When running InfiniGuard version 3.3.x and above, the InfiniGuard services includes the ability for Backup Admins to use the CLI based “iguard_netcli” tool to troubleshoot or validate network services.
This feature allows Backup Admins to troubleshoot, diagnose, or validate InfiniGuard DDE Networking. The tool allows for various scenarios of Networking diagnostics scenarios between InfiniGuard DDEs and the servers used for protecting data to the DDE shares.
Your TA can assist you in obtaining these tools before they are officially available from the Infinidat Support site. Once you have obtained it, it can then be installed (as an RPM) on any AIX 7.1, AIX 7.2, Redhat or Centos Linux server.
Once installed, the script-based tools allow authenticated access to any 3.3.x or above InfiniGuard version to list and sort contents of any or all of the Deduplication Engine NetBoost Shares. The tool requires a read-only account on the InfiniGuard UI (as a minimum).
- Install the InfiniGuard_Netcli RPM on the system you wish to use as a cli tool server to validate networking on InfiniGuard Deduplication Engines (DDEs).
- Obtain the RPM appropriate for your host operating system (LINUX/AIX) from Infinidat Support or your TA.
- Install the RPM using “rpm –ivh INFINIDAT_InfiniGuard_netcli.rpm”
- Once installed, you can use the tool to run cli-based Networking tools.
If issues are discovered, the customer team can work with their networking staff and/or Infinidat Support to resolve any issues (thru the normal ticket-based support system). Some examples follow,
[root@io-wt-11 ~]# iguard_netcli --help
Help shows the syntax of using the command:
[root@io-wt-11 ~]# iguard_netcli –help
Usage:
iguard_netcli --ping --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id> --dst=<ip>
[--src=<dde_ip>] [--time=<time>] [--do_not_fragment]
[--payload_size=<payload>]
iguard_netcli --iperf --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id> --dst=<ip>
[--src=<dde_ip>][--buffer_len=<len>][--parallel=<num>]
[--time=<time>][--iperf_version=<ver>][--reverse]
iguard_netcli --traceroute --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id> --dst=<ip>
[--src=<dde_ip>]
iguard_netcli --dig --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id> --dst=<ip>
[--time=<time>]
iguard_netcli --ethtool --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id> [--interface=<dev>]
iguard_netcli --ifconfig --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id> [--interface=<dev>]
iguard_netcli --mtu --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id> --dst=<ip>
[--src=<dde_ip>]
iguard_netcli --bonds --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id> [--interface=<dev>]
iguard_netcli --resolv --hostname=<hostname> [--username=<username>]
[--password=<password>] --dde=<dde_id>
iguard_netcli --hostname=<hostname> --username=<username> --password=<password> --save
iguard_netcli --delete
iguard_netcli -h | --help
iguard_netcli --version
Options:
-H hostname --hostname=<hostname> DNS name/IP of InfiniGuard
-u username --username=<username> Administrator's username
-p password --password=<password> Administrator's password
-d dde_id, --dde=<dde_id> DDE ID (1/2)
-P, --ping Ping from DDE
-T, --traceroute Traceroute from DDE
-N, --dig Dig from DDE
-E, --ethtool Ethtool on interface(s)
-i, --ifconfig Ifconfig on interface(s)
-M, --mtu Calculate MTU between DDE and IP address
-B, --bonds Display bonds information
-R, --resolv Show contents of resolv.conf
-I, --iperf Run iperf client from DDE to Iperf server
-D ip, --dst=<ip> Destination IP
-S dde_ip, --src=<dde_ip> DDE IP to use as source
-t sec, --time=<sec> Time to run the command (in seconds)
--do_not_fragment Set TCP DO_NOT_FRAGMENT flag
--payload_size=<size> Ping payload size
--buffer_len=<len> Iperf buffer length (in KB)
--parallel=<num> Iperf number of parallel threads
--iperf_version=<ver> Iperf version to use (1 or 3) [default: 3]
--reverse Iperf3 only: reverse test direction
--interface=<dev> Network interface to use
--delete Delete all stored credentials
--save Save credentials for hostname
-h, --help Show this screen
-V, --version Show iguard_netcli version
The iguard_netcli command will use the –H (or - –hostname) and point to the InfiniGuard DNS-hostname or IP address. User and Password can be saved to avoid having to authenticate each task.
