Home

的 senior 路由和 flux control

Contents

1. 9 2 2 1 IO H DH limit latency uU uuuuuuuutaul 0 ltency Ll n DD D D U uu unii limit 000000 latency burst buffer maxburst 100 9000000 10k D DEL D D DB DE DB BB BE B HE 7 7 ED L1 000000 UU U DU t mpu 00000000 640 Mpu Minimum Packet Unit uuum 0000 0 I the bucket contains tokens is allowed to empty by default it does so at infinite speed peakrate uuum tuuauuubtutututuuututueabtututttLu ugugimuupuuuutuiuitututubttulub lut
2. ON uummnmnpnpnpnpauguu 000000000 0 Internet 0000000 00 00000 lU Alteon Acedirectors O0 000000 uumnpnpnpnuuggpigiiii But 15 6 1 0 MTU 0 00 van den Hout O H DH 00 33 6 ppp O MTU 0 296000 00000 00000 0000 29600000000 uuum Linux ummilig uuuummmnnpbauuumnmnmnpBbBDBBaau 00000 000000000 000000 ic J J motd JII L MTU 1500000000 went 0000000 296000000000 MrTUDTD D D LU iempr o g a a a ag a aod L3 L3 L3 L3 L3 MTU UI nfs 00000 00000 ip route add default via 10 0 0 1 mtu 296 10 0 01 LL D HL BLU D D EE 00 route add 195 96 96 0 24 via 10 0 0 1 mtu 1000
3. reclassify 00 D UI 0000 12 3 1 2 e buffer maxburst e mtu minburst mpu rate TBFD I LL L 0 TEF IL HD mu 0000000 TBF qdisc will just pass them slower uumnpnpnnuuuunnpnnuuugsgguluiii ud d BEtlulu 00000 00 D 0000000 whereas the egress 0 ETOO 000p 00000000 0000 continue uumnmnnpnnnuuuggpuguguiuuii i Budd drop ugugapammuupuuy duudadauuuuuuitututuaututu 00 ingress DL 000 00 0 DNS D I EL U D LI 5Mbps D 00000 uuuBimgugbuuuDEHguutututuuu Pass OK reclassify 69 uumnnnpnnnuuuggpupuguiuutiigiB HH gud 123 3 Ar T 00 synoi 0 if you have used this please share your experience with us Ls ees 0000 U 1 UUDUUDD 1000 0000 00000000000 00 00000 25600000000
4. proxy POUD 1 4 IPSECUD Thomas Walpuski 000 Linux 2 5 IPSEC I O00000 ibkeynete isakpmd O O 0 O 0 racoon uui OpenBSD CVS 000000 1 5 IPSECT HL HL BL BL BL BE BE B O Write this 000000 OpenBSD isakpmd LLELELELEI D D D D D isakpmd 0 Linux 0000 Linux 2 5 59 1 0000000 homas 0000000 CVS patch Lu Lu 000 T 1 5 1 Windows Editor Vacancy Multicas HOWTO Lu uuu ulutlll u uuulltlLllu HIDVMRP RIP 0000000 0 OUMOSPF Protocol Independent Multicasting Sparse UB ggBgDBOHtgu spread out OO 0 0 clumpe uggag gaag augaamagagduulut 0 0 s 0 0000 0 d 20 PIM DM D LE L clumps 00 0 O Linux 1 LU 000000000 0000000000 Zebra mrouted Uu uuu umguagaupiusuuduiiuiuiuiuulitlututiute ublt 0000000000000000 multicasting multicast routing O O O 0 0 DVMRP 0000000000 PEMELU ECT EL UU DU DJ PIMv1 00 PIMv2 I HD BH D HL B HO D D DEL B B D D PEM ET EL EL B O D 7E EE I ugugugasupBmumuaguuuBuuuduiuumuiuuulbuiiuuu ILL t 00000 0 10 0 0 00 0 0 0 0 00 0 0000 30000 0 0 0 0 0 000
5. pr 0 00000000 00000000 00000000000 do for i in proc sys net ipvdconf rp filter echo 2 i done 0000 office L1 LI LI D 0 office isp DL E E D D Linux ospf rip 000000 0 00000000 rp _filter martians log log martians lt i nterfacename 4 conf l is setting the conf default all echo 1 gt martijn files enough 72 uuu and not host Oskar Andreasson 0 0 http ipsysctl tutorial frozentux net 13 2 1 ipv4 0O00 UUDDUUDDUUDUDGuUDUUDDUUDDUD3D loopback U 1 U D D D D 0000000000 0 Q0 00000000000000 OD00000000000000 HZ 0900 Intel O HZ 00000 0 1000000 0 5000000000 2 00 6000000 00 Alexey Kuznetsov kuznet ms2 inr ac ru Andi Kleen ak muc de usr src linux Documentation networking ip sysctl txt proc sys net ipvA icmp destunreach rate ICMP LU proc sys net ipv4 icmp echo ignore all 000000 000000000 100000000000 bes
6. WEB 0 ipv6 tunnel broker 0000 Linux 000 IPSECHTH 00 220 240 0 00 HeeS WAN 000000000000 0000006060 00 Linux 0 0 0 FeeS WANI Um uit FreeS WAN Lr 02 05 0 Linux 2 5 47 0 00000000 IPSEC 00 O Alexey Kuznetsov Dave Miller USAGI IPv6 O HU E E E B E E B E E E DU E James Morris CrypoAPI 00000000 40 0 0 00 0 00 00 HOWTO OOOO 2 5 IPSEC Linux 2400000000 0000 Frees WANTIL DL DDD DO U DU 0000 000 D DB IPSECII ll l 2 5 49 O O IPSEC uU 0000 254800 0000000 00000 2 5 4900 0000000 0000 CryptoAPI KEY AH 0000 netfiltter 5 000000000 0000 niewid T 0060 00000 UO email ert hubert lt ahu ds 9a nl gt o O 00000000 22 HOWTO 0000 uumnpnpnpnugggauuull 00 iptables O O O E IPSECTI D D UO DO DE IPSECI J J l iptables A xxx p 50 j ACCEPT iptables A xxx p 51 j ACCEPT 00 0000000000
7. 172 16 17 180 00000 neta BID OU UL 0000 0 0 2 0 55 255 255 0 000 0 0 2 1 0000 0 000 PUOL 172 19 20 210 00000 ug CHUDDUDUDUUUDDDDUDDUDUDUDUUDUUDUUU ADD BHO U DD U ip tunnel add netb mode gre remote 172 19 20 21 local 172 16 17 18 ttl 255 ip link set netb up ip addr add 10 0 1 1 dev netb ip route add 10 0 2 0 24 dev netb 10000000000000000000 GREDE mode gres 172 19 20 210 O0 D D D HOD 00 0 0 0 00000 172 16 17 18 0 0000000 TILI JI J J DODO 25560 2550 200000000 10110 000000000 10 0 3 0 0 400000 0 0255 0 0 0 0 0 8 255 255 0 0 16 255 255 255 0 240 000000 ip tunnel add neta mode gre remote 172 16 17 18 local 172 19 20 21 ttl 255 ip link set neta up ip addr add 10 0 2 1 dev neta ip route add 10 0 1 0 24 dev neta
8. 0 0 policies O 000000 CBQ Class Based Queueing 000 0 ingress egress D000000000000000000000000 HUUDUDUul uunpnpnnuuuunnnbnauguggpgagiuW ul UUUUUDUDUUUUUUUDuu ULIJUUUUUUUUuuuuuuuu 9 0 uum pggguuuuu 0 45 UU UI Uli 9 5 2 1 0000000000 1 gt 1 1 gt 12 gt 12 2 uumnnpnbppnauggagagaul duluuuu 0 00000000000 000000 1 gt 12 2 1220 9 5 2 2 000000000000 dequeueQL 000000000000000000 uggagagagabpgubiuuuH 20000000000 AB EL EB E E E E 10 0 11 0 12 which each query their siblings 0 TED PRIOD OODD 0 0000000000 00 46 O 000 pfifo fast 0000000 fifo J 0 0 L1 aoad 9 5 3 1 tc D D D D D L bands Uit priomap 00000 00000 TC PRIOI l pfifo_fast O0 HH cL DU HL DLD D DO L
9. 0 0 0 0 0 0 0 0 00 0 000 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0000 IPSEC ESP Encapsulated Security Payload E E 1 000000 AH Authentication Header 0 LJ 000 0000 00 0000 00 00000 ESP SA security associations O 0000000 5 ugagagugugdututluttutlul sAULDLDLULU add 10 0 0 11 10 0 0 216 ah 15700 A hmac md5 1234567890123456 00 O 10 0 0 11 10 0 0 216 00 l1 JU 00 HMAC MDS 0 00 1234567890123456 D L 0 0 SPI Security Parameter Index 0 15700000 060 000 0 00 0 0 0 00 000 0000 0 0 0 00 0 0 0 0 0 0 0 0 6 0 00 SAD DIU D 0 10 0 0 110 1000 21600 0 DU U 0020 SAL 00000 ESP SA add 10 0 0 11 10 0 0 216 esp 15701 E 3des cbc 123456789012123456789012 0 0 Lu 000 Lu 0000 0 10 0 0 110 10 002160 0000 0 3des cebe 1 LH E UI O0 O 0 123456789012123456789012 SPIO 0 15701 0 0 00 sPEDTID UU L 5 00 Security Parameter Index O O III III UI L 0000000 ipsec 00000 000000 LH SP Security Policy BD BO B D L spdadd 10 0 0 216 10 0 0 11 any P
10. setkey D 5 setkey DP 000 SPU kets UUE 25 ummmmnmnmnmnauuuuuu 0000 D 0 0 0 U D 00000000000 gad gad ga 00 aan g a d ga m ao L3 Lr L3 Lr L3 Lr L3 r3 Lt g c3 L3 g L3 g L3 g o0 g p 0 B 1 1 1 rrr rrr L1 L1 O O O IKE Internet Key Exchange Internet O ugaguaudutuautetutlututut at tlttll 0 T 50 IPSECI 0 0 racoon IKE I lH U utt aac ELLE 0 0000 0 Alexey iptools 0 O racoon U 0000000000 O include net route h L U BU D HH HH HL UO B EL 00000 D IKE l n UDP 5000000000 iptables 0000000 tx t SPI 00000 SPHE 0 LU PSEC 5 sal UUU 5 000 001 uu 00000 00000 0 1 2 2 DO LU D BL D
11. 40 0 000000000000000 000 15 0000000000000 0000000000000 1 000000 Linux 0000 TOSHHBUBGECGEEEGG EL 000 5 400000 100 00000000 00000 TOSTDDB BEBO UL 000 0 13490 000000000000000 TOSO TELNET 1000 minimize delay FTP 1000 minimize delay 0100 maximize throughput TFTP 1000 minimize delay SMTP 1000 minimize delay 0100 maximize throughput Domain Name Service UDP 1000 minimize delay TCP 0000 0100 maximize throughput NNTP 0001 mize monetary cost CMP 0000 0000 mostly lt gt mostly txqueuelen 38 UUUDUDUUDDD ifeenfig ipli HH D UL UD ifconfig eth0 txqueuelen 10 0000 EI TBI UU L umm uu uumnnZggauugaugugsBguguu
12. pfifo fast E 2 k 00000000 5 0000 PRIO pfifo fast 0000000 te o 9 21 1 00000 pfifo fast l III gu gg 0000 00000000 TOS ID DD D TOS 0000 0000 TOS 40 ex DDDDDUU ooog OO throughput mt mr 000 0001 1 mmc 0000 0 0000 d4bitI 000000 bit O00 0 0000000000 2 v v 000000 0000000000 U 4 0 bii D D D D D D D D D B B DO D D D TOS Bits Li nux 0 0 PUN nn DTP Qu DEM RES nnnn 5 n 0x2 1 mmc 1 2 0x4 2 mr 0 1 0x6 J mmc m 0 1 0x8 4 D D B D E mo 2 2 5 mmc m 2 2 0 6 mr mt 2 2 1 mmc mr mt 2 2 0x10 8 6 0 0x12 9 mmc md 6 0 0x14 10 mr md 6 0 0x16 11 mmc mr md 6 0 0x18 12 mt md 4 L H HL LI 1 0x1a 13 mmc mt md 4 1 Oxic 14 mr mt md 4 1 0 1 15 mmc mr mt md 4 DO 1
13. 0 000000000 0000 0000 0000 rr 0 or rr m nu LL LL Lr 98 Linux O Cable 0 DSL Modem cable modem D 00 HOWTO 00000 uum 15 5 1 I D D D D MODEM Linux DD D D U o L1 99 Lnux LIDD DD DD Linux HU HU I HU ADSL I I 0 00 xs4al n nt 0 rip m n avg mx 14 4 17 1 21 7 ms 000000 0000 0000 000 round t I round trip min avg max 560 9 573 6 586 4 ms max 2041 4 2332 1 2421 6 ms n 15 7 51 8 19 9 ms max 20 4 46 9 714 0 ms 0 000000000 90 O o0 20 zoo aaa Oon lt Ci onum Lr L1 o rH rH rH rH rH o 0 rH 0 rH rH rH 0 0 20 000000000 0 UUUUDUUDUUDUDDUDDDUUUuUu 00000000 000000 te class classid 1 20 0000 bounded
14. 9 5 4 1 CBQ0 0000 lU L LL EWMA exponential weighted moving average uum avgidle L l in c L HOBL BD DO HO D D CBQ E 000 000 overlimit 0 000 avgidle 000000000000 UUDDDDDUDD maxidl 0 avgidle avpkt HUIDUDUDJDPBDUHDDDHDID 0 maxburst 49 ugmnpnpnpnpuugggiiulutl bandwidth maxburst minburst cell 0 minburst LLL CL LB D DO D UBI UE DE DE DE DI ETT avgide 0 O0 00000000000 minidle 00 minidle L LL HL BH BL BL BL BEBE UU 1000 avgidie O O O 10us 00 00 0 0 0 0 0 avgidle 000000 00 9 5 4 2 CBQ 00000000 minidle mpu rate 50 000 WRR weighted round wRRDDDUOUU UU allot weight 0 0 00 pio
15. proc sys net ipv4 icmp echo ignore broadcasts Useful 000 0000000 0 ril proc sys net ipv4 icmp_echoreply_rate echol 00000 proc sys net ipv4 icmp_ignore_bogus_error_responses ICMP J l proc sys net ipv4 icmp_paramprob_rate ICMP J uummnnnpnpnbpauguuu IP 00000 0 00000 0 73 proc sys net ipv4 icmp timeexceed rate 000 traceroute O D D D Solaris middle star 00000000 ICMP Time Exceeded I L LU proc sys net ipv4 igmp max memberships 00000000 0 igmpQ 000000000 O 0O Is this true proc sys net ipvA inet peer gc maxtime 0 0 Add a little explanation about the inet peer storage Minimum interval between garbage collection passes This interval is in effect under low or absent memory pressure on the pool Measured in jiffies proc sys net ipvA inet peer gc mintime uunnpnnuugugpgnpuuguusgpgpgggdgugdi iB Bg ll jiffies proc sys net ipv4 inet_peer_maxttl entries O0 00000 HB DO D D DU E pool entries iffe proc sys net ipv4 inet_peer_minttl entries
16. site 00000 VLANDEIDOUDLULUEUUDLUUUDLULULD Linux SuperStack II switch 630 Extreme Ntwks Summit 48 Foundry VLAN J 1 Cisco Catalyst 3Com lt Corebuilder Netbuilder SServerlronXL gt LVS Linux20 22 00000000000000 242 5 Netfilter 240000 2 4 1400 000 13900000 802 1Q VLAN Linux 00000 00000 VLANII 0 HOWTO 802 10 VLAN Linux 000000000 Linux L D 111 CBQ init 000000 192 168 1 0240 D 000 10Mbps ehDO D B D D U 28kbps 00000000 CBO mit DD LO 7 BE DI DEVI CEzethl 10Mbi t 1Mbi t RATEz28Kbi t WEI GHTz2Kbi t P RULEz192 168 1 0 24 m0 GOU 0000000 initi Chronox easy shaping scripts site Stephan Mueller smueller chronox de shaper DO 0 0 BL DL D U L limit conn s SERVERIP p SERVERPORT LIMIT 000 Linux 2 2 2 4 2 5 iptables III qi LU LL DLE DL DOO POOO 0000000 MacL uumnnpnpnnuguggggaguu
17. 0000 0000000000 0 Linux PO ODD Packet PREROUTING routing 5 Ree POSTROUTI NG Packets input ee decision out pnr Local process AIT tables 0000 U ACCEPTCP O E 000000 iptables 0 0 0 0 0 0 0 B 172 17 0 0 16 00000 IP 212 170 21 172 000000000 0 echo 1 gt proclsyslnetlipvilip forward iptables t nat A POSTROUTING s 172 17 0 0 255 255 0 0 o eth0 j SNAT to source 212 170 21 172 1 150 tc s class show dev eth0 PREROUTING J J mangle iptables t mangle A PREROUTING p icmp j MARK set mark 0x1 iptables t mangle A PREROUTING p icmp j RETURN 00000000 lt 106 1 100 000 tc s class show dev eth0 000000 RETURNTEI D U 00660 0000 U 00 000 0 iemp l ugugamuupuigauuluututiugbomubiutuubtutututututLtu 0000 iptables t mangle A PREROUTING mtos 05 Minimize Delay j MARK set mark 0x1 iptables t mangle A PREROUTING mtos tos Minimize Delay j RETURN iptables t mangle A PREROUTING mtos tos Minimize Cost j MARK set mark 0x5 iptables t mangle A PREROUTING mtos tos Minimize Cost j RETURN
