TUT218: Pure IP Made Easy

Allan Hurst
Partner & Technical Principal KIS allanh@kiscc.com 650.207.0215
Ver 2.7 March 23, 2006

Acknowledgements
My thanks to the following Novell people (past and present) who have provided me with SLP & OES information over the past few years: Bart Chandler Reid Oakes Marci Orler Paul Schabert Howard Shapiro Jason Williams Eric Wing
2

Novell, Inc.

Housekeeping
Cell phones, pagers, Treos, Blackberries set them all to stun (silent or off), please. No noise is good noise. (Dont make me come down there!) If you have a question, its absolutely OK to ask. Itll help if you raise your hand first to get my attention. Ill try to answer on the fly. Please fill out your evaluation form. This session was created (and revised) based on evaluations from prior events. Its OK to have fun in here. Honest.
3

Novell, Inc.

Who is this Guy, Anyway?

Allan Hurst / KIS

Partner, Technical Principal & Director of Linux Strategy Master CNE with 18+ years of Novell experience. One of four partners at KIS, a Novell Platinum Partner located in Fremont, California. Runs the Novell Enterprise Systems Group (responsible for network planning, migrations, upgrades, moves, re-architecting, clean-up, DNS, and Linux strategy). Runs The WAP Squad. (WAP stands for ?) With Dirk Smith, is a member of the (infamous) Crash Dummies team specialists in analyzing and preventing server crashes.

Novell, Inc.

Who Are You?

Network administrator and/or manager. Probably experienced with Novell products.

May be seeing weird network issues, such as:

sporadic errors when browsing the local network slow logins intermittent server communication time sync errors.

Novell, Inc.

Up-Front Disclaimers

Doesnt work under IPX? It wont work any better under IP. Making your network Pure IP ready is a long-term project. Its not a sin to run IPX AND IP on the same wire. Honest. Get IP working before making plans to remove IPX from the wire. Often, just the (pre-SLP) cleanup process speeds up the network. Most of this process (80%!) is just prep work that doesnt involve SLP at all. (But it needs to be done if you want to use SLP.) Actually configuring SLP only takes about 5 minutes!

Novell, Inc.

Reaching Pure IP

Got Pure IP? Remove IPX From the Wire

Migrate to NDPS/iPrint

Configure Client Workstations for SLP UA Operation What well cover here: Configure Servers for SLP SA and DA Operation

DNS Server IP DHCP Time

7

NICI / SAS / PKI

eDir

Novell, Inc.

What have I been using all this time? (IPX & SAP)

SAP = Service Advertising Protocol

IPX-based protocol Broadcast-based Flexible and easy for smaller networks Not easily routable Limited in types of information provided No provision for service expiration

Novell, Inc.

What is SLP?

SLP = Service Location Protocol

The basis for Pure IP operation IP-based Replacement for IPXs SAP Allows dynamic advertising of services An open standards based protocol
(RFCs 2165, 2608, 2609, 2614)

Novell, Inc.

What Are SLP Services?

An SLP service is just an application running on a server, which other machines on the network can access. (For example: NDS, REMOTE.NLM, NDPS, SCMD.) When a server starts up, services (applications) register with SLP to make themselves available to the network. SLP maintains the service name and IP address of the host offering the service, along with an expiration date/time. Each service has a unique URL (Uniform Resource Locator)
RCONSOLE NDPS

SLP

10

Novell, Inc.

Why do I need SLP?

SAP & IPX don't scale well. SLP improves workstation login and drive mapping performance on your network. OES/Linux doesn't support IPX, and never will.* eDirectory 8.8 achieves significant performance gains over earlier versions because it contains no IPX code at all.*
these particular nuggets of information.

*Thank you to Novell's OES Product Manager -- Jason Williams -- for pointing out
11

Novell, Inc.

SLP Versus SAP (I)

SLP

SAP

IP-based Pulls info off of the wire using unicasts & multicasts Allows rich set of attributes Specifies an expiration time for each service

IPX-based Pushes info onto the wire using broadcasts Provides a very limited set of attributes Services drop off the wire

12

Novell, Inc.

