[LARTC] (no subject)

[LARTC] (no subject)

[sun]

<PRE>hi all:
	I want to limit the bandwith of our internal networks users,i don't know  the designated bandwith ,for example 64connection or by all connections. 


</PRE>

[LARTC] (no subject)

[siddhardha garige]

hi,


where can i find online documentation on configuring a
linux box as a router..


redhat 7.0
kernel 2.4.2

thanks in advance.


regards,

siddu

==Siddhardha Naga Garige
3927, Rocinante blvd,
#242,Tampa,Florida-33616.
Ph: (813)- 903-0968.

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

Re: [LARTC] (no subject)

[linux]

on 4/6/01 3:37 PM, siddhardha garige at siddu999@yahoo.com wrote:

> where can i find online documentation on configuring a
> linux box as a router..

> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://ds9a.nl/2.4Routing/

funny you should ask, siddu, the very message that you sent to the list
(along with every other message including this one) contains a link to the
howto for the advanced router features in 2.4 (which are pretty simple to
set up).

have fun
alex


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

[LARTC] (no subject)

[Jose Miguel Varet]

Hi Gerry,

thanks for your input about the eepro.  It sounds and interesting (and hot)
topic of debate .... if the problem is to be the 3com NIC, then the solution
should be as easy as testing the router with another eepro replacing the
3com.
Anyway... don't you think the performance hit is perhaps *too* big in order
to be a NIC issue ? I mean, I would see OK  that eepro made ( let's say ) a
40mbit/sec routing, and the 3com stood at, for example, at 30. But standing
at 6'4 Mbps ?? Isn't that too low ? I personally find it hard to believe
that simply plugging a Eepro instead the 3com will boost the router to, say,
20 or 30 mbit/sec ...

OTHO, I've been told to change the HZ define in include/param.h from 100 (
default x86 ) to 1024 , in order to get faster task switching. Since we are
talking about transmitting LOTS of small packets, increasing kernel
granularity as my partner suggests could perhaps solve the problem. I'm
still setting up a backup router in order to test with this parameter... do
you think this measure could fix the problem ? Your opinion is welcome...
TIA!


            Jose Miguel Varet
            Tech. Dept. Chief
            ATT, S.L.

----- Original Message -----
From: "Gerry Creager" <gerry@cs.tamu.edu>
To: "Jose Miguel Varet" <varet@esatt.com>
Sent: Tuesday, July 03, 2001 5:07 PM
Subject: Re: [LARTC] Routing performance


> Jose,
>
> I'd be looking at the NICs.  I believe you will get better performance
> out of the Intel EEPro 100 cards than the 3Coms.  This has been a
> subject of great debate on the Beowulf list (www.beowulf.org), but it
> was some time back.
>
> I'm using some Dell boxes with 2 EEPro100's and a DLink 4-port
> Tulip-based chipset.  I've not metered very tightly, but we're seeing
> much better than 6-7 Mb/sec...  We're using those as routers in a
> testbed environment simulating the Internet and have had a lot of
> traffic going thru them.
>
> Good luck, gerry
> --
> Jose Miguel Varet wrote:
> >
> > Hello all,
> >
> > I am using a linuxbox as one of my system's router  ( I work on an
ISP ),
> > with the following specs :
> >
> > - PIII 1 Ghz
> > - 2.4.5 cbq-enabled kernel
> > - eth0 3com 905B   ,   eth1 Intel Etherpro 100
> > - 256 MB Ram
> >
> > The traffic usually peaks at 6 Mbit/sec . Until here, it's all OK. I am
very
> > satisfied with this router, and I can place cbq's, filters, etc. etc.
> >
> > Recently we have been adding some new customers behind that router, and
the
> > traffic began to grow. To my surprise, when the router reachs certain
output
> > limit ( around 810 kBytes/sec or 6'5 Mbit/sec ) the output remains at
that
> > level *except* when it begins to decrease again. Looks like to me as if
the
> > router box couldn't handle _more_ than 6'5 mbit/sec , uh... I know that
> > cannot be so, since the system use doesn't go beyond 9% as show by the
"top"
> > command, and both NICs are good ones... I cannot believe the bottleneck
is
> > to be in the routing code.
> > But, in order to clarify the situation, I'd need your opinions about
this
> > issue, which would help me greatly. My real bets for the problem are :
> >
> > a) our carrier is limiting the upstream bandwith to our router, so no
more
> > external users can reach our webs provided a certain limit has been
reached
> > ( at 810 kBytes/sec , incoming traffic goes as high as 112 kBytes/sec .
> > Perhaps they are limiting us the incoming traffic.
> >
> > b) our web servers cannot output more bytes that those. For testing
this, I
> > temporaly took down one web server. Inmediately, the other went 100
> > kBytes/sec up. So they CAN have more output, individually. So my problem
is
> > to be on the router, or with my carrier and my upstream bandwidth.
> >
> > I am very annoyed with this, since I *do* believe that 2.4 kernel can
handle
> > MUCH more that a miserable 6'5 mbit/sec. Where could the problem be ?
Your
> > opinions are really welcome...
> > Many thanks in advance.
> >
> >                     Jose Miguel Varet
> >                     Tech. Dept. Chief
> >                     ATT, S.L.
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
>
> --
> Gerry Creager                        |      Never ascribe to Malice that
> AATLT              |      which can adequately be
> Texas A&M University                 |      explained by Stupidity.
> 979.458.4020  (Phone)                |      -- Lazarus Long
> 979.847.8578  (Fax)
>



