Posts

Showing posts from November, 2012

[iptables] some common examples of iptables rule

Read all tables without DNS lookup> iptables -L -nObtain the line number of the lines:  > iptables -L -nv --line-numbers Read NAT table in list without DNS lookup> iptables -t nat -L -nDo NAT ( SNAT )> echo "1" > /proc/sys/net/ipv4/ip_forward > iptables-t nat -A POSTROUTING -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -o ${OUTSIDE_DEVICE} -j MASQUERADEor > iptables-t nat -A POSTROUTING -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -o ${OUTSIDE_DEVICE} -j SNAT --to ${TARGET_IP} Do DNAT> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.10:80 Drop the packet which is from 192.168.2.20 to 192.168.1.100 with TCP port 80> iptables -A POSTROUTING -t nat -s 192.168.2.20 -d 192.168.1.100 -p TCP --dport 80 -j DROPAccept the packet which is from 192.168.100.0/24 and interface eth1> iptables -A INPUT -i eth1 -s 192.168.100.0/24 -j ACCEPT Insert a logging rule between the last one which drops packet with iptables something like…

[Mongrel2] How to write a handler for mongrel2 web server

Image
Mongrel2 is an application, language, and network architecture agnostic web server that focuses on web applications. The most powerful functionality is to use Handler to deal with ZeroMQ message.
There are already some articles talking about Handler and how to get started, for instance:
http://www.ioncannon.net/programming/1384/example-mongrel2-handler-in-ruby/
http://brubeck.io/demos.html

I almost studied 2 days to understand the usage of handler and try a simple handler to respond the request, and finally I finished. So, in this article, I will give a concept about Mongrel2 web server and a simple example.


From this diagram, you will quickly realize how the mongrel2 web server works with your handler by what kind of zeromq communication type.Second, I will give the handler example in details:The conf file ==> mongrel2.conf
brubeck_handler = Handler(
    send_spec='tcp://127.0.0.1:9999',
    send_ident='34f9ceee-cd52-4b7f-b197-88bf2f0ec378',
    recv_spec='tcp://127.0…

[ZeroMQ] the study note of the ØMQ guilde -- Part II

Image
Shared Queue ( DEALER and ROUTER sockets) The only constraint is that services must be stateless, all state being in the request or in some shared storage such as a database. It then uses zmq-poll[3] to monitor these two sockets for activity and when it has some, it shuttles messages between its two sockets. It doesn't actually manage any queues explicitly — ØMQ does that automatically on each socket.
Built-in Proxy Function
Please see the examle of msgqueue.c that replaces rrbroker.c with built-in proxy function.

Transport Bridging
Handling Errors In most of the C examples we've seen so far there's been no error handling. Real code should do error handling on every single ØMQ call. void*context = zmq-ctx-new ();
assert (context);
void*socket = zmq-socket (context, ZMQ-REP);
assert (socket);
int rc = zmq-bind (socket, "tcp://*:5555");
if (rc !=0) {
printf ("E: bind failed: %s\n", strerror (errno));
return-1;
}
We'll use a publish-subscribe model to sen…

[ZeroMQ] the study note of the ØMQ guilde -- Part I

Image
I have intrudced ZeroMQ as very powerful tool to leverage your application to become a distrubuted system. If you see http://zguide.zeromq.org/page:alland take a look at the content, you will realize there are a lot of stuff that needs to study in details. Due to this reason, I will summarize what I have studied in ZeroMQ and let me give some notes about the important concepts. Request-Reply pattern: The REQ-REP socket pair is lockstep. The client does zmq_msg_send(3) and then zmq_msg_recv(3), in a loop.
They create a ØMQ context to work with, and a socket. If you kill the server (Ctrl-C) and restart it, the client won't recover properly.
Take care of string in C: When you receive string data from ØMQ, in C, you simply cannot trust that it's safely terminated. Every single time you read a string you should allocate a new buffer with space for an extra byte, copy the string, and terminate it properly with a null. So let's establish the rule that ØMQ strings are length-s…

[Quantum] The useful document list about Quantum Folsom version

Quantum Wiki ( the offical Quantum document web page )
http://wiki.openstack.org/Quantum
Administrator GuideAPI Developer Doc (v2)Current Project Status
Quantum technical archietcture ( very useful )

[OpenFlow] What's new with OpenFlow v1.3

Big Switch Netwoks give a brief introduction about the new with OpenFlow v1.2 as the following URL:
What is new with OpenFlow v1.2?

I also paste the summary from that and aslo add a few comments by my point of view.

OpenFlow 1.0:  Dec 2010
First “official” releaseBasic QoS – minimum bandwidth guaranteesFlow Cookies – store metadata in flow tableBroadly implementedOpenFlow 1.1:  Feb 2011
Multiple tablesGroup table – ECMP, fast failover, MulticastMPLS/QinQ supportFew implementaKon, less deploymentOpenflow 1.2:   Dec 2011
More flexible packet matchingMakes specification easier to extendAllows third-parties to define their own match types Basic IPv6 support Match on src/dst IPv6 address + flow label No support for matching IPv6 extensionsImproved controller failover mechanismEnables “active-­active” fast-failoverIt needs switch to co-operate with controller. v1.2 is inherent from most of the features from v1.1  v1.1 and v1.2 are not compatible with v1.0The flow table is different from v1.0. In…