You are here:

Wed, 28 Sep 2011

How to properly route packages on hosts with multiple NICs?

Dear lazyweb,

I'm encountering a routing problem on one of my Linux machine, for which I haven't found a solution so far. I have a machine which has several network interfaces in different network (it's our monitoring system). So I have eth0 with 192.168.1.2 and eth1 with 10.0.0.2, and an dns entry pointing from myname to 192.168.1.2.

Problems occur, if hosts in the 10.x.x.x network try to access the hosts. Accessing it via it's IP address in that network works, however if they try to access him via his other IP address 192.168.1.2 (e.g. because they resolve it via dns), it leads to some problems:

The host send their packet to his IP address (which works), however when my machine sends the answer, it takes a shortcut, and sends them directly via eth1 and with 10.0.0.2 as source IP. This however gets filtered by a (stateful) firewall somewhere in between, as packet send to 192.168.1.2 are suddenly answered by 10.0.0.2.

So far I found two solutions: Adjust the DNS to resolve to different IPs depending on the source of the request (ugly) or tell all firewalls to always let packet from my host pass, despite the changes source IP (also ugly, and probably quite some work).

Is there anything else I can do? What I would really like, would be a way to tell my linux box to always respond with the IP it was talked to, even if there would be a shorter way to the origin according to the routing rable. So, if a host 10.0.0.42 contacts my host via the IP 192.168.1.2, the answer packet should come from 192.168.1.2 via eth0 instead of instead of having a source IP set to 10.0.0.2, it should be send via eth1. Is that somehow possible?

Update: Wow, that was fast! The ink of my blog is still fresh, and I already got the answer! The solution to my problem is policy based routing. Thanks to weasel, Peter and Dale for their pointers! More information available at http://lartc.org/howto/lartc.rpdb.html, http://www.itbuzzer.net/corner/2007/09/how-to-implement-source-routing-with.asp or http://wiki.georgweiss.de/Linux/source_routing.

postet at 13:25 into [Debian] permanent link


Fri, 19 Aug 2011

How to read ftp-masters package numbers table

In my previous blog about Debian's growing archive size I pointed as reference to an hard to read table on the ftp-master server, and missed that the table is not self explanatory and on the first glance hard to read.

The table currently looks like the following:

               |  e   |  s   | p-u  |  t   |  u   |t-p-u | l-r  | s-u  |  o   |o-p-u | s-r  |
---------------------------------------------------------------------------------------------
     all       | 1096 |12034 |   70 |14442 |15784 |   20 |    1 |   12 | 8910 |  230 |    0 |
    alpha      |    - |    - |    - |    - |    - |    - |    - |    - |13183 |  297 |    - |
    amd64      | 1164 |16997 |  242 |18581 |19605 |   39 |    - |   21 |13964 |  342 |    - |
     arm       |    - |    - |    - |    - |    - |    - |    - |    - |13251 |  291 |    - |
    armel      |  988 |16401 |  239 |17879 |18680 |   39 |    - |   21 |13411 |  327 |    - |
     hppa      |    - |    - |    - |    - |    - |    - |    - |    - |13227 |  264 |    - |
  hurd-i386    |  445 |    - |    - |    - |12622 |    - |    - |    - |    - |    - |    - |
     i386      | 1178 |17188 |  242 |18727 |19751 |   39 |    - |   21 |14377 |  350 |    - |
     ia64      |  951 |16036 |  239 |17303 |18045 |   39 |    - |   21 |13554 |  329 |    - |
kfreebsd-amd64 |  807 |14499 |  231 |15905 |16480 |   39 |    - |   21 |    - |    - |    - |
kfreebsd-i386  |  826 |14491 |  231 |15881 |16498 |   39 |    - |   21 |    - |    - |    - |
     mips      |  974 |16269 |  241 |17730 |18504 |   39 |    - |   21 |13638 |  323 |    - |
    mipsel     |  984 |16291 |  239 |17807 |18558 |   39 |    - |   21 |13600 |  319 |    - |
   powerpc     | 1078 |16677 |  239 |18156 |19036 |   39 |    - |   21 |13872 |  332 |    - |
     s390      | 1030 |16252 |  239 |17678 |18469 |   39 |    - |   21 |13331 |  327 |    - |
    source     |  522 |14974 |   51 |16376 |17405 |    1 |   19 |    6 |12519 |   75 |  151 |
    sparc      |  992 |16423 |  239 |17895 |18673 |   39 |    - |   21 |13542 |  329 |    - |

The lines represent different hardware architectures Debian supports, like amd64 (for 64-Bit PCs), i386 (for 32-Bit PCs), etc. Two lines are kind of special, the one marked source and the one marked all. Let's start with the source line: That counts the number of source packages. Those are rarely seen by end users. Source packages contain the actual source needed to build a package, as well as Debian specific changes and a blue print on how to create an actual installable binary package from the source.

