Category: LAN Networking

JEB's NIC Checklist
article #143, updated 50 days ago

JEB’s Network Interface Checklist
version 2.4, 2/3/2011

  1. Any changes to NIC configuration may cause the network interface to cease connecting for a little while.  If it’s a server, this counts as “server down” for at least a few minutes.  Occasionally, if a driver is old or the machine has not been rebooted in a long time, a reboot may be necessary for the NIC to work again after certain changes are made.  It is generally best to not make changes unless there are performance issues or specific concerns about network behavior — but without these changes, overall performance often goes down more than 50%.
  2. Install the most current drivers.  If the NIC is Intel or Broadcom, install the driver downloaded from Intel or Broadcom, not from Dell or other third-party packager.  Often a third-party packager will have separated the application (e.g., “Intel PROset Application”) from the driver (“Intel PROset Driver”); in such a case, the application needs to be removed before the update installation begins.  For Intel drivers, the fastest route for the download is to go to http://downloadcenter.intel.com, search for “prowin32”, and click the link with the latest version (15.1.1 at this writing).  The link will take you to a page with both 32-bit and 64-bit drivers.
  3. For Server 2000, Server 2003, and XP, turn all offloading off.  This is actually a requirement, not just a recommendation, discussed in certain Microsoft reference materials.  In one case in the recent past, SBS simply failed to serve file or print to any workstation, unless this was done; in all cases thus far there has been an increase in general network reliability and performance when this is done.  On Intel NICs, this is often under “Performance Options”.
  4. For Server 2008, Server 2008R2, Vista, and Windows 7, turn all offloading on.
  5. For anything including “Scaling”, set it to “off” or “Disabled”, for 2000, XP, or Server 2003.  This is another Microsoft essential. There is a pack which is included in 2003SP2 which is said to make “Scaling” help, but it does not always help.
  6. For flow control, “Respond Only” (or “Rx Enabled”) is preferred, but if this is not available, set it to “On”.  This is not the same as “Rx Enabled” or “TX Enabled” under offloading!
  7. For Receive Descriptors and Transmit Descriptors on most NICs, set them to the maximum, unless the server is desperately low on RAM.  For some the maximums are 2048, for some one or the other is 5000, for others it is much less.  Each descriptor takes 2K of RAM.  Some Broadcom gigabit NICs will yellow-flag if they are set to 2048; for these, set receive to 750, transmit to 1500.
  8. For Adaptive Inter-frame Spacing, set it to “on” or “Enabled”.
  9. In the NIC’s “Power Management” tab, turn everything off.  This may have to be modified if Wake-On-LAN is used.
  10. In Server 2008, only one NIC (or one NIC team) is permitted to represent the server on the network. If there are two active NICs, you will have to turn one off, or crashes and unpredictable behavior will result sooner or later.
  11. In Server 2008, IPv6 must be turned on, and not deleted. It does not have to be configured, but it must be turned on.
  12. It is very much preferable, for Server 2008 and most especially for SBS 2008, for a working IPv6 subnet to be configured, even if the server(s) are the only devices which are able to use IPv6.

Categories:      

==============

Time synchronization (NTP, SNTP) setup
article #37, updated 251 days ago

In Windows Server 2012 R1/2, 2008 R1/2, 7, Vista, and 2003 SP2 and later, whenever time is out of sync, it’s good to run the following two commands in an administrative command prompt (an ordinary command prompt for 2003SP2+):

w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /update 
w32tm /resync

If the service has not been registered, the whole canole is:

w32tm /register
net start w32time
w32tm /config "/manualpeerlist:north-america.pool.ntp.org 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org" /syncfromflags:MANUAL /update 
w32tm /resync

Under Windows 2000, we need to go a bit more archaic:

net time /setsntp:north-america.pool.ntp.org
net time /querysntp

Two addenda:

  • We used to recommend just pool.ntp.org , but geoblocking has become quite common, so a more geographically appropriate setup is now the rule.
  • Do the above for domain controllers, standalone PCs, and mobile laptops. Add the domain controller’s IP to “Time Server” in DHCP, to reach desktops.

Categories:      

==============

Internet connection speed tests
article #182, updated 335 days ago

An excellent test recommended by Watchguard:

https://speedof.me

A very good one:

https://testmy.net/SmarTest/combinedAuto

and another:

https://sourceforge.net/speedtest/

Here’s the first one we saw which was HTML5 only, no Flash or Java:

http://www.bandwidthplace.com

Here’s a commonly used one which requires Flash:

http://www.speedtest.net

And another which uses java:

http://www.speakeasy.net/speedtest/

If you are checking this for wifi, we do recommend that you check for and rectify wifi channel congestion as a next step.

Categories:      

==============

Mount NFS Shares in Linux
article #1045, updated 1496 days ago

So you have an NFS server share known to be working, and you want to mount its share(s) on your Linux client machine. Here’s a summary. We’re using NFS4.

  1. So we start out thinking that we have an NFS server 10.11.11.10. We verify it’s ready for connection, if we run this command from the client:
    showmount -e 10.11.11.10
    and receive one or more NFS folder shares, e.g.:
    /Media 10.11.11.0/255.255.255.0
  2. We need a place to mount the share on this machine. So:
    mkdir /Media
  3. Next we try it manually:
    mount -t nfs 10.11.11.10:/Media /Media
  1. Now let’s make sure all of our NFS4-related services are enabled and running on the client.
sudo systemctl enable nfslockd.service
sudo systemctl start nfslockd.service
sudo systemctl enable nfs-idmapd.service
sudo systemctl start nfs-idmapd.service
  1. We now make sure that permissions allow users of the client read/write access to the share. There are two problems here. The first is to make the shared folder and all contents read/writable by all designated users. The second is to make this happen across systems, i.e., from server to clients.

So first we set the shared folder and all contents chmoded g+rwXs, chgrped to a sharing-designated group, on the server side. We then create a new user group on both server and clients, perhaps named “sharedfiles”, add all selected users to that group on clients and server, make sure the GID is the same for the group name on all of the machines, and then reboot them all.

The GID is a numerical indicator for the group, which is more important to the local OS than the name of it. As part of the above we do need to make sure the GID is the same for our new user group, across all machines, or else the OSes will not recognize the equivalency. On each of them then, after the group is created, we do this:

groupmod -g 20000 sharedfiles

A list of current groups and GIDs is available here:

cat /etc/group

You’ll notice that 20000 places the new group long after all of the others in general. This is intentional, to avoid conflict with existing configurations.

  1. Then we set up automount. We do this by adding the following line to the end of /etc/fstab:
10.11.11.10:/Media /Media nfs noauto,x-systemd.automount,intr,rsize=4194304,wsize=4194304,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min 0 0

Items:

  • NFS by itself is normally a very strong connection at a very low level, which means that unless an NFS mount is handled with care by other facilities, a client machine can freeze up very hard if its server becomes unreachable, rather different than SMB on Windows. There are at least three different methods to do this well. The above uses a facility within systemd, which this author found much easier to handle than the other two he found. If your Linux system does not use systemd, you should use one of the others, e.g., autofs, which is a layer unto itself.
  • The option “intr” is instead of “hard” or “soft”. It makes NFS transactions explicitly interruptible, which helps prevent corruption if the server goes down.
  • rsize and wsize can vary a lot. The number is in bytes. The above is a recent report on gigabit; if you’re on a lower-speed network you should use a correspondingly full order of magnitude smaller pair of numbers, e.g., the commonly reported rsize=8192,wsize8192.

Categories:      

==============

Set Static IP, DNS, and WINS using the 'netsh' command
article #962, updated 1941 days ago

If you’re working remotely, you don’t want your connection to go down, so we need to do it all in one command. So:

netsh interface ip set address "Local Area Connection" static <PC-IP> <Subnet-Mask> <Default-Gateway> & netsh interface ip set dns name="Local Area Connection" static <Primary-DNS> primary & netsh interface ip add dns "Local Area Connection" <Secondary-DNS> index=2

Be sure not to include the <> characters when replacing!

Categories:      

==============

IP4 subnet calculators
article #79, updated 2210 days ago

For CIDR to IP range (IP range extraction):

http://bonomo.info/coyote/cidr-calculator.php

For IP range to CIDR:

http://ip2cidr.com/

For lots and lots more:

http://www.subnetmask.info/

Categories:      

==============

Windows 7 libraries, network drive letter mapping, and My Documents redirection
article #112, updated 3269 days ago

A few notes:

  1. In the original shipping version of Windows 7, NET USE commands in login scripts and command shells did not work.  After about two months, however, if all updates were installed, they began working.  This method still works well, and is not disrecommended.
  2. Windows 7 libraries are the way to do the equivalent of “My Documents” redirection.  They can be set manually.  Just right-click on a library and go to Properties, and you can direct it wherever you want.
  3. But if the server does not have Windows Search 4 or higher, you will not be able to do your redirections as in #4.  For this, you have two options. First, you can set Offline Files for the folder in question. Or second, you can use a wonderful third-party utility at the following location:
    http://winaero.com/download.php?view.7

Categories:      

==============

Hidden IPv6 on XP and Server 2003
article #431, updated 3454 days ago

Sometimes IPv6 is installed on XP in a hidden form — sometimes IPv6 may be installed, but not visible in any Windows GUI. To find out, go to command prompt and enter:

netsh show helper

If IPv6 is installed, in that list will be “ipv6”. To uninstall on XP, run this:

ipv6 uninstall

The ipv6 command does not exist on Server 2003. The following does:

netsh delete ipv6mon.dll

Hidden IPv6 has been shown to cause problems in some Oracle environments.

Categories:      

==============

Set NetBIOS over TCP/IP using command line
article #426, updated 3465 days ago

First get a list of interfaces:

wmic nicconfig get caption,index,TcpipNetbiosOptions

Make note of the number of the interface you want to change. Once you have it (for example, number 0000009), do this to enable:

wmic nicconfig where index=9 call SetTcpipNetbios 1

List of options:

0 – Use NetBIOS setting from the DHCP server
1 – Enable NetBIOS over TCP/IP
2 – Disable NetBIOS over TCP/IP

Categories:      

==============

Windows 7 mapped drive disconnects
article #402, updated 3521 days ago

If you find that mapped drives disconnect without rhyme or reason, go here and do what Liz found for all of us:

http://support.microsoft.com/kb/297684

Categories: