-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Malko osobenosti sledvashti moia predishen posting...
Vse pak dobre e mashinite ti, chrez koito pravish tunnela
da sa s moshten processor i poveche pamet. Razbira se ne
si misli za neshto poveche ot Celleron na 500 MHz i 512 MB RAM.
Tazi mosht, koiato spomenavam shte ti e nuzhna samo ako shte
pravish goliam traffic v tunnela i shte ima mnogo zaiavki.
Primerno, ako shte prekarvash 10 Mbps prez tunnela shte ti
stigne i edin Pentium MMX na 200 MHz s 256 MB RAM.. Viarno,
malko bavni shte sa dogovoarianiata (efecta mozhesh da go
vidish kato ustanovish sesia anagazhirashta goliama lenta ot
traffica i pingvash host v drugata mrezha - shte vidish kak ot
vremena 3-4 msec shte se kachish na 100-200, che i poveche).
Za da izbegnesh pone malko nepriatnite efekti si poigrai malko s ToS
markirovkata na paketite. Mozhe da ima poniakoga i zaguba
na paketi, tova obache e pri nalichieto na mnogo zaiavki za
preminavane v tunnela. Ako v mrezhata si imash liubiteli na
"Ping ot death" i dr takiva entusiasti sys selsko i poluseslko
vyzpitanie, napravi na dvata kraia na tunnela limit na goleminata
i na broia ICMP ping paketi za da smekchish efektite ot detskite
igri. No ne zabraniavai ICMP echo/request.. glupavo e.
Ako shte gradish mrezha s kapacitet ot 100 Mbps shte e dobre
da se podgotvish po-dobre otkym hardware (istinata e, che nikoga
niama da ia dokarash do proeknia kapacitet, no tova e dylga tema).
Edin router ot
roda na Athlon na 750 MHz i 516 RAM kakyvto az izpolzvam,
shte opravi rabotata,
ako ne puskash na routerite X, Squid i java orientirani HTTPD-ta
(ne che i s tiah ne mozhe da se mine, no vseki iska idealna
mrezhova kartina). Opityt mi sochi, che s takava mashina
mozhesh da vyrshish idealno rabota dori kato imash 3 izgradeni
tunela kym koito mashinata ti e svyrzana.
Napravo ti davam primer, zashtoto v momenta minavam prez
tunnel. V momenta traffica prez tunnela e 17.29 Mbps. Tunnela
e izgraden m/u dve Intelski 10/100 Mbps. Tunnela preminava
prez 4 mashini i 2 switcha. Vryzkata ot edinia krai na tunnela
do drugia e vyv FDX Mode.
Eto ti rezultata ot edin traceroute do free.techno-link.com
[vlk@newton vlk]$ traceroute free.techno-link.com
traceroute to free.techno-link.com (212.91.161.253), 30 hops max, 38 byte
packets
1 nat-router-to-digsys.backbone-2.vpn.lcpe.uni-sofia.bg (192.168.100.1)
0.353 ms 0.201 ms 0.167 ms
2 eth-out.backbone-1.lcpe.uni-sofia.bg (62.44.103.2) 2.477 ms 2.303 ms
3.261 ms
3 Sofia4.BG.EU.net (193.68.0.198) 3.089 ms 3.654 ms 2.801 ms
4 Sofia5.BG.EU.net (193.68.0.172) 4.027 ms 5.202 ms 3.442 ms
5 62.176.102.110 (62.176.102.110) 4.773 ms 14.387 ms 4.604 ms
6 free.techno-link.com (212.91.161.253) 5.626 ms 6.668 ms 6.258 ms
[vlk@newton vlk]$
Tunnela zapochva pri pyrvia host i svyrshva pri vtoria.
Eto ti ping rezultati bez i s tunnel:
- --> s tunnel
[vlk@newton vlk]$ ping free.techno-link.com
PING free.techno-link.com (212.91.161.253) from 192.168.100.111 : 56(84) bytes
of data.
64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=0 ttl=58
time=8.061 msec
64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=1 ttl=58
time=7.301 msec
64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=2 ttl=58
time=5.280 msec
64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=3 ttl=58
time=5.559 msec
- --> bez tunnel
[vlk@lcpe vlk]$ ping free.techno-link.com
PING free.techno-link.com (212.91.161.253) from 192.168.100.111 : 56(84) bytes
of data.
