This document provides instructions for load balancing traffic across 3 ADSL internet links using a Mikrotik router. It defines the network interfaces and IP addresses. It then provides the Mikrotik script to set up the load balancing using policy-based routing and connection marking. The script configures the interfaces, PPPOE clients to connect to the modem on each link, NAT, firewall rules for classification and marking, and load-balanced routing of traffic across the 3 interfaces.
This document discusses the evolution of user-defined functions (UDFs) in Oracle SQL over multiple Oracle database versions. It shows how UDFs started as PL/SQL functions callable from SQL in earlier versions, which could impact performance. It then demonstrates how newer Oracle database versions allow defining UDFs directly in SQL for improved performance and maintainability when using functions in SQL statements and queries. The document provides examples of different ways to implement and call UDFs across various Oracle versions.
This document provides instructions for configuring firewall rules to allow access for the PointBlankOnline game. It outlines 3 rules to mark and pass through UDP and TCP connections on specific ports from the IP address 203.89.146.0/23 for the game, and creates a queue tree to prioritize this marked traffic. Additional ports for other games can be added as needed without specifying the destination address.
The Ring programming language version 1.5.2 book - Part 9 of 181Mahmoud Samir Fayed
Here are the key things added in Ring 1.5 for tracing functions:
- RingVM_SetTrace() allows setting a function to be called on trace events. This function will receive information about the trace.
- RingVM_TraceData() returns an array with details of the current execution context like line number, file name, function name etc.
- RingVM_TraceEvent() returns the type of trace event, like new line, new function, return etc.
- Additional functions provide the current trace function name, ability to evaluate code in a specific scope, and control error handling during tracing.
This allows implementing a tracing function to log or print details at each step of execution. The example shows
The document contains log output from a Java plugin. It lists the Java version and user directory at the top. The majority of the log reports missing permissions and codebase attributes for various JAR files. Towards the bottom it contains a stack trace indicating an error occurred when attempting to verify a license during initialization.
The document summarizes the author's first attempt at patching an issue in the Linux kernel virtual memory area (VMA) merging. It describes finding an upstream commit fixing a problem where mbind() was not properly merging VMAs. The author analyzes the kernel code for mbind_range() and vma_merge(), finding issues with the page offset calculation that prevented merging. The patch calculates the offset correctly, allowing VMAs to merge as intended.
The document provides an introduction to performance tuning. It discusses tracing SQL execution to analyze performance issues. Tracing can be done at different levels, and the tkprof utility helps analyze trace files by providing formatted output. Understanding execution plans is also an important part of performance tuning, as it shows the steps and cost of executing a SQL statement.
The document discusses benchmarking tools for databases and introduces a new benchmarking tool called Firehose. It describes some issues with existing tools like Mongoimport and YCSB in that they do not adequately model real-world workloads. Firehose is presented as a new multi-threaded benchmarking tool that aims to have high relevance to real applications. It measures performance metrics like operation durations and supports features like configurable load levels and integration with monitoring systems.
Beyond PHP - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just writing PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
This document discusses the evolution of user-defined functions (UDFs) in Oracle SQL over multiple Oracle database versions. It shows how UDFs started as PL/SQL functions callable from SQL in earlier versions, which could impact performance. It then demonstrates how newer Oracle database versions allow defining UDFs directly in SQL for improved performance and maintainability when using functions in SQL statements and queries. The document provides examples of different ways to implement and call UDFs across various Oracle versions.
This document provides instructions for configuring firewall rules to allow access for the PointBlankOnline game. It outlines 3 rules to mark and pass through UDP and TCP connections on specific ports from the IP address 203.89.146.0/23 for the game, and creates a queue tree to prioritize this marked traffic. Additional ports for other games can be added as needed without specifying the destination address.
The Ring programming language version 1.5.2 book - Part 9 of 181Mahmoud Samir Fayed
Here are the key things added in Ring 1.5 for tracing functions:
- RingVM_SetTrace() allows setting a function to be called on trace events. This function will receive information about the trace.
