Re: per host bandwidth limit

2001-06-17 Thread Jason Lim 

Do they all have their own IPs within your lan? You could limit bandwidth
on a per-IP level if you want. That way, if they decide to play with
napster and stuff, they will then have to suffer with low webpage loading,
slow email, etc. That might encourage them NOT to use those types of
programs anymore.

That would not help if you really want to just slow down and limit their
use of audiogalaxy and stuff like that though.

Sincerely,
Jason

- Original Message -
From: "PiotR" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 17, 2001 1:25 PM
Subject: per host bandwidth limit


> Hi, is there a way to limit the bandwidth in a "per hosts" basis?
>
> I'm actually using CBQ / SFQ to limit bandwith for two networks in an
internet
> link.
>
> It's possible with the linux kernel+iptables+tc to make a packet queue
with
> TOS based priority?
>
> My coleagues are eating a lot of bw with the use of audiogalaxy and that
kind
> of peer2peer downloaders. I would like the packets with No delay TOS
like
> telnet and stuff, to get a high priority and not have to wait for their
place
> on the queue.
>
> Excuse me for my bad english, but I'm not native speaker.
>
> Regards.
> --
>  ... ___ ...
> |   /| |\   |
> |  /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/ |-\  |
> o-|--| e-mail: [EMAIL PROTECTED]   |--|-o
> |  \-| finger [EMAIL PROTECTED] for public gnupg key |-/  |
> |...\|_|/...|
>
> :wq
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Hard disk lock down.

2001-06-17 Thread Cho Yoonbae 

Hi,

I am operating an server with P3 850*1, 512MB, 90GB storage. (two 45GB)

blue:~# df -H
FilesystemSize  Used Avail Use% Mounted on
/dev/hda1 2.0G  233M  1.6G  13% /
/dev/hda3  32G  2.6G   27G   9% /var
/dev/hda4  10G  646M  9.1G   7% /premium
/dev/hdb2  43G  9.2G   32G  23% /home

sometimes when my user commands "mv" or "chmod" in telnet or ftp,
directory are locked down. (under /home)
so any user(even root!) enter that directory and command in that directory
until reboot the system.

this situation is not usual. but sometimes occurs.
So I have to monitor always and reboot the system!!

another important thing is that while system is in that situation,
system's load is higher and higher. even 37 in result of  "uptime".

what cause this problem?
¡CRP‚D€Dzf¢–Úy¸šž+)­ê®zËeŠËluæâjz+ƒ­…«.n7œ¶‡îžË›±Êâmäë¢æåx*'µ§-–+-™«-z¹b²Ûy¸šžŠà

redundancy via DNS

2001-06-17 Thread :yegon 

we have several servers colocated with several ISP's
i am trying to sort out some configuration that would ensure good uptime for
customers

i want to place the html documents of every customer on two separate servers
connected to separate ISP's
the dns servers will point to one server and the second one will be just a
backup, in case the main server goes down we just change the DNS and point
the affected domains to the backup server. when the main server is back up
the dns changes back to normal

and now my questions:
1. what should the times in zone files be set to to enable the dns change to
be propagated very quickly, say 5 minutes max.
   is it possible/wise to use TTL=0

2. if a domain has 2 name servers set during registration, are both of these
servers used for lookups? Or is it so that just the primary is querried if
it works, and the secondary is querried only if the primary is not
responding?

3. is this whole idea worth consideration anyway or should I forget it?


thanks for answers

Martin Dragun


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: redundancy via DNS

2001-06-17 Thread Jason Lim 

It would depend on how popular the sites hosted on the servers were. If
you set a the times to be too low, say 1 minute, then every time someone
looks up the DNS records, then BLAM... your dns servers are hit because
things aren't cached anywhere.

So I would use something like an hour (we use this). An hour is reasonable
unless you need total 100% uptime. If you needed 100% uptime, you wouldn't
just rely on DNS for this anyway. You'd need something more reliable like
IP takeover, dedicated hardware solutions, etc. Depends greatly on what
your budget is. The dns servers are queried randomly, so say you have 4
DNS servers listed, then each 4, in theory, should get approximately the
same amount of traffic. If one of them goes down, then the client SHOULD
try the next available dns server.

You'd also want to colocate somewhere WAY out of the same network
neighbourhood. Interestingly a few of our clients from the USA do this.
Since we are located in Hong Kong, our networks are totally seperate from
anything you use in the USA. So when these california blackouts (is that
the right term?) hit them, they were fine. If you really want to keep
everything in the USA, try and find totally seperate networks... and i
mean totally (if you want to be real safe). UUnet and the big boys in the
USA tend to have a few core NOCs (even if they tell you everything is
distributed and safe, blah blah blah), and if any one of them is hit with
a blackout, earthquake, etc. then the whole network is affected. This
happened to UUnet in one of the countries in Asia (won't mention which
country it just in case UUnet is watching this) once... something happened
to one of their core international-link routers, and many countries were
affected, including the one our client was in. UUnet may deny it but we...
the people who actually use them... know the true story ;-)

Anyway, if you're really into reliability, you might want to colocate in
hong kong. Can't get much more diversified network-wise than that. Email
me back if you're interested in working something out. Otherwise, consider
the above carefully about the US networks.

