[nycbug-talk] last nights's nycebug meeting

George Georgalis george
Thu Aug 5 15:37:57 EDT 2004 

Hi all

great meeting last night, not to mention the following 6 hrs of
drinking and belligerence -- well pointless arguments at least.

True to open spirit, I'm sending links to the via boards, as asked.
http://www.viavpsd.com/product/

I've most recently setup an EPIA M10000, looks like the new ML has a
better integrated video, the CL has two net interfaces for firewalls. I
chose via because the board runs at 17 watts, while providing 1Ghz
cpu, 266 Mhz memory bus, a quiet fan and all integrated components,
including 1394 firewire, 2 133 ata controllers, 5 channel audio (or
spdif), video in/out and dedicated hardware for decoding DVDs (XFree86
supports it). No serial boot, but net-booting is in bios and from
there your kernel can give serial access. My setup is with a $25 sata
controller and $130, 160Gb sata drive. And I use the http://idotpc.com
"ITX-PC Aluminum 200W Silent Cube" which looks much nicer than the
picture. 8x8x12" Is small, yet I have 2 disks in there in addition to
full size cdrom -- it's all quiet and cool. I'm getting 42-50MB/sec
in disk benchmarks. I've heard of people using striped raid sata for
100Mb/sec video capture. Oh, the cpu is new arch but PII/mmx compatible.

It looks like via has new high(er) performance chipset
http://www.via.com.tw/en/c-series/cn400.jsp
included integrated sata, faster ram, hdtv....

Someone said via publishes their hardware api, which makes sense because
all their drivers have been supported for a while (at least in linux)

Networking on Linux? Some of you asked, maybe I'll be up to speed on BSD
soon:

setting up bridging in linux, allows iptables packet filtering on
a firewall without an internet address, accept I did give it an ip
for remote administration... at one point I had a lan on eth0
in addition to the filtered dmz with internet ip addresses.
    brctl addbr br0
    brctl addif br0 eth1
    brctl addif br0 eth2
    ip link set lo up
    ip link set br0 up
    ip link set eth0 up
    ip link set eth1 up
    ip link set eth2 up
    ip addr add 127.0.0.1/8 brd +       label lo    dev lo
    ip addr add 192.168.0.1/24 brd +    label eth0  dev eth0 
    ip addr add 11.22.33.1/24 brd +     label br0   dev br0
    ip route add default via 11.22.00.1 dev br0
    echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
    echo 1 > /proc/sys/net/ipv4/ip_forward
    ip neighbor flush dev eth0 # better do it on your router too!
    ip neighbor flush dev eth1 # better do it on your router too!

The brctl program is part of the bridge-utils package. "brd +" means
calculate and set the broadcast address.

Below is the usage for tc and ip. From the iproute package, the most
advanced traffic control and ip networking programs available under
linux, certainly seem to have the most elaborate command line usage...
I think they are by the same author who wrote most of linux networking.
http://linux-ip.net/gl/ip-cref/
http://www.wlug.org.nz/tc-cbq%288%29

neat wiki at www.wlug.org.nz -- look what it does...
http://www.wlug.org.nz/tc-cbq(8)

A qdisc howto outlines a typical application, (this howto is probably
the best for linux networking)
http://lartc.org/howto/lartc.qdisc.classful.html#AEN939

The ip traffic within the kernel for bridging and qdisc is by no means
direct, works "well enough" but doesn't look clean on a diagram.

Maybe *BSD networking/firewalling is a little cleaner???

// George




+ tc help
Usage: tc [ OPTIONS ] OBJECT { COMMAND | help }
where  OBJECT := { qdisc | class | filter }
       OPTIONS := { -s[tatistics] | -d[etails] | -r[aw] | -b[atch] file }
+ tc qdisc help
Usage: tc qdisc [ add | del | replace | change | get ] dev STRING
       [ handle QHANDLE ] [ root | ingress | parent CLASSID ]
       [ estimator INTERVAL TIME_CONSTANT ]
       [ [ QDISC_KIND ] [ help | OPTIONS ] ]

       tc qdisc show [ dev STRING ] [ingress]
Where:
QDISC_KIND := { [p|b]fifo | tbf | prio | cbq | red | etc. }
OPTIONS := ... try tc qdisc add <desired QDISC_KIND> help
+ tc class help
Usage: tc class [ add | del | change | get ] dev STRING
       [ classid CLASSID ] [ root | parent CLASSID ]
       [ [ QDISC_KIND ] [ help | OPTIONS ] ]

