2017/03/17

Монтирование OCFS2 перед запуском o2cb

В системах с systemd для автоматического монтирования ocfs2 необходимо добавить на нодах дополнительные опции для mount в /etc/fstab:
/dev/mapper/maindm1 /data ocfs2 _netdev,x-systemd.requires=o2cb.service,noatime,nointr 0 0
Опция _netdev указывается в случае, если файловая система размещена на устройстве, которая требует сетевой доступ. Монтирование файловой системы будет происходить после того как включится сеть. Опция x-systemd.requires необходима для того, чтобы сервис o2cb был запущен перед тем как смонтируется файловая система.

2017/01/26

The 64k Connection Myth

It’s a common misconception that you can only accept 64,000 connections per IP address and the only way around it is to add more IPs. This is absolutely false. The misconception begins with the premise that there are only so many ephemeral ports per IP. The truth is that the limit is based on the IP pair, or said another way, the client and server IPs together. A single client IP can connect to a server IP 64,000 times and so can another client IP.

From Linux Kernel Tuning for C500k.

IPSec Bandwidth Overhead Using AES

For data payloads in excess of the common TCP payload maximum segment size (the MSS) of 1460 Bytes, the IPSec bandwidth overhead using AES is approximately 9.32%. This equates to an ‘efficiency’ of 91.48% (1460/1596) – in other words, that’s how much bandwidth is left for actual data if you’re putting as much data in each packet as possible. Note however that as this packet size is larger than the typical IP (and Ethernet) MTU, it’s very unlikely that you’ll achieve this level of efficiency. As noted in the comments, the ideal MSS appears to be 1328 when using ESP.

Keep in mind that for very small data payloads (common with applications such as Telnet, TN3270 mainframe emulation and SSH) the IPSec bandwidth overhead can as high as 12,300%.

If you add TCP/IP and Ethernet (and VLAN tagging) into the mix (see the calculations from Wikipedia here) then the throughput of a 100Mb link is 100 x 0.92.64 (IPSec+AES efficiency) x 0.9733 (TCP/IP efficiency) x 0.9728 (Ethernet (with tagging) efficiency) which equals 87.71Mbps, a combined efficiency of 87.71%. assuming ideal conditions.

Link: IPSec Bandwidth Overhead Using AES

2016/05/13

logstash-asterisk

logstash-asterisk is a sample of Logstash configuration file for parsing Asterisk's CDR custom file to send it to Elasticsearch. Link to logstash-asterisk.

2015/12/24

Uncomfortable Silence

Поиск по этому блогу

Загрузка...

Ярлыки

perl (30) infosec (26) links (20) freebsd (16) url (15) ipv6 (13) zabbix (13) linux (11) mojo (10) monitoring (10) snmp (10) asterisk (9) fun (8) security (7) bgbilling (6) cisco (6) mysql (6) blogs (5) ubuntu (5) crypto (4) dlink (4) exploits (4) ipv4 (4) law (4) mikrotik (4) mojolicious (4) openssl (4) postfix (4) radio (4) tools (4) utf-8 (4) windows (4) android (3) apache (3) books (3) debug (3) dns (3) hp (3) java (3) js (3) json (3) latex (3) oracle (3) performance (3) rhel (3) ripe ncc (3) syslog (3) ubnt (3) vim (3) agi (2) atlassian (2) backup (2) bgp (2) centos (2) console (2) cpan (2) cpanmin (2) css (2) ctf (2) edge-core (2) editors (2) elasticsearch (2) git (2) gns3 (2) google (2) graphite (2) hack (2) hdd (2) hyper-v (2) isp (2) mac (2) management (2) mibs (2) microsoft (2) movie (2) msa (2) ntp (2) pentest (2) puppet (2) qa tests (2) quotes (2) reverse engeenering (2) shell (2) smpp (2) social engineering (2) ssl (2) statistic (2) storage (2) switches (2) tcp/ip (2) tex (2) usb (2) vm (2) vmware (2) websec (2) xsrf (2) yandex (2) ПДн (2) электронное правительство (2) Xorg (1) amavis (1) amazon s3 (1) analyze (1) anonymous (1) applications (1) as (1) ascii (1) autofs (1) balancer (1) bandwidth (1) bem (1) bind (1) bl (1) chef (1) chief (1) cluster (1) cnupm (1) cnupmsave (1) confluence (1) cpu (1) cvs (1) dbi (1) ddos (1) devices (1) dhcp (1) dht (1) diet (1) diskarray (1) docker (1) dummynet (1) dynax60 (1) epub (1) equipment (1) esx (1) fax (1) firmware (1) fitness (1) form (1) fs (1) fsb (1) ftp (1) golf (1) gprs (1) graphics (1) gsm (1) honeypot (1) html (1) iops (1) ios (1) ipn (1) ipsec (1) iptv (1) iso (1) itil (1) itsm (1) jabber (1) jira (1) joke (1) jsonp (1) kannel (1) logstash (1) mem (1) metasploit (1) microscope (1) mindmap (1) mobile (1) modem (1) mp3 (1) music (1) nano (1) nas (1) noc (1) ocfs2 (1) ocs2 (1) openbsd (1) openfire (1) oscm (1) ospf (1) packet tracer (1) parsing (1) pass-the-hash (1) pgu.mos.ru (1) phd (1) php (1) poe (1) ports (1) postfixadmin (1) ppp (1) profiler (1) protobuf (1) radmin (1) raid (1) repo (1) rest (1) riemann (1) rrd (1) rs-232 (1) rss (1) rtp (1) ruby (1) scanners (1) serialization (1) sip (1) skype (1) sms (1) snmptranslate (1) soap (1) spam (1) spamcop (1) spf (1) sql (1) ssrf (1) standarts (1) sudoers (1) svn (1) syslog-ng (1) tde200 (1) tftp (1) tomcat (1) tuning (1) uce (1) underground (1) ups (1) video (1) voip (1) vpn (1) wds (1) web (1) websockets (1) wireless (1) x-plane (1) xml (1) xss (1) верстка (1) гибдд (1) гипервизоры (1) здоровье (1) панчеры (1)

Subscribe in a reader

Web Analytics