Sincerely,
Jason

- Original Message -
From: ":yegon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 17, 2001 8:50 PM
Subject: redundancy via DNS


> we have several servers colocated with several ISP's
> i am trying to sort out some configuration that would ensure good uptime
for
> customers
>
> i want to place the html documents of every customer on two separate
servers
> connected to separate ISP's
> the dns servers will point to one server and the second one will be just
a
> backup, in case the main server goes down we just change the DNS and
point
> the affected domains to the backup server. when the main server is back
up
> the dns changes back to normal
>
> and now my questions:
> 1. what should the times in zone files be set to to enable the dns
change to
> be propagated very quickly, say 5 minutes max.
>is it possible/wise to use TTL=0
>
> 2. if a domain has 2 name servers set during registration, are both of
these
> servers used for lookups? Or is it so that just the primary is querried
if
> it works, and the secondary is querried only if the primary is not
> responding?
>
> 3. is this whole idea worth consideration anyway or should I forget it?
>
>
> thanks for answers
>
> Martin Dragun
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: redundancy via DNS

2001-06-17 Thread Ken Seefried 


There are a number of very effect "appliance" style solutions to doing this. 
Please have a look at RadWare (WSD) and F5 Networks (3DNS); I have had great 
success with both companies.  The bonus is that these solutions can 
automaticly determine if a server is up. 

Ken Seefried, CISSP 

:yegon writes: 

> we have several servers colocated with several ISP's
> i am trying to sort out some configuration that would ensure good uptime for
> customers 
> 
> i want to place the html documents of every customer on two separate servers
> connected to separate ISP's
> the dns servers will point to one server and the second one will be just a
> backup, in case the main server goes down we just change the DNS and point
> the affected domains to the backup server. when the main server is back up
> the dns changes back to normal 
> 
> and now my questions:
> 1. what should the times in zone files be set to to enable the dns change to
> be propagated very quickly, say 5 minutes max.
>is it possible/wise to use TTL=0 
> 
> 2. if a domain has 2 name servers set during registration, are both of these
> servers used for lookups? Or is it so that just the primary is querried if
> it works, and the secondary is querried only if the primary is not
> responding? 
> 
> 3. is this whole idea worth consideration anyway or should I forget it? 
> 
> 
> thanks for answers 
> 
> Martin Dragun 
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] 
> 
 


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Remote Resue Disk

2001-06-17 Thread Florian Friesdorf 

On Sat, Jun 16, 2001 at 05:02:55PM +0800, Jason Lim wrote:
> Hi all,
> 
> I was about to develop my own "Remove Rescue Disk)... but thought maybe
> you had a better idea or had already done this...
> 
> Regularly if the hard disk fails or needs a manual fsck (usually just
> pressing y throughout), then it means a trip to the datacenter at whatever
> ungodly hour it may be for this relatively simple task.
> 
> If it was possible to create a boot disk with a simple telnetd (and
> minimum network support) and static e2fsck utilities, then, in theory, all
> that needs to be done is to insert the disk, reboot the server, and the
> telnetd binds to a special, pre-defined IP just for this emergency
> purpose. Then I can telnet in from home or wherever, run e2fsck, mount the
> drives, see /var/log/syslog, etc. to see what went wrong. After the
> repairs, the disk can be removed, and server rebooted.
> 
> Does this sound realistic? Even if 2 disks or even 3 were required, if it
> means I can save a trip to the datacenter it would be worthwhile to do.
> 
> Perhaps you guys have thought of something similar, or maybe there already
> IS something like this out there? Any ideas/suggestions would be greatly
> appreciated.

Another approach would be, (however you need at least 2 computers) to
connect the computers serial ports with null-modem cables and tell lilo
and the kernel to use the serial port as console.

You then logon on the one computer to get the console of the other.

Kind of a cheap console server.

