Eqlplus - Linux modem multiplexer

Eqlplus (New for kernel 2.4.19)

Eqlplus is a Linux modem combining strategy based upon IP masquerading and the kernel eql driver. Modern browsers typically open many simultaneous HTTP TCP-based connections to fetch text and images from remote servers. TCP multiplexing distributes these simultaneous connections across several active links thereby increasing the apparent bandwidth to the Web user.

Impressed by the ability of several commercial products to multiplex independent dialup connections to the Web, we wanted to see if we could do a similar trick for free under Linux. We started with eql, Linux’s kernel level link multiplexer written by Simon Janes. Unfortunately eql is not connection oriented and only works when a remote communications server also speaks eql’s load balancing protocol. The remote connection could be another Linux box running eql or some models of the Livingston Portmaster terminal server. Since remote server multiplexing is not available from most Internet Service Providers, eql cannot be used with ordinary ISPs.

So we explored the idea of combining the TCP connection handling of the Linux IP masquerading software with the load balancing capabilities of eql. It worked!

We patched the Linux IP masquerade software with a kernel-level call to ask eql for the next link to use when establishing a new TCP connection. This is when the IP masquerade software sets up the mapping between the local “hidden” IP address/port numbers and the IP masquerade port number that stands in as a proxy for the hidden address. We use the link offered by eql to determine the masquerade sender’s new IP address, replacing the sender’s masqueraded address derived from the eql master interface which kernel routing chose. This works because kernel routing chooses the eql interface for Internet bound packets when eql is active and is designated as the default gateway interface. We are, in effect, refining the granularity of the source addressing by further specifying which eql slave interface will be used.

Next, when the masquerade software hands off the packet to eql, the modified eql driver, eqlplus, chooses the requested address’s interface instead of recomputing a potentially different address. In this way, the packet is sent over the correct interface and responses will be routed by the ISP connected to the selected interface back to the corresponding address and interface. IP masquerade receives the response, resolves the masquerade port mapping and sends the packet on its way to the original "hidden" sender.

The eqlplus package contains the following components for the 2.4.19 kernel:

Eqlplus patches devinet.c, eql.c, ipt_MASQUERADE.c and if_eql.h. In the Linux source tree, these files are located, respectively, at

</linux-source/>net/ipv4/devinet.c
</linux-source/>drivers/net/eql.c
</linux-source/>net/ipv4/netfilter/ipt_MASQUERADE.c
</linux-source/>include/linux/if_eql.h

In addition, various kernel configuration files are modified to add support for eqlplus. These include the kernel Makefile, Documentation/Configure.help, and drivers/net/Config.in.

We have also included several small utilities.

• A sample cron job, checkeql.cron, to call the eql link checking script, checkeql.sh, every five minutes.
• checkeql.sh. This script tries to restore lost PPP links. When a link is restored, the script reconfigures the eql interface to re-enslave the link. This script assumes that getpppinfo has been installed in /usr/local/bin and that PPP scripts have been written to handle bringing up your PPP links. In checkeql.sh, these PPP scripts are called "ppp-on-ttyS0" and "ppp-on-ttyS1" and are assumed to exist in /usr/sbin.
• A script, checklinks.sh, which displays periodically on the command line, the relative balance of traffic between ppp0 and ppp1.
• A C program, getpppinfo.c, used by checkeql.sh to obtain current PPP link information from /proc. This program is invoked by checkeql.sh.
• Finally, we have provided a small X-based utility, xeqlinfo, to graphically monitor the load sharing provided by 2 (default) links. Any number of links can be handled by eqlplus itself and xeqlinfo can be configured, during the build process, to handle from 2 to 5 or more simultaneous links. This display utility is an adaptation of Gabor Herr's xsysinfo application.

What you need to do

This version of the eqlplus software has been developed and tested on the 2.4.19 kernel (running RedHat 7.2 or 7.3).

1. First, cd to the directory where you want eqlplus to be placed. /usr/src is a good choice. Then, untar the eqlplus package eqlplus-0.9.tar.gz

   cd /where/you/want-to/untar-eqlplus/
   gunzip -c eqlplus-0.9.tar.gz | tar -xvf - 

2. Next, you must patch your kernel source files by running

   cd /where/you/untarred/eqlplus-0.9/
   patch -p1 -d /usr/src/linux-2.4.19 < eqlplus.patch 

   This patch command assumes that your Linux source is in the subdirectory "/usr/src/linux-2.4.19". You can also run "make dopatch" from the eqlplus-0.9 directory, which also assumes your Linux source is in "/usr/src/linux-2.4.19". You can change the target directory to the patch command if your source lives elsewhere.

   This will patch net/ipv4/devinet.c, drivers/net/eql.c, net/ipv4/netfilter/ipt_MASQUERADE.c, and include/linux/if_eql.h under the Linux 2.4.19 kernel source tree.

3. Then, configure and build your kernel selecting eql, the new eqlplus option (visible as an option after you select eql), PPP, and IP Masquerading in the kernel configuration dialogs.

4. Run "make" in the eqlplus directory to build getpppinfo and eql_enslave. These utilities are required by checkeql.sh. Next run "make install" to move getpppinfo and eql_enslave into /usr/local/bin.

5. You should create a script for using eql to enslave multiple PPP connections to your ISP(s). A sample 2-link script, checkeql.sh, is provided. This script may be run as a cron job to keep your multi-link configuration active in the face of line drops. You must provide PPP link activation scripts which checkeql.sh assumes are called "/usr/sbin/ppp-on-ttyS0" and "/usr/sbin/ppp-on-ttyS1".

6. You must configure IP Masquerading. A sample script using IP_TABLES is provided in rc.eql_firewall. This script was adapted from David Ranch’s excellent IP-Masquerade-HOWTO. This is a very simple configuration that can be used for testing and demonstrations. A more complete set of rules, adapted to your organization’s security requirements, should be used for any production level firewall.

7. If you are multiplexing PPP connections with eqlplus, you can build and run a small X utility, xeqlinfo, and watch the instantaneous behavior of load sharing. A dynamically changing graphical bar displays the percentage of ppp0 activity in pink and the complementary percentage of ppp1 activity in red. To build xeqlinfo, run "make xeqlinfo" followed by run "make xeqlinfo_install" from the eqlplus directory.

Download: eqlplus-0.9.tar.gz
sha1sum: 74b23c6cb66b28058b6f4df2a9aa3411bc807135 eqlplus-0.9.tar.gz