Hardening Linux for Enterprise Applications Peter Knaggs & Xiaoping Li Oracle Corporation Sunil Mahale Network Appliance Session id: 40274.

Slides:



Advertisements
Similar presentations
Chapter 1: Introduction to Scaling Networks
Advertisements

Overview of DVX 9000.
Intel® Manager for Lustre* Lustre Installation & Configuration
1U Rack-Mountable 4-Bay NAS Server with iSCSI NAS-7450.
© 2010 VMware Inc. All rights reserved Confidential Performance Tuning for Windows Guest OS IT Pro Camp Presented by: Matthew Mitchell.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Oracle Clustering and Replication Technologies CCR Workshop - Otranto Barbara Martelli Gianluca Peco.
Linux Setting up your network. Basic Approaches Configure during installation –Disadvantage -> not able to redo easily –Advantage-> holds your hand Configure.
CISCO NETWORKING ACADEMY Chabot College ELEC Router Introduction.
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
VMware vCenter Server Module 4.
GDC Workshop Session 1 - Storage 2003/11. Agenda NAS Quick installation (15 min) Major functions demo (30 min) System recovery (10 min) Disassembly (20.
Networking Features Upon completion of this module, you should be able to: Discuss and configure VNX networking features This module continues the discussion.
Experience and Lessons learnt from running High Availability Databases on Network Attached Storage Ruben Gaspar Manuel Guijarro et al IT/DES.
CISCO ROUTER.  The Cisco router IOS  Enhanced editing  Administrative functions  Hostnames  Banners  Passwords  Interface descriptions  Verifying.

Module 13: Configuring Availability of Network Resources and Content.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration Cisco Networking Academy.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration.
1 CCNA 3 v3.1 Module 6 Switch Configuration Claes Larsen, CCAI.
System Administration and Basic Functionality Version 4.0 – September 2007 Q-Advisor Quick Start.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
Chapter 8 Implementing Disaster Recovery and High Availability Hands-On Virtual Computing.
Module 1: Installing and Upgrading to Exchange Server 2003.
Indiana University’s Name for its Sakai Implementation Oncourse CL (Collaborative Learning) Active Users = 112,341 Sites.
CERN - IT Department CH-1211 Genève 23 Switzerland t Experience and Lessons learnt from running High Availability Databases on Network Attached.
Module 10: Maintaining High-Availability. Overview Introduction to Availability Increasing Availability Using Failover Clustering Standby Servers and.
Troubleshooting and Performance
Overview Managing a DHCP Database Monitoring DHCP
1 Week #10Business Continuity Backing Up Data Configuring Shadow Copies Providing Server and Service Availability.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
Components of a Sysplex. A sysplex is not a single product that you install in your data center. Rather, a sysplex is a collection of products, both hardware.
1 COP 4343 Unix System Administration Unit 11: Networking – basic concepts: IP, TCP, UDP, DHCP – devices: setup, status.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Linux Setting up your network. Basic Approaches Configure during installation –Disadvantage -> not able to redo easily –Advantage-> holds your hand Configure.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
14 Copyright © 2005, Oracle. All rights reserved. Backup and Recovery Concepts.
Mark E. Fuller Senior Principal Instructor Oracle University Oracle Corporation.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 12: Planning and Implementing Server Availability and Scalability.
Queensland University of Technology CRICOS No J VMware as implemented by the ITS department, QUT Scott Brewster 7 December 2006.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.
© 2006 EMC Corporation. All rights reserved. The Host Environment Module 2.1.
Linux Operations and Administration
18 Copyright © 2004, Oracle. All rights reserved. Backup and Recovery Concepts.
SIS - Security Lab Introductory Session University of Pittsburgh 2008.
1 Chapter Overview Using Standby Servers Using Failover Clustering.
How to setup DSS V6 iSCSI Failover with XenServer using Multipath Software Version: DSS ver up55 Presentation updated: February 2011.
Proctor Caching and System Check September 4, 2014 Becky Hoeft Conference Number: (877) Conference Pin:
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
 systemD  FirewallD  Network manager (NMCLI)  Target CLI (iscsi targets)  GRUB 2 (Booting process)  Network teamnig & bridging.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 2 Introduction to Routers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 12: Planning and Implementing Server Availability and Scalability.
Instructor Materials Chapter 1: LAN Design
Network Attached Storage Overview
Welcome! Thank you for joining us. We’ll get started in a few minutes.
CCNA 3 v3.1 Module 6 Switch Configuration
IP Network Layer and Ethernet Encapsulation
Storage Virtualization
Pass4itsure Cisco Dumps
Advanced Network Training
Hwajung Lee Modified from Slides Courtesy of Cisco Networking Academy
Network Bonding (aka trunking, link aggregation)
Configuration Of A Pull Network.
BladeCenter Open Fabric Manager (BOFM)
Lecture9: Embedded Network Operating System: cisco IOS
Managing Cisco IOS Software
Lecture9: Embedded Network Operating System: cisco IOS
Presentation transcript:

Hardening Linux for Enterprise Applications Peter Knaggs & Xiaoping Li Oracle Corporation Sunil Mahale Network Appliance Session id: 40274

Agenda  Hardening Linux - Using NIC Failover for HA  Understanding network bonding driver  System Requirements & Configuration  Test Procedure & Observation  Status & Statistics information  Summary  Q & A

Hardening Linux – Using NIC Failover for HA  Redundant data paths to networked storage  Ability to tolerate failures of NICs  Active/Active Load balancing or failover  Achieving HA in Oracle environments with NAS

Understanding network bonding driver  Linux bonding driver to accomplish NIC failover  Included in 2.4 kernel  Bonds multiple network interfaces  Configured as a loadable kernel module  Understanding functionality of NIC failover in Oracle

System Configuration  Hardware – Linux Systems  2 * Intel White Boxes with 4 CPU and 3GB RAM  3 * Intel Pro1000 Gigabit Ethernet NICs per system – Storage  3 * Network Appliance F880 filers  Total of 18 Disk Shelves with 3TB usable storage  Total of 5 * Gigabit Ethernet NICs – Switch  Cisco 6509 Gigabit Ethernet Switch

System Requirements  Software – Linux Systems  Red Hat Advanced Server 2.1, kernel 2.4.9, e.12  Intel Pro1000 Ethernet driver (e1000_4412k1)  Oracle 9i Release 2 database – Storage  NetApp Filer F880 running Data ONTAP 6.4.1

NIC Fail over environment 8 SERVER Gigabit Ethernet switch DATA1DATA2 LOG1 Redo Log i/o Path Data File i/o Paths bond0 NetApp Filers

Setup & Configuration  Servers – Setup the server with Red Hat Advanced Server 2.1, kernel 2.4.9, e.12 – Use the e1000_4412k1 module for the Intel GiGE NICs – Configure the GiGE NICs in a private network – Ensure the GiGE NICs are connected to the Cisco switch

Setup & Configuration  Servers (cont…) – Bonding Driver/module  Check if the bonding driver is loaded ( lsmod )  Check to see if there is module to load ( bonding.o )  Load the bonding module into the kernel ( modprobe )

Setup & Configuration  Servers (cont…) – Configure two GiGE network interfaces as eth3 and eth4 – Use the e1000_4412k1 module for eth3 and eth4  Bring down all the interfaces using the e1000 module  Unload the default e1000 module ( rmmod e1000 )  Load the new e1000 module ( modprobe e1000_4412k1 )  Bring up all the network interfaces

Setup & Configuration  Servers (cont…) – Configuring the bond0 virtual interface  Add the alias for bond0 interface to /etc/modules.conf alias bond0 bonding  Create the configuration file for bond0 interface /etc/sysconfig/network-scripts/ifcfg-bond0 DEVICE=bond0 IPADDR= NETMASK= NETWORK= BROADCAST= BOOTPROTO=none ONBOOT=yes GATEWAY= USERCTL=no

Setup & Configuration  Servers (cont…) – Bring down the eth3 and eth4 interface to be used for bond0 – Unmount any file systems or volumes currently mounted by eth3 and eth4 – Delete the configuration files for eth3 and eth4  Remove the ifcfg-eth3 and ifcfg-eth4 from /etc/sysconfig/network-scripts

Setup & Configuration  Servers (cont…) – Create the bond0 virtual interface # modprobe bonding; # ifconfig bond0 netmask broadcast ; # ifconfig bond ; # ifenslave bond0 eth3; # ifenslave bond0 eth4; # ifenslave bond0 up; – Check to see if bond0, eth3 and eth4 have the same MAC address

Setup & Configuration  Storage – Configure the 3 NetApp filers  2 Filers are used for storing Oracle datafiles, 1 for Oracle log files, (DATA1, DATA2 and LOG1)  DATA1 and DATA2 each have 2 GiGE NICs configured  Filer LOG1 has 1 GiGE NIC configured  Filer DATA1 and DATA2 each have 4 logical volumes  Filer LOG1 has 1 logical volume  All the GiGE NICs are connected to the Cisco switch

Setup & Configuration  Switch – Enable channel trunking or port trunking  Interface eth3 and eth4 from the server are connected to 2 ports of the switch  Create a port channel for these ports Console> (enable) set port channel 4/1-2 on Where: eth3 & eth4 are connected to port 4/1-2  Enable portfast for the ports (spantree portfast)

Test Procedure & Observation  Non Database Tests  Oracle Database Tests

Test Procedure & Observation  Non Database Tests – Copy of large file over the bond0 interface to the NetApp filer – Simulate NIC failure  Down the eth3 interface of bond0 ifconfig eth3 down  Bring up eth3 interface ifconfig eth3 up  Pulling out network cables on the enslaved interface, eth3 – Observations  IO load was distributed over the eth3 and eth4 of bond0  I/O load switched to the remaining interface, eth4

Test Procedure & Observation  Database Tests – Create a very large database  Create a large Oracle 9i OLTP database (1TB) on Filers  Run the OLTP workload with 55 users, around 6500 tpmC  The workload was run for about 30min  Simulated NIC failure by pulling network cable – Observation  Average load on the bond0 interface was about 10MB/s  The network traffic on eth3 and eth4 were evenly spread  The effect of simulated NIC failure on thruput was < 10%

Test Procedure & Observation  Testing with new bonding driver – The new bonding driver at HP’s website – Has been running in Oracle data centers with good stability – Download the RPMs, build and install the driver – Remove the default module and load the new one

Test Procedure & Observation  Testing with active/passive mode with new bonding driver – Load the new module with “mode=1” modprobe bonding mode=1 – The I/O load will be only on first slave NIC – The other slave will act as a backup – When the active slave fails, the backup will take over – You must have “portfast” enabled on the switch for the ports

Status & Statistics information  Advantages of the new bonding driver – Clear status information in the proc file system  cat /proc/net/bond0/info Bonding Mode: active-backup Currently Active Slave: eth3 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth4 MII Status: up Link Failure Count: 7 Slave Interface: eth3 MII Status: up Link Failure Count: 8

Status & Statistics information  Advantages of the new bonding driver – Clear status information from the dmesg log file # modprobe bonding miimon=100; # dmesg bonding.c:v HP bond0 registered with MII link monitoring set to 100 ms, in bonding mode. bond0 registered without ARP monitoring

Status & Statistics information  Advantages of the new bonding driver – Clear status information from the sar report – I/O load on the bond interface bond0 is consistent with its slaves – In load balancing mode, I/O activity shown on bond0 is sum of its slaves

Status & Statistics information  sar activity report 11:07:33 AM IFACE rxpck/s txpck/s rxbyt/s 11:07:36 AM eth :07:36 AM eth :07:36 AM bond

Status & Statistics information  Advantages of the new bonding driver – Clear status information in the rpm database rpm -qil bonding – Useful man pages

Summary  The bonding driver can be used for NIC failover  Provides redundant data paths for networked storage  The default bonding driver only supports load balancing  The new driver, supports Active/Passive or load balancing  The effect of simulated NIC failures on thruput was < 10%  Achieve HA in Oracle environment with NAS

A Q & Q U E S T I O N S A N S W E R S

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.