Fundamentals of Quality of Service (QoS) (Notes):

Thanks to all time best Cisco instructor Kevin Willis for sharing his video on Youtube! I watched his video to revist QoS fundamentals and re-consolidate previous knowledge. KW, you’re a Legend!

 

 “Quality of Service is a managed unfairness.”

Agenda

  1. Learn QoS Mechanisms
  • QoS is like a tool box with various number of tools, not just one thing
  1. Understand QoS Markings
  • how do we mark different traffics
  1. Demystify Weighted RED
  • Weighted Random Early Detection
  1. Select Appropriate Queuing
  • g.) LAN is running 1GB but WAN network is only 10mb, how does the router handle the 100:1 speed ratio,
  • High priority traffic such as Real-time streaming video or voice vs download/gaming traffic?
  1. Explain the ‘Token bucket’
  2. Configure QoS using MQC

 

Fundamentals of Quality of Service (QoS):

 “Quality of Service is a managed unfairness.”

  1. Learn QoS Mechanisms

If you have all different application fighting for the same bandwidth, you have to decide based on the characteristics of each traffic. Know what the applications are and what the business needs are.

 

10Gb links everywhere, no big deal to have a QoS.

Even within LAN, on high speed network the aggregation point becomes a bottleneck.

 qos1.png

 

IntServ =  RSVP (Resource Reservation Protocol). Sometimes called “hard-QoS”. Bandwidth is pinned-up (reserved) so a certain traffic can use on demand. These days, we rarely see IntServ in use due to inflexible nation of this QoS mechanism.

DiffServ = Differentiated Service. Router will differentiate different traffic types. Put different traffic types for different class. Create no more than 11 different traffic (if everyone is special, nobody is special) <<<Cisco recommendation.

Best effort = FIFO, first in firs served. No QoS enabled.

 

Common QoS Mechanisms – QoS is not a single tool that you just activate. QoS is a collection of tools.

  1. Classification and Marking

e.g.) Boarding pass for an airline – priority marking on boarding pass

Cisco tells us to classify your traffic into no more than 11 network traffic types. Classify and mark the traffic as early as possible on your network, changing bits on the header. Routers and switches can look at the header information and quickly decide whether to forward/drop packets, so the decision becomes really fast. Use access lists (NBAR) to do this. Once the traffic is classified, put the marking on it. However, classification and marking alone does not do anything.

 

  1. Queuing

E.g.) 1GB or 10GB Switch network traffics coming into router network with 10MB link out. If we had FIFO. We only have a limited amount of memory to queue all traffics, once the queue buckets fill-up, the excess traffics will start dropping overflowing from the single bucket. So to make this more efficient based on different traffic’s characteristics, this bucket can be sub-divided into a few smaller buckets, then different traffic can fill-up and use different buckets with varying priorities.

Mark the traffics and it can be put into different buckets. e.g.) VoIP goes into different bucket vs Best effort traffic. Typically VoIP traffic gets DSCP 46 (Differentiated Services Code Point). If VoIP is marked with a DSCP of 46, then put this traffic into one bucket. Everybody else can go into the other bucket. This is called queue separation. Even though the Best Effort buckets gets full and start dropping packets, the VoIP bucket will fill up occasionally and will not get full and impacted by the Best Effort bucket’s performance.

qos2

Cisco has many tools to help us on how to manage queues and dictate emptying these queues. Different Queue mechanisms supported on Cisco IOS?  Weighted Fair Queuing, Class-based weighted Queuing, Low Latency Queuing, Priority queuing, Custom Queuing, In the real world scenario, Class-based weighted Queuing and Low Latency Queuing are most often used.

The beauty of queuing is that it can protect certain traffic just simply separating different traffics into different buckets.

 

  1. Congestion Avoidance

RED – Random Early Detection, drop random traffic for the good of many.

 

  1. Policing and Shaping

Traffic conditioners

Policing – sets speed limit, if some packet is trying to transmit more than allowed, policing drops any exceeding traffic packet and these traffics must be retransmitted if they are TCP packets. If this is UDP packets, there is no retransmission.

Shaping – also sets speed limit, but softer, not enough bandwidth, buffer (delay) the packets and then send them off.

 

  1. Link Efficiency

Not as important as it used to be as we have higher WAN links these days.

