.0.2 (192.168.0.2) 1.360 ms 1.926 ms 1.299 ms 2 10.1.2.253 (10.1.2.253) 0.557 ms 0.441 ms 0.395 ms 3 212.150.66.65 (212.150.66.65) 1.090 ms 0.897 ms 1.136 ms 4 212.150.6.137 (212.150.6.137) 9.859 ms 9.436 ms 9.438 ms 5 62-90-55-197.barak.net.il (62.90.55.197) 21.453 ms * * 6 gi1-8.bk1-gw.013bk.net (62.90.133.137) 9.848 ms 12.874 ms 11.586 ms 7 gi2-0.bk1-bb.013bk.net (212.150.234.158) 13.430 ms 16.581 ms 12.850 ms 8 gi3-0.uk-bb.013bk.net (212.150.232.237) 94.375 ms 114.168 ms 110.637 ms 9 ge-3-0-6.lon22.ip.tiscali.net (213.200.77.149) 90.559 ms 89.937 ms 89.681 ms 10 so-0-0-0.lon12.ip.tiscali.net (213.200.80.29) 101.786 ms 98.773 ms 95.281 ms 11 so7-3-0.LONCR1.London.opentransit.net (213.200.77.54) 91.326 ms 89.115 ms 93.057 ms 12 so-1-2-0-0.loncr4.London.opentransit.net (193.251.128.206) 166.790 ms 162.805 ms 158.806 ms 13 so-0-0-0-0.fftcr4.Frankfurt.opentransit.net (193.251.241.121) 109.288 ms 111.773 ms 109.527 ms 14 * * * 15 do.wro-ar3.z.wro-r1.tpnet.pl (213.25.5.154) 143.494 ms 142.249 ms 144.516 ms 16 z-easy-com.wro-ar1.tpnet.pl (80.50.233.62) 142.494 ms 139.748 ms 139.493 ms 17 z-easy-com.wro-ar1.tpnet.pl (80.50.233.62) 168.769 ms 168.723 ms 168.067 ms console> traceroute -n 213.25.17.65 traceroute to 213.25.17.65 (213.25.17.65), 30 hops max, 40 byte packets 1 192.168.0.2 (192.168.0.2) 1.316 ms 2.179 ms 2.845 ms 2 10.1.2.253 (10.1.2.253) 0.564 ms 0.561 ms 0.526 ms 3 212.150.66.65 (212.150.66.65) 1.185 ms 1.137 ms 1.175 ms 4 212.150.6.137 (212.150.6.137) 9.142 ms 9.418 ms 9.602 ms 5 * * * 6 * 62.90.133.137 (62.90.133.137) 13.838 ms 10.103 ms 7 212.150.234.158 (212.150.234.158) 14.370 ms 10.374 ms 10.444 ms 8 212.150.232.237 (212.150.232.237) 100.887 ms * * 9 213.200.77.149 (213.200.77.149) 89.909 ms 89.526 ms 98.041 ms 10 213.200.80.29 (213.200.80.29) 106.035 ms 102.044 ms 98.045 ms 11 213.200.77.54 (213.200.77.54) 103.021 ms 102.749 ms 98.828 ms 12 193.251.128.206 (193.251.128.206) 161.806 ms 157.823 ms 155.783 ms 13 193.251.241.121 (193.251.241.121) 109.553 ms 110.799 ms 110.223 ms 14 * * * 15 213.25.5.154 (213.25.5.154) 159.014 ms 155.024 ms 151.030 ms
50
16 80.50.233.62 (80.50.233.62) 17 80.50.233.62 (80.50.233.62) console>
160.515 ms 150.818 ms
169.750 ms 152.432 ms
165.760 ms 152.434 ms
who
The who command displays the users who are currently logged in.
Command Parameters
None.
Sample Use
Display a list of users who are currently logged into the system.
console> who admin pts/0 console> May 21 17:16 (10.1.1.78)
Enable Mode Commands

The following commands are accessible in Enable mode. Regular mode commands are also available in Enable mode. Refer to Regular Mode Commands on page 33 for a list and description of Regular mode commands. You must have a username and password to access Enable mode commands. Refer to enable on page 39 for more information.
Table 5: Enable Mode Commands
Command access apache_restart cache config eventlog help license oper reset rollback
Description Enables users to manage system access parameters. Restarts apache. Enables users to manage additional cache operations. Enters Configuration mode. Provides access to eventlog Enable mode commands. Displays commands available in Enable mode. Enables users to manage the system license. Provides access to system management operations. Resets management services. Rollback to the last good software version of UltraBand.
51
show upgrade
Provides access to additional show Enable mode commands. Downloads and installs software image file.
access
The access command enables the user to manage system access parameters, such as:
enable-password sets the Enable mode password.

The default password for the enable command is set when the system is installed and defaults to the system-id. The system-id is viewable using the show systemid command. It is strongly recommended to change the default enable command password immediately after the initial installation.
idle-session-timeout sets the timeout after which the telnet session is terminated (both
for the Enable mode and the Regular mode commands). The default timeout value is NO timeout i.e., the sessions are always available and will never be terminated.
user-password sets the Regular mode command user password.

Command Parameters
enable-password when used, the CLI prompts the user for a new password, and then
requests the user to re-enter the new password to ensure there are no mistyped characters. If both passwords match, the enable-password is modified to the new password. The new password should be at least four characters long.
idle-session-timeout sets the idle-session timeout value. This command requires the
following parameter: <timeout value (secs)> the value, in seconds, for the new idle-timeout value. The default value is zero seconds which disables the timeout.
user-password when used, the CLI prompts the user for the new password, and then
requests the user to re-enter the new password to ensure there are no mistyped characters. If both passwords match, the user-password is modified to the new password. The new password should be at least four characters long, and is then verified against a set of rules which forces a complex password standard.
Sample Use
Change the Enable mode password.

console# access enable-password New password: Re-enter new password:
52
console#
Change the idle session timeout.

console# access idle-session-timeout 32768 console#
Change the user password.

console# access user-password Changing password for admin. Old Password: New Password: Bad password: too simple New Password: Reenter New Password: Password changed. console#
apache_restart
The apache_restart command restarts the apache server.
Command Parameters
None.
Sample Use
Restart the apache server.

Console# restart_apache Restarting httpd2 (SIGHUP) Console# done
cache
The cache command allows the user to manage cache parameters, such as:
black_list manages the cache black list. hash displays the files metadata using a hash ID. list displays and exports the list of cache content. This command is also available in
Regular mode.
remove removes a file from the cache using hash ID. summary displays CMDB statistics summary. sync verifies and synchronizes the cache metadata.
53
volume manages cache volumes.

Command Parameters
For the cache parameters available in Regular mode, refer to cache on page 34. The following are the parameters available in Enable mode:
black_list this parameter is followed by one of the following parameters:

add adds a file to the black list using hash ID and protocol. This parameter should be followed by the hash ID associated with the file to be added to the black list, and the protocol this entry applies to. The following is the syntax for the hash-ID and protocol:
<hash id EDK|BT|KAZ|GNUTL|ARES|HTTP|PANDO>
dump displays (dumps) the entire black list. export exports the black list to a TFTP server, where the server name and file location are specified as: <tftp server address> <filename>. The file to which the content is exported must already exist, and must have write access to all. remove removes a file from the black list using a hash ID and protocol. This parameter should be followed by the hash ID associated with the file to be added to the black list, and the protocol this entry applies to. The following is the syntax for the hash-ID and protocol:
<hash id EDK|BT|KAZ|GNUTL|ARES|HTTP|PANDO>
remove removes a file from cache using a hash ID. Add the hash ID to this parameter
using the following syntax: hash <hash_id> where the hash ID should match a hash ID that exists in the system cache. For a list of hash IDs stored in the system, use the cache list command.
sync verifies and synchronizes the cache metadata. The platform is fully accessible during
this process. Note that synching the cache can take a few hours.
volume manipulates the cache file system volumes. Using this command you can
activate, deactivate, and remove file system volumes. These sets of commands are mainly used for maintenance purposes usually for hard drive maintenance. You can use the show volume command for a list of currently used volumes. The volumes that can be used for these commands can be viewed using the show volume command. When the volume command is used, it should be followed by one of the following parameters: activate request the system to activate a cache volume. deactivate request the platform to stop using a specific volume for caching.
54
remove remove all hash IDs associated with the specific volume from within the configuration management database (CMDB), so that the system will not cache these hash IDs anymore. This command removes ALL information cached on this volume from the CMDB, which is a non-reversible process. Following these parameters, a volume number should be added, which has the following syntax: <1-15> represents the volume number to be used for this command.
Sample Use
Black List Manipulation:

Add a file (hash ID) to the black list.
console# cache black_list add AE7E21FB0CA2DD7464A562E74064248E9B790057 HTTP The specified hash was inserted in a black list primary counter is 26098 Version Verify success Cmdb backup success : files saved to /tmp/080525103945 console# console# cache black_list add 6827AC55B43B1B0BAB58FC9F9E7D6B05EF71FDCD BT The specified hash was inserted in a black list primary counter is 26099 Version Verify success Cmdb backup success : files saved to /tmp/080525104512 console#
Dump (display) the contents of the black list.

console# cache black_list dump HASH PROTOCOL 6827AC55B43B1B0BAB58FC9F9E7D6B05EF71FDCD P2P_SIGNATURE_NA AE7E21FB0CA2DD7464A562E74064248E9B790057 P2P_SIGNATURE_NA SIZE 0 0 AGE 0 0
Export the black list to a TFTP server.

console# cache black_list export 192.168.14.26 black-list console#
Remove a file (Hash ID) from the black list.

console# cache black_list remove AE7E21FB0CA2DD7464A562E74064248E9B790057 BT The specified hash was deleted from a black list primary counter is 26100 Version Verify success Cmdb backup success : files saved to /tmp/080525111556 console# console# cache black_list remove 6827AC55B43B1B0BAB58FC9F9E7D6B05EF71FDCD HTTP The specified hash was deleted from a black list primary counter is 26099 Version Verify success Cmdb backup success : files saved to /tmp/080525112143 console#
Removal of Hash ID Stored in the Cache:
55
Remove a Hash ID from the cache.

console# cache remove hash F753B1C31107981BC86D87CF5F7B9EEFD5F5A28B The specified hash will be deleted in a few minutes console#
Cache Synchronization and Verification:
This process may take several hours. Start a cache verification and synchronization process.
console# cache sync Proceeding cache to metadata sync. Some data in the cache might be lost. Are you sure (y/n)? y Starting cache synchronization...
Volume Manipulation Commands:

Activate a specific volume.
console# cache volume activate 4 activating volume 4 console#
Deactivate a specific volume.

console# cache volume deactivate 4 deactivating volume 4 console#
Remove a specific volume content from the CMDB.

