DOCSLIB.ORG

Using Broxy for Native Ipv6 Support (Phase 1) Broxy Is a Software Solution for Phase 1 of Native Ipv6 Support

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Using Broxy for Native Ipv6 Support (Phase 1) Broxy Is a Software Solution for Phase 1 of Native Ipv6 Support Using Broxy for Native IPv6 Support (Phase 1) Broxy is a software solution for phase 1 of Native IPv6 support. It comes preconfigured with a “4to6” squid proxy, forwarding “4to6” named servers and bridged IPv6 interface. It allows dual IP stack IPv4 scanner components communicate over proxies with IPv6 data center and also scan bridged IPv6-only targets. Preferred scan mode of Qualys Scanners is still IPv4 in the Phase-1. It means scanning by DNS/Hostname resolving to IPv6 address (AAAA) will fail. Only scanning by actual IPv6 addresses, not by names is supported. Support for scanning by hostnames is expected in Phase-2. In the following sections we’ll show you how to configure KVM host, broxy and a scanner VM to easily achieve this task. Installing LIBVIRT/KVM packages on KVM host Without going into a lot of details on how to configure a KVM host from scratch, the following gives you a basic idea on what packages are required and how to start the libvirt service on the host to continue further. ~]# yum upgrade -y ~]# yum install libvirt virt-install qemu-img qemu-kvm libguestfs-tools-c ntp ntpdate ~]# systemctl libvirtd start ~]# virsh version Creating the bridge on KVM host We need to enslave the KVM host’s physical adapter to bridge br0 and then use it to forward all IPv6 traffic transparently to/from our virtual scanners. Below is an example of a KVM host where the network settings are not managed by NetworkManager. Manually it can be done in this way: Step 1: Configure interface settings to enable bridging by editing ifcfg-<interface name> file as the example shows below ~]# cat >/etc/sysconfig/network-scripts/ifcfg-enp3s0 <<EOF TYPE=Ethernet BOOTPROTO=static DEVICE=enp3s0 ONBOOT=yes BRIDGE=br0 EOF Copyright 2019 by Qualys, Inc. All Rights Reserved. 1 Step 2: Configure a bridged interface with desired IPv6 address, IPv6 default GW and IPv6 DNS server address ~]# cat >/etc/sysconfig/network-scripts/ifcfg-br0 <<EOF TYPE=Bridge BOOTPROTO=static NOZEROCONF=yes IPV6INIT=yes IPV6_AUTOCONF=no IPV6ADDR=2001:470:8418:2800::10.40.0.12 IPV6_DEFAULTGW=2001:470:8418:2800::1 DEVICE=br0 ONBOOT=yes DNS1=2001:470:8418:2800::a EOF Step 3: Reboot The KVM host Setting up Broxy on LIBVIRT/KVM host Setting up Broxy requires a bridge on KVM host and a private/isolated network. KVM host network configurations KVM host by default has only one “default” NAT libvirt network. ~]# virsh net-dumpxml default <network> <name>default</name> <uuid>4d41a5a8-6fac-4816-961a-19580971646d</uuid> <forward mode='nat'> <nat> <port start='1024' end='65535'/> </nat> </forward> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:94:da:d6'/> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.2' end='192.168.122.254'/> Qualys Scanner 2 </dhcp> </ip> </network> You need to create a Bridged network (if you don’t have one already) and a Private one as shown in the next two sections. Create private isolated libvirt network ~]# virsh net-define /dev/stdin <<EOF <network> <name>private144</name> <bridge name="virbrp144" stp="off"/> </network> EOF Create host-bridged libvirt network, if you don't have one already ~]# virsh net-define /dev/stdin <<EOF <network> <name>host-bridge</name> <forward mode="bridge"/> <bridge name="br0"/> </network> EOF Start newly created networks ~]# virsh net-autostart host-bridge ~]# virsh net-autostart private144 ~]# virsh net-start host-bridge ~]# virsh net-start private144 Create bridged 4to6 proxy VM (Broxy) The Broxy image comes in tar.gz format and can be easily spun up as a VM on a KVM host. It comes preconfigured for environments with IPv6 address assignments using SLAAC or DHCPv6 protocols. Here are the steps to create a Broxy Server VM: Step 1: Download Broxy image and unpack using tar command ~]# tar xvfz broxy.tar.gz This will give you 2 files: broxy.xml and broxy-disk1.qcow2 Qualys Scanner 3 Step 2: Create