One Unified Global Perspective
Communications with a Global Perspective
Contact Us
Voice over IP
PBX Solutions
Open Source


2007 Sep 15 - Sat

NistNet and Netem: WAN Empairment Emulators

A client was putting together and testing an equipment package that was to be installed in their Disaster Recovery site. After getting everything up and running and tested, they wanted to test the replication performance in a 'real' WAN environment. One way to do this is to use a real WAN. The other way is to simulate a WAN. Consdering their DR site is several thousand miles away, simulating the WAN would be logistically better.

To emulate a WAN, one needs to be able to control:

  • variable delay
  • delay distribution
  • packet loss
  • packet re-ordering
  • rate control

In researching possible tools for emulating an WAN environment, I came across two open source tools WAN emulation tools. The first one I saw was NIST Net. Although it hasn't received too many recent updates, it does still have an active forum. And it appears to be quite sophisticated. It does require an x-windows for a library during compile time. With X11 Forewarding, you don't need to burden the WAN emulating computer with a GUI, can use another computer as a terminal. You can reference one of my Cygwin pages on how to remote X11 applications.

It is said that NIST Net is a bit better than NetEm as NIST Net has tighter controls on its delay mechanisms.

I came across the second wAN Emulator purely by chance. In reading through some of the NIST Net forum articles, one of the mentioned that the Linux Kernel already has one built in: NetEm. One may need to enable it and rebuld the kernel. It doesn't have a user interface, but instead relies on command line utilities. Someone did do up a GUI for NetEm, but has removed it for one reason or another. A newsgroup article has a reference to where it can be obtained. Someone else mentioned that MasterShaper could be used as an interface to the capabilities of NetEm.

Page 15 of a slide presentation shows command line examples for running NIST Net as well as NetEm. Another document offers up an example of using NetEm.

I was able to get NIST Net built on a Debian box. But the DR equipment had to be shipped out before I could actually give it a try. Oh well, I'll find another project to try it out on. Here are some build instructions for a recent Debian Kernel. There are some variations regarding availability of config.h depending upon the 2.6 kernel version you have available.

When obtaining the NistNet code in one of the commands below, some of the instructions assume you've expanded the library in /usr/src. As such, when the library is expanded, you'll need to change four lines in /usr/src/nistnet-3.0a/kernel/knistnet.c from

return ippt->func(skb, dev, ippt);


return ippt->func(skb, dev, ippt, NULL);

You may need to comment out the following line in /usr/src/nistnet-3.0a/kernel/nistnet_table.c:

/* typedef enum {false = FALSE, true = TRUE} boolean; */

You may need to add a dummy config.h in /usr/src/linux-headers-2.6.21-2-686/include/linux/ with:




You should also confirm that this file exists (depending upon your kernel version): /usr/src/linux-headers-2.6.21-2-686/include/linux/autoconf.h

Here are remaining installation instructions:

apt-get install vlan
apt-get install linux-headers-2.6.21-2-686
apt-get install x-window-system-core

apt-get install libxaw-headers libxmu-headers
apt-get install libxp-dev                        
apt-get install xaw3dg-dev

# might need:
ln -s /usr/lib/ /usr/lib/

tar -zxvf nistnet.2.0.12c.tar.gz

make install

modprobe nistnet
lsmod | grep nistnet
cnistnet -G

[/OpenSource/Debian/MasterShaper] permanent link

2006 Nov 06 - Mon

Master Shaper Installation Introduction

Mastershaper is a composite tool designed to filter and control ip traffic of all types. It is composed of five primary tools: a specially compiled 2.6 kernel, l7-filter, iptables, ipp2p, and mastershaper. This document walks through the integration and configuration of each of these tools.

The installation is based upon the Debian Etch 2 installation with Apache 2.

Kernel Preparation

Make sure you've got the latest and most appropriate kernel for your machine, by using the appropriate base build documentation.

Install tools:

apt-get install yaird
apt-get install kernel-package libncurses5-dev fakeroot wget bzip2
cd /usr/src
tar -xjf linux-source-2.6.15.tar.bz2
cd linux-source-2.6.15
make menuconfig
  general: append version info 

In the menu, load the alternate configuration file from /boot/config-2.6.15-1-686, or which ever is appropriate for the kernel you have loaded. Make any appropriate adjustments to the configuration. Exit the menu. By leaving all defaults as they were, you can rebuld the kernel in its default configuration. We'll then make further modifications.

make-kpkg clean fakeroot make-kpkg --initrd --revision=mastershaper.1.0 kernel_image
cd ..
dpkg -i linux-image-2.6.15_mastershaper.1.0_i386.deb

When the image comes back up (you may need to manully select the new image, as well as update /boot/, run 'uname -a' to check the build date to confirm it is your new basic rebuild.

Obtain and install the l7-filter and related patches:

cd /usr/src
tar -zxvf netfilter-layer7-v2.2.tar.gz
cd linux-source-2.6.15
patch -p1 < ../netfilter-layer7-v2.2/kernel-2.6.13-2.6.16-layer7-2.2.patch

After patching the kernel, install the patterns:

cd /usr/src 
tar -zxvf l7-protocols-2006-06-03.tar.gz
cd l7-protocols-2006-06-03 make install

Some changes are required to iptables before compiling the kernel.

apt-get remove iptables
cd /usr/src
  cd pub/iptables
  get iptables-1.3.5.tar.bz2
bzip2 -d iptables-1.3.5.tar.bz2
tar -xvf iptables-1.3.5.tar
cd iptables-1.3.5
patch -p1 < ../netfilter-layer7-v2.2/iptables-layer7-2.2.patch
chmod +x extensions/.layer7-test
cd /usr/src
  cd pub/patch-o-matic-ng/snapshot
  get patch-o-matic-ng-20060626.tar.bz2
tar -xjvf patch-o-matic-ng-20040621.tar.bz2
cd patch-o-matic-ng-20060626
export KERNEL_DIR=/usr/src/linux-source-2.6.15
export IPTABLES_DIR=/usr/src/iptables-1.3.5
./runme extra
  ** add the 'time', 'ipp2p', 'route' modules
cd ../iptables-1.3.5
make KERNEL_DIR=/usr/src/linux-source-2.6.15
make install KERNEL_DIR=/usr/src/linux-source-2.6.15

Build the kernel again:

fakeroot make-kpkg --initrd --revision=mastershaper.1.1 kernel_image
Install MasterShaper

MasterShaper is the web site front end for controlling and monitoring the kernel tools just installed.

apt-get install mysql-server

Create the database and assign privileges:

  create database shaper;
  grant all privileges on shaper.* to 'shaper'@'localhost' identified by 'shaper' with grant option;

Download and install MasterShaper:

cd /usr/src
tar -xjvf mastershaper_0.44.tar.bz2
cd MasterShaper-0.44
mkdir /var/www/shaper
cp -R htdocs/* /var/www/shaper/
chown -R www-data.www-data /var/www/shaper
cd /usr/src

Install some libraries:

apt-get install iproute
apt-get install libphp-jpgraph
apt-get install php-pear
apt-get install sudo
apt-get install php-db
apt-get install php4-mysql
apt-get install libphp-phplayersmenu
pear install DB Net_IPv4
cd /var/www/shaper
ln -s /usr/share/php/libphp-phplayersmenu phplayersmenu
ln -s /usr/share/jpgraph jpgraph
Usage Notes

To get help on the IPP2P IPTables plugin:

iptables -m ipp2p --help

To run the GUI:


On the first configuration screen, iptables should be set to '/usr/local/sbin/iptables'.

MasterShaper documentation can be found at:

[/OpenSource/Debian/MasterShaper] permanent link

New blog site at: Raymond Burkholder - What I Do

Blog Content ©2013
Ray Burkholder
All Rights Reserved
(519) 838-6013
(441) 705-7292
Available for Contract Work

RSS: Click to see the XML version of this web page.

View Ray 
Burkholder's profile on LinkedIn
Add to Technorati Favorites

Su Mo Tu We Th Fr Sa
29 30          

Main Links:
Monitoring Server
SSH Tools
QuantDeveloper Code

Special Links:

Blog Links:
Quote Database
Nanex Research
Sergey Solyanik
Marc Andreessen
Micro Persuasion
... Reasonable ...
Chris Donnan
Trader Mike
Ticker Sense
Stock Bandit
The Daily WTF
Guy Kawaski
J. Brant Arseneau
Steve Pavlina
Matt Cutts
Kevin Scaldeferri
Joel On Software
Quant Recruiter
Blosxom User Group
Wesner Moise
Julian Dunn
Steve Yegge
Max Dama


Mason HQ

Disclaimer: This site may include market analysis. All ideas, opinions, and/or forecasts, expressed or implied herein, are for informational purposes only and should not be construed as a recommendation to invest, trade, and/or speculate in the markets. Any investments, trades, and/or speculations made in light of the ideas, opinions, and/or forecasts, expressed or implied herein, are committed at your own risk, financial or otherwise.