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

[LARTC] (no subject)

[Rajesh Revuru]

Hi Everyone..

I started using Tc and iam  Newbie..
Iam trying to use simple TBF to drop the excessive 
traffic than the rate.
*******
Scenario:
*******
SRC 1,SRC 2 are sending 5MB traffic each to DEST.

I have implemented TBF qdisc at
Eth0 0f R1
Eth0 of R2
Eth0 & Eth1 of R3
Eth0 0f R4.

the TBF applied is 

tc qdisc add dev eth0 root tbf rate 1mbit burst 5kb
latency 350ms.

********
Result
*******

But the destination is able to receive the whole
traffic which is approx 10mb.
 
I wanted to see only 1mbit of traffic and all the rest
to be dropped.
*******
Questions
*******
1) Is there any problem with interfaces.To know my
knowledge we have to use qdisc for incoming
interfaces?
2)Does the rate means the amount of traffic that can
be filtered???

Please suggest me...





  ---|
SRC|-----|------|       |--------|     |--------|     
  ---|       |Routr1|----|         |      |         | 
 |---
              |------|       |          |      |      
  |  |
                               
|Routr3|----|Routr4|--|DEST
  ---|       |------|       |         |      |        
|   |
SRC|-----|Routr2|----|          |      |          | 
|---- 
  ---|       |------|       |--------|      |--------| 

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Vahan Grigoryan]

Hi everybody ...
I've a question ... how can I set the priority based on TOS field ...
and can I use the Trafic Control (tc) tool to do this ...?

Tanks ...


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Vahan Grigoryan]

Hi ...
i have readed a HOWTO ... but if i wanted to apply any of its examples
a received an error message

RTNETLINK answers: Invalid argument


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[martin f krafft]

[-- Attachment #1: Type: text/plain, Size: 923 bytes --]

also sprach Vahan Grigoryan <Vahan.Grigoryan@epygilab.am> [2002.03.29.1203 +0100]:
> i have readed a HOWTO ... but if i wanted to apply any of its examples
> a received an error message
> 
> RTNETLINK answers: Invalid argument

have you compiled your kernel with the following options?

  CONFIG_IP_ADVANCED_ROUTER=y
  CONFIG_IP_MULTIPLE_TABLES=y

and the appropriate queuing disciplines under "QoS and fair queueing",
as well as enabled QoS and fair queueing there?

and btw: "i have readed a HOWTO" -- it's confusing but it's the
english language with all its exceptions... the past participle of "to
read" is "read", which is pronounced just like "red" -- ("to
read[reed]", but "to have read[red]").

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
  
this message represents the official view of the voices in my head.

[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]

[LARTC] (no subject)

[Emil Terziev]

Hi ,
 I need to limit traffic from my LAN (172.16.1.x/24)
every IP.
All IP’s are with different speed. 
For example if 
   I have BG_Traffic (couple LANs 212.50.16.0/24,
217.9.231.0/24, 195.24.39.0/24)
and I have not_BG_Traffic (rest of Internet world).
I want for example 
IP 172.16.1.10 to have 10K for BG_Traffic and 25K for
not_BG_Traffic. 
IP 172.16.1.11 to have 6K for BG_Traffic and 64K for
not_BG_Traffic. 
IP 172.16.1.12 to have 8K for BG_Traffic and 10K for
not_BG_Traffic. 

