UNIR DOS TARJETAS DE RED: BOUNDING

BOUNDING

El bounding es la suma de dos o más interfaces de red para aumentar el ancho de banda o la redundancia. Esto implica la división del trafico de red entre los distintos interfaces.

Esto esta probado para linux ubuntu 18 que usa para configurar la red netplan. Si dispones de dos tarjetas de red enp3s0 y enp4s0 las puedes conectar a la misma red a través de un dispositivo virtual llamado bond0.

INSTALACIÓN

Debemos instalar ifenslave:

sudo apt-get install ifenslave

CONFIGURACIÓN MANUAL

 Para probar que funciona el bounding debemos poner en la terminal:

sudo modprobe bonding miimon=100
sudo ifup bond0
sudo ifconfig bond0 192.168.1.50 netmask 255.255.0.0

sudo ifenslave bond0 enp3s0 enp4s0

CONFIGURACIÓN  DEL ARRANQUE

Para configurar bond0 al arrancar debemos usar netplan

sudo nano /etc/netplan/my-network-file.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    enp3s0:
      dhcp4: true
    enp4s0:
      dhcp4: true
  bonds:
    bond0:
      addresses: [192.168.1.50/24]
      gateway4: 192.168.1.1
      interfaces: [enp3s0, enp4s0]
      parameters:
         mode: balance-rr
         primary: enp3s0

Aplicar la configuración con:
sudo netplan apply

Cargar en el nucleo bond al arrancar
sudo nano /etc/modprobe.conf

alias bond bounding
options bond0 mode=balance-rr miimon=100

3.  Podemos ver los interface con:
ifconfig
bond0: flags=5187  mtu 1500
        inet 192.168.1.50  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::2e0:4cff:fe68:32f8  prefixlen 64  scopeid 0x20        ether 00:e0:4c:68:32:f8  txqueuelen 1000  (Ethernet)
        RX packets 7049  bytes 5723342 (5.7 MB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 4741  bytes 661331 (661.3 KB)
        TX errors 0  dropped 29 overruns 0  carrier 0  collisions 0


4. Fuentes:

https://www.systutorials.com/docs/linux/man/8-ifenslave/

https://www.elmundoenbits.com/2013/01/ifenslave-bonding.html

http://www.nerrots.com/?p=130

http://www.estrellateyarde.org/configurar-la-red-en-linux/union-de-interfaces-de-red-channel-bonding-en-linux

https://netplan.io/examples

https://www.youtube.com/watch?v=WubzWJ9G_8c

 


QOS: CONTROL ANCHO BANDA CBQ CON UBUNTU Y COLAS

INTRODUCCIÓN

El contexto es una conexión de Ono, conectado a un
router inhalambrico y una red local 192.168.2.0/24

El objetivo es que el servidor Web no se coma
todo el ancho de banda de salida. Y la conexión
remota ssh vaya rápida.

Este script en bash permite configurar el ancho de banda por servicio. Tambien permite ver que trafico hay en cada separación de los servicios. Se va a crear 6 colas asociadas redes o servidios.

EJECUTARLO:

sudo bash cbq.sh start
[sudo] password for paco:
=================================================
|| QOS CON CQB. Por Paco Aldarias. 12.1.09.
=================================================
|| CONTROL ANCHO BANDA SALIDA.
=================================================
|| INTERFACES Y REDES
=================================================
|| Interface unico …………..: eth0
|| IP eth0 ………………….: 192.168.2.2
|| LAN ……………………..: 192.168.2.0/24
|| Velocidad subida inet ……..:300kbit
|| Velocidad subida lan ………: 100000kbit
=================================================
|| CONFIGURACION VEL.GARANTIZADA/MAX(CEIL):
=================================================
|| COLA 10 INET : 270kbit/300kbit 33kbytes/37kbytes
|| COLA 20 LAN : 90000kbit/100000kbit 11250kbytes/12500kbytes
|| COLA 30 ICMP : 216kbit/300kbit 27kbytes/37kbytes
|| COLA 40 SSH,ET : 189kbit/270kbit 23kbytes/33kbytes
|| COLA 50 DEFAULT : 162kbit/240kbit 20kbytes/30kbytes
|| COLA 60 SERV.WEB: 54kbit/60kbit 6kbytes/7kbytes
=================================================
|| OTROS r2q/quamtum

=================================================
|| R2QL : 1000
|| R2QLR(Entre 1500-60.000) : 102400
|| QUANTUML : 12800
|| R2QI : 200
|| R2QIR(Entre 1500-60.000) : 1536
|| QUANTUMI : 192
=================================================

EL SCRIPT
cat cbq.sh

#http://www.esdebian.org/foro/9949/mldonkey-paraliza-navegacion

#!/bin/bash

# Aclaracion:
# quantum=rate*1024/8/r2q
# rate/r2q >= quantum
# QUANTUM debe estar entre 1500 (valor del MTU) y 60000 (valor maximo del leaf QUANTUM)
# 100mbit = 12.5 mbyte / r2q = 1.2 Mbyte > 60.000
# Por Paco Aldarias

echo «=================================================»
echo «|| QOS con CBQ. Por Paco Aldarias. 12.1.09.»

