最近測試的案子中,利用了一套軟體來測試網路的效能,它叫做iperf,iperf支援大多數的作業系統,如: Windows,Linux,FreeBSD,MACOSX,Solaris等等,使用上非常簡單,在你的網路環境中準備兩台電腦,各架設於兩端點間,如 core switch到RD switch之間,一邊設定為iperf server,另一邊設定成iperf client,這麼一來你就可以知道core switch與RD switch之間的throughput能達到多少,它可針對TCP or UDP來做測試唷!由於命令參數挺多,所以在這邊我就不多提了,您可以至以下連結取得iperf來安裝,並參考設定範例,經過測試,iperf可以很成功 的在Windows XP SP2,RHEL4/5與Ubuntu上執行。
iperf
2010年4月17日 星期六
Shell Script: 每日檢查硬碟的使用量,當到達90%時寄出Alert mail給root
1. 至/root/bin目錄下,新增一shell script的檔案,名為diskspace.sh,內容如下:
#!/bin/bash
df -h | grep -vE '^Filesystem|tmpfs|cdrom' | awk '{ print $5 " " $1 }' | while read output;
do
usep=$(echo $output | awk '{ print $1}' | cut -d'%' -f1 )
partition=$(echo $output | awk '{ print $2 }' )
if [ $usep -ge 90 ]; then
echo "Running out of space "$partition $usep%" on $(hostname) as on $(date)" | mail -s "Alert: Almost out of disk space $usep%" root
fi
done
2. # chmod 755 diskspace.sh
3. # crontab -e
-> 10 5 * * * /root/bin/diskspace.sh
這個範例用了 grep,awk與cut指令來實作,可以見得它們有多好用了 :)
參考來源: http://www.cyberciti.biz/tips/shell-script-to-watch-the-disk-space.html
#!/bin/bash
df -h | grep -vE '^Filesystem|tmpfs|cdrom' | awk '{ print $5 " " $1 }' | while read output;
do
usep=$(echo $output | awk '{ print $1}' | cut -d'%' -f1 )
partition=$(echo $output | awk '{ print $2 }' )
if [ $usep -ge 90 ]; then
echo "Running out of space "$partition $usep%" on $(hostname) as on $(date)" | mail -s "Alert: Almost out of disk space $usep%" root
fi
done
2. # chmod 755 diskspace.sh
3. # crontab -e
-> 10 5 * * * /root/bin/diskspace.sh
這個範例用了 grep,awk與cut指令來實作,可以見得它們有多好用了 :)
參考來源: http://www.cyberciti.biz/tips/shell-script-to-watch-the-disk-space.html
Bind view
透過bind view的功能,我們可以讓DNS Server見人說人話,見鬼說鬼話囉~怎麼說呢?比如說公司中Internet/Intranet的DNS名稱解析都是用同一台,但我不想讓 Internet上的machine可以查詢到我內部的hostname時,此時透過bind view的功能,看是誰來查詢,並回應相關的結果。
整 個named.conf的架構舉例如下:
22 view "intranet" {
23 match-clients {"192.168.1.0/24";};
24 zone "." IN {
25 type hint;
26 file "named.root";
27 };
28
29 zone "localdomain." IN {
30 type master;
31 file "localdomain.zone";
32 allow-update { none; };
33 };
34
35 zone "localhost." IN {
36 type master;
37 file "localhost.zone";
38 allow-update { none; };
39 };
40
41 zone "0.0.127.in-addr.arpa." IN {
42 type master;
43 file "named.local";
44 allow-update { none; };
45 };
46
47 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
48 type master;
49 file "named.ip6.local";
50 allow-update { none; };
51 };
52
53 zone "255.in-addr.arpa." IN {
54 type master;
55 file "named.broadcast";
56 allow-update { none; };
57 };
58
59 zone "0.in-addr.arpa." IN {
60 type master;
61 file "named.zero";
62 allow-update { none; };
63 };
64
65 zone "example.com" {
66 type master;
67 file "example.com.zone";
68 };
69 };
70
71
72 view "internet" {
73 match-clients {"!192.168.1.0/24";};
74 zone "." IN {
75 type hint;
76 file "named.root";
77 };
78
79 zone "localdomain." IN {
80 type master;
81 file "localdomain.zone";
82 allow-update { none; };
83 };
84