  1. Link Fragmentation and Interleaving (LFI) = Sometime on the network on a slow speed link (56kbps link), there is a 1500byte data packet queued up and tiny voice packet has been queued up behind this packet. 214ms to send 1500bytes through 56kbps link.

 

Voice packet speed requirement:

<150ms transmission speed is OK.

>150ms = will start to get bad

>200ms = really get bad

 

E.g.) Analogy, metaphor – Caught at Traffic light and three trailer truck (Data packet) is in front of your sports car (voice packet). Fragment the 3 trailers and send them, but the sports car can swivel through them and get passed through. One issue: due to fragmentation, now you have three headers on each of the trailer, so increased header size. @768kbps (WAN link), if you are sending voice over IP, if less than 768kbps speed, use of LFI will help. If 768kbps or more, do not use LFI, it will hurt the network more than helping.

 

  1. Compression – sending the same amount of data using less bandwidth

The main use on today’s network is ‘RTP header compression’

RTP (Real Time Protocol) is a L4 protocol, depending on what sort of codec we use, the size of the payload could be 20 bytes, add L3 IP header + L4 UDP header + L4 RTP header = 40 bytes of header alone. Your header is 2 times the size of your payload. The payload to header ratio is 1:2. Turn on RTP header compression on the router interface. The routers looks at the voice packets arriving on its interface and see the commonalities between every packets in the same communication, it seems like every packet has the same destination IP address, same source and destination port IDs, why are we sending the same information multiple times? On each end routers, keep the copy of this information and send much smaller header (either 2 bytes or 4 bytes. 4 bytes have checksum. Generally on Cisco devices, it will use 2 bytes). The 2 bytes header contains the session context identifier (CID) which differentiates one voice conversation with another voice conversation. At the far end router, the router uses CID to identify the voice traffic and put the cached header copies onto the coming in traffic and send out to the LAN network.

 

 2. Understand QoS Markings

qos3

L2 marking = Class of Service (CoS)

ISL = not used

IEEE802.1Q = 4 bits added, (3 bits = 8 values (0-7) bits.)

 

6 and 7 bits = reserved for network use

cos 5 = voice traffic

DSCP Values:

CS (Class Selector)

Issue: Only layer 2 marking, if it goes out through a Router, it gets written over.  So, this has to be rewritten at L4 header using Type of Service (TOS) Bytes.

qos4.png

We can use three left bits; we can use IP Precedence (CoS matching only gives 6 classes of traffic as we cannot use 6 & 7 bits as in CoS). IP Precedence is not scalable. We now use DSCP using 6 bits in ToS byte – 0-63 DSCP values can be used. The 64 values gave too many options, so ITF decided to define commonly used DSCP values to set up certain standards.

 qos5

ITF preselected 21 names Per Hop Behaviours (PHB), we can use the number or names that corresponds to ITF names.

qos6

 

 DSCP/PHB Value for Enterprise traffics.

사용자 지정 20

 

  1. Demystify Weighted RED

 Random Early Detection (RED)

사용자 지정 16

When we get to certain level (Min. threshold), start introducing the possibility of dropping. As it moves up and hit the Max Threshold, the chances of dropping packets get bigger.

 사용자 지정 17

 MPD = Mark Probability Denominator

 Cisco IOS already has MPD values, but this can be manipulated. The following is WRED profiles suggested by Cisco.

 사용자 지정 18

  

Explicit Congestion Notification (ECN)

https://www.juniper.net/documentation/en_US/junos/topics/concept/cos-qfx-series-explicit-congestion-notification-understanding.html

Uses the 7th bit in ToS Byte for ECT and 8th bit for CE.

The receding router can mark the ECT and CE bits to binary 1’s and ask the other router to slow down. Otherwise, the packets gets dropped and then the TCP slow-start will kick-in (TCP windowing concept, where the window size is doubled continuously until it reaches threshold value and it drops down and TCP slow-start kicks in.)

 사용자 지정 19

 

 

  1. Select Appropriate Queuing

CB-WFQ vs LLQ

사용자 지정 25

Cisco recommends us to use no more than 11 traffic classes, but one class already is created by default, “class-default”.  Catch-all traffic class, so we can use 12 classes of traffic.

