Tag: Linux Networking

Linux Networking

How to Test Network performance and Bandwidth

How to Test Network performance and Bandwidth

Introduction –

Network latency
and Bandwidth are the two metrics most likely to be of interest when you benchmark a network. Even though most service and product advertising focuses on bandwidth, at times the latency can be a more important metric.

** What is Bandwidth?

Bandwidth (BW) in computer networking refers to the data rate supported by a network connection or interface. BW is measured in terms of bits per second (bps).

** What is Network latency?

Latency is a measure of time delay experienced in a system. Network latency is simply defined as the time delay observed as data transmits from one point to another. There are a number of factors that contribute to network latency. These include transmission(medium of connectivity), Distance, Routers and computer hardware delays.

List of Projects used to test Network performance and Bandwidth –

1) bmon – Bandwidth monitor and rate estimator, it is console based,live BW
2) bwbar – Bandwidth usage in Text and Graphical format
3) bwm-ng – Bandwidth Monitor NG (Next Generation, live BW, console based
4) dstat – Dstat is a replacement for vmstat, iostat and ifstat.
5) iftop – Bandwidth usage on an interface, console based
6) iperf – Perform Network throughput tests bet two host
7) ifstat – Report InterFace STATistics
8) cbm – Color Bandwidth Meter ,console based
9) etherape – Graphical network traffic browser
10) iptraf – Interactive Colorful IP LAN Monitor, console and GUI based
11) netmrg – It is daemon based, mySQL support, Gathers data from devices.
12) nuttcp – Network performance measurement tool
13) nepim – network performance

NOTE ~ For some of them rpm or deb packages are not available!

Step 1] How to install on Redhat/RHCE,CentOS based system and Dibian based system –

root@me:~# yum install netperf iperf nuttcp nepim lmbench

** Ubuntu –

root@me:~# apt-get install  bmon bwbar bwm-ng dstat cbm etherape iftop iperf ifstat iptraf netmrg

Step 2] How to use – bmon, bwm-ng, dstat, ifstat –

root@me:~# bmon
interface: lo at me.arun.host
#   Interface                RX Rate         RX #     TX Rate         TX #
────────────────────────────────────────
me.arun.host (source: local)
0   lo                         0.00B            0       0.00B            0
1   eth0                       0.00B            0       0.00B            0
2   eth2                       0.00B            0       0.00B            0
3   vboxnet0                   0.00B            0       0.00B            0
4   pan0                       0.00B            0       0.00B            0
5   ppp0                      69.39KiB         61       7.49KiB         44

root@me:~# bwm-ng

bwm-ng v0.6 (probing every 0.500s), press ‘h’ for help
input: /proc/net/dev type: rate
\         iface                   Rx                   Tx                Total
==============================================================================
lo:           0.00 KB/s            0.00 KB/s            0.00 KB/s
eth0:           0.00 KB/s            0.00 KB/s            0.00 KB/s
eth2:           0.00 KB/s            0.00 KB/s            0.00 KB/s
ppp0:          64.39 KB/s            7.92 KB/s           72.31 KB/s
——————————————————————————
total:          64.39 KB/s            7.92 KB/s           72.31 KB/s

root@me:~# dstat
—-total-cpu-usage—- -dsk/total- -net/total- —paging– —system–
usr sys idl wai hiq siq| read  writ| recv  send|  in   out | int   csw
7   4  85   4   0   0| 281k  110k|   0     0 |   0     0 | 865  3013
8   4  88   0   0   0|   0     0 |7027B 1261B|   0     0 | 956  4505
8   5  86   0   0   0|   0     0 |  14k 1867B|   0     0 |1144  3332
9   5  86   0   1   0|   0     0 |  79k 2496B|   0     0 |1360  3366
18   8  74   0   0   0|   0     0 |  52k 6511B|   0     0 |1299  3618
8   6  85   0   1   0|   0     0 |  35k 5339B|   0     0 |1094  4231
6   4  90   0   0   0|   0     0 |   0  3164B|   0     0 | 953  2750 ^C
root@me:~#

root@me:~# ifstat
eth0                eth2                ppp0
KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out
0.00      0.00      0.00      0.00     95.73      4.31
0.00      0.00      0.00      0.00     67.93      8.17
0.00      0.00      0.00      0.00    106.77     13.70