I have not tried it, but I think it should work.
Could someone comment on this?


florian

-- 
 Florian Friesdorf <[EMAIL PROTECTED]>
OpenPGP key available on public key servers

--> Save the future of Open Source <--
-> Online-Petition against Software Patents <-
--> http://petition.eurolinux.org <---

 PGP signature

Re: redundancy via DNS

2001-06-17 Thread Jason Lim 

I mentioned "hardware solutions" in my email...

however, the cost of these hardware appliances is pretty high. In theory,
you can do the same thing with a properly configured linux server at less
than half the price. Of course... the money is in the configuration ;-)

Sincerely,
Jason

- Original Message -
From: "Ken Seefried" <[EMAIL PROTECTED]>
To: ":yegon" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, June 17, 2001 10:33 PM
Subject: Re: redundancy via DNS


>
> There are a number of very effect "appliance" style solutions to doing
this.
> Please have a look at RadWare (WSD) and F5 Networks (3DNS); I have had
great
> success with both companies.  The bonus is that these solutions can
> automaticly determine if a server is up.
>
> Ken Seefried, CISSP
>
> :yegon writes:
>
> > we have several servers colocated with several ISP's
> > i am trying to sort out some configuration that would ensure good
uptime for
> > customers
> >
> > i want to place the html documents of every customer on two separate
servers
> > connected to separate ISP's
> > the dns servers will point to one server and the second one will be
just a
> > backup, in case the main server goes down we just change the DNS and
point
> > the affected domains to the backup server. when the main server is
back up
> > the dns changes back to normal
> >
> > and now my questions:
> > 1. what should the times in zone files be set to to enable the dns
change to
> > be propagated very quickly, say 5 minutes max.
> >is it possible/wise to use TTL=0
> >
> > 2. if a domain has 2 name servers set during registration, are both of
these
> > servers used for lookups? Or is it so that just the primary is
querried if
> > it works, and the secondary is querried only if the primary is not
> > responding?
> >
> > 3. is this whole idea worth consideration anyway or should I forget
it?
> >
> >
> > thanks for answers
> >
> > Martin Dragun
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
> >
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: Remote Resue Disk

2001-06-17 Thread Michael R. Schwarzbach 

 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> -Original Message-
> From: Florian Friesdorf [mailto:[EMAIL PROTECTED]]On Behalf Of
> Florian Friesdorf
> Sent: Sonntag, 17. Juni 2001 16:40
> To: [EMAIL PROTECTED]
> Subject: Re: Remote Resue Disk
> 
> 
> On Sat, Jun 16, 2001 at 05:02:55PM +0800, Jason Lim wrote:
> > Hi all,
> >
> > I was about to develop my own "Remove Rescue Disk)... but thought
> > maybe you had a better idea or had already done this...
> >
> > Regularly if the hard disk fails or needs a manual fsck (usually
> > just pressing y throughout), then it means a trip to the
> > datacenter  
> at whatever
> > ungodly hour it may be for this relatively simple task.
> >
> > If it was possible to create a boot disk with a simple telnetd
> > (and minimum network support) and static e2fsck utilities, then,
> > in  
> theory, all
> > that needs to be done is to insert the disk, reboot the server,
> > and the telnetd binds to a special, pre-defined IP just for this
> > emergency purpose. Then I can telnet in from home or wherever,
> > run 
> e2fsck, mount the
> > drives, see /var/log/syslog, etc. to see what went wrong. After
> > the repairs, the disk can be removed, and server rebooted.
> >
> > Does this sound realistic? Even if 2 disks or even 3 were 
> required, if it
> > means I can save a trip to the datacenter it would be worthwhile
> > to do. 
> >
> > Perhaps you guys have thought of something similar, or maybe 
> there already
> > IS something like this out there? Any ideas/suggestions would be
> > greatly appreciated.
> 
> Another approach would be, (however you need at least 2 computers)
> to connect the computers serial ports with null-modem cables and
> tell lilo and the kernel to use the serial port as console.
> 
> You then logon on the one computer to get the console of the other.
> 
> Kind of a cheap console server.
> 
> I have not tried it, but I think it should work.
> Could someone comment on this?
> 
> 
> florian
> 

Hi Flo!

I'm using this solution for my ISDN-Router. This is a small linux-box
with no vga-card. You have to add the line "console=ttyS0" to your
lilo config, and then you can use a terminal program (minicom, etc.)
to control the box. If you add a serial getty in your /etc/inittab,
you have a console too. (this is very usefull, if your nic isn't
working:) )

Michael Schwarzbach
 
+--+
|  /"\ |
|  \ / |
|   X  ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL   |
|  / \ |
`~~'
 

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBOyzifgUqVktPGYHYEQLElACgldup8i5bFF5GmiyNyoRbN5esL8QAoN70
pH6RkeqoKIbBtc+fKKYNjF/p
=HsyH
-END PGP SIGNATURE-


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Maildir vs mbox

2001-06-17 Thread Fraser Campbell 

Cameron Moore <[EMAIL PROTECTED]> writes:

> I can almost guarantee that you will see a performance increase.  Also
> note that you don't have to change to postfix.  You can configure
> sendmail to use whatever local delivery agent you want (ie. something
> like maildrop http://www.flounder.net/~mrsam/maildrop/).

