The magic command:
livecd-iso-to-disk --format --efi Fedora-18-Beta-x86_64-Live-Desktop.iso /dev/sdx
Now I just have to wait for the final release :).
Saturday, January 5, 2013
Monday, August 15, 2011
Apache zabbix monitoring
I found few scripts for zabbix apache monitoring and all of them wasn't suitable for me. There is my contribution :). It can do only one request per all of the checks. Source is here.
Friday, May 20, 2011
why not?
python -c "import telnetlib,time;tn = telnetlib.Telnet('127.0.0.1', 10031);tn.write('ppolicyFactory.modules[\'stats\'][0].STAT_DATA\r\n');time.sleep(1);output = [line for line in tn.read_until('}')];print ''.join(output).split()[4][0:-1]"
Sunday, February 13, 2011
C vs Python vs Perl sort comparison
First findings are:
Python source code: Python sort code
Perl source code: Perl sort code
C code was taken from here.
Heap sort in C: file_sort_heap.c.
Quick sort in C: file_sort_quick.c
Doc file is here.
Second findings are:
Python code could be a memory eater.
Explanation is here and here. For every string in the list is allocated 80 bytes=2288 MB of RAM for 30,000,000. Solution would be to use smarter data structure in the python (standard int is 24 bytes).
With the C we have 2 bytes short int which is little bit less :).
Python sorting file with 30,000,000 numbers took around 2-3GB of RAM (file with numbers was 150 MB). Which is too much memory. Solution is to use special sorting for big files for example something like here or C.
With perl I couldn't sort the 30,000,000 numbers file because of out of memory problems (4GB RAM and 2GB swap).
It'd be interesting to try python with psyco module. Unfortunately the rpm isn't present in the Fedora 14.
- C is way faster in sorting then python.
- Python code is way shorter then C.
- Python is faster than Perl and less memory hungry.
Python source code: Python sort code
Perl source code: Perl sort code
C code was taken from here.
Heap sort in C: file_sort_heap.c.
Quick sort in C: file_sort_quick.c
Doc file is here.
Second findings are:
Python code could be a memory eater.
Explanation is here and here. For every string in the list is allocated 80 bytes=2288 MB of RAM for 30,000,000. Solution would be to use smarter data structure in the python (standard int is 24 bytes).
With the C we have 2 bytes short int which is little bit less :).
Python sorting file with 30,000,000 numbers took around 2-3GB of RAM (file with numbers was 150 MB). Which is too much memory. Solution is to use special sorting for big files for example something like here or C.
With perl I couldn't sort the 30,000,000 numbers file because of out of memory problems (4GB RAM and 2GB swap).
It'd be interesting to try python with psyco module. Unfortunately the rpm isn't present in the Fedora 14.
Saturday, February 20, 2010
Cryptography MIX
This is just a compilation of texts from wikipedia.
I'll extend this text little bit more later.
Symmetric-key algorithm
Are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption.
Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bytes of the message one at a time, and block ciphers take a number of bytes and encrypt them as a single unit.
AES(Rijndael)
Standard adopted by the U.S. government
128, 192 and 256 bit. wiki
A related-key attack can break 256-bit AES with a complexity of 2119, which is faster than brute force but is still infeasible. 192-bit AES can also be defeated in a similar manner, but at a complexity of 2176. 128-bit AES is not affected by this attack. A chosen-plaintext attack can break 8 rounds of 192-bit and 256-bit AES, and 7 rounds of 128-bit AES, although the workload is impractical at 2128 - 2119. (Ferguson et al., 2000). wiki
DES
56 bits
Old. DES is now considered to be insecure for many applications.
Triple DES
168 bits (three 56-bit DES keys)
Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm. wiki
Serpent
128, 192 or 256 bits
The Serpent cipher has not been patented. It is completely in the public domain and can be freely used by anyone.
The XSL attack, if effective, would weaken Serpent (though not as much as it would weaken Rijndael, which became AES). However, many cryptanalysts believe that once implementation considerations are taken into account the XSL attack would be more expensive than a brute force attack.
The 32 rounds make Serpent have a higher security margin than Rijndael; however, Rijndael with 10 rounds is faster and easier to implement for small blocks. Hence, Rijndael was selected as the winner in the AES competition.
wiki
Blowfish
Variable key length from 32 up to 448 bits.
recommends using the more recent Twofish algorithm instead.
wiki
Twofish
128, 192 or 256 bits
On most software platforms Twofish is slightly slower than Rijndael (the chosen algorithm for Advanced Encryption Standard) for 128-bit keys, but somewhat faster for 256-bit keys.
The Twofish cipher has not been patented and the reference implementation has been placed in the public domain.
Advanced Encryption Standard process
The Advanced Encryption Standard (AES), the block cipher ratified as a standard by National Institute of Standards and Technology of the United States.
Rijndael: 86 positive, 10 negative
Serpent : 59 positive, 7 negative
Twofish : 31 positive, 21 negative
RC6 : 23 positive, 37 negative
MARS : 13 positive, 83 negative
wiki
Asymmetric key algorithms
Diffie–Hellman key exchange
In practice, Diffie–Hellman is not used in this way, with RSA being the dominant public key algorithm. This is largely for historical and commercial reasons, namely that RSA created a Certificate Authority that became Verisign. Diffie–Hellman cannot be used to sign certificates, although the ElGamal and DSA signature algorithms are related to it.
wiki
Digital Signature Algorithm (DSA)
United States Federal Governmentstandard or FIPS for digital signatures.DSA is covered by U.S. Patent 5,231,668, filed July 26, 1991, and attributed to David W. Kravitz, a former NSA employee. This patent was given to "The United States of America as represented by the Secretary of Commerce, Washington, D.C." and the NIST has made this patent available worldwide.wiki
ElGamal encryption
ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems.
wiki
RSA (Rivest, Shamir and Adleman)
It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.
wiki
Cramer–Shoup cryptosystem
It is an extension of the Elgamal cryptosystem. In contrast to Elgamal, which is extremely malleable, Cramer–Shoup adds additional elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a collision-resistant hash function and additional computations, resulting in a ciphertext which is twice as large as in Elgamal.
wiki
Elliptic curve cryptography (ECC)
At least one ECC scheme (ECMQV) and some implementation techniques are covered by patents.
128-bit security one needs a curve over F(q), where q 2^256. This can be contrasted with finite-field cryptography (e.g., DSA) which requires 3072-bit public keys and 256-bit private keys, and integer factorization cryptography (e.g., RSA) which requires 3072-bit public and private keys.
wiki
Cryptographic hash function
SHA hash functions
wiki
MD5 (Message-Digest algorithm 5)
U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"and most U.S. government applications will be required to move to the SHA-2 family of hash functions by 2010.
is a widely used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321),Recently, a number of projects have created MD5 rainbow tables which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful.
The use of MD5 in some websites' URLs means that Google can also sometimes function as a limited tool for reverse lookup of MD5 hashes. This technique is also rendered ineffective by the use of a salt.
wiki
Comparison of cryptographic hash functions
Key size
The security of an algorithm cannot exceed its key length (since any algorithm can be cracked by brute force), but it can be smaller.
A key should therefore be large enough that a brute force attack (possible against any encryption algorithm) is infeasible – i.e, would take too long to execute. Shannon's work on information theory showed that to achieve so called perfect secrecy, it is necessary for the key length to be at least as large as the message to be transmitted and only used once (this algorithm is called the One-time pad).
As each of these is of a different level of cryptographic complexity, it is usual to have different key sizes for the same level of security, depending upon the algorithm used. For example, the security available with a 1024-bit key using asymmetric RSA is considered approximately equal in security to an 80-bit key in a symmetric algorithm (Source: RSA Security).
With a key of length n bits, there are 2n possible keys.
This number grows very rapidly as n increases. Moore's law suggests that computing power doubles roughly every 18 to 24 months, but even this doubling effect leaves the larger symmetric key lengths currently considered acceptably well out of reach. The large number of operations (2128) required to try all possible 128-bit keys is widely considered to be out of reach for conventional digital computing techniques for the foreseeable future.
The Advanced Encryption Standard published in 2001 uses a key size of (at minimum) 128 bits. It also can use keys up to 256 bits (a specification requirement for submissions to the AES contest).
128 bits is currently thought, by many observers, to be sufficient for the foreseeable future for symmetric algorithms of AES's quality. The U.S. Government requires 192 or 256-bit AES keys for highly sensitive data.
As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys. RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030. NIST key management guidelines further suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys.
One of the asymmetric algorithm types, elliptic curve cryptography, or ECC, appears to be secure with shorter keys than those needed by other asymmetric key algorithms.
NIST guidelines state that ECC keys should be twice the length of equivalent strength symmetric key algorithms. So, for example, a 224-bit ECC key would have roughly the same strength as a 112-bit symmetric key. These estimates assume no major breakthroughs in solving the underlying mathematical problems that ECC is based on. A message encrypted with an elliptic key algorithm using a 109-bit long key has been broken by brute force.
The amount of time required to break a 128-bit key is also daunting. Each of the 2128 (340,282,366,920,938,463,463,374,607,431,768,211,456) possibilities must be checked. A device that could check a billion billion keys (1018) per second would still require about 1013 years to exhaust the key space.
This is a thousand times longer than the age of the universe, which is about 13,000,000,000 (1.3×1010) years.
AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (1018) AES keys per second would require about 3×1051 years to exhaust the 256-bit key space. An underlying assumption of this analysis is that the complete keyspace is used to generate keys, something that relies on an effective random number generator.
wiki
I'll extend this text little bit more later.
- Symmetric-key algorithm
- Triple DES
- Serpent
- Blowfish
- Twofish
- Asymmetric key algorithms
- Diffie–Hellman key exchange
- Digital Signature Algorithm (DSA)
- ElGamal encryption
- Cramer–Shoup cryptosystem
- Elliptic curve cryptography (ECC)
- Cryptographic hash function
- SHA hash functions
- MD5 (Message-Digest algorithm 5)
- Key size Brute force
Symmetric-key algorithm
Are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption.
Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bytes of the message one at a time, and block ciphers take a number of bytes and encrypt them as a single unit.
AES(Rijndael)
Standard adopted by the U.S. government
128, 192 and 256 bit. wiki
A related-key attack can break 256-bit AES with a complexity of 2119, which is faster than brute force but is still infeasible. 192-bit AES can also be defeated in a similar manner, but at a complexity of 2176. 128-bit AES is not affected by this attack. A chosen-plaintext attack can break 8 rounds of 192-bit and 256-bit AES, and 7 rounds of 128-bit AES, although the workload is impractical at 2128 - 2119. (Ferguson et al., 2000). wiki
DES
56 bits
Old. DES is now considered to be insecure for many applications.
Triple DES
168 bits (three 56-bit DES keys)
Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm. wiki
Serpent
128, 192 or 256 bits
The Serpent cipher has not been patented. It is completely in the public domain and can be freely used by anyone.
The XSL attack, if effective, would weaken Serpent (though not as much as it would weaken Rijndael, which became AES). However, many cryptanalysts believe that once implementation considerations are taken into account the XSL attack would be more expensive than a brute force attack.
The 32 rounds make Serpent have a higher security margin than Rijndael; however, Rijndael with 10 rounds is faster and easier to implement for small blocks. Hence, Rijndael was selected as the winner in the AES competition.
wiki
Blowfish
Variable key length from 32 up to 448 bits.
recommends using the more recent Twofish algorithm instead.
wiki
Twofish
128, 192 or 256 bits
On most software platforms Twofish is slightly slower than Rijndael (the chosen algorithm for Advanced Encryption Standard) for 128-bit keys, but somewhat faster for 256-bit keys.
The Twofish cipher has not been patented and the reference implementation has been placed in the public domain.
Advanced Encryption Standard process
The Advanced Encryption Standard (AES), the block cipher ratified as a standard by National Institute of Standards and Technology of the United States.