18. 30 0000 PRIOLD DD U 200000000 121000000000 1010000000 20 00000 9 5 3 2 0000 root 1 prio 0000000 000000 200 10 0 00000 tc qdisc add dev eth root handle 1 prio S DEB U LB Id 1 1 1 2 1 3 qdisc add dev eth parent handle 10 sfq t 1 1 tc qdisc add dev eth parent 1 2 handle 20 tbf rate 20kbit buffer 1600 limit 3000 tc qdisc add dev eth parent 1 3 handle 30 sfq 0000000000 47 tc s qdisc 15 dev eth qdisc sfq 30 quantum 1514b Sent O bytes 0 pkts dropped 0 overlimits 0 qdisc tbf 20 rate 20Kbit burst 15996 lat 667 6ms Sent O bytes 0 pkts dropped 0 overlimits 0 qdisc sfq 10 quantum 1514b Sent 132 bytes 2 pkts dropped O overlimits O qdisc prio 1 bands 3 priomp 1222120011111111 Sent 174 bytes 3 pkts dropped O overlimits 0 scp tc 10 0 0 11 10 0 0 11 5 password 000 00000 I tc s qdisc ls dev eth qdisc sfq 30 quantum 1514b Sent 384228 bytes 274 pkts dropped 0 overlimits 0 qdisc tbf 20 rate 20Kbit burst 15996 lat 667 6ms Sent 2640 bytes 20 pkts dropped 0 overlimits 0 qdisc sfq 10 quantum 1514b Sent 2230 bytes 31 pkts dropped 0 overlimits 0 qdisc p
19. 00000000 uumnnpnbnunugggpiauiuiii UL export CVSROOTz pserver anonQoutpost ds9a nl var cvsroot cvs login CVS password enter cvs without s cvs co 2 4routi ng cvs Server Updating 2 4routing U 2 4routing lartc db cvs z3 diff uBb 00000000000 0 lt howtoadssa gt HL D U D U B B U D D DIU uagaguauatuttutlu aent ututlttutlutlutututL 00000 Makefile 00 00 postsceript dvi pdf html 000000000 O UULU decbook docboot utils ghostscript tetex 1 EL ED 00000 uult 0000000 24routingsgml D D J H JJ HOWTOL 1 D DU D U D lartc db 2 6 000 UUDDUUDDUuDUDUUuU HOWO TUDDUDUUDUDDUUDUDU uDUD uunUu UUDDUUDDUUDUDUUDIDuuDnUu uaggagagumgauauudiuttutlutlutlutlsitiuitlutulututLbtLl uaggagagudguuuuuumuumubuaiuuludutututilul post 000 0000 2 1 uult o o Lr Lr Lr Lr Lr Lr Lr LL Lr Lr Lr Lr Lr LL LL rj H H g H H p 9 o H e Rusty 0000000 ippute2 1H U HE H UO DU l 3100000 iproute2 0000000 Linux 0000000 UNIX II J I I L ifconfig route III I Linux2 2 00000000 uumnnpnnpnuudggag
20. Linux 0 00000 0000 00 00 0 00000 00000 0000 0 L 000 Linux O0 0 000000000000 Linux DD CEU DL DU ULU 000 3 2 iproute2 Linux UU 1 Traffic Control O 0O 00M D D U U 0000 ipow2 000000000000000 3 3 0000 4 ftp ftp inr ac ru 1ip routing iproute2 2 2 iproute LU RedHat6 2 p 6 ReaHat72 00000000000 00000000000 00 Iproute2 00 3 4 DOO O BL U H 0000 2 J J DD D OD D D ifeonfig route O O uumnnpnnpnugggagaguilu qd ium uumnnpnbnnunugdggagpguiguu utl 3 4 1 1 ahughome ahu ip link list 1 lo LOOPBACK UP mtu 3924 qdisc noqueue ink loopback 00 00 00 00 00 00 brd 00 00 00 00 00 00 my BROADCAST NOARP mtu 1500 qdisc noop ink ether 00 00 00 00 00 00 brd ff ff ff ff ff ff 3 eth0 BROADCAST MULTI CAST PROMI SC UP mtu 1400 qdisc fast 100 ink ether 48 54
21. donmuang O NOT naret Naret O iptables iproute2 0000 icmp REDIRECT 1 Mark O00 80000000000 2 naret iptables A PREROUTING i eth0 t mangle p tcp dport 80 V j MARK set mark 2 2 00 00000 22 0000000 silom naret echo 202 www out gt gt etc iproute2 rt tables naret ip rule add fwmark 2 table www out naret ip route add default via 10 0 0 2 dev eth0 table www out ip route flush cache O 0 donmuang naret O O DJ L1 U 0 naret D D 0 iemp D JU U 000000 icmp REDIRECTI naret amp echo 0 gt Jprocisys net ipv4 confjall send redirects naret amp echo 0 gt Jproc sys net ipv4 conf default send redirects echo 0 gt 5 4 0 redirects naret iptables t mangle L Chain PREROUTING policy ACCEPT target prot opt source destination ARK tcp anywhere anywhere tcp dpt www MARK set 0x2 Chain OUTPUT policy ACCEPT target prot opt source destination ip rule 0 fromall lookup loca 32765 fromall fwmark 2 lookup www out 32166 fromall lookup main 32767 fromall lookup default naret ip route list table www out default via 203 114 224 8 dev eth0 ip route 10 0 0 1 dev eth0 scope link 10 0 0 0 24 dev eth0 proto kernel scope l
22. 00000 10000000000 10kbit O Uum 1Mbps mtu minburst 1 5 JI D 00000 00000 D 00000000 mO 1000000 00000 HZD Intel 0000 1000 00 0 1024 9 222 0000 UgaumuuautuuetLu tc qdisc add dev root tbf rate 220kbit latency 50ms burst 1540 000 DSL modem cable modem 40 0000 modem 000000000 Linux O O f 000 o aA A L1 o Esa E o ao o L1 LL 220 tutti modem burst 000000 0000 000000 50 21 253 ummnpnnauggpnpuguuiii Bu SFQ Stochastic Fairness Queueing E D Ul 0 00000 0 UDP 0 000 00 Lu 0 0 DSL modem cable modem 00000 0 5 DU 9 23 1 00000 5 perturb quantum 41 U 0000000000 MTU
23. ethol eth 1D I U c filter add dev ethl protocol ip parent 1 0 prio 1 handle 6 fw flowid 1 1 UU U 32000 iptables A PREROUTING t mangle i ethO j MARK set mark 6 UU 60000000600 0000000 iptables 10 DH H D D fwmark 00000 TOS 00000000000 0 tc filter add dev parent 1 0 protocol ip prio 10 u32 V 57 atch ip tos 0x10 Oxff flowid 1 4 00000000000 0 0 080 0000000000000 0000 0000 IMQ Intermediate queueing device DOODO l 0 g 000 r3 lt nm netfilter NF IP PRE ROUTING 00000000000 00000 00 00000000 iptables 00000 oo zm ooo ooo oo H oono C3 rr oono C3 rr oono C3 rr ESL a oono oono oono EIE oono E3 EJ oono oono oono oono oono oono oono oono 02 oo cH oo 0 5 c add dev imq0 root handle 1 htb default 20 tc class add dev parent 1 classid 1 1 htb rate 2mbit burst 15k e Imbit e 11911 tc class add dev 0 parent 1 1 classid 1 10 htb rat tc class add dev img parent 1 1 classid 1 20 htb rat tc qdisc add dev parent 1 10 handle 10 pfifo tc qdisc add dev img parent 1 20 handle 20 sfq tc filter add dev img0 parent 10 0 protocol ip prio 1 u32 match V dst 10 0 0 230 32 flowid 1 10 0000
24. UUUDUDU5JDUDUUDUDUUDUUDUDUDUUDUDUDUDUDD 0 TOS O renamed DS O 14 3 3 Differentiated Services Differentiated Services Integrated Services 000 0 entry node to a DiffServ domain O O DiffServ ps Ac DiffServ D O U D p titi Z i m e 2 0000 30 RFCU g 14 3 4 Dsmark 000 00000000 dsmark indices INDICES default index DEFAULT INDEX set tc index e 00 000000000000000 2 n 2 00 Default index e Set tc index dsmark O O DST skb gt tc_index O 00000 DSMARKDIDTIT GL l 14 3 5 5 DSMARK LI D 84 e 000000000000000 sette index 0 10500000 skb te index e skb teindex O D I UUUDUDUUDUUDUUUUDUUUDDUDD defaut index 0 0000 00 set tc index O O 0 default index EL E E E EB E B DDD 00 uiuugupnmauaugulptmtuutuuttrututututuiu tur tu
25. uuum Sl2kbitI O0 0000000 cba U0 J 00900 103 uumnpnpnpnadgaggagguuti lul 9 620 tc qdisc del dev DEV root tc qdisc add dev DEV parent 1 1 sfq C3 C3 C3 og C3 mm Lo C3 Eus C3 Ed C3 Ec C3 Ej C3 Ei o EX Clo C3 El dp o0 0g oo o r3 oo oo oA OOOO NATO 005 000 Pedro Larroy pi otr omega resa gt 15 10 00000000 0 Linux O I I L l Internet NATI D DL BL BE BLU D 0000 Lu ugguggagagpiiulilil 0 0 0000 0000 iptables 0000 Linux L L 0 Internet O Linux 2 4 18 UU Ll E D LH 00000 2418 0000 HTB EI EI l iproute t 0000 HTB 00000 iptables UUUUUUDUDuulu 15 101 ooo8 IE L3 Ed Er lt OO O cEL0 0000000 75 0 00 eko nnn U IP L root shel A 0 0 0 0 000000 000 Lu 240 CEIL tc qdisc add dev eth root handle 1 htb default 15 104 tc class add dev eth parent 1 classid 1 1 htb rate CEIL kbit ceil CEIL kbit tc class add dev eth parent 1 1 classid 1 10 htb rate 80kbit ceil 80kbit prio 0 tc class add dev eth parent 1 1 classid 1 11 htb rate 80kbit ceil CEIL kbit prio 1 tc class ad
26. 9 6 1 00000 000 0 9 6 2 77100000000 9 7 IMQ INTERMEDIATE QUEUEING DEVICE 971 000 100 00000000 10 1 10 2 10 NETFILTER IPROUTE 4 1 00000 0120 000000000000 12 1 U32 12 1 1 U32 12 1 2 77777 12 1 3 77777 12 2 12 3 12 3 1 000 12 3 2 J000 12 3 3 12 4 130 000000 13 1 13 2 13 2 1 ipv4 13 22 TELE ELI U 13 2 3 000 13 24 000 140 000000000000 14 1 BFIFO PFIFO 14 1 1 77777 55 56 57 58 58 60 61 61 62 64 65 65 66 67 67 68 68 69 70 70 72 72 73 73 76 79 0 82 82 82 14 2 CLARK SHENKER ZHANG CSZ 14 3 DSMARK 14 3 1 14 3 2 Dsmark 7 14 3 3 Differentiated Services 14 3 4 Dsmark 14 3 5 SCH DSMARK J 14 3 6 INDEX 14 4 Uli 1441 0000 14 5 RED RANDOM EARLY DETECTION 14 6 GRED GENERIC RANDOM EARLY DETECTION 14 7
27. Internet 172 17 0 0 16 Meal 191168 1 0 24 wlan Area 2 ccce Student network dorm barcelonawireless 00000 00 rzeerat D DE UO UO D EL UU UO D DOE EE D zebra D D I UI et zebra 00 zebra conf O O DJ D L1 LU U hostname omega password xxx enable password xxx nterface s description rface 10 description test of desc interface ethl multicast Static default route ip route 0 0 0 0 0 212 170 21 129 log file varilog zebra zebra log O Debian O O O O D L ete zebra daemons 00000000000 zebrazyes 0spfdzyes E E ospfd conf 0 O O O IPv6 D I ospf6d conf T O ospfd conf 00000 hostname omega password xxx enable password xxx router 05 pf network 192 168 0 0 24 area 0 network 172 17 0 0 16 area 1 log stdout file Jvar log zebra ospfd l0g 000 000000000 114 17 1 3 O0 Zebra Zebra etc init d zebra start UUUuUDUUuu uuum zebra d L ospdfa UUUUUUUUDUHn 00000 2002 12 13 22 46 24 OSPF interface 192 168 0 1 join AllSPFRouters Multicast group 2002 12 13 22 46 34 OSPF SMUX CLOSE with reason
28. weight 0 WRRIJUUUUIU LU 710 allot 0000000 9 5 43 Isolated sharing isolated 600000 sharing bounded borrow bounded Le B HH E H C HH DO B B B D 7 D UI bounded 000600 0000 borrow LU T Lu 51 UlUUBDUUDUUDUUUUDUDUHUHDBDUDBDUDUDUDUDDUDUDDHDHDD isolated bounded 1H DL DL D 1 Q1 O1 U D D C C C C C D D UU lU 000 9 5 4 4 0000 00000 5 5 SMTP O OOOO 3Mbps 00 00000000 eMbpsr D EO D DE ELO D CE UL II 100Mbps 00 tc qdisc add dev eth root handle 1 0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc class add dev eth parent 1 0 classid 1 1 cbq bandwidth 100Mbit A rate 6Mbit weight 0 6Mbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded ugugpamaugmumagdg 00000000 rug 0000000000600 6Mbps U HTB D D LI LU U 0 tc class add dev eth0 parent 1 1 classid 1 3 cbq bandwidth 100Mbit A rate 5Mbit weight 0 5Mbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 tc class add dev eth parent 1 1 classid 1 4 cbq bandwidth 100Mbit 7 rate 3Mb
29. 6 1 120600 00 Linux 0000000000000 Pep EBL BL BL GL GL GE BL BL BL BE 7E EE IPveriililili dB WUuuutillll Linux IPv6 ciscopnnudgdgaddadaaadtattuitutututitiutiutiuttitt 0000 IPve I rmveniili rmveenmillilil 12891 100 32bid 000000 0000000 000000 2 100000000 340 282 266 920 938 463 463 374 607 431 768 211 465 T LIIPv6 T O 000 1000 QeSI 0 2002 836b 9820 0000 0000 0000 836b 9886 0 0 0000000000000000 00000000 H e Pv40 0 e 1 0000 I 2002 836b 9820 0000 0000 0000 836b 9886 D 0 0 2002 836b 9820 836b 9886 EL 0 0 000 00000000 3ffe 0000 0000 0000 0000 0020 34A1 F32C H 3ffe 20 34A 1 F32CT 0 0 0 IPv O0000000 00000 1 6bone IPv6 III IPv6 I D BUB BEL E IPv4 D E 000000 e 0000000 gibel e 0000000000000 Pedii
30. BGP 112 17 1 ZEBRA OSPF 112 174 1 000 113 17 1 2 Zebra 113 17 1 3 Zebra 115 180 00000 17 0 190 00000 19 200 120 Rusty Russell Alexey N Kuznetsov Google 1 00000 Casema Internet 0 00000 12 2 2 400000000000000 route D iproute 200000000 00000 Rusty Russell 0000000000 000000 HowTo 00000 uumnnpnnunauuggpgpuguiuiii UL 00000 HowTo III L 00000 0 00000000 CBQ init Lu uummnnpnnnuuuggpsuagguututl Copyright c 2002 bert hubert Gregory Maxwell Martijn van Oosterhout Remco van Mook Paul B Schroeder O 1E E D ED D Open Publication License v1 0 J UU 0 0 000 0 Open Publication License O 0000 httpz www opencontent org openpub O 2 2 HD DI N Rusty Russell networking concepts HOWTO Linux N
31. defaut 0000 00000 main 0000 ahughome ahu ip route list table main 195 96 98 253 dev ppp2 proto kernel scope link src 212 64 78 148 212 64 94 1 dev pppO proto kernel scope link src 212 64 94 251 10 0 0 0 8 dev eth0 proto kernel scope link src 10 0 0 1 127 0 0 0 8 dev lo scope link default via 212 64 94 1 dev John uuu uutlll 000000 JUUDUDUDDUUDUUDDDE tcproute2 t tables 00000 echo 200 John gt gt Jetc iproute2 rt tables ip rule add from 10 0 0 10 table John ip rule ls E rom all lookup local 32165 rom 10 0 0 10 lookup John 32166 rom all lookup mai 167 rom all lookup default ip route add default via 195 96 98 253 dev ppp2 table John ip route flush cache 000000000000 4 2 C SPDDT 12 e 2 1 Linux 000 112 ed uumnpnpnpnuggguauuill 1 0000 4 2 15 ISP IF1 POOO IP10 IF2 POOO 220 lU P10 2 000000 P20 0000 SPI O000 0C0OAOOD 00000 Sri n 0 20 00000 9 2 L3 E T20 000 Zetc iproute2 rt_tables
32. iproute2 Netfilter 80 00 L L 0000000 Squid nnn 10 0 0 1 naret NetFilter DU D 10 0 0 2 silom Squid 000 10 0 0 3 donmuang 00 Internet 000 10 0 0 4 kaosarn 8000000600 10 0 0 5 RAS D OL DL EL GI UI EF 10 0 0 0 24 10 0 0 0 19 M nterne donmuang M4 hub switch silom kaosarn RAS etc 0000 00 slom O O O O O donmuang 10 0 0 500 00000 web IU L all servers on my network had 10 0 0 1 as the default gateway which was the former IP address of donmuang router so what I did was changed the IP address of donmuang to 10 0 0 3 and gave naret ip address of 10 0 0 1 O00 squid i pchai ns slom 00 squid III OO D 31280 000000 3128000000 ipehais 00000 silom ipchains N allowl silom ipchains A p TCP s 10 0 0 0 19 d 0 0 80 j REDIRECT 3128 silom ipchains I input j allowl 0000 netfiter LH I silom iptables t nat A PREROUTING i ethO p tcp dport 80 j REDIRECT to port 3128 94 000000000000 squid EH E BH EJ EB E E E 0 Squid O D E E http squid nlanr net 000000000
33. skb te indexD O D D D D L mask value oonan New Ds field Old DS field amp mask value 000000 ds field 000000 O OC U 7 UU O 7 0 D DI Skb i hp tos D CDL ELECTI XD IET gt If you declare set tc index we set DS eus 0000 value into skb tc index variable i DS DD Ree Be Internal hobe wow resp D index gt Qdi sc PRERA V filterje te mask val ue gt 0 ed B eRSSMSM A s sS x ISA i sch dsmark lt tc index gt read may change Index to the mask val ue pairs table OE ue Cik m iiv Nuus ES Um QU irum Gan CS ES Ame S ES SEL skb tc index tc class change dev ethO classid 1 1 dsmark mask 0x3 value 0xb8 Omakvaue 1100000000 change 0 0 mask value 0000000 0 see table below 00 TC INDEX LL HL BL BLU UL D DLE DL UU D D TC INDEX 0000 28 000000 l 14 3 6 TC INDEX I TC INDEX 1 EB BLU U L tcindex hash SIZE mask MASK shift SHIFT pass on fall through classid CLASSID m POLICE SPEC UI Tc iNDEXHDDOUDUBDUBUBDUULU U l tc qdisc add de
34. 3 5 ARP 040 00 0000000 4 1 4 2 ISP 4 2 1 1 4 2 2 7777 50 5 1 5 2 IP IN IP 5 3 GRE 5 3 1 IPv4 5 3 2 IPv6 54 0 60 CISCO eBONE IPV6 l 6 1 0 70 IPSEC INTERNET IP 7 1 7 2 72 1 7 2 2 7 7 2 3 X 509 000 7 3 IPSEC 7 4 IPSEC 7 5 IPSEC Hl 7 5 1 Windows usu 0000 0 90 000000000 9 1 9 2 9 2 1 pfifo fast 9 2 2 7 01 U TBF 9 2 3 O O O O UO U SFQ 9 3 9 4 9 5 9 5 1 00 9 5 2 HIETEFI UT UL TE U CH FF FT HEU L FI E 9 5 3 PRIO 9 5 4 CBQ U 9 5 5 HTB Hierarchical Token Bucket J 16 18 9 6
35. Mase Russell P advanced router CONFIG IP ADVANCED ROUTER Y n IP policy routing CONFIG P MULTI PLE TABLES Y1 n use netfilter MARK value as rout ing key CONFIG ROUTE FWMARK Y n 002222000100 15 50 0000 Rusty 0 L3 r3 63 cuu u32 route rsvp rsvp6 5 O tcindex 00 psMARKDDDDBDDUUUULDULU protocol parent ugmnnpnpnpnugugggggmuututiiiiutututuunduutut prio ugummniligduguuumum llll 00 u32 000 1 12 preference priority PRIO parent tc filter add dev IF protocol PROTO vx 032 000 tc filter add dev ethO protocol ip parent 1 0 pref 10 u32 V 0 flowid 1 10 match u32 00100000 00ff0000 at tocol ip parent
36. proc sys net ipvA4 ip nonlocal bind proc sys net ipv4 ipfrag_low_thresh UU 1 proc sys net ipvA ipfrag time IPD I ELO D HL UU U XUI proc sys net ipv4 tcp abort on overflow 000000000000 0 00000000000 proc sys net ipv4 tcp_fin_timeout 000 000 0000000000 00 0 0 RST J l FN WAIT2T 0 60 00220000000 180000000000 0000000000 FIN WAIT 2 0000 FN Wart 1 000000000 5 0 0 0 tep max proc sys net ipv4 tcp_keepalive_time keepalive O O 0 keepalivel 1 LH D HL 0000 2000 proc sys net ipv4 tcp keepalive intvl 7500 proc sys net ipvA4 tcp keepalive probes 00000000000 00 0 0 TCP keepalive 0000000 90 00000 keepalive invi D E EH ED DH D D D D keepalive proc sys net ipv4 tcp_max_orphans TOP l l uuu
37. 10 O T1 000 route add 1 NET dev 1 1 src IPI table TI ip route add default via 521 table TI ip route add P2 NET dev IF2 src 6122 table T2 ip route add default via P2 table T2 ute add P1 NET dev IF1 src IPI EE E ute add P2 NET dev IF2 src 51 ip route add default via P1 a DL LE DL LE a a L3 L3 a L3 a a L3 L3 L3 L3 L3 L3 L3 L3 L3 ip rule add from ip rule add from 00000000 0 00000 00000 0000000 0 0 0000 21 225 0 ISPHHBLBLBL BL OL BL UL U D oute add default scope global nexthop via P1 dev 1 1 weight 17 5 weight 00000000000 lI L Julian Anastasov 00 D http www linuxvirtualserver org julian firoutes 00000 0 0 0 L 14 Linux 30 DD 0000 IP in P DD D Dump s 211 O Ll 211 O 2 11 O 211 O 70759420 E EI m cs t EE ES EE EXE basti ELSE a EE EL ES c O a a 05 r3 a 0 1 E EST a ESI E ESy Et Ex E ES E ES ES EST EE ESL ESI Pa he P Br E 00000 Linx 0000000000000000
38. cd usr src linux make menuconfig 00 Networking Options The IPv6 protocol IPv6 enable EUI 64 token format IPv6 disable provider based addresses ver 0000 Makefile EXTRAVERSION x EXTRAVERSION x IPv6 usr src linux README ut sbin ifconfig a 1 si device 0 0O SIT FH D 0000 00 Internet Simple Internet 0000000000000 IP uuu ulullll UUDDDDUDUDUDUDDDUUDUDUDDDUUDUDUDDUUUDUUDUDDUDUUUDUDU ugagagmagauarlu ebose Dn d B BH d UO 000 0 000 0 0 B 7I 0 gEgdE uiiL 0 Ive 3ffe 604 6 8 64 L 00 00 1 O UUDDUUDDUUD A4IJDDUUDDUUUDUDUD Iva4L tu 00 IPv4 O O 145 100 24 181 6bone O O O O IPv4 O O 145 100 1 5 ip tunnel add sixbone mode sit remote 145 100 1 5 local 145 100 24 181 ttl 255 iplink set sixbone up ip addr add 3FFE 604 6 7 2 126 dev si ip route add 3ffe 0 16 dev sixbone UUDDUUDDUUuD 100000000000 sixbone D LU DU J U sit U IPv4 000 IPve t D HU 7B UUL D 7B U EH U HEU IPIJTILII 000 255 0000
39. to the best effort packets Note that in CSZ flows are NOT limited to their bandwidth It is 82 supposed that the flow passed admission control at the edge of the QoS network and it doesn t need further shaping Any attempt to improve the flow or to shape it to a token bucket at intermediate hops will introduce undesired delays and raise jitter 0 00 000 LL DLL DI 0000 0000000 0 0 0 14 3 DSMARK Esteve Camps mar vi nggr n 5 gt 0000000 20000 9000 Linux 7 Qosg 7 D D B U U 000 00000 Draft almesberger wajhak diffserv linux 01 txt iproute2 L D LI LU LI U 00500 QoSI LH DILDO EE EL EL D IP QeSTEITITIETI 0 D D 0 0 Esteve Camps esteve G hades udg es 14 3 1 0000000000 DiffServ 1 1 1 1 Werner Almesberger ID D Linux Differentiated Services 0 O0 000 00000060 RFC RFC2474 RFC2475 RFC2597 RFC2598 14 3 2 Dsmark D DDD Dsmark ED D H1 D 0 0 Differentiated Services DiffServ O l DS D H1 U D D DiffServ 000 Qos HH OO DLE GO DU D D Integrated Services IPIE DSTI D U Hl HL D LI U pom uttb Lu 00000000000000000000000000
40. uUuuuuuuuun 0 0 0 000 MODEM 71 0000 000 tc qdisc add dev ppp root sfq perturb 10 1 5 1 qdisc 15 qdisc sfq 800c dev quantum 15146 limit 128p flows 128 1024 perturb 10sec Sent 4812 bytes 62 pkts dropped 0 overlimits 0 0000 0000 800 0000000000 0000 0 07 mi OD D DI U U D UE U uu 2800000000000000 10400000000000 000 128000000 01 more packets in the queue 10000 0 0000000 3 3 14 00000000 0 umummnpniuluuuuuumiu bidldtluuurur uumnnpnbnauugggaguiii LU coc a0 p cc uc 0 0 Lr 0 00 0060 0000 fifo 000 0 pfifo fast aoco Er Er Er aoco Er Er Er gagn prr Er Er rrr o r3 L3 r3 o r3 r3 r3 r3 o r3 L3 r3 o r3 acg saa nc 42 draft ietf diffserv model 06 txt Diffserv 7 LJ LI LE http www ietf ore internet drafts draft ietf diffserv model 06 txt 0000 000000 Gngress O 00000 0
41. 00000 ip link set netb down ip tunnel del netb 0000000 netb nean BEBO D LU D D 5 3 2 ven nuu 600 100 UO U D LU U seneQ DO UE U D LI U Network 3ffe 406 5 1 5 a 2 1 96 IPv4 O O 172 16 17 180 6bone O O O O IPv4 0 O 172 22 23 24 ip tunnel add sixbone mode sit remote 172 22 23 24 local 172 16 17 18 ttl 255 ip link set sixbone up ip addr add 3ffe 406 5 1 5 a 2 1 96 dev sixbone ip route add 3ffe 15 dev sixbone O00000000000000000 sibone 000000000000 00 IPv4 10000 remote local 0000 1255 3ffe 15 0000 O 6bone 000 Linux O OUUU l PPTPO umnmnagguililil umummnpnillidH dd mtt L3 L3 L3 L3 C3 L3 L3 LC L3 L3 LC m Lb e O O H H H H H ogag H Marco Davids marco sara nl NOTE to maintainer As far as I am concerned this IPv6 IPv4 tunneling is not per definition GRE tunneling You could tunnel IPv6 over IPv4 by means of GRE tunnel devices GRE tunnels ANY to IPv4 but the device used here sit only tunnels IPv6 over IPv4 and is therefore something different
42. D D digest J 551 dgst upstairs public stairs public z 78a3bddafb4d681c1ca8ed4d23da4ff 1 0 0 0 0 00000000 00000000 000 1 3 000000000000 PSEC transport 0 00000000000 UUUDUD UU 1 IPSEC LL 0 0 B0 B B B D C C U UO D D D D U LI LI 00 tunnel mode U B B D EDI 1000216 1000 11 O0 D BL DE U HL U U 10 0 0 0 24 130 161 0 0 16 1 H B E H 00000 00 0 sbin setkey f flush spdflush add 10 0 0 216 10 0 0 11 esp 34501 m tunnel E 3des cbc 123456789012123456789012 spdadd 10 0 0 0 24 130 161 0 0 16 any P out ipsec esp tunnel 10 0 0 216 10 0 0 11 require 000 m tunnel 0000000000000 00 00 00 00 2160 10 0 0 11 10 ESP SA ugulyseustylistlitiulstiti 0000 10 0 0 0 24 130 161 0 0 16 O 100 0 11 10 0 0 uuu spdflush add 10 0 0 216 10 0 0 11 esp 34501 m tunnel E 3des cbc 123456789012123456789012 spdadd 10 0 0 0 24 130 161 0 0 16 any P in ipsec esp tunnel 10 0 0 216 10 0 0 11 require 00000000000000 000
43. OSPF
44. L L B B E U 000 inet peer threshold 00 proc sys net ipv4 inet_peer_threshold pool jif es The approximate size of INET peer storage Starting from this threshold entries will be thrown aggressively This threshold also determines entries time to live and time intervals between garbage collection passes More entries less time to live less GC interval proc sys net ipv4 ip autoconfig I I i RARP BOOTP DHCP orn proc sys net ipv4 ip_default_ttl Gallu lH 0000000 0 0 0 0 proc sys net ipv4 ip_dynaddr 74 proc sys net ipv4 ip_forward proc sys net ipv4 ip local port range ugugpomiuuDEuguuautuuubrtuttut1024 49990 proc sys net ipvA ip no pmtu disc O00000 00 MTUO00 00000 00 0000 MTU UODO O Cookbook proc sys net ipv4 ipfrag_high_thresh 0 0 UWhen thresh bytes of memory is allocated for this purpose the fragment handler will toss packets until ipfrag low thresh is reached
45. VC ATM 14 8 WRR WEIGHTED ROUND ROBIN l 50 0000 15 1 SLA SYN ENE 15 3 DDoS ICMP 15 5 NETFILTER IPROUTE2 SQUID WEB 15 5 1 0000 0000 15 6 PMTU MTU DD 15 6 1 0000 15 7 PMTU MSS ADSL cABLE PPPOE PPTP 15 8 000 000 15 8 1 000 00 00000 15 82 000 0 15 8 3 0 0 15 9 15 10 Qos 82 83 15 101 777777777 104 15 102 00000 106 15 103 7000 107 15 104 00000 00000 00 108 160 0000000 109 16 1 IPTABLES 109 16 2 109 16 3 ARP 109 16 3 1 ARP ARP 110 16 3 2 4T 17 110 0 170
46. default Defaur D 0000000 0000 proc sys net ipv4 conf DEV accept_redirects 0 00 ICMP J lI l proc sys net ipv4 conf DEV accept_source_route 000000 PU Linux 00000 proc sys net ipv4 conf DEV bootp_relay 0000 Ob di III 00000 2212000000000000 proc sys net ipv4 conf DEV forwarding proc sys net ipv4 conf DEV log_martians I Um PIE Reverse Path Filtering proc sys net ipvA4 conf DEV mc forwarding uumnpnpnpanaugggauuull proc sys net ipvA conf DEV proxy arp 00000 0000000000000000000 ARP 00000000 00000000 0 000 00000 00000 ARPO OD 16 3 ARP proc sys net ipv4 conf DEV rp filter 0 Reverse Path Filtering proc sys net ipv4 conf DEV secure redirects proc sys net ipv4 conf DEV send_redirects 78 proc sys net ipv4 conf DEV shared_media UUIDUDDUDDUDUDDUDUDUDUDUDBDUDBDDUDDUDBDDUDDD vest proc sys net ipv4 conf DE V tae LU 0O fill this in 13 2 3 0000 Dev all 1D default default
47. iptables t mangle A PREROUTING mtos tos Maximize Throughput j MARK set mark 0x6 iptables t mangle A PREROUTING m tos tos Maximize Throughput j RETURN 0000 00000000 iptables t mangle A PREROUTING p tcp sport 22 j MARK set mark 0 1 iptables t mangle A PREROUTING p tcp tcp sport 22 j RETURN 00 0 00 00000 svuntiutiti iiilitutuuuu iptables t mangle 1 PREROUTING p tcp mtcp tcp flags SYN RST SYN j MARK set mark 0x1 iptables t mangle I PREROUTING p tcp tcp tcp flags SYN RST SYN j RETURN PREROUTING 0 O0 00 mangle E EE BE BE B U UU D D PREROUTING iptables t mangle A PREROUTING j MARK set mark 0 6 r15nnpmla utuiuiibritt uBmagagupBmuauHuuaun A OUTING OUTPUT 0 0 0 Linux j MARK set mark 0x3 PREROUTING D U dou OUTPUT 15 10 52 AERE 1 13 handle 130 sfq perturb 10 107 tc qdisc add dev ethO parent 1 14 handle 140 sfq perturb 10 tc qdisc add dev ethO parent 1 15 handle 150 sfq perturb 10 15 10 4 000000000000 0000 00 tL etc nitd packetfilter 0O U LU l start stop stop tables start tables reload tables O0 00000000000 H H OH HBBHBH OHB8 IHIIBJdIJTIXIZAH BH letc network iptables rules 0 ipta
48. 0O fill this in proc sys net ipv4 route min delay UU autub ut proc sys net ipv4 route min pmtu fill this in proc sys net ipv4 route mtu expires fill this in proc sys net ipvA route redirect load 1 load 0000 0000000 proc sys net ipv4 route redirect_number 0 proc sys net ipv4 route redirect load proc sys net ipv4 route redirect silence u uggaggoaogggumgaggmgaguagmugmudiagtdutubgutl ODO load number 000060 81 uumnmnpnpnpnpudgdagu U L 14 1 bfifolpfifo 14 1 1 00000 limit UUDDUUDDUUunDuU l btifo l 000000 txqueuelen 00 0 txqueuelen mtu O O 0 U 00 n DO U B OLB DI 0000 u t pfifo fast O 1 OL L1 bfifo 14 2 Clark Shenker Zhang O O CSZ UUDDUUDDUuDUDDUUUDUDUD AlexeyCBQ 0000000000000 UUUUUDUUDUUDUUUDUD David D Clark Scott Shenker Lixia Zhang JJJ U LU LU UO LL UL LL LU IU LI U EH LI uuaggagBuabuuluutiluiululuiiulii Ll u uu uuiutllutlut flow 0 Flow 0 000 00 best effort traffic TB D DU EL EL OL 7 EL D D UU E 0000000 As understand it the main idea is to create WFQ flows for each guaranteed service and to allocate the rest of bandwith to dummy flow 0 Flow 0 comprises the predictive services and the best effort traffic it is handled by a priority scheduler with the highest priority band allocated for predictive services and the rest
49. 2 protocol ip u32 divisor 256 tc filter add dev ethl protocol ip parent 1 0 prio 5 u32 ht 2 7b 7 match ip src 1 2 0 123 flowid 1 1 tc filter add dev ethl protocol ip parent 1 0 prio 5 u32 ht 2 7b 7 match ip src 1 2 1 123 flowid 1 2 tc filter add dev ethl protocol ip parent 1 0 prio 5 u32 ht 2 7b V match ip src 1 2 3 123 flowid 1 3 tc filter add dev ethl protocol ip parent match ip src 1 2 4 123 flowid 1 2 mm 0 prio 5 u32 ht 2 75 123000000 1 2 0 123 1 2 1 123 1 2 2 123 1 2 3 123 0000 000000 r1 120 130 2000000000 1600000 ox b O 1230 tc filter add dev ethl protocol ip parent 1 0 prio 5 u32 ht 800 7 match ip src 1 2 0 0 16 hashkey mask 0x000000ff at 12 V Lu 000 Lu Lu link 2 800 120 130 140 150000000 ugmnpnnnunuuunnnpnpnuuuumunmnmnpBppBp2H 0000 71 99 we don t call this the Advanced HOWTO for the fun of it LU 00000 0 D Linux D 00 E 0 00 0 Documentation filesystems proc txt 00 by 0 IP DD Internet 00000000000 Lu 000
50. 76 proc sys net ipv4 tcp retries1 uumnpnpnpnuggpuauulull 3 30 8 proc sys net ipv4 tcp_retries2 TCP 100000000 proc sys net ipv4 tcp_rfc1337 RFC13370 000 timewait 000 time wait TCPO l RSTDDDODLU 00 proc sys net ipv4 tcp sack ACKI UD UU CU UU UL proc sys net ipv4 tcp stdurg ug BSDII I 000000 Linux DH B B BLBELELE EE EE EE EE BE EB EB EB EB B B B EB BE FALSHI R RFC 1122 D 5 13 30 0000000 00000 0000000 00000 proc sys net ipv4 tcp syn retries SYNIII IU Ll proc sys net ipvA tcp synack retries SYN 00000 SYN A proc sys net ipv4 tcp timestamps proc sys net ipv4 tcp_tw_recycle proc sys net ipv4 tcp window scaling 0000 65535 ULU 00000000000 rnm L 0 77 13 2 2 DD DD UD
51. LI U IKE D 1 U l 26 000 7230 path pre shared key remote anonymous exchange mode aggressive mai n doi ipsec doi situation identity only my identifier address lifetime time 2 min sec mi n hour proposal check obey obey strict or claim proposal encryption algorithm 3des hash algorithm shal authentication method pre shared key dh group 2 sainfo anonymous pfs group 1 lifetime ti me 2 min encryption algorithm 3des authentication algorithm hmac shal compression algorithm deflate ugmnpnpuuuumnnnnnanuguugpgguuluuiiggggdgu lulu uumnpnpnpnugugpnpuguugugupgggguumumumnpumsmnpnpBpaagu uumnnpnnnugggpuauiuutii UL uuu my_identifier address L D 00000 D psk txt O psk exc 0 10 0 0 11 10 0 0 216 password 10 0 0 216 10 0 0 11 password 000000000 root l HBHHUI U HUD segnali 10 0 0 216 0 3DES shai HD DD DO D BL BLEU l 06000 0 reoo n n DD DD d L3 r3 27 isbin setkey f flush ush spdadd 10 0 0 216 10 0
52. O 000000000 0 proc sys net ipv4 neigh DEV anycast delay 10000 Linux 0000 anyeast proc sys net ipv4 neigh DEV app solicit 00 000 proc sys net ipv4 neigh DEV base_reachable_time 0000 REC2461 0 0000000000000 proc sys net ipv4 neigh DEV delay first probe time ac stale time proc sys net ipvA neigh DEV gc stale time 00000 1 00000000000000 2000 ucast_solicit Uu 0000000000000 000 ARPDULDLDUU UL mcast solicit OL D L L DU U ARP I proc sys net ipv4 neigh DEV locktime D D ARP neighbor locktime D EH B B B B U U D D D 0000 ARPHDIDUU UU proc sys net ipv4 neigh DEV mcast solicit uuu ttulu proc sys net ipv4 neigh DEV proxy delay 000 ARPDHETBLBL BEL BLU DEDE DI 000 0 proxytime l O0 O D U LU JULI proc sys net ipv4 neigh DEV proxy 79 ARPIIE UD D U D proxy_delay proc sys net ipvA4 neigh DEV retrans time E Neighbor Solicitation O O D DH E E D L jiffies 1 1000 0 uuguuuulbliututdatLbtLl proc sys net ipv4 neigh DEV ucast solicit UU pgaouuub ut proc sys net ipv4 neigh DEV unres qlen 00000 0000000 000000000 ARP be accepted from other layers while th
53. O Linux TCP IP 00000000000000000 00000 10 2 William Stearns 1 UO0ONON0NDUO D 0 HOWTO HH B HH B BE BE BE DE 7E DE D D 61 E Rusty Netfilter 00000060 00000000000000 000 set mak D U 0 0 l 00000000000 0 25 0 0 iptables A PREROUTING i eth0 t mangle p tcp dport 257 j MARK set mark 1 1 0 ech 0 201 mail out gt gt Jetc iproute2 rt tables rule add fwmark 1 table mail out rule roma ookup local rom all fwmark 1 lookup mail out rom a ookup main rom a ookup default uggauuduatuttuttutlututututL tL mai eut L LU U sbin ip route add default via 195 96 98 253 dev pppO table mail out netfilter 000000000 main I I IPNU UU l 00000 warm 00700 0 LU
54. bechtl e de gt Jacek Glinkowski lt j gli nkow amp percnt hns com gt Andrea Glorioso sama amp percnt perchetopi org gt Nadeem Hasan lt nhasan usa net gt Erik eri k amp percnt hensema xs4all nl gt Vik Heyndrickx vi k heyndri ckxgedchg com gt Spauldo Da Hippie spaul do amp percnt usa net gt Koos van den Hout koos 2 1005 xs4all nl gt Stefan Huelbrock shuelbrock amp percnt datasystems de Alexander W Janssen amp yalla amp percnt ynfonatic de Gareth John gdjohn amp percnt zepler org Dave Johnson dj uk i nux org Martin Josefsson gandalf amp percnt wlug westbo se Andi Kleen ak amp percnt suse de Andreas J Koenig andreas koenig amp percnt anima de Pawel Krawczyk kravietz amp percent alfa ceti pl Amit Kucheria lt amitk ittc ku edu gt Edmund Lau lt edlau amp percnt ucf ics uci edu gt Philippe Latu lt philippe latu amp percnt linux france org gt Arthur van Leeuwen lt arthurvl amp percnt sci kun nl gt Jose Luis Domingo Lopez lt j domi ngoQ24x7l i nux com gt Jason Lunz lt j cc gatech edu gt Stuart Lynne lt sl fireplug net gt Alexey Mahotkin alexmQ formulabez ru gt Predrag Malicevic lt pmalic ieee org gt Patrick McHardy lt kaber trash net gt Andreas Mohr lt andi amp percnt lisas de gt James Morris lt jmorris intercode com au gt Andrew Morton lt akpm zip com au gt Wim van der Most
55. eth0 thl BROADCAST MULTI CAST PROMISC UP mtu 1500 qdisc pfifo fast 100 ink ether 00 0 4 39 24 78 brd ff ff ff ff ff ff 3764 0 POINTOPOI NT MULTI CAST NOARP UP mtu 1492 qdisc pfifo fast 10 RR nk ppp inet 212 64 94 251 peer 212 64 94 1 32 scope global ppp ugugmamuamudamsudmpidmgiuzmblutt inet O Internet IPv4 O L 0O uuguasttdtuilu 0000 0000 ttl O 10 0 0 180 LH 0 00000 18 00000 320 bant 2458000000 10 0 0 OO 860 10900000000 000000000 255 0 0 00 0 1 0 IP 0 L1 0 0 1 bit I 10 250 3 13 0 00000 ethol D D D 00 10 00 10 D LU O mn 3 4 3 0 ipn DB D Uuiulumuiuuuliuuiutulu ELE ET Internet 212 64 94 1 00000 000 ahughome ip route show 212 64 94 1 dev pppO proto kernel scope link src 212 64 94 251 10 0 0 0 8 dev eth0 proto kernel scope link src 10 0 0 1 127 0 0 0 8 dev lo scope link default via 212 64 94 1 dev 10 x y z DU U 00 212 64 94 10 ppp 0000 p 00000 L1 E L L1 L1 00000000000 40000000000 ip address show 00 212 64 94 1 DD D lU 00 00000 000000 route O00 000000 ahughome ahu route
56. protocol 1 in the interactive class 1 10 so we can do measurements amp impress our friends tc filter add dev DEV parent 1 0 protocol ip prio 11 u32 V atch ip protocol 1 Oxff flowid 1 10 To speed up downloads while an upload is going on put ACK packets in the interactive class E ter add dev DEV parent 1 protocol ip prio 12 u32 1 tch ip protocol 6 Oxff V tch u8 0x05 0 0 at 0 V match ul6 0x0000 OxffcO at 2 V C W tch u8 0x10 Oxff at 33 V id 1 10 rest is non interactive ie bulk and ends up in 1 20 tc filter add dev DEV parent 1 protocol ip prio 13 u32 match ip dst 0 0 0 0 0 flowid 1 20 HHHBRHHHHRE downlink slow downloads down to somewhat less than the real speed to prevent queuing at our ISP Tune to see how high you can set it ISPs tend to have huge queues to make sure big downloads are fast attach ingress policer tc qdisc add dev DEV handle ffff ingress filter everything to it 0 0 0 0 0 drop everything that s coming in too fast tc filter add dev DEV parent ffff protocol ip prio 50 u32 match ip src 0 0 0 0 0 police rate DOWNLINK kbit burst 10k drop flowid 1 0000000000 ppp JII 0 0 101 000 15 8 3 O00000 HTB umgugaguggruippimlgyduadaulutuuiuudealtututitululutluLt bin bash The Ultimate Setup For Your Internet Connection At Home Set the following
57. rr aaan LE Lic rr CJJ 97 15 7 O PMIUD DDD DD MSS 0 00 0 ADSLOcabi e PPPoE BI PPEP ID PMTU 1500 00 5 0 0 00 PPPoE J J J 0 0 um pggdguuuuuu MTUTI LH LU LU DL LU 100 MSS Maximum TCP O Roaring Penguin 0 Lr Lr Lr LU UU 0000 5 00000 ICMP hack U 0 l 000 000 iptables 1 2 1a Linux 2 43 000000000 ables A FORWARD p tcp tcp flags SYN RST SYN j TCPMSS clamp mss to pmtu 5 00000000000 ables A FORWARD p tcp flags SYN 5 SYN j TCPMSS set mss 128 umm 55 1280000000000 VolP t 15 8 0000000000000 00 Note This script has recently been upgraded and previously only worked for Linux clients in your network So you might want to update if you have Windows machines or Macs in your network and noticed that they were not able to download faster while others were uploading Ssgimnepnnnnnii iti ltl 200 5 00
58. selected route FIB route K 0 0 0 0 0 via 192 168 0 1 ethl C 127 0 0 0 8 is directly connected lo O 172 17 0 0 16 110 10 is directly connected eth0 06 21 53 C 172 17 0 0 16 is directly connected eth O 192 168 0 0 24 110 10 is directly connected ethl 06 21 53 C 192 168 0 0 24 is directly connected ethl atlantis show ip ospf border routers k 11 OSPF router routing table R 192 168 0 253 10 0 0 0 0 ABR via 192 168 0 253 ethl 10 area 0 0 0 1 ABR via 172 17 0 2 eth 115 00000 O L rootQomega ip route 212 170 21 128 26 dev eth0 proto kernel scope link src 212 170 21 172 192 168 0 0 24 dev ethl proto kernel scope link src 192 168 0 1 172 17 0 0 16 via 192 168 0 2 dev ethl proto zebra metric 20 default via 212 170 21 129 dev eth0 proto zebra root 0 zebra 0000 0 zebra ospfa E E E LU I LI D 000 zebra 0 00 000 cpdump i ethl ip 9 89 0000 OSPFI II I I I 8000000000 900000 00000 00000 000 00000 16 117 000 LU 0 van 0000000000
59. values to somewhat less than your actual download and uplink speed In kilobits DOWNLI NKz800 UPLI NK 2220 DEVzppp0 clean existing down and uplink qdiscs hide errors tc qdisc del dev DEV root 2 dev null gt devi nul tc qdisc del dev DEV ingress 2 dev null gt dev nul uplink install root HTB point default traffic to 1 20 tc qdisc add dev DEV root handle 1 htb default 20 shape everything at UPLINK speed this prevents huge queues in your DSL modem which destroy latency tc class add dev DEV parent 1 classid 1 1 htb rate UPLINK kbit burst 6k high prio class 1 10 tc class add dev DEV parent 1 1 classid 1 10 htb rate UPLI NK kbi burst 6k prio 1 bulk amp default class 1 20 gets slightly less traffic and a lower priority tc class add dev DEV parent 1 1 classid 1 20 htb rate 9 UPLI NK 10 kbit V burst 6k prio 2 both get Stochastic Fairness tc qdisc add dev DEV parent 1 10 handle 10 sfq perturb 10 tc qdisc add dev DEV parent 1 20 handle 20 sfq perturb 10 TOS Mini mim Delay ssh NOT scp in 1 10 tc filter add dev DEV parent 1 0 protocol ip prio 10 u32 V match ip tos 0x10 Oxff 1 10 ICMP ip protocol 1 in the interactive class 1 10 so we can do measurements amp impress our friends tc filter add dev DEV parent 1 0 protocol ip prio 10 u32 V atch ip protocol 1 Oxff flowid 1 10 To speed up downloads while an upload is goin