  • class-default uses FIFO.
  • CB-WFQ – during the time of congestion when QoS kicks in, give minimum of x Mbps of bandwidth, but give more if more bandwidth is available.
  • LLQ (priority) queue – during the time of congestion, give up to 3Mbps of bandwidth, but nor more that 3Mbps.

E.g.) Car pool lane or bus lane – if you have more passengers, you have rights to use the special lane, but still needs to keep the speed-limit.

 

  1. Explain the ‘Token bucket’

Using Frame-relay network, speed of 128kbps.

How do you send data at the half the rate of the line speed? of if the full line speed is 128kbps, send at 64kbps speed. Use the analogy of car traveling at 100km/h to reach 50kms in 0.5 hours.

Send & stop, send & stop, this is how the policing and shaping does its magic.

 사용자 지정 26

 

  1. Configure QoS using MQC

고정된 영역 1

고정된 영역 2

고정된 영역 3

 

고정된 영역 4

 

 

 

MQC Demo

QoS configuration is a 3 steps process:

 

Step 1: Create Class-maps

#classify EMAIL TRAFFIC

R1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#class-map ?

WORD       class-map name

match-all  Logical-AND all matching statements under this classmap

match-any  Logical-OR all matching statements under this classmap

type       Configure CPL Class Map

 

R1(config)#class-map match-any EMAIL

R1(config-cmap)#match protocol pop3

R1(config-cmap)#match protocol imap

R1(config-cmap)#match protocol exchange

R1(config-cmap)#match protocol smtp

R1(config-cmap)#exit

 

R1(config)#class-map VOICE

R1(config-cmap)#match protocol rtp ?

audio             Match voice packets

in-app-hierarchy  Match protocol in transport hierarchy

payload-type      Match an explicit PT

potentially       Match protocol, and all potentiall traffic

video             Match video packets

<cr>

R1(config-cmap)#match protocol rtp audio

 

R1(config-cmap)#exit

 

#WEB TRAFFIC

R1(config)#class-map match-any WEB

R1(config-cmap)#match protocol http

R1(config-cmap)#match protocol secure-http

 

#SCAVENGER TRAFFIC

R1(config)#class-map SCAVENGER

R1(config-cmap)#match protocol bitt

R1(config-cmap)#match protocol bittorrent

R1(config-cmap)#exit

 

R1#show class-map

Class Map match-any class-default (id 0)

Match any

 

Class Map match-any EMAIL (id 1)

Match protocol pop3

Match protocol imap

Match protocol exchange

Match protocol smtp

 

Class Map match-any WEB (id 3)

Match protocol http

Match protocol secure-http

 

Class Map match-all VOICE (id 2)

Match protocol rtp audio

 

Class Map match-all SCAVENGER (id 4)

Match protocol bittorrent

 

 

Step 2: Create Policy-maps

R1(config)#policy-map QOS-LAB1

R1(config-pmap)#?

Policy-map configuration commands:

class        policy criteria

description  Policy-Map description

exit         Exit from policy-map configuration mode

no           Negate or set default values of a command

R1(config-pmap)#class EMAIL

R1(config-pmap-c)#?

Policy-map class configuration commands:

admit            Admit the request for

bandwidth        Bandwidth

compression      Activate Compression

drop             Drop all packets

exit             Exit from class action configuration mode

fair-queue       Enable Flow-based Fair Queuing in this Class

flow             Flow subcommands

log              Log IPv4 and ARP packets

measure          Measure

netflow-sampler  NetFlow action

no               Negate or set default values of a command

police           Police

priority         Strict Scheduling Priority for this Class

queue-limit      Queue Max Threshold for Tail Drop

random-detect    Enable Random Early Detection as drop policy

service-policy   Configure QoS Service Policy

set              Set QoS values

shape            Traffic Shaping

 

R1(config-pmap-c)#set dscp af13

R1(config-pmap-c)#bandwidth 512 <<<give this command first before giving ‘random-detect’ command

R1(config-pmap-c)#end

R1(config-pmap-c)#random-detect ?

atm-clp-based                   Enable atm-clp-based WRED as drop policy

clp                             parameters for each clp value

cos                             parameters for each cos value

cos-based                       Enable cos-class-based WRED as drop policy

discard-class                   parameters for each discard-class value

discard-class-based             Enable discard-class-based WRED as drop

policy

dscp                            parameters for each dscp value

dscp-based                      Enable dscp-based WRED as drop policy

ecn                             explicit congestion notification

exponential-weighting-constant  weight for mean queue depth calculation

precedence                      parameters for each precedence value

precedence-based                Enable precedence-based WRED as drop policy

<cr>

 

R1(config-pmap-c)#random-detect dscp-based <<<default is using cos, this command enables dscp based WRED

R1(config-pmap-c)#random-detect ecn <<<turns on ECN

R1(config-pmap-c)#exit

R1(config-pmap)#class VOICE

R1(config-pmap-c)#priority 256 <<<Enabled LLQ, go first

R1(config-pmap-c)#random-detect dscp-based <<<Since voice traffic is RTP encapsulated in UDP, TCP slow-start will not help us. So, no need to use ECN bits. No need to use WRED.

Must deconfigure priority in this class before issuing this command

R1(config-pmap-c)#exit

R1(config-pmap)#class WEB

R1(config-pmap-c)#bandwidth 768

R1(config-pmap-c)#exit

R1(config-pmap)#class SCAVENGER

R1(config-pmap-c)#police 128000 <<<Set the maximum bandwidth using Policing. This is in bps (bits) not Bps (Bytes).

R1(config-pmap-c-police)#exit

R1(config-pmap-c)#exit

R1(config-pmap)#exit

R1#show policy-map

Policy Map QOS-LAB1

Class EMAIL

set dscp af13

bandwidth 512 (kbps)

Class VOICE

priority 256 (kbps)

Class WEB

bandwidth 768 (kbps)

Class SCAVENGER

police cir 128000 bc 4000

conform-action transmit

exceed-action drop

 

#Marking only can be done on the inbound traffic.

#Shaping can only be applied to outbound traffic.

#Policing can be applied to either directions.

 

R1#conf t

R1(config)#int gi0/0

R1(config-if)#service-policy output QOS-LAB1 <<<Apply configuration to outgoing traffic

R1(config-if)#end

 

R1#show policy-map interface gi0/0

GigabitEthernet0/0

 

Service-policy output: QOS-LAB1

 

queue stats for all priority classes:

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

 

Class-map: EMAIL (match-any)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: protocol pop3

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol imap

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol exchange

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol smtp

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

QoS Set

dscp af13

Packets marked 0

bandwidth 512 kbps

 

Class-map: VOICE (match-all)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: protocol rtp audio

Priority: 256 kbps, burst bytes 6400, b/w exceed drops: 0

 

 

Class-map: WEB (match-any)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: protocol http

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol secure-http

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 768 kbps

 

Class-map: SCAVENGER (match-all)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: protocol bittorrent

police:

cir 128000 bps, bc 4000 bytes

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0000 bps, exceeded 0000 bps

 

Class-map: class-default (match-any)

3 packets, 180 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: any

 

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 3/180

 

Top 10 useful Linux commands – for your first Linux job interview

  1. How to check Linux Kernel version of a system?

[root@localhost /]# uname
Linux

-a = all

-v = version

-r = release

[root@localhost /]# uname -a
Linux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Wed Mar 21 18:14:51 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost /]# uname -v
#1 SMP Wed Mar 21 18:14:51 EDT 2018
[root@localhost /]# uname -r
3.10.0-862.el7.x86_64

 

2. How to check your system’s current IP address?

Old method – “ifconfig

2-1 ifconfig

New method – “if addr show‘ or “if addr

2-1 ip addr show

 

3. How to check for free disk space?

df = disk free

-ah = all + human readable

so, use “df -ah

3. df -ah

 

4. How to manage services on a system?

Old method: service [service_name] status

New method: systemctl status [service_name]

sshd status example shown below:

service sshd status

4-1 service sshd status

systemctl status sshd

4-2 systemctl status sshd

 

5. How to check the size of a directory’s contents on disk?

du = disk use

-sh = short

so, use “du -sh [directory_path]

5 du -sh

*note: if you use ‘du var’ without -sh handle, it will display all files in that directory.

 

6. How to check open ports on a Linux server?

netstat = lists all ports, could be too much information, so have to trim it down.

