Technical overview, hardware listing, and network structure for 1999. These documents can be additionally retrieved from http://www.ncf.ca/sysadmin/reports/1999/. System Administration Report for 1999 ===================================== Submitted by: Andre Dalle NCF System Administrator adalle@freenet.carleton.ca Year 2000 ~~~~~~~~~ The largest single project that we coped with all year long was dealing with year 2000 issues. In order to survive Y2K it was necessary to migrate all remaining SunOS machines to Solaris 2.7. The brunt of this work was two-fold: porting FreePort to the Solaris environment, and preparing Solaris for the FreePort system. Ian! Allen (aa610) is responsible for the initial porting work and system setup on freenet8.carleton.ca - a development/test Sparc2 system. A dual 50MHz Sparc10 system was configured as "freenet10.carleton.ca" and setup similar to the original setup by Ian! Allen on freenet8. A number of tweaks and updates, modifications to the member database system, code maintenance for the count server, and other problems have been followed and taken care of since the trigger date on Dec. 31 1999 when the system load was switched over from SunOS to the new Solaris platform. In the long run the move to Solaris will benefit NCF in terms of network management, code maintenance, and system simplicity and cohesiveness. Standardization on Solaris will also allow us to benefit from network maintenance on Carleton's part by including our machines in some tasks such as patch level maintenance and so on. While the complete migration from start to finish spanned several months we can be pleased to report all the core functionality was as functional on January 1st 2000 as it was on December 31st 1999. Modem Sharing System introduced ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In January we went live with Jim Elder's (aa456) modemsharing software. This system allows us to more appropriately compensate for busy and non-busy times of day by intelligently choosing to kick people off only as needed. As an additional bonus, this software enabled us to communicate with exclusively PPP dial-up users via e-mail when their time was up and to even include a special reminder notice in the event a member's account was overdue for renewal. Carleton Modem Pool ~~~~~~~~~~~~~~~~~~~ In February the acqusition of a Remote Annex 4000 terminal server from Magma Communications allowed us to re-organize our modem setup. All modems in the Freeweb and Express pools were moved to the new server. Additionally, many of the 14.4 modems in the Express pool were replaced with 28.8 capable modems. Additional steps were taken to ensure reliability of the Annex security server, which is required to authenticate PPP logins. Our current terminal server architecture is however quite old as is much of our modem pool. Relentless modem resets, cable juggling, and the occaisional terminal server reboot is required to attempt to maintain maximum reliability on the Carleton modem pools. This babysitting approach has however met with limited success and only been able to slow the degradation of quality of service. Eventually our entire modem pool architecture will have to be rebuilt with all new servers and modems to keep up with members' needs. Mitel Modem Pool ~~~~~~~~~~~~~~~~ The extended access at Mitel has exhibited connectivity issues that have proved very difficult to nail down. Dialogue with Cisco Systems resulted in a donation of a Cisco AS5200 digital terminal server to replace the existing Cisco AS5100 analog terminal server in place at Mitel. Months have passed since the initial donation, but Mitel has finally reached the stage in their PBX reorganization that has provided 48 digital lines for use by FreeNet. All hardware is in place and fully connected to the Mitel PBX. Migration from the old Cisco AS5100 to the new AS5200 is both imminent and expected to solve many reliability problems at Mitel. Network Architecture ~~~~~~~~~~~~~~~~~~~~ May was a heavy donation month, with generous hardware donations from Rebel.Com and Newbridge