365 lines
8.0 KiB
HTML
365 lines
8.0 KiB
HTML
|
<HTML
|
||
|
><HEAD
|
||
|
><TITLE
|
||
|
>Other possibilities</TITLE
|
||
|
><META
|
||
|
NAME="GENERATOR"
|
||
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
||
|
REL="HOME"
|
||
|
TITLE="Linux Advanced Routing & Traffic Control HOWTO"
|
||
|
HREF="index.html"><LINK
|
||
|
REL="PREVIOUS"
|
||
|
TITLE="Dynamic routing - OSPF and BGP"
|
||
|
HREF="lartc.dynamic-routing.html"><LINK
|
||
|
REL="NEXT"
|
||
|
TITLE="Further reading"
|
||
|
HREF="lartc.further.html"></HEAD
|
||
|
><BODY
|
||
|
CLASS="CHAPTER"
|
||
|
BGCOLOR="#FFFFFF"
|
||
|
TEXT="#000000"
|
||
|
LINK="#0000FF"
|
||
|
VLINK="#840084"
|
||
|
ALINK="#0000FF"
|
||
|
><DIV
|
||
|
CLASS="NAVHEADER"
|
||
|
><TABLE
|
||
|
SUMMARY="Header navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TH
|
||
|
COLSPAN="3"
|
||
|
ALIGN="center"
|
||
|
>Linux Advanced Routing & Traffic Control HOWTO</TH
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="lartc.dynamic-routing.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="80%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="bottom"
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="lartc.further.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"></DIV
|
||
|
><DIV
|
||
|
CLASS="CHAPTER"
|
||
|
><H1
|
||
|
><A
|
||
|
NAME="LARTC.OTHER"
|
||
|
></A
|
||
|
>Chapter 18. Other possibilities</H1
|
||
|
><P
|
||
|
>This chapter is a list of projects having to do with advanced Linux routing
|
||
|
& traffic shaping. Some of these links may deserve chapters of their
|
||
|
own, some are documented very well of themselves, and don't need more HOWTO.</P
|
||
|
><P
|
||
|
><P
|
||
|
></P
|
||
|
><DIV
|
||
|
CLASS="VARIABLELIST"
|
||
|
><DL
|
||
|
><DT
|
||
|
>802.1Q VLAN Implementation for Linux <A
|
||
|
HREF="http://scry.wanfear.com/~greear/vlan.html"
|
||
|
TARGET="_top"
|
||
|
>(site)</A
|
||
|
></DT
|
||
|
><DD
|
||
|
><P
|
||
|
>VLANs are a very cool way to segregate your
|
||
|
networks in a more virtual than physical way. Good information on VLANs can
|
||
|
be found <A
|
||
|
HREF="ftp://ftp.netlab.ohio-state.edu/pub/jain/courses/cis788-97/virtual_lans/index.htm"
|
||
|
TARGET="_top"
|
||
|
>here</A
|
||
|
>. With this implementation, you can have your Linux box talk
|
||
|
VLANs with machines like Cisco Catalyst, 3Com: {Corebuilder, Netbuilder II,
|
||
|
SuperStack II switch 630}, Extreme Ntwks Summit 48, Foundry: {ServerIronXL,
|
||
|
FastIron}.</P
|
||
|
><P
|
||
|
>A great HOWTO about VLANs can be found <A
|
||
|
HREF="http://scry.wanfear.com/~greear/vlan/cisco_howto.html"
|
||
|
TARGET="_top"
|
||
|
>here</A
|
||
|
>.</P
|
||
|
><P
|
||
|
>Update: has been included in the kernel as of 2.4.14 (perhaps 13).</P
|
||
|
></DD
|
||
|
><DT
|
||
|
>Alternate 802.1Q VLAN Implementation for Linux <A
|
||
|
HREF="http://vlan.sourceforge.net "
|
||
|
TARGET="_top"
|
||
|
>(site)</A
|
||
|
></DT
|
||
|
><DD
|
||
|
><P
|
||
|
>Alternative VLAN implementation for linux. This project was started out of
|
||
|
disagreement with the 'established' VLAN project's architecture and coding
|
||
|
style, resulting in a cleaner overall design.</P
|
||
|
></DD
|
||
|
><DT
|
||
|
>Linux Virtual Server <A
|
||
|
HREF="http://www.LinuxVirtualServer.org/"
|
||
|
TARGET="_top"
|
||
|
>(site)</A
|
||
|
></DT
|
||
|
><DD
|
||
|
><P
|
||
|
>These people are brilliant. The Linux Virtual Server is a highly scalable and
|
||
|
highly available server built on a cluster of real servers, with the load
|
||
|
balancer running on the Linux operating system. The architecture of the
|
||
|
cluster is transparent to end users. End users only see a single virtual
|
||
|
server.</P
|
||
|
><P
|
||
|
>In short whatever you need to load balance, at whatever level of traffic, LVS
|
||
|
will have a way of doing it. Some of their techniques are positively evil!