- RingVM_TraceData() returns an array with details of the current execution context like line number, file name, function name etc.
- RingVM_TraceEvent() returns the type of trace event, like new line, new function, return etc.
- Additional functions provide the current trace function name, ability to evaluate code in a specific scope, and control error handling during tracing.
This allows implementing a tracing function to log or print details at each step of execution. The example shows
The document contains log output from a Java plugin. It lists the Java version and user directory at the top. The majority of the log reports missing permissions and codebase attributes for various JAR files. Towards the bottom it contains a stack trace indicating an error occurred when attempting to verify a license during initialization.
The document summarizes the author's first attempt at patching an issue in the Linux kernel virtual memory area (VMA) merging. It describes finding an upstream commit fixing a problem where mbind() was not properly merging VMAs. The author analyzes the kernel code for mbind_range() and vma_merge(), finding issues with the page offset calculation that prevented merging. The patch calculates the offset correctly, allowing VMAs to merge as intended.
The document provides an introduction to performance tuning. It discusses tracing SQL execution to analyze performance issues. Tracing can be done at different levels, and the tkprof utility helps analyze trace files by providing formatted output. Understanding execution plans is also an important part of performance tuning, as it shows the steps and cost of executing a SQL statement.
The document discusses benchmarking tools for databases and introduces a new benchmarking tool called Firehose. It describes some issues with existing tools like Mongoimport and YCSB in that they do not adequately model real-world workloads. Firehose is presented as a new multi-threaded benchmarking tool that aims to have high relevance to real applications. It measures performance metrics like operation durations and supports features like configurable load levels and integration with monitoring systems.
Beyond PHP - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just writing PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
pstack, truss etc to understand deeper issues in Oracle databaseRiyaj Shamsudeen
The document discusses various process monitoring and debugging tools for Oracle databases like truss, pstack and pfiles. It provides examples of using truss to trace system calls of processes like PMON and DBWR. It demonstrates how truss can be used to see shared memory segment creation during database startup and process attachment. It also summarizes the process creation steps seen during connection creation in Oracle.
This document discusses using Gor, an open source tool, to capture and replay HTTP traffic between environments for testing purposes. It provides an overview of Gor's capabilities for listening on ports to capture production traffic, filtering and modifying requests, and forwarding traffic to staging and dev environments. The document also compares Gor to other capture and replay tools like tcpdump and tcpreplay, noting Gor's advantages in allowing real-time replay with filtering and modification of requests.
Penetration Testing for Easy RM to MP3 Converter Application and Post ExploitJongWon Kim
The document discusses penetration testing of the Easy RM to MP3 Converter application. It begins by setting up the testing environment with Backtrack5, Windows SP2 and SP3 virtual machines, and the vulnerable application. It then analyzes the application dynamically using a debugger to find a buffer overflow vulnerability. The document creates an exploit payload that uses return oriented programming (ROP) to bypass data execution prevention (DEP) and execute shellcode to connect back to the attacker machine for post-exploit access.
This document provides an overview of PostgreSQL topics including:
- Installation and configuration best practices such as using package management and configuring logging
- Routine maintenance activities like vacuuming and backups
- Upgrades and the differences between major, minor, and bugfix versions
- Advanced SQL topics like window functions, common table expressions, and querying slow queries
The document summarizes how SQL Plan Directives in Oracle 12c can help address issues caused by cardinality misestimation in the optimizer. It provides an example where the optimizer underestimates the number of rows returned by a query on a table due to not having statistics on correlated columns. In 12c, a SQL Plan Directive is automatically generated after the first execution to capture this misestimation. On subsequent queries, the directive can be used to provide more accurate cardinality estimates through automatic reoptimization or dynamic sampling.
