Linux Advanced Routing Tutorial
National vs. International Traffic
Google's public DNS server B is clearly an off-shore international destination. However, one of the root DNS servers, namely f.root-servers.net with IP 188.8.131.52, is present here in New Zealand. At the moment, the traceroute to f.root-servers.net still shows the ADSL path:
[workstation] ~ $ /usr/sbin/traceroute f.root-servers.net traceroute to f.root-servers.net (184.108.40.206), 30 hops max, ↪40 byte packets using UDP 1 gw-vlan-office.e-it.co.nz (192.168.130.1) ↪0.175 ms 0.126 ms 0.125 ms 2 gw-vlan-adsl.e-it.co.nz (192.168.128.254) ↪0.861 ms 0.840 ms 0.825 ms 3 core-adsl.isp2 (218.101.x.y) 22.456 ms 22.298 ms 23.501 ms 4 isp2.ape.net.nz (192.203.154.x) 21.035 ms 20.928 ms 21.268 ms 5 isc2.ape.net.nz (192.203.154.y) 20.689 ms 21.724 ms 24.187 ms 6 f.root-servers.net (220.127.116.11) 26.680 ms 26.059 ms 25.427 ms
This is clearly national traffic, and it should go out via the SHDSL link as per our plan. We can do that manually and set the appropriate route on our core router:
[router] ~ # ip route add 18.104.22.168 via 203.0.113.37 ↪dev vlan-shdsl
A side note about NAT'ing: we also need to translate (or "masquerade" or NAT) the office address range 192.168.130.0/24 to our SHDSL public IP 203.0.113.38. If we didn't, the packet's source IP would be 192.168.130.100, and the replies would never find their way back to my workstation, as this address range is not routable in the public Internet. Discussing firewalls and NATs is out of scope of this article, but to get you going, here's the simplest magic command:
[router] ~ # iptables -t nat -A POSTROUTING -s 192.168.128.0/20 ↪-o vlan-shdsl -j DNAT --to 203.0.113.38
All packets with a source address from the 192.168.128.0/20 range leaving through the interface vlan-shdsl will get the source rewritten to 203.0.113.38. We didn't need to set up any masquerading for the ADSL path, because there the ADSL router NATs all our outgoing traffic.
Now, let's check the new network path:
[workstation] ~ $ /usr/sbin/traceroute f.root-servers.net traceroute to f.root-servers.net (22.214.171.124), 30 hops max, ↪40 byte packets using UDP 1 gw-vlan-office.e-it.co.nz (192.168.130.1) ↪0.190 ms 0.129 ms 0.125 ms 2 rt-shdsl.isp1 (203.0.113.37) 2.676 ms 2.599 ms 2.632 ms 3 rt3.isp1 (121.98.ab.cd) 2.715 ms 2.680 ms 2.591 ms 4 isc2.ape.net.nz (192.203.154.z) 2.919 ms 3.033 ms 3.088 ms 5 f.root-servers.net (126.96.36.199) 3.007 ms 2.670 ms 2.864 ms
That's lot better. The first hop remains the same, that's my workstation's router, but the second hop is no longer the ADSL modem. Instead, it's the SHDSL ISP1's core router. It also clearly shows the latency improvement—from 26ms over ADSL to 3ms over SHDSL.
Let's remove the manual route again to avoid any confusion down the road and query the routing table:
[router] ~ # ip route get 188.8.131.52 from ↪192.168.130.100 iif vlan-office 184.108.40.206 from 192.168.130.100 via 203.0.113.37 ↪dev vlan-shdsl # SHDSL [router] ~ # ip route delete 220.127.116.11 via 203.0.113.37 ↪dev vlan-shdsl [router] ~ # ip route get 18.104.22.168 from ↪192.168.130.100 iif vlan-office 22.214.171.124 from 192.168.130.100 via 192.168.128.254 ↪dev vlan-adsl # ADSL
So all we need now is a list of all national IP addresses, put them in the routing table, and we're done. But how? Manually? Even in a small country like New Zealand there are hundreds of local IP addresses and prefixes, and the list is dynamic and changes daily. There is no way such a list could be managed manually. We need a better tool.
Michal Ludvig works for Enterprise IT Ltd in New Zealand as a senior Linux engineer. He's got root access to some of the largest New Zealand corporations, but since he tends to forget his passwords, he is, in general, pretty harmless.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- The Firebird Project's Firebird Relational Database
- Stunnel Security for Oracle
- My +1 Sword of Productivity
- Managing Linux Using Puppet
- Non-Linux FOSS: Caffeine!
- SUSE LLC's SUSE Manager
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Parsing an RSS News Feed with a Bash Script
- Doing for User Space What We Did for Kernel Space
- Google's SwiftShader Released
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide