QUESTIONS…

AMAZON WEB SERVICES & CSP NODE

1. If an issue remains after following the steps in this FAQ

2. Performing a ping to test network connectivity.

3. I know there is a firmware update available, but the Bridgeworks Web GUI does not inform me of the update.

4. I cannot initiate an iSCSI session to the AWS Storage Gateway.

5. I cannot establish the connection from Node A to Node B.

6. My persistent target has not been logged onto after a reboot (when using Windows Server 2012 iSCSI target).

7. I’m having issues with establishing my FTP connection.

8. I see the message “WANrockIT connection licence unavailable”.

9. I am experiencing issues with my WANrockIT Transfer performance.

10. I’m experiencing connectivity issues in my ESXi environment.

11. My port numbers have increased on ESXi, and I no longer have a ‘Port 1’.

12. The speed of the network interfaces comes up as 10Gb on ESXi even though they are connected to a 1Gb card.

…ANSWERS

1. IF AN ISSUE REMAINS AFTER FOLLOWING THE STEPS IN THIS FAQ

  1. Download the diagnostics for both/all of your Nodes. For each Node:
    1. Log into the web interface
    2. Navigate to Home -> Diagnostics
    3. Click the Download button and save the diagnostics file. Each file should be renamed to differentiate them.
  2. Submit a support ticket and attach your diagnostic files.

2. PERFORMING A PING TO TEST NETWORK CONNECTIVITY.

  1. Log into the Node’s web interface and navigate to Home -> Network Connections -> Network Ping.
  2. From this page you can enter a hostname or IP address and attempt a ping by clicking ‘Ping’.
  3. After a few seconds the results will either say 0% packet loss, indicating the connection is ok, or 100% packet loss indicating a network connectivity issue.
  4. Log into the Node’s web interface and navigate to Home -> Firmware Updates.
  5. Click the ‘Check Now’ button to force an update check. To discover a firmware update, an internet connection is necessary.
    1. You can test the connection by following the steps in ‘Performing a ping to test network connectivity’, using a host on the internet (such as aws.amazon.com).
    2. If the ping reveals an issue, ensure your VPC is set up correctly, particularly that it has an internet gateway and a DNS server configured. Your Node may need rebooting after these changes to configure itself correctly.
  6. If you have verified there is an internet connection, navigate to Home -> System Information and ensure the Firmware Revision is older than the firmware update you expect to retrieve.

3. I KNOW THERE IS A FIRMWARE UPDATE AVAILABLE, BUT THE BRIDGEWORKS WEB GUI DOES NOT INFORM ME OF THE UPDATE.

  1. Log into the Node’s web interface and navigate to Home -> Firmware Updates.
  2. Click the ‘Check Now’ button to force an update check. To discover a firmware update, an internet connection is necessary.
    1. You can test the connection by following the steps in ‘Performing a ping to test network connectivity’, using a host on the internet (such as aws.amazon.com).
    2. If the ping reveals an issue, ensure your VPC is set up correctly, particularly that it has an internet gateway and a DNS server configured. Your Node may need rebooting after these changes to configure itself correctly.
  3. If you have verified there is an internet connection, navigate to Home -> System Information and ensure the Firmware Revision is older than the firmware update you expect to retrieve.

4. I CANNOT INITIATE AN ISCSI SESSION TO THE AWS STORAGE GATEWAY.

  1. If you have enabled CHAP on the AWS Storage Gateway, verify your CHAP settings are correct, by default the user name is the IQN of the Node.
  2. Verify your network connection to the AWS Storage Gateway by following the steps in ‘Performing a ping to test network connectivity’, using the AWS Storage Gateway’s IP address as the host.
  3. Ensure your VPC is allowing iSCSI traffic from your Node to the AWS Storage Gateway.

5. I CANNOT ESTABLISH THE CONNECTION FROM NODE A TO NODE B.

  1. Ensure there are no relevant alerts present on the Web GUI. Alerts will appear below the Node Menu on the left (once logged in). Sometimes a connection will fail and an alert will inform you why it failed.
  2. Verify your network connection between the Nodes by following the steps in ‘Performing a ping to test network connectivity’ from Node A, selecting the WAN port as the Network Interface and using one of the following as the host:
    • If you are using a VPN connection between the Nodes, use the private IP address of Node B’s WAN port.
    • If you are not using a VPN connection, use the public IP address of Node B’s WAN port.
  3. Verify that Node B has Node A’s outbound IP address in its ‘Remote Node Access Control’ list, you can find this list by logging into the Web GUI and navigating to Home -> Node Management. The outbound IP address will be one of the following:
    • If you are using a VPN connection between the Nodes, it will be the private IP address of Node A’s WAN port.
    • If you are not using a VPN connection, it will be the public IP address of Node A’s WAN port.
  4. Check both Node’s IPsec settings. For both Nodes:
    1. Log into the web interface and navigate to Passwords & Security.
    2. Under “WANrockIT IPsec configuration”, check whether IPsec is enabled or disabled. If it is enabled, click “Show Key” and make a note of its Pre-Shared Key.

Ensure that these settings are identical on both Nodes. If you need to make any changes, click Save afterwards. The changes should take effect immediately, although when enabled, IPsec may take a moment to negotiate when you next attempt to connect or ping between the two Nodes.

