2.4routing.pdf
(
346 KB
)
Pobierz
642119135 UNPDF
Linux Advanced Routing & Trac Control HOWTO
Netherlabs BV (bert hubert
<
bert.hubert@netherlabs.nl
>
)
Gregory Maxwell
<
greg@linuxpower.cx
>
Remco van Mook
<
remco@virtu.nl
>
Martijn van Oosterhout
<
kleptog@cupid.suninternet.com
>
Paul B Schroeder
<
paulsch@us.ibm.com
>
Jasper Spaans
<
jasper@spaans.ds9a.nl
>
howto@ds9a.nl
v0.9.0 $Date: 2002/03/06 13:02:23 $
A very hands-on approach to iproute2, trac shaping and a bit of netlter
Contents
1 Dedication
4
2 Introduction
4
2.1 Disclaimer & License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Prior knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 What Linux can do for you . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.4 Housekeeping notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.5 Access, CVS & submitting updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.6 Mailing list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.7 Layout of this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3 Introduction to iproute2
7
3.1 Why iproute2? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2 iproute2 tour . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.4 Exploring your current conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.4.1
ip
shows us our links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.4.2
ip
shows us our IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.4.3
ip
shows us our routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.5 ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4 Rules - routing policy database
11
4.1 Simple source policy routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5 GRE and other tunnels
12
5.1 A few general remarks about tunnels: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.2 IP in IP tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
CONTENTS
2
5.3 GRE tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.3.1 IPv4 Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5.3.2 IPv6 Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.4 Userland tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6 IPv6 tunneling with Cisco and/or 6bone
15
6.1 IPv6 Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7 IPsec: secure IP over the Internet
18
8 Multicast routing
18
9 Queueing Disciplines for Bandwidth Management
19
9.1 Queues and Queueing Disciplines explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
9.2 Simple, classless Queueing Disciplines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
9.2.1 pfo fast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
9.2.2 Token Bucket Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
9.2.3 Stochastic Fairness Queueing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
9.3 Advice for when to use which queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.4 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.5 Classful Queueing Disciplines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
9.5.1 Flow within classful qdiscs & classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
9.5.2 The qdisc family: roots, handles, siblings and parents . . . . . . . . . . . . . . . . . . 28
9.5.3 The PRIO qdisc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
9.5.4 The famous CBQ qdisc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
9.5.5 Hierarchical Token Bucket . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
9.6 Classifying packets with lters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
9.6.1 Some simple ltering examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
9.6.2 All the ltering commands you will normally need . . . . . . . . . . . . . . . . . . . . 38
10 Loadsharing over multiple interfaces
39
10.1 Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
11 Netlter & iproute - marking packets
40
12 Advanced lters for (re-)classifying packets
41
12.1 The "u32" classier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
12.1.1 U32 selector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
12.1.2 General selectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
12.1.3 Specic selectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
CONTENTS
3
12.2 The "route" classier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
12.3 Policing lters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
12.3.1 Ways to police . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
12.3.2 Overlimit actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
12.3.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
12.4 Hashing lters for very fast massive ltering . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
13 Kernel network parameters
48
13.1 Reverse Path Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
13.2 Obscure settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
13.2.1 Generic ipv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
13.2.2 Per device settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
13.2.3 Neighbor policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
13.2.4 Routing settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
14 Advanced & less common queueing disciplines
57
14.1 bfo/pfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
14.1.1 Parameters & usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
14.2 Clark-Shenker-Zhang algorithm (CSZ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
14.3 DSMARK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
14.3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
14.3.2 What is Dsmark related to? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
14.3.3 Dierentiated Services guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
