On Mon, 2004-03-22 at 14:33, Eric Spakman wrote: > Cal, > > > > > I'm referring to the method of accessing closed external ports using a > > > > predefined sequence of connection attempts across one or more ports. As > > > > described in the Jun 2003 SysAdmin article, "The log is monitored for > > > > specific port sequences that encode information used to modify firewall > > > > rules, which are changed to open or close ports for a specific IP > > > > address." I'm certain this will be possible using LEAF. > > > > > > > This should be possible but I never have seen specific programms for > > > this purpose. Maybe snort (snort.lrp) or portsentry (psentry.lrp) > > > will do this job. > > > > I've written Perl scripts to monitor logs in the past. Should just be a > > matter of triggering the "rule-mod" event on log content, then getting > > the daemon to re-read the rules. > > > We don't have perl packages for Bering-uClibc....
Well, that could be a problem then. I'm sure it's still do-able, but it might be a little more difficult to implement. I know we're trying to keep the footprint as small as possible so it makes sense that the rather large Perl distro isn't there. Maybe there's a "mini-perl" somewhere. Or, a working Perl script could be converted to C and compiled to run by itself. > > > > > > Fastest available link should be chosen when redundant paths exist. > > > > > > > > > > > not currently implemented (multipath) but on the todo list for the > > > > > zebra (quagga) packages. > > > > > > > > It was my understanding that BGP would take care of this. Maybe I didn't > > > > accurately describe my parameters. When I said "fastest link" I meant > > > > the one with the most available bandwidth at a given point in time. > > > > Linux magazine recently had a pretty good article about dynamic routing > > > > protocols.In the Mar 2004 issue it clearly describes load balancing > > > > capabilities of BGP-4. > > > > > > > > If my understanding of BGP is correct, what is it that you are saying is > > > > not currently implemented? > > > > > > > The following compile setting is left to default (1), but will be set > > > to 0 with the next release. > > > > > > --enable-multipath=ARG > > > Enable support for Equal Cost Multipath. ARG is the maximum number of > > > ECMP paths to allow, set to 0 to allow unlimited number of paths. > > > > > > But that has indeed nothing todo with selecting the fastest link, if > > > the cost are different the fastest link will be choosen by the > > > routing daemon. > > > > So, to get this functionality now, I'd need to set this flag > > appropriately and recompile. In my example topology, 3 of the routers > > have 2 paths to each of the other two. I don't think I currently have > > more than 2 links to the same destination. However, depending upon the > > reliability of these, we may add an on-demand dial-up link for > > emergencies. We also may have access to building-to-building fiber links > > sometime in the future as well. Any idea when the next release will be > > out? > > > You only need to set this flag if you want load-balancing for those > lines. For fallback this isn't necessary, the on-demand link will > have a higher cost set and will only be enabled when the primary link > fails. BGP or OSPF can handle this without problems. > You may also take a look at the ipvsadm.lrp package, it will give you > HSRP (Hot Standby Router) like operation > (http://www.linuxvirtualserver.org) At peak loads even the 100 Mbps wireless gets saturated for short periods. With overhead it's really only about 30-40 Mbps. Load balancing with the slower DSL links would still offer some benefit I think. I definitely don't see any benefit to balancing with a dial-up link, though. Are the links that get balanced selectable? If I enable unlimited multipaths, will it try balance all links between identical networks? I was going to model the entire project on VMware, but I found that VMware limits number of NICs to 3, too few for most of my routers. I suppose I can still model some of this functionality though, to get the feel of the software. It will also help answer some of the "dumb" questions without cluttering the mailing list. Thank you for the follow-up. --Cal Webster ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