Linux /proc filesystem for MySQL DBAs - FOSDEM 2021Valeriy Kravchuk
Tools and approaches based on /proc sampling (like 0x.tools by Tanel Poder or ad hoc scripts) allow to measure individual thread level activity in MySQL server on Linux, like thread sleep states, currently executing system calls and kernel wait locations. If needed you can drill down into CPU usage of any thread or the system as a whole. Historical data can be captured for post factum analysis, without much impact on the system and no need to install or change anything in its configuration. In this presentation I am going to summarize what's possible with /proc and show useful examples for MySQL DBAs.
The document provides an overview of new features introduced in ES2015 and beyond that enable a more declarative and composable approach to building user interfaces with React, including arrow functions, classes, modules, destructuring, template strings, block scoping, generators, async/await, and separation of concerns. It emphasizes keeping React components small and state in a single place to manage complexity in large applications.
Oracle Parallel Distribution and 12c Adaptive PlansFranck Pachot
Parallel Distribution and 12c Adaptive Plans
In the previous newsletter we have seen how 12c can defer the choice of the join method to the first execution. We considered only serial execution plans. But besides join method, the cardinality estimation is a key decision for parallel distribution when joining in parallel query. Ever seen a parallel query consuming huge tempfile space because a large table is broadcasted to lot of parallel processes? This is the point addressed by Adaptive Parallel Distribution.
Once again, that new feature is a good occasion to look at the different distribution methods.
1. The document discusses Docker containers, Docker machines, and Docker Compose as tools for building Python development environments and deploying backend services.
2. It provides examples of using Docker to run sample Python/Django applications with MySQL and PostgreSQL databases in containers, and load testing the applications.
3. The examples demonstrate performance testing Python REST APIs with different database backends and caching configurations using Docker containers.
The document discusses administering parallel execution in Oracle databases. It describes how parallel query uses slave processes to perform work across instances, and how the placement of slaves can be controlled using services or parallel instance groups. It provides an example execution plan showing how slaves perform different tasks like scanning and sorting. It also covers best practices, new features in Oracle 11g like parallel statement queueing, and how parallel DML works.
New features in Performance Schema 5.7 in actionSveta Smirnova
The document discusses new features in Performance Schema 5.7, including improved instrumentation for locks, memory usage, stored routines, prepared statements, and variables. It provides examples of using Performance Schema tables like METADATA_LOCKS, TABLE_HANDLES, and prepared_statements_instances to diagnose issues like locks preventing DDL statements from completing and inconsistently timed stored procedure executions. Practices are suggested to identify memory usage and optimize prepared statement performance.
Introducing new SQL syntax and improving performance with preparse Query Rewr...Sveta Smirnova
This document discusses a new preparse query rewrite plugin for MySQL that allows adding new SQL syntax like the FILTER clause from SQL:2003. The plugin works by catching the query before parsing and rewriting parts using regular expressions. It also describes extending the plugin to support custom optimizer hints by modifying and restoring thread-specific variable values.
The document summarizes 11 new features in Oracle Database 11g Release 2. It discusses improvements to parallelism, analytics, external tables, recursive queries, and flashback features. Key points include automated parallel DML, improved analytic functions like LISTAGG, using external tables with preprocessors on directories, recursive queries with common table expressions, and enhanced time travel capabilities.
Dokumen ini merangkum penggunaan model Tweenty-Ten ID untuk merancang kelas menggunakan aplikasi Facebook. Terdapat lima fasa dalam model ini: analisis kebutuhan untuk mengenal pasti siswa, desain spesifikasi untuk memilih metode pengajaran dan media, coding untuk aktivitas kelompok, integrasi tes untuk menilai pemahaman, dan pemeliharaan instalasi untuk memberikan umpan balik. Kelas akan menggunakan video dan gambar untuk topik anatom
This document provides information about a distance evaluation for a Communicative Grammar III course at Universidad Técnica Particular de Loja in Ecuador. It contains instructions for completing the objective and essay portions of the evaluation online between specific dates in November 2013. The objective portion contains 49 multiple choice grammar questions testing content from the first term. Correct answers require reviewing grammar notes and course materials for units 1 through 4.
