Reconfigure SFTP from to use the Client Access Network

Hi Erman,
I have a small dilema with integrating SFTP with Exadata. Basically SFTP is only available on the management network by default. For us SFTP is an application or part of application where Oracle Data Integrator (ODI), grabs files (lot of them) and upload them via SFTP to the DBFS share on Exadata for fast loading.

I am sure you can across this situation, our management network is slow (10 MB/s - we might to increase this network) even though the card can speed up to 1GB/s...This is how the network is at moment.

So we would like to enable SFTP from the Client Access Network where the speed is 10G/s....Oracle have said we can reconfigure this if we want but they will not show us how to do it. Their view is that Client Access Network for the application (SQL), our view is that SFTP is part of our application and plus it will run at the beginning of our batch..


Do you have any idea ?

Thanks,
Regis

Hi,

I dont think it will be a supported action, but it can be  done.

So,

SFTP uses port 22 as it is running over SSL tunnels.
So , making the SSHD to listen on the relevant Client Interface / IP will do the job.

When you look at the /etc/ssh/sshd_config file,
you will see the following;

#### Generated by Exadata by ipconf. BEGIN. DO NOT MODIFY ####
ListenAddress YOUR_MANAGEMENT_NETWORK_IP_OF_NODE1
ListenAddress YOUR_PRIVATE_NETWORK_IP_OF_NODE1


So, in order make sftp to work from the client interface;
add the following line replacing your client_ips in both of your compute nodes and restart the sshd services.

#For the first node;

ListenAddress YOUR_CLIENT_NETWORK_IP_OF_NODE1

#For the second node;

ListenAddress YOUR_CLIENT_NETWORK_IP_OF_NODE2



[root@ermanexanode2~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

After taking these action in both of the nodes and restarting the sshd service, you will see that the ssh listens on client network interface as follows;

[root@ermanexanode02 ~]# netstat -an|grep 22|grep LISTEN  
tcp        0      0 10.10.10.151:22             0.0.0.0:*                   LISTEN      
tcp        0      0 192.168.10.5:22             0.0.0.0:*                   LISTEN      
tcp        0      0 192.168.0.91:22             0.0.0.0:*                   LISTEN  --> CLIENT NETWORK IP


So, when you make sftp to the client ip, it will be established..

[root@ermanexadnode2 ~]# sftp 192.168.0.81
Connecting to 192.168.0.81...
The authenticity of host '192.168.0.81 (192.168.0.81)' can't be established.
RSA key fingerprint is 3f:e7:df:65:c2:f2:b4:04:17:ac:82:40:aa:a5:ba:9b.
Are you sure you want to continue connecting (yes/no)?

Thanks Erman,

I have been able to change this and test upload speed using iperf utility. I will chatting with the network guys to see if we cannot up the bandwidth as the ethernet card support bigger speeds.

It looks a rather expensive change for a little gain at the moment from my view.


Cheers,