60. 0 00 0000 00 00 00 00 0000 E 0 15 which is currently all of 6bone 00000000000 000000 emvernituitululullutblutbutltu echo 1 gt 1 ng usr local sbiniradvd 00000 0 00000 IPv6 J DUUDDUDUDDUUDDUUDDUUDDGUuUDUUDDUUuDUDuuDUDuuDnUu 00 sbinlip f inet6 addr 0000 Linux 0 Pved OOO radvdl I III l Ier 00000000 sbinlip f inet6 addr 1 lo LOOPBACK UP mtu 3924 qdisc noqueue inet6 1 128 scope host 3 eth0 BROADCAST MULTI CAST UP mtu 1500 qdisc pfifo fast 100 inet6 3ffe 604 6 8 5054 4cf f fe01 e3d6 64 scope global dynamic valid Ift forever preferred Ift 604646sec inet6 fe80 5054 4cf f fe01 e3d6 10 scope link IPv 6 I J U 000 in addrarpa 0 0 0 O 000 0000000000 ssh telnet Mozilla O 0 O Apache WEB U uagguaudutuatuutelutlutututL 00 interface Tunnell description IPv6 tunnel no ip address no ip directed broadcast ipv6 address 3FFE 604 6 7 1 126 tunnel source Serial tunnel destination 145 100 24 181 tunnel mode ipv6ip route 3FFE 604 6 8 64 Tunnell 000000 dispesa 0 Internet O D D 00000000
61. 0 JDUDDDD route E EL D I main local 00000 hughome ahu ip rule list m ookup local 32166 roma ookup main 32167 0m a ookup default ugugaggaBmuapuuluuluuliliuiiuliuiiutii ull from all 0 D E E C C E DU 0 main O 00 0 ip route Is E local default L L DU uumnnnnnuugguggpnpnpaauagggpgggugii dg dud ull 00000 0000 ip cref Lu 00000 00000 Alexey O J Cable Modem 0000 0 0 Linux 0000000 J I U U LU U 0 D Cable Modem cable modem IP O O 212 64 94 251 PPP 1 JI L PU 0 cable modem IP O O 212 64 78 148 000 195 96 2530 local ahughome ahu ip route list table local broadcast 127 255 255 255 dev lo proto kernel scope link src 127 0 0 1 ocal 10 0 0 1 dev ethO proto kernel scope host src 10 0 0 1 broadcast 10 0 0 0 dev ethO proto kernel scope link src 10 0 0 1 ocal 212 64 94 251 dev pppO proto kernel scope host src 212 64 94 251 broadcast 10 255 255 255 dev eth0 proto kernel scope link src 10 0 0 1 broadcast 127 0 0 0 dev lo proto kernel scope link src 127 0 0 1 ocal 212 64 78 148 dev ppp2 proto kernel scope host src 212 64 78 148 ocal 127 0 0 1 dev lo proto kernel scope host src 127 0 0 1 ocal 127 0 0 0 8 dev lo proto kernel scope host src 127 0 0 1
62. 0 11 ransport require esp t spdadd 10 0 esp transpo O 10 0 0 11 sbin set flush ush spdadd 10 0 0 11 10 0 0 216 ransport require esp t spdadd 10 0 0 216 10 0 0 11 ransport require esp t 00000 5 ey 0 11 10 0 0 216 rt require f any any any any P out ipsec P in ipsec P out ipsec P in ipsec WgHBWgBEBED racoon HH H BH BH D E E E E E 10 0 0 11 10 0 0 216 telnet O O racoon E LH L L L mp phlbegin 6 500 2210 heck vendori Oakley skeyi ne by the pe g phlestabli 0 0 11 500 recvadd 12 18 44 INFO isak request for 10 0 0 11 queued d 12 18 44 INFO isakmp c 794 i5a phase 1 negotiation 10 0 0 21 12 18 44 INFO isakmp c 799 i5a 12 18 44 FO vendorid c 128 c racoon 12 18 44 NOTIFY oakley c 2037 the proper pskey try to get o 12 18 44 INFO isakmp c 2417 1lo established 10 0 0 216 500 10 12 18 45 INFO 938 negotiation 10 0 0 216 0 lt gt 10 0 0 11 0 12 18 45 INFO pfkey c 1106 pk ESP Trans 12 18 45 INFO pfkey c 1318 Transpor mp ph2begin mp c 1689 isakmp post acq d d er 5 0 mp phlbegin uire 54 ue to no phasel found il initiate new 0 11 500 i begin Aggressive mode received Vendor D couldn t find S addres
63. 00 10 11 l ehon L 0100000 20000 00000 80M0 0 00000 10 11 l eno I IO 2000000000 IP 1020 00000 dev tc filter add dev ethO parent 10 0 protocol ip prio 1 u32 A match ip dst 4 3 2 1 32 flowid 10 1 tc filter add dev ethO parent 10 0 protocol ip prio 1 u32 A match ip src 1 2 3 4 32 flowid 10 1 tc filter add dev eth protocol ip parent 10 prio 2 flowid 10 2 000 4321000 1234 0 00 matchi DD D 12340 sog 000000000000 tc filter add dev ethO parent 10 0 protocol ip prio 1 u32 match ip src 4 3 2 1 32 match ip sport 80 Oxffff flowid 10 1 3 6 2 1 ELO OE CE CE UE UE UI tc filter add dev eth0 parent 1 0 protocol ip prio 1 u32 000000 32 0000000000000000 DT D 7C UI UI LU 0000 match ip src 1 2 3 0 24 00000 match ip dst 4 3 2 0 24 00 32 0000000 0000000000 IP DI DI O match ip sport 80 O match ip dport 80 Oxffff 00 IP tcp udp icmp gre ipsec etc protocols L 0000 000 iemp 10 match ip protocol 1 Oxff O O fwmark 00000 ipehains iptables T HL UD HL B U D E OU D D UE D UO D DI
64. 000 20000000060 00000 0060 000 000 00000 imq0 es t mangle A PREROUTING i eth0 j IMQ todev 0 0 tabl ip link set img up iptables IMQ I O U U D J PREROUTING POSTROUTING mangle 0000000 IMQ todev n n D J O ip tables E EE EB BE E UE LE D D uauu uiiubtiulututurLtrl IM 0000 ima 00000000000 netfilter O O iptables 00000 enum nf ip hook priorities PRI FIRST INT MI PRI CONNTRACK 2 PRI MANGLE 150 PRI NAT DST 100 PRI FILTER 0 AP PRI NAT SRC 100 PRI LAST INT MAX N 00 n n r n n n CO o o o o 1 1 1 1 imal PRI 000 0000 PREROUTING 0 mangle 00000 ima l J 0 imq L LU NF IP PRI LAST U U LJ D D B LU U filter L L 000000000 000 000 59 TEOL I 0 LU uuu pone a sas jo GE insons i 00000000000000 E HH HDD 10000 2 00000 uggmumumumumumuuumumumumumumugHuuuuuuduauguuucr uiulBt 00000 ethl etha 0000000 00000000 00000000 00 tc qdisc add dev ethl
65. 000 0 uuum IOS Committed Access Rate 000 000000 cisee D E U E U 00000 uau uuatgtutututatbtLul Docum Stef Coene 0000000 000 BUGU Illustrated volume 1 W Richard Stevens ISBN 0 201 63346 9 0000000 TCPIP LJ DL DB D 7 7U 7U 7 7 LU D 00 copy paste 0 LU DB BB B LU 7 DE D HOWTO LU LU DU LI EL DI L3 Lc 119 120 HOWTO 1000 UH Netfilter Junk Alins lt j uanj o mat upc es Joe Van Andel Michael T Babcock lt mbabcock fibrespeed net gt Christopher Barton lt uc edu Ard van Breemen ar d amp percnt kwaak net gt Ron Brinker servi ce amp percnt emci s com ukasz Bromirski I bromi rski mr 0vka eu org Lennert Buytenhek buytenhggnu org Esteve Camps est eveghades udg es Stef Coene stef coenegdocum org Don Cohen don lartc amp percnt isis cs3 i nc com Jonathan Corbet lt wn amp percnt wn net gt Gerry N5JXS Creager gerry amp percnt cs tamu edu Marco Davids mar coQsara nl gt Jonathan Day lt 19812 dej a com gt Martin aka devik Devera devi k cdi cz gt Hannes Ebner lt he f li 11 de Derek Fawcus df awcus ici sco com Stephan Kobold Gehring St ephan Gehri ng
66. 0000 00000 0 Liu 00 IGMP I 1000 200 0000 0000000 0000 000 000 0 00 0 0 0 00 0 0 0 0 IGMPI DLD UL 000000000000 0 0 III 0 0 0 0 0 umgugaauguBuHiuuuuduuuuuiuuiuaubibituiuiuiuullttLt 0 00 0 00 000 0 0 0 0 00 0 0 0 0 00 ip route add 224 0 0 0 4 dev ethl 00000000000 00000 Linux echo 1 gt forward 0000 00000000 0000 0000 224 0 0100 0000000 ping c 2 224 0 0 000 Lu uu 34 Lu To Be Continued Uim 00000 Linux 2 2 2 4 L3 Lr gt bytels mbps 1024 kbps 1024 1024 bps mbit 1024 kbit gt kilo bit s gt byte mb 1024 kb 1024 1024 b mbi t gt kilo bit besh bD EU D LI 1024 kbit 0 0 000000000000 gt bytels 1Mbit 1024 Kbit 1024 1024 bps 0 0 0 02020 36
67. 0000 00000 0000 0 0 lt 100Mbes O DL 000 U 0 0 ADSL CABLE Intenet 000000000000000 00000000000000 000 Internet D H1 U D LI O O RED Random Early Detection andom Early O O 00 00 00000000 00 backoff 0 EXPE agn 0 200 000 O00 2go an L3 pr L3 mp L3 p L3 mp L3 p Lr LL min max burst Min LH E LU L L 000000000000 burst 0000000000000 min 0 0 0 urst 0 REDO LJ U D U D L Burst 100 00 0 min avpkt O UU LU min min max 3 avpkt 000 limit avpkt Limit O JII Ul limit O max D D D Avpkt 000000 MrU 1500 O Internet O O O 10000000 UO D D ED Sally Fleyd Van Jacobson 0 0 LLL LI EI aaoo aw Lr aaan LE 14 6 GRED Generic Random Early Detection 0000000 88 U Diffserv tcindex CISCO Dave Clark RIO ll l l 0 0 get Jamal or Werner to tell us more VCI ATM D 1
68. 00000 0 Did 0 00000 80000 CO D U DU temei A D D U new_tunnel o 0000 gt 1 lt 1 1 55 255 255 000 0 0 1 1 0000 000000 172 16 17 180 0000 55 255 255 0 000 0 0 2 1 0000 000 172 19 20 21 00 ADD 000000000 Interneti 00000000 0000000000 insmod ipip o insmod new tunnel o ifconfig tunl0 10 0 1 1 pointopoi nt 172 19 20 21 route add net 10 0 2 0 netmask 255 255 255 0 dev BUDUDDUDUUUUUuu ifconfig 10 0 2 1 pointopoint 172 16 17 18 route add net 10 0 1 0 netmask 255 255 255 0 dev tunl0 ifconfig tunl 0 down Ulli dgduutut IP in IPP 0000000 IPver 00000000 uggmumumumumumumumummiiH 130000000000 Linux O IP in IP HH HL BHL HB HL BL BL HL HL B HL HL HE HE HE 0 0 00 0 0 0 0 0 0 0 0 5 3 GRE GRE JH I IP in gP EL C uium mum IPve 00 00 Linux E 000 ip gre o 0 LI 2 9s earn 00000 80000 CO DU DU D l
69. 000000 UU lI U 000 L1 L1 43 Linux 000 ingress O O O O mn Work Conserving 0000 work conserving O egress non Work Conserving 000 00000000 000 00 0 00 lID L 00000 LT ss Y Y esos sqa 00 LODDO Egress 0000 2 gt gt ngress 000 0000 3 gt 0000 X 7 00001 O O Jamal Hadi Salim O ASCHU I 1 L Ll uumnnpnpnnuguununnnnpanugudggagggututlu Ingress 0 uumuuumunuuunnuunpnpnunpnpimultluttlblutlu 000 000000000 00000000 1000 0000000 Du pfifo_fast 100 Lu egress 0000 0000 O O CPU 0000 0000 0000 0000 uum 0000 0000 UUIUDDUBUDUDUDDUDBDUDUDBDUUDUDUUDUDUDUDS nu 44 unggagguulill 000000000 0000 0000
70. 1 0 pref 10 u32 V nexthdr 0 flowid 1 10 f at tc filter add dev et match u32 00000016 0 UUUUUU match 0 80100 ffffff00 at 16 0000000 17000 00 19 192 168 1 024 DL 00000 00000 200000 0 L3 o L3 o L3 12 1 2 00000 uggugagdgunpruulduniuiuiuluui buqniiulipulullu 132 416 u8 PATTERN MASK at OFFSET nexthdr OFFSET u32 u60 bit J J D PATTERN 0 0 0000000000 O0 00000000000000 uuum 00000 tc filter add dev 1 parent 1 0 prio 10 032 A match u8 64 Oxff at 8 V flowid 1 4 6400 000000 IP L 0 90000 0000 0 TCP J J TL l tc filter add dev pppl4 parent 1 0 prio 10 u32 7 match ip protocol 6 Oxff match u8 0x10 Oxff at nexthdr 13 flowid 1 3 0000000 64000 ACKI match acks the hard way IP protocol 6 IP header length 0x5 32 bit words P Total length 0x34 ACK 12 bytes of TCP options TCP ack set bit 5 offset 33 tc filter add d
71. 1 LH Ll LU L O00000 MTUJDDDDUDD lol avpkt bin bash The Ultimate Setup Your Internet Connection At Set the following values to somewhat less than your actual download and uplink speed In kilobits DOWNLI NKz800 UPLI NK 2220 DEVzppp0 clean existing down and uplink qdiscs hide errors tc qdisc del dev DEV root 2 dev null gt devi nul tc qdisc del dev DEV ingress 2 dev null gt dev nul HHHHERE uplink install root CBQ tc qdisc add dev DEV root handle 1 cbq avpkt 1000 bandwidth 10mbil shape everything at UPLINK speed this prevents huge queues in your 100 DSL modem which destroy latency main class tc class add dev DEV parent 1 classid 1 1 cbq rate UPLI NKJkbi t V allot 1500 prio 5 bounded isolated high prio class 1 10 tc class add dev DEV parent 1 1 classid 1 10 cbq rate UPLI NK kbi t V allot 1600 prio 1 avpkt 1000 bulk and default class 1 20 gets slightly less traffic and a lower priority tc class add dev DEV parent 1 1 classid 1 20 rate 9 SUPLI NK 10 kbit V allot 1600 prio 2 avpkt 1000 both get Stochastic Fairness tc qdisc add dev DEV parent 1 10 handle 10 sfq perturb 10 tc qdisc add dev DEV parent 1 20 handle 20 sfq perturb 10 start filters TOS Mini mim Delay ssh NOT scp in 1 10 tc filter add dev DEV parent 1 0 protocol ip prio 10 u32 A match ip tos 0x10 Oxff flowid 1 10 ICMP ip
72. 13 htb rate 20kbit ceil CEIL kbit prio 2 000000000 NATI LU D BH D EH U E U D UO D O DEO DEO UI classid 1 14 htb rate IOkbit ceil kbit prio 3 00000 0 TOS 0000000000 classid 1 15 htb rate 30kbit CEIL kbit prio 3 105 15 10 2 00000000 1150000 EI D E qdise add devketh0roothandle 1 htb default 155 D D HH U D E LU D DE UO D D DE BE UO D D l 0000000000 0 iptables D D D UU D D OU U D DIU iptables tc filter add dev eth parent 1 0 protocol ip prio 1 handle 1 fw classid 1 10 tc filter add dev eth parent 1 0 protocol ip prio 2 handle 2 fw classid 1 11 tc filter add dev eth parent 1 0 protocol ip prio 3 handle 3 fw classid 1 12 tc filter add dev eth parent 1 0 protocol ip prio 4 handle 4 fw classid 1 13 tc filter add dev eth parent 1 0 protocol ip prio 5 handle 5 fw classid 1 14 tc filter add dev eth parent 1 0 protocol ip prio 6 handle 6 fw classid 1 15 0 Ganlde x
