Difference between revisions of "Layer7 IMQ Route Multipath Loadbalance Debian Lenny 2.6.28"
| Line 191: | Line 191: | ||
===== ทดสอบ IMQ ===== | ===== ทดสอบ IMQ ===== | ||
http://www.linuximq.net/usage.html | http://www.linuximq.net/usage.html | ||
| + | |||
| + | คุณสามารถใช้สคริบด้านล่างเพื่อ Balance Link ได้ | ||
| + | |||
| + | <source lang=bash> | ||
| + | #!/bin/bash | ||
| + | # This script is done by : Robert Kurjata Sep, 2003. | ||
| + | # feel free to use it in any usefull way | ||
| + | |||
| + | # CONFIGURATION | ||
| + | IP=/sbin/ip | ||
| + | PING=/bin/ping | ||
| + | |||
| + | #--------------- LINK PART ----------------- | ||
| + | # EXTIFn - interface name | ||
| + | # EXTIPn - outgoing IP | ||
| + | # EXTMn - netmask length (bits) | ||
| + | # EXTGWn - outgoing gateway | ||
| + | #------------------------------------------- | ||
| + | |||
| + | # LINK 1 | ||
| + | EXTIF1=eth2 | ||
| + | EXTIP1= | ||
| + | EXTM1= | ||
| + | EXTGW1= | ||
| + | |||
| + | # LINK 2 | ||
| + | EXTIF2=eth1 | ||
| + | EXTIP2= | ||
| + | EXTM2= | ||
| + | EXTGW2= | ||
| + | |||
| + | #ROUTING PART | ||
| + | # removing old rules and routes | ||
| + | |||
| + | echo "removing old rules" | ||
| + | ${IP} rule del prio 50 table main | ||
| + | ${IP} rule del prio 201 from ${EXTIP1}/${EXTM1} table 201 | ||
| + | ${IP} rule del prio 202 from ${EXTIP2}/${EXTM2} table 202 | ||
| + | ${IP} rule del prio 221 table 221 | ||
| + | echo "flushing tables" | ||
| + | ${IP} route flush table 201 | ||
| + | ${IP} route flush table 202 | ||
| + | ${IP} route flush table 221 | ||
| + | echo "removing tables" | ||
| + | ${IP} route del table 201 | ||
| + | ${IP} route del table 202 | ||
| + | ${IP} route del table 221 | ||
| + | |||
| + | # setting new rules | ||
| + | echo "Setting new routing rules" | ||
| + | |||
| + | # main table w/o default gateway here | ||
| + | ${IP} rule add prio 50 table main | ||
| + | ${IP} route del default table main | ||
| + | |||
| + | # identified routes here | ||
| + | ${IP} rule add prio 201 from ${EXTIP1}/${EXTM1} table 201 | ||
| + | ${IP} rule add prio 202 from ${EXTIP2}/${EXTM2} table 202 | ||
| + | |||
| + | ${IP} route add default via ${EXTGW1} dev ${EXTIF1} src ${EXTIP1} proto static table 201 | ||
| + | ${IP} route append prohibit default table 201 metric 1 proto static | ||
| + | |||
| + | ${IP} route add default via ${EXTGW2} dev ${EXTIF2} src ${EXTIP2} proto static table 202 | ||
| + | ${IP} route append prohibit default table 202 metric 1 proto static | ||
| + | |||
| + | # mutipath | ||
| + | ${IP} rule add prio 221 table 221 | ||
| + | |||
| + | ${IP} route add default table 221 proto static \ | ||
| + | nexthop via ${EXTGW1} dev ${EXTIF1} weight 2\ | ||
| + | nexthop via ${EXTGW2} dev ${EXTIF2} weight 3 | ||
| + | |||
| + | ${IP} route flush cache | ||
| + | |||
| + | while : ; do | ||
| + | ${PING} -c 1 ${EXTGW1} | ||
| + | ${PING} -c 1 ${EXTGW2} | ||
| + | sleep 60 | ||
| + | done | ||
| + | </source> | ||
---- | ---- | ||
| + | http://www.ssi.bg/~ja/#routes-2.6 | ||
http://l7-filter.sourceforge.net/protocols | http://l7-filter.sourceforge.net/protocols | ||
Revision as of 21:50, 11 July 2009
