1.基于网络设备的负载均衡
2.基于操作系统的负载均衡
####Cisio的以太网通道
把3-4根线连在一起,把单车道变成4车道 1根线为100M 3根就变成300M,通道技术
wujcheng
wujcheng
/ apple_dns
Created
March 2, 2019 17:40
— forked from billryan/apple_dns
Unbound configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| forward-zone: | |
| name: "apple.com" | |
| forward-addr: 223.5.5.5 | |
| forward-zone: | |
| name: "itunes.com" | |
| forward-addr: 223.5.5.5 | |
| forward-zone: | |
| name: "akadns.net" | |
| forward-addr: 223.5.5.5 | |
| forward-zone: |
wujcheng
/ dump_mac_table.pl
Created
January 27, 2019 09:13
— forked from rbenigno/dump_mac_table.pl
Use SNMP to dump mac address to port mappings from a switch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # | |
| # Purpose: Dump mac address to port mappings from a switch | |
| # | |
| # Usage: ./dump_mac_table.pl <switch ip/hostname> [community] | |
| # | |
| # Requires: | |
| # - CPAN SNMP::Info module (hint: cpan SNMP::Info) | |
| # - Cisco SNMP MIBs | |
| # ftp://ftp.cisco.com/pub/mibs/v1/v1.tar.gz |
wujcheng
/ nginx.conf
Created
January 8, 2019 00:35
— forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
wujcheng
/ qemu-networking.md
Created
January 1, 2019 04:00
— forked from extremecoders-re/qemu-networking.md
Setting up Qemu with a tap interface
wujcheng
/ tunnel.sh
Created
September 26, 2018 05:55
— forked from vishvananda/tunnel.sh
Script to set up an ipsec tunnel between two machines
For Example: ./tunnel.sh 10.10.10.1 10.10.10.2 192.168.0.1 192.168.0.2 would set up an ipsec tunnel over 10.10.10.1 address using 192.168.0.1 as a virtual address
passwordless sudo required for user on remote machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "$4" == "" ]; then | |
| echo "usage: $0 <local_ip> <remote_ip> <new_local_ip> <new_remote_ip>" | |
| echo "creates an ipsec tunnel between two machines" | |
| exit 1 | |
| fi | |
| SRC="$1"; shift | |
| DST="$1"; shift |
wujcheng
/ wireguard.md
Created
September 24, 2018 12:18
— forked from cute/wireguard.md
1:设置
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
sudo sysctl -p
2:安装
https://www.wireguard.com/install/
wujcheng
/ nodejs-ubuntu-bind-port-80.md
Created
September 11, 2018 14:51
— forked from drawveloper/nodejs-ubuntu-bind-port-80.md
Allow Node.js to bind to privileged ports without root access on Ubuntu
Only do this if you understand the consequences: all node programs will be able to bind on ports < 1024
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/node
Important: your node location may vary. Use which node to find it, or use it directly in the command:
wujcheng
/ ss-redir 透明代理.md
Created
September 10, 2018 23:18
— forked from wen-long/ss-redir 透明代理.md
ss-redir 透明代理.md
##ss-redir 的 iptables 配置(透明代理)
透明代理指对客户端透明,客户端不需要进行任何设置就使用了网管设置的代理规则
创建 /etc/ss-redir.json 本地监听 7777
运行ss-redir -v -c /etc/ss-redir.json
iptables -t nat -N SHADOWSOCKS
# 在 nat 表中创建新链
iptables -t nat -A SHADOWSOCKS -p tcp --dport 23596 -j RETURN
# 23596 是 ss 代理服务器的端口,即远程 shadowsocks 服务器提供服务的端口,如果你有多个 ip 可用,但端口一致,就设置这个
wujcheng
/ Naive-VPN.md
Created
August 26, 2018 04:52
— forked from evvil/Naive-VPN.md
朴素VPN:一个纯内核级静态隧道
由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
NewerOlder