PT. Hawk Teknologi Solusi

Silahkan Cari Disini

Kamis, 26 Maret 2009

No more "overrun: No buffer space available"

Setelah berhari-hari mencari akhirnya ketemu juga jawabannya agar quagga di fedora 9 tidak muncul error "netlink-listen: overrun: No buffer space available"

ternyata di fedora 9 configurasinya ada di /etc/sysconfig/quagga yang isinya:

#
# Default: Bind all daemon vtys to the loopback(s) only
#
QCONFDIR="/etc/quagga"
BGPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/bgpd.conf"
OSPF6D_OPTS="-A ::1 -f ${QCONFDIR}/ospf6d.conf"
OSPFD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ospfd.conf"
RIPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ripd.conf"
RIPNGD_OPTS="-A ::1 -f ${QCONFDIR}/ripngd.conf"
#ZEBRA_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/zebra.conf"
ZEBRA_OPTS="-A 127.0.0.1 --nl-bufsize 200000 -f ${QCONFDIR}/zebra.conf"

ISISD_OPTS="-A ::1 -f ${QCONFDIR}/isisd.conf"

# Watchquagga configuration (please check timer values before using):
WATCH_OPTS=""
WATCH_DAEMONS="zebra bgpd ospfd ospf6d ripd ripngd"
# To enable restarts, uncomment this line (but first be sure to edit
# the WATCH_DAEMONS line to reflect the daemons you are actually using):
#WATCH_OPTS="-Az -b_ -r/sbin/service_%s_restart -s/sbin/service_%s_start -k/sbin/service_%s_stop"


pada baris ZEBRA_OPTS rubah menjadi

ZEBRA_OPTS="-A 127.0.0.1 --nl-bufsize 200000 -f ${QCONFDIR}/zebra.conf"


aslinya

ZEBRA_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/zebra.conf"

setelah /etc/sysconfig/quagga diedit lalu restart service zebra dan bgpd

sumber:
http://lists.quagga.net/pipermail/quagga-users/2005-May/004524.html

Jumat, 20 Maret 2009

Solve Problem with nf_conntrack: table full, dropping packet

When i have the problem with "nf_conntrack: table full, dropping packet"
the problem was solved after i read this article from:


http://paulroberts69.spaces.live.com/blog/cns!665BC38F152E1206!1645.entry

nf_conntrack: table full, dropping packet.

If you see this message "nf_conntrack: table full, dropping packet" in your syslog on a Linux box, it's likely that it's having comms problems. I saw this recently on a DNS server that looked like it was being attacked. The problem is that when this happens, normal DNS resolution is interrupted.

I haven't found a decent solution yet, but it seems that if the system has lots of RAM then you can increase the nf_conntrack_max kernel parameter (my system is running iptables, which I assume the "netfilter" module has something to do with).

On a 2.6 kernel, you can go to /proc/sys/net/netfilter and check some of the values. For instance, nf_conntrack_count shows you the current value while nf_conntrack_max is the maximum value that is set.

You can just cat these values or use sysctl to view them:

# sysctl net.netfilter.nf_conntrack_max
net.netfilter.nf_conntrack_max = 65536

# sysctl net.netfilter.nf_conntrack_count
net.netfilter.nf_conntrack_count = 45033

To change the value, use the -w switch (in this example I've doubled the value):

# sysctl -w net.netfilter.nf_conntrack_max=131072

I think that in order to make this permanent across reboots, you'll need to add this line to the bottom of /etc/sysctl.conf:

net.netfilter.nf_conntrack_max=131072


another reference
TCP Tuning Guide:

http://fasterdata.es.net/TCP-tuning/linux.html

Minggu, 01 Maret 2009

Fail Over Layer 2 tanpa STP menggunakan script dan bridge

Seringkali kita membutuhkan link yang bisa fail-over di layer 2 tetapi tidak memungkinkan menggunakan STP maka cara demikian bisa menjadi pilihan.

