Vesselin Kolev - Tunnel Master :)) Shte mi e mnogo interesno ako napishesh edna podrobna statia za tunelite, kak se izgrajdat, kakyv hardware iziskvat i obshto vzeto neshto kato tezi 2-3 pisma deto gi napisa tuka no v edno cialo i da go slojish niakyde v web-a si kato tezi statii za DNS.
Blagodaria. ----- Original Message ----- From: "Vesselin Kolev" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 09, 2003 5:21 PM Subject: Re: lug-bg: Тунел между две мрежи > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Malko osobenosti sledvashti moia predishen posting... > > Vse pak dobre e mashinite ti, chrez koito pravish tunnela > da sa s moshten processor i poveche pamet. Razbira se ne > si misli za neshto poveche ot Celleron na 500 MHz i 512 MB RAM. > Tazi mosht, koiato spomenavam shte ti e nuzhna samo ako shte > pravish goliam traffic v tunnela i shte ima mnogo zaiavki. > > Primerno, ako shte prekarvash 10 Mbps prez tunnela shte ti > stigne i edin Pentium MMX na 200 MHz s 256 MB RAM.. Viarno, > malko bavni shte sa dogovoarianiata (efecta mozhesh da go > vidish kato ustanovish sesia anagazhirashta goliama lenta ot > traffica i pingvash host v drugata mrezha - shte vidish kak ot > vremena 3-4 msec shte se kachish na 100-200, che i poveche). > Za da izbegnesh pone malko nepriatnite efekti si poigrai malko s ToS > markirovkata na paketite. Mozhe da ima poniakoga i zaguba > na paketi, tova obache e pri nalichieto na mnogo zaiavki za > preminavane v tunnela. Ako v mrezhata si imash liubiteli na > "Ping ot death" i dr takiva entusiasti sys selsko i poluseslko > vyzpitanie, napravi na dvata kraia na tunnela limit na goleminata > i na broia ICMP ping paketi za da smekchish efektite ot detskite > igri. No ne zabraniavai ICMP echo/request.. glupavo e. > > Ako shte gradish mrezha s kapacitet ot 100 Mbps shte e dobre > da se podgotvish po-dobre otkym hardware (istinata e, che nikoga > niama da ia dokarash do proeknia kapacitet, no tova e dylga tema). > Edin router ot > roda na Athlon na 750 MHz i 516 RAM kakyvto az izpolzvam, > shte opravi rabotata, > ako ne puskash na routerite X, Squid i java orientirani HTTPD-ta > (ne che i s tiah ne mozhe da se mine, no vseki iska idealna > mrezhova kartina). Opityt mi sochi, che s takava mashina > mozhesh da vyrshish idealno rabota dori kato imash 3 izgradeni > tunela kym koito mashinata ti e svyrzana. > > Napravo ti davam primer, zashtoto v momenta minavam prez > tunnel. V momenta traffica prez tunnela e 17.29 Mbps. Tunnela > e izgraden m/u dve Intelski 10/100 Mbps. Tunnela preminava > prez 4 mashini i 2 switcha. Vryzkata ot edinia krai na tunnela > do drugia e vyv FDX Mode. > > Eto ti rezultata ot edin traceroute do free.techno-link.com > > [vlk@newton vlk]$ traceroute free.techno-link.com > traceroute to free.techno-link.com (212.91.161.253), 30 hops max, 38 byte > packets > 1 nat-router-to-digsys.backbone-2.vpn.lcpe.uni-sofia.bg (192.168.100.1) > 0.353 ms 0.201 ms 0.167 ms > 2 eth-out.backbone-1.lcpe.uni-sofia.bg (62.44.103.2) 2.477 ms 2.303 ms > 3.261 ms > 3 Sofia4.BG.EU.net (193.68.0.198) 3.089 ms 3.654 ms 2.801 ms > 4 Sofia5.BG.EU.net (193.68.0.172) 4.027 ms 5.202 ms 3.442 ms > 5 62.176.102.110 (62.176.102.110) 4.773 ms 14.387 ms 4.604 ms > 6 free.techno-link.com (212.91.161.253) 5.626 ms 6.668 ms 6.258 ms > [vlk@newton vlk]$ > > Tunnela zapochva pri pyrvia host i svyrshva pri vtoria. > > Eto ti ping rezultati bez i s tunnel: > > - --> s tunnel > > [vlk@newton vlk]$ ping free.techno-link.com > PING free.techno-link.com (212.91.161.253) from 192.168.100.111 : 56(84) bytes > of data. > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=0 ttl=58 > time=8.061 msec > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=1 ttl=58 > time=7.301 msec > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=2 ttl=58 > time=5.280 msec > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=3 ttl=58 > time=5.559 msec > > - --> bez tunnel > > [vlk@lcpe vlk]$ ping free.techno-link.com > PING free.techno-link.com (212.91.161.253) from 192.168.100.111 : 56(84) bytes > of data. > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=0 ttl=58 > time=4.061 msec > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=1 ttl=58 > time=5.301 msec > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=2 ttl=58 > time=4.280 msec > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=3 ttl=58 > time=3.559 msec > > > Samo kato iliustracia na vyrzmozhnostite, koito mozhe da ti predlozhi edin > tunnel... eto ti i edin primer s tunnel izgraden po mezhdunarodna linia: > > [vlk@newton vlk]$ traceroute www.ripe.net > traceroute to peach.ripe.net (193.0.0.203), 30 hops max, 38 byte packets > 1 nat-router-to-digsys.backbone-3.vpn.lcpe.uni-sofia.bg (192.168.100.40) > 0.763 ms 0.449 ms 0.170 ms > 2 Mandrake.nat-lan.lcpe.pip.digsys.bg (193.68.191.198) 0.425 ms 0.318 ms > 0.256 ms > 3 XXX.XXX.XXX.XXX 416.033 ms 427.955 ms 417.664 ms > 4 Amsterdam1.ripe.net (193.148.15.68) 430.920 ms 414.864 ms 417.717 ms > 5 peach.ripe.net (193.0.0.203) 429.204 ms 437.216 ms 420.556 ms > [vlk@newton vlk]$ > > kato tunnela otiva do edin router na DTAG (narochno sym go skril i ne sym > opisal imeto mu)v Holland, koito napravo ima izlaz > kym mrezhata na RIPE, no toi e pusnat s IPSec, .t.e. ne e syvsem po nashia > prmer de... no pak stava. Tunnela zapochva pri vtoria host i zavyrshva pri > 3-tia. > > Eto ti razlikata vyv vremenata za otgovor na ping s i bez tunnel: > > - --> bez tunnel: > [vlk@lcpe vlk]$ ping www.ripe.net > PING peach.ripe.net (193.0.0.203) from 192.168.100.111 : 56(84) bytes of data. > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=0 ttl=244 time=324.385 > msec > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=1 ttl=244 time=311.658 > msec > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=2 ttl=244 time=322.182 > msec > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=3 ttl=244 time=322.793 > msec > > > - --> s tunnel: > [vlk@newton vlk]$ ping www.ripe.net > PING peach.ripe.net (193.0.0.203) from 192.168.100.111 : 56(84) bytes of data. > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=0 ttl=244 time=426.256 > msec > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=1 ttl=244 time=423.667 > msec > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=2 ttl=244 time=417.576 > msec > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=3 ttl=244 time=421.334 > msec > > No tozi kanal e 2Mbps, a ne 100 Mbps i tam zavisia ot mnogo nekontrolirani > ot men factori, no obshto vzeto mozhe da se dobie predstava za efectite. > > Nakraia shte ti pokazha kakvo stava kato se pusne ICMP ping s golemi paketi > v tunnel-a izgraden po 100 Mbps linia: > > [vlk@velociraptor vlk]$ ping -s 34568 193.68.191.193 > PING 193.68.191.193 (193.68.191.193) from 192.168.100.111 : 34560(34588) bytes > of data. > 34568 bytes from 192.168.100.11: icmp_seq=0 ttl=128 time=128.402 msec > 34568 bytes from 192.168.100.11: icmp_seq=1 ttl=128 time=214.363 msec > 34568 bytes from 192.168.100.11: icmp_seq=2 ttl=128 time=169.379 msec > 34568 bytes from 192.168.100.11: icmp_seq=3 ttl=128 time=150.332 msec > > za sravnenie normalnite paketi minavat taka:: > > [vlk@velociraptor vlk]$ ping 193.68.191.193 > PING 193.68.191.193 (193.68.191.193) from 192.168.100.111 : 34560(34588) bytes > of data. > 64 bytes from 192.168.100.11: icmp_seq=0 ttl=128 time=861 usec > 64 bytes from 192.168.100.11: icmp_seq=1 ttl=128 time=1.054 msec > 64 bytes from 192.168.100.11: icmp_seq=2 ttl=128 time=1.157 msec > 64 bytes from 192.168.100.11: icmp_seq=3 ttl=128 time=255 usec > > > Tova e.. mislia, che se kazaha mnogo neshto po vyrposa i se pokazaha > primeri > > Tova e ot men > > Pozdravi > Vesselin Kolev > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+RnIZ+48lZPXaa+MRAgeaAKCTKRAMzBeL8X33AbFTBF6pbcm7mACdF8e4 > jrtUfLGmBxR3yLgPAI5zD20= > =lrHG > -----END PGP SIGNATURE----- > > ============================================================================ > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > ============================================================================ ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