SLP Versus SAP (II)

SLP

SAP

IP services register themselves in the SLP database SLP advertises nothing; the SLP DA simply listens for requests SLP supports wide variety of attribute information SLP uses multicast, which is routable (SLP can fall back to broadcast mode if needed) Has mechanism to actively remove expired services.

SAP service registers stored on each server Broadcasts server name, address, and SAP type regularly (as soon as IPX is bound on an interface) Advertises only service name, type and address Broadcast protocol is not routable

No mechanism for actively removing services

13

Novell, Inc.

How SAP Works Finding A Server.

Server Server 2. Every server broadcasts Give Nearest Server! to entire network. Server

1. Client broadcasts Get Nearest Server! to entire network.

3. Client begins login process with selected server. (Unicast)

IPX workstation
14

Novell, Inc.

How SLP Works Finding A Server.

Server (SA) User Agent Server (SA and DA) 2. DA and client send Here I am, server request and service response back and forth . (All unicasts.) Server (SA)

1. Client sends Where are you? multicast to all DAs. IP Workstation (UA)
15

3. Client begins login process with selected server. (Unicast)

Novell, Inc.

Network Load of IPX/SAP vs. IP/SLP

For finding a server on a 3-server, 1-workstation network, the scores are: IPX using SAP
4 Broadcasts 0 Multicasts 1 Unicast

Pure IP using SLP

0 Broadcasts 1 Multicast 4 Unicasts

Try increasing the above numbers to 5 servers and 100 workstations, and figure out how many broadcasts would suck up your network bandwidth!
16

Novell, Inc.

SLP Versus SAP (I)

SLP

SAP

IP-based Pulls info off of the wire using unicasts & multicasts Allows rich set of attributes Specifies an expiration time for each service

IPX-based Pushes info onto the wire using broadcasts Provides a very limited set of attributes Services drop off the wire

17

Novell, Inc.

Agent Types (Secret & Otherwise)

SLP Agent Types
User Agent (UA)
>

Makes requests for services needed by application

Server Agent/Service Agent (SA)

> > > >

Runs on every server running SLP Registers available services (cache) Listens for Service Requests Has specified expiration interval per service

Directory Agent (DA or SLP DA)

> > >

Stores SLP service records in eDirectory and/or cache SA registers services with DA UA requests services from DA

18

Novell, Inc.

Directory Agent (DA)

The Directory Agent is responsible for processing the following SLP protocol messages:

Service Registration Service Deregistration Service Type Request Service Request Attribute Request Directory Agent Advertisements

19

Novell, Inc.

Directory Agent (Whats it do?)

The DA maintains a database of URLs representing network services. The DA provides the interface between SLP and NDS. SAs and UAs interact with DAs to advertise and locate network services. NDS provides a common, real-time data storage location for SLP collected by DAs. Oddly enough, the DA is the only agent that is not required in an SLP-based network. UAs and SAs can still find each other multicast if there's no DA present.)

20

Novell, Inc.

Server SLP Registration Process

1. Server tries contacting DA specified in DHCP. 2. SA tries contacting the statically configured DA. 3. SA multicasts to find a DA. Once contact is made, then ... 4. SA sends service registration information to DA via unicast:

Service type Service lifetime Service attributes

21

Novell, Inc.

How SLP Works Registration

User Agent Directory Agent Server Agent

Server sends service registration to DA. (Via unicast.)

User Agent
22

Novell, Inc.

How SLP Works - Directory Agent

User Agent Directory Agent Server Agent

1. UA sends service request to DA. (Via unicast.)

2. DA sends service response back to UA. (Via unicast.)

User Agent
23

Novell, Inc.

Prerequisites to Configuring SLP

You need a good foundation to build a strong house which makes it a real pity that most network homes are built on top of chicken wire and facial tissue. Lets look at what needs to be done before attempting to configure SLP.

24

Novell, Inc.

