Novell Network Management: NetWare 6

Chapter 4: Building a TCP/IP Network Using NetWare 6

Objectives:

This chapter discusses installing the NDS objects and the services needed by a network that uses TCP/IP. The objectives important to this chapter are on page 4-1:

  1. Identify NetWare 6 TCP/IP Components
  2. Identify How DHCP Services Work
  3. Configure DHCP Services
  4. Create a Private Network with NAT
  5. Identify How DNS Services Work
  6. Configure a DNS Server
  7. Configure Dynamic DNS
  8. Configure SLP
  9. Migrate from IPX to IP
Concepts:
Introduction

With the implementation of NetWare 5, Novell supported and now recommends that we use the TCP/IP suite of protocols. The TCP/IP suite is often referred simply as IP. Electronic business practices now require IP compatibility.

Identify NetWare 6 TCP/IP Components
  • Dynamic Host Configuration Protocol (DHCP) - Provides management of IP addresses assigned to hosts on your network. Hosts typically request addresses on bootup. They are provided by a server runnning DHCPSRVR.NLM.
  • Network Address Translation (NAT) - Provides a route to the Internet for a network using Private addresses.
  • Domain Name System (DNS) - Users find it easier to remember names for devices. Networks must use IP addresses to make connections. DNS servers provide translation between registered names and the IP addresses they stand for. The Novell DNS server is implemented by the NAMED.NLM.
  • Dynamic DNS (DDNS) - DDNS provides an interface between DHCP servers (which assign IP addresses) and DNS servers (which translate names to IP addresses), so that newly assigned addresses are registered with the DNS serivce.
  • Service Location Protocol (SLP) - Provides a database of services on the network, and a protocol for requesters to find those services. Replaces Service Advertising Protocol, which put lots of traffic on the network.
  • TCP/IP Modules - The text lists five modules used by NetWare 6 to implement TCP/IP:
    • BSDSOCK.NLM - Berkeley Software Distribution standard sockets interface
    • TCP.NLM - provides TCP and UDP interfaces
    • TCPIP.NLM - provides IP and other Network layer protocols
    • NETLIB.NLM - provides libraries for TCP/IP modules
    • INETCFG.NLM - a NetWare utility to configure TCP/IP on the server
Identify How DHCP Services Work

Every device on an IP network must be given an IP address. This address typically is shown as four numbers, separated by periods. Since each number is held in one byte, they can range only from 0 to 255. Bytes are eight bits, and periods are often called dots, so an address written in the format 10.27.140.75 would be said to be written in dotted octet notation.

Devices on IP networks can be called hosts or nodes. Both words mean the same thing, a device connected to the network. IP addresses are meant to have two parts, the first part being the address of the network itself, and the second part being the address of the host on the network. In the example above, the number 10 stands for the network address, and the number 27.140.75 identifies the host. How did I know where the break came? I know that class A networks can be identified by a first octet value lower than 128, and class A networks only use the first octet as the network identifier. Class B networks use the first two octets to identify the network, and have first octet values from 128 through 191. Class C networks use the first three octets to identify the network, and have first octet values from 192 through 223.

In an IP network, each device needs a unique IP address. Assignment of these addresses takes some planning. First, there are two major approaches:

  • Static assignment - someone has to manually configure the address on each device, including workstations, servers, and printers. Unless your network is small, this is very painful.
  • Dynamic assignment - a server on the network can assign an address to workstations as they are signed on. You will still want to manually configure addresses on servers, printers, routers, and other network devices. However, you can still automate the manual part: see below.

Dynamic Host Configuration Protocol (DHCP) service allows us to dynamically assign IP addresses to hosts on an IP network. You need to understand that, as far as IP is concerned, "host" means any device on the network. Three methods for assigning addresses are listed:

  • Automatic Allocation: DHCP assigns a permanent IP address to a host.
  • Dynamic Allocation: An IP address is assigned to a host for a limited period of time (or until the host relinquishes the address). Also called address leasing.
  • Manual Allocation: This method requires that you assign the address. DHCP simply delivers the address to the host. Read that carefully: you can make the assignment, but you tell the DHCP server about it, you don't visit the host yourself.