http://tinyurl.com/inalambicas/
Imagenes del curso para la configuración de inalambricas,el Mikrotik
Tambien puedes visitar a:
http://negociospeter.blogspot.com.ar/
El documento describe varias prácticas de configuración y administración de routers Mikrotik, incluyendo el uso de la herramienta WinBox, configurar PPPoE y DHCP, implementar firewalls y NAT, configurar un servidor DHCP, control de ancho de banda, acceso remoto, backup de configuración y actualización de firmware. Además, proporciona ejemplos detallados de cómo configurar firewalls, NAT y port forwarding para proteger el router y redes.
Este documento explica los pasos para configurar las funciones básicas de un router Mikrotik, incluyendo: 1) nombrar interfaces de red, 2) asignar direcciones IP, 3) configurar DNS, 4) agregar rutas, 5) configurar DHCP, 6) configurar NAT, 7) configurar colas de ancho de banda, y 8) configurar un punto de acceso inalámbrico o "hotspot". Proporciona detalles sobre cada configuración y comandos para verificar las configuraciones.
pstack, truss etc to understand deeper issues in Oracle databaseRiyaj Shamsudeen
The document discusses various process monitoring and debugging tools for Oracle databases like truss, pstack and pfiles. It provides examples of using truss to trace system calls of processes like PMON and DBWR. It demonstrates how truss can be used to see shared memory segment creation during database startup and process attachment. It also summarizes the process creation steps seen during connection creation in Oracle.
This document discusses using Gor, an open source tool, to capture and replay HTTP traffic between environments for testing purposes. It provides an overview of Gor's capabilities for listening on ports to capture production traffic, filtering and modifying requests, and forwarding traffic to staging and dev environments. The document also compares Gor to other capture and replay tools like tcpdump and tcpreplay, noting Gor's advantages in allowing real-time replay with filtering and modification of requests.
Penetration Testing for Easy RM to MP3 Converter Application and Post ExploitJongWon Kim
The document discusses penetration testing of the Easy RM to MP3 Converter application. It begins by setting up the testing environment with Backtrack5, Windows SP2 and SP3 virtual machines, and the vulnerable application. It then analyzes the application dynamically using a debugger to find a buffer overflow vulnerability. The document creates an exploit payload that uses return oriented programming (ROP) to bypass data execution prevention (DEP) and execute shellcode to connect back to the attacker machine for post-exploit access.
This document provides an overview of PostgreSQL topics including:
- Installation and configuration best practices such as using package management and configuring logging
- Routine maintenance activities like vacuuming and backups
- Upgrades and the differences between major, minor, and bugfix versions
- Advanced SQL topics like window functions, common table expressions, and querying slow queries
The document summarizes how SQL Plan Directives in Oracle 12c can help address issues caused by cardinality misestimation in the optimizer. It provides an example where the optimizer underestimates the number of rows returned by a query on a table due to not having statistics on correlated columns. In 12c, a SQL Plan Directive is automatically generated after the first execution to capture this misestimation. On subsequent queries, the directive can be used to provide more accurate cardinality estimates through automatic reoptimization or dynamic sampling.
Linux /proc filesystem for MySQL DBAs - FOSDEM 2021Valeriy Kravchuk
Tools and approaches based on /proc sampling (like 0x.tools by Tanel Poder or ad hoc scripts) allow to measure individual thread level activity in MySQL server on Linux, like thread sleep states, currently executing system calls and kernel wait locations. If needed you can drill down into CPU usage of any thread or the system as a whole. Historical data can be captured for post factum analysis, without much impact on the system and no need to install or change anything in its configuration. In this presentation I am going to summarize what's possible with /proc and show useful examples for MySQL DBAs.
The document provides an overview of new features introduced in ES2015 and beyond that enable a more declarative and composable approach to building user interfaces with React, including arrow functions, classes, modules, destructuring, template strings, block scoping, generators, async/await, and separation of concerns. It emphasizes keeping React components small and state in a single place to manage complexity in large applications.
Oracle Parallel Distribution and 12c Adaptive PlansFranck Pachot
Parallel Distribution and 12c Adaptive Plans
In the previous newsletter we have seen how 12c can defer the choice of the join method to the first execution. We considered only serial execution plans. But besides join method, the cardinality estimation is a key decision for parallel distribution when joining in parallel query. Ever seen a parallel query consuming huge tempfile space because a large table is broadcasted to lot of parallel processes? This is the point addressed by Adaptive Parallel Distribution.
Once again, that new feature is a good occasion to look at the different distribution methods.
1. The document discusses Docker containers, Docker machines, and Docker Compose as tools for building Python development environments and deploying backend services.
2. It provides examples of using Docker to run sample Python/Django applications with MySQL and PostgreSQL databases in containers, and load testing the applications.
3. The examples demonstrate performance testing Python REST APIs with different database backends and caching configurations using Docker containers.
The document discusses administering parallel execution in Oracle databases. It describes how parallel query uses slave processes to perform work across instances, and how the placement of slaves can be controlled using services or parallel instance groups. It provides an example execution plan showing how slaves perform different tasks like scanning and sorting. It also covers best practices, new features in Oracle 11g like parallel statement queueing, and how parallel DML works.
New features in Performance Schema 5.7 in actionSveta Smirnova
The document discusses new features in Performance Schema 5.7, including improved instrumentation for locks, memory usage, stored routines, prepared statements, and variables. It provides examples of using Performance Schema tables like METADATA_LOCKS, TABLE_HANDLES, and prepared_statements_instances to diagnose issues like locks preventing DDL statements from completing and inconsistently timed stored procedure executions. Practices are suggested to identify memory usage and optimize prepared statement performance.
Introducing new SQL syntax and improving performance with preparse Query Rewr...Sveta Smirnova
This document discusses a new preparse query rewrite plugin for MySQL that allows adding new SQL syntax like the FILTER clause from SQL:2003. The plugin works by catching the query before parsing and rewriting parts using regular expressions. It also describes extending the plugin to support custom optimizer hints by modifying and restoring thread-specific variable values.
The document summarizes 11 new features in Oracle Database 11g Release 2. It discusses improvements to parallelism, analytics, external tables, recursive queries, and flashback features. Key points include automated parallel DML, improved analytic functions like LISTAGG, using external tables with preprocessors on directories, recursive queries with common table expressions, and enhanced time travel capabilities.
Dokumen ini merangkum penggunaan model Tweenty-Ten ID untuk merancang kelas menggunakan aplikasi Facebook. Terdapat lima fasa dalam model ini: analisis kebutuhan untuk mengenal pasti siswa, desain spesifikasi untuk memilih metode pengajaran dan media, coding untuk aktivitas kelompok, integrasi tes untuk menilai pemahaman, dan pemeliharaan instalasi untuk memberikan umpan balik. Kelas akan menggunakan video dan gambar untuk topik anatom
This document provides information about a distance evaluation for a Communicative Grammar III course at Universidad Técnica Particular de Loja in Ecuador. It contains instructions for completing the objective and essay portions of the evaluation online between specific dates in November 2013. The objective portion contains 49 multiple choice grammar questions testing content from the first term. Correct answers require reviewing grammar notes and course materials for units 1 through 4.
http://tinyurl.com/inalambicas/
Imagenes del curso para la configuración de inalambricas,el Mikrotik
Tambien puedes visitar a:
http://negociospeter.blogspot.com.ar/
El documento describe varias prácticas de configuración y administración de routers Mikrotik, incluyendo el uso de la herramienta WinBox, configurar PPPoE y DHCP, implementar firewalls y NAT, configurar un servidor DHCP, control de ancho de banda, acceso remoto, backup de configuración y actualización de firmware. Además, proporciona ejemplos detallados de cómo configurar firewalls, NAT y port forwarding para proteger el router y redes.