Broxy VM using virt-clone command ~]# virt-clone --original-xml broxy.xml --name broxy --file /var/lib/libvirt/qemu/broxy-disk1.qcow2 Step 3: Review and edit network settings The Broxy image comes preconfigured with first source network name as ‘private144’ and second source network as ‘host-bridge’. This can be changed if you configured your KVM host networks with different names. To do that do the following: ~]# virsh edit broxy This will open the instance configuration file. Review and edit network settings as needed. First <interface type='network'> element should have <source network='private144'/> or the private network name set on the KVM host in the section above. Second <interface type='network'> element should be on <source network='host-bridge'/> or "host-bridge" network name set on the KVM host in the section above. Step 4: Modify /etc/named/forwarders It should have IPv6 address[es] of host’s DNS resolvers from /etc/resolv.conf as the example shows below ~]# virt-edit -d broxy /etc/named/forwarders forwarders { 2001:470:8418:2800::cafe; 2001:470:8418:2800::face; }; forward only; Step 5: Configure Broxy’s br0 interface IPv6 config If your IPv6 network has Router Advertisement Prefixes service enabled or DHCPv6 available, it’s all set. For static IPv6 configuration, edit Broxy’s ifcfg-br0 file as follows: ~]# virt-edit -d broxy /etc/sysconfig/network-scripts/ifcfg-br0 IPV6_AUTOCONF=no DHCPV6C=no IPV6ADDR=... IPV6_DEFAULTGW=... Qualys Scanner 4 Starting Broxy VM with console Now we can start broxy and check if it’s fully functional. ~]# virsh start --console broxy Sample logs displayed on Broxy console [root@qa-kvm-ipv6 ~]# virsh start --console broxy Domain broxy started Connected to domain broxy Escape character is ^] … Linux version 2.6.32-754.12.1.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) ) #1 SMP Tue Apr 9 14:52:26 UTC 2019 Command line: ro root=UUID=6a2321b9-f1e6-40db-b156-44056de2ffe3 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM console=tty0 console=ttyS0,115200n8 … CentOS release 6.10 (Final) Kernel 2.6.32-754.12.1.el6.x86_64 on an x86_64 broxy.local login: Test the connection from Broxy Login on secure serial TTY after starting the broxy console as root with initially empty password, change it if required. Serial console is the only access method, sshd is disabled by default. You can test the connection to Qualys servers as shown in following example: ~]# host qualysguard.qualys.com ~]# curl -kv https://qualysguard.qualys.com Broxy is now ready! Next we’ll create a Scanner VM and configure it to work with Broxy in order to route all traffic through the bridged interface created above. Qualys Scanner 5 Create QVSA scanner on private144 network Step 1: Download and unpack the Scanner qVSA image ~]# tar xvfz qVSA-2.5.xx-1.tar.gz This will give you two files: qVSA.i386-2.5.xx-1-libvirt.xml and qVSA.i386-2.5.xx-1.qcow2 Step 2: Create Scanner VM using virt-clone (similar to how you created Broxy instance) ~]# virt-clone --original-xml qVSA-2.5.xx-1-libvirt.xml --name qVSA-2.5.xx-1 --file /var/lib/libvirt/qemu/qVSA-2.5.xx-1.qcow2 Allocating ' qVSA-2.5.xx-x.qcow2' | 56 GB 00:00:01 Clone 'qVSA-2.5.xx-x' created successfully. Scanner activation Step 1: Get your PERSCODE from Qualys Log in to the Qualys UI. Go to Scans > Appliances > New > Virtual Scanner Appliance. Choose “I have my image” and click Continue. Follow the on screen instructions to configure your virtual scanner and get your personalization code. You’ll need this in the next few steps. Step 2: Add Broxy DNS name in scanner proxy settings Proxy must be accessed by special proxy.qualys.local DNS name given to Broxy VM we configured above, name server on Broxy resolves it to 192.168.144.1. The proxy value must be added to the Scanner before starting it up. This proxy is running on the Broxy VM that we created in the previous section. Step 3: Prepare encoded CONFIG: string Prepare the encoded CONFIG: string as follows. ~]# <<<$'PERSCODE=NNNNNNNNNNNNNN\nPROXY_URL=proxy.qualys.local:3128' gzip -c | openssl base64 -A Replace NNNNNN... with PERSCODE generated from Qualys UI. Step 4: Modify SMBIOS/serial field Modify the SMBIOS/serial field to inject base64-encoded string after CONFIG: tag ~]# virsh edit qVSA-2.5.xx-1 <domain type='kvm'> <name>qVSA-2.5.xx-1</name> ... <sysinfo type='smbios'> <system> Qualys Scanner 6 <entry name='serial'>CONFIG:H4sI...