73. 2 divisor 1 tc filter add dev eth parent 1 0 prio 5 u32 match ip src 188 177 166 1 flowid 1 1 tc filter add dev eth parent 1 0 prio 5 u32 match ip src 188 177 166 2 flowid 1 2 0000 why no token bucket filter is there a default pfifo fast fallback somewhere 15 2 90 Alexey iproute III sedere nn nnn d LD uumnpnpnpnuuggpgugiii i But 000000000 0 iprue2 00000 240000000 bin sh x sample script on using the ingress capabilities this script shows how one can rate limit incoming SYNs Useful for TCP SYN attack protection You can use to have more powerful additions to the SYN eg in addition the subnet path to various utilities to reflect yours sbin sbin i TABLES DEV eth TC tc ip sbinliptables IN 2 tag all incoming SYN packets through INDEV as mark value 1 BRE H HH HHHHHHHHEHE EH HH HH HHHRHH HH EH HH HH HH HHRHHHRHEUE E iptables A PREROUTING i INDEV t mangle p tcp syn V j MARK set mark 1 BH HH HHHHHHHHEHE EH HH HH HH HHHHH HH HH HH HH HHHRHHHHREU E E install the ingress qdisc on the ingress interface BH H HH HHHHHHHHEE EH HH HH HH HHHHH HH EH HH HH HH HHHHHHRHEUE E TC qdisc add dev 1 NDEV handle ffff ingress BH HH HHHHH HH EH HH HH HHHRHHH HE HH HE HH HH HHHHHHHHEUE E SYN packets ar
74. 4 1 000 ATMIULDLDLDLULU 0000000 ATM on Linux 0000 Werner Almesberger O D 00 000 WRR Weighted Round Robi 00000 14 8 Lu O Linx2 2000000000000 24250 Internet 10000 000000000 ftp 00000000000 00000 2Mbps O0 0 0 agp gg 5 ip address add 188 177 166 1 dev eth0 ip address add 188 177 166 2 dev eth0 00000 0 00000 tc qdisc add dev eth0 root handle 1 cbq bandwidth 10Mbit cell 8 avpkt 1000 V mpu 64 o0 o rr tc class add dev eth parent 1 0 classid 1 1 cbq bandwidth 10Mbit rate V 2MBit avpkt 1000 prio 5 bounded isolated allot 1514 weight 1 maxburst 21 tc class add dev eth parent 1 0 classid 1 2 bandwidth 10Mbit rate V 5Mbit avpkt 1000 prio 5 bounded isolated allot 1514 weight 1 maxburst 21 00 Why this line what does it do what is a divisor 00 A divisor has something to do with a hash table and the number of buckets ahu tc filter add dev eth parent 1 0 protocol ip prio 5 handle 1 u3
75. 40000000000000000000 4000000 10240000000 Cable IP 0000 1 2 0 00 123255900 2 0000000000000 0000 HUD U 000 102400000000 tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 0 0 classid 1 1 tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 0 1 classid 1 1 tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 3 254 classid 1 3 tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 3 255 classid 1 2 0000000000000 2561 D uaugu uuatguutututatbtLul tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 0 0 classid 1 1 tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 1 0 classid 1 1 tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 2 0 classid 1 3 tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 3 0 classid 1 2 tc filter add dev ethl parent 1 0 protocol ip prio 100 match ip src V 1 2 0 1 classid 1 1 000000000000 4000000 200 70 000000 root 256000000 tc filter add dev ethl parent 1 0 prio 5 protocol ip u32 tc filter add dev ethl parent 1 0 prio 5 handle
76. 5 2002 12 13 22 46 44 OSPF SMUX CLOSE with reason 5 2002 12 13 22 46 54 OSPF SMUX CLOSE with reason 5 2002 12 13 22 47 04 OSPF SMUX CLOSE with reason 5 2002 12 13 22 47 04 OSPF DR Election 1st Backup 192 168 0 1 2002 12 13 22 47 04 OSPF DR Election 1st DR 192 168 0 1 2002 12 13 22 47 04 OSPF DR Election 2nd Backup 0 0 0 0 2002 12 13 22 47 04 OSPF DR Election 2nd DR 192 168 0 1 2002 12 13 22 47 04 OSPF interface 192 168 0 1 join AllDRouters Multicast group 2002 12 13 22 47 06 OSPF DR Election 1st Backup 192 168 0 2 2002 12 13 22 47 06 OSPF DR Election 1st DR 192 168 0 1 2002 12 13 22 47 06 OSPF Packet DD Negotiation done Slave 2002 12 13 22 47 06 OSPF nsm change status scheduling new router LSA origination 2002 12 13 22 47 11 OSPF ospf intra add router Start SMUX CLOSE J I III SNMPHDUDUL H 192 168 0 1 D 7 7 07 0 00 0 192168020 ZEIT 700 00 zebra ospfd telnet localhost zebra telnet localhost ospfd zebra rrr rootgatlantis telnet Trying 127 0 0 1 Connected to atlantis Escape character is localhost zebra ello this is zebra version 0 92a Copyright 1996 2001 Kunihiro Ishiguro Ser Access Verification Password atlantis show ip route Codes K kernel route C connected S static R RIP 0 OSPF B BGP gt
77. 9 3 76 D I L1 BU EH U EH U D U D O D O DE D D U root 041 nc gnome desktop ping c 1 espa043 PING espa 43 austin ibm 9 3 76 43 from 9 3 76 41 56 84 bytes of data 64 bytes from 9 3 76 43 icmp 0 ttl 255 ti mez0 9 ms espa 43 austin ibm com ping statistics 1 packets transmitted 1 packets received 0 packet loss round trip min avg 0 9 0 9 0 9 ms rootQespa041 home src iputils s ip neigh show 3 16 43 dev eth lladdr 00 06 29 21 80 20 nud reachable 3 16 42 dev eth lladdr 00 60 08 3f e9 f19 nud reachable 3 16 1 dev eth 00 06 29 21 73 c8 nud reachable spa041 O O O 0430 espa043 0 L HD DD DO 0 espa043 0 000000 dg DD Dg d B B B BL LD DL OL espao41 000 espa043 0 0000000 ARPII II C L3 L3 o0 o espa043 O ARP root 041 home src iputils ip neigh delete 9 3 76 43 dev eth0 rootQespa041 15 ip neigh show 9 3 76 43 dev eth0 nud failed 9 3 76 42 dev eth0 lladdr 00 60 08 3 9 19 nud reachable 9 3 76 1 dev eth0 lladdr 00 06 29 21 73 8 nud stale 0 041 000 00 043 espa043 00 O espagate 9 3 76 1 00000 O00000 0000000 DUDUDDUUDDUUuDDGUUDUDUUDUDUunUDuuUuDUDUu_uDUDuDUD p 0
78. Euutuuu 5 0 0000000 tc class add dev eth parent 10 1 classid 10 100 bandwidth 10Mbit rate V 100Kbit allot 1514 weight 800Kbit prio 5 maxburst 20 avpkt 250 V bounded OOO 1 HE ET BL BL BL BEBE D C 0 ICMP ETEIBL EL UU U D D tc filter add dev eth parent 10 0 protocol ip prio 100 u32 match ip protocol 1 OxFF flowid 10 100 000 ICMP 000 0000000000 0 ICMP LU 000 UH D D Linux Solaris BSD pfifo fast O00 3H BO CO 60 U L 0 000000000 ipchains HOWTO J 4 bt p 0 000000000 00 8 Rob van Nieuwkerk ipchains TOS mangling O 0 00000000 10 Lu 2 000 1 1 1 1 rrr o aA A 00000 I uti 1 EJ L3 u 00 0 33k6 MODEM 01 00000000800 U n 0 x DO D OL OL OLD 3 1L L1 pz 92 0 0 00000000 0000 000 00 OOOO 0000 iptables A PREROUTING t mangle p tcp sport telnet V j TOS set tos Minimize Delay iptables A PREROUTING t mangle p tcp sport ftp A j TOS set tos Minimize De
79. L Delft O Linux Advanced Routing amp Traffic Control OU laptop CN bert hubert Emailzahugds9a nl certificate type D0 000000000000 peers racoon O laptop public proposal authentication method 00000 000 0 00 0000 10 0 021600000000000000000000000000 path certificate Jusr local etc racoon certs 0 0 remote 10 0 0 11 exchange mode aggressive mai n my identifier asnldn peers identifier asnldn certificate type x509 laptop public laptop private peers certfile upstairs public proposal encryption algorithm 3des hash algorithm shal authentication method rsasig dh group 2 0000 0 upstairs O O O D 0 usr local etcf racoon certs upstairs private upstairs public laptop public 0 0 0 0 0 root O O 06000 O 0 racoon 000000 laptop EH D 0 O usr local etc racoon certs O laptop private laptop public upstairs public 1 L HH 1 HH UU LH HH UH H UO HE D 3l 000000000 SP 0 0 7220000 spdadd O O O O racooni 00 7 2 3 33 00000 OpenSSL
80. Linux HD EL HH B HH D E E E HOWO uli Bert Hubert Netherlabs BV bert hubert etherlabs nl Gregory Maxwell 0000 remco wirtu nl Remco van Mock remcoQvirtu nl Martijn van Oosterhout kleptogQcupi d suni nternet com Paul B Schroeder 1000 paulschQgus ibm com Jasper Spaans 000 jasperQgspaans ds9a nl Pedro 0000 000000000 iproute20 D D D D D D D netfilter D E E Ul 00000 Linux p B BU 7B 7 7 UL UL UE I Linux it really blew me away L I D HH HH D DU Linux O0 UNIX D Linux 00 L3 r3 00 Linux Linux I LU D 0 LELEI HowTo D EL BE BI H 2 15 2003 5 28 PM JohnBull deathumb 95700 net gt 010 00 020 00 2 1 2 2 2 3 LINUX 2 4 2 5 CVS 2 6 2 7 0 30 IPROUTE2 3 1 IPROUTE2 3 2 IPROUTE2 3 3 3 4 34 1 J ip TI I I I 3 4 2 T ip TIT T IP 00 3 4 3 ip
81. Mbit allot 1514 V 8 avpkt 1000 mpu 64 tc class add dev ethl parent 1 0 classid 1 1 cbq bandwidth 10Mbit rate 10Mbit allot 1514 cell 8 weight 1Mbit prio 8 maxburst 20 avpkt 1000 00000 cuU UN Defmap 0 0 TC PRIO 000000000090 TC PRI Num DD TOS BESTEFFORT FILLER 00000 0 8 BULK INTERACTIVE_BULK INTERACTI VE CONTROL TC 00000 000 pfifo 0000 tc class add dev ethl parent 1 1 classid 1 2 cbq bandwidth 10Mbit rate 1Mbit allot 1514 cell 8 weight 100Kbit prio 3 maxburst 20 avpkt 1000 split 1 0 defmap c0 0000 0 10 0 bill pp 0000000000000 tc class add dev ethl parent 1 1 classid 1 3 cbq bandwidth 10Mbit rate allot 1514 cell 8 weight 800Kbit prio 7 maxburst 20 avpkt 1000 split 1 0 defmap 3f 53 OO1lIIIIJIIIIUIUUUIUIUI LU 00 0 00 0000 ug ropnppnpauggpiiututl priority send to 0 1 00000 change Lu 0000 1200 tc class change effort HH H B B D tc class change dev ethl classid 1 2 cbq defmap 01 01 000 000 000 best 10 priority send to 1 2 c cen gt 3 3 1 3 1 3 1 3 2 2 00 00000 te class 00000000 0 5 5 HTB H
82. O Halabi Bassam Internet O Cisco New Riders 0 LH E UL L 0 1997 000 Cisco 06000 00000 ET D EI 00000000000 Cisco J IJJ 17 1 Zebra 0SPF uguaguuuagaguuusuuuuuutulbs ultl Kunihiro Ishiguro Toshiaki Takada Yasuhiro Ohara 0000000 OoSPFIIUT UL OU LU D U U HuggdgdgaguglitttuesPFr 0 0 O Open Shortest Path First 0000000000000 00 00007575750 00000 112 000 umm gRPIDIDIDDUBDULLLLL Lu C C3 p 20000 o o H pa o 9 oo H oa y o o o LL LL L1 L1 L L1 0 00 0 0 0 0 0 0 GPL 000000000 Zebra GPL III U l 17 1 1 0000 CONFIG_NETLINK_DEV CONFIG_IP_MULTICAST DU uuu iproute Zebra http www zebra org L 0000000000000000 17 1 2 HI Zebra Backbone Ethernet Area 0 100BaseTX Switched 113 ethl ethl et ho 100BaseTX 100 100BaseTX 100BaseTX 1 2 253 R Omega R Atlantis Rlegolas R Frodo j p p
83. SK 0xFC i SHIFT22 Valuel 10111000 amp 11111100 10111000 Key 10111000 gt gt 2 00101110 gt 0x2E hexadeci mal uuaggaguaguaguabdualbu d audmg2z 080 H B HH H BO 000 ugugaguaHudimuutiuuluu iiu utuuiutltuiuouiuitutul 2 50000 index fal through O L uuagxeynuuuuuaumumuagagasumuausuuagagHuaggHauHaldil 00000000 0000 00 fal through L 0 skb tc index J 00000000000 careful if you use fall through flag this can be done if a simple relation exists between values of skb tc index variable and class id s hash pasop I III L 86 UUDDUDUDDUUDDGUuUDDUUDDUUUDUDUUDUUUDDUUUDUDU uDJuuDnU is fall through O 0 OOU TCINDEXI E D B BE BE U C CE DE DE D Hash 1 0x10000 Implementation dependent Ma s 0 Oxf fff Oxffff Shift 15 0 Fall through Pass on Flag Fall through Classi Maj or mi nor None L3 g L3 g L3 r3 L3 r3 L3 g L3 r3 L3 r3 L3 g L3 L3 g L3 g L3 g L3 g p p p o r3 o r3 o r3 o r3 L3 r3 o r3 L3 r3 o r3 r3 r3 0 0 t ev eth 0 0 tc qdisc add 0 ugugammguupuuuuuiuiutuuubrututubitutlutuuu ce ingress 14 5 RED Random Early Detection 000000 000
84. Stephan Mueller lt smueller chronox de gt Togan Muftuoglu lt toganm amp percnt yahoo com gt Chris Murray lt cmurray stargate ca gt Patrick Nagelschmidt lt dto amp percnt gmx net gt Ram lt ram princess1 net gt 121 122 Jorge Novo lt jnovo educanet net gt Patrik lt ph kurd nu gt P Osgy ny lt oplab weste1900 net gt Lutz Prefler lt Lutz Pressler amp percnt SerNet DE gt Jason Pyeron lt Jason amp percnt pyeron com gt Rusty Russell lt rusty amp percnt rustcorp com au gt Mihai RUSU lt dizzy amp percnt roedu net gt Jamal Hadi Salim lt hadi amp percnt cyberus ca gt Ren Serral lt rserral ac upc es gt David Sauer lt davids amp percnt penguin cz gt Sheharyar Suleman Shaikh lt sss23 drexel edu gt Stewart Shields lt MourningBlade amp percnt bigfoot com gt Nick Silberstein nhsilber amp percnt yahoo com Konrads Smelkov konrads G interbaltika com William Stearns wstearnsQpobox com Andreas Steinmetz ast amp percnt domdv de Jason Tackaberry tack linux com gt Charles Tassell ctassell amp percnt isn net Glen Turner glen turner amp percnt aarnet edu au Tea Sponsor Eric Veldhuyzen eric amp percnt terra nu Song Wang amp wsong Gece uci edu Chris Wilson chri sQnetservers co uk Lazar Yanackiev Lyanacki ev gmx net gt Pedro Larroy pi otr omega resa 65 gt o O 150 0 0 100 Example of a full nat solution with QoS o 17000 1000 Zebra
85. bles 0000000000000000 00000 108 Lu oa g Linux 2 4 2 5 D H E B IU TL E LU traceroute iptables LI U Linux 2 4 2000 0 0 iptables 0000000 0 TO mangle 00000 Linux 2545Dn 00000000000 DU etho ethi OUUU iptables ebtables OO O0 0 MACNAT brouting 1554 uummnmnpnpnpnbpauguu 1043 109 0 10 Ooo uggggaggpnpnapgagdguuu uumnpnpnnuuuunnpnnauuumnmnpnpbpBau UUDDUDUUUDD eruft O 5 L3 r3 ARP ARP 10 31 ARP 10 0 0 1 0000000 0O 00070 00000000000 00 0000000000000 cache 00000000 cache 0 00000000 0 000 Linux 24 2 50 000 22 0 000000000000 pree D E E J poxy ap 0000 10 1 00000000000 2 HUU L 3 0000000 ARP J J echo 1 gt Jproc sys net ipv4 conf ethL pro
