Thursday, September 17th, 2015 | Author:
  • Part 1 – Okwu Mmalite – Mwube Mfe queues (Nke a post)
  • Part 2 – Reliably Ịmata okporo ụzọ – Mwube Mangle Iwu (Na-abịa oge adịghị anya TM)
  • Part 3 – -Ebute ụzọ na Limits – Mwube kwụ n'ahịrị Osisi (Na-abịa oge adịghị anya TM)
  • Part 4 – Monitoring Usage – Redefining queues – Limiting Abusive Devices (Na-abịa oge adịghị anya TM)
  • Part 5 – ??? Uru ???

Okwu Mmalite

The first problem one usually comes across after being tasked with improving an Internet connection is that the connection is overutilised. A dịghị onye maara ihe mere, onye, ma ọ bụ ihe na-akpata nsogbu – except of course everyone blames the ISP. Mgbe ụfọdụ, ọ bụ ISP – but typically you can’t prove that without having an alternative connection immediately available. I currently manage or help manage four “saịtị / ogige” na-eji QoS jikwaa ha Internet Njikọta. Otu bụ m ọrụ, two are home connections, and the last one is a slightly variable one – na-emekarị nnọọ a n'ụlọ njikọ ma Nhọrọ, for a weekend every few months, it becomes a 140-nwoke (na-eto eto) LAN. Fun. 🙂

MikroTik RouterOS na

MikroTik'S RouterOS is very powerful in the right hands. Many other routers support QoS but not with the fine-grain control MikroTik provides. Alternatively you could utilise other Linux-based router OS’s, dị ka Dd-WRT, Smoothwall, Untangle, na otú pụta. Ọtụtụ n'ime ndị a ndị a chọrọ na i nwere a mapụtara nkesa-agha ụgha banyere ma ọ bụ a dakọtara ngwaike rawụta. Mikrotik akanyam RouterBoards na nwere RouterOS builtin – ha na-dịtụ ọnụ.

My ahụmahụ na routers bụ n'ụzọ bụ isi na Cisco na MikroTik – and my experience with QoS is primarily with Ikenye si NetEnforcer / NetXplorer usoro na MikroTik. Ndị kasị ewu ewu MikroTik ngwaọrụ m ahụmahụ (ọzọ karịa ha raara onwe ha nye ogologo nso wireless ngwaọrụ) ndidi ha rb750 (ọhụrụ version aha ya bụ “hEX“) na rb950-dabeere mbadamba. Ha nwere ọtụtụ ndị ọzọ available and are relatively inexpensive. In historical comparison with Cisco’s premium devices, M na nāzù na-akọwa MikroTik si ngwaọrụ dị ka “90% atụmatụ na 10% ndị na-eri”. Dị ka a ndu a na-iji isi na SME / Home ojiji, inexpensive makes more sense. If you’re looking at getting a MikroTik device, mara na MikroTik routers eme bụghị typically include DSL modems, si otú gị ẹdude ngwá bụ a na ka ọ dị mkpa. Rịba ama na-na nke a bụ bụghị a nkuzi na mwube a MikroTik ngwaọrụ site ọkọ. E nwere ọtụtụ nduzi dị online maka na ugbua.

Theory n'ime omume – nzọụkwụ ndị mbụ

Melite QoS n'ụzọ ziri ezi, you need to have an idea of a policy that takes into account the following:

  • The n'ozuzu njikọ ọsọ
  • Olee otú ọtụtụ ndị ọrụ / ngwaọrụ a ga-eji na njikọ
  • The users/devices/services/protocols that should be prioritised for latency and/or throughput

Iji nweta n'elu m atụ, M ga-iche na-esonụ:

  • The MikroTik a guzobere na ndabara netwọk nhazi ebe Obodo netwọk bụ 192.168.88.0/24 na njikọ Ịntanetị na-nyere site PPPoE.
  • Njikọ ọsọ bụ 10 / 2Mbps (10 Mbps download ọsọ; 2 Mbps bulite ọsọ)
  • A ga-enwe 5 ọrụ dị ọtụtụ dị ka 15 ngwaọrụ (otutu kọmputa / mbadamba / color / WiFi wdg)
  • Ahụkarị downloads achọ elu mkpa na throughput ma ala-mkpa na latency
  • Gaming/Skype/Administrative protocols require high priority with both latency and throughput
  • Ọ dịghị ọrụ, a ga-prioritized ndị ọzọ

The first and probably quickest step is to set up what RouterOS refers to as a Mfe kwụ n'ahịrị.