** start “iperf” server on one host(A) and client on another host(B)- to measure Network throughput between two hosts.

* Host -A

root@me:~# iperf -s
————————————————————
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
————————————————————
[  4] local 192.168.0.1 port 5001 connected with 192.168.0.2 port 56171
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.0 sec  9.11 GBytes  7.82 Gbits/sec

* Host -B
test@hostB:~$ iperf -c 192.168.0.1
————————————————————
Client connecting to 192.168.0.1, TCP port 5001
TCP window size: 49.5 KByte (default)
————————————————————
[  3] local 192.168.0.2 port 56171 connected with 192.168.0.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  9.11 GBytes  7.82 Gbits/sec
test@hostB:~$

root@me:~# iftop
root@me:~# cbm

Thank you,
Arun Bagul

How to use TCP Wrappers for system security

How to use TCP Wrappers for system security

Introduction:-

Access control to services compiled with TCP wrappers support is implemented by the /etc/hosts.allow and /etc/hosts.deny files. When a connection attempt is made, the hosts.allow file is checked. If a line is matched, the connection is allowed. Then the hosts.deny file is consulted, if a line is matched, the connection is denied. If no matches have occurred in either file, the connection is allowed.

Create Authorized Use Only Banners

If configured as described below, TCP wrappers will display a warning banner to any user attempting to connect to a service it monitors. The following set of commands generate the directory /etc/banners, and the files therein contain warning banner text for each service. In this example, the banner text is “Use of this system is restricted to authorized users.” Note that exact wording of a warning banner is site specific; however, it should at least emphasize that the use of the system is restricted to authorized persons and that consent to monitor activities is implied by logging in to the system.

[root@localhost]# /bin/mkdir -p /etc/banners
[root@localhost]# /bin/echo “Use of this system is restricted to authorized users” > /etc/banners/
prototype
[root@localhost]# cd /etc/banners ; /usr/bin/make -f /usr/share/doc/tcp_wrappers-7.6/Banners.Makefile

Deny Everything Except What is Explicitly Allowed

In order to implement the security best practice stance of deny everything except what is explicitly allowed, issue the following command.
[root@localhost]# echo ‘ALL: ALL: spawn (/bin/echo -e ‘/bin/date'”\n%c attempted connection to %s
and was denied” \
> | /bin/mail -s “Connection attempt to %s” root) &’ > /etc/hosts.deny

Any connection attempt not listed in the hosts.allow file will be denied, a message will be logged to the syslog auth facility, and an email will be sent to root.
Allow Access to Those Who Require It

Edit the hosts.allow file and add a line for each service to which access should be allowed. A few examples are shown below (See the man pages for hosts.allow for more detail).

ALL: LOCAL : banners /etc/banners            # All services from local clients (hostnames with no “.”)
sshd: 10.1.1.0/255.255.254.0 : banners /etc/banners # SSH connections from host IP addresses  between 10.1.1.0 and 10.1.2.0

Thanks
Manoj Chauhan

How to install Network Driver in Linux system

How to install Network Driver in Linux system

Introduction –

“Attansic Technology Corp. L1 Gigabit Ethernet Adapte” network (NIC) card or Adapter was not detected by RHEL4 (redhat) system. I tried running kudzu and other commands to detect device, but no use. So finally I have to install drivers for my network card…

Step 1] Device status (network card) –

* See below device status from hardware conf file ~ “/etc/sysconfig/hwconf”
* Attansic Technology Corp. L1 Gigabit Ethernet Adapter  not detected – Unknown device 8226

03:00.0 Ethernet controller: Attansic Technology Corp. L1 Gigabit Ethernet Adapter (rev b0)
Subsystem: ASUSTeK Computer Inc.: Unknown device 8226
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR+ <PERR-
Latency: 0, Cache Line Size 10
Interrupt: pin A routed to IRQ 201

…..

