Hi Dudes! Nowadays im building highload NATbox with DPDK and VPP (Vector Packet Processing).
Building system on my VirtualBox installation (CentOS 7.2 x64) with 4Gb mem and 4 cpu cores.
Continue reading
Gaming with VPP (fd.io)
Reply
Category Archives: work
PowerDNS Recursor LUA Layer
Hello! Yesterday i wrote script on LUA to rewrite records before resolve the request.
Recursor has LUA scripting support if you are install it with lua feauture support and configure with lua-dns-script.
LUA script for this target:
Continue reading
RPS software fork of RSS
Hello! Recently i found one beautiful solution – fork of RSS.
RPS Receive Packet Steering.
Continue reading
Speedup iptables with connmark!
Hello! Yesterday i worked hard, and optimize iptables with mangle table, ipset and iproute.
We want mark addresses (located in ipset) which should routed to another host, and another packets via another gateway.
Thats rules give us minimal resourses to serve only online clients (dynamicaly walked in NAT server, not statical created in iproute2 – how it worked before).
Lets start.
Continue reading
Fucking amplified NTP attacks!
After a half year we are found one solution to reject NTP amplified attacks with iptables and ipfw. Simple
Obsolete xtables RAWNAT
I have a bug with tracerts using RAWNAT from xtables-addons – there are no tracerts after RAWNAT rules, work only tracepath.
oVirt installing on CentOS 6.5
conntrack2sql
Today im wrote script that adding NAT table to SQL, because ISP want to know when and which IP assigned to user in NAT pool.
Simple
Continue reading
ipset using to speedup iptables
Hello! Now i want to explain how to integrate ipset to iptables rule.
In this way if you have one hundred or higher identical rules your CPU will be overloaded (each packet will be checked in each rule)
iptables RAW NAT
Hello! In ISP Convex we have a simple script to generate client REALIP from grey IP.
Its very simple
Continue reading