This requires “http” access to the ibox floating IP (the System Management IP), and at least a read-only user on the iGuard UI.
The Following example shows several use-case examples of using the iguard_netcli tool to validate networking from the DDE’s to the Backup Server.
Review MTU between Source and Target IPs.
[root@io-wt-11 ~]# iguard_netcli --mtu -H ibox1593 -d1 --src 172.31.32.103 --dst 172.31.33.5
9000
Review Traceroutes between source and target IP’s.
[root@io-wt-11 ~]# iguard_netcli --traceroute -H ibox1593 -d1 --dst 172.31.32.103
Traceroute to 172.31.32.103 (172.31.32.103): 56 data bytes, 30 hops max
1 172.31.32.103 dde1-1593.lab.wt.us.infinidat.com 0.13 ms
Review DDE Network Bond Settings.
[root@io-wt-11 ~]# iguard_netcli --bonds -H ibox1593 -d1 --interface=bond0
Settings for bond0:
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer 3 4 (1)
MII Status: up
MII Polling Interval (ms): 500
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
System MAC address: f8:f2:1e:47:33:e3
Active Aggregator Info:
Aggregator ID: 1
Number of ports: 1
Actor Key: 15
Partner Key: 1
Partner Mac Address: 00:00:00:00:00:00
Slave Interface: p7p1
MII Status: up
Speed: 10000Mb/s
Duplex: Full
Link detected: yes
Link Failure Count: 2
Permanent HW addr: f8:f2:1e:47:29:b0
Slave Interface: p4p4
MII Status: up
Speed: 10000Mb/s
Duplex: Full
Link detected: yes
Link Failure Count: 2
Permanent HW addr: f8:f2:1e:47:33:e3
Iperf testing requires you to run iperf in Server mode on the backup server. This allows for a bandwidth test to be run between the InfiniGuard DDE Target IP and the Backup Server Source IP.
Ex. from Backup Server, start iperf in Server mode.
[root@io-wt-11 ~]# iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
Example in running netcli to test iPerf Bandwidth
[root@io-wt-11 ~]# iguard_netcli --iperf -H ibox1593 -d1 --iperf_version=1 --src 172.31.32.104 --dst 172.31.33.5
------------------------------------------------------------
Client connecting to 172.31.33.5, TCP port 5001
Binding to local address 172.31.32.104
TCP window size: 4.00 MByte (default)
------------------------------------------------------------
[ 3] local 172.31.32.104 port 5001 connected with 172.31.33.5 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.0 sec 1.15 GBytes 9.92 Gbits/sec
[ 3] 1.0- 2.0 sec 1.15 GBytes 9.89 Gbits/sec
[ 3] 2.0- 3.0 sec 1.15 GBytes 9.90 Gbits/sec
[ 3] 3.0- 4.0 sec 1.15 GBytes 9.90 Gbits/sec
[ 3] 4.0- 5.0 sec 1.15 GBytes 9.89 Gbits/sec
[ 3] 5.0- 6.0 sec 1.15 GBytes 9.90 Gbits/sec
[ 3] 6.0- 7.0 sec 1.15 GBytes 9.89 Gbits/sec
[ 3] 7.0- 8.0 sec 1.15 GBytes 9.89 Gbits/sec
[ 3] 8.0- 9.0 sec 1.15 GBytes 9.90 Gbits/sec
[ 3] 9.0-10.0 sec 1.15 GBytes 9.90 Gbits/sec
[ 3] 0.0-10.0 sec 11.5 GBytes 9.90 Gbits/sec
Last edited: 2022-08-06 08:20:50 UTC
Comments