Linux Advanced RoutingAndTraffic.pdf
(
476 KB
)
Pobierz
29787689 UNPDF
Linux Advanced Routing & Traffic
Control HOWTO
bert hubert
Netherlabs BV
bert.hubert@netherlabs.nl
Gregory Maxwell
greg@linuxpower.cx
Remco van Mook
remco@virtu.nl
Martijn van Oosterhout
kleptog@cupid.suninternet.com
Paul B Schroeder
paulsch@us.ibm.com
Jasper Spaans
jasper@spaans.ds9a.nl
Linux Advanced Routing & Traffic Control HOWTO
by bert hubert, Gregory Maxwell, Remco van Mook, Martijn van Oosterhout, Paul B Schroeder, and Jasper Spaans
A very hands-on approach to iproute2, traffic shaping and a bit of netfilter.
Verison v1.0.0 $Date: 2002/04/13 17:12:59 $
Table of Contents
1. Dedication ...............................................................................................................................................1
2. Introduction............................................................................................................................................2
2.1. Disclaimer & License..................................................................................................................2
2.2. Prior knowledge ..........................................................................................................................2
2.3. What Linux can do for you .........................................................................................................3
2.4. Housekeeping notes ....................................................................................................................3
2.5. Access, CVS & submitting updates ............................................................................................4
2.6. Mailing list ..................................................................................................................................5
2.7. Layout of this document .............................................................................................................5
3. Introduction to iproute2 ........................................................................................................................6
3.1. Why iproute2? .............................................................................................................................6
3.2. iproute2 tour ................................................................................................................................6
3.3. Prerequisites ................................................................................................................................6
3.4. Exploring your current configuration..........................................................................................7
3.4.1.
ip
shows us our links .....................................................................................................7
3.4.2.
ip
shows us our IP addresses .........................................................................................8
3.4.3.
ip
shows us our routes ...................................................................................................9
3.5. ARP .............................................................................................................................................9
4. Rules - routing policy database ..........................................................................................................12
4.1. Simple source policy routing ....................................................................................................12
4.2. Routing for multiple uplinks/providers .....................................................................................14
4.2.1. Split access ...................................................................................................................14
4.2.2. Load balancing .............................................................................................................15
5. GRE and other tunnels........................................................................................................................17
5.1. A few general remarks about tunnels:.......................................................................................17
5.2. IP in IP tunneling ......................................................................................................................17
5.3. GRE tunneling...........................................................................................................................18
5.3.1. IPv4 Tunneling .............................................................................................................18
5.3.2. IPv6 Tunneling .............................................................................................................20
5.4. Userland tunnels........................................................................................................................20
6. IPv6 tunneling with Cisco and/or 6bone............................................................................................22
6.1. IPv6 Tunneling ..........................................................................................................................22
7. IPsec: secure IP over the Internet ......................................................................................................26
8. Multicast routing .................................................................................................................................27
9. Queueing Disciplines for Bandwidth Management ..........................................................................29
9.1. Queues and Queueing Disciplines explained ............................................................................29
9.2. Simple, classless Queueing Disciplines ....................................................................................30
9.2.1. pfifo_fast.......................................................................................................................30
9.2.2. Token Bucket Filter ......................................................................................................33
9.2.3. Stochastic Fairness Queueing .......................................................................................36
9.3. Advice for when to use which queue ........................................................................................37
9.4. Terminology ..............................................................................................................................38
9.5. Classful Queueing Disciplines ..................................................................................................40
iii
9.5.1. Flow within classful qdiscs & classes ..........................................................................40
9.5.2. The qdisc family: roots, handles, siblings and parents .................................................41
9.5.3. The PRIO qdisc ............................................................................................................42
9.5.4. The famous CBQ qdisc ................................................................................................45
9.5.5. Hierarchical Token Bucket ...........................................................................................52
9.6. Classifying packets with filters .................................................................................................53
9.6.1. Some simple filtering examples....................................................................................54
9.6.2. All the filtering commands you will normally need .....................................................55
10. Loadsharing over multiple interfaces ..............................................................................................57
10.1. Caveats ....................................................................................................................................58
11. Netfilter & iproute - marking packets..............................................................................................60
12. Advanced filters for (re-)classifying packets ...................................................................................62