85 zone "localhost." IN {
86 type master;
87 file "localhost.zone";
88 allow-update { none; };
89 };
90
91 zone "0.0.127.in-addr.arpa." IN {
92 type master;
93 file "named.local";
94 allow-update { none; };
95 };
96
97 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
98 type master;
99 file "named.ip6.local";
100 allow-update { none; };
101 };
102
103 zone "255.in-addr.arpa." IN {
104 type master;
105 file "named.broadcast";
106 allow-update { none; };
107 };
108
109 zone "0.in-addr.arpa." IN {
110 type master;
111 file "named.zero";
112 allow-update { none; };
113 };
114 };
115
116 include "/etc/rndc.key";
其實就是多了
view "internet" {
match-clients {"!192.168.1.0/24";};
};
與
view "intranet" {
match-clients {"192.168.1.0/24";};
};
在這兩個區域內設定相關的zone/zone file就可以了。
整 個named.conf的架構舉例如下:
22 view "intranet" {
23 match-clients {"192.168.1.0/24";};
24 zone "." IN {
25 type hint;
26 file "named.root";
27 };
28
29 zone "localdomain." IN {
30 type master;
31 file "localdomain.zone";
32 allow-update { none; };
33 };
34
35 zone "localhost." IN {
36 type master;
37 file "localhost.zone";
38 allow-update { none; };
39 };
40
41 zone "0.0.127.in-addr.arpa." IN {
42 type master;
43 file "named.local";
44 allow-update { none; };
45 };
46
47 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
48 type master;
49 file "named.ip6.local";
50 allow-update { none; };
51 };
52
53 zone "255.in-addr.arpa." IN {
54 type master;
55 file "named.broadcast";
56 allow-update { none; };
57 };
58
59 zone "0.in-addr.arpa." IN {
60 type master;
61 file "named.zero";
62 allow-update { none; };
63 };
64
65 zone "example.com" {
66 type master;
67 file "example.com.zone";
68 };
69 };
70
71
72 view "internet" {
73 match-clients {"!192.168.1.0/24";};
74 zone "." IN {
75 type hint;
76 file "named.root";
77 };
78
79 zone "localdomain." IN {
80 type master;
81 file "localdomain.zone";
82 allow-update { none; };
83 };
84
85 zone "localhost." IN {
86 type master;
87 file "localhost.zone";
88 allow-update { none; };
89 };
90
91 zone "0.0.127.in-addr.arpa." IN {
92 type master;
93 file "named.local";
94 allow-update { none; };
95 };
96
97 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
98 type master;
99 file "named.ip6.local";
100 allow-update { none; };
101 };
102
103 zone "255.in-addr.arpa." IN {
104 type master;
105 file "named.broadcast";
106 allow-update { none; };
107 };
108
109 zone "0.in-addr.arpa." IN {
110 type master;
111 file "named.zero";
112 allow-update { none; };
113 };
114 };
115
116 include "/etc/rndc.key";
其實就是多了
view "internet" {
match-clients {"!192.168.1.0/24";};
};
與
view "intranet" {
match-clients {"192.168.1.0/24";};
};
在這兩個區域內設定相關的zone/zone file就可以了。
queryperf: 測試DNS Server的效能/壓力工具
今天找到了一個對於DNS Server做stress test的好工具: queryperf, 這個工具事實上內建於bind套件中,不過我的Centos5.2與OpenSUSE10是透過rpm安裝bind的,利用rpm -ql | grep -i queryperf卻找不到相關的檔案?於是乎我去抓了bind tarball檔,將queryperf compile起來,產生queryperf binary file就可以使用了。
使用的語法也不難主要如下:
./queryperf -d -s