You were *very* correct.  I finally got around to doing this conversion last
week.   This is a small mail system (about 50 mail accounts) but the email
system is used heavily by all of these user resulting in very large IMAP
mailboxes (many folder approaching 100 MB).

As I said in the previous email, during the business hours the load was
rarely below 2, often over 3 and the system was almost unusable (IMAP
timeouts for many users).

After the upgrade the load has dropped to being mostly 0, even with 34 IMAP
users connected, Maildir was definitely worth the conversion pain.  I did
convert the system to postfix but as many people have pointed you could quite
happily keep sendmail and deliver to Maildir boxes using procmail (>=3.15) or
maildrop.

Courier-imap is the imap daemon I chose.

--
Fraser Campbell <[EMAIL PROTECTED]>  Starnix Inc.
Telephone: (905) 771-0017   Thornhill, Ontario, Canada
http://www.starnix.com/ Professional Linux Services & Products


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Remote Resue Disk

2001-06-17 Thread Jason Lim 

Hi Michael,

Supposing linux does NOT boot up properly (eg. automatic e2fsck does not
fix disk, and needs to be run manually), is it possible, using your serial
getty solution, to SEE the screen and input anything at that point? That
sounds like it might help solve lots of problems... but not if it only
starts AFTER e2fsck is suppose to run.

Sincerely,
Jason

- Original Message -
From: "Michael R. Schwarzbach" <[EMAIL PROTECTED]>
To: "Florian Friesdorf" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, June 18, 2001 1:04 AM
Subject: RE: Remote Resue Disk


>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> > -Original Message-
> > From: Florian Friesdorf [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Florian Friesdorf
> > Sent: Sonntag, 17. Juni 2001 16:40
> > To: [EMAIL PROTECTED]
> > Subject: Re: Remote Resue Disk
> >
> >
> > On Sat, Jun 16, 2001 at 05:02:55PM +0800, Jason Lim wrote:
> > > Hi all,
> > >
> > > I was about to develop my own "Remove Rescue Disk)... but thought
> > > maybe you had a better idea or had already done this...
> > >
> > > Regularly if the hard disk fails or needs a manual fsck (usually
> > > just pressing y throughout), then it means a trip to the
> > > datacenter
> > at whatever
> > > ungodly hour it may be for this relatively simple task.
> > >
> > > If it was possible to create a boot disk with a simple telnetd
> > > (and minimum network support) and static e2fsck utilities, then,
> > > in
> > theory, all
> > > that needs to be done is to insert the disk, reboot the server,
> > > and the telnetd binds to a special, pre-defined IP just for this
> > > emergency purpose. Then I can telnet in from home or wherever,
> > > run
> > e2fsck, mount the
> > > drives, see /var/log/syslog, etc. to see what went wrong. After
> > > the repairs, the disk can be removed, and server rebooted.
> > >
> > > Does this sound realistic? Even if 2 disks or even 3 were
> > required, if it
> > > means I can save a trip to the datacenter it would be worthwhile
> > > to do.
> > >
> > > Perhaps you guys have thought of something similar, or maybe
> > there already
> > > IS something like this out there? Any ideas/suggestions would be
> > > greatly appreciated.
> >
> > Another approach would be, (however you need at least 2 computers)
> > to connect the computers serial ports with null-modem cables and
> > tell lilo and the kernel to use the serial port as console.
> >
> > You then logon on the one computer to get the console of the other.
> >
> > Kind of a cheap console server.
> >
> > I have not tried it, but I think it should work.
> > Could someone comment on this?
> >
> >
> > florian
> >
>
> Hi Flo!
>
> I'm using this solution for my ISDN-Router. This is a small linux-box
> with no vga-card. You have to add the line "console=ttyS0" to your
> lilo config, and then you can use a terminal program (minicom, etc.)
> to control the box. If you add a serial getty in your /etc/inittab,
> you have a console too. (this is very usefull, if your nic isn't
> working:) )
>
> Michael Schwarzbach
>
> +--+
> |  /"\ |
> |  \ / |
> |   X  ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL   |
> |  / \ |
> `~~'
>
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
>
> iQA/AwUBOyzifgUqVktPGYHYEQLElACgldup8i5bFF5GmiyNyoRbN5esL8QAoN70
> pH6RkeqoKIbBtc+fKKYNjF/p
> =HsyH
> -END PGP SIGNATURE-
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

per host bandwidth limit

2001-06-17 Thread PiotR 
Hi, is there a way to limit the bandwidth in a "per hosts" basis?

I'm actually using CBQ / SFQ to limit bandwith for two networks in an internet
link.

It's possible with the linux kernel+iptables+tc to make a packet queue with
TOS based priority?

My coleagues are eating a lot of bw with the use of audiogalaxy and that kind
of peer2peer downloaders. I would like the packets with No delay TOS like
telnet and stuff, to get a high priority and not have to wait for their place
on the queue.