</entry> </system> </sysinfo> ... Step 5: Change default scanner network name You’ll need to change the default scanner network name to ‘private144’ ~]# virsh edit qVSA-2.5.xx-1 ... <interface type='network'> <mac address='52:54:xx:xx:xx:xx'/> <source network='private144'/> ... How to see scanner logs ~]# virsh start --console qVSA-2.5.xx-1 How to see scanner console/UI ~]# virsh vncdisplay qVSA-2.5.xx-1 :0 Connect to scanner console over VNC (using KVM server IPv6 address and port 5900, in case the output is :0 like above). :1 for 5901 and so on. TIP: If direct access to KVM server IPv6 address doesn’t work from VNC viewer, create ssh tunnel to open VNC connection. Example, ssh root@2001:470:8418:2800::a28:c -L 5900:127.0.0.1:5900 for above example, this opens an SSH tunnel to VNC port.. Enter 127.0.0.1:5900 in VNC viewer to connect to the scanner console.
Load more

Recommended publications
  • Configuring DNS
    Configuring DNS The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. Each unique IP address can have an associated hostname. The Cisco IOS software maintains a cache of hostname-to-address mappings for use by the connect, telnet, and ping EXEC commands, and related Telnet support operations. This cache speeds the process of converting names to addresses. Note You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource record type AAAA is used to map a domain name to an IPv6 address. The IP6.ARPA domain is defined to look up a record given an IPv6 address. • Finding Feature Information, page 1 • Prerequisites for Configuring DNS, page 2 • Information About DNS, page 2 • How to Configure DNS, page 4 • Configuration Examples for DNS, page 13 • Additional References, page 14 • Feature Information for DNS, page 15 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
    [Show full text]
  • V6.5 Data Sheet
    Data Sheet Blue Prism Network Connectivity To ensure compatibility with evolving network infrastructures, Blue Prism can be deployed in environments that utilize IPv4 or IPv6 network protocols for all connections as well as those that use a hybrid approach, utilizing a combination of both protocols. This allows all Blue Prism components - Runtimes, Clients, Application Servers - to connect using the preferred or most suitable method. Resource connectivity When establishing connections to Runtime Resources, Blue Prism uses the name specified in the DNS. This is based on the machine name and can either the short name or the Fully Qualified Domain Name (FQDN). If a Resource has both IPv4 and IPv6 addresses in the DNS, the network adapter settings of the connecting device (Application Server, Interactive Client, or Resource) are used to determine which IP address should be used to establish the connection: 1. The connecting device defaults to an IPv6 connection. 2. If an IPv6 connection is not established within 1.5 seconds and if the connecting device has multiple IPv6 addresses listed in the DNS, a connection attempt is made using the next available IPv6 address. 3. If an IPv6 connection is not established, the connecting device automatically attempts to connect using IPv4. 4. If all available IPv4 addresses have been tried without success, the Resource is considered unreachable. Commercial in Confidence Page 1 of 3 ®Blue Prism is a registerd trademark of Blue Prism Limited 6.5 Data Sheet | Blue Prism Network Connectivity Resource connectivity The following diagram illustrates the logic used for connections to Runtime Resources. Commercial in Confidence Page 2 of 3 ®Blue Prism is a registerd trademark of Blue Prism Limited 6.5 Data Sheet | Blue Prism Network Connectivity Application Server connectivity Application Server connectivity Clients and Resources can connect to Application Servers using the host name, IPv4 address, or IPv6 address specified in the connection settings on the Server Configuration Details screen.