Networks. Rebel.Com donated a complete Horizon UltraSPARC IIi server with a 333MHz processor 256MB memory and over 8GB of storage. Newbridge donated a number of 10/100 FastEthernet switches obtained through a Newbridge acquisition. This donation allowed us to greatly simplify our network layout and equally improve network performance. I will attach a document to this report listing our active hardware resources and a visual representation of our network. Archival System ~~~~~~~~~~~~~~~ Archival of system accounts was re-introduced. This system had been disabled at the time of Yannick Gravel's departure from FreeNet. Archival of inactive accounts reduces the load placed on the file and mail storage servers. The archival system was fully re-integrated into the system by early February. SPAM filtering ~~~~~~~~~~~~~~ June marked the implementation of RBL/DUL mail filtering. This is a distributed project headed by Vixie Enterprises to chase after and shutdown spammers (DUL) and untrustworthy domains/isps that promote and/or permit spammers through their system (RBL). At no cost to us, we are able to piggy-back on this project by auto- blocking email from any sender on the RBL or DUL. The majority of blocked spam is from the DUL (Dial-up Users List), which marks individual ISP accounts marked as spammers. News server upgrade ~~~~~~~~~~~~~~~~~~~ The NCF newsgroups services were moved from a dual 50MHz SuperSPARC-II server to the newer 333MHz UltraSPARC IIi. Additionally, the server software underwent a major update, migrating from INND 1.7 to INND 2.1, which offers substantial performance, reliability, and monitoring improvements. The new news server is an order of magnitude more resilient to DoS (Denial-of-Service) attacks and should server FreeNet members well. Thanks are largely due to Paul Tomblin for configuring and testing the new news server environment, and additionally to John Stewart for aiding in the cumbersome migration process. Mailing List Services ~~~~~~~~~~~~~~~~~~~~~ Majordomo listserver software was configured on the mail server. This allows NCF to create mailing lists with (un)subscribe and management capability without requiring sysadmin intervention. WebAuction ~~~~~~~~~~ NCF now has a web-based auction system at http://auction.ncf.ca/. The software is Lynx-friendly while still attractive from Netscape/IE. The system is based on the EveryAuction software package from EverySoft (http://www.everysoft.com/everyauction). Modifications were made to eliminate security problems as well as extend functionality of the base software. This provides NCF with an always-useable auction forum with a management interface to easily add/remove and modify auction items. We also are able to allow non-NCF members to bid on items from the Internet if they are willing to pick up their auction item from Carleton. Finally, we can pursue individuals and organizations to donate sellable items for the auction 365 days a year. AGM2000 ~~~~~~~ A Sparc5 machine donated by Sean MacLennan (bn932) has been installed in the racks and configured as "agm.ncf.ca". This system will be used as a base for deploying a web based Lynx-friendly AGM which will be developed by Mark Mielke (al278). Summary ~~~~~~~ All considered, 1999 was an eventful year. Balancing critical issues such as Y2K that forced a domino effect in terms of system upgrades and improvements. Critical donations such as the Horizon UltraSPARC and the Newbridge FastEthernet switches have made these upgrades viable. Having survived such hurdles and come out on top with fresher server hardware we can look forward to a promising Year 2000 with the anticipated implementation of more scalable email and web solutions and the aggressive pursuit of a modernization of our dial-up modem pool. System Administration Report for 1999 - Appendix A: Hardware Resources ===================================== ============================== Submitted by: Andre Dalle NCF System Administrator adalle@freenet.carleton.ca This document systematically lists all NCF equipment currently in use and additionally