Infrastructure Notes

Post date: Jun 27, 2012 8:1:3 PM

Part I: Google Search Appliance

Many of the Google help pages have relevance beyond Google products. The content quality is significant, as it is the result of experience (and probably formal analysis) of internet and network behavior from a point-of-view, at scale, that is rivaled by few others. The following are culled from several GSA (Google Search Appliance) and GSA Blue Mini pages. The intended audience is any Google Enterprise search customer. Let's begin with Google Search Appliance Configuration.

Definitions

  • Load balancer A software or hardware application that distributes network traffic

  • Failover Refers to a configuration that typically involves two instances of an application or a particular type of hardware. If the first instance fails, the second instance takes over.

"If a search appliance stops running, the load balancer stops sending requests. To monitor the status of the appliance, configure the load balancer to send periodic search requests. After each request, close the connection. Do not configure the load balancer to monitor status by sending TCP packets to port 80 of the appliance, making a connection, and sending a reset. Using TCP packets this way can cause a search appliance to become unresponsive."

Particularly useful links for

  • GSA Enterprise Search

GSA Administering Crawl: Introduction and Preparation, GSA Feeds Guide

GSA Administering Crawl: URL Construction and Patterns, Database Crawl and Advanced Topics with special attention to the section on JavaScript use.

  • GSA Enterprise Secure Search

Overview, Use Cases and Cookie Authorization Scenarios,

The GSA Admin Toolkit is a package of tools for GSA administrators. It is not supported by Google.

The Google GSA SAML Bridge for Windows enables the search appliance to fully access the user's Windows domain login credentials and removes the need for redundant logins. How does Google GSA SAML work? Google SAML Bridge for Enterprise facilitates authentication and authorization for search results, mediating between users and a Windows domain. The SAML Bridge is implemented as an ASP.NET website that resides in IIS. It enables users to gain seamless access to content that resides on file systems, web servers, or Microsoft Office SharePoint servers.

Part Two: IPv6 Tools

tcptraceroute6 is a lightweight tool using TCP packets to perform an IPv6 trace route.

It is very similar from the user’s perspective to Michael Toren’s TCP trace route for IPv4.

"The more traditional traceroute sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. ...The problem is that with the widespread use of firewalls, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination. Often, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.... tcptraceroute never completely establishes a TCP connection with the destination host..."

TCP Trace Route

See TCP trace route overview and tcptraceroute for IPv6. Both are featured on the Rem Lab page for ndisc6.

Summary

To trace the path to a web server listening for connections on port 80 use tcptraceroute webserver

To trace the path to a mail server listening for connections on port 25 use tcptraceroute mailserver 25