console# cache volume remove 4 Are you sure? This will remove all hashes from volume 4. [yes|no] no Removing volume 4 has been cancelled console#
config
The config command enters Configuration mode, which enables you to platform configuration changes. The user prompt changes to configuration# while in Configuration mode. Use the exit command to leave Configuration mode. These configuration changes include:
Cluster configuration. Management network interface. Management NTP configuration.
56
When you enter Configuration mode, all configuration change requests are accumulated and are NOT implemented until you use the apply command to request the platform to commit (execute) the changes. You can request configuration changes using the following set of commands while in Configuration mode:
apply applies the configuration changes requested until now. diff shows the pending configuration changes. discard discards the pending changes. display displays the current configuration. exit exits Configuration mode. export exports the cluster configuration to the TFTP server. help displays the command syntax for each configuration command. import imports the cluster configuration from the TFTP server. network configures the management network interface. ntp configures the management NTP parameters. restore restores the last good configuration. time sets the system date and time.
Configuration Commands and Parameters
apply this command has no parameters. It immediately applies the configuration

changes to the live platform.
diff this command does not have parameters. It displays the proposed configuration
changes. The new configuration parameters are marked with a + sign as the first character on the line, and the current configuration parameters are marked with a - sign as the first character on the line. See the sample below.
discard this command has no parameters. It immediately discards all configuration

changes requested since the beginning of the Configuration mode.
display this command has no parameters. It immediately displays the current

configuration.
exit this command has no parameters. It immediately exits Configuration mode and
returns to Enable mode. If you created some configuration changes but did not use the apply command to apply the changes to the system, a warning message appears as follows:
Exiting configuration mode without apply, will discard changes. Are you sure? [N/y] n
57
export exports the current configuration to a TFTP server, where the server name and
file location are specified as: <tftp server address> <filename>. The file to which the configuration is exported must already exist, and must have write access to all. If localhost is used as the <tftp server address> parameter, then the file is located under the /tftpboot/ folder.
help this command has no parameters. It displays help for all the CLI Configuration mode
commands.
import import the configuration from a TFTP server, where the server name and file
location are specified as: <tftp server address> <filename>. The file to which the configuration is imported must already exist, and must have write access to all. If localhost is used as the <tftp server address> parameter, then the file must be located under the /tftpboot/ folder.
network change the configuration default gateway or the configuration management

network IP address. The command has the following parameters: default_gw configures the default gateway. The IP address of the default gateway should follow. Please note that changing the default gateway could be dangerous, since if done from a telnet session to a remote UltraBand server, it might destroy the connection with which you are currently working. ip changes the management network interface. Specify the IP address using the following syntax:
<ip address> <netmask>
ntp modifies the IP address associated with the NTP server or the time zone where the
UltraBand server is located. The additional parameters for this command are one of the following: server the IP address where an NTP server is running or a specific address for using the localhost as the NTP server. The following syntax applies:
<ip address or 127.127.1.0 for local>
timezone followed by the time zone name. One should look under the /usr/share/zoneinfo folder and select the correct time zone name that fits the time zone where the system is located. For example:
New Zealand Pacific/Auckland. Chicago America/Chicago.
58
An up-to-date timezone table can easily be found on the Internet, by searching for list of zoneinfo timezones and using the value displayed in the TZ environment variable that matches your timezone.
restore restores the latest configuration before the last changes were applied. You must
still use the apply command to apply the restored configuration to the system. You can also use the discard command to discard the restored configuration.
time enables you to modify the system time. The command should be followed by the
current time, using the <MMDDYYhhmm> format.
Sample Use
Apply configuration changes.

configuration# apply Configurations are identical configuration# . . . perform some configuration changes . . configuration# apply applying configuration... Configuration applied configuration# configuration# export 192.168.0.97 current-config configuration#
Display the new configuration.

configuration# diff <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.97</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K office - promisc </site_name> </mgmt-config> <web-config></web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>America/Chicago</timezone> + <timezone>Pacific/Auckland</timezone> </ntp> <snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community>
59
<snmp-trap-community>nkppui</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> <enable-pando>1</enable-pando> </protocols> <net> <fwd-mode>PROMISC</fwd-mode> <bridge id='0'> <interface-world>iff2</interface-world> <interface-isp>iff1</interface-isp> </bridge> </net> <policy> <selective_cache_in_threshhold>3</selective_cache_in_threshhold> </policy> </service> </common> <servers>1</servers> <server id='1'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </server> </cluster>
Discard a set of configuration changes.

configuration# discard configuration#
Display the current configuration.

configuration# display <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.97</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K office - promisc </site_name> </mgmt-config> <web-config></web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>America/Chicago</timezone> </ntp> <snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community>
60
<snmp-trap-community>nkppui</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> <enable-pando>1</enable-pando> </protocols> <net> <fwd-mode>PROMISC</fwd-mode> <bridge id='0'> <interface-world>iff2</interface-world> <interface-isp>iff1</interface-isp> </bridge> </net> <policy> <selective_cache_in_threshhold>3</selective_cache_in_threshhold> </policy> </service> </common> <servers>1</servers> <server id='1'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </server> </cluster> configuration#
Exit the configuration session.

configuration# exit console#
Export the current configuration onto a TFTP server.

configuration# export 192.168.0.97 current-config configuration#
Display the list of all Configuration mode commands.

configuration# help apply diff discard display exit export help import network ntp restore time configuration# Apply config changes Show pending changes Discard pending changes Display pending configuration Exit current mode Export cluster configuration to TFTP server Commands description Import cluster configuration from TFTP server Configure management network interface Configure management NTP parameters Restore last good configuration Set system date and time
Import a configuration file and place it as a new configuration ready to be applied.

UltraBand 1000 Administration Guide - Grid Configuration 61
configuration# import 192.168.0.97 current-config configuration# diff <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.97</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.1</default-gw> + <default-gw>192.168.0.2</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K office - promisc </site_name> </mgmt-config> <web-config></web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> + <server-ip>192.43.244.18</server-ip> <timezone>America/Chicago</timezone> </ntp> ..
Modify the default GW for this server. In addition, modify the configure management
network interface address.
configuration# network default_gw 192.168.0.2 configuration# configuration# network ip 192.168.0.97 255.255.255.0 configuration#
Change the current time server used by the platform as the source for its time
synchronization. In addition, modify the time zone where the platform is located.
configuration# ntp server <ip address or 127.127.1.0 for local> configuration# ntp server 192.43.244.18 configuration# ntp timezone "Pacific/Auckland" configuration# diff <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.97</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K office - promisc </site_name> </mgmt-config> <web-config></web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>America/Chicago</timezone> + <server-ip>192.43.244.18</server-ip> + <timezone>Pacific/Auckland</timezone> </ntp> . . configuration# apply
62
applying configuration... Configuration applied configuration#
Restore the previous configuration. Note that restoring the configuration still requires the
use of the apply command to make the previous configuration the active configuration.
configuration# restore configuration# diff <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.97</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K office - promisc </site_name> </mgmt-config> <web-config></web-config> <common> Current configuration <ntp> <server-ip>192.43.244.18</server-ip> <timezone>Pacific/Auckland</timezone> + <server-ip>127.127.1.0</server-ip> + <timezone>America/Chicago</timezone> </ntp> New configuration . . configuration# apply applying configuration... Configuration applied configuration#
Change the current time and date.

configuration# time Please enter date in format: MMDDYYhhmm configuration# time 0526081027 Mon May 26 10:27:00 NZST 2008 configuration#
eventlog
The eventlog command enables you to view or export the content of the event log. The term event log refers to all log messages sent to the system log by all the UltraBand service components (applications, CLI, and SNMP). Enable mode eventlog commands include the additional parameters shown here. These are used specifically when duplicating the event log information to an external SYSLOG server. The syslog server is configured within the system configuration file. Adding an external syslog server to the platform is performed by adding the following statements to the system configuration:
<mgmt-config>
63
<external_syslog_ip>192.168.0.154</external_syslog_ip> </mgmt-config>
The IP address associated with the external syslog server should replace the IP address shown above. To obtain the system configuration:
Export the system configuration to a TFTP server and edit it manually. (Use the
Configuration mode export command.)
Add the above statements with the IP address associated with the syslog server to the
<mgmt-config> section and save the file.
Import the configuration file back to the system. (Use the Configuration mode import
command.)
Apply the new configuration to the system. (Use the Configuration mode apply command.)
Command Parameters
For the parameters available in Regular mode, refer to eventlog on page 40. The following are the parameters available in Enable mode:
forward starts event log forwarding to a previously configured syslog server. stop stops event log forwarding to a previously configured syslog server.
Sample Use
Start forwarding event log messages to the configured syslog server.

console# eventlog forward console#
Stop forwarding event log messages to the configured syslog server.

console# eventlog stop console#
license
The license command enables you to manage the UltraBand platform system license. The UltraBand license controls operational parameters, such as the supported protocols and features and the maximum cache bandwidth.
Command Parameters
The license command must have one of the following parameters associated with it:
64
activate activates the system license. get imports a license from the TFTP server. show displays the currently licensed operational parameters.
Sample Use
Activate the installed license.

console# license activate Number of servers: 5 Chassis serial number: 36V3K3J Chassis serial number: J5V3K3J Chassis serial number: 26V3K3J Chassis serial number: D2DNP3J Chassis serial number: J6L1K3J EDK enabled: 1 Bittorent enabled: 1 Pando enabled: 1 Kazaa enabled: 1 Gnutella enabled: 1 Ares enabled: 1 Http enabled: 1 Max bandwidth: unlimited Are you sure that you want to activate this license ? (y/n)? y Activating license...
Import the license from the TFTP server.

console# license show Number of servers: 5 Chassis serial number: 36V3K3J Chassis serial number: J5V3K3J Chassis serial number: 26V3K3J Chassis serial number: D2DNP3J Chassis serial number: J6L1K3J EDK enabled: 1 Bittorent enabled: 1 Pando enabled: 0 Kazaa enabled: 1 Gnutella enabled: 1 Ares enabled: 0 Http enabled: 1 Max bandwidth: 1000 Mbps console# license get <tftp server> <file> console# license get 192.168.0.97 JWBPCB1-PALicense.xml_20080527_124900.xml Number of servers: 1 Chassis serial number: JWBPCB1 EDK enabled: 1 Bittorent enabled: 1 Pando enabled: 1 Kazaa enabled: 1 Gnutella enabled: 1 Ares enabled: 1 Http enabled: 1 Max bandwidth: unlimited console#
65
Display the installed licensed operational parameters.

console# license show Licensed chassis serial Licensed chassis serial Licensed chassis serial Licensed chassis serial Licensed chassis serial Licensed chassis serial EDK enabled: Bittorent enabled: Kazaa enabled: Gnutella enabled: Ares enabled: Http enabled: Pando enabled: Max bandwidth: console# number: number: number: number: number: number: 36V3K3J J5V3K3J 26V3K3J D2DNP3J J6L1K3J H6L1K3J 1 1 1 1 1 1 1 1000 Mbps
oper
The oper command controls the running state of the platform: such as starting, stopping, or restarting the platform software and all its services. In addition, this command provides server specific operation state changes.
Command Parameters
The following are the oper parameters:
server goes into a server specific command mode, allowing the operations command to
go directly to the specific server. The command uses <server number> as a parameter, and the prompt changes to:
oper server x#
where x stands for the server number.
In UltraBand 2000, the command is oper blade instead of oper server.
Within the oper server mode, the following commands are supported: arp_server show server's arp table. direction_server calculate visible subnets on interface. dmesg_server display dmesg. dstat_server display IO/CPU/Networking statistics. exit exit current mode. fdisk_server display available caching block devices.
help commands description. ifconfig_server display interface(s). iostat_server display I/O statistics. jumbo_server echoing Jumbo packets. lock locks the server in out-of-service mode. The server remains out of service, even when the system is rebooted, until an unlock command is used to bring it back to in-service mode. powercycle gracefully shutdown server. process_server display process status for pang, spread, apache, ntp. restart restarts the server UltraBand application (no reboot is performed). start starts the server UltraBand application (no reboot is performed). stop stops the server UltraBand application (no reboot is performed). systemid_server shows chassis ID. tcpdump_server tcpdump on appropriate server: -i<interface> -c<count> unlock unlocks the server state from out-of-state and returns it to in-service mode.
service followed by one of the following commands allowing:

restart the platform restarts the UltraBand software and all its services. start the platform to start the UltraBand software and services. stop the platform stops the UltraBand software and all its services.
Sample Use
oper server Commands
Calculate the visible subnets on the eth0 interface.

oper server 1# direction_server eth0 2 00:14:22:6e:32:33 400 00:14:22:b1:a0:b4 598 00:15:c5:fd:75:ff oper server 1#
Display IO/CPU/Networking statistics.

