AFNOG 2001 Workshop

Scalable Services Infrastructure

This is part of the AFNOG 2001 Workshop, held in conjunction with the AFNOG meeting in Accra, Ghana, in May 2001.

OTHER COURSE DOCUMENTS

This detailed course outline contains many links to presentation materials used during class, and to external documents.

A simplified course outline simply contains major topic headings.

A timetable shows the entire course at a glance.

INSTRUCTORS

• Hervey Allen (USA)
• Ayitey Bulley (Ghana)
• Brian Candler (UK)
• Joel Jaeggli (USA)
• Alain Aina (Togo)
• William Tevie (Ghana)

TIMETABLE

Each day is divided into four slots of approximately two hours each. Classes start promptly at 08:30 and end at around 18:00 daily. There will be a one-hour break for lunch at around 13:00, and 20-minute breaks in mid-morning and mid-afternoon.

Monday morning

• Introduction and logistics -- Alain Aina
• FreeBSD Tutorial -- Joel Jaeggli and Hervey Allen
  • Detailed outline in HTML. Includes:

    • Introduction

    • Why FreeBSD

    • Accounts information

    • Creating a user account for yourself

    • Some basic FreeBSD commands

    • Post-installation configuration

    • Short example using FreeBSD commands

    • Getting FreeBSD 4.2 files and others

    • pkg_add: Adding packages or ports by hand

    • Network Information

    • ifconfig

    • rc.conf

    • Stopping and starting the network

    • Stopping and starting services

    • Installation Notes

    • Slices and partitions

    • Distribution sets

    • Quick installation guide (using CD-ROM)

    • A few differences from Linux
  • Additional introductory documents for:
    • vi editor (University of Colorado): HTML
    • File manipulation excercises: HTML
• DNS -- William Tevie and Alain Aina
  • Detailed Presentation: PowerPoint HTML
    • What the Internet's DNS is
      • A systematic namespace - the domain name space
      • Why use hierarchical names?
      • What are domain names used for?
      • Example of domain name
      • Domain name hierarchy
      • Different users of the term domain
      • Other information mapped to domain names
      • Different people responsible for different parts
      • What is a zone?
      • Information is associated with each domain name
      • General format of RRs
      • Several types of RRs
      • IP address for a host
      • Information needed by the DNS insfrastructure itself
      • SOA record
      • NS record
      • SOA and NS record example
      • More about RRs above and below zone cuts
      • Zone cut example - RRs in the child zone
      • Zone cut example RRs in the parent zone
      • Hostname for an IP address
      • Information about mail routing
      • Alias to canonical name mapping
      • Reverse lookup
      • Reverse domain hiearchy
      • Requirements for a nameserver
      • How is data partitioned amongst the servers?
      • What about reliability?
      • DNS protocols
      • Master and slave servers
      • Location of servers
    • Configuring a resolver on a Unix-like system
      • named.boot example
      • named.conf example
      • Checking DNS using nslookup
      • Checking DNS using dig
    • Best Practices

Monday afternoon

• DNS -- William Tevie and Alain Aina
  • Presentation continued
  • DNS Excercises: PowerPoint HTML
    • Each row choose a domain name
    • Choose two nameservers
    • Register with admin of parent domain
    • Create a zone master file
    • Edit named.conf appropriately
    • Start your nameserver
    • Enable named in FreeBSD
    • Start your nameserver
    • Test with nslookup or dig
• Web/Proxy/SSL -- Joel Jaeggli and Hervey Allen
  • Discussion of Squid Caching Server
  • Installation of Squid
  • Step-by-step overview of squid.conf

Monday evening - Optional sessions

• Continuation of DNS with Excercises -- William Tevie and Alain Aina

Tuesday morning

• Squid Caching Continued -- Joel Jaeggli and Hervey Allen
  • Client Configuration for Proxy Server Use: HTML
  • Auto Discovery of Proxy in IE Issue: HTML
  • WPAD Expired RFC: HTML
• Web/Proxy/SSL -- Joel Jaeggli and Hervey Allen
  • Configuring Apache with SSL: HTML
  • Example SSL Apache configuration file: TEXT
  • A good SSL Primer: http://docs.iplanet.com/docs/manuals/security/sslin/
  • Necessary source files for this excercise
    • openssl-0.9.6a.tar.gz
    • apache_1.3.19.tar.gz
    • apache_1.3.19+ssl_1.42.tar.gz