A new feature of this course outlines the process used to obtain an IP address from a server:

  1. First a workstation broadcasts a DHCPDISCOVER message.
  2. One or more DHCP servers respond with a DHCPOFFER message, including an available network address.
  3. The workstation receives one or more DHCPOFFER messages from one or more DHCP servers. It chooses one server to accept. The workstation broadcasts a DHCPREQUEST message that identifies the server it has selected.
  4. The DHCP servers listen for the DHCPREQUEST broadcast from the workstation. Servers that were not selected use this message as notification that their offer is declined. The server selected in the DHCPREQUEST message responds with a DHCPACK message containing the address and configuration parameters for the
    client.

Know this sequence: Discover, Offer, Request, Acknowledgment.

You may not be aware that the process above has a flaw. Note that the Discover and Request messages are broadcast messages. Do you know that, normally, routers do not forward broadcasts? (Memorize that, if you don't.) This means that there would need to be a DHCP server on each network you administer, and each segment separated by routers. That could be a lot of DHCP servers. There is a solution, however.

A relay agent is software that runs on a NetWare server. If a DHCP request is made and there is no DHCP server handy, the relay agent forwards the request to a DHCP server that resides on a remote network. The relay agent also forwards the response back to the workstation. Novell's relay agent is called BOOTPFWD.NLM.

NetWare 6 extends the eDirectory schema and adds new objects to the tree when DNS/DHCP services are installed.

Several new DNS and DHCP objects are possible in NDS once the schema is extended to include them. Three objects are created automatically when the schema is extended:

  • DNSDHCP-GROUP group object - This is actually an avenue for access to information about any DNS or DHCP object that will be created in the Tree. Only one such Group object is allowed in a tree, and all DNS and DHCP objects created become trustees of it, so they can use it to learn information about other objects that are made members of it. Servers that are made DNS or DHCP servers are automatically members of this Group.
  • DNS-DHCP locator object - This object contains global defaults, DHCP options,and lists of all DHCP and DNS servers, subnets, and zones in the NDS tree. Only one is allowed in a tree and it is not configurable.
  • RootServerInfo zone object - This object points to root servers on the Internet. Root servers are servers that maintain listings of assignments in Internet domains (like .COM, .EDU and .NET). It is necessary to refer to root servers for URLs that are not handled by DNS servers on your network. As with the objects above, only one is allowed in a tree.

Below, on the left, is a list of five more DHCP objects that are available (can be created) once the schema is extended. On the right is a list of four more Domain Name Service (DNS) objects that are available once the schema has been extended. Do not confuse these possible objects with the three default objects above.

Five Possible DHCP Objects

Four Possible DNS Objects

  • DHCP Server Object
  • Subnet Object
  • Subnet Address Range Object
  • IP Address Object
  • Subnet Pool Object

  • DNS Name Server Object
  • DNS Zone Object
  • Resource Record Set Object
  • Resource Record Object


These objects are not defined at this point in the text.

In NetWare 6, DNS/DHCP configuration is done through iManager. The text offers a list of tasks you can perform with iManager.

  • Configure DNS/DHCP Scope Settings - this may improve session performance.
  • Set Global DHCP preferences, import DHCP 2 or 3 files, or export DHCP configuration as a text file.
  • Perform DHCP Server Management - Create, delete, or modify the server object. Enable and read audit logs. Start or stop the DHCP server.
  • Create, delete, or modify the Subnet Pool object.
  • Create, delete, or modify the Subnet object.
  • Create, delete, or modify the Subnet Address Range (SAR) object.
  • Create, delete, or modify IP address objects.
Configure DHCP Services

The iManager tasks listed above are broken into two groups: DHCP Configuration Essentials and DHCP Configuration Options. All networks will need the Essentials which are:

  • Perform DHCP Server Management - a DHCP server must be created for the service to be used. This is done first on a network.
  • Create, delete, or modify the Subnet object - a Subnet object must be created to define the network address of this network or network segment. This is done second on a network. Another purpose is to hold all the information that will allow you to use subnets on your network. Why use subnets? I have seen subnets used as an economy measure. One IP network license can be subnetted, or subdivided, to create several logical networks, which can then be used at several sites.
    Critical properties of the Subnet Object:
    • Subnet Name - must be unique in the Tree
    • NDS Context - the NDS container you create the Subnet object in
    • Subnet Address - must be unique in the Tree, it is the address of the sub-network. If you are not subdividing your network address, this number will be your network address.
    • Subnet Mask - the actual subnet mask to be used. If you have a class A license, the mask is 255.0.0.0; class B is 255.255.0.0; class C is 255.255.255.0. If you are subnetting, look over the chapter on subnetting in the Networking Technologies class. (Ironically, I am teaching that class this term, but we won't cover that chapter for a few weeks.)
    • Default DHCP Server - there should only be one DHCP server on a LAN segment. This does not have to be filled in when creating the Subnet object.
  • Create, delete, or modify the Subnet Address Range (SAR) object - an SAR must exist to define the range of addresses that will be assigned by the DHCP server. This is done third on a network.

The Configuration Options are the other four iManager tasks. Whether they need to be done depends on the network:

  • Global DHCP settings - DHCP can be used to push configuration setting to hosts, such as default gateway. If useful to do so on your network, you can use this option to affect all workstations.
  • DNS/DHCP Scope Settings - If your tree is large, this option can limit browsing and searching to a portion of the tree, improving performance. Performance is also improved if you specify the location in the tree of the Locator object.
  • Subnet Pool Management - If your network has multiple subnets, this option will allow you to specify which subnets are serviced by which DHCP server.
  • IP Address Management - Can be used to specify the IP address to be assigned to a resource, or to exclude an address from assignment. For example, you may wish to assign specific addresses to servers, routers, and printers. IP Address objects are created in Subnet objects, which act like containers.
Create a Private Network with NAT

The next topic in the chapter is Network Address Translation (NAT). NAT is a service that is used when you are running private addresses on your network, but either want your users to be able to reach the Internet or want people outside your network to reach some of your resources.

To understand this, you need to know that all IP addresses in the world were meant to be unique. These are called registered or public addresses. This scheme would allow any IP addressed machine to contact any other (in theory) because the address would identify the network and the host uniquely. At a certain point, however, the world began to run out of addresses. (It was also believed that there would be networks that would have no need to contact other networks. Yeah, right...)

So the Internet Assigned Numbers Authority (IANA) has designated some address ranges as private or unregistered addresses. They are also called nonroutable addresses:

  • 10.0.0.0 – 10.255.255.255 (This is a class A address range, one network.)
  • 172.16.0.0 – 172.31.255.255 (This is a class B address range, 16 networks.)
  • 192.168.0.0 – 192.168.255.255 (This is a class C address range, 256 networks.)

Within any organization, addresses in these ranges may be used without registering the addresses with IANA. Each address you use within your network must still be unique in your network. The problem is that there is no guarantee whatsoever that any address I use in my organization is not already in use in your organization, which makes direct networking between our networks unreliable, if not impossible.

This is where NAT comes in. NAT service runs on a router. In our case, this is a NetWare server with two NICs, one connecting to your network, and one leading to the Internet. The router has to know about your network's private addressing scheme. It also has to be given at least one public address to use for incoming or outgoing traffic. (More on the actual number required in a minute.)

NAT serves several purposes. It can allow traffic in to specific devices, it can allow traffic out from specific devices, and it effectively hides your actual addresses from the outside world, so it acts as a firewall for your organization. The text points out that it only acts as a firewall on the Network layer of the ISO model, so it is not a complete firewall solution.

Two NAT limitations should be considered. NAT does not support applications that embed an IP address in the data portion of the TCP/IP packet, except for FTP. Also, multicast and broadcast packets are not translated.

NAT can be configured to run in three modes:

  • Dynamic Only - this mode allows users in your network to reach out to other networks. It requires only one registered IP address. Users sharing that address are dynamically assigned a port number (from a pool of 5000) to identify their traffic. This mode does not allow outside users to initiate connections to your network.
  • Static Only - this mode allows mapping of registered addresses to private addresses inside your network. This way, outside users can reach resources inside your network. Addresses are kept in a table on the router, and only addresses mapped in the table can be reached from the outside. This mode does not allow average users on your network to initiate connections with resources outside the network, only those with mapped public addresses.
  • Dynamic and Static - This mode allows both kinds of connections. Hosts who do not provide resources to other networks can use the dynamic assignment of ports on the primary public address for reaching outside the network. The NAT server will also watch for traffic to secondary public addresses. Hosts providing resources to the world (such as web servers) have their private addresses mapped to these secondary public addresses in the NAT server's routing table. This use of multiple addresses bound to the same NAT interface is called multihoming.
Configuring NAT on a NetWare 6 server:
  1. Load INETCFG on the server.
  2. Enable the LAN drivers on the public and private networks and bind
    TCP/IP to each.
  3. Select a NAT mode to enable public network access from your private
    network.
Troubleshooting NAT
  • Can you ping the private interface in the NAT router from a workstation? If not, check hardware and cables, IP stacks on the workstation, and default router on the workstation.
  • Can you ping the NAT public interface from a workstation? If not, make sure the NAT router is the default gateway, and that IP routing is enabled.
  • Can you ping remote servers from a workstation? If not, make sure the NAT router knows where the other network is, or that it knows a way out of your network.
Identify How DNS Services Work 

In order for your computer to connect to another computer on the Internet, your computer has to know the IP address to send information to. No one could possibly remember all the addresses that they connect to on an IP network, much less on the Internet, so DNS is needed.

DNS stands for Domain Name Service. DNS is a distributed database system, which means that many servers each hold part of the DNS system. What the system does is provide translation from Domain Names (names of web sites, for instance) to IP addresses. If I tell you to check out the information at server 192.233.80.5 this week, will you remember that address? Thanks to DNS, you don't have to remember the numbers. Its URL (Uniform Resource Locator) name is www.novell.com. You can enter either the address or the name in the address line of a browser. Either will take you to the same web site.

Back to the distributed idea. The Internet is divided into Domains. Baker College, for example, has been assigned a subdomain (called Baker) in the EDU domain, which is for schools. EDU is a top-level domain. A domain name is limited to 255 characters, and each label in it (the parts separated by dots) is limited to 63 characters.

Your book wants you to be familiar with several top-level domains:

COM Commercial entities
EDU Educational institutions
GOV Agencies of the U.S. Federal government
MIL U.S. Military
NET Computers of network providers
ORG Miscellaneous: for organizations that do not fit anywhere else
AU Australia
CA Canada
DE Germany (Deutschland)
UK United Kingdom

Most countries have two letter domain names. Some, like Germany, are not intuitive until you remember what the country is called in the language spoken there.

You need to know that DNS is divided into zones of different types. Each zone can have several DNS servers, and the servers can be of two types. Several important terms are defined here, having to do with traditional DNS service:

  • master name server (primary name server) - the authoritative repository of DNS information
  • Berkeley Internet Name Domain (BIND) - a file format for holding DNS information
  • replica name server (secondary name server) - a local or backup server for the master name server
  • zone transfer - a request from a replica name server to the master name server to get updated information

A private network can apply for permission to connect to the Internet (for example, to place your business web server on it). You should make application to the appropriate authority designated by IANA (Internet Assigned Number Authority). Note that the text refers you to make application to Network Solutions, InterNIC Registration Services. Their web site is at www.internic.net (Test question warning: not .com!)

NetWare uses NDS to store DNS information on DNS servers. There are still two types: primary and secondary DNS servers. There are three kinds of DNS zones in NDS, and all must be configured as a primary or secondary zone:

  • Standard DNS Zone - for name to address conversion
  • IN-ADDR.ARPA Zone - for address to name conversion
  • IP6.INT Zone - for conversion to IP version 6. (This entire discussion is about IP, version 4. Version 6 uses 16 octets, not 4.)

Another type of server is the designated server. This is simply the master name server, if it is servicing a primary zone, or the secondary server if it is servicing a secondary zone.

Main tasks of a Primary Zone server:

  • Querying NDS to resolve names - turning names into addresses
  • Adding and deleting Resource Records - these are the records that make the DNS database work
  • Updating the zone serial number - the serial number is like a version number. Each change in the database increments the serial number, so secondary servers know to request a zone transfer. A zone transfer is when a secondary server requests a copy of the primary name server's information.

Secondary Zone server. If your company connects to an Internet Service Provider (ISP), you may set up a secondary server at your company to do zone transfers from the master name server that belongs to the ISP.

The text discusses the RootServerInfo Zone object, explaining its purpose. If DNS servers on your network do not have information about a domain name, the request is forwarded to actual root servers (authoritative domain servers). The RootServerInfo Zone object points to such servers.