SLP Requires A Stable, Working TCP/IP Infrastructure

Correct, static IP information for all:

Servers (youd be amazed at what I find each day) Routers (whats really in your routing table?) Switches (plug-and-play units often arent set correctly) Printers (usually set up for DHCP at the factory) Verified and documented IP Addresses Correct subnet masks Correct default gateway/default routes Any needed static routes

This includes:

25

Novell, Inc.

NetWare vs. OES/Linux

Most NetWare systems currently in service have inherited configuration errors.

We're going to review potential NetWare configuration problems right now. My experience suggests that OES/Linux has none of these errors to correct. OES/Linux installs very cleanly. So, Linux People ... please be patient with us for a few minutes...

26

Novell, Inc.

TCP/IP Files to Check on NetWare

SYS:etc\hostname
192.168.129.10 beast.allanh.com

SYS:etc\resolv.cfg
domain allanh.com nameserver 192.168.129.10 nameserver 64.81.79.2

SYS:etc\hosts
127.0.0.1 loopback lb localhost 192.168.129.10 beast.allanh.com BEAST castle 192.168.129.11 ifolder.allanh.com ifolder

27

Novell, Inc.

No More Stinkin Autotypes!

Automatic speed sensing is EVIL. Automatic duplex detection is ROTTEN. Automatic frame typing is HEINOUS. This includes:

Servers* Workstations Printers Routers & Switches*

Explicitly define Speed/Duplex/Frametype on all servers!*

with autospeed/autoduplex.

* Note: Some Cisco devices with recent versions of IOS may work better
28

Novell, Inc.

Gigabit NICs From Broadcom

Problem:

Broadcoms older NetWare drivers have known problems with IP packet checksums. This causes packet loss, time falling in and out of sync at random, servers dropping off the network, NDS communication problems, and more.

Affected drivers: older versions of Q57.LAN, B57.LAN, N57.LAN, x57.LAN, etc. Note: This is not a problem with OES on SLES.

Solution:

Update with the latest version of x57.LAN (use Google) Add checksum=off to LOAD x57.LAN lines in NETINFO.CFG

29

Novell, Inc.

What Every DNS Server Should Know

You need at least one internal DNS server. It must know:

Each NetWare /OES server name, which must:

point to the primary address of the server match the IP address and hostname (sys:etc\hostname)

The tree name:

should point to the server with the master replica of [root]

From any workstation or server, you should be able to resolve:

Any NetWare/OES server by short name and FQDN

>

ping fs1 -and- ping fs1.acme.com

The NDS/eDirectory tree name

>

ping acmetree

30

Novell, Inc.

Keep Inside/Outside DNS Separate!

Keep internal and external DNS servers on separate boxes. The only A, MX and CNAME records that should be on your external DNS server, are ones that you really want the rest of the world to know about. Dont publish your internal servers A records on your external DNS. The best way to avoid being hacked is to avoid being found in the first place.

31

Novell, Inc.

Whos Afraid of DNS?

Scared of setting up your own DNS server on NetWare ? (Its easy. Honest.)

Download a copy of Allans favorite how-to guide:

http://www.more.net/technical/netserv/servers/novell/nw5dnsdhcp.pdf

(Oh, just search Google for nw5dnsdhcp.pdf) Still scared of DNS? Ask me when and where my next Demystifying DNS presentation will take place.

32

Novell, Inc.

So, What if DNS Fails?

If DNS fails, keep your servers talking to each other by creating a HOSTS file!

Create a master HOSTS file that includes all of the NDS server entries from your internal DNS, plus the tree name. Copy the master HOSTS file to all NetWare servers

Update and recopy the master file to all NetWare servers each time you add or change server names or IP addresses.

Some people find utilities such as ZENworks for Servers to be useful for pushing HOSTS files out to multiple servers.
NOTE: This is NOT a replacement for DNS. You still need a properly configured Internal DNS server.

33

Novell, Inc.

NDS Health & SLP

If your NDS tree is unhealthy, SLP wont make it work any better. This means

Time must be in sync. Obituaries must be processing. There must be no errors in DSREPAIR.

Do a basic NDS health check before setting up SLP! In DSREPAIR A, run:

Time Synchronization Report Synchronization Status Advanced / Check External References

34

Novell, Inc.