    [Show full text]
  • Changing IP Address and Hostname for Cisco Unified Communications Manager and IM and Presence Service, Release 11.5(1) First Published
    Changing IP Address and Hostname for Cisco Unified Communications Manager and IM and Presence Service, Release 11.5(1) First Published: Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Configuring Smart Licensing
    Configuring Smart Licensing • Prerequisites for Configuring Smart Licensing, on page 1 • Introduction to Smart Licensing, on page 1 • Connecting to CSSM, on page 2 • Linking Existing Licenses to CSSM, on page 4 • Configuring a Connection to CSSM and Setting Up the License Level, on page 4 • Registering a Device on CSSM, on page 14 • Monitoring Smart Licensing Configuration, on page 19 • Configuration Examples for Smart Licensing, on page 20 • Additional References, on page 26 • Feature History for Smart Licensing, on page 27 Prerequisites for Configuring Smart Licensing • Release requirements: Smart Licensing is supported from Cisco IOS XE Fuji 16.9.2 to Cisco IOS XE Amsterdam 17.3.1. (Starting with Cisco IOS XE Amsterdam 17.3.2a, Smart Licensing Using Policy is supported.) • CSSM requirements: • Cisco Smart Account • One or more Virtual Account • User role with proper access rights • You should have accepted the Smart Software Licensing Agreement on CSSM to register devices. • Network reachability to https://tools.cisco.com. Introduction to Smart Licensing Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure – you control what users can access. With Smart Licensing you get: Configuring Smart Licensing 1 Configuring Smart Licensing Overview of CSSM • Easy Activation: Smart Licensing establishes a pool of software licenses that can be used across the entire organization—no more PAKs (Product Activation Keys). • Unified Management: My Cisco Entitlements (MCE) provides a complete view into all of your Cisco products and services in an easy-to-use portal, so you always know what you have and what you are using.
    [Show full text]
  • World-Wide Web Proxies
    World-Wide Web Proxies Ari Luotonen, CERN Kevin Altis, Intel April 1994 Abstract 1.0 Introduction A WWW proxy server, proxy for short, provides access to The primary use of proxies is to allow access to the Web the Web for people on closed subnets who can only access from within a firewall (Fig. 1). A proxy is a special HTTP the Internet through a firewall machine. The hypertext [HTTP] server that typically runs on a firewall machine. server developed at CERN, cern_httpd, is capable of run- The proxy waits for a request from inside the firewall, for- ning as a proxy, providing seamless external access to wards the request to the remote server outside the firewall, HTTP, Gopher, WAIS and FTP. reads the response and then sends it back to the client. cern_httpd has had gateway features for a long time, but In the usual case, the same proxy is used by all the clients only this spring they were extended to support all the within a given subnet. This makes it possible for the proxy methods in the HTTP protocol used by WWW clients. Cli- to do efficient caching of documents that are requested by ents don’t lose any functionality by going through a proxy, a number of clients. except special processing they may have done for non- native Web protocols such as Gopher and FTP. The ability to cache documents also makes proxies attrac- tive to those not inside a firewall. Setting up a proxy server A brand new feature is caching performed by the proxy, is easy, and the most popular Web client programs already resulting in shorter response times after the first document have proxy support built in.
    [Show full text]
  • Mozilla's Attachment to Open Public Consultation Survey
    European Commission’s Open Public Consultation on eIDAS Attachment to Mozilla’s Survey Response 1 October, 2020 About Mozilla 1 Feedback on QWACs in the eIDAS Regulation 2 Historical Background of QWACs and TLS Certification 4 TLS server certificates are not the correct place to store QWAC identity information. 5 Proposed Technical Alternatives to TLS binding in eIDAS 6 ntQWACs 7 Non-TLS QWAC Delivery Mechanisms 8 Additional Transparency and Security Concerns with the EU TSP List 9 Lack of Transparency 9 Irregular Audits 9 Insufficient Risk Management 9 Recommendations 10 Appendix A: Relevant Language from the eIDAS Regulation 11 Appendix B - Bringing Openness to Identity White Paper 13 About Mozilla Mozilla is the Corporation behind the Firefox web browser and the Pocket “read-it-later” application; products that are used by hundreds of millions of individuals around the world. Mozilla’s parent is a not-for-profit foundation that focuses on fuelling a healthy internet. Finally, Mozilla is a global community of thousands of contributors and developers who work together to keep the internet open and accessible for all. 1 Since its founding in 1998, Mozilla has championed human-rights-compliant innovation as well as choice, control, and privacy for people on the internet. According to Mozilla, the internet is a global public resource that should remain open and accessible to all. As stated in our Manifesto, we believe individuals' security and privacy on the internet are fundamental and must not be treated as optional. We have worked hard to actualise this belief for the billions of users on the web by actively leading and participating in the creation of web standards that drive the internet.
    [Show full text]
  • Ebook: from a Record & DNS to Zones
    Ebook: THE AUTHORITATIVE GUIDE TO DNS TERMINOLOGY From A Record & DNS to Zones dyn.com 603 668 4998 150 Dowdyn.com Street, Mancheste603r, NH 668 031 499801 US A 150@dyn Dow Street, Manchester, NH 03101 USA @dyn Your Master List of Key DNS Terms As more users and more online services (sites, microservices, connected “things,” etc.) join the global internet, the scale, complexity and volatility of that internet are also on the rise. Modern DNS is reemerging as a powerful tool for commercial internet infrastructure that puts control back in the hands of IT leaders. The foundation of the Domain Name System or DNS, a distributed internet database that maps human-readable names to IP addresses, allows people to reach the correct online service (website, application, etc.) when entering URL. For example, the domain name dyn.com translates to the IP address of 199.180.184.220. Table of Contents Because DNS is the first step in the process of reaching online assets, it also provides an ideal “location” in the network to make decisions about 3 A Record — Auth code where to send certain traffic. This is particularly useful as more organizations adopt cloud or use CDNs to optimize content delivery, spawning hybrid environments. DNS, particularly when coupled with intelligence about those 3 Authoritative Nameserver — DDoS destination endpoints and the network path between them, can help get the right user to the right asset, improving performance, reachability of 4 DDNS — Endpoint those assets, and security posture. 5 GSLB — Primary DNS Dyn has been in the managed DNS business for over 10 years (and pioneered Dynamic DNS before that), so the DNS terms in this guide are commonly heard around the proverbial water coolers at Dyn, but we realize 6 PTR Records — Traceroute they can be a bit arcane despite the importance of DNS.
    [Show full text]
  • IP Geolocation Through Reverse DNS
    IP Geolocation through Reverse DNS Ovidiu Dan∗ Vaibhav Parikh Brian D. Davison Lehigh University Microsoft Bing Lehigh University Bethlehem, PA, USA Redmond, WA, USA Bethlehem, PA, USA [email protected] [email protected] [email protected] ABSTRACT Table 1: Example of entries from an IP Geolocation database IP Geolocation databases are widely used in online services to map end user IP addresses to their geographical locations. However, they StartIP EndIP Country Region City use proprietary geolocation methods and in some cases they have 1.0.16.0 1.0.16.255 JP Tokyo Tokyo 124.228.150.0 124.228.150.255 CN Hunan Hengyang poor accuracy. We propose a systematic approach to use publicly 131.107.147.0 131.107.147.255 US Washington Redmond accessible reverse DNS hostnames for geolocating IP addresses. Our method is designed to be combined with other geolocation data sources. We cast the task as a machine learning problem where increased user satisfaction and conversely that missing location for a given hostname, we generate and rank a list of potential information leads to user dissatisfaction [2, 7, 25]. IP geolocation location candidates. We evaluate our approach against three state databases are also used in many other applications, including: con- of the art academic baselines and two state of the art commercial tent personalization and online advertising to serve content IP geolocation databases. We show that our work significantly local to the user [2, 18, 26], content delivery networks to direct outperforms the academic baselines, and is complementary and users to the closest datacenter [19], law enforcement to fight cy- competitive with commercial databases.