Tuesday afternoon

• Web/Proxy/SSL -- Joel Jaeggli and Hervey Allen
• Download Apache, OpenSSL, Apache SSL patch, sample config file
• Install OpenSSL
• Patch Apache source code with SSL patch
• Install Apache
• Generate new local SSL certificate
• Configure Apache with basic configuration
• Start Apache httpsd daemon and connect to local box
• Verify local ssl certificate works
• Radius -- Alain Aina
  • Summary Radius page: HTML
  • Introduction and overview: PowerPoint HTML
    • What is it
    • How it works
    • Authentication, authorization and accounting
    • Features, enhancements and disributions
    • Current use
    • Installation and configuration
      • Radius server install
      • Adding a radius client
      • Configuring user profile
      • Running and test
    • Proxy service: Roaming
    • Proxy service: How it works
    • Scaling radius server
    • Radius codes

Tuesday evening - Optional sessions

• Squid cache hardware configuration discussion -- Joel Jaeggli
• DNS excercises and cleanup -- Alain Aina

Wednesday morning

• Radius -- Alain Aina
  • Radius continued and labs
  • Labs worksheet: HTML
    • Configuration and installation: HTML
    • Proxy service: Roaming: HTML
    • Scaling Radius: HTML
      • Configuring database caching of user profiles
      • Configure radiusd to use PAM
  • Summary Radius page revisited: HTML

Wednesday afternoon

• Mail/Exim -- Brian Candler
• Available class resources
• Principal page
• Draft lesson plan


• E-mail basics


• Notes on scalability


• Exim control flow: Applix
, Postscript, PDF.
• Excercises
• Exim worksheet (build, test, configure FreeBSD, monitor, convert to Maildir)


• qmail worksheet (build, inetd.conf, test)


• FreeBSD performance tuning


• postal/rabid (performance measurement)


• Table-driven mail delivery


• Courier-imap and sqwebmail


• Notes on clustering


• Sample files and configurations
• Topics covered in this section
  • Overview
  • Basic structure of email
  • Give basic structure of an E-mail message
  • Define and distinguish MUA and MTA
  • Describe how DNS is used in mail delivery
  • Use telnet to port 25 and port 110 to manually send and retrieve E-mail
  • Explain purpose of envelope and distinguish from RFC822 headers
  • List key approaches to improve scalability
  • List other desirable features of a mail server
  • Explain why we are using exim rather than sendmail
  • Describe the basic exim mail processing mechanism
  • Exim documenation
  • Install exim

Wednesday evening - Optional sessions

• No Session Scheduled

Thursday morning

• Mail/Exim -- Brian Candler
  • Exim configuration
    • Configure exim as outgoing SMTP
    • Replace sendmail using /etc/mail/mailer.conf
    • Restrict relaying
    • Read and interpret mailq and exim log files
    • Use exim -c and -bt to try out configuration and debug delivery problems
    • Use config file for a good performance SMTP smarthost
    • Configure relaying, outbound and backup MX
  • Mailserver performancine tuning and monitoring
    • Install qmail-pop3d and test it
    • FreeBSD configuration cont.
    • Install postal and use it to simulate bulk SMTP deliveries
    • Discuss and test pop3 performance using rabid
  • FreeBSD performance tuning: HTML
    • Increase kernel limits
    • Enable softupdates
    • Use SCSI disks
    • Spread mail directories across multiple disks
    • Put in as much RAM as possible
    • Use PCI cards, not ISA!

