Linux networking
Usefull links
- LinuxNet - a good place where to begin
- etables project - ethernet firewalling
/etc/host.conf
order hosts,bind multi on nospoof on spoofalert on spoof warn reorder on
Description of upper configuration!
TCP Tunning (linux kernel)
Change initial tcp window:
ip route | while read p; do ip route change $p initcwnd 20 initrwnd 20; done
Linux as bridge
more at: http://linux-net.osdl.org/index.php/Bridge, Performance Evaluation of Linux bridge
# brctl addbr "bridgename" # brctl addif bridgename device
See MAC table
# brctl showmacs
VLANs on bridge interfaces
Interface must be UP
# ifconfig <bridgename> up # vconfig add <bridgename> [vlanid]
configuration above should work with applying this (bridge.diff) patch to your linux kernel. Otherwise you need to do this like this
# ifconfig ethX up # ifconfig ethY up # vconfig add ethX [vlanid] # vconfig add ethY [vlanid] # brctl addbr "bridgename" # brctl addif <bridgename> ethX.vlanID # brctl addif <bridgename> ethY.vlanID
VLAN's in Fedora
There are many ways to create VLAN's on Linux. By far the most cumbersome is by various rc.* scripts that later must be maintained. A “8201q” module must be loaded, ethernet interface must be brought up in order to create particular VLAN using “vconfig”. Lastly, an “ifconfig” must be used to fill in IP address, possibly even “route” command to create some default route.
RedHat Fedora (and possibly other RedHad distro) have automatic setup possible via scripts in /etc/sysconfig/network-scripts directory.
Creating file in that directory with the name eg. “ifcfg-eth1.222” will eventually be file for the VLAN with the tag 222.
Content of the file /etc/sysconfig/network-scripts/ifcfg-eth1.222 may be something like this:
DEVICE=eth1.222
BOOTPROTO=static BROADCAST=1.2.3.255 HWADDR=00:11:22:33:44:55 IPADDR=1.2.3.4 NETMASK=255.255.255.0 NETWORK=1.2.3.0 ONBOOT=yes TYPE=Ethernet VLAN=yes
This file will do it all regarding VLAN creation during boot process. No rc.* scripts necessary, and the VLAN setting is completely in line with the Fedora specifications.
nameif/ifrename
<zekozeko>
plugin rp_pppoe.so nic-novoime pise nekje v /usr/share/doc/pppd/ na koncu enga fajla, mislim da README.Debian sicer pa uporabljam ifrename, ne nameif ifrename ce mas hotplug v kernelu avtomatsko dela ne da bi rabu kaj poganjat samo v /etc/iftab vpises kar hoces
Working with VLANs (Debian)
/etc/network/interfaces
auto vlan667 iface vlan667 inet static address 10.10.40.4 netmask 255.255.255.0 vlan_raw_device eth1
Ethernet bonding
Ethernet bonding refers to aggregating multiple ethernet channels together to form a single channel. This is primarily used for redundancy in ethernet paths or for load balancing. This page refers in particular to performing ethernet bonding under Linux, and so does not limit itself to discussion of 802.3ad Trunk Aggregation.
Ethernet Bonding Types
| mode=0 (balance-rr) | Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance. |
|---|---|
| mode=1 (active-backup) | One slave interface is active at any time. If one interface fails, another interface takes over the MAC address and becomes the active interface. Provides fault tolerance only. Doesn’t require special switch support |
| mode=2 (balance-xor) | Tranmissions are balanced across the slave interfaces based on 1) modula slave count. The same slave is selected for each destination MAC. Provides load balancing and fault tolerance. Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the xmit_hash_policy option. |
| mode=3 (broadcast) | Transmits everything on all slave interfaces. Provides fault tolerance. |
| mode=4 (802.3ad) | This is classic IEEE 802.3ad Dynamic link aggregation. This requires 802.3ad support in the switch and driver support for retrieving the speed and duplex of each slave. |
| mode=5 (balance-tlb) | Adaptive Transmit Load Balancing. Incoming traffic is received on the active slave only, outgoing traffic is distributed according to the current load on each slave. Doesn’t require special switch support |
| mode=6 (balance-alb) | Adaptive Load Balancing - provides both transmit load balancing (TLB) and receive load balancing for IPv4 via ARP negotiation. Doesn’t require special switch support, but does require the ability to change the MAC address of a device while it is open. |
Setup
To use Bonding Ethernet for High-Availability (fail-over) on Debian Lenny you need to:
apt-get install ifenslave-2.6
Edit /etc/network/interfaces to look like this:
iface bond0 inet static address 10.0.1.5 netmask 255.255.255.0 network 10.0.1.0 gateway 10.0.1.254 up /sbin/ifenslave bond0 eth0 eth1 down /sbin/ifenslave -d bond0 eth0 eth1
Add the following lines to your /etc/modprobe.d/arch/i386:
alias bond0 bonding options bonding mode=5 miimon=100 downdelay=200 updelay=200
Joining interfaces for bandwidth
The following section describes how to bond two or more interfaces to provide shared bandwidth and reliablity. We have two options for this, using the mode 0 (balanced-rr) or mode 4 (802.3ad or LACP). If the server is connected to a Cisco switch, I recommend using balanced-rr as described below.
First we have to configure the module in /etc/modprobe.d/aliases
alias bond0 bonding alias eth0 tg3 alias eth1 e1000 options bonding mode=0 miimon=100
Then, we configure the bonding interface:
auto bond0
iface bond0 inet static
address 192.168.0.1
netmask 255.255.255.252
hwaddress ether 00:19:BB:C5:0B:35
up ifenslave bond0 eth0 eth1
down ifenslave -d bond0 eth0 eth1
On the Cisco side, we also have to configure the appropriate physical interfaces and the PortChannel interface:
interface Port-Channel 1 switchport switchport mode access spanning-tree portfast ! interface FastEthernet 0/4 !you might need this options !no switchport !no ip address channel-group 1 mode on ! interface FastEthernet 0/5 !you might need this options !no switchport !no ip address channel-group 1 mode on !channel-group 1 mode active !