|
||
|
For example, they let several machines have the same IP address on a
|
||
|
segment, but turn off ARP on them. Only the LVS machine does ARP - it then
|
||
|
decides which of the backend hosts should handle an incoming packet, and
|
||
|
sends it directly to the right MAC address of the backend server. Outgoing
|
||
|
traffic will flow directly to the router, and not via the LVS machine, which
|
||
|
does therefor not need to see your 5Gbit/s of content flowing to the world,
|
||
|
and cannot be a bottleneck.</P
|
||
|
><P
|
||
|
>The LVS is implemented as a kernel patch in Linux 2.0 and 2.2, but as a
|
||
|
Netfilter module in 2.4/2.5, so it does not need kernel patches! Their 2.4
|
||
|
support is still in early development, so beat on it and give feedback or
|
||
|
send patches.</P
|
||
|
></DD
|
||
|
><DT
|
||
|
>CBQ.init <A
|
||
|
HREF="ftp://ftp.equinox.gu.net/pub/linux/cbq/"
|
||
|
TARGET="_top"
|
||
|
>(site)</A
|
||
|
></DT
|
||
|
><DD
|
||
|
><P
|
||
|
>Configuring CBQ can be a bit daunting, especially if all you want to do is
|
||
|
shape some computers behind a router. CBQ.init can help you configure Linux
|
||
|
with a simplified syntax.</P
|
||
|
><P
|
||
|
>For example, if you want all computers in your 192.168.1.0/24 subnet
|
||
|
(on 10mbit eth1) to be limited to 28kbit/s download speed, put
|
||
|
this in the CBQ.init configuration file:</P
|
||
|
><P
|
||
|
> <TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>DEVICE=eth1,10Mbit,1Mbit
|
||
|
RATE=28Kbit
|
||
|
WEIGHT=2Kbit
|
||
|
PRIO=5
|
||
|
RULE=192.168.1.0/24</PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
> </P
|
||
|
><P
|
||
|
>By all means use this program if the 'how and why' don't interest you.
|
||
|
We're using CBQ.init in production and it works very well. It can even do
|
||
|
some more advanced things, like time dependent shaping. The documentation is
|
||
|
embedded in the script, which explains why you can't find a README.</P
|
||
|
></DD
|
||
|
><DT
|
||
|
>Chronox easy shaping scripts <A
|
||
|
HREF="http://www.chronox.de"
|
||
|
TARGET="_top"
|
||
|
>(site)</A
|
||
|
></DT
|
||
|
><DD
|
||
|
><P
|
||
|
>Stephan Mueller (smueller@chronox.de) wrote two useful scripts, 'limit.conn'
|
||
|
and 'shaper'. The first one allows you to easily throttle a single download
|
||
|
session, like this:</P
|
||
|
><P
|
||
|
> <TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
># limit.conn -s SERVERIP -p SERVERPORT -l LIMIT</PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
> </P
|
||
|
><P
|
||
|
>It works on Linux 2.2 and 2.4/2.5.</P
|
||
|
><P
|
||
|
>The second script is more complicated, and can be used to make lots of
|
||
|
different queues based on iptables rules, which are used to mark packets
|
||
|
which are then shaped.</P
|
||
|
></DD
|
||
|
><DT
|
||
|
>Virtual Router
|
||
|
Redundancy Protocol implementation <A
|
||
|
HREF="http://w3.arobas.net/~jetienne/vrrpd/index.html"
|
||
|
TARGET="_top"
|
||
|
>(site)</A
|
||
|
></DT
|
||
|
><DD
|
||
|
><P
|
||
|
>This is purely for redundancy. Two machines with their own IP address and
|
||
|
MAC Address together create a third IP Address and MAC Address, which is
|
||
|
virtual. Originally intended purely for routers, which need constant MAC
|
||
|
addresses, it also works for other servers.</P
|
||
|
><P
|
||
|
>The beauty of this approach is the incredibly easy configuration. No kernel
|
||
|
compiling or patching required, all userspace.</P
|
||
|
><P
|
||
|
>Just run this on all machines participating in a service:
|
||
|
|
||
|
<TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
># vrrpd -i eth0 -v 50 10.0.0.22</PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
> </P
|
||
|
><P
|
||
|
>And you are in business! 10.0.0.22 is now carried by one of your servers,
|
||
|
probably the first one to run the vrrp daemon. Now disconnect that computer
|
||
|
from the network and very rapidly one of the other computers will assume the
|
||
|
10.0.0.22 address, as well as the MAC address.</P
|
||
|
><P
|
||
|
>I tried this over here and had it up and running in 1 minute. For some
|
||
|
strange reason it decided to drop my default gateway, but the -n flag
|
||
|
prevented that.</P
|
||
|
><P
|
||
|
>This is a 'live' fail over:</P
|
||
|
><P
|
||
|
> <TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>64 bytes from 10.0.0.22: icmp_seq=3 ttl=255 time=0.2 ms
|
||
|
64 bytes from 10.0.0.22: icmp_seq=4 ttl=255 time=0.2 ms
|
||
|
64 bytes from 10.0.0.22: icmp_seq=5 ttl=255 time=16.8 ms
|
||
|
64 bytes from 10.0.0.22: icmp_seq=6 ttl=255 time=1.8 ms
|
||
|
64 bytes from 10.0.0.22: icmp_seq=7 ttl=255 time=1.7 ms</PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
> </P
|
||
|
><P
|
||
|
>Not *one* ping packet was lost! Just after packet 4, I disconnected my P200
|
||
|
from the network, and my 486 took over, which you can see from the higher
|
||
|
latency.</P
|
||
|
></DD
|
||
|
></DL
|
||
|
></DIV
|
||
|
></P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="NAVFOOTER"
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"><TABLE
|
||
|
SUMMARY="Footer navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="lartc.dynamic-routing.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="index.html"
|
||
|
ACCESSKEY="H"
|
||
|
>Home</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="lartc.further.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
>Dynamic routing - OSPF and BGP</TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
> </TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
>Further reading</TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></DIV
|
||
|
></BODY
|
||
|
></HTML
|
||
|
>
|