oper server 1# dstat_server ----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system-usr sys idl wai hiq siq| read writ| recv send| in out | int csw 1 1 82 9 1 7| 561k 993k| 0 0 | 0 0 | 13k 2105 0 0 92 2 1 6| 0 135k| 74M 74M| 0 0 | 15k 1918 11 0 82 0 1 6| 0 5461B| 47M 47M| 0 0 | 14k 1967 1 0 90 0 1 8| 0 12k| 121M 121M| 0 0 | 15k 2568 0 0 91 0 1 8| 0 4096B| 72M 72M| 0 0 | 16k 1973 0 0 92 0 1 7| 0 13k| 130M 130M| 0 0 | 14k 1882 0 0 90 1 1 8| 0 29k| 67M 67M| 0 0 | 15k 1897 0 0 91 0 1 8| 0 100k| 139M 139M| 0 0 | 14k 1876 0 0 90 0 1 8| 0 13k| 73M 73M| 0 0 | 17k 1914
67
0 0 91 0 0 0 90 0 0 0 90 1 0 0 90 0 0 0 90 1 1 0 90 0 0 0 90 1 0 0 92 0 0 0 91 0 0 0 90 0 0 0 91 0 0 0 91 0 oper server 1#
1 1 1 1 1 1 1 1 1 1 1 1
8| 9| 8| 8| 7| 8| 8| 7| 8| 9| 8| 8|
0 0 0 0 0 0 0 0 0 0 0 0
13k| 12k| 25k| 9557B| 31k| 5461B| 93k| 13k| 16k| 13k| 8192B| 13k|
137M 73M 139M 71M 125M 72M 140M 64M 134M 74M 131M 64M
138M| 73M| 139M| 71M| 125M| 72M| 140M| 64M| 134M| 74M| 131M| 64M|
0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0
| | | | | | | | | | | |
16k 16k 16k 16k 15k 16k 15k 14k 15k 16k 15k 15k
1897 1905 1926 1908 2373 2293 1893 1891 1896 1886 1901 1886
Exit the Server mode.

console# oper server <server number> console# oper server 2 oper server 2# exit console#
Display list of supported commands.

oper server 2# help arp_server direction_server dmesg_server dstat_server exit fdisk_server help ifconfig_server iostat_server jumbo_server lock powercycle process_server restart start stop systemid_server tcpdump_server unlock oper server 2# Show server's arp table Calculate seen subnets on interface Display dmesg Display IO/CPU/Networking statistics Exit current mode Display available for caching block devices Commands description Display interface(s) Display IO statistics Echoing Jumbo packets Lock service on server Gracefully shutdown server Display porcess status for pang,spread,apache,ntp Server restart Server start Server stop Show chassis id tcpdump on appropriate server Unlock service on server
Display interfaces.
oper server 1# ifconfig_server eth0 Link encap:Ethernet HWaddr 00:15:C5:FD:75:FF inet addr:10.11.12.2 Bcast:10.11.12.255 Mask:255.255.255.0 inet6 addr: fe80::215:c5ff:fefd:75ff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1036442 errors:0 dropped:0 overruns:0 frame:0 TX packets:814534 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:892179796 (850.8 Mb) TX bytes:98705052 (94.1 Mb) Interrupt:16 Memory:f8000000-f8012100 eth1 Link encap:Ethernet HWaddr 00:15:C5:FD:76:01 inet addr:10.11.14.1 Bcast:10.11.14.255 Mask:255.255.255.0 inet6 addr: fe80::215:c5ff:fefd:7601/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:1018629 errors:0 dropped:0 overruns:0 frame:0
68
TX packets:980630 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3326668370 (3172.5 Mb) TX bytes:1984275704 (1892.3 Mb) Interrupt:16 Memory:f4000000-f4012100 eth2 Link encap:Ethernet HWaddr 00:15:C5:F8:B8:78 inet6 addr: fe80::215:c5ff:fef8:b878/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1560 Metric:1 RX packets:3932 errors:0 dropped:0 overruns:0 frame:0 TX packets:3357 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:4000 RX bytes:257558 (251.5 Kb) TX bytes:221024 (215.8 Kb) Base address:0xecc0 Memory:f3ee0000-f3f00000 Link encap:Ethernet HWaddr 00:15:C5:F8:B8:79 inet6 addr: fe80::215:c5ff:fef8:b879/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1560 Metric:1 RX packets:590795355 errors:0 dropped:159 overruns:0 frame:0 TX packets:590791778 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:4000 RX bytes:605997482182 (577924.2 Mb) TX bytes:605996527953 (577923.3 Base address:0xec80 Memory:f3ec0000-f3ee0000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:463572 errors:0 dropped:0 overruns:0 frame:0 TX packets:463572 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:42442651 (40.4 Mb) TX bytes:42442651 (40.4 Mb)
eth3
Mb)
oper server 1#
Display I/O statistics.

oper server 1# iostat_server -k 2 Linux 2.6.21-llpf-8-default (ce-1) Time: 02:49:41 PM avg-cpu: %user %nice %system %iowait 1.14 0.01 8.34 7.98 09/22/2008 %steal 0.00 %idle 82.52 rkB/s 46.66 0.47 0.48 29.99 0.48 0.45 59.50 0.45 0.45 wkB/s avgrq633.53 0.23 0.23 0.23 0.23 0.23 0.23 0.23 0.23
Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s sz avgqu-sz await svctm %util sda 32.44 126.61 3.78 31.90 93.33 1267.05 38.12 17.36 486.39 4.26 15.20 sdb 0.10 0.00 0.06 0.00 0.95 0.45 23.45 0.00 1.89 1.40 0.01 sdc 0.11 0.00 0.06 0.00 0.95 0.45 22.90 0.00 2.99 1.88 0.01 sdd 0.10 0.00 0.29 0.00 59.98 0.45 206.88 0.00 2.45 1.53 0.04 sde 0.11 0.00 0.06 0.00 0.95 0.45 22.90 0.00 3.65 2.11 0.01 sdf 0.10 0.00 0.04 0.00 0.89 0.45 28.18 0.00 3.17 2.06 0.01 sdg 0.11 0.00 0.52 0.00 119.00 0.45 226.94 0.00 2.45 1.53 0.08 sdh 0.10 0.00 0.04 0.00 0.89 0.45 28.87 0.00 2.94 1.87 0.01 sdi 0.11 0.00 0.04 0.00 0.89 0.45 28.01 0.00 3.99 2.30 0.01
69
sdj 28.36 sdk 28.01 sdl 28.78 sdm 28.87 sdn 28.01 sdo 6.45 sdp 27.53 sdq 235.74 sdr 22.59 sds 23.45 sdt 22.59 sdu 28.36 sdw 28.78 sdv 28.01 sdx 34.71 sdy 27.93 sdz 5.70 sdaa 28.01 sdab 28.87 sdac 12.90 sdad 28.01 sdae 15.17
0.10 0.00 0.04 0.00 0.00 3.05 2.02 0.01 0.11 0.00 0.04 0.00 0.00 3.91 2.34 0.01 0.10 0.00 0.04 0.00 0.00 3.17 2.14 0.01 0.10 0.00 0.04 0.00 0.00 3.46 2.25 0.01 0.11 0.00 0.04 0.00 0.00 3.80 2.44 0.01 29.39 0.00 5.67 0.01 0.00 0.80 0.47 0.27 0.11 0.00 0.05 0.00 0.00 4.12 2.49 0.01 0.10 0.00 0.75 0.00 0.00 2.03 1.29 0.10 0.11 0.00 0.06 0.00 0.00 3.16 1.99 0.01 0.10 0.00 0.06 0.00 0.00 2.69 1.61 0.01 0.11 0.00 0.06 0.00 0.00 3.28 1.93 0.01 0.10 0.00 0.04 0.00 0.00 3.59 2.41 0.01 0.10 0.00 0.04 0.00 0.00 3.02 1.91 0.01 0.11 0.00 0.04 0.00 0.00 3.39 2.04 0.01 55.92 2.28 13.91 3.42 0.14 7.63 0.72 1.25 0.11 0.00 0.04 0.00 0.00 4.66 2.52 0.01 84.83 0.00 18.33 0.02 0.01 0.78 0.47 0.86 0.11 0.00 0.04 0.00 0.00 5.74 3.41 0.02 0.10 0.00 0.04 0.00 0.00 3.03 2.01 0.01 0.11 0.00 0.10 0.00 0.00 1.98 1.29 0.01 0.11 0.00 0.04 0.00 0.00 4.12 2.62 0.01 116.38 0.00 22.03 0.17 0.15 6.98 0.53 1.18
0.89 0.89 0.89 0.89 0.89 36.04 0.90 178.03 0.95 0.95 0.95 0.89 0.89 0.89 209.12 0.89 103.98 0.89 0.89 0.89 0.89 199.59
0.45 0.45 0.45 0.45 0.45 0.67 0.45 0.45 0.45 0.45 0.45 0.45 0.45 0.45 392.27 0.45 0.62 0.45 0.45 0.45 0.45 137.18
0.45 0.45 0.45 0.45 0.45 18.02 0.45 89.01 0.48 0.47 0.48 0.45 0.45 0.45 104.56 0.45 51.99 0.45 0.45 0.45 0.45 99.80
0.23 0.23 0.23 0.23 0.23 0.33 0.23 0.23 0.23 0.23 0.23 0.23 0.23 0.23 196.13 0.23 0.31 0.23 0.23 0.23 0.23 68.59
Time: 02:49:43 PM avg-cpu: %user %nice %system %iowait 0.13 0.00 9.01 0.75 Device: rrqm/s wrqm/s r/s w/s sz avgqu-sz await svctm %util sda 0.00 3.98 0.00 1.49 32.00 0.03 22.67 22.67 3.38 sdb 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdc 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdd 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sde 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdf 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdg 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
%steal 0.00
%idle 90.11 rkB/s 0.00 0.00 0.00 0.00 0.00 0.00 0.00 wkB/s avgrq23.88 0.00 0.00 0.00 0.00 0.00 0.00
rsec/s 0.00 0.00 0.00 0.00 0.00 0.00 0.00
wsec/s 47.76 0.00 0.00 0.00 0.00 0.00 0.00
70
sdh 0.00 sdi 0.00 sdj 0.00 sdk 0.00 sdl 0.00 sdm 0.00 sdn 0.00 sdo 0.00 sdp 0.00 sdq 0.00 sdr 0.00 sds 0.00 sdt 0.00 sdu 0.00 sdw 0.00 sdv 0.00 sdx 0.00 sdy 0.00 sdz 0.00 sdaa 0.00 sdab 0.00 sdac 0.00 sdad 0.00 sdae 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
oper server 1#
Lock service on server.

oper server 2# lock Are you sure (y/n)? y Locking server... Locked oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 Status Operational state powered on enabled powered on disabled powered on enabled Device state started started started Administrative state unlocked locked unlocked
71
ce-4 ce-5 console#
powered on powered on
enabled enabled
started started
unlocked unlocked
Reboot the server.

oper server 2# powercycle Are you sure (y/n)? y powercycle server 2 OK oper server 2# oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce ce-3 ce-4 ce-5 Status powered N/A powered powered powered Operational state on enabled N/A on enabled on enabled on enabled Device state started N/A started started started Administrative state unlocked N/A unlocked unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 Status powered powered powered powered powered Operational state on enabled on enabled on enabled on enabled on enabled Device state started started started started started Administrative state unlocked unlocked unlocked unlocked unlocked
Power down the server.

oper server 2# powerdown Are you sure (y/n)? y powerdown server 2 OK oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered N/A powered powered powered Operational state enabled N/A on enabled on enabled on enabled on Device state started N/A started started started Administrative state unlocked N/A unlocked unlocked unlocked
Powerup the server.

console# oper server 2 oper server 2# oper server 2# powerup Are you sure (y/n)? y powerup server 2 OK oper server 2# exit console# show status Cluster state: enabled
72
Server Slot ce-1 ce-2 ce-3 ce-4 ce-5
Status powered powered powered powered powered
on on on on on
Operational state enabled N/A enabled enabled enabled
Device state started N/A started started started
Administrative state unlocked unlocked unlocked unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 Status powered powered powered powered powered Operational state on enabled on enabled on enabled on enabled on enabled Device state started starting started started started Administrative state unlocked unlocked unlocked unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered Operational state on enabled on enabled on enabled on enabled on enabled Device state started started started started started Administrative state unlocked unlocked unlocked unlocked unlocked
Display process status for pang, spread, apache, and ntp.

