Cal, > > > I'm referring to the method of accessing closed external ports using a > > > predefined sequence of connection attempts across one or more ports. As > > > described in the Jun 2003 SysAdmin article, "The log is monitored for > > > specific port sequences that encode information used to modify firewall > > > rules, which are changed to open or close ports for a specific IP > > > address." I'm certain this will be possible using LEAF. > > > > > This should be possible but I never have seen specific programms for > > this purpose. Maybe snort (snort.lrp) or portsentry (psentry.lrp) > > will do this job. > > I've written Perl scripts to monitor logs in the past. Should just be a > matter of triggering the "rule-mod" event on log content, then getting > the daemon to re-read the rules. > We don't have perl packages for Bering-uClibc.... > > > > > Fastest available link should be chosen when redundant paths exist. > > > > > > > > > not currently implemented (multipath) but on the todo list for the > > > > zebra (quagga) packages. > > > > > > It was my understanding that BGP would take care of this. Maybe I didn't > > > accurately describe my parameters. When I said "fastest link" I meant > > > the one with the most available bandwidth at a given point in time. > > > Linux magazine recently had a pretty good article about dynamic routing > > > protocols.In the Mar 2004 issue it clearly describes load balancing > > > capabilities of BGP-4. > > > > > > If my understanding of BGP is correct, what is it that you are saying is > > > not currently implemented? > > > > > The following compile setting is left to default (1), but will be set > > to 0 with the next release. > > > > --enable-multipath=ARG > > Enable support for Equal Cost Multipath. ARG is the maximum number of > > ECMP paths to allow, set to 0 to allow unlimited number of paths. > > > > But that has indeed nothing todo with selecting the fastest link, if > > the cost are different the fastest link will be choosen by the > > routing daemon. > > So, to get this functionality now, I'd need to set this flag > appropriately and recompile. In my example topology, 3 of the routers > have 2 paths to each of the other two. I don't think I currently have > more than 2 links to the same destination. However, depending upon the > reliability of these, we may add an on-demand dial-up link for > emergencies. We also may have access to building-to-building fiber links > sometime in the future as well. Any idea when the next release will be > out? > You only need to set this flag if you want load-balancing for those lines. For fallback this isn't necessary, the on-demand link will have a higher cost set and will only be enabled when the primary link fails. BGP or OSPF can handle this without problems. You may also take a look at the ipvsadm.lrp package, it will give you HSRP (Hot Standby Router) like operation (http://www.linuxvirtualserver.org)
Our routing source is based on Quagga (Zebra) software, we will create and test new packages when the next version of that software is available. But I have no idea when the next version of Quagga will be released exactly... > So, as long as I have multi-paths set to greater than 1, the routing > daemons should be able to accomplish load balancing of the links. > Yes, but if you set it to "0" you have support for unlimited number of paths. Eric ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
