Для начала опишу проблему... accel-ppp 1.10.2
настроил на тестовом сервере (Debian 8) accel-ppp без vlan и бондинга - всё работало шикарно (было 2 физических интерфейса с маршрутизацией из одного в другой), всё понравилось
Code: Select all
в сторону роутера:
eth0 Link encap:Ethernet HWaddr 00:18:f3:68:99:35
inet addr:192.168.5.123 Bcast:192.168.5.127 Mask:255.255.255.128
в сторону клиента:
eth1 Link encap:Ethernet HWaddr 00:18:f3:68:57:3b
inet addr:192.168.5.144 Bcast:192.168.5.255 Mask:255.255.255.128
# accel-cmd show sessions
ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime
--------+---------------+-------------------+---------------+-------------+------+------+--------+----------
ipoe0 | 192.168.5.250 | b8:27:eb:d8:8f:b9 | 192.168.5.250 | 10000/10000 | ipoe | | active | 00:02:47
############## ############## ############## ############## ##############
mtr from client side:
1. 192.168.5.144 0.0% 9 0.3
2. 192.168.5.3 0.0% 9 0.5
3. 10.0.0.17 75.0% 9 0.9
4. 78.*.*.145 0.0% 9 0.9
5. 185.1.62.69
......
на рабочем сервере (ubuntu server 16.04)
Code: Select all
############################################ PHYSICAL INTERFACE ############################
auto ens1f0
iface ens1f0 inet manual
bond-master bond0
bond-primary ens1f0 ens1f1
auto ens1f1
iface ens1f1 inet manual
bond-master bond0
bond-primary ens1f0 ens1f1
auto ens2f0
iface ens2f0 inet manual
bond-master bond1
bond-primary ens2f0 ens2f1
auto ens2f1
iface ens2f1 inet manual
bond-master bond1
bond-primary ens2f0 ens2f1
########################################################## BOND ################################
auto bond0
iface bond0 inet manual
bond-slaves none
bond-mode 4
bond-miimon 100
bond-xmit-hash-policy layer3+4
auto bond1
iface bond1 inet manual
bond-slaves none
bond-mode 4
bond-miimon 100
bond-xmit-hash-policy layer3+4
######################################################### VLAN & SUB ###########################
auto bond1.207
iface bond1.207 inet static
address 78.*.*.17
netmask 255.255.255.128
dns-nameservers 78.*.*.41 78.*.*.47
dns-search Odessa.TV
vlan_raw_device bond1
auto bond1.207:0
iface bond1.207:0 inet static
address 10.0.0.17
netmask 255.255.255.0
vlan_raw_device bond1
auto bond0.510
iface bond0.510 inet static
address 78.*.*.154
netmask 255.255.255.128
gateway 78.*.*.145
vlan_raw_device bond0
post-up insmod /home/elc/1.10.2/build/drivers/ipoe/driver/ipoe.ko
post-up /sbin/iptables-restore < /home/elc/iptables-save
post-up route add default gw 78.*.*.145
Code: Select all
[modules]
log_file
log_syslog
ipoe
auth
#auth_mschap_v2
#auth_mschap_v1
#auth_chap_md5
#auth_pap
radius
shaper
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[common]
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
copy=1
level=5
[auth]
any-login=1
[client-ip-range]
10.0.0.0/8
[ipoe]
verbose=9
unit-cache=2000
#interface=bond0.510,shared=1,ifcfg=0,mode=L3,start=up
#,range=10.0.0.0/8
#interface=bond1.207,shared=1,ifcfg=0,mode=L3,start=up
interface=bond1.207:0,shared=1,ifcfg=0,mode=L3,start=up
#interface=bond1,shared=1,ifcfg=0,mode=L3,start=up,range=10.0.0.0/8
ip-unnumbered=1
proxy-arp=0
proto=100
local-net=10.0.0.0/8
[radius]