oper server 1# process_server root 3602 1 0 12:57 ? 00:00:00 /sbin/syslogd -a /var/lib/ntp/dev/log ntp 3890 1 0 12:57 ? 00:00:00 /usr/sbin/ntpd -p /var/lib/ntp/var/run/ntp/ntpd.pid -u ntp -i /var/lib/ntp root 5044 1 0 12:57 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 5052 5044 0 12:57 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 5053 5044 0 12:57 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 5054 5044 0 12:57 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 5055 5044 0 12:57 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf wwwrun 5056 5044 0 12:57 ? 00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf spread 5151 1 0 12:57 ? 00:00:13 /usr/bin/spread -n ce-1 -c /etc/spread.conf root 5157 1 0 12:57 ? 00:00:31 /opt/pang/cache/avalon/sbin/snmpd -f -A -LF e /opt/pang/cache/avalon/var/log/snmpd.log -LS c u 10.11.12.2:10161 root 13117 1 3 14:11 ? 00:01:37 /opt/pang/bin/pang -d -f /opt/pang/conf/pang.conf admin 16432 16431 0 14:58 ? 00:00:00 bash -c sudo /opt/pang/bin/check_processes.sh 2> /dev/null root 16452 16432 0 14:58 ? 00:00:00 /bin/sh /opt/pang/bin/check_processes.sh root 16454 16452 0 14:58 ? 00:00:00 /bin/grep -E (pang)|(spread)|(apache)|(ntp) oper server 1#
Restart the UltraBand software on the server.

oper server 2# restart Are you sure (y/n)? y Restarting server 2 oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered on on on on on Operational state enabled enabled enabled enabled enabled Device state started starting started started started Administrative state unlocked unlocked unlocked unlocked unlocked
Start the UltraBand software on the server.

oper server 2# start Starting server 2 oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 Status powered powered powered powered powered on on on on on Operational state enabled N/A enabled enabled enabled Device state started N/A started started started Administrative state unlocked unlocked unlocked unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered on on on on on Operational state enabled enabled enabled enabled enabled Device state started starting started started started Administrative state unlocked unlocked unlocked unlocked unlocked
Stop the UltraBand software on the server, and leave it in stopped state (a start is then
required to restart it).
oper server 2# stop Are you sure (y/n)? y Stopping server 2 oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered on on on on on Operational state enabled N/A enabled enabled enabled Device state started N/A started started started Administrative state unlocked unlocked unlocked unlocked unlocked
Unlock the server state from out-of-service mode and return it to in-service mode. Note
that unlock goes through a stop and start cycle for the UltraBand application.
console# oper server 2 oper server 2# unlock Unocking server... Unlocked oper server 2# exit console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 Status powered powered powered powered powered on on on on on Operational state enabled N/A enabled enabled enabled Device state started N/A started started started Administrative state unlocked unlocked unlocked unlocked unlocked
console# show status Cluster state: enabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered on on on on on Operational state enabled enabled enabled enabled enabled Device state started starting started started started Administrative state unlocked unlocked unlocked unlocked unlocked
tcpdump on server 1 for eth0.

oper server 1# tcpdump_server -i eth0 -c 2 15:03:08.390582 IP 10.11.12.2.32771 > 10.11.12.10.4803: UDP, length 32 15:03:08.390837 IP 10.11.12.1.32772 > 10.11.12.2.4804: UDP, length 28 /tmp/dmes_19827.txt (END)
oper service Commands
Restart the platform UltraBand software and all its services.

console# oper service restart Are you sure (y/n)? y Restarting service console#
Stop the platform UltraBand software and all its services.

console# oper service stop Are you sure (y/n)? y Stopping service console# exit console> show status Cluster state: disabled Server Slot ce-1 ce-2 ce-3 ce-4 ce-5 console# Status powered powered powered powered powered Operational state on enabled on N/A on enabled on enabled on enabled Device state started N/A started started started Administrative state unlocked unlocked unlocked unlocked unlocked
75
Start the platform UltraBand software and all its services.

console# oper service start Starting service console# show status Operational state Device state enabled started console>
Administrative state unlocked
reset
The reset command resets the management services. Note that resetting the management services will disconnect YOUR current administration session, and you will have to login again.
Command Parameters
None.
Sample Use
Restart the platform UltraBand management software and all its services.
console# reset Are you sure (y/n)? y . .Connection terminated .
rollback
The rollback command rolls back to the last good software version of UltraBand.
Command Parameters
all rollback servers to the previous version. server<#> rollback to the previous version for specific server.
Sample Use
Rollback to the last good software version of UltraBand.

console# rollback server 1 During the rollback to the previous version a part data might be lost. Proceed? (y/n)[n] y Stopping ce-1 Starting ce-1
76
Proceeding cache to metadata sync. Some data in the cache might be lost. Are you sure (y/n)? y Starting cache synchronization... Done console#
show
The show command displays runtime information related to the operational environment of the UltraBand software. The Enable mode show command includes the parameters available in the Regular mode show command (refer to show on page 46) and the following additional parameters.
Command Parameters
The following parameter is only available in Enable mode:
license display system license information. config display running configuration.

Sample Use
Display system license information.

console# show license Licensed chassis serial Licensed chassis serial Licensed chassis serial Licensed chassis serial Licensed chassis serial Licensed chassis serial EDK enabled: Bittorent enabled: Kazaa enabled: Gnutella enabled: Ares enabled: Http enabled: Pando enabled: Max bandwidth: number: number: number: number: number: number: 36V3K3J J5V3K3J 26V3K3J D2DNP3J J6L1K3J H6L1K3J 1 1 1 1 1 1 1 1000 Mbps
Display the system running configuration.

console# show config <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.117</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.2</default-gw> <nameserver>10.1.1.235</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>Grid - promisc Allot</site_name>
77
<external_syslog_ip>10.1.1.50</external_syslog_ip> </mgmt-config> <web-config> <controller> <ip>10.11.18.200</ip> </controller> <controller> <ip>10.11.18.201</ip> </controller> </web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>Asia/Jerusalem</timezone> </ntp> <snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>ffff</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> <enable-pando>1</enable-pando> </protocols> <net> <fwd-mode>PROMISC</fwd-mode> <bridge id='0'> <interface-world>iff1</interface-world> <interface-isp>iff2</interface-isp> </bridge> </net> </service> </common> <blades>3</blades> <blade id='1'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </blade> <blade id='2'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </blade> <blade id='3'> <cache-engine> <network></network> <cdr_log_level>LOG_TRACE</cdr_log_level> </cache-engine> </blade> </cluster>
78
upgrade
The upgrade command upgrades the software version of UltraBand.
Command Parameters
all|management|server <tftp server> <file>
Where:
all downloads and installs software image file. management downloads and installs software image file for management server. server downloads and installs software image file for specific server. <tftp server> is the hostname or IP address of a tftp server accessible from the UltraBand
server on which you are running the upgrade command.
<file> is the name of the file containing the software version package received from a
PeerApp representative. Note that if the tftp server is running on one of the PeerApp servers, then the directory from where the upgrade command will try to retrieve the file is /tftpboot/. If you do not have root access, the file can also be uploaded to the /tftpboot/ folder using the UBView Config Files Management option. For more information, see Managing the Configuration Files in the UBView User Guide. After uploading the file, you can upgrade using the upgrade command.
Sample Use
Upgrade to a new software version available on a TFTP server.

console# upgrade 10.1.1.50 PeerApp_GA_2.2.121_pang_ga_2_2_f2_050508_01_mgmt_ga_1_1_f2 _220408_01_web_2g_20080421_01_ub1000_64bit.tar.gz Checking for network connectivity... Contacting ce-1 machine ... Ok Install management software might disconnect current session and require reconnect. Continue installation of management software? [Y/n]y Starting system installation Starting software installation... Doing pre-installation sanity tests Done Installing SNMP agent Backing up old logs Shutting down syslog services
done
79
Starting syslog services Stopping any running daemons .. Removing old agent directory /opt/pang/mgmt/avalon Installing SNMP agent in /etc/inittab Installing SNMP trap daemon in /etc/inittab Installing monitoring daemon in /etc/inittab Installing Analyzer Backing up analyzer configuration ... Done Upgrade install install install existing web installation... mrtg... libapr0... php...
done
Web installation finished successfully :) Starting upgrade... Starting software installation... Doing pre-installation sanity tests Done Installing SNMP agent Backing up old logs Stopping any running daemons .. Removing old agent directory /opt/pang/cache/avalon Installing SNMP agent in /etc/inittab Installing standalone caching engine... Waiting while caching engine is shutting down... Upgrading caching engine ... Installing Spread environment Stopping spread daemon... Installing Spread files Restarting Spread daemon Done Done Succeeded
console#
80
5
Monitoring UltraBand 1000
All statistical information regarding bandwidth utilization, caching statistics, and server status of the UltraBand 1000 is available via both SNMP and the CLI. To view system uptime:
Enter show uptime at the CLI prompt.

The overall uptime of caching service as well as uptime of individual servers is displayed. To view system time and date:
Enter show time at the CLI prompt.

To view status using the CLI:
Enter show <type> [<options>] at the CLI prompt, where <type> is the type of
status or statistics that you want to view, and [<options>] are any options required. The possible values for <type> include: config Current active configuration in XML format (privileged command available in Enabled mode). eventlog Display the content of the event log. Leader Displays the current cluster leader. license Current active license (privileged command available in Enabled mode). mount Display mounted volumes. process Display the process status for various UltraBand software components (pang, spread, apache, ntp). status Includes service status, physical slot status, per server, server administration status (enabled/disabled) and operational status per server. systemid Unique system identifier, used for support and licensing purposes. uptime Display cluster uptime.
81
version The installed software version for management server and per caching engine server. For more information on available CLI monitoring commands, refer to CLI Reference on page 117. To view status and statistics using SNMP, use any SNMP monitoring tool.
82
6
Supported Setups
This chapter defines the setups that are supported in UltraBand 1000 installations. An asymmetric topology contains connections that are actually asymmetric as well as symmetric, depending on the Border Gateway Protocol (BGP) routing decisions. For some P2P protocols, the PeerApp New Generation (PANG) decision regarding cache-out is made at the first packet seen on those connections. In these cases PANG cannot categorize the connections as symmetric or asymmetric. In other P2P connections, at least two packets are seen before the cache-out decision one from each direction. In these cases, PANG is able to categorize the connections as symmetric or asymmetric. The following methods are used for handling cache-out connections:
Send all the cache-out packets to the same link as the one that the request came from. In the group of protocols that enable classification of the connection as symmetric or
asymmetric, use the classification to select the cache-out link in order to match the link of the original connection (for example, if it was asymmetric send it via the other link to the request). The advantage of the first method is that it is simple and similar to all setups and connections. The advantage of the second method is that it makes the solution more transparent, even though it is not useful in all setups. This chapter presents setups based on the second method.
83
Using PBR on High Ports

Alteon DPI with Asymmetric and UltraBand 1000
An asymmetric topology with UB1000 Grid configuration is the same as with UB1000, with the exception that the Alteon performs the load balancing function. The topology appears as follows.
Figure 4: Alteon DPI with Asymmetric and UltraBand 1000 Grid Configuration
For sample configuration information about this setup, refer to PBR Configuration on page 91.
Using Promiscuous Mode with Allot

The following setups are relevant when integrating with the Allot 2540 as the DPI of choice and the Allot is operating in divert mode (that is, it sends the packet without any change to the UB1000, preserving the MAC addresses as received). For sample configuration information about these setups, refer to Promiscuous Mode on page 112.
Asymmetric Inline UltraBand 1000 with Allot 2540

When using the UltraBand 1000 with Allot 2540 integration in an asymmetric network for handling the two links and sending the P2P traffic to the UltraBand 1000 in a divert mode (without change to the MAC addresses), then the UltraBand 1000 uses the two additional switches/routers for load balancing. However, this setup is unlike other setups that use TOS bit PBRs and that configure the switches/routers as routers for the PBR to work. In this topology, the Allot DPI redirects the traffic to the switches without an L3 PBR, by using the original source and destination MAC addresses of the corresponding gateways. This simplifies the
84
setup, as each of the asymmetric links is represented and configured with a pair of gateways of the routers on both sides of the Allot. The topology appears as follows.
Figure 5: Asymmetric Inline UltraBand 1000 Grid Configuration with Allot 2540
A bypass link exists between the switches in case of failures.
In this topology, each server must perform the following:
Send forwarded traffic to the interface adjacent to where it came from.

