AfNOG 2009 Workshop

Track SS-E — Scalable Internet Services

This is part of the AfNOG 2009 Workshop, held in conjunction 
with the AfNOG meeting in Cairo, Egypt, in May 2009. 

Daily Time Schedule: Morning ------- Session-1 08:45am - 10:45am Tea Break 10:45am - 11:00am Session-2 11:00am - 01:00pm Lunch Break 01:00pm - 02:15pm Afternoon --------- Session-3 02:15pm - 04:15pm Coffee Break 04:15pm - 04:30pm Session-4 04:30pm - 06:30pm Dinner 06:30pm - 08:00pm Evening ------- Session-5 08:00pm - 10:00pm In addition to this detailed timetable you can see a summary timetable as well. Monday morning 8:45am o Introduction and logistics -- Ayitey Bulley o FreeBSD Tutorial -- Joel Jaeggli * FreeBSD Tutorial Materials. * FreeBSD Tutorial Exercises. + Accounts information + Creating a user account for exim and yourself + Some basic FreeBSD commands + Post-installation configuration + Short example using FreeBSD commands + Getting FreeBSD 7.1 files and others + pkg_add: Adding packages or ports by hand + Network Information - ifconfig - rc.conf - Stopping and starting the network - Stopping and starting services + Installation Notes + Slices and partitions + Distribution sets + Quick installation guide (using CD-ROM) + The FreeBSD Directory Structure + A few differences from Linux + VI Tutorial
Monday morning 11:00am o DNS Session-1 (Fundamentals): -- Ayitey Bulley * DNS Materials. * Goal: to understand overall purpse and structure of DNS + IP addresses vs. names + DNS as a distributed, hierarchical database + Domain names and resource records: - A, PTR, MX, CNAME, TXT, SOA/NS + Domain name lookup responses + Reverse DNS + DNS as client-server model - Resolver - Cache - Authoritative server + Testing DNS (dig) + Understanding output from dig + Practical Exercises: - Configure Unix resolver - Use dig { A, other (e.g. MX), non-existent answer, reverse lookup } - Use tcpdump to show queries being sent to cache Monday afternoon 2:00pm o DNS Session-2 (DNS Caching Operation & DNS Debugging): -- Joe Abley * Goal: to understand operation of a recursive nameserver + Recap of previous session + DNS as a distributed database. + Resource record NS: referral of answer + Caching nameserver and root servers + Caching used to reduce load (esp. top level servers) + Issue of stale data in caches (problems with distributed systems). - TTL records on each record - Negative TTL in SOA + Recursion and caching (dig +norec) + Demo: www.ticscali.co.uk + Practical Exercise: - Debugging DNS Worksheet (with dig +norec ): . Students work on their own examples + Configuring a caching nameserver - check /var/named/etc/namedb/named.conf - run tcpdump - rndc start - change /etc/resolv.conf to point to your nameserver - querry two times - { Look at 'aa' flag, TTL, query time } - rndc flush - cache is authoritative for 127.0.0.1 Monday afternoon 2:00pm o DNS Session-2 (Continued): -- Joe Abley + What sort of hardware would you choosing when building a DNS cache? + Improving the configuration of a cache NS + Managing a caching nameserver + Practical Exercise: - Building your own cache nameserver - Improving the configuration of the cache NS + Question and Answer session + Summary Monday afternoon 4:15pm o DNS Session-3 (Configuring Authoritative Name Servers): -- Ayitey Bulley * Goal: to properly configure an authoritative nameserver + Recap of caching NS + DNS Replication + Outside world cannot tell the difference between master and slave + When does replication take place? + Two (2) Dangers with serial numbers + Configuration of Master & Slave NS - Format of Resource Records { SOA and NS } + Ten (10) Common DNS Operational and Configuration Errors (RFC1912) Monday evening 6:30pm o IPv6 Introduction -- Philip Smith Tuesday morning 8:45am o DNS Session-3 (Continued) Exercises: -- Ayitey Bulley and Joe Abley * Setting up a an authoritative name services for a domain + Master & Slave nameserver exercises Tuesday morning 11:00am o DNS Session-4 (Delegation & Reverse DNS) -- Ayitey Bulley and Joe Abley * Presentation: + Domain delegation + About Glue records + Reverse DNS (/24) + Reverse DNS (less than /24) * Exercise: + Delegation + Reverse DNS (in-addr.arpa) + Setting up flexible logging