Make Time for Time (I)

Good time synchronization is essential to a healthy tree. Select one of these time models, and stick to it:
Single Secondary Reference Primary Secondary

Use configured time sources only. IP addresses are most foolproof for internal time sources. (Especially if you don't have good DNS yet.)

35

Novell, Inc.

Make Time for Time (II)

Point your Single/Reference server to an external time source. My favorite external time source is pool.ntp.org or us.pool.ntp.org, which are pools of public NTP servers. In your timesync.cfg file, this would look like:
pool.ntp.org:123

For more information on the Network Time Project, visit http://www.ntp.org Can't get port 123 opened up on your firewall? Consider using a GPS time signal. Google gps network time.
Novell, Inc.

36

Encryption? On MY network?

All of these modules must be configured correctly and working on all NW 5.x & 6.x servers in your tree:

NICI - Novell International Cryptographic Infrastructure

SAS - Secure Authentication Service PKI - Public Key Infrastructure Tree CA Your trees Certificate Authority Server CA Each NW5/6 servers Certificate Authority

You also need to make sure these are in order:

NetWare PKI broken? Use PKIDIAG.NLM!

(Find it by searching Novell FileFinder for PKIDIAG2)

Note: NetWare 5.0 doesnt have NICI installed by default. (Only NetWare 5.1 and above installs NICI by default.)
37

Novell, Inc.

Patch THIS!
All NetWare servers must be patched to a minimum of:

NetWare 4.11/4.2 NW4SP9.exe NetWare 5.0 NW50SP6A.exe NetWare 5.1 NW51SP8.exe NetWare 6 NW6SP5.exe (or NW6SP5E.exe for English only) NetWare 6.5 NW65SP4.exe or NW65SP5.exe

These SLP modules must be the same revision across all servers for each version of NetWare:

Slp.nlm Slptcp.nlm Slpda.nlm

Note: These modules usually reside in C:\NWSERVER.

38

Novell, Inc.

Updating Client Software

For proper SLP operation, you should be on reasonably current versions of the Novell Client: NT/2000/XP = Client 4.91 SP2 (or later) 95/98 = Client 3.4 (or later) IMPORTANT: If you have fairly old versions of client software, and everythings working OK with IPX update your workstations client software AFTER youve set up and tested everything on the server side.

39

Novell, Inc.

No More Prerequisites!

OK now that you have a healthy network, lets talk about exactly what SLP services are, and how they work.

40

Novell, Inc.

Scoped vs. Unscoped

There are two modes for setting up scopes:

An Unscoped scope is a general default scope. It's all of the service URLs that aren't tied to a specifically defined scope.
>

In SLP version 1, default scope is called the Unscoped scope. In SLP version 2, it is called the Default Scope.

>

A Scoped Scope is a Scope Unit that has been defined with a specific Scope Name.

Note: Make your life easier by using only SCOPED scopes!

41

Novell, Inc.

SLP Agents Defaults

By default, all clients and servers are both User Agents and Service Agents (double agents). Multicast groups:

Service Agents listen on 224.0.1.22 (UAs multicast to 224.0.1.22 when searching for a service.) Directory Agents listen on 224.0.1.35 (UAs and SAs multicast to 224.0.1.35 when searching for a DA.) If multicast fails, SLP will fall back to using IP broadcasts unless specifically configured to not do so. SLP uses TCP & UDP Ports 427. (See TID #10050135)

42

Novell, Inc.

SLPDA in eDirectory

SLP Directory Agent Object

Is a leaf object that represents a single instance of a DA. Defines the DAs configuration, scope, and security. Multiple DAs cannot share a single object. Assigning the DA adds an eDirectory attribute to the NCP_SERVER class definition called SLP Directory Agent DN. This points the Server object to the DA object.

43

Novell, Inc.

SLP Scope Unit in eDirectory

Scope Unit Container Object

NDS storage container for SLP service information. Holds all SLP Service objects for a specific scope. Unscoped Scope is the default before SLP v2

SLP Scopes are just logical groupings of available services.