For example, if a request arrives from GW11 to GW21 (L2 MAC address), then: Allot forwards that packet to the switch on the blue link. The switch has the MAC address of GW21 to send it to the etherchannel, whereby performing load balancing between the servers with 4 tuple stickiness. The server in the middle (operating in Promiscuous mode) handles the request. It decides to forward the packet the handling server (ce) sends it to the adjacent interface in order to reach the other switch. The remote switch then sends the packet through the blue link to GW21 (the MAC address is learnt on the interface).
Send cache-out traffic to the same interface as the incoming of the request:
For example, a request from GW21 that reaches the Allot is redirected to the switch in the red link and this link forwards the packet to the MAC address of GW22. GW22 is through the port-channel that distributes the connections between the servers (load balancing):
85
The server that captures the packet in Promiscuous mode decides to send a reply from cache (cache-out). It sends the reply to the same Rx port with the MAC addresses replaced (src dest :: G22G21 ). The switch then sends based on the destination MAC address (G21) to the red link, which then reaches the Allot and is sent to the requesting user.
Error scenarios:
If a server fails, the others take its load. If all servers fail, the bypass forwards all the traffic. If a link to the Allot fails, the port teaming feature drops the bypass link and the port teaming on the other switch loses that bypass link. It then uses its own port teaming feature to close the link to the Allot (two red links or two blue links), which forces the Allot to bypass all the traffic within the Allot (see the dotted line in the Allot device, in Figure 5).
Asymmetric Inline UltraBand 1000 Grid with Allot 2540

This setup is identical to that described in Asymmetric Inline UltraBand 1000 with Allot 2540 on page 84.
86
Using Bounce Mode with Sandvine

The setups included in this section use Sandvine and FWD Bounce modes. For sample configuration information about these setups, refer to Bounce Mode on page 113.
Asymmetric Grid UltraBand 1000 and PBR High Ports

In an asymmetric setup that uses a high port number PBR without an L7 redirector, using the UltraBand 1000 Grid solution requires two additional switches/routers and load balancing between the server hosts using etherchannel (port-channel). The topology appears as follows.
Figure 6: Asymmetric Grid UltraBand 1000 and PBR High Ports
The following sections describe the flows of Forwarding traffic and Cache-out traffic, where Promiscuous mode denotes that forwarding traffic is sent to the remote port and cache-out traffic is sent back on the Rx port. For more information, see Forwarding Flow on page 88 and Cache-out Flow on page 89.
87
Forwarding Flow
The following figure displays the forwarding flow of a forwarded packet (the red line).
Figure 7: Asymmetric Grid UltraBand 1000 and PBR High Ports Forwarding Flow
The flow is as follows:
The router redirects the traffic of a port number below 1024 to one of the switches. The switch routes the packet using one of the physical ports that has one of the servers
(ce), based on a PBR to the address of the remote port-channel 1.
The ce captures the packet in Promiscuous mode and decides to forward the packet. It
sends the packet to the remote port.
The traffic reaches the remote switch and based on the PBR, it redirects via the bypass to
the remote port-channel 2 address (via the bypass link).
The original switch/router receives the packet and forwards the packet back to the
network router, based on the PBR.
The router routes the packet to the destination, as usual.
88
Cache-out Flow
There can be two types of cache-out flows symmetric and asymmetric. Ideally, the cache-out should obey the original direction of each specific connection, regardless of whether it is a symmetric or asymmetric connection. However, for simplicity and since no problem is anticipated (both way can reach the local peer), in either type of connection the cache-out traffic is always treated the same. The following figure displays the cache-out flow (the blue line represents the flow of the request that triggered the cache-out and the brown line represents the cache-out traffic).
Figure 8: Asymmetric Grid UltraBand 1000 and PBR High Ports Cache-out Flow
The flow is as follows:
The request packet (blue line) reaches the server (ce) that is responsible for this
connection (based on etherchannel load balancing).
The server decides that it is a cache-out connection and as in Promiscuous mode, it sends
the cache-out traffic back on the same interface to the original switch.
The traffic reaches the original switch and based of the PBR, it redirects via the bypass to
the remote port-channel 2 address (via the bypass link).
The remote switch/router receives the packet and forwards the packet to the network
router, based on the PBR.
The router routes the packet to the destination, as usual.
89
For more information, see the introduction in Supported Setups on page 83. If it is ever required to preserve the direction in cache-out, a new type of forwarding mode will be required. For example, if a request is not the first redirected packet in a symmetric connection.
Failure Handling
If a switch/router fails, the servers close the remote port. This forces the closure of the
other switch in the chain via the bypass link (due to port teaming).
If a switch/router fails to resolve the inline routers address, it should close the ports to the
switches (port teaming) until all the addresses are resolved. This creates a fail link that eventually causes the PBRs on the inline links to stop redirection.
90
7
Sample Configuration Setups
This chapter provides sample configuration setups per forwarding mode for both the UltraBand 1000 and the routers or switches. For information about the relevant forwarding modes to these setups, see Supported Setups on page 83.
PBR Configuration
ISP Router Configuration
In tunnel mode, the following ports should be redirected:
High ports (1024) for P2P. Port 80 for HTTP to the Alteon DPI.
Cisco Router
The exact configuration depends on the Cisco router version and the platform. The following is a sample of the PBR configuration:
interface FastEthernet6/37 ip address 192.168.1.1 255.255.255.0 ip police route-map ISP ! interface FastEthernet6/38 ip address 192.168.2.1 255.255.255.0 ip police route-map World ! interface FastEthernet6/41 ip address 192.168.100.2 255.255.255.0 ! interface FastEthernet6/42 ip address 192.168.200.2 255.255.255.0 ! access-list 2001 permit tcp 192.168.1.0 0.0.0.255 gt 1024 any gt 1024 access-list 2002 permit tcp any gt 1024 192.168.1.0 0.0.0.255 gt 1024 !
91
route-map ISP permit 2001 match ip address 2001 set ip next-hop 192.168.100.1 ! route-map World permit 2002 match ip address 2002 set ip next-hop 192.168.200.1 !
The above sample shows how the ACLs 2001 and 2002 that permit all ports above 1024 and are used in the PBRs World and ISP force that traffic to the UltraBand 1000. The following sample shows how to use a PBR for HTTP (port 80):
access-list access-list access-list access-list 2002 2002 2001 2001 remark permit remark permit world tcp any eq www any gt 1024 ISP tcp any gt 1024 any eq www
In the above sample, www represents port 80. The GSR router does not support source port range in ACL. Therefore, only TCP without source port can be implemented. Router 6500 uses the same MAC in a singe device. Therefore, a PBR loop (router redirects to itself) is impossible to create. The following are sample configurations for the Cisco 3560 / 3750 router:
route-map CLIENTS permit 5 match ip address AVALANCHE_59 set ip next-hop 10.205.1.254 ! route-map CLIENTS permit 6 match ip address AVALANCHE_61 !
Juniper M/T Series Routers

The following sample configures the PBR with Juniper:
TCP > 1024 term 10 { from { destination-address { 219.87.16.117/32; 124.9.128.0/19; 124.9.160.0/19; 124.9.192.0/19; 124.9.224.0/19; 124.9.96.0/19; } protocol tcp; source-port 1024-65535; destination-port 1024-65535; }
92
80 port term 15 { from { destination-address { 219.87.16.117/32; 124.9.128.0/19; 124.9.160.0/19; 124.9.192.0/19; 124.9.224.0/19; 124.9.96.0/19; } protocol tcp; source-port 80; } set interfaces ge-0/2/0 description World set interfaces ge-0/2/0 unit 0 family inet filter input DST2 set interfaces ge-0/2/0 unit 0 family inet address 10.10.1.1/30 set interfaces ge-0/3/0 description ISP set interfaces ge-0/3/0 unit 0 family inet filter input DST set interfaces ge-0/3/0 unit 0 family inet address 10.10.2.1/26 set set set set set set routing-options routing-options routing-options routing-options routing-options routing-options rib-groups dest import-rib inet.0 rib-groups dest import-rib next-hop_1.inet.0 rib-groups dest2 import-rib next-hop_1.inet.0 rib-groups dest2 import-rib next-hop_2.inet.0 rib-groups dest2 import-rib inet.0 forwarding-table export load-balancing-policy next-hop_1 instance-type forwarding next-hop_1 routing-options static route 0.0.0.0/0 nextnext-hop_2 instance-type forwarding next-hop_2 routing-options static route 124.9.0.0/24 next-hop_2 routing-options static route 124.9.1.0/24 next-hop_2 routing-options static route 124.9.2.0/24 next-hop_2 routing-options static route 124.9.3.0/24 next-hop_2 routing-options static route 124.9.4.0/24 next-hop_2 routing-options static route 124.9.5.0/24 next-hop_2 routing-options static route 124.9.6.0/24 next-hop_2 routing-options static route 124.9.7.0/24 next-hop_2 routing-options static route 124.9.8.0/24 next-hop_2 routing-options static route 124.9.9.0/24 next-hop_2 routing-options static route 124.9.10.0/24 next-hop_2 routing-options static route 124.9.11.0/24 next-hop_2 routing-options static route 124.9.12.0/24 next-hop_2 routing-options static route 124.9.13.0/24
set routing-instances set routing-instances hop 60.199.17.14 set routing-instances set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10 set routing-instances next-hop 60.199.17.10
93
set routing-instances next-hop_2 routing-options static route 124.9.14.0/24 next-hop 60.199.17.10 set routing-instances next-hop_2 routing-options static route 124.9.15.0/24 next-hop 60.199.17.10 set set set set set set set set set firewall firewall firewall firewall firewall firewall firewall firewall firewall filter filter filter filter filter filter filter filter filter DST DST DST DST term term term term 10 10 10 20 from from then then source-address 124.9.1.0/22 destination-port 80 routing-instance next-hop_1 accept destination-address 124.9.1.0/22 protocol tcp source-port 80 routing-instance next-hop_2 accept
DST2 DST2 DST2 DST2 DST2
term term term term term
10 10 10 10 20
from from from then then
set routing-instances next-hop_1 instance-type forwarding set routing-instances next-hop_1 routing-options static route 0.0.0.0/0 nexthop 60.199.17.10 set routing-instances set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 set routing-instances next-hop 60.199.17.14 next-hop_2 instance-type forwarding next-hop_2 routing-options static route 124.9.0.0/24 next-hop_2 routing-options static route 124.9.1.0/24 next-hop_2 routing-options static route 124.9.2.0/24 next-hop_2 routing-options static route 124.9.3.0/24 next-hop_2 routing-options static route 124.9.4.0/24 next-hop_2 routing-options static route 124.9.5.0/24 next-hop_2 routing-options static route 124.9.6.0/24 next-hop_2 routing-options static route 124.9.7.0/24 next-hop_2 routing-options static route 124.9.8.0/24 next-hop_2 routing-options static route 124.9.9.0/24 next-hop_2 routing-options static route 124.9.10.0/24 next-hop_2 routing-options static route 124.9.11.0/24 next-hop_2 routing-options static route 124.9.12.0/24 next-hop_2 routing-options static route 124.9.13.0/24 next-hop_2 routing-options static route 124.9.14.0/24 next-hop_2 routing-options static route 124.9.15.0/24
94
UltraBand 1000 Configuration

The following is the sample UltraBand 1000 XML configuration file:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="cluster_conf.xsd"> <mgmt-config> <ipaddr>192.168.5.105</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.5.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K Tunnel - DEMO</site_name> </mgmt-config> <web-config> <redirector> <ip>192.168.0.252</ip> <read_community>PApub\!</read_community> <isp>2</isp> <world>3</world> <cache>4</cache> </redirector> <controller> <ip>10.11.12.14</ip> </controller> </web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>GMT+10</timezone> </ntp> <snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>ffff</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> </protocols> <net> <fwd-mode>TUNNEL</fwd-mode> <tunnel interface="iff1"> <gw_world>172.160.253.254</gw_world> <gw_isp>172.160.253.253</gw_isp> </tunnel> </net> </service> </common> <servers>1</servers> <server id="1"> <cache-engine> <network> <vip>192.168.2.2</vip> <interface name="iff1"> <ipaddr>172.160.253.101</ipaddr> <netmask>255.255.255.0</netmask>
95
</interface> </network> <service> </service> </cache-engine> </server> </cluster>
The XML file is a cluster level file (i.e., it configures all the servers in the solution):
For managing the cluster, the mgmnt-config element defines:

The IP address for access to manage the cluster. The default GW of the clusters management. An email for sending alerts.
For the connectivity to the Alteon, the web-config element defines:

The Alteon IP address. The interfaces of the IPS. World side.
The common element defines the attributes that relate to the entire cluster:
The NTP servers address for time synchronization. The SNMP issues. The service element of the UltraBand 1000, that includes the served protocols (protocols that are allowed by the license), the network configuration that includes the forwarding mode (for example, Tunnel mode), the tunnel interface, and interfaces IP addresses (GW and Default GW).
The server element is repeated according to the number of servers in the cluster. For
each server, this element defines: The Virtual IP (VIP) to which the Alteon can turn. The real interface IP address.
PeerApp Router Configuration

The Cisco 3560G router that is used as a destination for the UltraBand 1000 router is configured with IP addresses to enable the PBR to send traffic to it. The following is a sample configuration file for the 3560G router:
PeerApp_SWB#sh run Building configuration... Current configuration : 4787 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime localtime
96
service password-encryption ! hostname PeerApp_SWB ! logging buffered 20000 debugging enable secret 5 $1$hdXq$92wHQaUqadLDkRFUZN6vb/ enable password 7 144F4A1C05172233212D3D ! no aaa new-model clock timezone AEST 10 clock summer-time AEDST recurring last Sun Oct 2:00 1 Sun Apr 3:00 system mtu routing 1500 link state track 1 link state track 2 ip subnet-zero ip routing ! ! ! ! ! ! no errdisable detect cause pagp-flap no errdisable detect cause dtp-flap no errdisable detect cause link-flap no errdisable detect cause l2ptguard no errdisable detect cause sfp-config-mismatch no errdisable detect cause gbic-invalid no errdisable detect cause dhcp-rate-limit no errdisable detect cause arp-inspection no errdisable detect cause loopback errdisable recovery cause udld errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause channel-misconfig errdisable recovery cause pagp-flap errdisable recovery cause dtp-flap errdisable recovery cause link-flap errdisable recovery cause sfp-config-mismatch errdisable recovery cause gbic-invalid errdisable recovery cause l2ptguard errdisable recovery cause psecure-violation errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast-flood errdisable recovery cause vmps errdisable recovery cause storm-control errdisable recovery cause inline-power errdisable recovery cause arp-inspection errdisable recovery cause loopback no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! interface GigabitEthernet0/1 no switchport ip address 192.168.200.2 255.255.255.0 desc World link state group 1 downstream ! interface GigabitEthernet0/2 no switchport ip address 192.168.100.2 255.255.255.0
97
desc ISP speed 1000 duplex full link state group 1 upstream ! ! interface GigabitEthernet0/24 no switchport desc Manegment ip address 10.11.12.90 255.255.255.0 secondary ip address 220.233.2.19 255.255.255.248 ! interface GigabitEthernet0/25 ! interface GigabitEthernet0/26 ! interface GigabitEthernet0/27 ! interface GigabitEthernet0/28 ! interface Vlan1 no ip address ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.200.1 ip route 58.96.0.0 255.255.128.0 192.168.100.1 ip route 58.96.0.4 255.255.255.255 192.168.100.1 ip route 58.96.64.0 255.255.192.0 192.168.100.1 ip route 220.233.0.0 255.255.0.0 192.168.100.1 ip http server ip http secure-server ! ! control-plane ! ! line con 0 line vty 0 4 password 7 1016510E0C041A13090124 login line vty 5 15 password 7 014B5E1352180E17244940 login ! ntp clock-period 36028937 ntp server 220.233.0.3 ntp server 128.250.36.2 ntp server 128.250.36.3 ntp server 220.233.0.50 ntp server 192.189.54.33 end PeerApp_SWB#
Alteon Configuration
The following is a sample configuration file for the Alteon DPI:
>> Main# /c/d script start "Nortel Application Switch 3408" 4 /**** DO NOT EDIT THIS LINE!
98
/* Configuration dump taken 7:19:21 Thu Apr 13, 2008 /* Configuration last applied at 12:37:39 Fri Mar 3, 2008 /* Configuration last save at 12:39:09 Fri Mar 3, 2008 /* Version 23.2.1.1, Base MAC address 00:16:ca:51:51:00 /c/sys/mmgmt addr 64.76.163.86 mask 255.255.255.248 broad 64.76.163.87 gw 64.76.163.81 dns mgmt ntp mgmt radius mgmt smtp mgmt snmp mgmt sonmp mgmt syslog mgmt tftp mgmt wlm mgmt report mgmt ena /c/sys/mmgmt/port speed any mode full auto on /* PeerApp L7 switch /c/sys idle 60 bannr "PeerApp L7 redirector" /c/sys/access snmp w tnet ena tnport 2323 /c/sys/access/user admpw "04c31a5604020a02078af3b7c7b2a9f0f2467b4f14d61dd4cadf8d7f91707f21" /c/sys/access/port/rem 1 /c/sys/access/port/rem 2 /c/sys/access/port/rem 3 /c/sys/access/port/rem 4 /c/sys/access/port/rem 5 /c/sys/access/port/rem 6 /c/sys/access/port/rem 7 /c/sys/access/port/rem 9 /c/sys/access/port/rem 10 /c/sys/access/port/rem 11 /c/sys/access/port/rem 12 /c/sys/ssnmp name "PeerApp L7 switch" locn "PeerApp @ IFX" cont "PeerApp support@PeerApp.com" auth ena rcomm "gdcbhv" wcomm "nkppui" /c/port 1 name "Cache" pvid 9 /c/port 3 name "WORLD" pvid 9 /c/port 3/cop speed 1000 fctl both mode full auto on /c/port 4
99
name "ISP" pvid 9 /c/port 4/cop speed any fctl both mode full auto on /c/port 5 name "WORLD" pvid 9 /c/port 5/cop speed any fctl both mode full auto on /c/port 6 name "WORLD" pvid 9 /c/port 6 pref sfp back copper /c/port 6/cop speed 1000 fctl none mode full auto on /c/port 8 name "CACHE" pvid 9 /c/port 8/gig speed any fctl both mode full auto on /c/l2/vlan 1 learn ena def 2 7 9 10 11 12 /c/l2/vlan 9 ena name "VLAN 9" learn ena def 1 3 4 5 6 8 /c/l2/vlan 10 ena name "VLAN 10" learn ena def 0 /c/l2/vlan 15 ena name "VLAN 15" learn ena def 0 /c/l2/vlan 50 ena name "VLAN 50" learn ena def 0 /c/l2/vlan 101 ena name "VLAN 101" learn ena def 0 /c/l2/vlan 152 ena name "VLAN 152"
100
learn ena def 0 /c/l2/vlan 197 ena name "VLAN 197" learn ena def 0 /c/l2/vlan 200 ena name "VLAN 200" learn ena def 0 /c/l2/vlan 209 ena name "VLAN 209" learn ena def 0 /c/l2/vlan 263 ena name "VLAN 263" learn ena def 0 /c/l2/stg 1/clear /c/l2/stg 1/add 1 9 10 15 50 101 152 197 200 209 263 /c/l2/stg 1/port 3/off /c/l2/stg 1/port 4/off /c/l2/stg 1/port 6/off /c/l2/stg 1/port 8/cost 100 /c/sys/sshd/ena /c/sys/sshd/on /c/l3/if 1 ena ipver v4 addr 192.168.1.1 vlan 9 /c/slb on /c/slb/adv direct ena /c/slb/real 1 ena ipver v4 rip 192.168.1.111 maxcon 0 name "\"UB1000 Grid\"" /c/slb/real 1/adv proxy dis /c/slb/real 20 ena ipver v4 rip 192.168.1.120 maxcon 0 tmout 4 name "HTTP" /c/slb/group 1 ipver v4 metric hash rmetric hash health icmp add 1 /c/slb/group 20 ipver v4 metric hash rmetric hash health icmp
101
add 20 /c/slb/layer7/redir urlal dis nocache dis /c/slb/layer7/slb case dis ren 2 "301" ren 11 "BINMATCH=474554202F2E686173683D" 40 0 eq ren 12 "BINMATCH=4749564520" 40 0 eq ren 13 "BINMATCH=E3" 40 0 eq ren 14 "BINMATCH=0000" 43 0 eq ren 15 "BINMATCH=134269" 40 0 eq ren 16 "BINMATCH=474554202F7572692D7265732F" 40 0 eq ren 17 "BINMATCH=474554202F6765742F" 40 0 eq ren 18 "BINMATCH=47495620" 40 0 eq ren 19 "BINMATCH=C5" 40 0 eq ren 20 "BINMATCH=50" 32 0 gt ren 21 "BINMATCH=474554202F2E686173683D" 40 40 eq ren 22 "BINMATCH=4749564520" 40 40 eq ren 23 "BINMATCH=E3" 40 40 eq ren 24 "BINMATCH=0000" 43 40 eq ren 25 "BINMATCH=134269" 40 40 eq ren 26 "BINMATCH=474554202F7572692D7265732F" 40 40 eq ren 27 "BINMATCH=474554202F6765742F" 40 40 eq ren 28 "BINMATCH=47495620" 40 40 eq ren 180 "BINMATCH=474554202f" 40 0 eq ren 301 "STRMATCH=flv" 45 430 ren 302 "STRMATCH=wmv" 45 430 ren 303 "STRMATCH=mpeg" 45 430 ren 304 "STRMATCH=swf" 45 430 ren 305 "STRMATCH=exe" 45 430 ren 306 "STRMATCH=zip" 45 430 ren 307 "STRMATCH=nup" 45 430 ren 308 "STRMATCH=msi" 45 430 ren 309 "STRMATCH=tar" 45 430 ren 310 "STRMATCH=cab" 45 430 ren 311 "STRMATCH=lin" 45 430 ren 312 "STRMATCH=mp3" 45 430 ren 313 "STRMATCH=bin" 45 350 ren 330 "STRMATCH=ontent-Type: vid" 50 350 /c/sec/pgroup 1 name "BT" add 15 /c/sec/pgroup 2 name "EDK" add 13 add 14 /c/sec/pgroup 3 name "FastTrack" add 11 /c/sec/pgroup 4 name "FastTrack PUSH" add 12 /c/sec/pgroup 5 name "Gnutella #1" add 16 /c/sec/pgroup 6 name "Gnutella #2" add 17 /c/sec/pgroup 7 name "Gnutella #3" add 18 /c/sec/pgroup 8 name "Emule" add 14
102
add 19 /c/sec/pgroup 11 name "BT tcp options" add 20 add 25 /c/sec/pgroup 12 name "EDK tcp options" add 20 add 23 add 24 /c/sec/pgroup 13 name "FastTrack tcp options" add 20 add 21 /c/sec/pgroup 14 name "FastTrack PUSH tcp options" add 20 add 22 /c/sec/pgroup 15 name "Gnutella #1 TCP options" add 20 add 26 /c/sec/pgroup 16 name "Gnutella #2 TCP options" add 20 add 27 /c/sec/pgroup 17 name "Gnutella #3 TCP options" add 20 add 28 /c/sec/pgroup 180 name "GET" add 180 /c/sec/pgroup 301 name "FLV" add 301 /c/sec/pgroup 302 name "wmv" add 302 /c/sec/pgroup 303 name "mpeg" add 303 /c/sec/pgroup 304 name "swf" add 304 /c/sec/pgroup 305 name "exe" add 305 /c/sec/pgroup 306 name "zip" add 306 /c/sec/pgroup 307 name "nup" add 307 /c/sec/pgroup 308 name "msi" add 308 /c/sec/pgroup 309 name "tar" add 309 /c/sec/pgroup 310 name "CAB" add 310 /c/sec/pgroup 311 name "lin"
103
add 311 /c/sec/pgroup 312 name "mp3" add 312 /c/sec/pgroup 313 name "bin" add 313 /c/slb/filt 180 name "Http-Client" ena action redir ipver v4 sip any smask 0.0.0.0 dip any dmask 0.0.0.0 proto tcp dport http group 20 rport 0 vlan 9 /c/slb/filt 180/adv/layer7 parseall dis /c/slb/filt 180/adv/redir fwlb ena /c/slb/filt 281 name "Http-Server" ena action redir ipver v4 sip any smask 0.0.0.0 dip any dmask 0.0.0.0 proto tcp sport http group 20 rport 0 vlan 9 /c/slb/filt 281/adv/layer7 parseall dis /c/slb/filt 281/adv/redir fwlb ena /c/slb/filt 281/adv/security parseall dis addgrp 301 addgrp 302 addgrp 303 addgrp 304 addgrp 305 addgrp 306 addgrp 307 addgrp 308 addgrp 309 addgrp 310 addgrp 311 addgrp 312 addgrp 313 /c/slb/filt 1001 name "L7 redir" ena action redir ipver v4 sip any smask 0.0.0.0
104
dip any dmask 0.0.0.0 proto tcp sport 1024-65534 dport 1024-65534 group 1 rport 0 vlan 9 /c/slb/filt 1001/adv/layer7 l7lkup ena /c/slb/filt 1001/adv/security pmatch ena matchall ena parseall dis addgrp 1 addgrp 2 addgrp 8 /c/slb/filt 1005 name "L4 ARES" dis action redir ipver v4 sip any smask 0.0.0.0 dip any dmask 0.0.0.0 proto tcp sport 1024-65534 dport 1024-65534 group 1 rport 0 vlan 9 /c/slb/port 3 filt ena add 180 add 1001 /c/slb/port 4 filt ena add 180 add 1001 /c/slb/port 5 filt ena add 281 add 1001 /c/slb/port 6 filt ena add 281 add 1001 /c/sys/access/https/https e / script end /**** DO NOT EDIT THIS LINE!
Multi-Tunnel Mode
This configuration is similar to that in Tunnel mode. In this case, the ISP router configuration applies to more routers, for all the tunnels. For more information on Tunnel mode configurations, see PBR Configuration on page 91.
105