The text describes the three DNS/DHCP objects created when DNS/DHCP service is installed. They are described above. It also describes some DNS objects, listed above, but not yet discussed.

  • DNS Zone Object - a resource object, in that it contains resource record sets and resource records. It is compared to a Start of Authority (SOA) object in a standard DNS system, meaning that it represents the highest level of information in a domain.
  • DNS Resource Record Set - is simply a group of similar resource record objects. A resource record is an object that contains the data for a DNS resource. It may help to know about several kinds of records:
    • A - this type of record maps machine names to IP addresses.
    • CNAME  - maps alias names to DNS names. (CNAME stands for canonical name.)
    • MX - Mail eXchange records. They map SMTP mail addresses to domain names.
    • NS - Name Server records. They map domain names to hostnames.
    • PTR - Pointer records. They map IP addresses to machine names within an IN-ADDR.ARPA zone.
  • DNS Name Server - this object contains information that links together the DNS services: server IP address, server domain name, server options, and zone list.

Several important terms are defined here, having to do with traditional DNS service:

  • master name server (primary name server) - the authoritative repository of DNS information
  • Berkeley Internet Name Domain (BIND) - a file format for holding DNS information
  • replica name server (secondary name server) - a local or backup server for the master name server
  • zone transfer - a request from a replica name server to the master name server to get updated information

A private network can apply for permission to connect to the Internet (for example, to place your business web server on it). You should make application to the appropriate authority designated by IANA (Internet Assigned Number Authority). Note that the text refers you to make application to Network Solutions, InterNIC Registration Services. Their web site is at www.internic.net (Test question warning: not .com!)

NetWare uses NDS to store DNS information on DNS servers. There are still two types: primary and secondary DNS servers. There are three kinds of DNS zones in NDS, and all must be configured as a primary or secondary zone:

  • Standard DNS Zone - for name to address conversion
  • IN-ADDR.ARPA Zone - for address to name conversion
  • IP6.INT Zone - for conversion to IP version 6

Another type of server is the designated server. This is simply the master name server, if it is servicing a primary zone, or the secondary server if it is servicing a secondary zone.

Main tasks of a Primary Zone server:

  • Querying NDS to resolve names - turning names into addresses
  • Adding and deleting Resource Records - these are the records that make the DNS database work
  • Updating the zone serial number - the serial number is like a version number. Each change in the database increments the serial number, so secondary servers know to request a zone transfer. A zone transfer is when a secondary server requests a copy of the primary name server's information.

Secondary Zone server. If your company connects to an Internet Service Provider (ISP), you may set up a secondary server at your company to do zone transfers from the master name server that belongs to the ISP.

The text discusses the RootServerInfo Zone object, explaining its purpose. If DNS servers on your network do not have information about a domain name, the request is forwarded to actual root servers (authoritative domain servers). The RootServerInfo Zone object points to such servers.

Configure a DNS Server

Page 4-54 shows the steps to create a DNS server:

  1. Assign DNS/DHCP Scope settings
  2. Create a DNS server
  3. Create and configure a DNS zone
  4. Create and configure a resource record
  5. Start the DNS server
  6. Configure workstations to use DNS
Configure Dynamic DNS

Dynamic DNS (DDNS) is recommended if you are providing both DNS and DHCP services on your network. DDNS provides communication between DNS and DHCP, so that your DNS service knows about IP assignments made by your DHCP service. The text argues that host names and IP addresses are really the same information, so linking the two services makes sense. In DNS, this is represented by A records and PTR records, which are simply inverses of each other.

Three steps are given for setting up DDNS service:
  1. In the Subnet object, specify a DNS Zone object for the DHCP service to update.
  2. In the Subnet Address Range object, configure for Dynamic DHCP or Dynamic BOOTP
  3. The key to setting up DDNS in NetWare is the Subnet Address Range object. It has a setting called Always Update, under DNS Update. Turn this on.

You can configure DDNS to update all subnets or a specific subnet on your network.

Configure SLP

The next objective in this chapter concerns SLP, Service Location Protocol, which replaces SAP, Service Advertising Protocol.

SAP was the protocol used in IPX networks to make sure that clients and servers knew about each other. Novell felt that SAP used too much bandwidth on a network to work well in the IP environment, so SLP was chosen to replace it.