-d 是讀取測試RR文檔的意思
-s 是指定所要測試的DNS Server
RR_document的格式也是很簡單的,請參考以下 範例:
server1.example.com A -> query server1.example.com A Record
example.com MX -> query example.com domain mx Record
mail.example.com CNAME -> query mail.example.com CNAME
server1.example.com TXT -> query server1.example.com TXT Record
example.com TXT -> query example.com domain TXT Record
example.com NS -> query example.com domain NS Record
100.10.10.10.in-addr.arpa PTR -> query 10.10.10.100 PTR Record
101.10.10.10.in-addr.arpa PTR -> query 10.10.10.101 PTR Record
Note: ->是說明,不需要加入到RR_document
執行結果:
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 8 queries
Queries completed: 8 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.033874 sec
RTT min: 0.013128 sec
RTT average: 0.023992 sec
RTT std deviation: 0.007508 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Mon Aug 25 03:33:47 2008
Finished at: Mon Aug 25 03:33:47 2008
Ran for: 0.034861 seconds
Queries per second: 229.482803 qps
緊接著來寫個簡單的script讓他不斷的執行 queryperf吧!
#!/bin/bash
while true
do
./queryperf -d dnstest -s $1 -v
done
把DNS所有的RR都寫入RR_document,這麼一來,就可以來試看看你的DNS Server耐不耐操了 XD!
使用的語法也不難主要如下:
./queryperf -d -s
-d 是讀取測試RR文檔的意思
-s 是指定所要測試的DNS Server
RR_document的格式也是很簡單的,請參考以下 範例:
server1.example.com A -> query server1.example.com A Record
example.com MX -> query example.com domain mx Record
mail.example.com CNAME -> query mail.example.com CNAME
server1.example.com TXT -> query server1.example.com TXT Record
example.com TXT -> query example.com domain TXT Record
example.com NS -> query example.com domain NS Record
100.10.10.10.in-addr.arpa PTR -> query 10.10.10.100 PTR Record
101.10.10.10.in-addr.arpa PTR -> query 10.10.10.101 PTR Record
Note: ->是說明,不需要加入到RR_document
執行結果:
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 8 queries
Queries completed: 8 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.033874 sec
RTT min: 0.013128 sec
RTT average: 0.023992 sec
RTT std deviation: 0.007508 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Mon Aug 25 03:33:47 2008
Finished at: Mon Aug 25 03:33:47 2008
Ran for: 0.034861 seconds
Queries per second: 229.482803 qps
緊接著來寫個簡單的script讓他不斷的執行 queryperf吧!
#!/bin/bash
while true
do
./queryperf -d dnstest -s $1 -v
done
把DNS所有的RR都寫入RR_document,這麼一來,就可以來試看看你的DNS Server耐不耐操了 XD!
2010年4月5日 星期一
cisco switch configure
cisco switch 1900 2900 3500
草草寫完,如果誤謬,望期指正..
交換機cisco1900
設定ip
en
conf t
ip address 210.60.166.253 255.255.255.0
no shutdown
設定預設閘道
ip default-gateway 210.60.166.254
show ip
show interface
show interface ethernet 0/2
列出mac table
show mac-address-table
限制mac table量
en
conf t
interface ethernet 0/1
port secure max-mac-count 20
取消限制mac table量
en
conf t
interface ethernet 0/1
no port secure
查看所設定mac table量
show mac-address-table security
更改交換機主機名稱
en
conf t
hostname test
查看spanning tree protocol的資訊
show spantree
查看cdp相關資訊
show cdp
查看其他相連的交換機設備
show cdp neighbors
查看歷史紀錄
show history
查看vlan
show vlan
設定port的全雙模式
en
duplex ?