Excuse me for my bad english, but I'm not native speaker.

Regards.
-- 
 ... ___ ...
|   /| |\   | 
|  /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/ |-\  |
o-|--| e-mail: [EMAIL PROTECTED]   |--|-o 
|  \-| finger [EMAIL PROTECTED] for public gnupg key |-/  | 
|...\|_|/...| 

:wq

Re: per host bandwidth limit

2001-06-17 Thread Jason Lim 
Do they all have their own IPs within your lan? You could limit bandwidth
on a per-IP level if you want. That way, if they decide to play with
napster and stuff, they will then have to suffer with low webpage loading,
slow email, etc. That might encourage them NOT to use those types of
programs anymore.

That would not help if you really want to just slow down and limit their
use of audiogalaxy and stuff like that though.

Sincerely,
Jason

- Original Message -
From: "PiotR" <[EMAIL PROTECTED]>
To: 
Sent: Sunday, June 17, 2001 1:25 PM
Subject: per host bandwidth limit


> Hi, is there a way to limit the bandwidth in a "per hosts" basis?
>
> I'm actually using CBQ / SFQ to limit bandwith for two networks in an
internet
> link.
>
> It's possible with the linux kernel+iptables+tc to make a packet queue
with
> TOS based priority?
>
> My coleagues are eating a lot of bw with the use of audiogalaxy and that
kind
> of peer2peer downloaders. I would like the packets with No delay TOS
like
> telnet and stuff, to get a high priority and not have to wait for their
place
> on the queue.
>
> Excuse me for my bad english, but I'm not native speaker.
>
> Regards.
> --
>  ... ___ ...
> |   /| |\   |
> |  /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/ |-\  |
> o-|--| e-mail: [EMAIL PROTECTED]   |--|-o
> |  \-| finger [EMAIL PROTECTED] for public gnupg key |-/  |
> |...\|_|/...|
>
> :wq
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>

Hard disk lock down.

2001-06-17 Thread Cho Yoonbae 
Hi,

I am operating an server with P3 850*1, 512MB, 90GB storage. (two 45GB)

blue:~# df -H
FilesystemSize  Used Avail Use% Mounted on
/dev/hda1 2.0G  233M  1.6G  13% /
/dev/hda3  32G  2.6G   27G   9% /var
/dev/hda4  10G  646M  9.1G   7% /premium
/dev/hdb2  43G  9.2G   32G  23% /home

sometimes when my user commands "mv" or "chmod" in telnet or ftp,
directory are locked down. (under /home)
so any user(even root!) enter that directory and command in that directory
until reboot the system.

this situation is not usual. but sometimes occurs.
So I have to monitor always and reboot the system!!

another important thing is that while system is in that situation,
system's load is higher and higher. even 37 in result of  "uptime".

what cause this problem?

redundancy via DNS

2001-06-17 Thread :yegon 
we have several servers colocated with several ISP's
i am trying to sort out some configuration that would ensure good uptime for
customers

i want to place the html documents of every customer on two separate servers
connected to separate ISP's
the dns servers will point to one server and the second one will be just a
backup, in case the main server goes down we just change the DNS and point
the affected domains to the backup server. when the main server is back up
the dns changes back to normal

and now my questions:
1. what should the times in zone files be set to to enable the dns change to
be propagated very quickly, say 5 minutes max.
   is it possible/wise to use TTL=0

2. if a domain has 2 name servers set during registration, are both of these
servers used for lookups? Or is it so that just the primary is querried if
it works, and the secondary is querried only if the primary is not
responding?

3. is this whole idea worth consideration anyway or should I forget it?


thanks for answers

Martin Dragun

Re: redundancy via DNS

2001-06-17 Thread Jason Lim 
It would depend on how popular the sites hosted on the servers were. If
you set a the times to be too low, say 1 minute, then every time someone
looks up the DNS records, then BLAM... your dns servers are hit because
things aren't cached anywhere.

So I would use something like an hour (we use this). An hour is reasonable
unless you need total 100% uptime. If you needed 100% uptime, you wouldn't
just rely on DNS for this anyway. You'd need something more reliable like
IP takeover, dedicated hardware solutions, etc. Depends greatly on what
your budget is. The dns servers are queried randomly, so say you have 4
DNS servers listed, then each 4, in theory, should get approximately the
same amount of traffic. If one of them goes down, then the client SHOULD
try the next available dns server.