64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=0 ttl=58
time=4.061 msec
64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=1 ttl=58
time=5.301 msec
64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=2 ttl=58
time=4.280 msec
64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=3 ttl=58
time=3.559 msec
Samo kato iliustracia na vyrzmozhnostite, koito mozhe da ti predlozhi edin
tunnel... eto ti i edin primer s tunnel izgraden po mezhdunarodna linia:
[vlk@newton vlk]$ traceroute www.ripe.net
traceroute to peach.ripe.net (193.0.0.203), 30 hops max, 38 byte packets
1 nat-router-to-digsys.backbone-3.vpn.lcpe.uni-sofia.bg (192.168.100.40)
0.763 ms 0.449 ms 0.170 ms
2 Mandrake.nat-lan.lcpe.pip.digsys.bg (193.68.191.198) 0.425 ms 0.318 ms
0.256 ms
3 XXX.XXX.XXX.XXX 416.033 ms 427.955 ms 417.664 ms
4 Amsterdam1.ripe.net (193.148.15.68) 430.920 ms 414.864 ms 417.717 ms
5 peach.ripe.net (193.0.0.203) 429.204 ms 437.216 ms 420.556 ms
[vlk@newton vlk]$
kato tunnela otiva do edin router na DTAG (narochno sym go skril i ne sym
opisal imeto mu)v Holland, koito napravo ima izlaz
kym mrezhata na RIPE, no toi e pusnat s IPSec, .t.e. ne e syvsem po nashia
prmer de... no pak stava. Tunnela zapochva pri vtoria host i zavyrshva pri
3-tia.
Eto ti razlikata vyv vremenata za otgovor na ping s i bez tunnel:
- --> bez tunnel:
[vlk@lcpe vlk]$ ping www.ripe.net
PING peach.ripe.net (193.0.0.203) from 192.168.100.111 : 56(84) bytes of data.
64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=0 ttl=244 time=324.385
msec
64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=1 ttl=244 time=311.658
msec
64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=2 ttl=244 time=322.182
msec
64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=3 ttl=244 time=322.793
msec
- --> s tunnel:
[vlk@newton vlk]$ ping www.ripe.net
PING peach.ripe.net (193.0.0.203) from 192.168.100.111 : 56(84) bytes of data.
64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=0 ttl=244 time=426.256
msec
64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=1 ttl=244 time=423.667
msec
64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=2 ttl=244 time=417.576
msec
64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=3 ttl=244 time=421.334
msec
No tozi kanal e 2Mbps, a ne 100 Mbps i tam zavisia ot mnogo nekontrolirani
ot men factori, no obshto vzeto mozhe da se dobie predstava za efectite.
Nakraia shte ti pokazha kakvo stava kato se pusne ICMP ping s golemi paketi
v tunnel-a izgraden po 100 Mbps linia:
[vlk@velociraptor vlk]$ ping -s 34568 193.68.191.193
PING 193.68.191.193 (193.68.191.193) from 192.168.100.111 : 34560(34588) bytes
of data.
34568 bytes from 192.168.100.11: icmp_seq=0 ttl=128 time=128.402 msec
34568 bytes from 192.168.100.11: icmp_seq=1 ttl=128 time=214.363 msec
34568 bytes from 192.168.100.11: icmp_seq=2 ttl=128 time=169.379 msec
34568 bytes from 192.168.100.11: icmp_seq=3 ttl=128 time=150.332 msec
za sravnenie normalnite paketi minavat taka::
[vlk@velociraptor vlk]$ ping 193.68.191.193
PING 193.68.191.193 (193.68.191.193) from 192.168.100.111 : 34560(34588) bytes
of data.
64 bytes from 192.168.100.11: icmp_seq=0 ttl=128 time=861 usec
64 bytes from 192.168.100.11: icmp_seq=1 ttl=128 time=1.054 msec
64 bytes from 192.168.100.11: icmp_seq=2 ttl=128 time=1.157 msec
64 bytes from 192.168.100.11: icmp_seq=3 ttl=128 time=255 usec
Tova e.. mislia, che se kazaha mnogo neshto po vyrposa i se pokazaha
primeri
Tova e ot men
Pozdravi
Vesselin Kolev
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+RnIZ+48lZPXaa+MRAgeaAKCTKRAMzBeL8X33AbFTBF6pbcm7mACdF8e4
jrtUfLGmBxR3yLgPAI5zD20=
=lrHG
-----END PGP SIGNATURE-----
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