Directory Agents are assigned to service one or more scope units. UAs can be configured to use specific scopes defined by DAs servicing that scope.

44

Novell, Inc.

SLP Service Object

SLP Service Object

Each SLP Service Object represents a service registration. Is subordinate to the SLP Scope Unit object. Stored in the appropriate SLP Scope object according to their scope Rough IPX analog: SAP entries seen in DISPLAY SERVERS

45

Novell, Inc.

SLP Services
Command: FS1: display slp services display slp services (Sort of a Pure IP version of display servers)

DISPLAY SLP SERVICES Usage: display slp services [<service type>/<scope>/<predicate query>]/ Example 1: display slp services Example 2: display slp services bindery.novell//(svcname-ws=abc*)/ Searching Network. . . . service:nwserver.novell:///FS1 service:bindery.novell://FS1 service:ndap.novell:///acme1 service:ndap.novell:///acme2 service:timesync.novell:///10.200.200.102 service:portal.novell://10.200.200.102:8008/FS1 Displayed 6 of 6 Total URLs for: (All)/(default)/(Not specified)
46

Novell, Inc.

SLP in Small Networks

No Directory Agents No scopes

Service Agent

Service Agent User Agent

General SLP multicast request to 224.0.1.22

Unicast replies

Service Agent

Service Agent Note: Allan doesnt recommend this method it usually creates trouble later.
47

Novell, Inc.

Medium-Sized Network
(Try it, youll like it.)

Service Agent

DAs are implemented SAs register their service with DAs

Service Agent User Agent Directory Agent Service Agent

UA Multicasts to find a DA.

DA responds to UA with unicast. DA answers UA on behalf of SAs.
Service Agent

48

Novell, Inc.

Large-Sized Network

(For the very, very brave of heart.) Services are grouped into scopes
Scope One
UA UA UA DA Elbonia SA

Directory Agent

SA SA

Scope Two
UA UA UA
49

WAN
SA DA Kalamazoo

The UAs are configured with one or more DA addresses. SLP queries to remote services may cross the WAN link.

Directory Agent

SA SA

Novell, Inc.

Implementing SLP: Workstations

The Novell Client includes an SLP User Agent.

SLP UA is installed automatically when one of the IP protocol options is chosen during client installation. SLP must be available for the client to function. No SLP = No Browsing! (A hint that SLP's not OK.)

Static parameter configuration is performed in the Novell Client Configuration property pages, under the Service Location tab. It's easiest, however, to use DHCP to configure SLP.

50

Novell, Inc.

Implementing SLP: Workstations

If you need to configure SLP information statically for each workstation, here's where you do it.

51

Novell, Inc.

Static Workstation SLP Config

Scope List

Which SLP scopes the workstation will use. Which DAs a client is statically configured to talk with. Note: Use SLPINFO /D to find out which DAs the client has discovered dynamically and what their status is (Active or Inactive).

Directory Agent List

52

Novell, Inc.

Automatic SLP Workstation Config

Use DHCP. This should be enabled by default. DHCP SLP configuration is faster & easier than having to touch each workstation to statically configure SLP.

53

Novell, Inc.

SLP & DHCP

Even if the workstation's IP address is statically configured, SLP can still receive an SLP Scope and DA configuration from a DHCP server. This is done using something called a DHCP INFORM packet ... ask Laura Chappell for details. Warning: if your DHCP hands out SLP info using DNS names (or IP addresses) for DA machines that dont yet exist, the clients will appear to hang during login and drive mapping. This is why I suggest setting up DNS before DHCP.

54

Novell, Inc.

Making DHCP SLP-Friendly

Don't host DHCP on NT 4.0 boxes. NT 4.0 isn't capable of handing out the DHCP options required for SLP. Configure DHCP to hand out these options in addition to whatever else you're handing out to each subnet:

DHCP Option 78 = SLP Directory Agent IP Address DHCP Option 79 = SLP Service Scope

Note: You can hand out more than one SLP DA or SLP scope via DHCP. If you want to do some primitive SLP load balancing, use different DA orders for alternating subnets.
55

Novell, Inc.

Workstation SLP Discovery Process

(The Simple Version)
1. Workstation seeks the DA configured by DHCP (if it exists) 2. Workstation seeks the statically configured DA (if it exists) 3. Workstation multicasts to find DAs on the network 4. (if no DAs found) Workstation multicasts to find SLP services - probably from each Service Agents (servers) because no DA is responding. 5. Somewhere along the way DNS is also tried before SLP gives up and passes the baton to IPX/SAP if IPX is loaded/running. Failure to discover a DA often results in a mysterious pre-login delay of anywhere from 2 to 30 seconds at each workstation. This problem is very common in NetWare based networks without configured SLP.

56

Novell, Inc.

Troubleshooting Workstation SLP

At a command prompt, type: SLPINFO /D /S

57

Novell, Inc.

How Workstations Find Servers

(Derived from Novell TID 10014700)

1. NDS Workstation queries the DS database to find IP address for services that are registered in DS through a directory agent. (This option only works if user's already connected to the tree!) 2. Workstation uses its local HOSTS file on NT/2K/XP, or NWHOST on Win9x. (This option only works if you have server/tree names and ip addresses in the workstations host file that match the server/tree specified in the NetWare Client login screen.)

3. DNS Workstation asks DNS to resolve the server/tree name to an IP address. (This is why we put the NDS tree name into DNS during our preparation earlier.) 4. SLP. Novell TID says: "Requires no configuration on the client.

58

5. SLP via DHCP. The client gets SLP information from DHCP.

Novell, Inc.

How Servers Find SLP DAs

Static configuration (slp.cfg) DHCP configuration (On a server? Yes, on a server.)

Note: By default, NetWare servers will use DHCP to obtain SLP information. I dont recommend leaving this default in place; it can easily lead to mysterious ABENDs whenever TCP/IP loads.

Dynamic Discovery (multicast)

59

Novell, Inc.

Configuring Servers For SLP

The file SLP.CFG (NetWare ) or SLP.CONF (Linux) is used to tell the server what SLP Directory Agents to work with.

This file can also be used to define service scope filtering and registration. This isn't generally needed on most networks. On NetWare servers running SLPDA.NLM, the SLP.CFG file doesn't do anything unless you're pointing two DAs at each other for purposes of faulttolerance or merging of SLP scopes.

60

Novell, Inc.

Configuring NW Servers for SLP

The SLP.CFG file defines the Static DAs that the server will register services with. You can use DA IP addresses or internal DNS names:
#Static Directory Agents DA IPV4, 192.168.0.100 DA IPV4, fs1.fubar.com

At the console prompt, the SET SCOPE LIST = command defines in which scope SLP Services for this server should be registered:
SET SCOPE LIST = HQ_SLP_SCOPE
Novell, Inc.

61

Configuring OES/Linux for SLP

The /ETC/SLP.CONF file defines not only the SLP DAs, but also basic information about the OES server itself:
net.slp.DAAddresses = 10.0.1.3, 10.0.1.5 net.slp.useScopes = ABC_HQ_SLP_SCOPE

Unlike NetWare , to set up scopes, you place the scope name in this file.

If this will be a Directory Agent, activate or add the following line:

net.slp.isDA = true
62

Novell, Inc.

Troubleshooting NetWare SLP

DISPLAY SLP DA
Displays the list of SLP Directory Agents and their current status

DISPLAY SLP SERVICES

Displays a list of all SLP services known by that server. The following command line options can also be set in MONITOR.NLM:

SET SLP DA Discovery Options = value (0-8, Default 15)

0x01 = Use multicast DA advertisements 0x02 = Use DHCP discovery 0x04 = Use static file SYS:ETC\SLP.CFG 0x08 = Scopes Required Strongly Recommended

SET SLP Scope List = value

This parameter specifies a comma-delimited scope policy list.

SET SLP Reset = ON

This parameter forces the SA to send new service registers and forces the SA to send DA Advertise packets.
63

Novell, Inc.

