Category Archives: Linux networking

ipmitool

Leave a reply

ipmitool is linux app that speaks the ipmi protocol to local and remote servers. Here are some example commands to get you started (read the extensive man page for more info):

Get a serial-over-lan console on rcXX: ipmitool -I lanplus -H rcXXipmi -U ADMIN -a sol activate
Get the power status: ipmitool -I lanplus -H rcXXipmi -U ADMIN chassis status
Reboot a machine: ipmitool -I lanplus -H rcXXipmi -U ADMIN power reset
Force PXE boot on the next boot only: ipmitool -I lanplus -H rcXXipmi -U ADMIN chassis bootdev pxe
(This will cause the machine to reinstall all its software on the next boot)
Reboot the IPMI card: ipmitool -I lanplus -H rcXXipmi -U ADMIN mc reset cold
Get sensor output: ipmitool -I lanplus -H rcXXipmi -U ADMIN sdr list
Get the error log: ipmitool -I lanplus -H rcXXipmi -U ADMIN sel elist
NB: Our SuperMicro machines appear to log SMART failures as OEM #0xff, e.g. ipmi

Linux Increase Local Port Range

Leave a reply

If your Linux server is opening lots of outgoing network connection, you need to increase local port range. By default range is small. For example squid proxy server can come under fire if it runs out of ports.

You can use sysctl command to to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Please note that this hack is only useful for high bandwidth, busy Linux servers or large scale grid servers.

To find current range type

$ sysctl net.ipv4.ip_local_port_range

Output:

net.ipv4.ip_local_port_range = 32768 61000
Set new local port range

You can set the range with the following command:
# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range

OR
$ sudo sysctl -w net.ipv4.ip_local_port_range=”1024 64000″

You may need to edit /etc/sysctl.conf file, to make changes to /proc filesystem permanently i.e. append the following to your /etc/sysctl.conf file:
# increase system IP port limits
net.ipv4.ip_local_port_range = 1024 65535

syn flood plus a GET flood requests

Leave a reply

iptables -F
iptables -X
iptables -N ATTACKED
iptables -N ATTK_CHECK
iptables -N SYN_FLOOD
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp –syn -j SYN_FLOOD
iptables -A SYN_FLOOD -p tcp –syn -m hashlimit –hashlimit 100/sec –hashlimit-burst 3 –hashlimit-htable-expire 3600 –hashlimit-mode srcip –hashlimit-name synflood -j ACCEPT
iptables -A SYN_FLOOD -j ATTK_CHECK
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 80 -m recent –update –seconds 1800 –name BANNED –rsource -j DROP
iptables -A INPUT -p tcp -m tcp –dport 80 -m state –state NEW -j ATTK_CHECK
iptables -A ATTACKED -m limit –limit 5/min -j LOG –log-prefix “IPTABLES (Rule ATTACKED): ” –log-level 7
iptables -A ATTACKED -m recent –set –name BANNED –rsource -j DROP
iptables -A ATTK_CHECK -m recent –set –name ATTK
iptables -A ATTK_CHECK -m recent –update –seconds 180 –hitcount 20 –name ATTK –rsource -j ATTACKED
iptables -A ATTK_CHECK -m recent –update –seconds 60 –hitcount 6 –name ATTK –rsource -j ATTACKED
iptables -A ATTK_CHECK -j ACCEPT

pt-tcp-model

Leave a reply

pt-tcp-model – Transform tcpdump into metrics that permit performance and scalability modeling.

pt-tcp-model [OPTION…] [FILE]
pt-tcp-model parses and analyzes tcpdump files. With no FILE, or when FILE is -, it read standard input.

Dump TCP requests and responses to a file, capturing only the packet headers to avoid dropped packets, and ignoring any packets without a payload (such as ack-only packets). Capture port 3306 (MySQL database traffic). Note that to avoid line breaking in terminals and man pages, the TCP filtering expression that follows has a line break at the end of the second line; you should omit this from your tcpdump command.

tcpdump -s 384 -i any -nnq -tttt \
‘tcp port 3306 and (((ip[2:2] – ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)’ \
> /path/to/tcp-file.txt
Extract individual response times, sorted by end time:

pt-tcp-model /path/to/tcp-file.txt > requests.txt
Sort the result by arrival time, for input to the next step:

sort -n -k1,1 requests.txt > sorted.txt
Slice the result into 10-second intervals and emit throughput, concurrency, and response time metrics for each interval:

pt-tcp-model –type=requests –run-time=10 sorted.txt > sliced.txt
Transform the result for modeling with Aspersa’s usl tool, discarding the first and last line of each file if you specify multiple files (the first and last line are normally incomplete observation periods and are aberrant):

for f in sliced.txt; do
tail -n +2 “$f” | head -n -1 | awk ‘{print $2, $3, $7/$4}’
done > usl-input.txt

e1000e base driver for Gigabit Intel

Leave a reply

The e1000e driver supports PCI Express Gigabit Network Connections except the 82575, 82576, 82580, and I350.

The Linux base drivers support the 2.4.x and 2.6.x kernels. These drivers includes support for Itanium® 2-based systems.

These drivers are only supported as a loadable module. Intel is not supplying patches against the kernel source to allow for static linking of the drivers. For questions related to hardware requirements, refer to the documentation supplied with your Intel Gigabit adapter. All hardware requirements listed apply to use with Linux.

The following features are now available in supported kernels:

Native VLANs
Channel Bonding (teaming)
SNMP

tar zxf e1000e*
cd e1000e-*
make install

will be installed to:
/lib/modules//kernel/drivers/net/e1000e/e1000e.[k]o

modprobe e1000e insmod e1000e
insmod /lib/modules//kernel/drivers/net/e1000e/e1000e.ko

reload old e1000e driver:
rmmod e1000e; modprobe e1000e

darkstat

Leave a reply

Captures network traffic, calculates statistics about usage, and serves reports over HTTP.

Features:

Traffic graphs, reports per host, shows ports for each host.
Embedded web-server with deflate compression.
Asynchronous reverse DNS resolution using a child process.
Small. Portable. Single-threaded. Efficient.
Supports IPv6