6 netstat

 

nestat -tulpn

-t = TCP, -u = UDP, -l = Listening, -p = program, -n = numeric

 

6 netstat -tulpn

*note: ‘netstat -tupln’ has to run with a privilege to display the programs.

 

7. How to check CPU usage of a given process?

ps aux | grep [service_name]

top = shows top processes utilised, updates every 5 seconds.

 

ps aux | grep sshd

7-1 ps aux grep sshd

top

7-2 top

*You can also install ‘htop’ and see more graphical based process utilisation.

 

8. How to mount a new volume? Mounting a device.

ls /mnt = devices are usually mounted under root directory called ‘mnt’

mount /dev/sda2 /mnt = mount sda2 device to mnt mounting point

mount = list all mounted devices

To check what devices got mounted on boot-up, use ‘less /etc/fstab’

 

9. Finding out something you don’t know?

Use ‘man‘ pages.

[command] –help

 

10. What do you do when you cannot find an answer in a man page?

Search using Google, stack overflow, etc. on the internet.

https://www.google.com/

https://stackoverflow.com/

 

 

4. Install and configure NTP server in Red Hat/Centos 7.5 Linux

NTP (Network Time Protocol) is a protocol which runs over UDP port 123. NTP synchronise clients’ time and date with a master server. Within Enterprise Networking environment, to provide a reliable time service, an NTP server should have a minimum NTP stratum of 5 or less.

Step 1: Install and configure NTP daemon

sudo yum install ntp

 

Step 2: Check and adjust time zone

  1. timedatectl
  2. timedatectl list-timezones <<<to list and find time zones
  3. timedatectl set-timezone Australia/Sydney

Step 3: Enable and start ntpd service

sudo systemctl enable ntpd

sudo systemctl start ntpd

 

Step 4: Check basic NTP functionality

ntpstat

date

ntpq –p

 

Step 5: Check NTP configuration under /etc/ntp.conf

more /etc/ntp.conf

3. Install and configure TFTP server in Red Hat/Centos 7.5 Linux

Step 1: Install, enable and start firewalld

sudo yum install firewalld

sudo systemctl enable firewalld <<<starts up firewall when system boots up

sudo systemctl start firewalld

 

Step 2: Punch a hole in firewalld to allow TFTP traffic.

 

firewall-cmd –permanent –zone=public –add-service=tftp

firewall-cmd –reload

iptables -I INPUT -p udp –dport 69 -j ACCEPT

 

Step 3: Install, enable and start TFTP server and client

sudo yum install xinetd tftp-server tftp

sudo systemctl enable xinetd tftp <<<starts up automatically on system boot-up

sudo systemctl start xinetd tftp

 

Step 4: We don’t want TFTP user to have root user permission. So let’s create a system account called tftpuser with no home directory and no login capability.

sudo useradd –no-create-home –s /sbin/nologin tftpuser

 

Step 4: Create a directory for TFTP Server use.

sudo mkdir –p /tftpdata

sudo chmod 777 /tftpdata

nano /tftpdata/demo1.txt

chown tftpuser:tftpuser –R /tftpdata

 

 

Step 5: Configure TFTP service using the following settings.

 

nano /etc/xinetd.d/tftp

222

Server_args notes:

-c = allows clients to connect and create files on the directory

-s = automatically change directory when client connect to TFTP server, to a specific directory in the configure file such as /tftpdata. A security feature.

-u = specifies the user as the owner of the directory /tftpdata

-p = Perform no additional permissions check

-U = Set-up Umask setting when client creates or pushes a new file

-v = Print some logging verbose when client connect to TFTP server.

 

Step 6: Edit file system start service for TFTP. Update [Service] > ‘ExecStart’line as below:

sudo nano /usr/lib/systemd/system/tftp.service

 

 

[Unit]

Description=Tftp Server

Requires=tftp.socket

Documentation=man:in.tftpd

 

[Service]

ExecStart=/usr/sbin/in.tftpd -c -v -u tftp -p -U 117 -s /tftpdata

StandardInput=socket

 

[Install]

Also=tftp.socket

 

Step 7: Reload the system daemon & TFTP services

 

sudo systemctl daemon-reload

sudo systemctl start xinetd

sudo systemctl enable xinetd

sudo systemctl start tftp

sudo systemctl enable tftp

 

 

Step 8: Check UDP port 69 is in listening mode

https://www.tecmint.com/20-netstat-commands-for-linux-network-management/

 

netstat -na | grep udp6

111

 

Use ‘netstat –lu’ for all UDP listening ports/services

222

Use ‘netstat –ap | grep tftp’ to check the service.