dictionary=/usr/share/accel-ppp/radius/dictionary
nas-identifier=Accel-PPP
nas-ip-address=127.0.0.1
server=127.0.0.1,ntfam004,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=10,weight=1
verbose=1
max-try=3
acct-timeout=120
acct-on=0
#gw-ip-address=192.168.5.3
[shaper]
#attr=Filter-Id
vendor=Cisco
attr=Cisco-AVPair
ifb=ifb0
up-limiter=htb
down-limiter=htb
#cburst=1375000
#r2q=10
#quantum=1500
#leaf-qdisc=sfq perturb 10
verbose=1
#down-burst-factor=0.1
#up-burst-factor=1.0
#rate-multiplier=1
#fwmark=1
verbose=1
[cli]
verbose=1
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
log:
Code: Select all
[2016-07-12 08:55:28]: info: ipoe0: create interface ipoe0 parent bond1.207:0
[2016-07-12 08:55:28]: debug: ipoe0: radius(1): req_enter 1
[2016-07-12 08:55:28]: info: ipoe0: send [RADIUS(1) Access-Request id=1 <User-Name "10.0.0.250"> <NAS-Identifier "Accel-PPP"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1606> <NAS-Port-Id "ipoe0"> <NAS-Port-Type Ethernet> <Calling-Station-Id "00:15:17:cb:46:d4"> <Called-Station-Id "bond1.207:0"> <Framed-IP-Address 10.0.0.250> <User-Password >]
[2016-07-12 08:55:28]: debug: ipoe0: radius(1): req_exit 0
[2016-07-12 08:55:28]: info: ipoe0: recv [RADIUS(1) Access-Accept id=1<Cisco Cisco-AVPair "lcp:interface-config#1=rate-limit output 1000000 8000 8000 conform-action transmit exceed-action drop"><Cisco Cisco-AVPair "lcp:interface-config#1=rate-limit input 1000000 8000 8000 conform-action transmit exceed-action drop">]
[2016-07-12 08:55:28]: info: ipoe0: 10.0.0.250: authentication succeeded
[2016-07-12 08:55:28]: debug: ipoe0: radius(1): req_enter 1
[2016-07-12 08:55:28]: info: ipoe0: send [RADIUS(1) Accounting-Request id=1 <User-Name "10.0.0.250"> <NAS-Identifier "Accel-PPP"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1606> <NAS-Port-Id "ipoe0"> <NAS-Port-Type Ethernet> <Calling-Station-Id "00:15:17:cb:46:d4"> <Called-Station-Id "bond1.207:0"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "63491a0af88445d1"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 10.0.0.250>]
[2016-07-12 08:55:28]: debug: ipoe0: radius(1): req_exit 0
[2016-07-12 08:55:28]: info: ipoe0: recv [RADIUS(1) Accounting-Response id=1]
[2016-07-12 08:55:28]: info: ipoe0: shaper: installed shaper 1000/1000 (Kbit)
[2016-07-12 08:55:28]: info: ipoe0: ipoe: session started
ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime
--------+------------+-------------------+------------+------------+------+------+--------+----------
ipoe0 | 10.0.0.250 | 00:15:17:cb:46:d4 | 10.0.0.250 | 1000/1000 | ipoe | | active | 00:00:02
ping from client side:
1. 10.0.0.17 10.4% 903
2. 78.*.*.145 10.5% 903
3. google-ix.giganet.ua 10.2% 903
4. 209.85.248.105
....
соотв потери - после включения accel-ppp
мысли были разные и про отсутствие vlan-mon в конфиге , но думаю что он не нужен т.к. vlan интерфейс создаётся при старте системы ещё до старта accel и проблемами с саб интерфейсами (хотя какая разница ?) так что пытался и на vlan интерфейсе (bond1.207) и на сабе (bond1.207:0) - результат всё тот же.
Проблема точно где то в accel т.к. без него все пакеты проходят нормально...
Буду благодарен любим подсказкам и идеям