To understand the following you will need to understand four kinds of network transmissions:

Transmission Type
Characteristics
Broadcast Sent to all hosts on a network
Unicast Sent to one host on a network
Multicast Sent to a group of hosts on a network. For SLP the multicast address is 224.0.1.22. (No, it does not matter what your network address is. This is a class D address. See Net Tech.)
Anycast Sent to a group, but it is only received and acted upon by the nearest active host of the group. Once a host acknowledges the anycast, the others in th group ignore it.

SLP uses three kinds of software agents:

  • User Agent (UA) - this agent runs on every client and server. It sends queries to the other two kinds of agents to learn about available services on the network.
  • Service Agent (SA) - every server runs an SA. The SA maintains a list of currently available services on that server. The SA watches for queries from UAs and responds to them. This is more efficient than SAP because UAs generally send multicast requests, not broadcast requests.
  • Directory Agent (DA) - DAs are created in large networks to maintain listings of available services in multiple SAs. DAs can receive unicast traffic, reducing the bandwidth usage found in multicast traffic.

Small network scenario: UAs send multicast requests for services. SAs on servers that have the requested service available send unicast responses to the UAs. Several servers may respond. The more hosts sending multicast request, the more bandwidth will be consumed.

Large network scenario: UAs are configured to send unicast requests to a DA. The DA checks the information from SAs that have registered with it, and sends a unicast response to the UA. Note that the use of unicast transmissions and the collection of information in the DA cause this scenario to be much more efficient for large networks.

A number of SLP objects are created on servers if SLP is run on them.

SLP Object Notes
BINDERY.NOVELL Holds the server's name and network address.
NDAP.NOVELL Holds information about the NDS partition. This can only be created on a server that holds a partition replica, and only one of these objects is created in any partition.
RCONSOLE.NOVELL The IP-based RCONSOLE program.
MGW.NOVELL Novell migration agent.
CMD.NOVELL Novell IPX compatibility mode server.
SAPSRV.NOVELL IPX SAP information stored in SLP by IPX compatibility mode servers.
SRS.NOVELL NDPS Service Registry Service.

The text also refers to the above objects as SLP services.

Clients will connect to servers providing services. They will learn of the services through SLP and will request connection based on the name of the server. Some server on the system will have to provide name service to the client, translating the name of the requested server to an IP address. A client can obtain name service five ways:

  • NDS - NDS can resolve common names if the objects are in the current context, and can resolve distinguished names anywhere in the Tree
  • DNS - DNS can resolve fully qualified domain names (host.subdomain.domain), and can resolve simple host names if they are in the current DNS zone.
  • SLP - provides dynamic discovery of new services (and services no longer available).
  • NWHOST - this is a text file that may be placed on each workstation under c:\novell\client32. The book also calls the file NWHOSTS
  • DHCP - this service can tell a client what server and Tree to use, so it fits this list.

The book uses logging in as an illustration of SLP service. When you start a workstation on a network, you cannot perform a login until you connect with a server. Under SLP rules, your workstation will first look for an NWHOST file that would list a server. If none is found, the workstation's UA sends a multicast request for login service. SAs respond, and the UA chooses one based on a priority system:

  • Servers on the same IP subnet are preferred first.
  • If no server on the same subnet replied, servers on the same IP network are preferred
  • If no server on the same IP network replied, any server that replied will be used.

If a system uses DAs, then unicast requests flow through them instead of multicasting to SAs.

In a SAP environment, services are registered via SAP broadcasts. SAP providers rebroadcast their services once a minute. SAP clients assume that information they have about service providers is no good after one minute.

In an SLP environment, services are registered and unregistered dynamically, so the listings can be relied upon longer. SLP services are assigned a value called Time To Live (TTL). This amount of time can vary, but the default is one hour. Typically, SAs register services with DAs, unregister when shutting down, and renew registration at TTL intervals.

SLP services can be grouped by scopes. A scope is like a container: it allows you to organize what clients will be able to get services from what servers. There is a default scope created called UNSCOPED, and all services are registered with it unless some other scope has been created and is specified for a service. DAs and SAs can be assigned to multiple scopes.