Este documento explica los pasos para configurar las funciones básicas de un router Mikrotik, incluyendo: 1) nombrar interfaces de red, 2) asignar direcciones IP, 3) configurar DNS, 4) agregar rutas, 5) configurar DHCP, 6) configurar NAT, 7) configurar colas de ancho de banda, y 8) configurar un punto de acceso inalámbrico o "hotspot". Proporciona detalles sobre cada configuración y comandos para verificar las configuraciones.
Este documento describe la configuración de una red virtualizada utilizando Mikrotik RouterOS. Incluye la instalación de RouterOS, la definición de interfaces de red, subredes, servicios DHCP, firewall, proxy web, balanceo de carga, control de ancho de banda y más. El objetivo es implementar una red que emule la estructura de la empresa Royaltech con diferentes segmentos de red para administración, ventas, producción y otros.
Este documento fornece instruções passo a passo para configurar um servidor Mikrotik básico em 3 frases ou menos:
1) Configure os endereços IP, rota de saída e DNS; 2) Crie regras NAT e de firewall para redirecionamento de porta e proxy; 3) Use ferramentas como o terminal e ping para testar a conectividade. O documento então fornece detalhes adicionais sobre várias configurações avançadas no Mikrotik.
Este documento fornece uma introdução sobre como configurar e operar um provedor de acesso à internet sem fio usando o sistema Mikrotik. Ele discute os equipamentos necessários, como cabos, antenas, roteadores e outros itens, e fornece instruções passo a passo sobre como instalar e configurar o software Mikrotik para fornecer serviços wireless como hotspot, balanceamento de carga e firewall.
8 mikrotik - servidor p po-e e cadastro de clientesLF Informática
O documento fornece instruções para configurar um servidor PPoE e cadastrar clientes no servidor. Ele explica como criar um perfil PPP e configurá-lo, criar um servidor PPoE e definir seus parâmetros, e cadastrar contas de clientes individuais no servidor PPoE.
1. The document describes configuration settings for load balancing and proxying external connections using Mikrotik and Ubuntu.
2. It details IP address, interface, firewall, and routing configurations in Mikrotik for load balancing across two modem connections.
3. It also provides Squid proxy configuration settings on the Ubuntu server, including cache partitioning, access rules, and refresh patterns.
The document contains firewall configuration settings that mark packets for various protocols like HTTP, DNS, POP3, SMTP, Winbox and P2P with different packet marks as they pass through the prerouting and postrouting chains. Specific ports are marked for protocols like HTTP (port 80), DNS (ports 53 and 53/UDP), POP3 (port 110), SMTP (port 25) and Winbox (port 8291). All P2P traffic is also marked.
This document provides firewall filter rules for a Mikrotik routerboard to protect against common attacks like SYN flooding, ICMP flooding, port scanning, and spam emails. It sets rules for input, forward, and ICMP chains to accept established and related connections, limit ICMP pings, detect and drop potential port scanners and SYN flooders, and allow access only from trusted addresses and networks.
Setting mikrotik untuk game online campur browsingimanariepin24
1. The document provides Mikrotik router configuration settings to optimize online gaming and browsing performance for a 1Mbps internet connection.
2. It creates queues and firewall rules to prioritize online game traffic over browsing and streaming by marking and routing different connection types.
3. File extensions like videos, movies and downloads are limited to 512Kbps to ensure gaming and browsing are not affected, while unlimited bandwidth is given to game ports.
The document provides instructions for configuring Postfix to integrate with Active Directory for user authentication. It includes configuring Postfix configuration files and LDAP settings to query user information from Active Directory for mail delivery, alias lookups, and more. Commands are provided to install required packages, configure ClamAV for antivirus scanning, and set up virtual users on the mail server using directories mounted from an iSCSI LUN.
This document provides instructions for configuring a Mikrotik router to connect to the internet via PPPoE and allow remote access from outside the local network.
The steps include:
1. Configuring the modem to act as a bridge
2. Adding a PPPoE client on the Mikrotik with the user's internet credentials
3. Setting IP addresses for the Mikrotik interfaces
4. Configuring NAT and firewall rules to allow traffic to pass through the Mikrotik and redirect applicable traffic to a Squid proxy server on the network.
5. Verifying the connection by pinging external sites from the Mikrotik and a client PC.
The configuration allows a Mik
This document discusses automating network configuration and operations using DevOps principles and tools like Puppet. It describes using Zero Touch Provisioning (ZTP) to automatically install and configure Puppet on new network devices. Puppet is then used to configure and manage interfaces, routing protocols, users, and other network settings through an infrastructure-as-code approach.
This document provides an overview of OpenStack Networking (Neutron) and the different networking plugins and configurations available in Neutron. It discusses the Nova network manager, the Neutron OpenvSwitch plugin configured for VLAN and GRE tunneling modes, Neutron security groups, and Neutron's software defined networking capabilities. Diagrams and examples of packet flows are provided to illustrate how networks are logically and physically implemented using the different Neutron plugins.
This document contains firewall configuration settings for routing internet traffic across multiple WAN connections. It defines rules for marking and routing connections to specific destinations (like game servers or IP bonus providers) over WAN1 or WAN2. Settings are provided for routing various online games, applications and speed test servers to the appropriate WAN interface.
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
This document discusses how Coloclue, a non-profit volunteer-driven ISP, automated the detection and mitigation of DDoS attacks through the use of FastNetMon and BIRD. FastNetMon allows for detection of attacks within 3 seconds by monitoring traffic levels. BIRD then injects selective blackhole routes within 1 second to mitigate attacks by dropping traffic for 1 IP or subnet for 60 seconds. This approach solves the DDoS problem within 4 seconds through 100% automated detection and mitigation.
The document contains firewall rules and traffic shaping configurations. It defines three packet classifiers (q.type.upload, q.type.heavy, q.type.all) and three queue simulators (qs.upload, qs.all, qs.heavy) for traffic shaping. The firewall rules mark connections and packets for traffic classification. The queue simulators apply bandwidth limits and prioritization to traffic based on the packet classifiers.
The document contains firewall filter rules that drop traffic on various ports to block known worms and viruses. There are rules defined for the forward and input chains that drop traffic for ports used by Blaster worm, MyDoom, Beagle, Sasser, and other malware based on protocol and port number.
Openstack Networking Internals - Advanced Part
The pictures of the VNI were taken with the "Show my network state" tool
https://sites.google.com/site/showmynetworkstate/
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnTrevor Roberts Jr.
Tuesday, August 13th session of the vBrownBag OpenStack Sack Lunch Series: Couch to OpenStack. With Sean Winn's help, we cover Neutron, the OpenStack Networking Service formerly known as Quantum. Neutron configures network access and services for your OpenStack instances. Credit to Ken Pepple for the OpenStack Project Diagram, and to Dan Wendlandt and the VMware Team for the workflow used in the lab
VyOS now supports VXLAN interfaces which allow multiple L2 segments to be multiplexed over a single physical network. VXLAN uses encapsulation to transport Ethernet frames over IP. The VNI field in VXLAN headers maps frames to different L2 segments. VyOS VXLAN interfaces can be configured and used like physical interfaces for routing, bridging, and protocols like OSPF. However, attributes like the VNI and multicast group cannot be changed after interface creation without deleting and recreating the interface.
The document contains firewall configuration rules that block common ports used by viruses and worms, drop traffic from known attackers and port scanners, and add offending sources to block lists. Rules are defined for the "virus" and "input" chains to block ports used by Blaster, Sasser, MyDoom, and other malware. Additional rules add sources to block lists if they trigger specific conditions like too many login attempts or port scanning patterns, and traffic from lists is subsequently dropped.