The following is the sample UltraBand 1000 XML configuration file for the Multi-tunnel mode:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="cluster_conf.xsd"> <mgmt-config> <ipaddr>192.168.5.105</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.5.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K Multi tunnel - DEMO</site_name> </mgmt-config> <web-config> <redirector> <ip>192.168.0.252</ip> <read_community>PApub\!</read_community> <isp>2</isp> <world>3</world> <cache>4</cache> </redirector> <controller> <ip>10.11.12.14</ip> </controller> </web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>GMT+10</timezone> </ntp> <snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>ffff</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> </protocols> <net> <fwd-mode>TUNNEL</fwd-mode> <tunnel interface="iff1"> <gw_world>172.160.253.254</gw_world> <gw_isp>172.160.253.253</gw_isp> </tunnel> <tunnel interface="iff2"> <gw_world>172.160.254.254</gw_world> <gw_isp>172.160.254.253</gw_isp> </tunnel> </net> </service> </common> <servers>1</servers> <server id="1"> <cache-engine> <network>
106
<vip>192.168.2.2</vip> <vip>192.168.3.2</vip> <interface name="iff1"> <ipaddr>172.160.253.101</ipaddr> <netmask>255.255.255.0</netmask> </interface> <interface name="iff2"> <ipaddr>172.160.254.101</ipaddr> <netmask>255.255.255.0</netmask> </interface> </network> <service> </service> </cache-engine> </server> </cluster>
This configuration file takes one tunnel into account. When there are multiple tunnels connected to the same UltraBand 1000 cluster, the configuration file has the following difference:
In the common > service > net element, there should be a tunnel interface
element for each tunnel. This element should include the IP addresses of the pair of GWs (world and ISP) per tunnel.
PeerApp Router Configuration

Depending on the site, one or more 3650G routers may be needed. However, their configuration is similar to that of one tunnel, with different ports being used (more than two per tunnel). For more information on the PeerApp router configuration in Tunnel mode, see PeerApp Router Configuration on page 96.
This configuration is similar to the Alteon configuration in the Tunnel forwarding mode. For more information on the Alteon configuration in Tunnel mode, see Alteon Configuration on page 98.
Multi-Tunnel and VLAN Mode

The following session is used to configure VLAN on the internal switch:
console# console# show running-config interface ethernet g13 spanning-tree disable exit interface ethernet g13 spanning-tree link-type shared
107
exit bridge multicast filtering interface ethernet g1 switchport mode general exit vlan database vlan 2-6 exit interface range ethernet g(2-3,11) switchport access vlan 2 exit interface range ethernet g(4-5,12) switchport access vlan 3 exit interface range ethernet g(6-8,13) switchport access vlan 4 exit interface range ethernet g(9-10,14) switchport access vlan 5 exit interface vlan 1 ip address 1.1.1.100 255.255.255.0 exit username PAswAdmin password dedb6ffd09a5ac5024a339d6198330cf encrypted username iz password a1a3bc11067d3cb33e76ebe2ba1b5305 level 15 encrypted username root password dedb6ffd09a5ac5024a339d6198330cf level 15 encrypted console# configure console(config)# interface range ethernet g(6-8,13) console(config-if)# no switchport access vlan 06-Feb-2000 06:24:52 %LINK-W-Down: Vlan 4 console(config-if)# exit console(config)# interface range ethernet g(6-7,13) console(config-if)# switchport access vlan 4 06-Feb-2000 06:25:33 %LINK-I-Up: Vlan 4 console(config-if)# console(config-if)# console(config-if)# exit console(config)# exit console# show running-config interface ethernet g13 spanning-tree disable exit interface ethernet g13 spanning-tree link-type shared exit bridge multicast filtering interface ethernet g1 switchport mode general exit vlan database vlan 2-6 exit interface range ethernet g(2-3,11) switchport access vlan 2 exit interface range ethernet g(4-5,12) switchport access vlan 3 exit interface range ethernet g(6-7,13) switchport access vlan 4 exit interface range ethernet g(9-10,14) switchport access vlan 5
108
exit interface range ethernet g(15-16) switchport access vlan 6 exit interface vlan 1 ip address 1.1.1.100 255.255.255.0 exit username PAswAdmin password dedb6ffd09a5ac5024a339d6198330cf encrypted username iz password a1a3bc11067d3cb33e76ebe2ba1b5305 level 15 encrypted username root password dedb6ffd09a5ac5024a339d6198330cf level 15 encrypted console# configure console(config)# interface range ethernet g(9-10,14) console(config-if)# no switchport access vlan 06-Feb-2000 06:26:07 %LINK-W-Down: Vlan 5 console(config-if)# exit console(config)# interface range ethernet g(8-10,14) console(config-if)# switchport access vlan 5 06-Feb-2000 06:26:39 %LINK-I-Up: Vlan 5 console(config-if)# exit console(config)# exit console# console# console# console# console# console# console# show vlan Vlan Name Ports Type Authorization ---- ----------------- -------------------- ----------- -------------1 1 g1,ch(1-8) other Required 2 2 g(2-3,11) permanent Required 3 3 g(4-5,12) permanent Required 4 4 g(6-7,13) permanent Required 5 5 g(8-10,14) permanent Required 6 6 g(15-16) permanent Required console# console# console# show running-config interface ethernet g13 spanning-tree disable exit interface ethernet g13 spanning-tree link-type shared exit bridge multicast filtering interface ethernet g1 switchport mode general exit vlan database vlan 2-6 exit interface range ethernet g(2-3,11) switchport access vlan 2 exit interface range ethernet g(4-5,12) switchport access vlan 3 exit interface range ethernet g(6-7,13) switchport access vlan 4 exit interface range ethernet g(8-10,14) switchport access vlan 5` exit
109
interface range ethernet g(15-16) switchport access vlan 6 exit interface vlan 1 ip address 1.1.1.100 255.255.255.0 exit username PAswAdmin password dedb6ffd09a5ac5024a339d6198330cf encrypted username iz password a1a3bc11067d3cb33e76ebe2ba1b5305 level 15 encrypted username root password dedb6ffd09a5ac5024a339d6198330cf level 15 encrypted console# 06-Feb-2000 06:27:24 %LINK-W-Down: g8 06-Feb-2000 06:27:24 %STP-W-PORTSTATUS: g8: STP status Forwarding 06-Feb-2000 06:27:24 %LINK-I-Up: g8 06-Feb-2000 06:27:24 %LINK-W-Down: g8 06-Feb-2000 06:27:24 %STP-W-PORTSTATUS: g8: STP status Forwarding 06-Feb-2000 06:27:24 %LINK-I-Up: g8

The following is the sample UltraBand 1000 XML configuration file for adding VLAN support to the Multi-tunnel mode:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="cluster_conf.xsd"> <mgmt-config> <ipaddr>192.168.5.105</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.5.1</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UB1K Multi tunnel + vlan - DEMO</site_name> </mgmt-config> <web-config> <redirector> <ip>192.168.0.252</ip> <read_community>PApub\!</read_community> <isp>2</isp> <world>3</world> <cache>4</cache> </redirector> <controller> <ip>10.11.12.14</ip> </controller> </web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>GMT+10</timezone> </ntp> <snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>ffff</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http>
110
<enable-ares>1</enable-ares> </protocols> <net> <fwd-mode>TUNNEL</fwd-mode> <tunnel interface="iff1"> <gw_world>172.160.253.254</gw_world> <gw_isp>172.160.253.253</gw_isp> <tunnel_vlan_tag>3</tunnel_vlan_tag> </tunnel> <tunnel interface="iff2"> <gw_world>172.160.254.254</gw_world> <gw_isp>172.160.254.253</gw_isp> <tunnel_vlan_tag>2</tunnel_vlan_tag> </tunnel> <vlan_mode>ON</vlan_mode> </net> </service> </common> <servers>1</servers> <server id="1"> <cache-engine> <network> <vip>192.168.2.2</vip> <vip>192.168.3.2</vip> <interface name="iff1"> <ipaddr>172.160.253.101</ipaddr> <netmask>255.255.255.0</netmask> </interface> <interface name="iff2"> <ipaddr>172.160.254.101</ipaddr> <netmask>255.255.255.0</netmask> </interface> </network> <service> </service> </cache-engine> </server> </cluster>
When multiple tunnels are connected to the same UltraBand 1000 cluster and each tunnel runs in a different VLAN, (or a single tunnel, which is an IEEE 802.1Q trunk with multiple VLANs), the configuration file has the following difference:
In the common > service > net element, there should be a tunnel interface
element for each tunnel. Each defined tunnel should include the VLAN ID of the tunnel and a global configuration for all tunnels that sets VLAN mode to ON.
The Alteon configuration is similar to the Alteon configuration including Tunnel and VLAN support. For more information on the Alteon configuration in Tunnel mode, see Alteon Configuration on page 98.
111
Promiscuous Mode
This configuration is identical to that in Tunnel mode. For more information, see ISP Router Configuration on page 91.

