[root@testserver13 ~]# yum install -y iperf.x86_64
[root@testserver11 ~]# iperf -s ------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 192.168.122.111 port 5001 connected with 192.168.122.113 port 60782 [ ID] Interval Transfer Bandwidth [ 4] 0.0-10.0 sec 1.10 GBytes 941 Mbits/sec
[root@testserver13 ~]# iperf -c testserver11 ------------------------------------------------------------ Client connecting to testserver11, TCP port 5001 TCP window size: 85.0 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.122.113 port 60782 connected with 192.168.122.111 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 1.10 GBytes 943 Mbits/sec
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
ProxyRequests Off ProxyPass /em https://192.168.122.1:1158/em ProxyPassReverse /em https://192.168.122.1:1158/em # Location-HeaderのURLを/emに置き換える SSLProxyEngine on
[root@testserver18 conf.d]# /etc/init.d/httpd reload
ハードウェア割り込み | ソフト割り込み |
イーサネットドライバ処理 | TCP/IPプロトコル処理 |
SCSIホストバスアダプタドライバ処理 | SCSIプロトコル処理 |
シリアルドライバ処理 | 端末制御処理 |
CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7 ~ ~ 59: 2737128 4382397 4775326 4548323 4032798 4624852 4634322 4599073 IR-PCI-MSI-edge eth0-TxRx-0 60: 4564033 6066598 5637284 6038553 5172689 4824758 4282604 5288231 IR-PCI-MSI-edge eth0-TxRx-1 61: 4013084 6714666 5265310 4299817 4408492 4458822 4236096 4587897 IR-PCI-MSI-edge eth0-TxRx-2
$ cat /proc/interrupts CPU0 CPU1 CPU2 CPU3 34: 12093133 0 0 0 IR-PCI-MSI-edge eth1-rx-0 35: 12032740 0 0 0 IR-PCI-MSI-edge eth1-tx-0 36: 2 0 0 0 IR-PCI-MSI-edge eth1
CPU %usr %nice %sys %iowait %irq %soft %steal %guest %idle all 11.79 0.00 20.86 0.05 0.00 15.72 0.00 0.00 51.59 0 16.60 0.00 24.60 0.00 0.00 52.80 0.00 0.00 6.00 1 4.32 0.00 9.67 0.00 0.00 1.44 0.00 0.00 84.57 2 22.58 0.00 42.34 0.00 0.00 6.65 0.00 0.00 28.43 3 3.37 0.00 6.94 0.20 0.00 1.98 0.00 0.00 87.50
# echo "f" > /sys/class/net/eth0/queues/rx-0/rps_cpus # echo 4096 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt # echo 32768 > /proc/sys/net/core/rps_sock_flow_entries /sys/class/net/eth0/queues/rx-0/rps_cpus は使用するCPUを指定します。 各コアを使用するかのフラグと2進数で各ビットを立て、16進数に変換します。 1,2コアを使用する場合は 2進数で 11 → 16進数に変換して3を設定。 1,2,3,4コアを使用する場合は 2進数で 1111 → 16進数に変換してfを設定。
[root@testserver12 ~]# ethtool -k eth0 Offload parameters for eth0: rx-checksumming: on tx-checksumming: on scatter-gather: on tcp-segmentation-offload: on udp-fragmentation-offload: off generic-segmentation-offload: on generic-receive-offload: on large-receive-offload: off
[root@testserver11 ~]# ethtool -K eth2 tso on
tcpdump src port 22
tcpdump dst port 80
tcpdump host <HostName>
tcpdump -v host <HostName>
tcpdump src host <HostName>
tcpdump dst host <HostName>
tcpdump -X host <HostName>
[root@myserver xinetd.d]# nmap k1 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-10-03 08:27 JST mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers Interesting ports on k1 (192.168.122.11): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 1158/tcp open lsnr 1521/tcp open oracle 5520/tcp open sdlog 8888/tcp open sun-answerbook Nmap finished: 1 IP address (1 host up) scanned in 0.166 seconds
[root@myserver ~]# lsof -i :1198 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME java 15479 shishimaru 135u IPv6 67880001 TCP *:cajo-discovery (LISTEN)
no_proxy=localhost,.example.com
# You can set the default proxies for Wget to use for http and ftp. # They will override the value in the environment. #http_proxy = http://proxy.yoyodyne.com:18023/ #ftp_proxy = http://proxy.yoyodyne.com:18023/ #http_proxy = 192.168.0.1:8080 #ftp_proxy = 192.168.0.1:8080
[root@myserver ~]# tracert testserver11 traceroute to testserver11 (192.168.122.111), 30 hops max, 40 byte packets 1 gwserver (192.168.0.1) 0.444 ms 0.435 ms 0.434 ms 2 testserver18x (10.99.99.204) 0.676 ms 0.676 ms 0.675 ms 3 testserver11 (192.168.122.111) 0.919 ms 0.920 ms 0.918 ms
shishimaru@myserver% traceroute testserver11 traceroute to testserver11 (192.168.122.111), 30 hops max, 40 byte packets 1 gwserverx (192.168.0.1) 0.490 ms 0.475 ms 0.466 ms 2 testserver18x (10.99.99.204) 0.703 ms 0.684 ms 0.677 ms 3 testserver11 (192.168.122.111) 0.927 ms 0.883 ms 0.874 ms
[root@testserver10 ~]# traceroute -I 192.168.0.12 traceroute to 192.168.0.12 (192.168.0.12), 30 hops max, 60 byte packets 1 testserver18 (192.168.122.118) 0.135 ms 0.161 ms 0.163 ms 2 gwserver (10.99.99.228) 0.390 ms 0.396 ms 0.396 ms 3 192.168.0.12 (192.168.0.12) 0.616 ms 0.625 ms 0.624 ms
ssh -o ProxyCommand='nc -X connect -x <ProxyServer>:<Proxy Port> %h %p' <ユーザー>@<接続先IP>
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 22
UseDNS no
GSSAPIAuthentication no
AddressFamily inet
get_socket_address: getnameinfo 8 failed: Name or service not known userauth_hostbased: cannot get local ipaddr/name root@myserver's password:
HostbasedAuthentication yes
testserver testuser testserver18
chmod 600 .shosts
ssh testserver18 # from サーバ
EnableSSHKeysign yes HostbasedAuthentication yes
/.ssh/configを使用したフォワード
# ssh -L <localポート>:<転送先サーバ>:<転送先ポート> [<転送先ユーザ>@]<転送先サーバ>
ssh -L 8080:remoteserver:80 remoteserver
# ssh -R <リモートポート>:<転送先サーバ>:<転送先ローカルポート> [<転送先ユーザ>@]<転送先サーバ>
ssh -R 8080:localhost:80 remoteserver
scp -oStrictHostKeyChecking=no file ip:/tmp
ipcalc 192.168.122.126 -n 255.255.255.192 NETWORK=192.168.122.64
DEVICE=eth0 HWADDR=8C:89:A5:2C:00:16 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.122.11 NETMASK=255.255.255.0
ifdown eth0 ifup eth0
[root@k1 network-scripts]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.122.64 0.0.0.0 255.255.255.192 U 0 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.122.118 0.0.0.0 UG 0 0 0 eth0
route add -net 192.168.122.64 netmask 255.255.255.192 eth0
route delete -net 192.168.122.64 netmask 255.255.255.192 eth1
route add -net 0.0.0.0 gw 192.168.122.118 netmask 0.0.0.0 eth0
vi /etc/sysconfig/network-scripts/route-eth0 # 対象のeth番号にして作成
192.168.10.0/24 dev eth0
192.168.10.0/24 via 192.168.122.118
service network restart
224.0.0.1 dev eth1 192.168.10.0/24 dev eth1
[root@testserver18 network-scripts]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 224.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.21.0 10.99.99.89 255.255.255.0 UG 0 0 0 eth0 192.168.0.0 10.99.99.228 255.255.255.0 UG 0 0 0 eth0 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.84.72.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 224.0.0.0 0.0.0.0 240.0.0.0 U 0 0 0 eth0 0.0.0.0 10.99.99.254 0.0.0.0 UG 0 0 0 eth0
[root@testserver11 ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3 0.0.0.0 192.168.122.118 0.0.0.0 UG 0 0 0 eth0
[root@testserver11 network-scripts]# vi /etc/sysconfig/network-scripts/route-eth3 192.168.122.0/24 dev eth3 [root@testserver11 network-scripts]# ifup eth3 エラーメッセージ(FILE EXISTS的な感じ)
#!/bin/sh dev=$1 if [ "$dev" = eth3 ]; then /sbin/route add -net 192.168.122.0/24 dev eth3; fi
[root@testserver11 ~]# route add default gw 192.168.122.118 eth0
[root@testserver11 ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 [root@testserver11 ~]# route add default gw 192.168.122.118 eth0 SIOCADDRT: No such process
[root@testserver11 ~]# route add -net 192.168.122.0 netmask 255.255.255.0 eth0 [root@testserver11 ~]# route add default gw 192.168.122.118 eth0 [root@testserver11 ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 0.0.0.0 192.168.122.118 0.0.0.0 UG 0 0 0 eth0 [root@testserver11 ~]# route delete -net 192.168.122.0 netmask 255.255.255.0 eth0 [root@testserver11 ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 0.0.0.0 192.168.122.118 0.0.0.0 UG 0 0 0 eth0
NETWORKING=yes GATEWAY=192.168.122.118 HOSTNAME=testserver14
iptables -L
iptables -L -t filter
iptables -L -t nat
iptables -I INPUT -s 192.168.122.15 -j DROP
iptables -D INPUT 1
[root@vm65a ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[ptestuser@testserver18:1]$ ifconfig eth0 Link encap:Ethernet HWaddr 40:61:86:D2:94:1C inet addr:10.99.99.204 Bcast:10.99.99.255 Mask:255.255.252.0 inet6 addr: fe80::4261:86ff:fed2:941c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:327200747 errors:0 dropped:0 overruns:0 frame:0 TX packets:303089401 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:199800634095 (186.0 GiB) TX bytes:158600448691 (147.7 GiB) Memory:df940000-df960000
[root@k2 ~]# arp -a k1 (192.168.122.11) at 8C:89:A5:2C:00:16 [ether] on eth0 dbserver (192.168.122.1) at 40:61:86:D1:6F:28 [ether] on eth0 testserver18 (192.168.122.118) at 40:61:86:D2:94:1D [ether] on eth0 k1-vip (192.168.122.13) at 8C:89:A5:2C:00:16 [ether] on eth0 ? (169.254.61.71) at 8C:89:A5:2C:00:17 [ether] on eth1 k1-priv (192.168.0.10) at 8C:89:A5:2C:00:17 [ether] on eth1
# set because eth1 has same IP address with silver servers net.ipv4.conf.eth0.arp_ignore = 2 # default=0 net.ipv4.conf.eth1.arp_ignore = 2
sar -n DEV 1 1000 03:09:35 PM IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s 03:09:36 PM lo 0.99 0.99 170.30 170.30 0.00 0.00 0.00 03:09:36 PM eth0 6.93 1.98 556.44 669.31 0.00 0.00 132.67 03:09:36 PM eth1 21.78 13.86 16006.93 5725.74 0.00 0.00 0.00 03:09:36 PM sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00