mentions available equipment for use as working spares. This may be interpreted as a guide to what is running FreeNet. UNIX Servers ~~~~~~~~~~~~ Server : gw.ncf.carleton.ca System : Debian Linux 2.1 kernel 2.0.36 Chassis : PC AT Minitower CPU : 1x Intel Pentium 166 Board : Asus TX97 Memory : 96MB SDRAM (1x32 1x64) Disks : 1.2GB IDE Other : PCI SMC EtherPower Dual 10/100 PCI SMC EhterPower 10/100 ISA SMC Ultra (unused) cirrus logic vga Function: filtering router (firewall) caching nameserver slave mail services (redirect to smtp.ncf.carleton.ca) squid proxy server (may be disabled) Server : ng-services-1.ncf.carleton.ca System : Debian Linux 1.3 kernel 2.0.34 Chassis : PC AT minitower CPU : 1x Intel 486DX2/66 Board : Asus PVI-486SP3 Memory : 20MB Disks : QUANTUM FIREBALL1280A, 1222MB w/83kB Cache Other : video nic Function: IRC server BB monitoring Server : freenet1.carleton.ca System : Solaris 2.7 Chassis : Sun Sparc 10 CPU : 2x Ross HyperSparc 125MHz Board : Sun Sparc 10 Memory : 144 MB Disks : Seagate ST31051N Sun 1.05 Sun 1.3 Sun 1.3 Seagate ST15150N Quantum XP34300 Other : SBUS extra SCSI adapter SBUS fastethernet Function: Main mail server - smtp, local delivery to text boxes, majordomo, etc. File server (homedirs and freeport) Slave NIS Primary DNS Annex authentication (erpcd) Server : freenet4.carleton.ca System : Solaris 2.7 Chassis : Axil 320 (Sparc20 performance) CPU : 2x SuperSparc SM51 Board : Axil SS20 clone Memory : 208MB (2x64, 5x16) Disks : QUANTUM-EMPIRE_1080S Fujitsu M2654SA-1 Other : SBUS FastEthernet Function: Netscape HTTPD 2.01 (webserver, htdig, etc.) Master NIS server Secondary DNS loghost Server : freenet5.carleton.ca System : SunOS 4.1.4 Chassis : Sun Sparc 5 CPU : 1x MicroSparc-II 110MHz Board : Sun Sparc 5 Memory : 112MB (3x32 2x8) Disks : Seagate ST32430WC Other : Function: Legacy FreePort system To be removed eventually Server : freenet7.carleton.ca System : Solaris 2.5 Chassis : Sun Sparc 2 CPU : 1x Sparc2 cpu (40mhz I think.. pre-micro/super sparc) Board : Sun Sparc 2 Memory : 64MB (16x4) Disks : SUN0207 Seagate ST12400N Other : Function: QPOP Mail server Note : This machine will be replaced by a SS10 2.7 SM50 system. Server : freenet9.carleton.ca freenet-news.carleton.ca System : Solaris 2.7 Chassis : Rebel.com Horizon CPU : 1x UltraSPARC IIi 333MHZ 2MB cache Board : Sun Ultra PCI Memory : 256MB (2x128) Disks : SEAGATE-ST34520W SEAGATE-ST34520W COMPAQ-ST34371W Other : On-board fastethernet ultra-wide 68-pin scsi Function: INND 2.1 news server /usr/local file server future webserver, database server Server : freenet10.carleton.ca System : Solaris 2.7 Chassis : Axil 311 (SS10 performance) CPU : 2x SuperSparc SM51 Board : Axil SS10 clone Memory : 208MB (2x64, 5x16) Disks : SUN1.05 SEAGATE-ST15150N Other : SBUS fastethernet Function: Main user session server file server (files4 files6 files16) freeport solaris source Server : agm.ncf.carleton.ca System : Solaris 2.7 Chassis : Sun Sparc 5 CPU : 1x MicroSparc (70?) Board : Sun Sparc 5 Memory : 64MB Disks : SUN1.05 Other : Function: AGM2000 server Note : This machine will move be free after AGM2000 Spare UNIX Machines ~~~~~~~~~~~~~~~~~~~ The following lists functional machines that are no longer in service. Some are obsolete and may be auctioned off or given away. Some are useful for spare parts, while some (eg. freenet3) are good machines only temporarily out of service. Formerly: freenet3.carleton.ca Chassis : Sun Sparc 10 CPU : 1x SuperSparc SM50 Board : Sun Sparc 10 Memory : 128MB (1x64 4x16) Note : This system will replace freenet7, and potentially take on additional services complementing POP (eg. web access to POP) Formerly: freenet6.carleton.ca Chassis : Sun Sparc IPX CPU : 1x Sparc IPX (40Mhz, similar to Sparc2 I think) Board : Sun Sparc IPX Memory : 64MB (non-useable in better machines) Formerly: freenet8.carleton.ca Chassis : Sparc2 Board : Sparc2 Memory : 64MB (16x4) Note : Former Solaris-freeport test machine. Can be restored for use as a development environment (ie. breakable without worry) Lacking in power for anything more strenuous than