Debian Lenny, Clarkconnect Enterprise 4.3 Kernel 2.6.28, iptables 1.4.2 IMQ Route_Multipath patch contribute and test by [email protected] June 13 2009( Update 11 July 2009 )
Contents
Debian
[root@gateway ~]# apt-get install gzip unzip bzip2 [root@gateway ~]# apt-get install debhelper screen fakeroot zlib1g-dev build-essential libncurses5-dev kernel-package
Clarkconnect 4.3
[root@gateway ~]# apt-get install cc-devel
ดาวโหลด Package
[root@gateway ~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2 [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz [root@gateway ~]# wget http://www.ssi.bg/~ja/routes-2.6.28-16.diff [root@gateway ~]# wget http://www.linuximq.net/patchs/linux-2.6.28.9-imq-test2.diff [root@gateway ~]# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2
แตกไฟล์ออกมา
[root@gateway ~]# tar xjfv linux-2.6.28.tar.bz2 [root@gateway ~]# tar xjfv iptables-1.4.2.tar.bz2 [root@gateway ~]# tar zxvf netfilter-layer7-v2.21.tar.gz [root@gateway ~]# tar xzfv l7-protocols-2009-05-28.tar.gz
สร้าง Symbol Link
[root@gateway ~]# ln -s /usr/src/linux-2.6.28 /usr/src/linux
Patch Kernel ด้วย patch file
[root@gateway ~]# cd linux [root@gateway ~]# patch -p1 </usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch [root@gateway ~]# patch -p1 </usr/src/routes-2.6.28-16.diff [root@gateway ~]# patch -p1 </usr/src/linux-2.6.28.9-imq-test2.diff
Config Kernel
[root@gateway ~]# make menuconfig
<source lang=bash> Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration. [ ] layer7 match support
[*] select all [M] select all
<M> "IMQ" target support <M> "layer7" match support [*] "Layer7" debugging output
Networking support > Networking options > Network packet filtering framework (Netfilter) > IP: Netfilter Configuration.
[*] select all [M] select all <M> Full NAT
</source> Exit Save .config
คอมไพล์และติดตั้งมันซะ Deb + CC4.3 ( Options 1 )
[root@gateway ~]# make && make modules && make modules_install && make install
ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ
[root@gateway ~]# cd /boot [root@gateway ~]# mkinitramfs -o initrd.img-2.6.28 2.6.28 [root@gateway ~]# update-grub [root@gateway ~]# reboot
ถ้าต้องการ Compile และสร้าง .deb ด้วย ใช้คำสั่ง ( Options 2 )
[root@gateway ~]# make clean && make mrproper [root@gateway ~]# cp /boot/config-`uname -r` ./.config [root@gateway ~]# make menuconfig
<source lang=bash> Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration. [ ] layer7 match support
[*] select all [M] select all
<M> "IMQ" target support <M> "layer7" match support [*] "Layer7" debugging output
Networking support > Networking options > Network packet filtering framework (Netfilter) > IP: Netfilter Configuration.
[*] select all [M] select all <M> Full NAT </source> Exit Save .config
[root@gateway ~]# make-kpkg clean [root@gateway ~]# fakeroot make-kpkg --initrd --append-to-version=-l7multiroute kernel_image kernel_headers [root@gateway ~]# cd /usr/src [root@gateway ~]# dpkg -i linux-image-* [root@gateway ~]# dpkg -i linux-headers-* [root@gateway ~]# reboot
แก้ไข /boot/grub/menu.lst ( CC4.3 Only )
[root@gateway ~]# nano /boot/grub/menu.lst
<source lang=bash>
- grub.conf generated by anaconda
- Note that you do not have to rerun grub after making changes to this file
- NOTICE: You have a /boot partition. This means that
- all kernel and initrd paths are relative to /boot/, eg.