1. Provedor de Internet e Serviços - (41) 3673-5879
Balance PCC para 3 links adsl com modem em bridge (2 links de 8mb, 1 link de 2mb).
Seu servidor deverá estar com a versão 3.24 ou superior do Mikrotik RouterOS e no mínimo 4
(quatro) placas de rede.
A versão usada no exemplo abaixo foi a v4.5.
Primeiro de tudo vamos dar nome as interfaces:
ether1 = saida (Interface onde os link`s vão sair já balanceados).
ether2 = wlan1 (Interface onde sera ligado o link1 de 8mb)
ether3 = wlan2 (Interface onde sera ligado o link2 de 8mb)
ether4 = wlan3 (Interface onde sera ligado o link3 de 2mb)
Eu usei os seguintes IP`s:
Interface saida = 172.16.0.1/24
Interface wlan1 = 10.1.1.2/24 (IP no modem = 10.1.1.1)
Interface wlan2 = 10.2.2.2/24 (IP no modem = 10.2.2.1)
Interface wlan3 = 10.3.3.2/24 (IP no modem = 10.3.3.1)
Obs.: Não é necessário definir os IP`s agora, pois o “script” irá definir no momento em que ele for
“rodado”. Caso você for usar outros IP`s, os mesmos devem ser mudados no “script”.
“Script”
Primeira Parte (Define IP`s para as interfaces):
/ip address
add address=172.16.0.1/24 broadcast=172.16.0.255 comment="" disabled=no
interface=saida network=172.16.0.0
add address=10.1.1.2/24 broadcast=10.1.1.255 comment="" disabled=no
interface=wlan1 network=10.1.1.0
add address=10.2.2.2/24 broadcast=10.2.2.255 comment="" disabled=no
interface=wlan2 network=10.2.2.0
2. add address=10.3.3.2/24 broadcast=10.3.3.255 comment="" disabled=no
interface=wlan3 network=10.3.3.0
Obs.: O que esta destacado deverá ser mudado, caso os IP`s que serão usados forem diferentes dos
que eu usei. Caso você tenha definido os IP`s para as interfaces “manualmente” pelo WinBOX
“pule” essa parte e vá diretamente para a Segunda Parte.
Confirme pelo WinBox em IP => Address se tudo foi setado corretamente.
Segunda Parte (Define servidores DNS):
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=10240KiB
max-udp-packet-size=512 primary-dns=8.8.8.8 secondary-dns=
8.8.4.4
Obs.: Mude os DNS em destaque conforme os DNS da sua preferência.
Terceira Parte (Criar os pppoe clientes para “discar” para os modem`s):
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=
"===== Disca Link01 =====" dial-on-demand=no disabled=no interface=wlan1
max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-wlan1 password=xxxx
profile=default service-name="" use-peer-dns=no user=
usuario@provedor.com.br
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=
"===== Disca Link02 =====" dial-on-demand=no disabled=no interface=wlan2
max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-wlan2 password=xxxx
profile=default service-name="" use-peer-dns=no user=
usuario@provedor.com.br
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=
"===== Disca Link03 =====" dial-on-demand=no disabled=no interface=wlan3
max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-wlan3 password=xxxx
profile=default service-name="" use-peer-dns=no user=
usuario@provedor.com.br
Obs.: Mude xxxx para sua senha de autenticação junto ao seu provedor de acesso e
usuario@provedor.com.br para seu login de autenticação junto ao seu provedor de acesso.
Quarta Parte (Regras Gerais para que o Balance funcione corretamente):
/ip firewall nat
add action=masquerade chain=srcnat comment=
"===== Masquerade Interfaces =====" disabled=no out-interface=pppoe-wlan1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=
pppoe-wlan2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=
pppoe-wlan3