86. d dev eth parent 1 1 classid 1 12 htb rate 20kbit ceil CEIL kbit prio 2 tc class add dev eth parent 1 1 classid 1 13 htb rate 20kbit ceil CEIL kbit prio 2 tc class add dev eth parent 1 1 classid 1 14 htb rate 10kbit ceil CEIL kbit prio 3 tc class add dev eth parent 1 1 classid 1 15 htb rate 30kbit ceil CEIL kbit prio 3 tc qdisc add dev ethO parent 1 12 handle 120 sfq perturb 10 tc qdisc add dev ethO parent 1 13 handle 130 sfq perturb 10 tc qdisc add dev ethO parent 1 14 handle 140 sfq perturb 10 tc qdisc add dev ethO parent 1 15 handle 150 sfq perturb 10 deseen root 1 Tee eene ertet iren class 1 1 Bebo hee k otee o Reed deed deed 1 10 1 11 1 12 1 13 1 14 1 15 Bebo hee presep putia oed Reed classid 1 10 htb rate 80kbit ceil 80kbit prio 0 uagu ugudutgdut utuuriuituulutulutlttutlutlututL uaggagmgagauauuduuduttuttultttetutlutututLl 000000000 ssA telnet dns quake3 irc SYN 7 7 classid 1 11 htb rate 80kbit ceil kbit prio 1 uagguauudgdtuttuttutluteitliuiutlutLutleuutututL 000 00 800000 U 80 LI classid 1 12 htb rate 20kbit CEIL kbit prio 2 00000000 mos ututblutblutlutlutlZf f fLulL Internet UUUUUDUDUDUDUDUDDDUDUUDUUDUDUUDUDUDUDUDUDUDUuUuuuuus classid 1
87. e 40 bytes 320 bits so three SYNs equals 960 bits approximately lkbit so we rate limit below the incoming SYNs to 3 sec not very useful really but serves to show the point JHS filter add dev INDEV parent ffff protocol ip prio 50 handle 1 fw police rate 1kbit burst 40 mtu 9k drop flowid 1 echo qdisc parameters Ingress I TC qdisc 15 dev INDEV echo Class parameters Ingress TC class 15 dev INDEV echo filter parameters Ingress filter 15 dev 1 NDEV parent ffff deleting the ingress qdisc 70 qdisc del lINDEV ingress JUD 0005 00 cw mn 91 0000000 000000 000000 00000000 Lr o Lr Lr Lr 0000000 nternet HL U U LU UumuuagspiuuuuuituiuiuuultlutLt Internet B3pg 130 0 gt Linux 000 000 5 ethl eth0 tc qdisc add dev eth root handle 10 cbq bandwidth 10Mbit avpkt 1000 tc class add dev eth parent 10 0 classid 10 1 bandwidth 10Mbit rate V 10Mbit allot 1514 prio 5 maxburst 20 avpkt 1000 000 100Mbps J D 00000 CTI 0000 tepdump O E D 0000 000 uuuBimiuggbuuub
88. e ARP address is still resolved Internet QoS Architectures and Mechanisms for Quality of Service Zheng Wang ISBN 1 55860 608 4 uumnpnpnpnauugggg 000000 13 2 4 0000 proc sys net ipv4 route error burst warning eror cost 000000000 00 error 500000 proc sys net ipv4 route error_cost warning eror cost error burst 500000 proc sys net ipv4 route flush uuuimimgagaouuubtutub l proc sys net ipv4 route gc elasticity uumnpnpuuuuumumnnnbnnuuugpgauguii dull ugnnnpnnuuggpgaugiutii 0 Linux O O Ard van LU 111 proc sys net ipv4 route gc interval O proc sys net ipv4 route gc elasticity 80 proc sys net ipv4 route gc_min_interval O proc sys net ipv4 route gc elasticity proc sys net ipv4 route ec_thresh 0 proc sys net ipv4 route gc elasticity proc sys net ipv4 route gc timeout O proc sys net ipv4 route gc elasticity proc sys net ipv4 route max delay UU gauub ut proc sys net ipv4 route max size proc sys net ipv4 route min_adv_mss O
89. e8 2a 47 16 brd ff ff ff ff ff ff 4 ethl BROADCAST MULTI CAST PROMI SC UP mtu 1500 qdisc pfifo fast glen 100 ink ether 00 e0 4c 39 24 78 brd ff ff ff ff ff ff 3164 0 POINTOPOI NT MULTI CAST NOARP UP mtu 1492 qdisc pfifo fast 10 ppp ugagagaguuiututuulmumubtuiultu NATI ULDUULDULDULDLULU uaggaguuguutut uliagiiutututiulmitubitullutltttul uauu uuululllblllu 0000000 loopback While your computer may function somewhat without one I d advise against it MTU Q D UU 3924 100000 UUDDUDUDUDUDDUDUUD loopback 1 U EH U DH U DO UO UU DEO DIO DD 00 UUDDUUDUDDUUDDUUDDD cable modem HH H1 H1 U LH U D O D D LI U UUDDUUDDUGuUDDUUUDD ppp 000 00000000000 P 000 00 0 0000000000 UUDDUUDDUUUuDUDUUUDUDUUuDUDU uDUUU MAC l D Hii ph PEE ahughome ahu ip address show 1 lo LOOPBACK UP mtu 3924 qdisc noqueue link loopback 00 00 00 00 00 00 brd 00 00 00 00 00 00 inet 127 0 0 1 8 brd 127 255 255 255 scope host lo 2 dummy BROADCAST NOARP mtu 1500 qdisc noop ink ether 00 00 00 00 00 00 brd ff ff ff ff ff ff 3 eth0 BROADCAST MULTI CAST PROMI SC UP mtu 1400 qdisc pfifo fast qlen 100 inklether 48 54 e8 2a 47 16 brd ff ff ff ff ff ff et 10 0 0 1 8 brd 10 255 255 255 scope global
90. ertificate request A challenge password An optional company name 900000000000 openss x509 req in request pem signkey laptop private out V laptop public Signature ok subj ect C NL L Delft 0 Linux Advanced Routing amp Traffic V Control 00 1 CNsbert hubert Email zahuQds9a nl Getting Private key 0 request pem B B B B LI L1 UI LI UU U public 0000000000 private 00000 7 2 3 2 00000 UUDDUUDDUUuDDGuUDDUUuDUUDUu3 lDil 0 LU LU UU LU 00000000000000000 010 0 1 upstairs 10 0 0 216 1aptop 10 0 0 11 racoon conf L E 30 path certificate Jusr local etc racoon certs remote 10 0 0 216 exchange mode aggressive mai n my identifier asnldn peers identifier asnldn certificate type x509 upstairs public upstairs private peers certf proposal encryption algorithm 3des hash algorithm shal authentication method rsasig dh group 2 e laptop public O racoon 00000 usr localetc racoon certs 000000000 10 0 0 216 00 0 E E D D asnidn 000 racoon 1 H D D HU HH B B B C U HE HE B B Du DI O0 O0 subject C NL
91. etworking HOWTO Net 3 HOWTO Internet 0000600 usr doc HHOWTO NET3 4 HOWTO txt O00 0000000 Li nux 00000 00000 uuum 0 Internet E H B LU D D D D uumnnpnnunuguggpipuiuuii UL Ld L3 C3 c3 r L3 C3 C3 r3 L3 C3 C3 r L3 C3 C3 r L3 r3 r3 r3 L3 r3 L3 r3 r r L3 r3 r3 r3 L3 r4 o C3 L3 g C3 L3 g C3 L3 g C3 L3 g C3 L3 g C3 L3 g C3 g C3 L3 g C3 L3 g C3 L3 g C3 p4 p4 ogo no p L3 L3 g r3 3 02 L3 C3 L3 C3 p3 C3 05 3 C3 p3 C3 05 L3 C3 p3 F3 05 3 C3 F3 C3 05 3 C3 C3 F3 05 3 C3 C3 F3 05 L i 3 E EE L3 C3 C3 r3 05 3 C3 C3 F3 05 000000000 00000000 0000000000000 00 000000 0000 HOWTOI I will take some liberties along the road For example I postulate a IOMbit Internet connection while I know full well that those are not very common 2 5 00 9500000 0 HOWTO HL B B UE III L 5
92. ev 14 parent 1 0 protocol ip prio 10 u32 V tch ip protocol 6 Oxff V tch u8 0x05 040 at 07 match ul6 0x0000 OxffcO at 2 V ch W u8 0x10 Oxff at 33 V id 1 3 000000000 000 40 0000 50 bit 0x10 3200 00000 er add dev pppl4 parent 1 0 protocol ip prio 10 u32 V match ip protocol 6 Oxff V match u8 0x10 Oxff at 13 V match ul6 0x0000 OxffcO at 2 V flowid 1 3 12 1 3 uumnmnpnpnppaudg uumnpnpnpnuggagauulll l table placeholder the table is in separate file selector html 00000 00000 it s also still in Polish must be sgml ized 00000 tc filter add dev parent 1 0 prio 10 032 7 match ip tos 0x10 Oxff V flowid 1 4 tcp dport match does not work as described below 00000 0000 oxorrttrmosrmr r u L LI 000 932 0000 0 o0 n s o0 n 0 0 udp 00 dport 53 I D D D UDP ct Lr o 5 o 5 o 5 o 5 o 5 o 35 o 5 o o 5 00 tc filter add dev ppp parent 1 0 prio 10 u32 7 ma
93. ev ethO protocol ip parent 1 0 prio 1 u32 U32 match ip dport 80 Oxffff flowid 1 10 U32 match ip sport 25 Oxffff flowid 1 20 000000 10 10 0 20 0 0000000000000000 5 309 000000000 00000000 HU Uit HU uiu 1 17 Pu I I 10 LL 12 uaggagaguuuiutuuuttututututtutululiiiuilullutltbtul UUDJDUUD1IIDDDUDUDDuDUDUDUBUUD 12000 1200000000 10 12 20 00000000000000 11000 0 E having more specific tests lower in the chain 1 00 D E 00 55 000000000 10 000 3000000000 lU amlmunmnmauuiuimiituuituiuttuttuttubtLtu tc filter add dev ethO protocol ip parent 10 prio 1 u32 V match ip dport 22 Oxffff flowid 10 1 tc filter add dev eth protocol ip parent 10 prio 1 u32 V match ip sport 80 Oxffff flowid 10 1 tc filter add dev eth protocol ip parent 10 prio 2 flowid 10 2 U DB EID HI 7 D D l eho Lj 0100000 20000 00000 2200 000
94. g on put ACK packets in the interactive class 102 tc filter add dev DEV parent 1 protocol ip prio 10 u32 V match ip protocol 6 Oxff V match u8 0x05 0 0 at 07 match ul6 0x0000 OxffcO at 27 match u8 0x10 Oxff at 33 V flowid 1 10 rest is non interactive ie bulk and ends up in 1 20 downlink slow downloads down to somewhat less than the real speed to prevent queuing at our ISP Tune to see how high you can set it ISPs tend to have huge queues to make sure big downloads are fast attach ingress policer tc qdisc add dev DEV handle ffff ingress filter everything to it 0 0 0 0 0 drop everything that s coming in too fast tc filter add dev DEV parent ffff protocol ip prio 50 u32 match ip src V 0 0 0 0 0 police rate DOWNLINKYkbit burst 10k drop flowid 1 0000000000 0 000 15 9 D HD DL U DL U D 7T D uugammugpuuuuguulubutuubiEutututuu UUUUUDUDUUUUUDUUuUuu tc qdisc add dev DEV root handle 1 cbq avpkt 1000 bandwidth 10mbit tc class add dev DEV parent 1 classid 1 1 cbq rate 512kbi t V allot 1500 prio 5 bounded isolated tc filter add dev DEV parent 1 protocol ip prio 16 u32 A match ip dst 195 96 96 97 flowid 1 1 uL 00 0 0
95. ierarchical Token Bucket Martin Devera devik O O O O CB Hierarchical uumnnpuuuuumnnnpnnuuguggnpnpnpnaugagsgpgiututulu HTB I 0000000000000000000000000000 3 0000 0000 000 G 4 20 pre1 25 31 D D DD B UI L 0000 eL DL D L D HTB3 HTBI 9 55 1 0000 cBor DIU U U tc qdisc add dev eth root handle 1 htb default 30 tc class add dev eth parent 1 classid 1 1 htb rate 6mbit burst 15k tc class add dev eth0 parent classid 1 rate 5mbit burst 15k 1 1 1 10 ht tc class add dev eth parent 1 1 classid 1 20 htb rate 3mbit ceil 6mbit burst 15k tc class add dev eth parent 1 1 classid 1 30 htb rate Ikbit ceil 6mbit burst 15k 2000000000 5 tc qdisc add dev eth parent 1 10 handle 10 sfq perturb 10 tc qdisc add dev eth0 parent 1 20 handle 20 sfq perturb 10 tc qdisc add dev eth parent 1 30 handle 30 sfq perturb 10 uuuimipagouuubttutub Lt U32z tc filter add d
96. ink src 10 0 0 1 127 0 0 0 8 dev lo scope link default via 10 0 0 3 dev eth0 95 make sure silom belongs to one of the above lines in this case it s the line with 10 0 0 0 24 15 5 1 NTERNET donmuang IN IN V silom destination port 80 traffic gt cache V M 405411 RAS etc Here is run down for packet traversing the network from kaosarn to and from the Internet For web http traffic aosarn http request naret silom donmuang i nter net ttp replies from Internet donmuang silom kaosarn For non web http requests eg telnet aosarn outgoing data naret donmuang i nternet incoming data from Internet donmuang kaosarn 15 6 O 0000 1 1 0000000 7000 0000000000000 4000000 00000 4600000000000 000000 00 00000 0 1
97. it weight 0 3Mbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 2 weight 0000 bounded LLL HILL DB BED 11000 11000 bounded 6 00000 tc qdisc add dev eth parent 1 3 handle 30 sfq tc qdisc add dev eth parent 1 4 handle 40 sfq 000000000 0 SFQU I LU UUUUDUUUDUUUUUun tc filter add dev ethO parent 1 0 protocol ip prio 1 u32 match ip V sport 80 Oxffff flowid 1 3 tc filter add dev ethO parent 1 0 protocol ip prio 1 u32 match ip V sport 25 Oxffff flowid 1 4 000000000 teclasadd te qdisc add 000000 00000000000 SMTP web 6 6 52 WEBII JII 580 0 0 0 SMTP J 3 8 0000 0000000000000000 000006060 5 8 6Mbps z3 75Mbps O 0 9 5 4 5 CBQ defmap LU D DU U DI DI D defmap 0 defmap split LI L BD D D D lI L3 Lr pr disc add dev ethl root handle 1 cbq bandwidth 10
98. lay iptables A PREROUTING t mangle p tcp sport ftp data j TOS set tos Maximize Throughput 00000000 telnevftp D D UO D D D E UO D HE UO UO 00660 0 BO 7E 7I U teleq ssh D D D U B D UO HI U D LI L 000 5 netter 1 U D D U D HU D D U iptables A OUTPUT t mangle p tcp dport telnet V j TOS set tos Mini mi ze Del ay iptables A OUTPUT t mangle p tcp dport ftp V j TOS set tos Mini ze Del ay iptables A OUTPUT t mangle p tcp dport ftp data V j TOS set tos Maxi mi ze Throughput 15 5 D D netfilter iproute2 squid WEB Ram 0 0 Internet O D D DD U UU DU Linux LI B L B H UH UL D D D HU U U UI 7I UI U 0000 ED DH D D D squid 0 3 400 80000 00 0 00 40000 4 000 0 0 000000 Linux O cache 00000 eache I 00000 93 U Dubium 0 squid 0000 00000 000000000 00 Linux NetFilter 00 NetFilter 0000000
