PT. Hawk Teknologi Solusi

Silahkan Cari Disini

Rabu, 24 Agustus 2011

ACK Time Out and Distance for Sectoral AP / PTMP

Sekedar info untuk Access Point dengan antena Sectoral khususnya UBNT Family ada yang berpendapat di forum luar sbb:

Auto ACK is having way too many problems. Set everything to manual.

Set the AP to 10% greater than the farthest client's actual distance.
Set the stations to 10% greater than distance back to the AP.

HOWEVER...I'm beginning to think that 10% number shouldn't be written in stone. I had one station with a 40% CCQ jump to 100% CCQ when I increased ACK from 10% to 15%. And it dropped down to around 40% when I set the ACK back to 10%.


http://208.68.95.4/forum/showthread.php?t=15162

apa itu ACK Time Out? bisa baca-baca di :

http://www.air-stream.org.au/ACK_Timeouts

Kenapa jangan auto? ini penjelasannya:

For AP configuration you want to disable auto ACK because it would be readjusting for every client on the fly which I bet would waste CPU and possibly allow the AP to miss a few packets.

For clients, which should be the same ACK since your AP does not move, auto ACK should be OK. Since hopefully you have waaaaaay more clients than APs, most of your configs should be auto ack, thus it is the default option.

For point to point shots what I have done is enable auto ack, let the link go for a bit, then observe the main screen to see what value it settles into. Then I disable auto ack and put that value plus 10% in there as a static value. I only do this because I figure it would be more CPU efficient if the AP does not have to perform the ack finding code execution.

In theory, the link should be faster since the main bottleneck for these units when used as a backbone is CPU from what I read. The less CPU you use means the more you have available to pass packets I assume. I have not taken the time to confirm this however. I just think it sounds good on paper.


http://www.ubnt.com/forum/showpost.php?p=45051&postcount=2

Nah jadi sebagai contoh di salah satu sectoral yang menggunakan ubnt rocket saya bisa lihat melalui aplikasi yang Ok banget dari ubnt = AirControl bisa dilihat jarak terjauh dari client yang terhubung ke Access Point tsb.


contoh web interface pake java aircontrol

Dari client terjauh menurut forum diatas tambahkan 15% dari jarak client terjauh jadi dalam contoh ini 1400meter + 1400meter * 15% = 1610meter di contoh ini saya jadikan 1miles ~ 1,7Km


Hasilnya bisa dilihat di Tab Main



Diharapkan dengan tidak menggunakan auto-ACK tetapi ACK mengikuti parameter jarak/Distance CCQ station-station yang terhubung ke Access Point bisa lebih stabil

Nah teori ini harus di buktikan dalam 1-2 hari kedepan , karena belum diuji :)

oh ya satu lagi dengan menggunakan AirControl maka setiap radio UBNT bisa di atur jadwal rebootnya agar memory UBNT tidak jenuh , selain itu configurasi nya juga bisa di backup secara berkala secara otomatis, untuk menggunakan AirControl tinggal download install di Ms.Windows yang sudah ada Java Virtual Machine nya lalu tinggal dibuka pake web browser .

AirControl ini ya semacam Dude kalau di Mikrotik kurang-lebih begitu ada mapnya juga






Sabtu, 09 April 2011

Yahoo Messenger address-list for Mikrotik

Reference:
http://forums.miranda-im.org/showthread.php?2810-Problem-connecting-to-Yahoo-Messenger-server


C:\Users\Harijanto>nslookup scsc.msg.yahoo.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: vcs0.msg.g03.yahoodns.net
Addresses: 98.136.48.101
98.136.48.67
98.136.48.111
98.136.48.79
98.136.48.80
98.136.48.141
98.136.48.102
98.136.48.100
Aliases: scsc.msg.yahoo.com


C:\Users\Harijanto>nslookup scs.msg.yahoo.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: vcs0.msg.g03.yahoodns.net
Addresses: 98.136.48.67
98.136.48.79
98.136.48.110
98.136.48.112
98.136.48.107
98.136.48.80
98.136.48.108
98.136.48.74
Aliases: scs.msg.yahoo.com


C:\Users\Harijanto>nslookup scsa.msg.yahoo.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: vcs0.msg.g03.yahoodns.net
Addresses: 98.136.48.78
98.136.48.70
98.136.48.67
98.136.48.107
98.136.48.114
98.136.48.80
98.136.48.104
98.136.48.81
Aliases: scsa.msg.yahoo.com