Rijndael: 86 positive, 10 negative
Serpent : 59 positive, 7 negative
Twofish : 31 positive, 21 negative
RC6 : 23 positive, 37 negative
MARS : 13 positive, 83 negative
wiki
Asymmetric key algorithms
Diffie–Hellman key exchange
In practice, Diffie–Hellman is not used in this way, with RSA being the dominant public key algorithm. This is largely for historical and commercial reasons, namely that RSA created a Certificate Authority that became Verisign. Diffie–Hellman cannot be used to sign certificates, although the ElGamal and DSA signature algorithms are related to it.
wiki
Digital Signature Algorithm (DSA)
United States Federal Governmentstandard or FIPS for digital signatures.DSA is covered by U.S. Patent 5,231,668, filed July 26, 1991, and attributed to David W. Kravitz, a former NSA employee. This patent was given to "The United States of America as represented by the Secretary of Commerce, Washington, D.C." and the NIST has made this patent available worldwide.wiki
ElGamal encryption
ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems.
wiki
RSA (Rivest, Shamir and Adleman)
It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.
wiki
Cramer–Shoup cryptosystem
It is an extension of the Elgamal cryptosystem. In contrast to Elgamal, which is extremely malleable, Cramer–Shoup adds additional elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a collision-resistant hash function and additional computations, resulting in a ciphertext which is twice as large as in Elgamal.
wiki
Elliptic curve cryptography (ECC)
At least one ECC scheme (ECMQV) and some implementation techniques are covered by patents.
128-bit security one needs a curve over F(q), where q 2^256. This can be contrasted with finite-field cryptography (e.g., DSA) which requires 3072-bit public keys and 256-bit private keys, and integer factorization cryptography (e.g., RSA) which requires 3072-bit public and private keys.
wiki
Cryptographic hash function
SHA hash functions
| Algorithm | Output size (bits) | Collisions found |
|---|---|---|
| SHA-0 | 160 | yes |
| SHA-1 | 160 | None |
| SHA-2 | 256/224 | None |
| SHA-2 | 512/384 | None |
wiki
MD5 (Message-Digest algorithm 5)
U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"and most U.S. government applications will be required to move to the SHA-2 family of hash functions by 2010.
is a widely used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321),Recently, a number of projects have created MD5 rainbow tables which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful.
The use of MD5 in some websites' URLs means that Google can also sometimes function as a limited tool for reverse lookup of MD5 hashes. This technique is also rendered ineffective by the use of a salt.
wiki
Comparison of cryptographic hash functions
Key size
The security of an algorithm cannot exceed its key length (since any algorithm can be cracked by brute force), but it can be smaller.
A key should therefore be large enough that a brute force attack (possible against any encryption algorithm) is infeasible – i.e, would take too long to execute. Shannon's work on information theory showed that to achieve so called perfect secrecy, it is necessary for the key length to be at least as large as the message to be transmitted and only used once (this algorithm is called the One-time pad).
As each of these is of a different level of cryptographic complexity, it is usual to have different key sizes for the same level of security, depending upon the algorithm used. For example, the security available with a 1024-bit key using asymmetric RSA is considered approximately equal in security to an 80-bit key in a symmetric algorithm (Source: RSA Security).
With a key of length n bits, there are 2n possible keys.
This number grows very rapidly as n increases. Moore's law suggests that computing power doubles roughly every 18 to 24 months, but even this doubling effect leaves the larger symmetric key lengths currently considered acceptably well out of reach. The large number of operations (2128) required to try all possible 128-bit keys is widely considered to be out of reach for conventional digital computing techniques for the foreseeable future.
The Advanced Encryption Standard published in 2001 uses a key size of (at minimum) 128 bits. It also can use keys up to 256 bits (a specification requirement for submissions to the AES contest).
128 bits is currently thought, by many observers, to be sufficient for the foreseeable future for symmetric algorithms of AES's quality. The U.S. Government requires 192 or 256-bit AES keys for highly sensitive data.
As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys. RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030. NIST key management guidelines further suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys.
One of the asymmetric algorithm types, elliptic curve cryptography, or ECC, appears to be secure with shorter keys than those needed by other asymmetric key algorithms.
NIST guidelines state that ECC keys should be twice the length of equivalent strength symmetric key algorithms. So, for example, a 224-bit ECC key would have roughly the same strength as a 112-bit symmetric key. These estimates assume no major breakthroughs in solving the underlying mathematical problems that ECC is based on. A message encrypted with an elliptic key algorithm using a 109-bit long key has been broken by brute force.
The amount of time required to break a 128-bit key is also daunting. Each of the 2128 (340,282,366,920,938,463,463,374,607,431,768,211,456) possibilities must be checked. A device that could check a billion billion keys (1018) per second would still require about 1013 years to exhaust the key space.
This is a thousand times longer than the age of the universe, which is about 13,000,000,000 (1.3×1010) years.
AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (1018) AES keys per second would require about 3×1051 years to exhaust the 256-bit key space. An underlying assumption of this analysis is that the complete keyspace is used to generate keys, something that relies on an effective random number generator.
wiki
Sunday, October 18, 2009
Nefunkcni Mic F11
# amixer -c0 sset 'Input Source' 'Front Mic'
Simple mixer control 'Input Source',0
Capabilities: cenum
Items: 'Mic' 'Front Mic'
Item0: 'Front Mic'
Source http://www.linux-archive.org/fedora-desktop/285894-recording-front-mic-fedora-11-a.html
Simple mixer control 'Input Source',0
Capabilities: cenum
Items: 'Mic' 'Front Mic'
Item0: 'Front Mic'
Source http://www.linux-archive.org/fedora-desktop/285894-recording-front-mic-fedora-11-a.html
Monday, October 12, 2009
Bonding Red Hat
Nastaveni eth0
DEVICE=eth0
BOOTPROTO=none
USRCTL=no
MASTER=bond0
ONBOOT=yes
SLAVE=yes
TYPE=Ethernet
Nastaveni eth1
DEVICE=eth0
BOOTPROTO=none
USRCTL=no
MASTER=bond0
ONBOOT=yes
SLAVE=yes
TYPE=Ethernet
Nastaveni bond0
Vytvorit soubor ifcfg-bond0 /etc/sysconfig/network-scripts
DEVICE=bond0
BOOTPROTO=dhcp
ONBOOT=yes
# IPADDR=192.168.203.231
# NETMASK=255.255.255.0
USRCTL=no
# GATEWAY=192.168.203.1
TYPE=Ethernet
IPV6INIT=no
PEERDNS=yes
modprobe.conf
alias bond0 bonding
options bond0 miimon=80 mode=1 downdelay=200 updelay=200
mode=0 (balance-rr)
Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.
mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.
mode=2 (balance-xor)
XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.
mode=3 (broadcast)
Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.
mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.
Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.
Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.
DEVICE=eth0
BOOTPROTO=none
USRCTL=no
MASTER=bond0
ONBOOT=yes
SLAVE=yes
TYPE=Ethernet
Nastaveni eth1
DEVICE=eth0
BOOTPROTO=none
USRCTL=no
MASTER=bond0
ONBOOT=yes
SLAVE=yes
TYPE=Ethernet
Nastaveni bond0
Vytvorit soubor ifcfg-bond0 /etc/sysconfig/network-scripts
DEVICE=bond0
BOOTPROTO=dhcp
ONBOOT=yes
# IPADDR=192.168.203.231
# NETMASK=255.255.255.0
USRCTL=no
# GATEWAY=192.168.203.1
TYPE=Ethernet
IPV6INIT=no
PEERDNS=yes
modprobe.conf
alias bond0 bonding
options bond0 miimon=80 mode=1 downdelay=200 updelay=200
mode=0 (balance-rr)
Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.
mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.
mode=2 (balance-xor)
XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.
mode=3 (broadcast)
Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.
mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.
Pre-requisites:mode=5 (balance-tlb)
1. Ethtool support in the base drivers for retrieving
the speed and duplex of each slave.
2. A switch that supports IEEE 802.3ad Dynamic link
aggregation.
Most switches will require some type of configuration
to enable 802.3ad mode.
Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.
Prerequisite:mode=6 (balance-alb)
Ethtool support in the base drivers for retrieving the
speed of each slave.
Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.
Subscribe to:
Posts (Atom)