########################################
# VARIABLES
########################################

# EN kbits
UPINET=300
UPLAN=100000
DEV=eth0
LAN=»192.168.2.0/24″
IP=»192.168.2.2″
ALL=»0.0.0.0/0″

echo «=================================================»
echo «|| CONTROL ANCHO BANDA SALIDA. «
echo «=================================================»
echo «|| INTERFACES Y REDES «
echo «=================================================»
echo «|| Interface unico …………..: $DEV»
echo «|| IP $DEV ………………….: $IP»
echo «|| LAN ……………………..: $LAN»
echo «|| Velocidad subida inet ……..:${UPINET}kbit»
echo «|| Velocidad subida lan ………: ${UPLAN}kbit»

#Calculamos un 90 % de nuestra tasa de subida
RATEUPINET=$[9*$UPINET/10]
RATEUPLAN=$[9*$UPLAN/10]

RATE10=${RATEUPINET}
RATE20=${RATEUPLAN}
RATE30=$[8*$RATEUPINET/10]
RATE40=$[7*$RATEUPINET/10]
RATE50=$[6*$RATEUPINET/10]
RATE60=$[2*$RATEUPINET/10]

CEIL10=${UPINET}
CEIL20=${UPLAN}
CEIL30=$[10*$UPINET/10]
CEIL40=$[9*$UPINET/10]
CEIL50=$[8*$UPINET/10]
CEIL60=$[2*$UPINET/10]

# http://www.ecualug.org/?q=2006/12/14/comos/como_segmentar_el_ancho_de_banda_de_una_red_con_htb&page=1

# r2q=10 quantum= rate*1024/8/r2q
R2QL=1000
R2QLR=$[${UPLAN}*1024/${R2QL}] # Entre 1500 y 6000
QUANTUML=$[${UPLAN}*1024/8/${R2QL}]

R2QI=200
R2QIR=$[${UPINET}*1024/${R2QI}] # Entre 1500 y 6000
QUANTUMI=$[${UPINET}*1024/8/${R2QI}]

echo «=================================================»
echo «|| CONFIGURACION VEL.GARANTIZADA/MAX(CEIL): »
echo «=================================================»
echo «|| COLA 10 INET : ${RATE10}kbit/${CEIL10}kbit $[$RATE10/8]kbytes/$[$CEIL10/8]kbytes «
echo «|| COLA 20 LAN : ${RATE20}kbit/${CEIL20}kbit $[$RATE20/8]kbytes/$[$CEIL20/8]kbytes «
echo «|| COLA 30 ICMP : ${RATE30}kbit/${CEIL30}kbit $[$RATE30/8]kbytes/$[$CEIL30/8]kbytes «
echo «|| COLA 40 SSH,ET : ${RATE40}kbit/${CEIL40}kbit $[$RATE40/8]kbytes/$[$CEIL40/8]kbytes»
echo «|| COLA 50 DEFAULT : ${RATE50}kbit/${CEIL50}kbit $[$RATE50/8]kbytes/$[$CEIL50/8]kbytes»
echo «|| COLA 60 SERV.WEB: ${RATE60}kbit/${CEIL60}kbit $[$RATE60/8]kbytes/$[$CEIL60/8]kbytes»

echo «=================================================»
echo «|| OTROS r2q/quamtum
«
echo «=================================================»
echo «|| R2QL : ${R2QL}»
echo «|| R2QLR(Entre 1500-60.000) : ${R2QLR}»
echo «|| QUANTUML : ${QUANTUML}»
echo «|| R2QI : ${R2QI}»
echo «|| R2QIR(Entre 1500-60.000) : ${R2QIR}»
echo «|| QUANTUMI : ${QUANTUMI}»
echo «=================================================»

########################################
# STATUS
########################################

if [ «$1» = «status» ]
then
exit
fi

########################################
# STATUS1
########################################

if [ «$1» = «status1» ]
then
echo «=======================================»
echo «|| qdisc»
echo «=======================================»

tc -s qdisc show dev $DEV

echo «=======================================»
echo «|| class»
echo «=======================================»

tc -s class show dev $DEV

echo «=======================================»
echo «|| iptables»
echo «=======================================»

iptables -t mangle -L MYSHAPER-OUT -n -v
exit
fi

########################################
# STATUS2
########################################

if [ «$1» = «status2» ]
then
watch tc -s qdisc
exit
fi

########################################
# STOP
########################################

# Reset everything to a known state (cleared)
tc qdisc del dev $DEV root 2> /dev/null > /dev/null

iptables -t mangle -D POSTROUTING -o $DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null

if [ «$1» = «stop» ]
then
echo «Shaping removed on $DEV.»
exit
fi

########################################
# CONFIGURANDO COLAS
#######################
#################

# Cola padre htb
tc qdisc add dev $DEV root handle 1: htb default 10 r2q $R2QL

#Limitamos el trafico
tc class add dev $DEV parent 1: classid 1:10 htb rate ${RATEUPINET}Kbit ceil ${CEIL10}Kbit burst 6k prio 1 quantum $QUANTUMI #inet
tc class add dev $DEV parent 1: classid 1:20 htb rate ${RATEUPLAN}Kbit ceil ${CEIL20}Kbit burst 6k prio 2 quantum $QUANTUML #lan