You'd also want to colocate somewhere WAY out of the same network
neighbourhood. Interestingly a few of our clients from the USA do this.
Since we are located in Hong Kong, our networks are totally seperate from
anything you use in the USA. So when these california blackouts (is that
the right term?) hit them, they were fine. If you really want to keep
everything in the USA, try and find totally seperate networks... and i
mean totally (if you want to be real safe). UUnet and the big boys in the
USA tend to have a few core NOCs (even if they tell you everything is
distributed and safe, blah blah blah), and if any one of them is hit with
a blackout, earthquake, etc. then the whole network is affected. This
happened to UUnet in one of the countries in Asia (won't mention which
country it just in case UUnet is watching this) once... something happened
to one of their core international-link routers, and many countries were
affected, including the one our client was in. UUnet may deny it but we...
the people who actually use them... know the true story ;-)

Anyway, if you're really into reliability, you might want to colocate in
hong kong. Can't get much more diversified network-wise than that. Email
me back if you're interested in working something out. Otherwise, consider
the above carefully about the US networks.

Sincerely,
Jason

- Original Message -
From: ":yegon" <[EMAIL PROTECTED]>
To: 
Sent: Sunday, June 17, 2001 8:50 PM
Subject: redundancy via DNS


> we have several servers colocated with several ISP's
> i am trying to sort out some configuration that would ensure good uptime
for
> customers
>
> i want to place the html documents of every customer on two separate
servers
> connected to separate ISP's
> the dns servers will point to one server and the second one will be just
a
> backup, in case the main server goes down we just change the DNS and
point
> the affected domains to the backup server. when the main server is back
up
> the dns changes back to normal
>
> and now my questions:
> 1. what should the times in zone files be set to to enable the dns
change to
> be propagated very quickly, say 5 minutes max.
>is it possible/wise to use TTL=0
>
> 2. if a domain has 2 name servers set during registration, are both of
these
> servers used for lookups? Or is it so that just the primary is querried
if
> it works, and the secondary is querried only if the primary is not
> responding?
>
> 3. is this whole idea worth consideration anyway or should I forget it?
>
>
> thanks for answers
>
> Martin Dragun
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>

Re: redundancy via DNS

2001-06-17 Thread Ken Seefried 
There are a number of very effect "appliance" style solutions to doing this. 
Please have a look at RadWare (WSD) and F5 Networks (3DNS); I have had great 
success with both companies.  The bonus is that these solutions can 
automaticly determine if a server is up. 

Ken Seefried, CISSP 

:yegon writes: 

we have several servers colocated with several ISP's
i am trying to sort out some configuration that would ensure good uptime for
customers 

i want to place the html documents of every customer on two separate servers
connected to separate ISP's
the dns servers will point to one server and the second one will be just a
backup, in case the main server goes down we just change the DNS and point
the affected domains to the backup server. when the main server is back up
the dns changes back to normal 

and now my questions:
1. what should the times in zone files be set to to enable the dns change to
be propagated very quickly, say 5 minutes max.
   is it possible/wise to use TTL=0 

2. if a domain has 2 name servers set during registration, are both of these
servers used for lookups? Or is it so that just the primary is querried if
it works, and the secondary is querried only if the primary is not
responding? 

3. is this whole idea worth consideration anyway or should I forget it? 

thanks for answers 

Martin Dragun 

--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Remote Resue Disk

2001-06-17 Thread Florian Friesdorf 
On Sat, Jun 16, 2001 at 05:02:55PM +0800, Jason Lim wrote:
> Hi all,
> 
> I was about to develop my own "Remove Rescue Disk)... but thought maybe
> you had a better idea or had already done this...
> 
> Regularly if the hard disk fails or needs a manual fsck (usually just
> pressing y throughout), then it means a trip to the datacenter at whatever
> ungodly hour it may be for this relatively simple task.
> 
> If it was possible to create a boot disk with a simple telnetd (and
> minimum network support) and static e2fsck utilities, then, in theory, all
> that needs to be done is to insert the disk, reboot the server, and the
> telnetd binds to a special, pre-defined IP just for this emergency
> purpose. Then I can telnet in from home or wherever, run e2fsck, mount the
> drives, see /var/log/syslog, etc. to see what went wrong. After the
> repairs, the disk can be removed, and server rebooted.
> 
> Does this sound realistic? Even if 2 disks or even 3 were required, if it
> means I can save a trip to the datacenter it would be worthwhile to do.
> 
> Perhaps you guys have thought of something similar, or maybe there already
> IS something like this out there? Any ideas/suggestions would be greatly
> appreciated.

Another approach would be, (however you need at least 2 computers) to
connect the computers serial ports with null-modem cables and tell lilo
and the kernel to use the serial port as console.

You then logon on the one computer to get the console of the other.

Kind of a cheap console server.