6. MY PERSISTENT TARGET HAS NOT BEEN LOGGED ONTO AFTER A REBOOT (WHEN USING WINDOWS SERVER 2012 ISCSI TARGET).

There is a known issue with Windows Server 2012 iSCSI target that causes persistent target logons to occasionally fail.

  1. Log into the Web GUI, and navigate to Home – > iSCSI Initiator.
  2. Select the inactive target and click ‘Log On’.
  3. Verify the details in the dialog box and click ‘OK’ to restore the session.

7. I’M HAVING ISSUES WITH ESTABLISHING MY FTP CONNECTION.

  1. Ensure the switch that connects the FTP client side Node to the client has ‘Promiscuous mode’ enabled. It is also recommended to have an isolated switch joining the client and the FTP client side Node to reduce the risk of creating a network loop with the Node’s bridged port.
  2. Ensure your firewalls and/or AWS security groups allow FTP traffic to pass through (default port is TCP 21) on the server, client and Nodes.
  3. On the FTP client side Node, log into the Web GUI and navigate to Home -> FTP Client. This page will inform you of any issues detected with its configuration and instruct how to resolve these issues.
  4. Ensure that the FTP server-side Node has the FTP server you are trying to connect to enabled. To verify this:
    1. Log into the server-side Node’s web interface and navigate to FTP Server.
    2. Check that the ‘Remote Nodes’ column has the FTP client-side Node in the list. If not, see the WAN Link Connectivity section.
    3. Select the client-side Node. This should display the FTP server in the ‘Configured FTP Servers’ column. If not, see “Configuring your AWS WANrockIT Node for FTP”.
    4. Ensure the checkbox next to the server address is checked.
    5. Check the port is also correct. If no port is specified next to the FTP server, then the default of 21 is being used.
    6. If you have had to make any changes to the configuration, click Save. Changes should take effect immediately.
  5. Ensure your Nodes have successfully connected to each other.
  6. Ensure that the client can ping the FTP client side Node’s WAN port (this can be tested by following the steps in ‘Performing a ping to test network connectivity’, using the client’s IP as the host).
  7. Ensure the server can communicate with the FTP Server side Node’s LAN port.
  8. Ensure the client has the necessary routing to direct traffic bound for the server through the FTP client side Node’s WAN port. Also ensure the server has the necessary routing to direct client traffic through the FTP server side Node’s LAN port.
  9. If possible, establish a connection from the client to the server without using the two Nodes. this can determine whether the issue lies with the Node setup or the client/server setup.

8. I SEE THE MESSAGE “WANROCKIT CONNECTION LICENCE UNAVAILABLE”.

  1. One of your WANrockIT Nodes does not have sufficient licences for the connection to be established.
  2. Ensure that the IP address you are using to establish the connection is correct (Note: WANrockIT Cloud Service Provider Nodes can only connect to AWS WANrockIT Nodes).

9. I AM EXPERIENCING ISSUES WITH MY WANROCKIT TRANSFER PERFORMANCE.

  1. Ensure sure that there is enough spare CPU load capacity on your ESXi host. See Cloud Service Provider for details.
  2. If you are using IPsec the performance of you link will run at approximately 100 MB/s if your processor runs at a minimum clock speed of 3.2Ghz. Performance will decrease based on your clock speed.
  3. If you have removed iSCSI devices and have rebooted your Nodes without refreshing devices, your Node will continually attempt to log onto the device which can inhibit your performance. To refresh your devices, click on “Remote SCSI Target Management” from the home screen. Select your WANrockIT Node from the list and then click on refresh devices. After the Node negotiation has completed your Node will no longer attempt to log onto a Node that isn’t there.

10. I’M EXPERIENCING CONNECTIVITY ISSUES IN MY ESXI ENVIRONMENT.

  1. If you have increased the MTU size on the Node, ensure that you have changed the MTU on the ESXi switch as well.
  2. The ESXi OVA image for the Node will come with 3 network interfaces using the VMXNET 3 adapter, this is the recommended adapter for the Node and using other adapters may affect performance or stability. If you have added adapters to the virtual machine, ensure they are VMXNET 3 adapters.

11. MY PORT NUMBERS HAVE INCREASED ON ESXI, AND I NO LONGER HAVE A ‘PORT 1’.

  1. Port numbering is based on the port’s MAC address. If ‘Port 1’ is missing it is likely the port has been completely removed from the virtual machine or that its MAC address has been altered since initial setup.
  2. Having a missing interface should not cause any problems; the Web GUI can be accessed on any of the remaining ports should it be missing.
    1. Any protocols mapped to the port would need to be added to a different port, and any connected hosts/devices/Nodes may required reconfiguration.
  3. If you would like to recover Port 1, you can restore the Node to factory defaults by logging into the Web GUI and navigating to Home -> Load/Save Configuration and clicking ‘Restore Factory Defaults’. Note: this will delete ALL your configuration settings.

12. THE SPEED OF THE NETWORK INTERFACES COMES UP AS 10GB ON ESXI EVEN THOUGH THEY ARE CONNECTED TO A 1GB CARD.

  1. This is because we use the VMNETX3 driver to give better performance. As this is virtualised, the speed is shown as 10Gb