M mere a obere edemede na m zọpụta na m MikroTik ngwaọrụ melite ndị dị mfe queues. Ọ bụ dị ka ndị:

:maka x si 1 ka 254 do ={
 /kwụ n'ahịrị mfe tinye aha ="internet-usage- $ x" dst ="pppoe" max-ịgba = 1900k / 9500k lekwasịrị ="192.168.88.$x"
}

Ihe n'elu na-eme bụ ịgba ndị ọsọ kacha mmadụ ọ bụla ngwaọrụ nwere ike iji “1900k” (1.9Mb) bulite na “9500k” (9.5Mb) download.

Notes:

  • Ihe mere max ókè na- 95% of the line’s maximum speed is that this guarantees no single device can fully starve the connection, negatively affecting the other users. With a larger userbase I would enforce this limit further. Ọmụmaatụ, na 100 ọrụ na a 20MB ọrụ m pụrụ isetịpụ a ịgba na-15Mb ma ọ bụ ọbụna dị ka obere ka 1MB. Nke a bụ kpamkpam dabere na otú “mkparị” ndị ọrụ bụ ndị na-, dị ka ị chepụta ebe na ole ọjọọ etịbe, you can adjust it appropriately.
  • The nganiihu “internet-ojiji” n'aha oke nwere ike ahaziri. A m setịpụrụ ndị a na-ezo aka na ogige aha. Ọmụmaatụ, with premises named “Alfa” na “beta”, M ga-a na-etinye “internet-Alfa” na “internet-beta”. A na-enyere na instinctively differentiating n'etiti saịtị.
  • The dst oke nwere “pppoe” na atụ. Nke a ga-anam aha nke interface that provides the Internet connection.

Gbaa mbọ hụ na ị hazie edemede na-kwesịrị ekwesị ka gị na nhazi. Zọpụta edemede ka MikroTik na-agba ya – ma ọ bụ mado ya kpọmkwem n'ime MikroTik si ọnụ igbu ya.

In my next post I will go over setting up what RouterOS refers to as Mangle iwu. Ndị a iwu na-eje ozi ka a mata / were netwọk okporo ụzọ iji mee ka finer-grained QoS kwere omume.

Share
Category: random  | Leave a Comment
Thursday, September 17th, 2015 | Author:

Nzuzo, Oge, Ego

M na-adịghị amasị debit iwu. M na mgbe mmasị echiche na ọzọ kwadoro nwere ike, na uche, -fọrọ nke nta ọ bụla ego nke m ego (ọma … ihe ọ bụla bụ dị). A otu gosiri na nke na- MTN ga-e ẹse m a na-eji a debit iji. Ma eleghị anya, “mma” na-akpata bụ bụghị dị otú ahụ a ihe ọjọọ.

Echere m na ndị penultimate ajụjụ ebe a bụ ma ma ọ bụ na ị chọrọ mma na pụrụ ịtụkwasị obi oru (na nke a na gị ego gị) – ma ọ bụ ma ọ bụrụ na ị na-apụghị ịtụkwasị ha obi na-adị njikere ịhapụ ya mma. M ikpe, n'agbanyeghị na m ka na-ajụ na mma, M mụtara n'ụzọ siri ike na MTN na ọ doubly nwere ike na-adịghị ka gị ejikọrọ ụwa na-ebelata ka “n'àgwàetiti dịpụrụ adịpụ” ọnọdụ. Fọrọ nke nta onye ọ bụla taa na-aga na na mma-akpata.

Mma

N'akụkụ aka nke ọzọ, ugbu a ogologo oge gara aga, I had a dispute with Planet Fitness ebe mma bụ a mma ihu abụọ. M kọrọ ha azụmahịa omume ka Consumer Complaints Commission (ebe ọ bụ na re-haziri ka National Consumer Commission) and never got feedback from them. The gist of the issue is that Planet Fitness’s sales agent lied to me and a friend in order to get more commission/money out of my pocket.

M a Discovery vitality so nke na-enye ọtụtụ uru, gụnyere belata udu na adịchaghị ụdị – ukwuu n'ime ahụ ike-metụtara N'ezie, as Discovery is a Medical Aid/Health Insurance provider. Itinye ya nanị, Discovery bụ egwu. Vitality si uru ekpuchi mgbatị memberships nke ozokwa na-agụnye Planet Fitness. You still have to pay something, a obere iriba ama nke ụdị, ka Discovery, maka mgbatị otu. Ma, ka emechara, ha chọrọ ka m na-ike, so they don’t mind footing the bulk of the bill. Ma, o doro anya na, nke a pụtara Planet Fitness’ ahịa mmadụ adịghị enweta ọrụ!

Ya mere, ihe ka nke a na n'ihi na? N'ihi na PF si ahịa gị n'ụlọnga nyere m otu ebu ọnụ ọgụgụ maka a “Vitality dabeere” otu. Na ọ ghara ụgha. O wee ama m banye na dotted akara maka ihe ebu price nke a “mgbe” otu (ee, ọ bụ n'ezie karịa ọbụna a mgbe otu ga-eri), ending up about 4 na 5 ugboro dị ukwuu dị ka vitality dabeere otu.