I have not tried it, but I think it should work.
Could someone comment on this?


florian

-- 
 Florian Friesdorf <[EMAIL PROTECTED]>
OpenPGP key available on public key servers

--> Save the future of Open Source <--
-> Online-Petition against Software Patents <-
--> http://petition.eurolinux.org <---


pgp3JuynY9goE.pgp
Description: PGP signature

Re: redundancy via DNS

2001-06-17 Thread Jason Lim 
I mentioned "hardware solutions" in my email...

however, the cost of these hardware appliances is pretty high. In theory,
you can do the same thing with a properly configured linux server at less
than half the price. Of course... the money is in the configuration ;-)

Sincerely,
Jason

- Original Message -
From: "Ken Seefried" <[EMAIL PROTECTED]>
To: ":yegon" <[EMAIL PROTECTED]>
Cc: 
Sent: Sunday, June 17, 2001 10:33 PM
Subject: Re: redundancy via DNS


>
> There are a number of very effect "appliance" style solutions to doing
this.
> Please have a look at RadWare (WSD) and F5 Networks (3DNS); I have had
great
> success with both companies.  The bonus is that these solutions can
> automaticly determine if a server is up.
>
> Ken Seefried, CISSP
>
> :yegon writes:
>
> > we have several servers colocated with several ISP's
> > i am trying to sort out some configuration that would ensure good
uptime for
> > customers
> >
> > i want to place the html documents of every customer on two separate
servers
> > connected to separate ISP's
> > the dns servers will point to one server and the second one will be
just a
> > backup, in case the main server goes down we just change the DNS and
point
> > the affected domains to the backup server. when the main server is
back up
> > the dns changes back to normal
> >
> > and now my questions:
> > 1. what should the times in zone files be set to to enable the dns
change to
> > be propagated very quickly, say 5 minutes max.
> >is it possible/wise to use TTL=0
> >
> > 2. if a domain has 2 name servers set during registration, are both of
these
> > servers used for lookups? Or is it so that just the primary is
querried if
> > it works, and the secondary is querried only if the primary is not
> > responding?
> >
> > 3. is this whole idea worth consideration anyway or should I forget
it?
> >
> >
> > thanks for answers
> >
> > Martin Dragun
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
> >
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>

RE: Remote Resue Disk

2001-06-17 Thread Michael R. Schwarzbach 
 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> -Original Message-
> From: Florian Friesdorf [mailto:[EMAIL PROTECTED] Behalf Of
> Florian Friesdorf
> Sent: Sonntag, 17. Juni 2001 16:40
> To: debian-isp@lists.debian.org
> Subject: Re: Remote Resue Disk
> 
> 
> On Sat, Jun 16, 2001 at 05:02:55PM +0800, Jason Lim wrote:
> > Hi all,
> >
> > I was about to develop my own "Remove Rescue Disk)... but thought
> > maybe you had a better idea or had already done this...
> >
> > Regularly if the hard disk fails or needs a manual fsck (usually
> > just pressing y throughout), then it means a trip to the
> > datacenter  
> at whatever
> > ungodly hour it may be for this relatively simple task.
> >
> > If it was possible to create a boot disk with a simple telnetd
> > (and minimum network support) and static e2fsck utilities, then,
> > in  
> theory, all
> > that needs to be done is to insert the disk, reboot the server,
> > and the telnetd binds to a special, pre-defined IP just for this
> > emergency purpose. Then I can telnet in from home or wherever,
> > run 
> e2fsck, mount the
> > drives, see /var/log/syslog, etc. to see what went wrong. After
> > the repairs, the disk can be removed, and server rebooted.
> >
> > Does this sound realistic? Even if 2 disks or even 3 were 
> required, if it
> > means I can save a trip to the datacenter it would be worthwhile
> > to do. 
> >
> > Perhaps you guys have thought of something similar, or maybe 
> there already
> > IS something like this out there? Any ideas/suggestions would be
> > greatly appreciated.
> 
> Another approach would be, (however you need at least 2 computers)
> to connect the computers serial ports with null-modem cables and
> tell lilo and the kernel to use the serial port as console.
> 
> You then logon on the one computer to get the console of the other.
> 
> Kind of a cheap console server.
> 
> I have not tried it, but I think it should work.
> Could someone comment on this?
> 
> 
> florian
> 

Hi Flo!

I'm using this solution for my ISDN-Router. This is a small linux-box
with no vga-card. You have to add the line "console=ttyS0" to your
lilo config, and then you can use a terminal program (minicom, etc.)
to control the box. If you add a serial getty in your /etc/inittab,
you have a console too. (this is very usefull, if your nic isn't
working:) )

Michael Schwarzbach
 
+--+
|  /"\ |
|  \ / |
|   X  ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL   |
|  / \ |
`~~'
 

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBOyzifgUqVktPGYHYEQLElACgldup8i5bFF5GmiyNyoRbN5esL8QAoN70
pH6RkeqoKIbBtc+fKKYNjF/p
=HsyH
-END PGP SIGNATURE-

Re: Maildir vs mbox

2001-06-17 Thread Fraser Campbell 
Cameron Moore <[EMAIL PROTECTED]> writes:

> I can almost guarantee that you will see a performance increase.  Also
> note that you don't have to change to postfix.  You can configure
> sendmail to use whatever local delivery agent you want (ie. something
> like maildrop http://www.flounder.net/~mrsam/maildrop/).