When using UltraBand 1000 to integrate with Allot, the forwarding mode is Promiscuous mode. This is because the servers receive the packet with a MAC address that is different to their own (actually inside a port-channel, i.e., etherchannel). The following is the sample UltraBand 1000 XML configuration file with Promiscuous forwarding mode:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="cluster_conf.xsd"> <mgmt-config> <ipaddr>192.168.0.83</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.2</default-gw> <nameserver>194.90.1.5</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>UltraBand1000 Grid - Demo</site_name> </mgmt-config> <web-config> </web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>Asia/Jerusalem</timezone> </ntp> <snmp> <trap-ip>10.11.12.1</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>nkppui</snmp-trap-community> </snmp> <service> <protocols> <enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> </protocols> <net> <fwd-mode>PROMISC</fwd-mode> <filter-policy>FWD_ALL</filter-policy> <bridge id="0"> <interface-world>iff2</interface-world> <interface-isp>iff1</interface-isp> </bridge> </net>
112
</service> </common> <servers>1</servers> <server id="1"> <cache-engine> <network> </network> </cache-engine> </server> </cluster>
The promiscuous mode has fewer configurable elements due to its nature (it receives every packet it sees). This configuration has the following differences from the Tunnel modes:
In the common > net element:

fwd-mode should be configured to PROMISC. The tunnel interface element is replaced with the bridge id element, which defines the interfaces for this mode. The filter-policy element is added and configured to FWD_ALL.
Virtual IPs (VIPs) are not defined under the interfaces since Promiscuous mode does not
target addresses.
Bounce Mode
The following sample assumes that the subscribers aggregation router(s) are attached to interface G3/2, that the Internet is linked to this router on G3/1, and that the UltraBand 1000 is attached to G3/3.
access-list 105 permit tcp any gt 1023 any access-list 105 permit tcp any eq www any access-list 106 permit tcp any gt 1023 any access-list 106 permit tcp any any eq www route-map PeerApp-internet permit 10 match ip address 105 set ip next-hop 172.16.1.2 route-map PeerApp-subscribers permit 10 match ip address 106 set ip next-hop 172.16.1.2 interface G3/1 desc Wrold ip Address 10.1.2.1 255.255.255.0 ip policy route-map PeerApp-subscribers interface G3/2 desc Subscribers ip Address 10.1.1.1 255.255.255.0 ip policy route-map PeerApp-internet gt 1023 gt 1023
113
interface G3/3 desc PeerApp UB1000 ip Address 172.16.1.1 255.255.255.252
Notes:
If more than one interface is attached (to the subscribers or to the Internet), one of the
following lines should be added on these interfaces: ip policy route-map PeerApp-subscribers Or ip policy route-map PeerApp-internet
The interface to the UltraBand 1000 Grid servers should be directly attached to the
UltraBand 1000 (and not via a switch) on a routed port (and not on an interface associated to a VLAN with an Interface Vlan interface assigned to it).
If necessary, the redirect can be limited to specific subnets by modifying the Access-list 105
and 106 as shown in the following example.
access-list 105 permit tcp any gt 1023 10.175.64.0 0.0.63.255 gt 1023 access-list 105 permit tcp any eq www 10.175.64.0 0.0.63.255 access-list 106 permit tcp 10.175.64.0 0.0.63.255 gt 1023 any gt 1023 access-list 106 permit tcp 10.175.64.0 0.0.63.255 any eq www

The following is the sample UltraBand 1000 XML configuration file with Bounce mode:
<cluster xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='cluster_conf.xsd'> <mgmt-config> <ipaddr>192.168.0.118</ipaddr> <netmask>255.255.255.0</netmask> <default-gw>192.168.0.2</default-gw> <nameserver>10.1.1.235</nameserver> <alert-email>support@peerapp.com</alert-email> <site_name>192.168.0.118 - SV bounce mode </site_name> <external_syslog_ip>127.0.0.1</external_syslog_ip> </mgmt-config> <web-config></web-config> <common> <ntp> <server-ip>127.127.1.0</server-ip> <timezone>Asia/Jerusalem</timezone> </ntp> <snmp> <trap-ip>10.11.12.100</trap-ip> <snmp-read-community>gdcbhv</snmp-read-community> <snmp-write-community>nkppui</snmp-write-community> <snmp-trap-community>ffff</snmp-trap-community> </snmp> <service> <protocols>
114
<enable-kazaa>1</enable-kazaa> <enable-bittorent>1</enable-bittorent> <enable-edk>1</enable-edk> <enable-gnutella>1</enable-gnutella> <enable-http>1</enable-http> <enable-ares>1</enable-ares> <enable-pando>1</enable-pando> </protocols> <net> <fwd-mode>BOUNCING</fwd-mode> <bounce id='0'></bounce> <network_interfaces number='1'> <nic nic_index='0'> <name>eth2</name> <nic_detail>IFF_PF_PACKET</nic_detail> </nic> </network_interfaces> <subnet_range_per_link name='a'> <cidr_range>8.8.1.0/24</cidr_range> <cidr_range>164.70.18.0/24</cidr_range> <cidr_range>164.70.10.0/24</cidr_range> <cidr_range>164.70.11.0/24</cidr_range> <cidr_range>144.90.10.0/23</cidr_range> <cidr_range>144.90.8.0/23</cidr_range> </subnet_range_per_link> </net> <policy> <selective_cache_in_threshhold>1</selective_cache_in_threshhold> </policy> </service> </common> <servers>1</servers> <server id='1'> <cache-engine> <network> <vip>192.168.22.2</vip> </network> <service></service> <cdr_log_level>LOG_INFO</cdr_log_level> </cache-engine> </server> </cluster>
The cluster configuration for Bounce mode has the following differences:
The fwd-mode element is configured to BOUNCING. Each server contains an interface with its local VIP address for Bounce mode.
Sandvine Configuration
The following is the sample UltraBand 1000 configuration .txt file with Sandvine divert mode:
file : policy.conf
##################### ### Divert Policy ### ##################### # Each specific PeerApp box needs to be a distinct "destination" destination "peerapp1" divert ip 10.10.10.11 reset_server false
115
# This defines the health checking type and parameters. healthcheck "check1" ping interval 2 seconds timeout 500ms # This defines a "group" of destinations for load-balancing purposes. # It also enables the health checking. destination "peerapp" group destinations "peerapp1" healthchecks "check1" ## This is the rule to select which traffic goes to an element of the group ## subject to load balancing. # If layer4protocol TCP then divert destination "peerapp" if protocol "http" or protocol "bittorrent" or protocol "edonkey" or protocol "ares" or protocol "youtube" \ or protocol "Gnutella" then divert destination "peerapp" (NWTNSDVN:wheel)#
116
A
CLI Reference
The following is a tree structure of the commands in the CLI provided with the UltraBand 1000.
Regular Mode
arp cache hash list display export summary direction dmesg dstat enable eventlog export show tail exit help ifconfig iostat jumbo ping show Display ARP table Cache operations Display cache metadata using hash ID Cache list operations Display cache content Export cache content Display CMDB statistics summary Calculate the visible subnets on the interface Display the dmesg Display hardware, software, and I/O statistics Enter Enable mode Event log commands Export event log to TFTP server Display event log Display online event log Logs you out from the CLI Display CLI commands Display the interface(s) Display extended I/O statistics Send jumbo echo messages Send echo messages Show run-time information
117
eventlog leader mount process status systemid time uptime version volumes tcpdump traceroute who
Display event log Display current cluster leader Display currently mounted file-system Display status of UltraBand components Display cluster administrative and application status Display system serial number Display system date and time Display cluster uptime Display software version Display mounted volumes Dump traffic on a network interface Display a packets route Show users logged in to CLI
Enable Mode
Includes all commands available in Regular mode, the whole list is as follows:
access Manage system access parameters Enable mode password Set idle session timeout value Regular mode password Restart apache Display ARP table Cache operations Manage cache black list Add file to black list Display entire black list Export black list Remove file from black list Display cache metadata using hash ID Cache list operations display export remove summary sync volume Display cache content Export cache content Remove file from cache Display CMDB statistics summary Verify and synchronize cache metadata Manage cache volumes add dump export remove hash list black_list
enable-password idle-session-timeout user-password apache_restart arp cache
118
activate deactivate remove config direction dmesg dstat eventlog export forward show stop tail exit help ifconfig iostat jumbo license activate get show oper ping reset rollback all server<#> show config eventlog leader license mount process status systemid time
Activate a cache volume Stop using a specific volume for caching Remove all hash IDs from a specific volume Enter Configuration mode Calculate the visible subnets on the interface Display the dmesg Display hardware, software, and I/O statistics Event log commands Export event log to TFTP server Starts event log forwarding Display event log Stops event log forwarding Display online event log Logs you out from the CLI Display CLI commands Display the interface(s) Display extended I/O statistics Send jumbo echo messages Manage system license Activate system license Import license from TFTP server Display current license System management operations Send echo messages Reset management services Rollback UltraBand software version Rollback all servers to previous version Rollback specific server to previous version Show run-time information Display running configuration Display event log Display current cluster leader Display system license information Display currently mounted file-system Display status of UltraBand components Display cluster administrative and application status Display system serial number Display system date and time
119
uptime version volumes tcpdump traceroute upgrade all management server who
Display cluster uptime Display software version Display mounted volumes Dump traffic on a network interface Display a packets route Upgrade UltraBand software version Upgrade UltraBand software on all servers Upgrade UltraBand software for management server Upgrade UltraBand software for specific server Show users logged in to CLI
Configuration Mode
apply diff discard display exit export help import network default_gw ip ntp server timezone restore time Apply config changes Show pending changes Discard pending changes Display pending configuration Exit current mode Export cluster configuration to TFTP server Commands description Import cluster configuration from TFTP server Configure management network interface Configure default gateway Configure management network interface Configure management NTP parameters Configure management NTP server Configure management NTP timezone Restore last good configuration Set system date and time
Server Mode
arp_server direction_server dmesg_server dstat_server exit fdisk_server Display servers ARP table Calculate visible subnets on interface Display dmesg Display I/O, CPU, and networking statistics Enter Enabled mode Display available caching block devices
120
help ifconfig_server iostat_server jumbo_server lock powercycle process_server restart start stop systemid_server tcpdump_server unlock service restart start stop
Display available commands Display interface(s) Display I/O statistics Echo jumbo packets Lock server in out-of-service mode graceful server shutdown display process status for pang, spread, apache, and ntp Restart server UltraBand application Start server UltraBand application Stop server UltraBand application Show chassis ID Tcpdump on appropriate server Unlock server from out-of-state to in-service mode Manage services Restart UltraBand software and all its services Start UltraBand software and services Stop UltraBand software and all its services
121

PeerApp UltraBand 1000 Administration Guide - Grid Configuration

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

PeerApp UltraBand 1000 Administration Guide - Grid Configuration

Caricato da

Copyright:

Formati disponibili

UltraBand 1000 Administration Guide

UltraBand 1000 Grid Configuration Version 2.3

TFTP Server ...................................................................................................................14 Working With the Configuration File............................................................................15

UltraBand 1000 Administration Guide - Grid Configuration

Platform Operational Specific Features ............................................................................... 21 Traffic Specific Features ....................................................................................................... 23

CLI-based Configuration ...............................................................................................23

File-based Configuration ..............................................................................................26

Upgrading the System ..................................................................................................30

Using Promiscuous Mode with Allot ............................................................................84

Using Bounce Mode with Sandvine ..............................................................................87

Sample Configuration Setups ................................................................................... 91 PBR Configuration.........................................................................................................91

UltraBand 1000 Administration Guide - Grid Configuration

Multi-Tunnel and VLAN Mode ....................................................................................107

Promiscuous Mode .....................................................................................................112

Bounce Mode .............................................................................................................113

UltraBand 1000 Administration Guide - Grid Configuration

About This Guide

UltraBand 1000 Administration Guide - Grid Configuration

Acronym HASH ID UB1000

UltraBand 1000 Administration Guide - Grid Configuration

The Building Blocks of the Solution

UltraBand 1000 Administration Guide - Grid Configuration

Figure 1: Solution Elements

Cache engine server

UltraBand 1000 Administration Guide - Grid Configuration

Dual Gigabit Ethernet (onboard). Quad Port Gigabit network card.

L2/L3 Ethernet switch

UltraBand 1000 Administration Guide - Grid Configuration

Figure 2: Software Architecture

UltraBand 1000 Administration Guide - Grid Configuration

UltraBand 1000 Administration Guide - Grid Configuration

Typical Network Configurations

Figure 3: PeerApp Network Solutions

The following describes the various solutions shown in Figure 3:

UltraBand 1000 Administration Guide - Grid Configuration

UltraBand 1000 Administration Guide - Grid Configuration

Management Tool Command-Line Interface (CLI)

Configuration File SNMP

UltraBand 1000 Administration Guide - Grid Configuration

Working With the CLI

Configuring management settings, which includes:

Performing system maintenance, which includes:

Monitoring the system.

Upgrading the system, which includes:

Getting Started with the CLI

Local area network (LAN) connection using ssh.

UltraBand 1000 Administration Guide - Grid Configuration

To view a list of available commands in the CLI, enter help or press ?.

Enter exit at the CLI prompt.

CLI Command Editing Features

Use the up and down arrow keys to navigate commands history

UltraBand 1000 Administration Guide - Grid Configuration

UltraBand 1000 Administration Guide - Grid Configuration

are now in Server mode. To exit Server mode:

UltraBand 1000 Administration Guide - Grid Configuration

Working With the Configuration File

UltraBand 1000 Administration Guide - Grid Configuration

Configuration File Sections

Accessing UltraBand 1000 SNMP Information

UltraBand 1000 Administration Guide - Grid Configuration

The main Operational Features (Quick Jumpstart). CLI-based configuration:

UltraBand 1000 Administration Guide - Grid Configuration

Main Operational Features (Quick Jumpstart)

Allot in promiscuous mode. Alteon in multi-tunnel mode.