[root@desktop ~]# lspci

03:00.0 Ethernet controller: Attansic Technology Corp. L1 Gigabit Ethernet Adapter (rev b0)

…..
[root@desktop ~]# lspci -n

03:00.0 Class 0200: 1969:1048 (rev b0)

…..
[root@desktop ~]#

* Make sure to download drivers for above  venderID & deviceId “1969:1048″….

Step 2] download and extract the source  –

First, download vendor* driver from here

ftp://ftp.hogchain.net/pub/linux/attansic/vendor_driver/l1-linux-v1.2.40.3.tar.gz

OR
open-source (http://atl1.sourceforge.net/)

[root@desktop ~]# tar xvfz l1-linux-v1.2.40.3.tar.gz

[root@desktop ~]# cd  l1-linux-v1.2.40.3

[root@desktop src]# ls
at_ethtool.c  at.h  at_hw.c  at_hw.h  at_main.c  at_osdep.h  at_param.c  kcompat.c  kcompat_ethtool.c  kcompat.h  Makefile
[root@desktop src]#

* Now compile and install the drivers

[root@desktop src]# make
make -C /lib/modules/2.6.9-78.ELsmp/build SUBDIRS=/root/l1-linux-v1.2.40.3/src modules
make[1]: Entering directory `/usr/src/kernels/2.6.9-78.EL-smp-i686′

…..
make[1]: Leaving directory `/usr/src/kernels/2.6.9-78.EL-smp-i686′
[root@desktop src]# echo $?
0

[root@desktop src]# make install
make -C /lib/modules/2.6.9-78.ELsmp/build SUBDIRS=/root/l1-linux-v1.2.40.3/src modules

…..
man -c -P’cat > /dev/null’ atl1 || true
[root@desktop src]# echo $?
0

* Now load the kernel module….

[root@desktop src]# modprobe   atl1

Step 3] Now verify whether kernel driver is working or not  –

[root@desktop src]# modinfo   atl1
filename:       /lib/modules/2.6.9-78.ELsmp/kernel/drivers/net/atl1/atl1.ko
author:         Atheros Corporation, <xiong.huang@atheros.com>
description:    Atheros 1000M Ethernet Network Driver
license:        GPL
version:        1.2.40.3 1FC4E58EBDF31F49BFD33E8
parm:           TxDescriptors:Number of transmit descriptors
parm:           RxDescriptors:Number of receive descriptors
parm:           MediaType:MediaType Select
parm:           IntModTimer:Interrupt Moderator Timer
parm:           FlashVendor:SPI Flash Vendor
vermagic:       2.6.9-78.ELsmp SMP 686 REGPARM 4KSTACKS gcc-3.4
depends:
alias:          pci:v00001969d00001048sv*sd*bc*sc*i*
[root@desktop src]#

[root@desktop src]# netconfig
[root@desktop src]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:AD:54:0A:XX:WW
inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: fe80::223:54ff:fe0a:616b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b)  TX bytes:498 (498.0 b)
Memory:feac0000-feb00000

…..

[root@desktop src]#

[root@desktop ~]# vi /etc/sysconfig/hwconf

class: NETWORK
bus: PCI
detached: 0
device: eth0
driver: atl1
desc: “Attansic Technology Corp. L1 Gigabit Ethernet Adapter”
network.hwaddr: 00:AD:54:0A:XX:WW
vendorId: 1969
deviceId: 1048

subVendorId: 1043
subDeviceId: 8226
pciType: 1
pcidom:    0
pcibus:  3
pcidev:  0
pcifn:  0
[root@desktop ~]#

Enjoy,
Arun Bagul

openLSM + Cherokee

openLSM + Cherokee

Dear All,

We are pleased to announce that tomorrow we are launching openslm-0.99 development platform. We are sure that  all contributor’s of openlsm and IndianGNU.org community will start coding for openlsm…

* Please don’t forget to test openlsm and give your valuable feedback/suggestion!

openlsm + Cherokee –

After all ups and  down finally openLSM community has decided to use Cherokee for openlsm admin server. We have customized Cherokee as per your requirement.

Thank you,
openLSM and IndianGNU.org