[lug] Router Recommendation

Hugh Brown hugh at math.byu.edu
Mon Aug 29 06:47:32 MDT 2005 

On Sun, 2005-08-28 at 21:46 -0600, Sean Reifschneider wrote:
> On Sat, Aug 27, 2005 at 10:01:19PM -0600, Hugh Brown wrote:
> >I think the difference is the technical acuity required to make linux
> >route like that.  Obviously Sean can do it. :)  I know I couldn't (right
> >now anyway).  It would be easier to buy something that would do most of
> 
> Obviously, you've never tried to make a Cisco do any of those things I've
> mentioned.  ;-/ 

True enough :)


>  Actually, one place where Linux really falls down for
> routing is ATM.  It's a huge weakness of Linux.  I was able to set up one
> interface connecting to another end-point, but Linux didn't support the
> monitoring extension (it's TLA escapes me right now), though they committed
> changes that were supposed to at that time.  Didn't work.  Trying PPP over
> ATM was a sure way to bring the box down though.
> 
> The nice thing about a Linux router is that it leverages what you already
> know about routing and networking.  There are a few rough edges, of course,
> but many of them are things that I'd say are pretty rough in the commercial
> routers.
> 
> Certainly, acting as a router between two ethernet segments is pretty darn
> easy to do.  If you don't know how to do it in Linux, I'd be surprised if
> you struggled any less with a Cisco.
> 

The basic routing between two linux segments seems like it would be a
few hours work for someone that had a very basic understanding of
networking and a howto.  I was thinking more about the traffic shaping,
traffic auditing/accounting, ....

> >Sean, how long did it take you to get all of those capabilities
> >configured/figured out?
> 
> It's hard to say, I didn't just sit down and say "I'm not leaving until I'm
> a Linux Networking Genius!"  It's not fair to say that it's taken me since
> I set up my first UUCP connection in 1987 though...
> 

I figured the answer would be something like that :)


> >It  sounds like a great LUG presentation (too bad I'm out
> >of state).
> 
> Yeah, it's an option.  We had a networking presentation at NCLUG years ago.
> Advanced routing topics might be interesting to let people know what's
> available, but the basics are also important to understand how many of
> these things work.
> 
> >I'd love to know how to monitor how much traffic has crossed my ethernet
> >interface over a given time period (the Rx and Tx info from ifconfig don't
> >seem to be reliable in my case).
> 

Here's a sample of the weirdness I've seen.  I have a cronjob that runs
every 6 hours and greps the RX line from ifconfig.  Uptime on the box is
93 days.  Box is misleading though, since it is an instance of UML.

2005-08-16:18:  RX bytes:4250747146 (3.9 GiB)  TX bytes:466814358 (445.1
MiB)
2005-08-17:00:  RX bytes:4266423260 (3.9 GiB)  TX bytes:467046431 (445.4
MiB)
2005-08-17:06:  RX bytes:4281988308 (3.9 GiB)  TX bytes:467141907 (445.5
MiB)
2005-08-17:12:  RX bytes:2901362 (2.7 MiB)  TX bytes:467493415 (445.8
MiB)
2005-08-17:18:  RX bytes:18624117 (17.7 MiB)  TX bytes:467968541 (446.2
MiB)
2005-08-18:00:  RX bytes:34502883 (32.9 MiB)  TX bytes:468440581 (446.7
MiB)
2005-08-18:06:  RX bytes:49337141 (47.0 MiB)  TX bytes:468519834 (446.8
MiB)



> It seems pretty accurate to me.  However, if you suspect it, set up
> iptables with a rule that matches everything (maybe that just jumps to your
> real rule-set) and take accounting information from that, as it keeps
> packet and byte counters.  Or, if you're adventureous, recompile iptables
> and the kernel to include one of the itpables accounting targets...
> 

Good idea.  I'll have to look into that.  It seemed like snort might
have had the capability to help me understand the nature of the traffic
to the box (e.g. how much traffic per service).

More information about the LUG mailing list