C:\Users\Harijanto>nslookup scsb.msg.yahoo.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: scsb.msg.yahoo.com


C:\Users\Harijanto>nslookup scsc.msg.yahoo.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: vcs0.msg.g03.yahoodns.net
Addresses: 98.136.48.111
98.136.48.81
98.136.48.77
98.136.48.102
98.136.48.116
98.136.48.70
98.136.48.76
98.136.48.110
Aliases: scsc.msg.yahoo.com


C:\Users\Harijanto>

/ ip firewall address-list
add list=yahoo-messenger address=98.136.48.119 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.102 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.101 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.67 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.111 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.79 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.80 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.141 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.100 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.110 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.112 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.107 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.108 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.74 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.70 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.114 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.104 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.81 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.77 comment="" disabled=no
add list=yahoo-messenger address=98.136.48.116 comment="" disabled=no

Minggu, 20 Maret 2011

Good Reference when you need migrate your cpanel server to new one

http://www.webhostinguniverse.com/tutorials/migratecpanel.htm

http://www.crucialp.com/resources/tutorials/dedicated-server/how-to-install-installing-fantastico-cpanel-whm.php

http://forum.likg.org.ua/server-side-actions/cphulkd-management-t94.html

http://forums.cpanel.net/f5/change-ttl-multiple-dns-zones-76580.html


http://linuxproblem.org/art_9.html

and this is my tips:

1. when install cpanel dnsonly with new OS like Centos 5.5 I modify the file:

more /etc/sysconfig/named
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
#
# ROOTDIR="/some/where" -- will run named in a chroot environment.
# you must set up the chroot environment
# (install the bind-chroot package) before
# doing this.
#
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, use ROOTDIR instead.
#
# ENABLE_ZONE_WRITE=yes -- If SELinux is disabled, then allow named to write
# its zone files and create files in its $ROOTDIR/var/named
# directory, necessary for DDNS and slave zone transfers.
# Slave zones should reside in the $ROOTDIR/var/named/slaves
# directory, in which case you would not need to enable zone
# writes. If SELinux is enabled, you must use only the
# 'named_write_master_zones' variable to enable zone writes.
#
# ENABLE_SDB=yes -- This enables use of 'named_sdb', which has support
# -- for the ldap, pgsql and dir zone database backends
# -- compiled in, to be used instead of named.
#
# DISABLE_NAMED_DBUS=[1y]-- If NetworkManager is enabled in any runlevel, then
# the initscript will by default enable named's D-BUS
# support with the named -D option. This setting disables
# this behavior.
#
# KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for GSS-TSIG)
ENABLE_ZONE_WRITE=yes
OPTIONS="-4"


and because cpanel not using bind-chroot so better you remove bind-chroot with command:

yum remove bind-chroot

Sabtu, 26 Februari 2011

Bonding Two ADSL

Because I must wait 1-2 months to upgrade my Intercity Leased Line (LL) between Indonesia Internet Exchange (IIX) locate in Cyber Building, South Jakarta with my remote site with distance 266km so i try using Mikrotik Interface Bonding Solution, and it works.

So this is the configuration for Mikrotik Router locate in remote site:

I used two ADSL connection

/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether1_adsl1 max-mru=1480 max-mtu=\
1480 mrru=disabled name=telkom1 password=123456 profile=pppoe \
service-name="" use-peer-dns=no user=adsl1@telkom.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether3_adsl2 max-mru=1480 max-mtu=\
1480 mrru=disabled name=telkom2 password=123456 profile=pppoe \
service-name="" use-peer-dns=no user=adsl2@telkom.net

note:

  1. password=123456 , this is just example you must using your own password
  2. user=adsl1@telkom.net, this is just example you must using your own user

[Me@RemoteSite] /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; BONDING PDA1 D3
address=1.2.3.62/30 network=1.2.3.60
interface=BONDING_PDA1_D3_EOIP actual-interface=BONDING_PDA1_D3_EOIP

5 D address=1.2.255.218/32 network=1.2.255.1 interface=telkom2
actual-interface=telkom2

6 D address=1.2.251.170/32 network=1.2.250.1 interface=telkom1
actual-interface=telkom1

note:

  1. address=1.2.3.63/30 , this is point-to-point ip address between bonding interface jakarta with remote site
  2. address=1.2.255.218/32 and address=1.2.250.170/32, this is ip address from ADSL provider, this is good because between telkom1 and telkom2 using different gateway and network so we can create different routing statick for two eoip connection for each ADSL