99. m UL Dos uuu uiuDLtutu UID U l LI This limit exists only to prevent simple DoS attacks you _must_ not rely on this or lower the limit artificially but rather increase it probably after increasing installed memory if network conditions require more than default value and tune network services to linger and kill such states more aggressively ED D J UJU 64 proc sys net ipv4 tcp orphan retries 000000 0 RTOH D BD B BL BL BLEU LU UE DE D uuguggamnBmnuguggbull tcp max orphans proc sys net ipv4 tcp max syn backlog UUUUDUUDUUDUUDUDUDUDUUUuuuuUn UUUUDUDUDDUDDD 10240 UUUDUUUUUUUDU unuuuU include net tcp h TC P SYNQ HSIZE 16 max syn backlo 0 128 000000000 PS T C L L3 L L1 mm L proc sys net ipv4 tcp_max_tw_buckets 000000 D D O0 D D B BLBLEE ELO UI D l time wait III IU l proc sys net ipv4 tcp_retrans_collapse TCP J BUGU
100. n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use D giu 0 0 0 0 255 255 255 255 UH 0 0 0 ppp 10 0 0 0 0 0 0 0 255 0 0 0 U 0 0 0 eth0 127 0 0 0 0 0 0 0 255 0 0 0 U 0 0 0 lo 0 0 0 0 212 64 94 1 0 0 0 0 UG 0 0 0 ppp 3 5 ARP ARP 0 RFC826 0000 000000 ugpBuaugmumuiubputuumtuuauuugtutuatututututututLu 0000000000 foo com LU barnet L HL D HL D UD D E ELO IPELEL ELO D D OL UO D DE OE UE 7 D EE 7T U lU ugugammguupuuiugumuuituuboutuuattuueBiuttLlu 000000 ub fer 00 10 00 11 0 00 bar IP 0 O O 10 0 0 2 00 D foo ping O0 bar 1 ELO D DEL OU DE I U fee D D D bar D IPD EI lJ 00000 bar 000 D DD D fool ping bar DL D JII ARP C ARP E I UI 000 Barcto 0 0 2 0 D 00 fe HD 00000 0 bar 10 0 0 2 Bar 000 foot 0O00 Foo 10 0 0 0 Mac 00 00 60 94 E9 08 12 0 D D D D D 0000 000 0 0 0 0 0 00000 00000 Foo III ARPDIDI LUUD UU U Unix 00000 15000000 ARPO DODO lI y home src iputils ip neigh show 9 3 76 42 dev ethO 00 60 08 37 9 19 nud reachable 9 3 76 1 dev eth 00 06 29 21 73 c8 nud reachable 0000000000 espa041 9 3 76 41 0 JJ espa042 9 3 76 42 espagate
101. out ipsec esp transport require V ah transport require LU 000000000000 UI 10 0 0 11 0 000 SA L3 L3 L3 r3 Lr L3 r3 Lr 0000 10 0 0 216 10 0 0 11 odoo umm 11 ah 24500 A hmac md5 1234567890123456 11 esp 24501 E 3des chc 123456789012123456789012 spdadd 10 0 0 216 10 0 0 11 any P out ipsec esp transport require ahltransport require O 16 0 0 11 SA TH D BH SPU 1 f add 10 0 0 216 10 0 0 11 ah 24500 A hmac md5 1234561890123456 add 10 0 0 216 10 0 0 11 esp 24501 E 3des chc 123456789012123456789012 0000 sbin D D 0 setkey D 00000000000 O ping 10 0 0 11 0 0 D tepdumpl 00000000 216 gt 10 0 0 11 AH spi 0 00005 04 0 ESP spi z0x00005fb5 seqz0xa DF 11 gt 10 0 0 216 icmp echo reply Du 10 0 0 21 22 31 52 10 0 0 22 31 52 10 0 0 0 0 60 00 000 0 0 0 0 000000000000 0000 00 10 00 11 O O AH ESPO SPI ULU U 1000216 JUD UL 10 0 0 110 000 10 010 0000 B B 00000 00 100 0110 E EI D 0O 100 0216 00000000000 10 00 11 00000000000 10 0 01 0 00000 0000 00 5 gt 0000 sbin
102. rio 1 bands 3 priomp 1222120011111111 Sent 389140 bytes 326 pkts dropped 0 overlimits 0 acprmDuutuiutirutututuluttubtLu UUUDUUDUUUDUUUUUUUUUUUDUUDUDUUUUDUUUDUUU tc s qdisc 15 dev eth qdisc sfq 30 quantum 1514b Sent 384228 bytes 274 pkts dropped 0 overlimits 0 qdisc tbf 20 rate 20Kbit burst 15996 lat 667 6ms Sent 2640 bytes 20 pkts dropped 0 overlimits 0 qdisc sfq 10 quantum 1514b Sent 14926 bytes 193 pkts dropped 0 overlimits 0 qdisc prio 1 bands 3 priomp 1222120011111111 Sent 401836 bytes 488 pkts dropped 0 overlimits 0 000 0 000000000 10 000 9 5 4 CBOTT ET ET E UUUDUCBOIUDUUDUUUDUUUUDUUDUUDUDUDUDUUDUUDUUUDUul Linux DD ngon L 48 ooo r3 ooo L3 r3 pj o 02 oH g L3 a E C3 o 6 xs C3 5 05 5 C3 5 C3 r3 a 5 C3 5 o o 05 5 C3 m Eds C3 5 C3 E gt ra S ea LJ mg o0 5 5 o0 o0 E p 0 L3 mr r3 r3 o o 5 H o H 22 5 C3 3 ooo ooo ooo 0000000000 0 PPTP 000000000 00000000
103. root teql0 tc qdisc add dev eth2 root teql0 iplink set dev tegl 0 up 000 iplink setup 1 000000000 0 ethl e20 D D D U U D LU U 1000000000000 0 eth2 0310000 tego ED U ADD LU ip addr add dev ethl 10 0 0 0 31 ip addr add dev eth2 10 0 0 2 31 ip addr add dev tegl 0 10 0 0 4 31 U BIDUO D D ip addr add dev ethl 10 0 0 1 31 ip addr add dev eth2 10 0 0 3 31 ip addr add dev tegl 0 10 0 0 5 3 2 000000000000 ping D 1000 1 10 0 0 3 10 050 BI 0 0 00 0 0 10 0 0 00 10 0 0 2 10 0 0 4 0 10005000000 20000800000 uj 10 0 0 40 D 0000 1000 EB DO 10 000000 000 20 Internet 10 0 0 5 1 0 60 UUDDUDUDDUUDDGuDUDUDUUDDUAIDUDUDUDBDUUDDUDHUD eth2 ugg ggagga ugamggamagaaudaduldeattuldurt u echo 0 gt proc sysinet ipyv4 conf ethl rp filter echo 0 gt proc sysinet ipyv4 conf eth2 rp filter 0 0 0 60000000 Bett U 03050000 2 000 20 406000000000 000000 0000 10203040 5060000000 BIDDUDUDDUuDDUuuDu 2l 140 30 605 00000000000000000 TCPIP j D L D LU U UUDDUUDDUu uutsppiuulutulbututlttuttututL Linuxi
104. s hed ISAKMP 5A spi 044d25dede78a4d1 ff01e5b4804f 0680 i initiate new phase 2 Tecvupdate 1 5 established port 10 0 0 11 gt 10 0 0 216 spi 244556347 0x2a7e03b IPsec SA established t 10 0 0 216 gt 10 0 0 11 spi 215863890 0xf 21052 00000000 setkey 200 sABBDUBDUDUDUULLU 10 0 0 216 10 0 0 11 esp modest E 3des chc A hmac sha seq created current diff 31 5 hard 600 5 50 last hard O s soft O s curren hard O byt soft O byt 28 ransport spi z224162611 0x0d5c7333 regi dz0 0x00000000 5d421clb d33b2a9f 4e9055e3 857db9fc 211d9c95 04 1 ft 400 5 Nov 11 12 29 12 2002 es es t 304 bytes 5537066 13650869 bd736ae2 08022133 27172299 0 00000000 replayz4 flagsz0x00000000 statezmature ov 11 12 28 45 2002 0v 11 12 29 16 2002 allocated 3 hard 0 soft 0 sadb 1 pidz17112 refcnt z0 10 0 0 11 10 0 0 216 esp modestransport spi 165123736 0 09079698 regi dz0 0x00000000 E 3des cbc d7af8466 acd4f14c 872c5443 ec45a719 dib3f del 8d239d6a A hmac shal 41 388 4568ac49 19e4e024 628e240c 141ffe2f 1 0 00000000 replayz4 flagsz0x00000000 statezmature created Nov 11 12 28 45 2002 current Nov 11 12 29 16 2002 0 0 5 t 231 bytes d O bytes 0 bytes ted 2 0 Gy gt c t c c 0 sadb_seq 0 pid 17112 refcnt 0 000 5 10 0 0 11 10 0 0 216 any tcp in ip
105. sec esp transport require created Nov 11 12 28 28 2002 lastused Nov 11 12 29 12 2002 lifetime 0 s validti 0 5 Spi dz3616 seqz5 pi dz17134 refcnt 3 10 0 0 216 any 10 0 0 11 any tcp out ipsec esp transport require created Nov 11 12 28 28 2002 lastused Nov 11 12 28 44 2002 lifetime 0 s validti 0 5 50 dz3609 segz4 pi dz17134 C T 7 221 H1 E E E E HE UDDDDDDDDDDDDDDDDDDDD 0000000 root 0 0 000000000 cong 000 0000000000000000 C0000000 00 000 0 0 00000000000 D 00 racoon conf D DD log debug 000 lU openssl 00000 7 2 3 1 000000000 X509n n 851 00000 00000000 laptop O00 0000 n openss req new nodes newkey rsa 1024 shal keyform PEM keyout V laptop private outform out request Country Name 2 letter code AU NL State or Province Name full name Some State Locality Name eg city Delft Organization Name eg company Internet Widgits Pty Ltd Linux Advanced Rou Org C E U CAU U D nake Oil v LI ting amp Traffic Contro rganizational Unit Name eg section laptop mmon Name eg YOUR name bert hubert 0 mail Address ahuQds9a nl Please enter the following extra attributes to be sent with your c
106. setkey f spdadd 10 0 0 216 10 0 0 11 any P IN ipsec esp transport require ahltransport require 00000 10010 000 10 002160 0 D H D DH H D EL ESP EH D uumnpnpnnuuguggpgpugugugugugupgpgggggmsmmpnBaBagu 10 00216 000000000 24 11501 f flush spdfl ush AH add 10 0 0 11 10 0 0 216 ah 15700 A hmac md5 1234567890123456 add 10 0 0 216 10 0 0 11 ah 24500 A hmac md5 1234567890123456 ESP add 10 0 0 11 10 0 0 216 esp 15701 E 3des cbc 123456789012123456789012 add 10 0 0 216 10 0 0 11 esp 24501 E 3des cbc 123456789012123456789012 spdadd 10 0 0 es ah spdadd 10 0 0 es ah 10 0 0 11 216 10 0 0 11 any P out ipsec p transport require transport require 11 10 0 0 216 any P in ipsec p transport require transport require 1 f flush spdflush AH add 10 0 0 11 10 0 0 216 ah 15700 A hmac md5 1234567890123456 add 10 0 0 216 10 0 0 11 ah 24500 A hmac md5 1234567890123456 ESP add 10 0 0 11 10 0 0 216 esp 15701 E 3des cbc 123456789012123456789012 add 10 0 0 216 10 0 0 11 esp 24501 E 3des cbc 123456789012123456789012 spdadd 10 0 0 es ah spdadd 10 0 0 es ah 11 10 0 0 216 any P out ipsec p transport require transport require 216 10 0 0 11 any P in ipsec p transport require transport require
107. tch tcp dport 53 Oxffff V match ip protocol 0 6 Oxff V 1 2 0 ilter add dev ethl parent 1 0 protocol ip prio 100 route 1 0 D D LU U UU 1000 000000 UU D D D EI 7T U UD UBL 00000 LU D UL 0000 realm D 00000 ip route add Host Network via Gateway dev Device realm Real mNumber uUuHHBHHBBEEEHWLEHLEIE 192 168 10 0 O O realm 100 ip route add 192 168 10 0 24 via 192 168 10 1 dev ethl realm 10 UUDUUUUul 00000 realm D DU D D D U D DI U UU gagauutuuu 000 tc filter add dev ethl parent 1 0 protocol ip prio 100 V route to 10 classid 1 10 00000 000000000 00000 000000 1000 00000 00000 oa 5 oa o 000 Lu 00000000 192 168 10 00 00000 0 0 0 0 1 100 0000000 00000 0000 0 00 0 00 0 Linux O 000 eth2 route add 192 168 2 0 24 dev eth2 real m2 tip tc filter add dev ethl parent 1 0 protocol ip prio 100 V route from 2 classid 1 2 000 Estimators Ul LU LI UUDDUUuDDU uuDnuu CPU 5000000000000 000 0 0 Lr Lr Lr Lr TBE LI HL D D DOO DO D DL TBF l 12 311 avate D 0000
108. tutl ugmnnpnnpnauagadgggggu uiti U L UUUUDUDUUUDUUUDUUUDUUUu vrrpd i eth v 50 10 0 0 22 000000 100022 000000000000 00000 vep l 0 10 0 0 220 00000 MAC J UUUUUDUDUDUUIDDDUDUDU1uUDUUIDDUUDUDLIU 00000000 00000 000000000 64 bytes from 10 0 0 22 icmp 3 111 255 time 0 2 ms 64 bytes from 10 0 0 22 icmp_seq 4 tt 255 time 0 2 ms 64 bytes from 10 0 0 22 icmp seqz5 111 255 ti mez16 8 ms 64 bytes from 10 0 0 22 icmp ttl 255 ti mez1 8 ms 64 bytes from 10 0 0 22 icmp 7 255 ti mez1 7 ms 00 ping III 470 UO D DE ELO D HI D U 000 2000 0 uuu 48600 D DH OU 00600 00000 118 http snafu freedom ore linux2 2 iproute notes html http www davin ottawa on ca ols Linux ID DD DD B 0 http defiant coinet com iproute2 1p cref Alexey LaTeX 0 HTML iproute2 0000 0 http wwvw aciri org floyd cbq html Sally Hoya 000 0 0000 Differentiated Services Linux Jamal Hadi Salim L L O Werner Almesberger Jamal Hadi Salim Alexey Kuznetsov OOU 00000 Linux O 0 TBF GRED DSMARK O O 0 0 tcindex 0000 DiffServ O D http ceti pl kravietz cbq NET4 tc html 000 HowTO HD U III U 00000000
109. v ethO handle 1 0 root dsmark indices 64 set tc index tc filter add dev ethO parent 1 0 protocol ip prio 1 tcindex mask Oxfc shift 2 tc qdisc add dev eth parent 1 0 handle 2 0 cbq bandwidth 10Mbit cell 8 avpkt 1000 64 EF traffic class tc class add dev eth parent 2 0 classid 2 1 bandwidth 10Mbit rate 1500Kbit avpkt 1000 prio 1 bounded isolated allot 1514 weight 1 maxburst 10 Packet fifo qdisc for EF traffic tc qdisc add dev ethO parent 2 1 pfifo limit 5 tc filter add dev eth parent 2 0 protocol ip prio 1 handle 0x2e tcindex classid 2 1 pass on 0000000000000 2 0000 EFCBQ O DL TL D DB D D D OU e REC2598D 0000 U DSCPIJI 10131000 000 DSHO D D 101110000 0 5 000 0000 16000 0xb8l TC INDEX FILTER eld EE BO ee oo eee F dee FILTER e MASK gt gt HANDLE gt gt t e Bode gt SHIFT gt 2 dee e 2 0 4e Boo dee de 33939 AA a DSMARK 1 0 deme mee he he He HH 333339339 00000 0 1 0 dsmark 0000 DS D E UO EH HE D D LI skb gt tc_index 1 DU D U D LI U Valuel skb tc index amp MASK Key Valuel gt gt SHIFT 00000 MA
110. xy echo 1 gt Jproc sys net ipv4 conf ethR proxy L RHOD OD B BL BL B I UE 7E DE D 000000 ip forwadig OOO UH H0 HH HH 0 HL O0 HH HH O HE H DO BE HE DUUUUDUUDUUDUDUDDDUDUUUUUUUDUUDUUUDUDDUUuuuun Cisco 0000 clear arp cache 8000 0 Linux arp d ip u ugaagupuagagamgugpuududaearlgtutrtlut 00000 0 0 0 00 UUDDDUUDDUDUUDDID arping IUD Ul ARP D UL U D U U UI U ARP O LH 000000000000 0 blackhats 0000000000000000 000 Linux 24 0000 ARPD DL U U U U U 7 LI U echo 1 gt Jproc sys net ipv4 ip bind 00000000 route 0 00000 0 0 uummnmnpnpnpnpaguuu 111 uumnpnpnpnuggpiuulll OSPF BGPA 10000 Internet 000000 0 gated Linux 00000 000 Cisco EL III I III O O Moy John T Internet O Addison Wesley Reading MA 1998 Halabi Ciscoll O0 0000D 0

Download Pdf Manuals

Related Search

Related Contents

    FAIRCHILD Single-Channel: 6N138 6N139 Dual-Channel: HCPL-2730 HCPL-2731 Low Input Current High Gain Split Darlington Optocouplers handbook  Microsemi FST1080-FST10100 handbook          Panasonic KX-TVS50 Manual  PHILIPS SHE9850 Earbud earphone user manual  

Copyright © All rights reserved.