-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Emi ... neka pyrvo drugite neshta da se svyrshat.
Osven tova v naspisanoto ot men ne sa zasegnati i mnogo drugi aspekti na tuneliraneto.. overload, ocenka na CPU-time, managirane na MTU i t.n... no naistna tova e ideia i ako ostane vreme mozhe i da napisaha podobno neshto kato e dobre da se opishe i IPSec v konteksta na tuneliraneto, Proxy-ARP shemi i t.n.. M/u drugoto kato kaza za hardware... imam edin tunnel, koito e izgraden mezhdu mashina Pentium na 100 MHz i 128 MB RAM i druga, Celleron 366 MHz i 256 MB RAM i prez nego minava sredno 13 Mbps traffic. Ne sym si igral da vidia dali mozhe da se vdigne i poveche. Takiva raboti... Pozdravi Vesselin Kolev On Tuesday 11 Feb 2003 17:36, Marian Popov wrote: > Vesselin Kolev - Tunnel Master :)) > > Shte mi e mnogo interesno ako napishesh edna podrobna > statia za tunelite, kak se izgrajdat, kakyv hardware iziskvat > i obshto vzeto neshto kato tezi 2-3 pisma deto gi napisa tuka > no v edno cialo i da go slojish niakyde v web-a si kato > tezi statii za DNS. > > Blagodaria. > > ----- Original Message ----- > From: "Vesselin Kolev" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, February 09, 2003 5:21 PM > Subject: Re: lug-bg: Тунел между две мрежи > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Malko osobenosti sledvashti moia predishen posting... > > > > Vse pak dobre e mashinite ti, chrez koito pravish tunnela > > da sa s moshten processor i poveche pamet. Razbira se ne > > si misli za neshto poveche ot Celleron na 500 MHz i 512 MB RAM. > > Tazi mosht, koiato spomenavam shte ti e nuzhna samo ako shte > > pravish goliam traffic v tunnela i shte ima mnogo zaiavki. > > > > Primerno, ako shte prekarvash 10 Mbps prez tunnela shte ti > > stigne i edin Pentium MMX na 200 MHz s 256 MB RAM.. Viarno, > > malko bavni shte sa dogovoarianiata (efecta mozhesh da go > > vidish kato ustanovish sesia anagazhirashta goliama lenta ot > > traffica i pingvash host v drugata mrezha - shte vidish kak ot > > vremena 3-4 msec shte se kachish na 100-200, che i poveche). > > Za da izbegnesh pone malko nepriatnite efekti si poigrai malko s ToS > > markirovkata na paketite. Mozhe da ima poniakoga i zaguba > > na paketi, tova obache e pri nalichieto na mnogo zaiavki za > > preminavane v tunnela. Ako v mrezhata si imash liubiteli na > > "Ping ot death" i dr takiva entusiasti sys selsko i poluseslko > > vyzpitanie, napravi na dvata kraia na tunnela limit na goleminata > > i na broia ICMP ping paketi za da smekchish efektite ot detskite > > igri. No ne zabraniavai ICMP echo/request.. glupavo e. > > > > Ako shte gradish mrezha s kapacitet ot 100 Mbps shte e dobre > > da se podgotvish po-dobre otkym hardware (istinata e, che nikoga > > niama da ia dokarash do proeknia kapacitet, no tova e dylga tema). > > Edin router ot > > roda na Athlon na 750 MHz i 516 RAM kakyvto az izpolzvam, > > shte opravi rabotata, > > ako ne puskash na routerite X, Squid i java orientirani HTTPD-ta > > (ne che i s tiah ne mozhe da se mine, no vseki iska idealna > > mrezhova kartina). Opityt mi sochi, che s takava mashina > > mozhesh da vyrshish idealno rabota dori kato imash 3 izgradeni > > tunela kym koito mashinata ti e svyrzana. > > > > Napravo ti davam primer, zashtoto v momenta minavam prez > > tunnel. V momenta