Troubleshooting OES/Linux SLP

/etc/init.d/slpd restart
Stops and starts the SLP Daemon service.

slptool findsrvs service:directory-agent

Linux analogue of DISPLAY SLP DA command.

slptool findsrvtypes [followed by] slptool findsrvs <srvtype>

Linux analogue of DISPLAY SLP SERVICES command.

Running Novell Linux Desktop?

See TID #10097551 for info on setting up SLP on NLD.

64

Novell, Inc.

Default NetWare DA Configuration

When loading SLPDA.NLM for the first time, you are prompted to create a default configuration. Please say No. The default configuation includes a scope of unscoped (NetWare 5.x) or DEFAULT (NetWare 6.x), and automatically creates SLP objects in eDirectory

The default configuration is not appropriate, because you can't tell where services will register. By default, objects will be created in the same context as the server object. Manually configure your SLP DA it's not difficult!
65

Novell, Inc.

Setting up the NetWare DA

Allans Promised 5-Minute DA Setup:

1. Create an OU container to hold the Scope Unit objects.
This gets the SLP info somewhere you can (a) find it easily, and (b) easily partition and replicate it for fault tolerance later.

2. Create an SLP Scope Unit.

Provide a name for the Scope Unit and the name of the scope itself.

3. Create the SLP DA object

Select a Host Server on which this SLP DA will run. Select an SLP Scope for this SLP DA to service.

4. Load SLPDA.NLM on the DA server console (and in AUTOEXEC.NCF). 5. Edit SYS:ETC\SLP.CFG on all NON-DA servers to point to the DA server 6. Go into MONITOR on ALL servers, explicitly define the SLP Scope AND set SLP Discovery Option = 4.
66

Novell, Inc.

Setting up the OES/Linux DA

Allans Promised 5-Minute DA Setup:
1. Create an OU container to hold the Scope Unit objects.
This gets the SLP info somewhere you can (a) find it easily, and (b) easily partition and replicate it for fault tolerance later.

2. Create an SLP Scope Unit.

Provide a name for the Scope Unit and the name of the scope itself.

3. Create the SLP DA object

Select a Host Server on which this SLP DA will run. Select an SLP Scope for this SLP DA to service.

4. Edit sys:etc/slp.conf and configure it appropriately.

net.slp.DAAddresses = (address of the DA itself) net.slp.isDA = true

5. Start the slp service:

/etc/init.d/slpd start
67

Novell, Inc.

Configuring SLP in eDirectory

Configuring SLP should be a pretty short process. In general, I prefer to use ConsoleOne 1.3.6e or NWAdmn32 for SLP configuration.

Bonus Tip: ConsoleOne too slow? Set your anti-virus program to not scan .JAR files on ConsoleOne directories, especially on workstations*. Real-time antivirus scans of .JAR files can substantially increase ConsoleOne load times.

68

Novell, Inc.

Typical SLP Configuration OUs

Notice the separate OUs for DNS/DHCP and SLP. These make it easy to split off these containers into their own partition. This is useful for creating fault tolerant DNS, DHCP, and SLP network services. The DNS/DHCP and SLP OUs will each contain frequently changing information. If you partition them off, then only the servers that need the info (and which have NDS replicas) will have to exchange updates across the network.
69

Novell, Inc.

NetWare vs. OES/Linux SLP DA

The NetWare SLP DA stores collected SLP service information in eDirectory .

As of the current revision of this session (3/20/06), the OES/Linux DA does not store SLP info in eDirectory. If an OES/Linux SLP DA machine is restarted, it must collect SLP information all over again. This deficiency is scheduled to be corrected in a future OES version or SupportPack.

70

Novell, Inc.

Typical SLP Configuration - DNS

Note the DNS A record entries for the eDirectory tree name (CASTLE), and the server name (BEAST).

These will allow workstations to find the tree and server quickly. These will also allow servers to resolve each others' names quickly.

71

Novell, Inc.

Typical SLP Configuration SLP OU

Expanded SLP container, showing the clearly-named SLP Scope Unit and SLP DA. I prefer self documenting names for eDirectory objects.

This type of name makes it easy to figure out which is the scope, and which is the scope unit.

72

Novell, Inc.

Typical SLP Config: SLP DA

73

Novell, Inc.

Typical SLP Config: Scope Unit

Details of the SLP Scope Unit, showing both the scope name and the DA servicing the scope. Note the highlighted Scope Name can be either a scoped scope or simply Unscoped.

74

Novell, Inc.

Typical SLP Configuration - Services

Double-clicking on the SLP Scope Unit reveals the SLP Services that have been registered with this scopes DA. All SLP DAs have access to this information, since its stored and replicated in Directory Services.

75

Novell, Inc.

How Many Directory Agents Do You Need?

One DA is sufficient for up to 5,000 workstations. Two DAs (for fault-tolerance) are sufficient for most networks. Factors to consider in determining how many DAs to install are:

NDS replication traffic The number and placement of servers & clients Your WAN topology Your administration policy

76

Novell, Inc.

SLP Version 2
There are two versions of SLP:

NW 5.x supports SLP Version 1. Later patch levels of NetWare 5.1, and NetWare 6.x & OpenSLP (Linux) support SLP Version 2.

Macintosh clients need SLP v2 to browse an IP-based network. SLP v2 DAs do support SLP v1 for backwards compatability. Version 1's Unscoped requests are known as DEFAULT in Version 2.

77

Novell, Inc.

SLP/Pure IP: Rolling It Out

1. Infrastructure items checked. 2. Working DNS. 3. Working DHCP, handing out SLP information. 4. Stable NICI/SAS/PKI. 5. Healthy NDS/eDirectory Tree w/good Timesync.

6. Simple & Effective DA Configuration. 7. Updated Clients.

78

Novell, Inc.

Demonstration!

79

Novell, Inc.

Once More: Reaching Pure IP

Aha! Pure IP! Remove IPX From the Wire

Migrate to NDPS/iPrint

Configure Client Workstations for SLP UA Operation What we've covered : Configure Servers for SLP SA and DA Operation

DNS Server IP DHCP Time

NICI / SAS / PKI

NDS

80

Novell, Inc.

Top Ten(+1) Worst Pure IP Hurdles

11. Inconsistent/incorrect HOSTS & HOSTNAME files on servers. 10. Invalid/inconsistent default gateways on servers. 9. Servers not INETCFGd (no defroutes or static routes). 8. Non-configured (or badly configured) time sources. 7. Corrupt or invalid Tree or Server Certificate Authority. 6. Autospeed/Autoduplex/Autoframe turned on (or x57.LAN driver). 5. Old versions of NetWare Client.

4. Four Deadly Words: Not Recently Patched Servers. 3. Trying to distribute SLP info via an NT 4.0 DHCP server. 2. Missing tree name and/or server names in DNS. And, the number one hurdle to Pure IP 1. Managers who insist that you skip any of the above steps!
81

Novell, Inc.

SLP TIDs

TID 10014396 - SLP Terms and Configuration Reference This handy document contains pointers to...

TID 10025313 - Frequently Asked Questions about SLP TID 10014466 - Configuring SLP for a NetWare Client

TID 10027163 - Configuring SLP for a NetWare Server TID 10062474 - SLP Design and Implementation Guidelines TID 2942940 Client Login Process IP/SLP TID 2948052 Troubleshooting IP Login Issues TID 10095033 - Linux SLP Quickstart TID 10097551 - How to setup your Linux Desktop for SLP

82

Novell, Inc.

AppNotes
March 1999
Dynamically Discovering Services on an IP Network using SLP

April 2000
Understanding and Configuring SLP Directory Agents and Scopes

83

Novell, Inc.

Thank You!

Questions? Contact me at:

Allan Hurst KIS 4027 Clipper Court Fremont, CA 94538 allanh@kiscc.com http://www.kiscc.com tel 650.207.0215

My other sessions at BrainShare 2006:

IO315: OES For The Experienced NetWare Administrator TUT204: A Preventative Approach to Server Crashes (with Dirk Smith)

84

Novell, Inc.

Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.