Epiphanies

Some time in 2011 M mechara wisened ruo-akwụ ụgwọ m e kwesịrị ịbụ na-akwụ ụgwọ. Discovery m n'aka ga-adị oke obi ụtọ banyere nke a fiasco. M gwara ndị Manager na-amụ, na m e mesiri obi ike na dum nkwekọrịta ga-hapụrụ. M otu maka ime ihe ike … ma ọ bụrụ na ya maka egwuregwu … na Octagon … ma mgbe m 5th nleta Manager ịjụ ihe mere ndị Debit Asọ ka nọ na-eme, ọ gwara m na-idem m ama ada ngwá agha m maka nleta. Mgbe a ole na ole ọzọ nleta, na Manager ahụ n'ezie hapụrụ Planet Fitness na kọwaara m na “nkwekọrịta” was between myself and Head Office and that the local gym, o doro anya na a franchise-ịke ime, ama obere ka ọ dịghị ikwu okwu banyere ma ma ọ bụ na ọ pụrụ ịkagbu. Ọ bụrụ na Head Office sị mba, siri ike chioma.

By this point I’d lost it. I had my bank put a Kwụsị ka debit iwu. It was a huge schlep: I had to contact the bank every month because the debit order descriptions would change ever so slightly. It also cost me a little every couple of months to “reinstate” the blocking ọrụ. Apụghị m ma na-eche ichekwa ego na bank usoro akwado mgbe okwu ma mkpara adịghị bụchaghị mara otú iji ya.

Technically I’m still waiting on the CCC to get back to me (mgbe mere – na N'ezie ha na-re-haziri dị ka e kwuru n'elu otú ahụ ikpe eleghị anya dara site cracks). N'ezie, site na mgbe PF chọkwara Blacklist m n'ihi na ọ bụghị na-akwụ ụgwọ!

Na-atụghị anya dike

A haphazard aha na nke na Discovery (Echere m na m na-akpọ ha banyere a dọkịta eze nleta) rụpụtara na a callback site na otu nke Discovery si elekọta mmadụ. Ha na-ahụ gwara m ka m na-akọwa nsogbu, n'ụzọ zuru ezu na na na ide, ka mma ịkọwa site m n'ọnọdụ ihe merenụ n'ezie. M ụgwọ. Ọ na-enyo m bụ nri banyere ha ka ha ghara ịbụ “kwa obi ụtọ” gbasara ya. N'ezie ha n'ezie ọ dịghị amasị. About three weeks later, Planet Fitness refunded m na zuru maka niile ewerekwa ego na gatụla ugwo ha.

Discovery bụ Awesome. 🙂

Share
Sunday, August 04th, 2013 | Author:

I had a power outage affect my server’s large md RAID array. Rather than let the server as a whole be down while waiting for it to complete an fsck, I had it boot without the large array so I could run the fsck manually.

However, when running it manually I realised I had no way of knowing how far it was and how long it would take to complete. This is especially problematic with such a large array. With a little searching I found the tip of adding the -C parameter when calling fsck. I couldn’t find this in the documentation however: fsckhelp showed no such option.

The option turns out to be ext4-specific, and thus shows a perfectly functional progress bar with a percentage indicator. To find the information, instead offsckhelporman fsck”, you have to inputfsck.ext4helporman fsck.ext4”. 🙂

Share
Sunday, August 04th, 2013 | Author:

History

Much had changed since I last mentioned my personal serverit has grown by leaps and bounds (it now has a 7TB md RAID6) and it had recently been rebuilt with Ubuntu Server.

Arch was never a mistake. Arch Linux had already taught me so much about Linux (and will continue to do so on my other desktop). But Arch definitely requires more time and attention than I would like to spend on a server. Ideally I’d prefer to be able to forget about the server for a while until a reminder email saysumthere’s a couple updates you should look at, buddy.

Space isn’t freeand neither is space

The opportunity to migrate to Ubuntu was the fact that I had run out of SATA ports, the ports required to connect hard drives to the rest of the computerthat 7TB RAID array uses a lot of ports! I had even given away my very old 200GB hard disk as it took up one of those ports. I also warned the recipient that the disk’s SMART monitoring indicated it was unreliable. As a temporary workaround to the lack of SATA ports, I had even migrated the server’s OS to a set of four USB sticks in an md RAID1. Crazy. I know. I wasn’t too happy about the speed. I decided to go out and buy a new reliable hard drive and a SATA expansion card to go with it.

The server’s primary Arch partition was using about 7GB of disk. A big chunk of that was a swap file, cached data and otherwise miscellaneous or unnecessary files. Overall the actual size of the OS, including the /home folder, was only about 2GB. This prompted me to look into a super-fast SSD drive, thinking perhaps a smaller one might not be so expensive. It turned out that the cheapest non-SSD drive I could find actually cost more than one of these relatively small SSDs. Yay for me. 🙂

Choice? Woah?!

In choosing the OS, I’d already decided it wouldn’t be Arch. Out of all the other popular distributions, I’m most familiar with Ubuntu and CentOS. Fedora was also a possibilitybut I hadn’t seriously yet considered it for a server. Ubuntu won the round.

The next decision I had to make didn’t occur to me until Ubiquity (Ubuntu’s installation wizard) asked it of me: How to set up the partitions.

I was new to using SSDs in LinuxI’m well aware of the pitfalls of not using them correctly, mostly due to their risk of poor longevity if misused.

I didn’t want to use a dedicated swap partition. I plan on upgrading the server’s motherboard/CPU/memory not too far in the future. Based on that I decided I will put swap into a swap file on the existing md RAID. The swap won’t be particularly fast but its only purpose will be for that rare occasion when something’s gone wrong and the memory isn’t available.

This then left me to give the root path the full 60GB out of an Intel 330 SSD. I considered separating /home but it just seemed a little pointless, given how little was used in the past. I first set up the partition with LVMsomething I’ve recently been doing whenever I set up a Linux box (n'ezie, there’s no excuse not to use LVM). When it got to the part where I would configure the filesystem, I clicked the drop-down and instinctively selected ext4. Then I noticed btrfs in the same list. Hang on!!

But a what?

Btrfs (“butter-eff-ess”, “better-eff-ess”, “bee-tree-eff-ess”, or whatever you fancy on the day) is a relatively new filesystem developed in order to bring Linuxfilesystem capabilities back on track with current filesystem tech. The existing King-of-the-Hill filesystem, “ext” (the current version called ext4) is pretty goodbut it is limited, stuck in an old paradigm (think of a brand new F22 Raptor vs. an F4 Phantom with a half-jested attempt at an equivalency upgrade) and is unlikely to be able to compete for very long with newer Enterprise filesystems such as Oracle’s ZFS. Btrfs still has a long way to go and is still considered experimental (depending on who you ask and what features you need). Many consider it to be stable for basic usebut nobody is going to make any guarantees. And, n'ezie, everyone is saying to make and test backups!

Mooooooo

The most fundamental difference between ext and btrfs is that btrfs is aCoWorCopy on Writefilesystem. This means that data is never actually deliberately overwritten by the filesystem’s internals. If you write a change to a file, btrfs will write your changes to a new location on physical media and will update the internal pointers to refer to the new location. Btrfs goes a step further in that those internal pointers (referred to as metadata) are also CoW. Older versions of ext would have simply overwritten the data. Ext4 would use a Journal to ensure that corruption won’t occur should the AC plug be yanked out at the most inopportune moment. The journal results in a similar number of steps required to update data. With an SSD, the underlying hardware operates a similar CoW process no matter what filesystem you’re using. This is because SSD drives cannot actually overwrite datathey have to copy the data (with your changes) to a new location and then erase the old block entirely. An optimisation in this area is that an SSD might not even erase the old block but rather simply make a note to erase the block at a later time when things aren’t so busy. The end result is that SSD drives fit very well with a CoW filesystem and don’t perform as well with non-CoW filesystems.

To make matters interesting, CoW in the filesystem easily goes hand in hand with a feature called deduplication. This allows two (or more) identical blocks of data to be stored using only a single copy, saving space. With CoW, if a deduplicated file is modified, the separate twin won’t be affected as the modified file’s data will have been written to a different physical block.

CoW in turn makes snapshotting relatively easy to implement. When a snapshot is made the system merely records the new snapshot as being a duplication of all data and metadata within the volume. With CoW, when changes are made, the snapshot’s data stays intact, and a consistent view of the filesystem’s status at the time the snapshot was made can be maintained.

A new friend

With the above in mind, especially as Ubuntu has made btrfs available as an install-time option, I figured it would be a good time to dive into btrfs and explore a little. 🙂

Part 2 coming soon

Share
Monday, October 29th, 2012 | Author:

It appears that, in infinite wisdom, Google have a security feature that can block an application from accessing or using your google account. I can see how this might be a problem for Google’s users, in particular their GTalk na Gmail users. In my case it was Pidgin having an issue with the Jabber ọrụ (which is technically part of GTalk). I found the solution after a little digging. I was surprised at how old the issue was and how long this feature has existed!

To unlock the account and get your application online, use Google’s Captcha page here.

Share