    [Show full text]
  • NICE DCV User Guide NICE DCV User Guide
    NICE DCV User Guide NICE DCV User Guide NICE DCV: User Guide Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. NICE DCV User Guide Table of Contents Getting Started .................................................................................................................................. 1 Step 1: Get the Session Information ............................................................................................. 1 Step 2: Choose a Client .............................................................................................................. 1 NICE DCV clients ................................................................................................................................ 2 Requirements ............................................................................................................................ 2 Supported features .................................................................................................................... 3 Windows client .......................................................................................................................... 4 Installable
    [Show full text]
  • Today DNS Hostname Versus IP Address Many Uses Of
    Today 1. Domain Name System (DNS) primer Content Distribution Networks 2. The Web: HTTP, hosting, and caching 3. Content distribution networks (CDNs) COS 418: Distributed Systems Lecture 24 Kyle Jamieson [Selected content adapted from M. Freedman, B. Maggs and S. Shenker] 2 DNS hostname versus IP address Many uses of DNS • DNS host name (e.g. www.cs.princeton.edu) • Hostname to IP address translation – Mnemonic name appreciated by humans – IP address to hostname translation (reverse – Variable length, full alphabet of characters lookup) – Provides little (if any) information about location • Host name aliasing: other DNS names for a host • IP address (e.g. 128.112.136.35) – Alias host names point to canonical hostname – Numerical address appreciated by routers – Fixed length, decimal number – Hierarchical address space, related to host location • Email: Lookup domain’s mail server by domain name 3 4 1 Original design of the DNS DNS: Goals and non-goals • Per-host file named /etc/hosts • A wide-area distributed database – Flat namespace: each line = IP address & DNS name – SRI (Menlo Park, California) kept the master copy • Goals: – Everyone else downloads regularly – Scalability; decentralized maintenance – Robustness • But, a single server doesn’t scale – Global scope – Traffic implosion (lookups and updates) • Names mean the same thing everywhere – Single point of failure – Distributed updates/queries – Good performance • Need a distributed, hierarchical collection of servers • But don’t need strong consistency properties 5 6 Domain Name System (DNS) The DNS namespace is hierarchical • Hierarchical name space divided into contiguous sections called zones . Root – Zones are distributed over a collection of DNS servers TLDs: com.
    [Show full text]
  • Network Configuration for SAP HANA System Replication
    SAP How-to Guide SAP HANA™ Network Configuration for SAP HANA System Replication Applicable Releases: SAP HANA 1.0 & SAP HANA 2.0 Version 2.2 December 2018 For additional information contact: [email protected] © Copyright 3 SAP AG. All rights reserved. All other product and service names mentioned are the trademarks of No part of this publication may be reproduced or transmitted in any form their respective companies. Data contained in this document serves or for any purpose without the express permission of SAP AG. The informational purposes only. National product specifications may vary. information contained herein may be changed without prior notice. The information in this document is proprietary to SAP. No part of this Some software products marketed by SAP AG and its distributors document may be reproduced, copied, or transmitted in any form or for contain proprietary software components of other software vendors. any purpose without the express prior written permission of SAP AG. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered This document is a preliminary version and not subject to your license trademarks of Microsoft Corporation. agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® IBM, DB2, DB2 Universal Database, System I, System i5, System p, product and is not intended to be binding upon SAP to any particular System p5, System x, System z, System z10, System z9, z10, z9, iSeries, course of business, product strategy, and/or development. Please note pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, that this document is subject to change and may be changed by SAP at OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power any time without notice.
    [Show full text]
  • Ipv6 Addressing and Basic Connectivity Configuration Guide Cisco IOS Release 15.1SG
    IPv6 Addressing and Basic Connectivity Configuration Guide Cisco IOS Release 15.1SG Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]