Tuesday afternoon 2:00pm o RADIUS -- Frank Kuse * RADIUS Materials * Presentation: + What is RADIUS? + What does RADIUS do? + Why do we need RADIUS? + Other AAA services + About FreeRADIUS * Exercise: + Build and install freeRADIUS. + Configure and start the RADIUS server. + Test authentication + Convert a service to support Radius. Tuesday afternoon 4:15pm o Web/SSL -- Michuki Mwangi * Apache Materials + Installing Apache22 from FreeBSD ports + Configure Apache with basic configuration + Start Apache httpsd daemon and connect to local box + Verify local ssl certificate works + Configuring Apache with SSL + Example SSL Apache configuration file + Sample config for Virtual Hosting Tuesday evening 6:30pm o DNS & Web/SSL Exercises continued -- Ayitey Bulley, Michuki Mwangi & Chris Wilson
Wednesday morning 8:45am o Web/SSL -- Michuki Mwangi * Apache Exercises + Enabling IPv6 support in Apache + Installing PHP5 and PHP5-Extensions in Apache + Mysql Server 5.0 with Apache and PHP support + Install and configure Wordpress to use apache and mysql Wednesday morning 11:00am o Mail/Exim -- Chris Wilson * Exim Materials + Exim Basics - What is Exim - Who uses Exim - Why use Exim - Why not to use Exim - Installing Exim - Replacing Sendmail - Exim Overview - Basic Configuration - Global Settings - Adding local domains - Adding relay hosts Wednesday afternoon 2:15pm: o Mail/Exim -- Chris Wilson + Exim Routers - Routing Overview - Anatomy of a Router - The Default Routers - The Redirect Driver - Testing System Aliases - Simple Redirecting Router - Adding a Virtual Domain - Debugging Routers - Many Virtual Domains - Manual Routing a Domain - Manual Routing all Domains - Local Part Suffixes Wednesday afternoon 4:15pm o Mail/Exim -- Chris Wilson + Exim Transports - What are Transports - The remote_smtp Transport - The local_delivery Transport - Procmail router and transport - Enabling Maildir support + Exim Access Control - Using Access Control Lists - Anatomy of an ACL - Access Control Verbs - Address Verification - Callouts - Testing Callouts Thursday morning 08:45am o Mail/Exim -- Chris Wilson + Exim Access Control (continued) - Blocking Senders and Recipients - Blocking Hosts and Networks - Sender Policy Framework - Realtime Black Lists (RBLs) - Sender Domain Name Servers - HELO Verification - Filtering Spam with SpamAssassin - Filtering Viruses with ClamAV Thursday morning 11:00am o Mail/Exim -- Chris Wilson + Exim SMTP Authentication - Why use SMTP Authentication - Installing saslauthd - Enabling SMTP Authentication - Using RADIUS for Authentication - Testing Authenticated Relaying - Encrypting SMTP Sessions - Enabling SSL Encryption - Testing SSL Encryption - Requiring SSL for Authentication + Exim Troubleshooting - Logs and Debugging - The Mail Queue - Where to Get Help
Thursday afternoon 2:15pm thru to the Evening Session o POP, IMAP and Webmail servers -- Joel Jaeggli & Michuki Mwangi * IMAP4/POP3/WebMail Materials: + Dovecot - Server for POP and IMAP - What is Dovecot? - Installing dovecot from ports - Configuring Dovecot + Mailserver scalability - Linear password files - Linear mbox files - Too many files in one directory - CPU limits - Disk performance - Keep your SMTP (smarthost) and POP3 services separate + SquirrelMail Webmail Interface - Background - Why SquirrelMail? - Requirements for Installing SquirrelMail - Installing SquirrelMail - Configuring SquirrelMail + Notes and Clustering and NFS - Using Network File System (NFS) - Using Proxies - Load balancing - Database backends - FreeBSD NFS Friday morning 8:45am o POP, IMAP and Web email servers -- Joel Jaeggli & Michuki Mwangi + Practical Exercise ( continued ):
Friday morning 11:00am o Monitoring IP Services - Frank Kuse, Ayitey Bulley & Chris Wilson * Monitoring Section Materials + Monitoring of Exim Logs & Queues - What is ExiLog? - Features of ExiLog - ExiLog Target Audience - Installing ExiLog - Setting up the ExiLog MySQL Database - Configuring Exilog - Configuring the ExiLog Virtual Web Server - Running ExiLog Friday afternoon 2:00pm o Monitoring IP Services -- Frank Kuse + Monitoring IP Services with Nagios - Why Nagios - What Can it Do? - Sample Nagios Setup - Nagios Notification Flow Diagram - Nagios Configuration - Sample Screen Shots - Nagios Configuration Files Friday afternoon 4:15pm o Monitoring IP Services -- Frank Kuse + Practical Exercise: - Setting up nagios
o Other stuff: + Nagios config files

Return to AfNOG Workshop Main Page