# Repartimos el sobrante de ancho de banda equitativamente
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

#Iniciamos iptables
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT

###########################
# Marca de paquetes
##########################

# COLA 10. INET

iptables -t mangle -A MYSHAPER-OUT -s $IP ! -d $LAN –j MARK –set-mark 1 # inet
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 1 -j CLASSIFY –set-class 1:10

# COLA 20. LAN.

iptables -t mangle -A MYSHAPER-OUT -s $LAN -d $LAN -j MARK –set-mark 2 # lan
iptables -t mangle -A MYSHAPER-OUT -o lo -j MARK –set-mark 2
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 2 -j CLASSIFY –set-class 1:20

# Clasificamos el trafico de inet

tc class add dev $DEV parent 1:10 classid 1:30 htb rate ${RATE30}Kbit ceil ${CEIL30}Kbit burst 6k prio 3 quantum $QUANTUMI # dns,icmp,router
tc class add dev $DEV parent 1:10 classid 1:40 htb rate ${RATE40}kbit ceil ${CEIL40}kbit burst 6k prio 4 quantum $QUANTUMI # ssh
tc class add dev $DEV parent 1:10 classid 1:50 htb rate ${RATE50}kbit ceil ${CEIL50}kbit burst 6k prio 5 quantum $QUANTUMI # resto
tc class add dev $DEV parent 1:10 classid 1:60 htb rate ${RATE60}kbit ceil ${CEIL60}kbit burst 6k prio 6 quantum $QUANTUMI # www

# Repartimos el sobrante de ancho de banda equitativamente
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev $DEV parent 1:50 handle 50: sfq perturb 10
tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10

# Mldonkey
tc filter add dev $DEV parent 1:10 protocol ip prio 10 u32 match ip tos 0x08 0xff flowid 1:60

########################################
# MARCANDO DE PAQUETES Y ENCOLANDO
########################################

# COLA 30. MAXIMA PRIORIDAD. MAX VELOCIDAD

iptables -t mangle -A MYSHAPER-OUT -p tcp -m tcp –tcp-flags SYN,RST,ACK ACK -s $LAN ! -d $LAN -j MARK –set-mark 3 # MAX PRIORIDAD
iptables -t mangle -A MYSHAPER-OUT -m tos –tos Minimize-Delay -s $LAN ! -d $LAN -j MARK –set-mark 3 # tos
iptables -t mangle -A MYSHAPER-OUT -p icmp -s $LAN ! -d $LAN -j MARK –set-mark 3 # icmp
iptables -t mangle -A MYSHAPER-OUT -s $IP -p udp –sport 27960 -j MARK –set-mark 3 # enemy
iptables -t mangle -A MYSHAPER-OUT -p udp -s $IP –dport 53 -j MARK –set-mark 3 # dns
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 3 -j CLASSIFY –set-class 1:30

# COLA 40

iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN –sport ssh -j MARK –set-mark 4 # ssh
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length –length :64 -j MARK –set-mark 4 # small packets (probably just ACKs)
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 4 -j CLASSIFY –set-class 1:40

# COLA 50

iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN -j MARK –set-mark 5 # Resto
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 5 -j CLASSIFY –set-class 1:50

# COLA 60. MINIMA PRIORIDAD. MIN. VELOCIDAD

iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN -j MARK –sport http –set-mark 6 # www

#f=»mltcpdump.txt»
#f=»ml-port.txt»
#for i in $(cat $f);do
#if [ $i -gt 1024 ];then
# echo «Marcando $i»
# iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $i –set-mark 6 # p2p
# iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK –dport $i –set-mark 6 # p2p
#fi
#done

EDONKEY_PORT=4662
KAD_PORT=8443
OVERNET_PORT=5865
BITTORRENT_PORT=6882
OPENNAP_PORT=9999

iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $EDONKEY_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK –dport $(($EDONKEY_PORT + 4)) –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $KAD_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK –dport $KAD_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $OVERNET_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK –dport $OVERNET_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $(($EDONKEY_PORT – 1)) –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $BITTORRENT_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $OPENNAP_PORT –set-mark 6 # p2p

iptables -t mangle -A MYSHAPER-OUT -m mark –mark 6 -j CLASSIFY –set-class 1:60