duplex [auto|full|full-flow-control|haft]
使vtp還原為預設值
delete vtp
新增vlan
en
conf t
vlan 100 name vlan100
vlan [編號] name [名稱]
將某個port加入vlan100
en
conf t
interface e0/1
vlan-membership static 100
查看編號100的vlan
show vlan 20
查看vtp的設定
show vtp
設定vtp 的 domain
vtp domain [domain]
vtp domain denny
設定vtp的密碼
en
vtp password [password]
設定vtp的模式
vtp server
vtp client
vtp transparent
開啟trunk
en
conf t
interface ethernet 0/24
trunk on
trunk off
--------------------------------------------------------
switch 2900 3500
設定vlan的domain與password
en
vlan database
vtp domain denny password denny
vtp server
查看vtp參數
show vtp ?
配置靜態vlan
en
vlan database
vlan name
exit
conf t
int fa 0/1
switchport mode access
switchport access vlan 將port設定在某個vlan上
為交換機上配置的vlan設置trunk
en
conf t
int fa 0/24
switchport mode trunk
switchport trunk encapsulation [isl|dot1q]
switchport trunk allowed vlan remove
switchport trunk allowed vlan add
設定介面為trunk模式
要讓多個vlan資訊通過此介面
en
conf t
int fa0/23
switchport mode trunk
為每個vlan設定ip位置
en
conf t
int vlan 30
ip address 210.60.166.220 255.255.255.0
草草寫完,如果誤謬,望期指正..
交換機cisco1900
設定ip
en
conf t
ip address 210.60.166.253 255.255.255.0
no shutdown
設定預設閘道
ip default-gateway 210.60.166.254
show ip
show interface
show interface ethernet 0/2
列出mac table
show mac-address-table
限制mac table量
en
conf t
interface ethernet 0/1
port secure max-mac-count 20
取消限制mac table量
en
conf t
interface ethernet 0/1
no port secure
查看所設定mac table量
show mac-address-table security
更改交換機主機名稱
en
conf t
hostname test
查看spanning tree protocol的資訊
show spantree
查看cdp相關資訊
show cdp
查看其他相連的交換機設備
show cdp neighbors
查看歷史紀錄
show history
查看vlan
show vlan
設定port的全雙模式
en
duplex ?
duplex [auto|full|full-flow-control|haft]
使vtp還原為預設值
delete vtp
新增vlan
en
conf t
vlan 100 name vlan100
vlan [編號] name [名稱]
將某個port加入vlan100
en
conf t
interface e0/1
vlan-membership static 100
查看編號100的vlan
show vlan 20
查看vtp的設定
show vtp
設定vtp 的 domain
vtp domain [domain]
vtp domain denny
設定vtp的密碼
en
vtp password [password]
設定vtp的模式
vtp server
vtp client
vtp transparent
開啟trunk
en
conf t
interface ethernet 0/24
trunk on
trunk off
--------------------------------------------------------
switch 2900 3500
設定vlan的domain與password
en
vlan database
vtp domain denny password denny
vtp server
查看vtp參數
show vtp ?