14.3.4 Working with Dsmark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
14.3.5 How SCH DSMARK works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
14.3.6 TC INDEX Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
14.4 Ingress qdisc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
14.4.1 Parameters & usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
14.5 Random Early Detection (RED) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
14.6 Generic Random Early Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
14.7 VC/ATM emulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
14.8 Weighted Round Robin (WRR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
15 Cookbook
64
15.1 Running multiple sites with dierent SLAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
15.2 Protecting your host from SYN oods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
15.3 Ratelimit ICMP to prevent dDoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
15.4 Prioritizing interactive trac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
1. Dedication
4
15.5 Transparent web-caching using netlter, iproute2, ipchains and squid . . . . . . . . . . . . . . 67
15.5.1 Trac ow diagram after implementation . . . . . . . . . . . . . . . . . . . . . . . . . 70
15.6 Circumventing Path MTU Discovery issues with per route MTU settings . . . . . . . . . . . . 71
15.6.1 Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
15.7 Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable, PPPoE &
PPtP users) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
15.8 The Ultimate Trac Conditioner: Low Latency, Fast Up & Downloads . . . . . . . . . . . . . 72
15.8.1 Why it doesn't work well by default . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
15.8.2 The actual script (CBQ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
15.8.3 The actual script (HTB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
16 Building bridges, and pseudo-bridges with Proxy ARP
78
16.1 State of bridging and iptables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
16.2 Bridging and shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
16.3 Pseudo-bridges with Proxy-ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
16.3.1 ARP & Proxy-ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
16.3.2 Implementing it . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
17 Dynamic routing - OSPF and BGP
80
18 Other possibilities
80
19 Further reading
82
20 Acknowledgements
83
1 Dedication
This document is dedicated to lots of people, and is my attempt to do something back. To list but a few:
Rusty Russell
Alexey N. Kuznetsov
The good folks from Google
The sta of Casema Internet
2 Introduction
Welcome, gentle reader.
This document hopes to enlighten you on how to do more with Linux 2.2/2.4 routing. Unbeknownst to most
users, you already run tools which allow you to do spectacular things. Commands like 'route' and 'ifcong'
are actually very thin wrappers for the very powerful iproute2 infrastructure.
2. Introduction
5
I hope that this HOWTO will become as readable as the ones by Rusty Russell of (amongst other things)
netlter fame.
You can always reach us by writing to the
HOWTO team
<mailto:HOWTO@ds9a.nl>
. However, please
consider posting to the mailing list (see the relevant section) if you have questions which are not directly
related to this HOWTO.
Before losing your way in this HOWTO, if all you want to do is simple trac shaping, skip everything and
head to the 'Other possibilties' chapter, and read about CBQ.init.
2.1 Disclaimer & License
This document is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
In short, if your STM-64 backbone breaks down and distributes pornography to your most esteemed cus-
tomers - it's never our fault. Sorry.
Copyright (c) 2001 by bert hubert, Gregory Maxwell, Martijn van Oosterhout, Remco can Mook, Paul
B. Schroeder and others. This material may be distributed only subject to the terms and conditions
set forth in the Open Publication License, v1.0 or later (the latest version is presently available at
http://www.opencontent.org/openpub/).
Please freely copy and distribute (sell or give away) this document in any format. It's requested that
corrections and/or comments be fowarded to the document maintainer.
It is also requested that if you publish this HOWTO in hardcopy that you send the authors some samples
for 'review purposes' :-)
2.2 Prior knowledge
As the title implies, this is the 'Advanced' HOWTO. While by no means rocket science, some prior knowledge
is assumed.
Here are some other references which might help teach you more:
Rusty Russell's networking-concepts-HOWTO
<http://netfilter.samba.org/unreliable-guides/networking-concepts-HOWTO/index.html>
Very nice introduction, explaining what a network is, and how it is connected to other networks
Linux Networking-HOWTO (Previously the Net-3 HOWTO)
Great stu, although very verbose. It teaches you a lot of stu that's already congured if you are
able to connect to the Internet. Should be located in
/usr/doc/HOWTO/NET3-4-HOWTO.txt
but can be
also be found
online
<http://www.linuxports.com/howto/networking>
2.3 What Linux can do for you
A small list of things that are possible:
Throttle bandwidth for certain computers
Throttle bandwidth TO certain computers
Help you to fairly share your bandwidth
Plik z chomika:
walbo48
Inne pliki z tego folderu:
html_biblia.rar
(27981 KB)
access_2000_ksiega_eksperta.rar
(16770 KB)
borlandc++przyklady.rar
(13386 KB)
3d_studio_max.rar
(2542 KB)
abc_systemu_windows_xp.rar
(4587 KB)
Inne foldery tego chomika:
ksiazki
Schematy spawarek
Amaterske Radio_2009.rar
))) Przyśpiewki weselne
@Excel
Zgłoś jeśli
naruszono regulamin