You were *very* correct.  I finally got around to doing this conversion last
week.   This is a small mail system (about 50 mail accounts) but the email
system is used heavily by all of these user resulting in very large IMAP
mailboxes (many folder approaching 100 MB).

As I said in the previous email, during the business hours the load was
rarely below 2, often over 3 and the system was almost unusable (IMAP
timeouts for many users).

After the upgrade the load has dropped to being mostly 0, even with 34 IMAP
users connected, Maildir was definitely worth the conversion pain.  I did
convert the system to postfix but as many people have pointed you could quite
happily keep sendmail and deliver to Maildir boxes using procmail (>=3.15) or
maildrop.

Courier-imap is the imap daemon I chose.

--
Fraser Campbell <[EMAIL PROTECTED]>  Starnix Inc.
Telephone: (905) 771-0017   Thornhill, Ontario, Canada
http://www.starnix.com/ Professional Linux Services & Products

Re: Remote Resue Disk

2001-06-17 Thread Jason Lim 
Hi Michael,

Supposing linux does NOT boot up properly (eg. automatic e2fsck does not
fix disk, and needs to be run manually), is it possible, using your serial
getty solution, to SEE the screen and input anything at that point? That
sounds like it might help solve lots of problems... but not if it only
starts AFTER e2fsck is suppose to run.

Sincerely,
Jason

- Original Message -
From: "Michael R. Schwarzbach" <[EMAIL PROTECTED]>
To: "Florian Friesdorf" <[EMAIL PROTECTED]>; 
Sent: Monday, June 18, 2001 1:04 AM
Subject: RE: Remote Resue Disk


>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> > -Original Message-
> > From: Florian Friesdorf [mailto:[EMAIL PROTECTED] Behalf Of
> > Florian Friesdorf
> > Sent: Sonntag, 17. Juni 2001 16:40
> > To: debian-isp@lists.debian.org
> > Subject: Re: Remote Resue Disk
> >
> >
> > On Sat, Jun 16, 2001 at 05:02:55PM +0800, Jason Lim wrote:
> > > Hi all,
> > >
> > > I was about to develop my own "Remove Rescue Disk)... but thought
> > > maybe you had a better idea or had already done this...
> > >
> > > Regularly if the hard disk fails or needs a manual fsck (usually
> > > just pressing y throughout), then it means a trip to the
> > > datacenter
> > at whatever
> > > ungodly hour it may be for this relatively simple task.
> > >
> > > If it was possible to create a boot disk with a simple telnetd
> > > (and minimum network support) and static e2fsck utilities, then,
> > > in
> > theory, all
> > > that needs to be done is to insert the disk, reboot the server,
> > > and the telnetd binds to a special, pre-defined IP just for this
> > > emergency purpose. Then I can telnet in from home or wherever,
> > > run
> > e2fsck, mount the
> > > drives, see /var/log/syslog, etc. to see what went wrong. After
> > > the repairs, the disk can be removed, and server rebooted.
> > >
> > > Does this sound realistic? Even if 2 disks or even 3 were
> > required, if it
> > > means I can save a trip to the datacenter it would be worthwhile
> > > to do.
> > >
> > > Perhaps you guys have thought of something similar, or maybe
> > there already
> > > IS something like this out there? Any ideas/suggestions would be
> > > greatly appreciated.
> >
> > Another approach would be, (however you need at least 2 computers)
> > to connect the computers serial ports with null-modem cables and
> > tell lilo and the kernel to use the serial port as console.
> >
> > You then logon on the one computer to get the console of the other.
> >
> > Kind of a cheap console server.
> >
> > I have not tried it, but I think it should work.
> > Could someone comment on this?
> >
> >
> > florian
> >
>
> Hi Flo!
>
> I'm using this solution for my ISDN-Router. This is a small linux-box
> with no vga-card. You have to add the line "console=ttyS0" to your
> lilo config, and then you can use a terminal program (minicom, etc.)
> to control the box. If you add a serial getty in your /etc/inittab,
> you have a console too. (this is very usefull, if your nic isn't
> working:) )
>
> Michael Schwarzbach
>
> +--+
> |  /"\ |
> |  \ / |
> |   X  ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL   |
> |  / \ |
> `~~'
>
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
>
> iQA/AwUBOyzifgUqVktPGYHYEQLElACgldup8i5bFF5GmiyNyoRbN5esL8QAoN70
> pH6RkeqoKIbBtc+fKKYNjF/p
> =HsyH
> -END PGP SIGNATURE-
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>