配置靜態vlan
en
vlan database
vlan name
exit
conf t
int fa 0/1
switchport mode access
switchport access vlan 將port設定在某個vlan上
為交換機上配置的vlan設置trunk
en
conf t
int fa 0/24
switchport mode trunk
switchport trunk encapsulation [isl|dot1q]
switchport trunk allowed vlan remove
switchport trunk allowed vlan add
設定介面為trunk模式
要讓多個vlan資訊通過此介面
en
conf t
int fa0/23
switchport mode trunk
為每個vlan設定ip位置
en
conf t
int vlan 30
ip address 210.60.166.220 255.255.255.0
Extreme設備實作ACL
Access-mask Configuration
Access-list Configuration
for example deny 192.168.100.22
# Access-mask Configuration
create access-mask ip_src_mask source-ip / 32
create access-mask destl4_port_mask ip-protocol dest-L4port
#
#before configure "access-list" command ,you have to configure "access-mask" command
# Access-list Configuration
create access-list denyudp135 access-mask destl4_port_mask ip-protocol 17 dest-L4port 135 deny
create access-list denytcp135 access-mask destl4_port_mask ip-protocol 6 dest-L4port 135 deny
create access-list denyudp445 access-mask destl4_port_mask ip-protocol 17 dest-L4port 445 deny
create access-list denytcp445 access-mask destl4_port_mask ip-protocol 6 dest-L4port 445 deny
#for example deny 192.168.100.22
create access-list deny100_22 access-mask ip_src_mask source-ip 192.168.100.22 / 32 deny
Extreme設備實作load sharing
可利用load sharing作備援線路
load sharing
可利用load sharing作備援線路
enable sharing <port> grouping <portlist> {algorithm {port-based | address-based |round-robin}}
disable sharing [<port>]
enable sharing 25 grouping 25,26 algorithm address-based
BD的ios支援較多的演算法
enable sharing 1:28 grouping 1:28 , 1:29 algorithm address-based
EXTREME 802.1q的vlan
第一台 extreme summit 200-24
create vlan v1
create vlan v2
create vlan bone
configure vlan v1 ipaddress 192.168.1.1/24
configure vlan v2 ipaddress 192.168.2.1/24
configure vlan bone ipaddress 192.168.200.1/24
configure vlan v1 tag 11
configure vlan v2 tag 12
configure vlan bone tag 1111
configure vlan v1 add ports 1-12
configure vlan v2 add ports 13-24
configure vlan bone add ports 26 tagged 須先將bone指定tag
configure vlan v1 add ports 26 tagged 須先將v1指定tag
configure vlan v2 add ports 26 tagged 須先將v2指定tag
enable ipforwarding vlan v1
enable ipforwarding vlan v2
enable ipforwarding vlan bone
enable rip
configure rip add vlan v1
configure rip add vlan v2
configure rip add vlan bone
第二台 extreme summit 200-24
create vlan v1
create vlan v2
create vlan bone
configure vlan bone ipaddress 192.168.200.2/24
configure vlan v1 tag 11
configure vlan v2 tag 12
configure vlan bone tag 1111
configure vlan v1 add ports 1-12
configure vlan v2 add ports 13-24
configure vlan bone add ports 26 tagged 須先將bone指定tag
configure vlan v1 add ports 26 tagged 須先將v1指定tag
configure vlan v2 add ports 26 tagged 須先將v2指定tag
enable ipforwarding vlan bone
configure rip add vlan bone
Extreme設備實作ESRP
MASTER:
-------------
create vlan up
create vlan down
create vlan directlink
config vlan up add ports 25-26
config vlan directlink add ports 1
config vlan down add ports 2-24
config vlan up ipaddress 210.60.166.222 255.255.255.0
config vlan directlink ipaddress 10.0.0.1 255.25.255.0
config vlan down ipaddress 192.168.0.254 255.255.255.0
enable ipforwarding(既可將全部的vlan加上ipforwarding)
enable ipforwarding vlan up
enable ipforwarding vlan directlink
ebable ipfrowarding vlan down
---esrp config -----directlink 不需要設esrp----
enable esrp up
enable esrp down
#此四個參數順序可以變更,依事件的順序啟動esrp的功能
config vlan up esrp esrp-election ports-track-priority-mac