/ip route
add check-gateway=ping comment="DEFAULT GATEWAY via BONDING RO JAKARTA" \
disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.2.3.61 scope=30 \
target-scope=10
add comment="ROUTING To LOOPBACK1 RO JAKARTA via ADSL 1" \
disabled=no distance=1 dst-address=1.2.3.38/32 gateway=1.2.250.1 \
scope=30 target-scope=10
add comment="ROUTING To LOOPBACK2 RO JAKARTA via ADSL 2" \
disabled=no distance=1 dst-address=1.2.3.41/32 gateway=1.2.255.1 \
scope=30 target-scope=10
add comment="DNS ADSL1" disabled=no distance=1 dst-address=202.134.0.155/32 \
gateway=1.2.250.1,118.96.255.1 scope=30 target-scope=10
add comment="DNS ADSL2" disabled=no distance=1 dst-address=202.134.1.10/32 \
gateway=1.2.250.1,118.96.255.1 scope=30 target-scope=10

note:

  1. LOOPBACK1 and LOOPBACK2 is the ip address on lobridge1 and lobridge2 interface at Jakarta Router, just to make sure each eoip interface have their remote-address

/interface eoip
add arp=enabled comment="remote address 1.2.3.38 ip loopback rb1000 jkt" \
disabled=no l2mtu=65535 mac-address=02:83:30:AC:C5:18 mtu=1500 name=\
EOIP_PDA1_D3_4793 remote-address=1.2.3.38 tunnel-id=4793
add arp=enabled comment="remote address 1.2.3.41 ip loopback rb1000 jkt" \
disabled=no l2mtu=65535 mac-address=02:83:30:AC:C5:18 mtu=1500 name=\
EOIP_PDA1_D3_7814 remote-address=1.2.3.41 tunnel-id=7814

note:

  1. I using two EOIP interface , each EOIP connected using ADSL to Jakarta Router, because my Jakarta Router directly connected to IIX so from Jakarta Router to RemoteSite Router connected through IIX to ADSL provider


/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets=1.2.3.61 disabled=no \
down-delay=0ms lacp-rate=30secs link-monitoring=arp mii-interval=100ms \
mode=balance-rr mtu=1500 name=BONDING_PDA1_D3_EOIP primary=none slaves=\
EOIP_PDA1_D3_4793,EOIP_PDA1_D3_7814 transmit-hash-policy=layer-2 up-delay=\
0ms

note:

  1. arp-ip-targets=1.2.3.61, this is ip monitoring on Jakarta Router
  2. mode=balance-rr, this is bonding mode i used, balance-rr its mean the data will tx and rx using round-robin and give balance and fail-over between slave interface

I using NAT to masquerade all traffic out through Bonding interface to make sure the src-address from my remote-site is replace with IP 1.2.3.62

/ip firewall nat
add action=masquerade chain=srcnat comment="NAT via BONDING" disabled=no \
out-interface=BONDING_PDA1_D3_EOIP


And this is configuration for Mikrotik Router locate in Jakarta:

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=lobridge1 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=lobridge2 priority=0x8000 protocol-mode=none \
transmit-hold-count=6

note:

  1. lobridge interface using for ip loopback for remote-address eoip from RemoteSite


/interface eoip
add arp=enabled comment="" disabled=no l2mtu=65535 mac-address=\
02:8B:E1:15:7E:C5 mtu=1500 name=EOIP_4793 remote-address=\
1.2.251.170 tunnel-id=4793
add arp=enabled comment="" disabled=no l2mtu=65535 mac-address=\
02:8B:E1:15:7E:C5 mtu=1500 name=EOIP_7814 remote-address=\
1.2.255.218 tunnel-id=7814


/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets=1.2.3.62 comment="" \
disabled=no down-delay=0s lacp-rate=30secs link-monitoring=arp \
mii-interval=100ms mode=balance-rr mtu=1500 name=BONDING_PDA1_D3_EOIP \
primary=none slaves=EOIP_PDA1_D3_4793,EOIP_PDA1_D3_7814 \
transmit-hash-policy=layer-2 up-delay=0s


[Me@Jakarta] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
1 ;;; IIX BGP Peering
1.2.3.22/30 1.2.3.20 1.2.3.23 ether2_OIXP
5 ;;; IP Loopback1
1.2.3.38/32 1.2.3.38 1.2.3.38 lobridge1
6 ;;; IP Loopback2
1.2.3.41/32 1.2.3.41 1.2.3.41 lobridge2
11 ;;; BONDING
1.2.3.61/30 1.2.3.60 1.2.3.63 BONDING_PDA1_D3_EOIP


Note:

  1. Jakarta Router directly connected to IIX so routing table from Jakarta to ADSL at RemoteSite is through IIX and the routing table is using BGP protocol between Jakarta Router to IIX Router








Jumat, 25 Februari 2011

Youtube IP Address and how to manipulate Youtube routing in Mikrotik Router

If you have more then one ISP you can manipulate routing for Youtube traffic to ISP with the best download rate for Youtube content

/ip firewall address-list
add address=74.125.0.0/16 comment=Google disabled=no list=youtube
add address=114.112.182.156 comment=TuDou disabled=no list=youtube
add address=221.12.89.120 comment=TuDou disabled=no list=youtube
add address=64.15.112.0/20 comment=YouTube disabled=no list=youtube
add address=64.15.120.0/21 comment=YouTube disabled=no list=youtube
add address=208.65.152.0/22 comment=YouTube disabled=no list=youtube
add address=208.117.224.0/19 comment=YouTube disabled=no list=youtube
add address=209.85.128.0/17 comment=Google disabled=no list=youtube


/ip firewall mangle
add action=mark-routing chain=prerouting \
comment="Routing Mark Youtube" disabled=no \
dst-address-list=youtube new-routing-mark=youtube passthrough=no

correction:
because if you mangle routing-mark all protocol and you have email server inside your network the email from gmail will failed to received so better you just mangle routing-mark for protocol tcp dst-port 80, like this:

/ip firewall mangle
add action=mark-routing chain=prerouting comment="Routing Mark Youtube" \
disabled=no dst-address-list=youtube dst-port=80 new-routing-mark=\
youtube passthrough=no protocol=tcp

/ip route
add comment="Routing Youtube" disabled=no dst-address=0.0.0.0/0 \
gateway=1.2.3.4 routing-mark=youtube

/ip firewall nat
add action=masquerade chain=srcnat \
comment="NAT Youtube via ISP Youtube" \
disabled=no out-interface=INTERFACE_TO_ISP_YOUTUBE


Note:
  1. gateway=1.2.3.4, you must using your ISP gateway for Youtube traffic depend on your choice whic one of your ISP is best for Youtube traffic
  2. out-interface=INTERFACE_TO_ISP_YOUTUBE, change to your ISP interface at your mikrotik router

To avoid problem if your ISP for Youtube down you can copy-paste this script to mikrotik terminal:

/system script
add name=check_youtube policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
:if ( [/ping 1.2.3.4 count=1]=1) do={\r\
\n:log info \"Youtube Up\";\r\
\n:foreach i in=[/ip route find routing-mark=\"youtube\"] do={/ip route se\
t \$i disable=no};\r\
\n/tool e-mail send to=\"your@email.net\" subject=([/system ident\
ity get name] . \" Youtube Up \" . [/system clock get date]) body=\"Youtub\
e Routing Mark Enable\";\r\
\n} else={\r\
\n:log info \"Youtube Down\";\r\
\n:foreach i in=[/ip route find routing-mark=\"youtube\"] do={/ip route se\
t \$i disable=yes};\r\
\n/tool e-mail send to=\"your@email.net\" subject=([/system ident\
ity get name] . \" Youtube Down \" . [/system clock get date]) body=\"Yout\
ube Routing Mark Disable\";\r\
\n}"

and activate this script from Netwatch

/tool netwatch
add comment="Youtube Check" disabled=no down-script=check_youtube host=\
1.2.3.4 interval=1m timeout=25ms up-script=check_youtube



Source:
http://www.robtex.com/as/as36561.html#bgp

Kamis, 24 Februari 2011

Jika Paket Data Tidak mau jalan lewat tunnel







Kadang kala pengiriman data via tunnel mengalami kendala khususnya paket-paket TCP, jika anda menghadapi masalah tersebut jangan pusing solusinya adalah buat mangle di chain forward utk tcp syn action change mss clamp to pmtu, tujuannya agar tunnel tersebut bisa mengatur parameter MTU (Maximum Transfer Unit) yang mungkin berbeda diantara end-point tersebut