A question that should be on your mind at this point is "how large does a network have to be to need DAs?" There are two diagnostic questions to ask yourself. If you answer either question with a "yes", you should use DAs:

  • Do you have more than 25 NetWare 6 servers? If you do, use DAs.
  • Do you have a WAN link? If you do, use DAs.

Specific strategies: consider the answers to both questions.

  • If you answer "no" to both questions, you have a small network. Use SAs on each server.
  • If you have more than 25 servers, but no WAN, you have a medium network. Use SAs on all servers, and one or more DAs on selected servers.
  • If you answer "yes" to both questions, you have a large network. Use SAs on all servers, DAs on several servers, and group the SAs and DAs with scopes. Use the scopes to limit SLP traffic to each side of the WAN.

If you have users on both sides of a WAN link who need services from each location, you can try three options:

  • When a DA is created an Organizational Unit is created in the container that holds the DA's server object. An SLP scope object is placed in the container. You can create a new NDS partition, starting at this container, and replicate the partition on the other side of the WAN link. This will give your users access to all the resources listed in the scope.
  • DAs are configured with settings in a file called SLPDA.CFG (each DA has one). You can configure DAs to share information with other DAs. Doing this will cause a bit more WAN traffic than the previous option.
  • You can configure UAs at each site to seek services from DAs on each side of the WAN. This will cause the most WAN traffic, because the UAs will send unicast messages across the WAN.

To use a server as a DA, you must load SLPDA.NLM on that server. When you do so, you create four NDS objects:

  • SLP_SCOPE Organizational Unit Object - created in the same context as the server object for this server. The objects below are created in this OU.
  • SLP Directory Agent Object - use this object to associate the DA with the server and selected scopes.
  • SLP Scope Unit Object - This is a container that you use to define the scope of the DA. It is called UNSCOPED, by default.
  • SLP Service Objects - these objects stand for the services offered through this DA. They may be services on this server, or on servers that are registered with the DA. Service objects have a new naming convention: service:service_type.[name_authority]://address_spec
    The word "service" is required.
    "service_type" describes the service, such as bindery or ndap.
    "name_authority" tells where it came from. All examples in this class say novell.
    "://address_spec" will the the name or IP address of the server providing the service.

By default, a server's DS object will be called servername_SLPDA. The main SLP organizational unit will be called SLP_SCOPE. The actual scope object will be called UNSCOPED, and the DA will configured to it. These objects can be managed with NetWare Administrator or ConsoleOne.

Several settings are given in the text for the various NDS objects listed above. Brief explanations are given. You should go over these settings to be familiar with them. A list of SET parameters that can be entered on the server console are given as well. Below are some examples:

SLP SA DEFAULT LIFETIME Sets the Time to Live value in seconds. Default value is 3600. Values can range from 0 to 65535.
SLP BROADCAST Can be set ON or OFF. Default is OFF, which means multicasts will be used.
SLP TCP Can be set ON or OFF. Default is OFF, which means that UDP packets will be used. UDP packets are quicker, TCP packets are more reliable.
SLP DA DISCOVERY=x 0=Disable all DA discovery
1=Use Dynamic discovery
2=Use DHCP discovery
3=Use options 1 and 2 together
4=Use static discovery (reads the SLP.CFG file)
5=Use options 1 and 4 together
6=Use Options 2 and 4 together
7=Use Options 1, 2, and 4 together

Similar to the last setting above, you can configure the SLP client to use either static or DHCP discovery of resources. To do so:

  1. Open the Network Neighborhood on a workstation.
  2. Access the NetWare Client.
  3. Choose Properties
  4. Choose Service Location.
  5. On this page, you can specify Scope and DA information.
    1. If you list one or more scopes, you will have access only to SAs and DAs that use those scopes. If you list no scopes, you will have access only to SAa and DAa that also are not configured for scopes.
    2. If you check the Static box under Scope, the UA will only use the scope names that appear in the Scope List. If it is not marked, the UA will use the statically configured scopes along with any scopes it discovers dynamically.
    3. If you want to eliminate the multicast traffic caused by active discovery, enter the IP address or DNS name of the servers hosting the DA or DAs you want the client UA to use. Then mark Static and unmark Active Discovery.
Migrate from IPX to IP

This module in the chapter is optional. It is not really related to the rest of the chapter. For reference, I am providing the related chapter from the NetWare 5.1 Advanced Administration class.