- root (hd0,0)
- kernel /vmlinuz-version ro root=/dev/sda3
- initrd /initrd-version.img
- boot=/dev/sda
default=1 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Linux (2.6.28)
root (hd0,0)
kernel /vmlinuz-2.6.28 ro root=LABEL=/ video=vesafb vga=0x313
initrd /initrd-2.6.28.img
- title Linux (2.6.18-93.cc4)
- root (hd0,0)
- kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/ video=vesafb vga=0x313
- initrd /initrd-2.6.18-93.cc4.img
- title Linux Safe Mode (2.6.18-93.cc4)
- root (hd0,0)
- kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/
- initrd /initrd-2.6.18-93.cc4.img
</source> Reboot เครื่อง
[root@gateway ~]# reboot
ตรวจสอบ Kernel Version CC4.3
[root@gateway ~]# uname -a Linux gateway.clarkconnect.lan 2.6.28 #1 SMP Fri Jun 19 13:17:45 ICT 2009 i686 i686 i386 GNU/Linux
ตรวจสอบ Kernel Version Debian Lenny
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Fri Jun 19 12:02:27 2009 from 125.24.196.166.adsl.dynamic.totbb.net gw:~# uname -a Linux l7.mscompute.com 2.6.28 #2 SMP Sat Jun 13 18:19:43 ICT 2009 i686 GNU/Linux
คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7
[root@gateway ~]# cd /usr/src/iptables-1.4.2 [root@gateway ~]# cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/ [root@gateway ~]# ./configure --with-kernel=/usr/src/linux [root@gateway ~]# make [root@gateway ~]# make install [root@gateway ~]# cd /usr/src/l7-protocols-2009-05-28 [root@gateway ~]# make install [root@gateway ~]# cp /usr/local/sbin/iptables /sbin/ [root@gateway ~]# modprobe xt_layer7
แก้ไข /etc/rc.local
[root@gateway ~]# nano /etc/rc.local modprobe xt_layer7 modprobe xt_conntrack modprobe nf_conntrack
ตรวจสอบ xt_layer7
[root@gateway ~]# lsmod | grep xt_layer7 xt_layer7 14356 0 nf_conntrack 64392 14 xt_layer7,xt_CONNMARK,xt_state,nf_nat_pptp,nf_nat_irc,nf_nat_ftp,ipt_MASQUERADE,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_irc,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4 x_tables 18188 10 xt_layer7,xt_CONNMARK,xt_mark,xt_tcpudp,xt_state,ipt_MASQUERADE,ipt_REJECT,ipt_LOG,iptable_nat,ip_tables
ทดสอบ layer7
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP
[root@gateway ~]# iptables -nvL | grep LAYER
<source lang=bash>
533 50633 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW
30091 2183K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW
74468 6939K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW
325K 24M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW
17392 1161K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW
</source>
ทดสอบ IMQ
http://www.linuximq.net/usage.html
คุณสามารถใช้สคริบด้านล่างเพื่อ Balance Link ได้
<source lang=bash>
- !/bin/bash
- This script is done by : Robert Kurjata Sep, 2003.
- feel free to use it in any usefull way
- CONFIGURATION
IP=/sbin/ip PING=/bin/ping
- --------------- LINK PART -----------------
- EXTIFn - interface name
- EXTIPn - outgoing IP
- EXTMn - netmask length (bits)
- EXTGWn - outgoing gateway
- -------------------------------------------
- LINK 1
EXTIF1=eth2 EXTIP1= EXTM1= EXTGW1=
- LINK 2
EXTIF2=eth1 EXTIP2= EXTM2= EXTGW2=
- ROUTING PART
- removing old rules and routes
echo "removing old rules" ${IP} rule del prio 50 table main ${IP} rule del prio 201 from ${EXTIP1}/${EXTM1} table 201 ${IP} rule del prio 202 from ${EXTIP2}/${EXTM2} table 202 ${IP} rule del prio 221 table 221 echo "flushing tables" ${IP} route flush table 201 ${IP} route flush table 202 ${IP} route flush table 221 echo "removing tables" ${IP} route del table 201 ${IP} route del table 202 ${IP} route del table 221
- setting new rules
echo "Setting new routing rules"
- main table w/o default gateway here
${IP} rule add prio 50 table main ${IP} route del default table main
- identified routes here
${IP} rule add prio 201 from ${EXTIP1}/${EXTM1} table 201 ${IP} rule add prio 202 from ${EXTIP2}/${EXTM2} table 202
${IP} route add default via ${EXTGW1} dev ${EXTIF1} src ${EXTIP1} proto static table 201 ${IP} route append prohibit default table 201 metric 1 proto static
${IP} route add default via ${EXTGW2} dev ${EXTIF2} src ${EXTIP2} proto static table 202 ${IP} route append prohibit default table 202 metric 1 proto static
- mutipath
${IP} rule add prio 221 table 221
${IP} route add default table 221 proto static \
nexthop via ${EXTGW1} dev ${EXTIF1} weight 2\
nexthop via ${EXTGW2} dev ${EXTIF2} weight 3
${IP} route flush cache
while : ; do
${PING} -c 1 ${EXTGW1}
${PING} -c 1 ${EXTGW2}
sleep 60
done </source>
http://www.ssi.bg/~ja/#routes-2.6
http://l7-filter.sourceforge.net/protocols
Protocal Definition /etc/l7-protocols