As you can see Debian supports quite some architectures, which leads to a small problem on the mirrors: Quite a lot shipped in Debian is actually architecture independent. For example documentation, most sound and graphic files, or level data for a game. To avoid storing the very same date multiple times, Debian makes haeavy use of so called arch: all packages. You might have noticed them already while installing them:

Hole:5 ftp://ftp.rrzn.uni-hannover.de/debian/debian/ squeeze/main extremetuxracer-data all 0.4-4 [28,1 MB]
Hole:6 ftp://ftp.rrzn.uni-hannover.de/debian/debian/ squeeze/main extremetuxracer amd64 0.4-4 [273 kB]

In this example I installed a quite small game on the amd64 architecture, which depends on a quite big architecture independent package (notice the all between package name and version) containing it's data.

So, to get the actual number of packages a user can install on a specific architecture, one has to add the number in the all line to the number in the specific architecture line.

But what column to pick?

The columns represent so called suites. The s is for stable, currently Debian 6.0 aka Squeeze and o for oldstable, aka Debian 5.0 Lenny. The t is for testing, aka Wheezy or the upcoming Debian 7.0. The u is for unstable aka sid. The e is for experimental, used for stuff probably not yet ready to be part of a stable release and therefore not uploaded to unstable. The rest is not that interesting (as you see it's mostly empty anyway), like s-u for stable updates, several p-u suites for proposed-updates (that is stuff that might end up in the next point release, and should be tested). And then we have s-r and l-r which I forgot what they are about... Sorry.

But back to topic: As I explained briefly a source package is mostly used internally, but may create several binary packages, which a user can install. So the most interesting number for users is the number of binary packages on an arch. So we usually publish this number. So for example, using squeeze on i386 you can install: 17'188 (architecture dependent packages, column s row i386) + 12'034 (architecture independent packages columns s row all) = 29'222 packages. And for completeness: They are build from 14'974 source packages (row source column s).

So if look that up for unstable on amd64 you should get to the result 35'389 binary packages build from 17'405 source packages. Slightly less than I reported yesterday, because we removed some old stuff e.g. obsolete libraries in the meantime.

Update: Jörg just explained me, that the s-r and l-r are there to ensure Debian complies with the GPL. They hold the sources of everything shipped in the original lenny and squeeze releases.

Update 2: Jörg explained it to me again: s-r and l-r contains sources used without being referenced by a package, and so might get lost otherwise. One example is the kernel used by the debian installation system. You have to boot a kernel somehow, so it can't be packaged. But we still need to save the sources, so it is referenced in these suites and won't get lost.

postet at 13:33 into [Debian] permanent link


Thu, 18 Aug 2011

The Debian archive is getting bigger every day

When Debian squeeze was released in February, it was shipped with slightly less than 30'000 packages. So it was just a matter of time till we also break that border. However, I was quite surprised when I checked the numbers lately and noticed that by now we not only broke the 30'000 packages border but also the 35'000 package!

Right now there are 35403 packages available for installation in Debian's unstable branch for the amd64 / 64-Bit-PC architecture! Wow!

postet at 08:13 into [Debian] permanent link


Tue, 16 Aug 2011

Happy Birthday!

birthday card

Happy Birthday, Debian!

Should you have the time, take a look at http://thank-you.debian.net/ and thank some package maintainers or other teams. Also it's not to late to organise a spontaneous DebianDay Party in your city!

Picture by Valessio Brito licensed under the terms of the GPLv2. Source available at http://valessiobrito.info/d18th/.

postet at 14:15 into [Debian] permanent link


Tue, 26 Jul 2011

-273,15, aka Absolute Zero

Continuing the shameless self-praise from our ftp-team talk, I'm now pleased to present you on behalf of the entire FTP-Team the following:

As you can clearly see, you can see nothing. Yes, nothing! As of 18:55:52 UTC+2 the NEW queue, which at some times was well over 500, sometimes even 600 packages is now empty. Completely empty.

To the best of my (and Ganneff's knowledge) the last time the NEW queue was empty was at least five years ago.

Interesting enough, that triggered an yet undiscovered bug in dak, which refused to scan an empty directory...

postet at 21:44 into [Debian] permanent link


<<  1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87  >>

About

Alexander Tolimar Reichle-Schmehl lives in Tuttlingen / Germany. Hw works as IT manager (specialized on Unix and SAN/Storage) for an international automotive supplier.

Links