Linux Advanced Routing & Traffic Control HOWTO
Bert Hubert
Netherlabs BV
Thomas Graf (Section Author)
Gregory Maxwell (Section Author)
Remco van Mook (Section Author)
Martijn van Oosterhout (Section Author)
Paul B Schroeder (Section Author)
Jasper Spaans (Section Author)
Pedro Larroy (Section Author)
-
Table of Contents
1.
Dedication
2.
Introduction
-
-
2.1.
Disclaimer & License
2.2.
Prior knowledge
2.3.
What Linux can do for you
2.4.
Housekeeping notes
2.5.
Access, GIT & submitting updates
2.6.
Mailing list
2.7.
Layout of this document
3.
Introduction to iproute2
-
-
3.1.
Why iproute2?
3.2.
iproute2 tour
3.3.
Prerequisites
3.4.
Exploring your current configuration
-
-
3.4.1.
ip shows us our links
3.4.2.
ip shows us our IP addresses
3.4.3.
ip shows us our routes
3.5.
ARP
4.
Rules - routing policy database
-
-
-
4.1.
Simple source policy routing
4.2.
Routing for multiple uplinks/providers
-
-
4.2.1.
Split access
4.2.2.
Load balancing
5.
GRE and other tunnels
-
-
-
5.1.
A few general remarks about tunnels:
5.2.
IP in IP tunneling
5.3.
GRE tunneling
-
-
5.3.1.
IPv4 Tunneling
5.3.2.
IPv6 Tunneling
5.4.
Userland tunnels
6.
IPv6 tunneling with Cisco and/or 6bone
-
-
-
6.1.
IPv6 Tunneling
7.
IPSEC: secure IP over the Internet
-
-
7.1.
Intro with Manual Keying
7.2.
Automatic keying
-
-
7.2.1.
Theory
7.2.2.
Example
7.2.3.
Automatic keying using X.509 certificates
7.3.
IPSEC tunnels
7.4.
Other IPSEC software
7.5.
IPSEC interoperation with other systems
-
-
7.5.1.
Windows
7.5.2.
Check Point VPN-1NG
8.
Multicast routing
9.
Queueing Disciplines for Bandwidth Management
-
-
-
9.1.
Queues and Queueing Disciplines explained
9.2.
Simple, classless Queueing Disciplines
-
-
9.2.1.
pfifo_fast
9.2.2.
Token Bucket Filter
9.2.3.
Stochastic Fairness Queueing
9.3.
Advice for when to use which queue
9.4.
Terminology
9.5.
Classful Queueing Disciplines
-
-
9.5.1.
Flow within classful qdiscs & classes
9.5.2.
The qdisc family: roots, handles, siblings and parents
9.5.3.
The PRIO qdisc
9.5.4.
The famous CBQ qdisc
9.5.5.
Hierarchical Token Bucket
9.6.
Classifying packets with filters
- 9.7. The Intermediate queueing device (IMQ)
-
-
9.7.1.
Sample configuration
10.
Load sharing over multiple interfaces
-
-
-
10.1.
Caveats
10.2.
Other possibilities
11.
Netfilter & iproute - marking packets
12.
Advanced filters for (re-)classifying packets
-
-
12.1.
The
-
-
12.1.1.
U32 selector
12.1.2.
General selectors
12.1.3.
Specific selectors
12.2.
The -
-
12.3.1.
Ways to police
12.3.2.
Overlimit actions
12.3.3.
Examples
12.4.
Hashing filters for very fast massive filtering
12.5.
Filtering IPv6 Traffic
u32
classifierroute
classifier 12.3. Policing filters
13.
Kernel network parameters
-
-
-
13.1.
Reverse Path Filtering
13.2.
Obscure settings
-
-
13.2.1.
Generic ipv4
13.2.2.
Per device settings
13.2.3.
Neighbor policy
13.2.4.
Routing settings
14.
Advanced & less common queueing disciplines
-
-
-
14.1.
bfifo/pfifo
-
-
14.1.1.
Parameters & usage
14.2.
Clark-Shenker-Zhang algorithm (CSZ)
14.3.
DSMARK
-
-
14.3.1.
Introduction
14.3.2.
What is Dsmark related to?
14.3.3.
Differentiated Services guidelines
14.3.4.
Working with Dsmark
14.3.5.
How SCH_DSMARK works.
14.3.6.
TC_INDEX Filter
14.4.
Ingress qdisc
-
-
14.4.1.
Parameters & usage
14.5.
Random Early Detection (RED)
14.6.
Generic Random Early Detection
14.7.
VC/ATM emulation
14.8.
Weighted Round Robin (WRR)
15.
Cookbook
-
-
-
15.1.
Running multiple sites with different SLAs
15.2.
Protecting your host from SYN floods
15.3.
Rate limit ICMP to prevent dDoS
15.4.
Prioritizing interactive traffic
15.5.
Transparent web-caching using netfilter,iproute2, ipchains and squid
- 15.6. Circumventing Path MTU Discovery issues with per route MTU settings
-
-
15.6.1.
Solution
15.7.
Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable, PPPoE & PPtP users)
15.8.
The Ultimate Traffic Conditioner: Low Latency, Fast Up & Downloads
-
-
15.8.1.
Why it doesn't work well by default
15.8.2.
The actual script (CBQ)
15.8.3.
The actual script (HTB)
15.9.
Rate limiting a single host or netmask
15.10.
Example of a full nat solution with QoS
-
-
15.10.1.
Let's begin optimizing that scarce bandwidth
15.10.2.
Classifying packets
15.10.3.
Improving our setup
15.10.4.
Making all of the above start at boot
16.
Building bridges, and pseudo-bridges with Proxy ARP
-
-
16.1.
State of bridging and iptables
16.2.
Bridging and shaping
16.3.
Pseudo-bridges with Proxy-ARP
-
-
16.3.1.
ARP & Proxy-ARP
16.3.2.
Implementing it
17.
Dynamic routing - OSPF and BGP
-
-
-
17.1.
Setting up OSPF with Zebra
-
-
17.1.1.
Prerequisites
17.1.2.
Configuring Zebra
17.1.3.
Running Zebra
17.2.
Setting up BGP4 with Zebra
-
-
17.2.1.
Network Map (Example)
17.2.2.
Configuration (Example)
17.2.3.
Checking Configuration
18.
Other possibilities
19.
Further reading
20.
Acknowledgements
-