333

 

Check that firewall is allowing udp port 69.

netstat -tupan

netstat –tupan | grep 69

111

 

Step 9: Check connection and download a demo.txt file. Using another server/router/switch. Download a demo.txt from TFTP server.

 

  1. On TFTP server (192.168.47.135), create demo.txt file under tftpdata directory.

 

nano /tftpdata/demo.txt

222

 

  1. On another Linux host (IP: 192.168.47.131), download demo.txt file.

 

tftp 192.168.47.135

get demo.txt

 

333

 

Now verification has been completed and you have a working TFTP server.

2. Install and configure SFTP server in Red Hat/Centos 7.5 Linux

Step 1: Create a SFTP user with password

sudo adduser sftpuser

sudo passwd password

 

Step 2: Create Directory for File Transfer

 

  1. sudo mkdir –p /var/sftp/sftpdata

 

[root@localhost /]# find . -name “sftpdata”

find: ‘./run/user/1000/gvfs’: Permission denied

./var/sftp/sftpdata

 

  1. Make the root user as the owner of this directory.

sudo chown root:root /var/sftp

 

  1. Grant write permission to the root user and read permission to other users.

sudo chmod 755 /var/sftp

 

  1. Modify the owner of sftpdata to be the user access.

sudo chown sftpdata:sftpdata /var/sftp/sftpdata

 

Step 3: Restrict Directory Access

 

  1. open sshd_config file

 

sudo nano /etc/ssh/sshd_config

 

  1. Add the following to the end of the file.

Match User sftpuser

ForceCommand internal-sftp

PasswordAuthentication yes

ChrootDirectory /var/sftp

PermitTunnel no

AllowAgentForwarding no

AllowTcpForwarding no

X11Forwarding no

 

  1. Restart sshd to apply change

sudo systemctl restart sshd

 

Step 4: Verification via SSH connection

 

ssh sftpuser@192.168.47.135

 

The SSH connection gets closed as expected.

333

 

sftp sftpuser@192.168.47.135

You can connect via sftp and now download and manage files as below.

111

Now the ssh access has been restricted successfully and the sftpuser can only upload and manage his/her file via SFTP only.

1. Install and configure FTP server in Red Hat/Centos 7.5 Linux

Step 1: Install vsftpd (very secure FTP daemon) package.

yum install -y vsftpd ftp

 

Step 2: Enable FTP on firewall

firewall-cmd –permanent –zone=public –add-service=ftp
firewall-cmd –reload

 

Step 3: to automatically start FTP Server when server powers on.

  1. enable vsftpd service.

systemctl enable vsftpd.service

2. Checking the status of ftp server

systemctl status vsftpd.service

 

Step 4: Configure vsftpd package. Edit /etc/vsftpd/vsftpd.conf

nano /etc/vsftpd/vsftpd.conf

 

  1. Change the line which contain anonymous_enable=NO to anonymous_enable=YES. This will give permit any one to access FTP server with authentication. If this setting is changed to ‘NO’, then users must use their login and password to access files from their home directory. [Note: For our use, I am keeping this setting as YES, so each user has to log in access their own files]
  2. local_enable=YES
    c. write_enable=YES
  3. Add the following to the end of the file.

#ADDED BY BC

allow_writeable_chroot=YES

pasv_enable=Yes

pasv_min_port=40000

pasv_max_port=40100

 

Step 5: Start FTP Server
systemctl start vsftpd.service

 

Step 6: Verification. Create a file under ‘var/ftp/pub’. Use a web browser to access the file.

[root@localhost /]# find . -name “pub”

find: ‘./run/user/1000/gvfs’: Permission denied

./var/ftp/pub

[root@localhost /]# cd var/ftp/pub

[root@localhost pub]# nano ftppubfile1.txt

 

If anonymous_enable=YES, ./var/ftp/pub Directory will be used.

111

If anonymous_enable=NO, users have to login with their credentials to access files.

222