Each PCA can support up to one Gbps. If you have multiple packet forwarders, you can set the configuration on the PCA so that any packet forwarder that connects to the PCA through initconn uses the defined configuration.
Before you set up the configuration on the PCA, you must pick a PCA machine from which the auto-configuration service runs. This PCA is the master machine for the auto-configuration process. To create a configuration to automatically configure new packet forwarders you modify files on the PCA and the packet forwarders.
What automatic packet forwarder configuration does
The automatic packet forwarder configuration lets you use a single configuration set up to configure new packet forwarders in your deployment. You set up the configuration on one packet forwarder and run configuration service on the PCA. Once the configuration is set and the service started, all addition packet forwarders created from the original packet forwarder machine use the configuration. You do not have to configure each packet forwarder individually.
What you do on the PCA
- Creating public and private RSA key pairs.
- Modifying the <installdir>/etc/pfconf-conf.xml file on the PCA. You
modify the file to:
- Add the IP addresses for the PCAs that the automatically added packet forwarders will use.
- Specify the number of Max Peers each PCA can interact with.
- Running the
pfconf -scommand to configure all of the other new packet forwarders.
- If you have a custom default fwdr-conf-default.xml file that you want to use so that each packet
forwarder uses a different configuration:
- Copy the custom file that you have to the <installdir>/etc directory on the PCA.
- Add the file name in the
<ConfigFile>tag in the pfconf-conf.xml
Optionally, you can manually modify the packet forwarder configuration locally on the master PCA. If you want to set the configuration for just one of the packet forwarders, you edit the fwdr-conf.xml file for the packet forwarder. Each packet forwarder has a configuration file in <installdir>/etc/pf-confs/<ipaddress>/fwdr-conf.xml. Any changes you make to this file are picked up by the pfconf script when it runs. The script sends the edited configuration to the packet forwarder and restarts the service to use the new configuration. This is done after you set up auto-configuration.
What you do on the packet forwarder
- Adding a public RSA key on the packet forwarder.
- Modifying the <installdir>/sbin/initconn service on one packet forwarder. You modify the service and add the IP address for the master PCA.
PCA side commands and processes
pfconfig- located in <PCAinstalldir>/sbin this command assigns a PCA to the Packet Forwarder, sends the configuration file to the Packet Forwarder, then restarts the Packet Forwarder. By default this command sets the listening port to 1880. You can change this port if you need to for your solution.
On the PCA, this process listens for initconn:
pfserv- by default, the process listens to port 1880 for information from the Packet Forwarder machine and creates the directory structure with the Packet Forwarder config file in <PCAinstalldir>/etc/pf-confs/<ipaddress> on the PCA. If you specified a different port to listen on with the pfconfig command, the pfserv process listens on that port.