       tc class show [ dev STRING ] [ root | parent CLASSID ]
Where:
QDISC_KIND := { prio | cbq | etc. }
OPTIONS := ... try tc class add <desired QDISC_KIND> help
+ tc filter help
Usage: tc filter [ add | del | change | get ] dev STRING
       [ pref PRIO ] [ protocol PROTO ]
       [ estimator INTERVAL TIME_CONSTANT ]
       [ root | classid CLASSID ] [ handle FILTERID ]
       [ [ FILTER_TYPE ] [ help | OPTIONS ] ]

       tc filter show [ dev STRING ] [ root | parent CLASSID ]
Where:
FILTER_TYPE := { rsvp | u32 | fw | route | etc. }
FILTERID := ... format depends on classifier, see there
OPTIONS := ... try tc filter add <desired FILTER_KIND> help



+ ip help
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
where  OBJECT := { link | addr | route | rule | neigh | tunnel |
                   maddr | mroute | monitor }
       OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] |
                    -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }
+ ip link help
Usage: ip link set DEVICE { up | down | arp { on | off } |
	                     dynamic { on | off } |
	                     multicast { on | off } | txqueuelen PACKETS |
	                     name NEWNAME |
	                     address LLADDR | broadcast LLADDR |
	                     mtu MTU }
       ip link show [ DEVICE ]
+ ip addr help
Usage: ip addr {add|del} IFADDR dev STRING
       ip addr {show|flush} [ dev STRING ] [ scope SCOPE-ID ]
                            [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]
IFADDR := PREFIX | ADDR peer PREFIX
          [ broadcast ADDR ] [ anycast ADDR ]
          [ label STRING ] [ scope SCOPE-ID ]
SCOPE-ID := [ host | link | global | NUMBER ]
FLAG-LIST := [ FLAG-LIST ] FLAG
FLAG  := [ permanent | dynamic | secondary | primary |
           tentative | deprecated ]
+ ip route help
Usage: ip route { list | flush } SELECTOR
       ip route get ADDRESS [ from ADDRESS iif STRING ]
                            [ oif STRING ]  [ tos TOS ]
       ip route { add | del | change | append | replace | monitor } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
            [ table TABLE_ID ] [ proto RTPROTO ]
            [ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
             [ table TABLE_ID ] [ proto RTPROTO ]
             [ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ]
           [ rtt NUMBER ] [ rttvar NUMBER ]
           [ window NUMBER] [ cwnd NUMBER ] [ ssthresh REALM ]
           [ realms REALM ]
TYPE := [ unicast | local | broadcast | multicast | throw |
          unreachable | prohibit | blackhole | nat ]
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
FLAGS := [ equalize ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
+ ip rule help
Usage: ip rule [ list | add | del ] SELECTOR ACTION
SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK ]
            [ dev STRING ] [ pref NUMBER ]
ACTION := [ table TABLE_ID ] [ nat ADDRESS ]
          [ prohibit | reject | unreachable ]
          [ realms [SRCREALM/]DSTREALM ]
TABLE_ID := [ local | main | default | NUMBER ]
+ ip neigh help
Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]
          [ nud { permanent | noarp | stale | reachable } ]
          | proxy ADDR } [ dev DEV ]
       ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]
+ ip tunnel help
Usage: ip tunnel { add | change | del | show } [ NAME ]
          [ mode { ipip | gre | sit } ] [ remote ADDR ] [ local ADDR ]
          [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
          [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]


$ ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: shaper0: <> mtu 1500 qdisc noop qlen 10
    link/ether 
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:40:f4:70:91:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.80.30/24 brd 192.168.80.255 scope global eth0
    inet 192.168.80.33/24 brd 192.168.80.255 scope global secondary eth0:3
4: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
    link/void 
$ ip route
192.168.80.0/24 dev eth0  proto kernel  scope link  src 192.168.80.30 
default via 192.168.80.10 dev eth0  src 192.168.80.33 
default via 192.168.80.10 dev eth0 



-- 
George Georgalis, Architect and administrator, Linux services. IXOYE
http://galis.org/george/  cell:646-331-2027  mailto:george at galis.org
Key fingerprint = 5415 2738 61CF 6AE1 E9A7  9EF0 0186 503B 9831 1631

More information about the talk mailing list