Thursday afternoon

• Mail/Exim -- Brian Candler
  • Database driven operation; virtual domains
    • Explain what is meant by 'virtual domains'
    • Explain why it is desirable not to have accounts in /etc/passwd
    • Assign hashed directories, create dbm files for domains and mailboxes, and configure exim to use them
    • Create a 'whole domain' mailbox and a single-user mailbox
  • POP3 and IMAP configuration
    • Create a userdb for courier http://courier.sourceforge.net/userdb.html
    • Install courier-imap (with 'deliverquota')
    • Start pop3 and imap daemons, deliver and retrieve mail

Thursday evening - Optional sessions

• Help Desk Creation, Hints and Tips -- Hervey Allen
  • Principal page
  • Help Desk Presentation: PowerPoint HTML
  • Help Desk Creation Document (Long): HTML
  • CD-ROM Installer and Creation Document (Long): HTML
  • Additional Help Desk Pages: http://www.nsrc.org/helpdesk
• SSH and Security -- Joel Jaeggli
  • How to install ssh: HTM

Friday morning

• Mail/Exim -- Brian Candler
  • Clustering technologies
    • Describe scaling using round-robin DNS/multiple MX records and layer 4
      switching
    • Mount NFS backend(s), configure mail to be distributed across multiple
      backends
    • Configure exim as a database-driven SMTP frontend
    • Install and use a database-driven POP3 proxy
      http://perdition.sourceforge.net/ and/or
      http://www.i2pi.com/smunge/
    • Be able to distribute database using rsync, demonstrate awareness of LDAP
      and SQL
• Mailing Lists/Majordomo -- Ayitey Bulley and Hervey Allen
  • Majordomo/Mailing lists main page (lots of good links here): HTML
  • Overview of mailing lists: PowerPoint HTML
  • Majordomo Installation: Word PDF RTF
    • Tasks for root
    • Using an majordomo.aliases file
    • Tasks for majordom
  • Creating and managing majordomo: Word PDF RTF
    • Why you might want manual intervention
    • Day-to-day utilities
    • Troubleshooting and standard problems
    • Manage your list owners - not their lists
    • List owners list and listowners script
    • Small tools
    • A practical excercis

Friday afternoon

• Mailing Lists/Majordomo -- Ayitey Bulley and Hervey Allen
  • Mhonarc configuration: Word PDF RTF
    • Creating your archive directory
    • Installing custom rcfiles and a shell script
    • Creating your initial Mhonarc files
    • Adding messages from an existing mail folder
    • Automating Mhonarc
    • Configuring Pine to use the pipe command
    • Piping a single message
  • Majorcool, other tools, and advanced topics
• Wrap Up -- Alain Aina
• Questions and Answers -- Instructors

LINKS AND REFERENCES

Software tools

• Acrobat Reader - Adobe's free software to read PDF files
• Apache - Curently the world's most popular Web server
• Apache SSL - SSL patch to Apache code. Home page. We used this in class.
• BIND - BIND (Berkeley Internet Name Domain) page
• Courier - A mail server suite that provides ESMTP, IMAP, POP3, webmail, and mailing list services.
• Exim - Message transfer agent (MTA) that replaces sendmail. Scales for very large usage.
• FreeBSD - Operating system of choice for this workshop
• Free Radius - Dialup authentication server
• Majorcool - A Web interface to Majordomo.
• Majordomo - A mailing list server
• Mhonarc - Email to HTML converter. Useful for searchable archives of mailing lists.
• Squid - Caching server, runs under FreeBSD. Home page

Relevant Documents and Links

• AfNOG - Main Web site for African Network Operator's Group
• Afnog Workshops - AfNOG workshop materials are located here
• Network Startup Resource Center - An excellent resource of information relevant to this workshop
• O'Reilly & Associates - Excellent publisher of network and network related books
• RFC 2181 - Clarifications to the DNS Specification
• RFC 2182 - Selection and Operation of Secondary DNS Servers
• RFC 2901 - Guide to Administrative Procedures of the Internet Infrastructure
• RFC Editor - An RFC repository site
• SSL Introduction - A nice introduction to SSL and what it is

Return to AFNOG Workshop Main Page