Loading...
 
[Zobrazit/Skrýt nabídky vlevo]
[Zobrazit/Skrýt nabídky vpravo]

Turborouter

Jak na Turborouter:

1U x86 SuperMicro? pocitac s Ubuntu 16.04. LTS, 6wind TurboRouter Appliance a BIRD

6wind TR nahrazuje v Linuxovem jadre casti starajici se o sitovy provoz pomoci DPDK Fast-Path? baliku. Stroj se chova a ovlada jako standartni Linux (ifconfig, ip, iptables, ... )

Cacti conntrack statistics: http://10.111.11.252/graph_view.php?action=preview&host_id=108&rows=-1&graph_template_id=0&filter=
Zabbix: http://zabbix.uvtnet.cz/zabbix/host_screen.php?hostid=12997

Fyzicka rozhrani:


ens1f0 - 10GE intel - h2s XGE0/0/20 //neni momentalne konfigurovano v DPDK
ens1f1 - 10GE intel - h2s XGE0/0/21 //neni momentalne konfigurovano v DPDK

ens2 - 40GE mellanox port 1 - h2s 40GE0/0/1
ens2d1 - 40GE mellanox port 2 - N.C. //neni momentalne konfigurovano v DPDK

IP kam se muzeme prihlasit pres SSH je 172.20.1.1 nebo 178.17.0.111 port tcp/22

Stroj ma 10 logickych jader, prvnich 6 je urceno na mgmt a zbytek (4) pro fast-path, FP jadra jsou vytizena neustale na 100% 

root@TurboRouter1:/home/jnikles# top
top - 12:58:03 up 14 days,  3:25,  1 user,  load average: 4.85, 4.84, 4.85
Tasks: 223 total,   3 running, 220 sleeping,   0 stopped,   0 zombie
%Cpu0  :  1.3 us,  2.3 sy,  0.0 ni, 88.3 id,  0.0 wa,  0.0 hi,  8.0 si,  0.0 st
%Cpu1  :  1.0 us,  2.0 sy,  0.0 ni, 91.2 id,  0.0 wa,  0.0 hi,  5.8 si,  0.0 st
%Cpu2  :  1.7 us,  1.3 sy,  0.0 ni, 87.0 id,  0.0 wa,  0.0 hi, 10.0 si,  0.0 st
%Cpu3  :  0.3 us,  2.3 sy,  0.0 ni, 91.0 id,  0.0 wa,  0.0 hi,  6.4 si,  0.0 st
%Cpu4  :  1.0 us,  2.7 sy,  0.0 ni, 87.0 id,  0.0 wa,  0.0 hi,  9.3 si,  0.0 st
%Cpu5  :  1.4 us,  2.7 sy,  0.0 ni, 90.1 id,  0.0 wa,  0.0 hi,  5.8 si,  0.0 st
%Cpu6  : 98.7 us,  1.3 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu7  : 99.3 us,  0.7 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu8  : 99.3 us,  0.7 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu9  : 98.7 us,  1.3 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 32831524 total, 27674228 free,   995972 used,  4161324 buff/cache
KiB Swap: 33439260 total, 33439260 free,        0 used. 28112984 avail Mem


Zatizeni stroje jak ho vidi TR lze zjistit takto: 

root@TurboRouter1:/home/jnikles# fp-cpu-usage
Fast path CPU usage:
cpu: %busy     cycles   cycles/packet   cycles/ic pkt
  6:   17%   81753196            2691               0
  7:   16%   77623552            2631               0
  8:   19%   91874312            2555               0
  9:   16%   80707720            2585               0
average cycles/packets received from NIC: 2612 (331643004/126921)


Pomoci prikazu zjistime jak si stoji jednotlive porty, pokud na konci vypisu nejsou vypsane parametry, neni port v fast-path 

root@TurboRouter1:~# ethtool -S ens1f0
     ....
     fpn.tx_drain_err: 0
     fpn.tx_offload_err: 0
     fpn.tx_shrink_err: 0
     fpn.tx_soft_gso: 0
     fpn.tx_hard_gso: 0
     fpn.rx_cp_passthrough: 0
     fpn.rx_cp_kept: 0
     fpn.rx_dp_drop: 0
     fpn.rx_cp_overrun: 0
     fpn.tx_cp_passthrough: 0
     fpn.tx_cp_kept: 0
     fpn.tx_dp_drop: 0
     fpn.tx_cp_overrun: 0
     fpn.tx_used_squeue: 0
     gro.in: 0
     gro.out: 0
     gro.done: 0
     gro.per_reass: 0
     gro.ctx_timeout: 0
     gro.ctx_flush: 0
     gro.ctx_curr: 0



Dulezite konfigurace:

  1. rohrani: /etc/network/interfaces
  2. routing: /etc/bird/bird.conf
  3. vrrp: /etc/keepalived/keepalived.conf
  4. velikost conntrack-table a timeouty: /etc/sysctl.conf
  5. firewall a NAT (cela slozka): /etc/firewall
  6. moduly: /etc/modules
  7. fast-path: /etc/fast-path.env
  8. uprava udp/53 timeoutu /etc/rc.local





DULEZITE OPERACE:

NIKDY nepouzivat pro zmenu nastaveni rozhrani prikazy: (zpusobi vypadek celeho routeru)

root@TurboRouter1:~# service networking restart
root@TurboRouter1:~# /etc/init.d/networking restart


pokud chceme rohrani pridat, pripiseme konfiguraci do /etc/network/interfaces
a provedeme prikaz 

root@TurboRouter1:~#ifup ens2.1234


pokud chceme rozhrani odebrat udelame to stejne ale kroky prohodime, napred shodime iface 

root@TurboRouter1:~#ifdown ens2.1234


a pak teprve smazeme souvisejici konfiguraci ze souboru!!!

Pokud nedodrzime vyse popsane postupy, lze si pomoci parametrem --force napr: 

root@TurboRouter1:~#ifdown --force ens2.1234



Firewall:

ovlada se pomoci prikazu service firewall start|stop|restart

kdy:
start - slouci vsechny jednotlice soubory z adresare /etc/firewall a udela iptables-restore
stop- nastavi politiku filtru (chainy INPUT OUTPUT FORWARD) na ACCEPT vysype pravidla - tabuli NAT necha byt
restart - provede stop a start



VRRP:

viz konfigurak v seznamu konfiguraku

nahrani nove konfigurace service keepalived reload

NIKDY tento prikaz, provede restart cele sluzby a VIP se na chvili ztrati


service keepalived restart

Created by nikles. Last Modification: Úterý 15 of květen, 2018 14:25:54 CEST by nikles.
HistoriePrezentaceKomentáře