2007 Sep 15 - Sat
NistNet and Netem: WAN Empairment Emulators
A client was putting together and testing an equipment package that was to be
installed in their Disaster Recovery site. After getting everything up and running and
tested, they wanted to test the replication performance in a 'real' WAN environment. One
way to do this is to use a real WAN. The other way is to simulate a WAN. Consdering their
DR site is several thousand miles away, simulating the WAN would be logistically better.
To emulate a WAN, one needs to be able to control:
- variable delay
- delay distribution
- packet loss
- packet re-ordering
- rate control
In researching possible tools for emulating an WAN environment, I came across two open
source tools WAN emulation tools. The first one I saw was
NIST Net. Although it hasn't
received too many recent updates, it does still have an active forum. And it appears to be
quite sophisticated. It does require an x-windows for a library during compile time. With
X11 Forewarding, you don't need to burden the WAN emulating computer with a GUI, can
use another computer as a terminal. You can reference one of my
Cygwin pages on how to
remote X11 applications.
It is said that NIST Net is a bit better than NetEm as NIST Net has tighter controls on
its delay mechanisms.
I came across the second wAN Emulator purely by chance. In reading through some of the
NIST Net forum articles, one of the mentioned that the Linux Kernel already has one built
in: NetEm. One may
need to enable it and rebuld the kernel. It doesn't have a user interface, but instead
relies on command line utilities. Someone did do up a GUI for NetEm, but has removed it for
one reason or another.
A newsgroup article has a reference to where it can be obtained. Someone
else mentioned that MasterShaper could be used as an interface to the capabilities of NetEm.
Page 15 of a slide presentation
shows command line examples for running NIST Net as well as NetEm. Another
document
offers up an example of using NetEm.
I was able to get NIST Net built on a Debian box. But the DR equipment had to be shipped
out before I could actually give it a try. Oh well, I'll find another project to try it out
on. Here are some build instructions for a recent Debian Kernel. There are some variations
regarding availability of config.h depending upon the 2.6 kernel version you have available.
When obtaining the NistNet code in one of the commands below, some of the instructions
assume you've expanded the library in /usr/src. As such, when the library is expanded,
you'll need to change four lines in /usr/src/nistnet-3.0a/kernel/knistnet.c from
return ippt->func(skb, dev, ippt);
to:
return ippt->func(skb, dev, ippt, NULL);
You may need to comment out the following line in
/usr/src/nistnet-3.0a/kernel/nistnet_table.c:
/* typedef enum {false = FALSE, true = TRUE} boolean; */
You may need to add a dummy config.h in
/usr/src/linux-headers-2.6.21-2-686/include/linux/ with:
#ifndef _LINUX_CONFIG_H
#define _LINUX_CONFIG_H
#include
#endif
You should also confirm that this file exists (depending upon your kernel version):
/usr/src/linux-headers-2.6.21-2-686/include/linux/autoconf.h
Here are remaining installation instructions:
apt-get install vlan
apt-get install linux-headers-2.6.21-2-686
apt-get install x-window-system-core
apt-get install libxaw-headers libxmu-headers
apt-get install libxp-dev
apt-get install xaw3dg-dev
# might need:
ln -s /usr/lib/libXaw7.so.7 /usr/lib/libXaw.so
wget http://www-x.antd.nist.gov/nistnet/dist/nistnet.2.0.12c.tar.gz
tar -zxvf nistnet.2.0.12c.tar.gz
./configure
make
make install
depmod
modprobe nistnet
lsmod | grep nistnet
cnistnet -G
2006 Nov 05 - Sun
Master Shaper Installation
Introduction
Mastershaper is a composite tool designed to filter and control ip traffic of all
types. It is composed of five primary tools: a specially compiled 2.6
kernel, l7-filter, iptables, ipp2p, and mastershaper. This document walks through the
integration and configuration of each of these tools.
The installation is based upon
the Debian Etch 2 installation with Apache 2.
Kernel Preparation
Make sure you've got the latest and most appropriate kernel for your machine, by
using the appropriate base build documentation.