traffica prez tunnela e 17.29 Mbps. Tunnela > > e izgraden m/u dve Intelski 10/100 Mbps. Tunnela preminava > > prez 4 mashini i 2 switcha. Vryzkata ot edinia krai na tunnela > > do drugia e vyv FDX Mode. > > > > Eto ti rezultata ot edin traceroute do free.techno-link.com > > > > [vlk@newton vlk]$ traceroute free.techno-link.com > > traceroute to free.techno-link.com (212.91.161.253), 30 hops max, 38 byte > > packets > > 1 nat-router-to-digsys.backbone-2.vpn.lcpe.uni-sofia.bg (192.168.100.1) > > 0.353 ms 0.201 ms 0.167 ms > > 2 eth-out.backbone-1.lcpe.uni-sofia.bg (62.44.103.2) 2.477 ms 2.303 > > ms 3.261 ms > > 3 Sofia4.BG.EU.net (193.68.0.198) 3.089 ms 3.654 ms 2.801 ms > > 4 Sofia5.BG.EU.net (193.68.0.172) 4.027 ms 5.202 ms 3.442 ms > > 5 62.176.102.110 (62.176.102.110) 4.773 ms 14.387 ms 4.604 ms > > 6 free.techno-link.com (212.91.161.253) 5.626 ms 6.668 ms 6.258 ms > > [vlk@newton vlk]$ > > > > Tunnela zapochva pri pyrvia host i svyrshva pri vtoria. > > > > Eto ti ping rezultati bez i s tunnel: > > > > - --> s tunnel > > > > [vlk@newton vlk]$ ping free.techno-link.com > > PING free.techno-link.com (212.91.161.253) from 192.168.100.111 : 56(84) > > bytes > > > of data. > > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=0 ttl=58 > > time=8.061 msec > > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=1 ttl=58 > > time=7.301 msec > > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=2 ttl=58 > > time=5.280 msec > > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=3 ttl=58 > > time=5.559 msec > > > > - --> bez tunnel > > > > [vlk@lcpe vlk]$ ping free.techno-link.com > > PING free.techno-link.com (212.91.161.253) from 192.168.100.111 : 56(84) > > bytes > > > of data. > > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=0 ttl=58 > > time=4.061 msec > > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=1 ttl=58 > > time=5.301 msec > > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=2 ttl=58 > > time=4.280 msec > > 64 bytes from free.techno-link.com (212.91.161.253): icmp_seq=3 ttl=58 > > time=3.559 msec > > > > > > Samo kato iliustracia na vyrzmozhnostite, koito mozhe da ti predlozhi > > edin tunnel... eto ti i edin primer s tunnel izgraden po mezhdunarodna > > linia: > > > > [vlk@newton vlk]$ traceroute www.ripe.net > > traceroute to peach.ripe.net (193.0.0.203), 30 hops max, 38 byte packets > > 1 nat-router-to-digsys.backbone-3.vpn.lcpe.uni-sofia.bg > > (192.168.100.40) 0.763 ms 0.449 ms 0.170 ms > > 2 Mandrake.nat-lan.lcpe.pip.digsys.bg (193.68.191.198) 0.425 ms 0.318 > > ms > > > 0.256 ms > > 3 XXX.XXX.XXX.XXX 416.033 ms 427.955 ms 417.664 ms > > 4 Amsterdam1.ripe.net (193.148.15.68) 430.920 ms 414.864 ms 417.717 > > ms > > > 5 peach.ripe.net (193.0.0.203) 429.204 ms 437.216 ms 420.556 ms > > [vlk@newton vlk]$ > > > > kato tunnela otiva do edin router na DTAG (narochno sym go skril i ne sym > > opisal imeto mu)v Holland, koito napravo ima izlaz > > kym mrezhata na RIPE, no toi e pusnat s IPSec, .t.e. ne e syvsem po > > nashia prmer de... no pak stava. Tunnela zapochva pri vtoria host i > > zavyrshva pri 3-tia. > > > > Eto ti razlikata vyv vremenata za otgovor na ping s i bez tunnel: > > > > - --> bez tunnel: > > [vlk@lcpe vlk]$ ping www.ripe.net > > PING peach.ripe.net (193.0.0.203) from 192.168.100.111 : 56(84) bytes of > > data. > > > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=0 ttl=244 > > time=324.385 > > > msec > > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=1 ttl=244 > > time=311.658 > > > msec > > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=2 ttl=244 > > time=322.182 > > > msec > > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=3 ttl=244 > > time=322.793 > > > msec > > > > > > - --> s tunnel: > > [vlk@newton vlk]$ ping www.ripe.net > > PING peach.ripe.net (193.0.0.203) from 192.168.100.111 : 56(84) bytes of > > data. > > > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=0 ttl=244 > > time=426.256 > > > msec > > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=1 ttl=244 > > time=423.667 > > > msec > > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=2 ttl=244 > > time=417.576 > > > msec > > 64 bytes from peach.ripe.net (193.0.0.203): icmp_seq=3 ttl=244 > > time=421.334 > > > msec > > > > No tozi kanal e 2Mbps, a ne 100 Mbps i tam zavisia ot mnogo > > nekontrolirani ot men factori, no obshto vzeto mozhe da se dobie > > predstava za efectite. > > > > Nakraia shte ti pokazha kakvo stava kato se pusne ICMP ping s golemi > > paketi > > > v tunnel-a izgraden po 100 Mbps linia: > > > > [vlk@velociraptor vlk]$ ping -s 34568 193.68.191.193 > > PING 193.68.191.193 (193.68.191.193) from 192.168.100.111 : 34560(34588) > > bytes > > > of data. > > 34568 bytes from 192.168.100.11: icmp_seq=0 ttl=128 time=128.402 msec > > 34568 bytes from 192.168.100.11: icmp_seq=1 ttl=128 time=214.363 msec > > 34568 bytes from 192.168.100.11: icmp_seq=2 ttl=128 time=169.379 msec > > 34568 bytes from 192.168.100.11: icmp_seq=3 ttl=128 time=150.332 msec > > > > za sravnenie normalnite paketi minavat taka:: > > > > [vlk@velociraptor vlk]$ ping 193.68.191.193 > > PING 193.68.191.193 (193.68.191.193) from 192.168.100.111 : 34560(34588) > > bytes > > > of data. > > 64 bytes from 192.168.100.11: icmp_seq=0 ttl=128 time=861 usec > > 64 bytes from 192.168.100.11: icmp_seq=1 ttl=128 time=1.054 msec > > 64 bytes from 192.168.100.11: icmp_seq=2 ttl=128 time=1.157 msec > > 64 bytes from 192.168.100.11: icmp_seq=3 ttl=128 time=255 usec > > > > > > Tova e.. mislia, che se kazaha mnogo neshto po vyrposa i se pokazaha > > primeri > > > > Tova e ot men > > > > Pozdravi > > Vesselin Kolev > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.1 (GNU/Linux) > > > > iD8DBQE+RnIZ+48lZPXaa+MRAgeaAKCTKRAMzBeL8X33AbFTBF6pbcm7mACdF8e4 > > jrtUfLGmBxR3yLgPAI5zD20= > > =lrHG > > -----END PGP SIGNATURE----- > > =========================================================================== >= > > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara > > Zagora > > > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > > =========================================================================== >= > > =========================================================================== >= A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara > Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > =========================================================================== >= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+SSU5+48lZPXaa+MRAlqyAJ9kD9GOieP850sYn/+9Mcc8XVrWcgCdFEv1 rZX3z3h+K5EjV7m4y5mBBA8= =gy8t -----END PGP SIGNATURE----- ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================