config vlan down esrp esrp-election ports-track-priority-mac
#range 1-255 1最小 254最大 255永遠,設定master與slave 大的是master
config vlan up esrp priority 20
config vlan down esrp priority 20
#以下或以上非EXTREME SWITCH的設備
config vlan up add ports 25-26 restart
config vlan down add ports 2-24 restart
---routing----
config iproute add default 210.60.166.254 1
config iproute add default 10.0.0.2 10
config iproute add 192.168.0.0 255.255.255.0 192.168.0.254 (交換器已經ipforwarding所以毋須打上)因為vlan在本身的switch上,與學校的設定不同
config iproute add 192.168.0.0 255.255.255.0 10.0.0.2 10
SLAVE:
-------
create vlan up
create vlan down
create vlan directlink
config vlan up add ports 25-26
config vlan directlink add ports 1
config vlan down add ports 2-24
config vlan up ipaddress 210.60.166.222 255.255.255.0
config vlan directlink ipaddress 10.0.0.2 255.25.255.0
config vlan down ipaddress 192.168.0.254 255.255.255.0
enable ipforwarding(既可將全部的vlan加上ipforwarding)
enable ipforwarding vlan up
enable ipforwarding vlan directlink
ebable ipfrowarding vlan down
---esrp config -----directlink not config----
enable esrp up
enable esrp down
config vlan up esrp esrp-election port-track-priority-mac
config vlan down esrp esrp-election port-track-priority-mac
config vlan up esrp priority 10
config vlan down esrp priority 10
config vlan up add ports 25-26 restart
config vlan down add ports 2-24 restart
----routing-----
config iproute add default 210.60.166.254 1
config iproute add default 10.0.0.1 10
config iproute add 192.168.0.0 255.255.255.0 192.168.0.254 (交換器已經ipforwarding所以毋須打上)因為vlan在本身的switch上,與學校的設定不同
config iproute add 192.168.0.0 255.255.255.0 10.0.0.1 10
2010年4月4日 星期日
Fedora 11 加速 YUM下載速度(axel,yum-fastmirror)
AXEL是使用多線(Multi-thread)方式下載檔案, 又有人寫成YUM的plugin, 所以就來用看看!
Install AXEL
#wget http://wilmer.gaast.net/downloads/axel-1.0b.tar.gz
#tar zxvf axel-1.0b.tar.gz
#cd axel-1.0b
# ./configure –i18n=1
#make
#make install
設定YUM 使用 AXEL:
將 axelget.conf 放置 /etc/yum/pluginconf.d/
#wget http://cnfreesoft.googlecode.com/svn/trunk/axelget/axelget.conf -P /etc/yum/pluginconf.d/
將 axelget.py 放置 /usr/lib/yum-plugins/
#wget http://cnfreesoft.googlecode.com/svn/trunk/axelget/axelget.py -P /usr/lib/yum-plugins/
調整 YUM-Axel plugin, 只有超過200Kbyte檔案才使用 axel:
# cat /etc/yum/pluginconf.d/axelget.conf
[main]
enabled=1
onlyhttp=1
enablesize=200000
cleanOnException=1
讓YUM自動找最快mirror site:
yum install yum-fastmirror
試試看吧:
# yum update
Loaded plugins: axelget, presto, refresh-packagekit
Setting up Update Process
…
we will try to use axel to download this big file:41031190
Before we start,clean all the key files
Execute axel cmd:
axel -a -n 10 http://free.nchc.org.tw/fedora/linux/updates/11/i386//evolution-help-2.26.2-1.fc11.noarch.rpm -o /var/cache/yum/updates/packages/evolution-help-2.26.2-1.fc11.noarch.rpm
Initializing download: http://free.nchc.org.tw/fedora/linux/updates/11/i386//evolution-help-2.26.2-1.fc11.noarch.rpm
File size: 41031190 bytes
Opening output file /var/cache/yum/updates/packages/evolution-help-2.26.2-1.fc11.noarch.rpm
Starting downloadConnection 6 finished ]
Connection 9 finished ]
Connection 0 finished ]
Connection 7 finished ]
Connection 1 finished ]
Connection 8 finished ]
Connection 4 finished ]
Connection 2 finished ]
Connection 3 finished ]
[100%] [..................................................] [ 391.4KB/s] [00:00]Downloaded 39.1 megabytes in 1:42 seconds. (391.42 KB/s)
[110/221]Ok,
訂閱:
文章 (Atom)