simple utilities testing, ie. can't really be used to test Netscape etc. Formerly: freenet2.carleton.ca Chassis : Sparc IPC Memory : 48MB Spare Disks ~~~~~~~~~~~ - 3-4x 1GB - larger disks can be acquired Networking Gear ~~~~~~~~~~~~~~~ 2x 8-port 10/100TX FastEthernet Georim/FE switches 1x 2-port 10/100TX 16-port 10TX Plaintree WaveSwitch 1018 Terminal Servers ~~~~~~~~~~~~~~~~ - 3x 64-port Remote Annex 3 - 1x 72-port Remote Annex 4000 - 1x 20-port Xyplex MaxServer - 1x 48-port analog Cisco AS5100 with 12 analog quad-modem cards (reliability problems) - 1x 2-port T1/PRI Cisco AS5200 with 4 analog/digital 12-modem cards (to replace AS5100) External Modems including spares ~~~~~~~~~~~~~~~ 12 USR Sportster 28.8 kbps 10-20 Practcal Peripherals 28.8 160-180 USR Sportster 14.4 kbps Incoming Lines ~~~~~~~~~~~~~~ 48 271-9768: Mitel lines 10 520-9013: Overflow to 520-7835 15 520-7835: Overflow to 520-1135 112 520-1135: Overflow to 520-1130 32 520-1130: Last chance for a free modem! 14 libraries, etc. 3 reserved password-protected for sysadmin/office/demo use System Administration Report for 1999 - Appendix B: Network Structure ===================================== ============================= Submitted by: Andre Dalle NCF System Administrator adalle@freenet.carleton.ca This document will demonstrate how the Newbridge and Plaintree switches have enabled us to structure our network in a simple straightforward manner that couples high performance with scalability. There are no present network upgrade plans as the current structure should provide for the forseable future. Hardware mapping: ~~~~~~~~~~~~~~~~ [U] Unused (available) [NG] ng-services-1 [AGM] agm [F1] freenet1 [F3] freenet3 [F4] freenet4 [F5] freenet5 [F7] freenet7 [F8] freenet8 [F9] freenet9 [F10] freenet10 [FA1] freenet-annex1 [FA2] freenet-annex2 [FA3] freenet-annex3 [FA4] freenet-annex4 [FA5] freenet-annex5 [136-1] sw-1-136.ncf.ca: 8-port 10/100TX FastEthernet switch (Newbridge) [136-2] sw-2-136.ncf.ca: 8-port 10/100TX FastEthernet switch (Newbridge) [137-1] sw-1-137.ncf.ca: 2-port 100TX/16-port 10TX (Plaintree WaveSwitch) [Router] gw.ncf.carleton.ca: Linux router gateway adjoining subnets [WB] link to machines that are seated on the workbench in the computer room [CARLETON] link to the rest of the Carleton network and the INTERNET Network Diagram: ~~~~~~~~~~~~~~~ [F1] --- --- [F10] \ / [Router] --- \ / --- [F3] \ \ / / +---------+ | [136-1] | +---------+ / / \ \ [F4] --- / \ --- [136-2] / \ [F7] [F9] [F5] --- --- [F8] \ / [NG] --- \ / --- [AGM] \ \ / / +---------+ | [136-2] | +---------+ / / \ \ [U] --- / \ --- [136-1] / \ [U] [WB] [Router] [U] | | | | | | +---------+ | [137-1] | +---------+ / / | \ \ [FA1] -- / | \ -- [FA5] [FA2] --- [FA3] --- [FA4] +----------+ | [Router] | +----------+ / | \ [136-1] -- [137-1] -- [CARLETON] Notes: ~~~~~ The 8-port switches provide high-speed switched ethernet for the server segment. They provide enough ports to support 13 hosts. Additional switches could be added each providing an addition 6 useable ports. There is an eventual limit to how many 8-port switches can be usefully stacked together, but even a single additional switch should satisfy FreeNet's future requirements. The WaveSwitch provides a fast link to the Router while supporting up to 16 hosts. This gives us all the network muscle we need to support 16 terminal servers. The unused 100TX link could be used to link a second switch in the event FreeNet needed to support more than 16 terminal servers. Conclusions: ~~~~~~~~~~~ The current network architecture is sufficiently high performance to eliminate potential bottlenecks in the internal network. Available bandwidth in the NCF network is now greater than the UNIX hosts require, even at peak times. The most significant bottleneck in network performance is however the Carleton/Internet connection. The Carleton/Internet pipe is regularly saturated resulting in slowed performance. The Internet bottleneck may only be resolved by adding a reserved pipe (eg. ADSL) for FreeNet use only. This will be a research project for the coming year.