Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Linux Advanced Routing Traffic Control HOWTO

Linux Advanced Routing Traffic Control HOWTO



|Views: 369|Likes:
Published by mrots

More info:

Published by: mrots on Apr 23, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Linux Advanced Routing & Traffic Control HOWTOhttp://lartc.org/lartc.html1 of 11004/27/2008 06:23 PM
Linux Advanced Routing & Traffic ControlHOWTO
Bert Hubert
Netherlabs BV bert.hubert@netherlabs.nlThomas Graf (Section Author)tgraf%suug.chGregory Maxwell (Section Author)Remco van Mook (Section Author)remco@virtu.nlMartijn van Oosterhout (Section Author)kleptog@cupid.suninternet.comPaul B Schroeder (Section Author)paulsch@us.ibm.com Jasper Spaans (Section Author) jasper@spaans.ds9a.nlPedro Larroy (Section Author)piotr%member.fsf.org A very hands-on approach to iproute2, traffic shaping and a bit of netfilter.
Table of Contents
1.Dedication2.Introduction2.1.Disclaimer & License2.2.Prior knowledge2.3.What Linux can do for you2.4.Housekeeping notes2.5. Access, CVS & submitting updates2.6.Mailing list2.7.Layout of this document3.Introduction to iproute23.1.Why iproute2?3.2.iproute2 tour3.3.Prerequisites3.4.Exploring your current configuration3.4.1.
shows us our links3.4.2.
shows us our IP addresses
Linux Advanced Routing & Traffic Control HOWTOhttp://lartc.org/lartc.html2 of 11004/27/2008 06:23 PM
sows us our routes3.5. ARP4.Rules - routing policy database4.1.Simple source policy routing4.2.Routing for multiple uplinks/providers4.2.1.Split access4.2.2.Load balancing5.GRE and other tunnels5.1. A few general remarks about tunnels:5.2.IP in IP tunneling5.3.GRE tunneling5.3.1.IPv4 Tunneling5.3.2.IPv6 Tunneling5.4.Userland tunnels6.IPv6 tunneling with Cisco and/or 6bone6.1.IPv6 Tunneling7.IPSEC: secure IP over the Internet7.1.Intro with Manual Keying7.2. Automatic keying7.2.1.Theory7.2.2.Example7.2.3. Automatic keying using X.509 certificates7.3.IPSEC tunnels7.4.Other IPSEC software7.5.IPSEC interoperation with other systems7.5.1.Windows7.5.2.Check Point VPN-1 NG8.Multicast routing9.Queueing Disciplines for Bandwidth Management9.1.Queues and Queueing Disciplines explained9.2.Simple, classless Queueing Disciplines9.2.1.pfifo_fast9.2.2.Token Bucket Filter9.2.3.Stochastic Fairness Queueing9.3. Advice for when to use which queue9.4.Terminology9.5.Classful Queueing Disciplines9.5.1.Flow within classful qdiscs & classes9.5.2.The qdisc family: roots, handles, siblings and parents9.5.3.The PRIO qdisc9.5.4.The famous CBQ qdisc9.5.5.Hierarchical Token Bucket9.6.Classifying packets with filters9.6.1.Some simple filtering examples9.6.2. All the filtering commands you will normally need9.7.The Intermediate queueing device (IMQ)9.7.1.Sample configuration10.Load sharing over multiple interfaces10.1.Caveats10.2.Other possibilities11.Netfilter & iproute - marking packets12. Advanced filters for (re-)classifying packets12.1.The
classifier12.1.1.U32 selector12.1.2.General selectors12.1.3.Specific selectors12.2.The
classifier12.3.Policing filters12.3.1.Ways to police12.3.2.Overlimit actions12.3.3.Examples12.4.Hashing filters for very fast massive filtering12.5.Filtering IPv6 Traffic12.5.1.How come that IPv6 tc filters do not work?12.5.2.Marking IPv6 packets using ip6tables
Linux Advanced Routing & Traffic Control HOWTOhttp://lartc.org/lartc.html3 of 11004/27/2008 06:23 PM
...sng te u seector to matc v pacet13.Kernel network parameters13.1.Reverse Path Filtering13.2.Obscure settings13.2.1.Generic ipv413.2.2.Per device settings13.2.3.Neighbor policy13.2.4.Routing settings14. Advanced & less common queueing disciplines14.1.
14.1.1.Parameters & usage14.2.Clark-Shenker-Zhang algorithm (CSZ)14.3.DSMARK 14.3.1.Introduction14.3.2.What is Dsmark related to?14.3.3.Differentiated Services guidelines14.3.4.Working with Dsmark 14.3.5.How SCH_DSMARK works.14.3.6.TC_INDEX Filter14.4.Ingress qdisc14.4.1.Parameters & usage14.5.Random Early Detection (RED)14.6.Generic Random Early Detection14.7. VC/ATM emulation14.8.Weighted Round Robin (WRR)15.Cookbook 15.1.Running multiple sites with different SLAs15.2.Protecting your host from SYN floods15.3.Rate limit ICMP to prevent dDoS15.4.Prioritizing interactive traffic15.5.Transparent web-caching using netfilter, iproute2, ipchains and squid15.5.1.Traffic flow diagram after implementation15.6.Circumventing Path MTU Discovery issues with per route MTU settings15.6.1.Solution15.7.Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable,PPPoE & PPtP users)15.8.The Ultimate Traffic Conditioner: Low Latency, Fast Up & Downloads15.8.1.Why it doesn't work well by default15.8.2.The actual script (CBQ)15.8.3.The actual script (HTB)15.9.Rate limiting a single host or netmask 15.10.Example of a full nat solution with QoS15.10.1.Let's begin optimizing that scarce bandwidth15.10.2.Classifying packets15.10.3.Improving our setup15.10.4.Making all of the above start at boot16.Building bridges, and pseudo-bridges with Proxy ARP16.1.State of bridging and iptables16.2.Bridging and shaping16.3.Pseudo-bridges with Proxy-ARP16.3.1. ARP & Proxy-ARP16.3.2.Implementing it17.Dynamic routing - OSPF and BGP17.1.Setting up OSPF with Zebra17.1.1.Prerequisites17.1.2.Configuring Zebra17.1.3.Running Zebra17.2.Setting up BGP4 with Zebra17.2.1.Network Map (Example)17.2.2.Configuration (Example)17.2.3.Checking Configuration18.Other possibilities19.Further reading20. Acknowledgements

Activity (8)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Massimo Zanchi liked this
kelvin1 liked this
degreane liked this
agusaurus liked this
ssebunya liked this
Sajid Hussain liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->