Skenario



|-[Link-1]-|eth1 comment "backhaul"|
[Internet]-[R1 1.1.1.1/30]-| [R2 1.1.1.2 Distribusi ]->[To User]
|-[Link-2]-|eth2 comment "backup" |


Keterangan:
----------
1. R2 Distribusi memiliki minimal dua interface untuk link ke R1, misal eth1 diberi comment="backhaul" dan eth2 diberi comment="backup", lalu eth1 dan eth2 tsb di jadikan satu bridge misal dengan nama bridge1
2. IP point to point R2 ke R1 di pasang di interface bridge1

Contoh Scipt check_backhaul dan schedulernya bisa diimport dari script dibawah ini

Script:
------

# mar/01/2009 17:27:17 by RouterOS 3.13
# software id = 9CS2-87N
#
/system script
add name=check_backhaul policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="/interface\
disable [/interface find comment=\"backup\"]\r\
\n/interface enable [/interface find comment=\"backhaul\"]\r\
\n:log info \"Waiting 15s Backhaul Forward Packet\";\r\
\n:delay 15s;\r\
\n:if ( [/ping 1.1.1.1 count=1]=1) do={\r\
\n:log info \"Backhaul Up\"\r\
\n} else={\r\
\n:log info \"Backhaul Down\";\r\
\n\
\n/interface disable [/interface find comment=\"backhaul\"]\r\
\n/interface enable [/interface find comment=\"backup\"]\r\
\n:delay 15s;\r\
\n\
\n/tool e-mail send to=\"support@domain.anda\" subject=([/system ide\
ntity get name] . \" Microwave Down \" . [/system clock get date]) body=\"\
Backup with Mikrotik!\";\
\n\
\n\
\n\
\n\
\n\
\n\
\n\
\n\r\
\n}"


# mar/01/2009 17:30:30 by RouterOS 3.13
# software id = 9CS2-87N
#
/system scheduler
add comment="" disabled=no interval=5m name=sched_check_backhaul on-event=\
check_backhaul start-date=jan/01/1970 start-time=00:00:00


Keterangan:
----------
Setiap 5 menit sekali script check_backhaul dijalankan dengan mengenable interface dengan comment "backhaul" lalu melakukan ping ke 1.1.1.1 jika rto maka interface dengan comment "backhaul" akan di disable lalu meng-enable interface dengan comment "backup"

Disable Redirect Proxy Jika Proxy RTO

Jika suatu saat proxy server down maka redirect ke proxy harus didisable
berikut adalah contoh script agar per 5 menit sekali mikrotik melakukan ping ke proxy (dalam contoh ini proxy server menggunakan ip = 1.2.3.4) jika ip 1.2.3.4 tidak bisa diping maka script "check_proxy" akan mendisable semua redirect ke ip 1.2.3.4



# mar/01/2009 17:27:17 by RouterOS 3.13
# software id = 9CS2-87N
#
/system script
add name=check_proxy policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ( [/pi\
ng 1.2.3.4 count=1]=1) do={\r\
\n:log info \"Proxy Up\";\r\
\n:foreach i in=[/ip firewall nat find action=\"dst-nat\" to-addresses=\"1\
.2.3.4\"] do={/ip firewall nat set \$i disable=no};\r\
\n} else={\r\
\n:log info \"Proxy Down\";\r\
\n:foreach i in=[/ip firewall nat find action=\"dst-nat\" to-addresses=\"1\
.2.3.4\"] do={/ip firewall nat set \$i disable=yes};\r\
\n/tool e-mail send to=\"support@domain.anda\" subject=([/system ide\
ntity get name] . \" Proxy Down \" . [/system clock get date]) body=\"Prox\
y Redirect Disable\";\
\n\
\n\
\n\
\n\
\n\
\n\
\n\
\n\r\
\n}"

# mar/01/2009 17:30:30 by RouterOS 3.13
# software id = 9CS2-87N
#
/system scheduler
add comment="" disabled=no interval=5m name=sched_check_proxy on-event=\
check_proxy start-date=jan/01/1970 start-time=00:00:00