Install tools:
apt-get install yaird
apt-get install kernel-package libncurses5-dev fakeroot wget bzip2
cd /usr/src
tar -xjf linux-source-2.6.15.tar.bz2
cd linux-source-2.6.15
make menuconfig
general: append version info
In the menu, load the alternate configuration file from /boot/config-2.6.15-1-686, or which ever is
appropriate for the kernel you have loaded. Make any appropriate adjustments to the
configuration. Exit the menu. By leaving all defaults as they were, you can
rebuld the kernel in its default configuration. We'll then make further
modifications.
make-kpkg clean fakeroot make-kpkg --initrd --revision=mastershaper.1.0 kernel_image
cd ..
dpkg -i linux-image-2.6.15_mastershaper.1.0_i386.deb
reboot
When the image comes back up (you may need to manully select the
new image, as well as update /boot/grup.menu.lst), run 'uname -a' to check the build date to
confirm it is your new basic rebuild. Obtain and install the l7-filter and
related patches:
cd /usr/src
wget http://internap.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.2.tar.gz
tar -zxvf netfilter-layer7-v2.2.tar.gz
cd linux-source-2.6.15
patch -p1 < ../netfilter-layer7-v2.2/kernel-2.6.13-2.6.16-layer7-2.2.patch
After patching the kernel, install the patterns:
cd /usr/src
wget http://internap.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2006-06-03.tar.gz
tar -zxvf l7-protocols-2006-06-03.tar.gz
cd l7-protocols-2006-06-03
make install
Some changes are required to iptables before compiling the kernel.
apt-get remove iptables
cd /usr/src
ncftp ftp://ftp.netfilter.org/
cd pub/iptables
bin
get iptables-1.3.5.tar.bz2
exit
bzip2 -d iptables-1.3.5.tar.bz2
tar -xvf iptables-1.3.5.tar
cd iptables-1.3.5
patch -p1 < ../netfilter-layer7-v2.2/iptables-layer7-2.2.patch
chmod +x extensions/.layer7-test
cd /usr/src
ncftp ftp://ftp.netfilter.org/
cd pub/patch-o-matic-ng/snapshot
bin
get patch-o-matic-ng-20060626.tar.bz2
exit
tar -xjvf patch-o-matic-ng-20040621.tar.bz2
cd patch-o-matic-ng-20060626
export KERNEL_DIR=/usr/src/linux-source-2.6.15
export IPTABLES_DIR=/usr/src/iptables-1.3.5
./runme extra
** add the 'time', 'ipp2p', 'route' modules
cd ../iptables-1.3.5
make KERNEL_DIR=/usr/src/linux-source-2.6.15
make install KERNEL_DIR=/usr/src/linux-source-2.6.15
Build the kernel again:
fakeroot make-kpkg --initrd --revision=mastershaper.1.1 kernel_image
Install MasterShaper
MasterShaper is the web site front end for controlling and monitoring the kernel
tools just installed.
apt-get install mysql-server
Create the database and assign privileges:
mysql
create database shaper;
grant all privileges on shaper.* to 'shaper'@'localhost' identified by 'shaper' with grant option;
exit
Download and install MasterShaper:
cd /usr/src
wget http://www.mastershaper.org/mastershaper_0.44.tar.bz2
tar -xjvf mastershaper_0.44.tar.bz2
cd MasterShaper-0.44
mkdir /var/www/shaper
cp -R htdocs/* /var/www/shaper/
chown -R www-data.www-data /var/www/shaper
cd /usr/src
Install some libraries:
apt-get install iproute
apt-get install libphp-jpgraph
apt-get install php-pear
apt-get install sudo
apt-get install php-db
apt-get install php4-mysql
apt-get install libphp-phplayersmenu
pear install DB Net_IPv4
cd /var/www/shaper
ln -s /usr/share/php/libphp-phplayersmenu phplayersmenu
ln -s /usr/share/jpgraph jpgraph
Usage Notes
To get help on the IPP2P IPTables plugin:
iptables -m ipp2p --help
To run the GUI:
http://localhost/shaper
On the first configuration screen, iptables should be set to
'/usr/local/sbin/iptables'.
MasterShaper documentation can be found
at:
http://www.mastershaper.org/index.php/Main_Page
|