12.1. The "u32" classifier .................................................................................................................63
12.1.1. U32 selector................................................................................................................63
12.1.2. General selectors ........................................................................................................64
12.1.3. Specific selectors ........................................................................................................66
12.2. The "route" classifier...............................................................................................................67
12.3. Policing filters .........................................................................................................................68
12.3.1. Ways to police ............................................................................................................68
12.3.2. Overlimit actions ........................................................................................................69
12.3.3. Examples ....................................................................................................................70
12.4. Hashing filters for very fast massive filtering .........................................................................70
13. Kernel network parameters ..............................................................................................................73
13.1. Reverse Path Filtering .............................................................................................................73
13.2. Obscure settings ......................................................................................................................74
13.2.1. Generic ipv4 ...............................................................................................................74
13.2.2. Per device settings ......................................................................................................79
13.2.3. Neighbor policy ..........................................................................................................80
13.2.4. Routing settings ..........................................................................................................81
14. Advanced & less common queueing disciplines ..............................................................................84
14.1. bfifo/pfifo ................................................................................................................................84
14.1.1. Parameters & usage ....................................................................................................84
14.2. Clark-Shenker-Zhang algorithm (CSZ) ..................................................................................84
14.3. DSMARK................................................................................................................................85
14.3.1. Introduction ................................................................................................................85
14.3.2. What is Dsmark related to? ........................................................................................85
14.3.3. Differentiated Services guidelines..............................................................................86
14.3.4. Working with Dsmark ................................................................................................86
14.3.5. How SCH_DSMARK works......................................................................................87
14.3.6. TC_INDEX Filter .......................................................................................................88
14.4. Ingress qdisc............................................................................................................................90
14.4.1. Parameters & usage ....................................................................................................90
14.5. Random Early Detection (RED) .............................................................................................90
14.6. Generic Random Early Detection ...........................................................................................92
14.7. VC/ATM emulation.................................................................................................................92
14.8. Weighted Round Robin (WRR) ..............................................................................................92
iv
15. Cookbook............................................................................................................................................94
15.1. Running multiple sites with different SLAs............................................................................94
15.2. Protecting your host from SYN floods....................................................................................95
15.3. Ratelimit ICMP to prevent dDoS ............................................................................................96
15.4. Prioritizing interactive traffic ..................................................................................................97
15.5. Transparent web-caching using netfilter, iproute2, ipchains and squid ..................................98
15.5.1. Traffic flow diagram after implementation ...............................................................102
15.6. Circumventing Path MTU Discovery issues with per route MTU settings ..........................103
15.6.1. Solution.....................................................................................................................104
15.7. Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable, PPPoE &
PPtP users)............................................................................................................................105
15.8. The Ultimate Traffic Conditioner: Low Latency, Fast Up & Downloads .............................106
15.8.1. Why it doesn’t work well by default ........................................................................107
15.8.2. The actual script (CBQ)............................................................................................108
15.8.3. The actual script (HTB)............................................................................................110
16. Building bridges, and pseudo-bridges with Proxy ARP...............................................................113
16.1. State of bridging and iptables................................................................................................113
16.2. Bridging and shaping ............................................................................................................113
16.3. Pseudo-bridges with Proxy-ARP ..........................................................................................113
16.3.1. ARP & Proxy-ARP...................................................................................................114
16.3.2. Implementing it ........................................................................................................114
17. Dynamic routing - OSPF and BGP ................................................................................................116
18. Other possibilities ............................................................................................................................117
19. Further reading................................................................................................................................120
20. Acknowledgements ..........................................................................................................................121
v
Plik z chomika:
truman34
Inne pliki z tego folderu:
Linux Advanced RoutingAndTraffic.pdf
(476 KB)
Linux - administracja sieciami - zaawansowane ( 554 strony ).pdf
(3893 KB)
książka W Obronie Wolnośi.rar
(1276 KB)
Inne foldery tego chomika:
ALCOHOL 120% 2.0.0.1331 PL
Dell Studio 1537 sterowniki XP drivers xp
Dub Fx - Theory Of Harmony (2013)
Eastern_Europe_880_3811
encrypted
Zgłoś jeśli
naruszono regulamin