All computer from LAN are connected on eth0 to 1 Linux
mashine ( tc ,iptables )
Internet Traffic is from eth1 on same mashine

	              +------------------------+
-LAN(172.16.1.x/24)---|eth0 Linux machine eth1 |---ISP
		      +------------------------+


Can help me?  I’m newer with tc&iproute and this is
very difficult for me.


 --- Emo 

__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Alex Bennee]

Emil Terziev said:
> Hi ,
> I need to limit traffic from my LAN (172.16.1.x/24)
> every IP.
> <snip>
>   I have BG_Traffic (couple LANs 212.50.16.0/24,
> 217.9.231.0/24, 195.24.39.0/24)
> and I have not_BG_Traffic (rest of Internet world).
> I want for example
> IP 172.16.1.10 to have 10K for BG_Traffic and 25K for
> not_BG_Traffic.
> IP 172.16.1.11 to have 6K for BG_Traffic and 64K for
> not_BG_Traffic.
> IP 172.16.1.12 to have 8K for BG_Traffic and 10K for
> not_BG_Traffic.
> <snip>
> Can help me?  I’m newer with tc&iproute and this is
> very difficult for me.

If you look through the archive for this mailing list for an htb/tc script
you should an example of how to classify traffic useing iptables for tc
controlled shapers. As you want hard limits you may not want to use the
prio settings. Obviously you wont want to use the iptables classifications
I use (which go by traffic type) but use network matches instead.

You should also read the htb manual (http://luxik.cdi.cz/~devik/qos/htb/)
as it contains some useful worked examples that are pretty clear about the
paremeters for htb shapers.


Alex
www.bennee.com/~alex/



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Waters]

Hello lartc,

I've got Linux Slackware 8.0, I need to compile IPROUTE2, but it gives
out an error. What modules should be enabled? Or what should I compile
into kernel?

-- 
Best regards,
 Waters                          mailto:waters@inbox.lv


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Mihai RUSU]

On Sat, 20 Apr 2002, Waters wrote:

> Hello lartc,
>
> I've got Linux Slackware 8.0, I need to compile IPROUTE2, but it gives
> out an error. What modules should be enabled? Or what should I compile
> into kernel?
>
Hi

First of all what kernel sources do you have in /usr/src/linux ?
Second did you issued at least a make *config ?
Then what version of iproute are trying to compile ?

----------------------------
Mihai RUSU

Disclaimer: Any views or opinions presented within this e-mail are solely
those of the author and do not necessarily represent those of any company,
unless otherwise specifically stated.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Saturday 20 April 2002 15:10, Mihai RUSU wrote:
> On Sat, 20 Apr 2002, Waters wrote:
> > Hello lartc,
> >
> > I've got Linux Slackware 8.0, I need to compile IPROUTE2, but it gives
> > out an error. What modules should be enabled? Or what should I compile
> > into kernel?
>
> Hi
>
> First of all what kernel sources do you have in /usr/src/linux ?
> Second did you issued at least a make *config ?
> Then what version of iproute are trying to compile ?
Last question : what was the error ?

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re[2]: [LARTC] (no subject)

[Waters]

Hello Stef,

Saturday, April 20, 2002, 10:56:54 PM, you wrote:

SC> On Saturday 20 April 2002 15:10, Mihai RUSU wrote:
>> On Sat, 20 Apr 2002, Waters wrote:
>> > Hello lartc,
>> >
>> > I've got Linux Slackware 8.0, I need to compile IPROUTE2, but it gives
>> > out an error. What modules should be enabled? Or what should I compile
>> > into kernel?
>>
>> Hi
>>
>> First of all what kernel sources do you have in /usr/src/linux ?
>> Second did you issued at least a make *config ?
>> Then what version of iproute are trying to compile ?
SC> Last question : what was the error ?

ok, i finaly did it, i found the newest version, and i have compiled
it, but trying to add some default commands:

# tc qdisc add dev eth1 root handle 1: cbq bandwidth 10Mbit allot 1514 cell 8 avpkt 1000 mpu 64
RTNETLINK answers: Invalid argument

any ideas?

-- 
Best regards,
 Waters                            mailto:waters@inbox.lv

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[pof]

On Sat, 20 Apr 2002 12:18:37 +0300
"Waters" <waters@inbox.lv> wrote:

> Hello lartc,
> 
> I've got Linux Slackware 8.0, I need to compile IPROUTE2, but it gives
> out an error. What modules should be enabled? Or what should I compile
> into kernel?
> 
> -- 
> Best regards,
>  Waters                          mailto:waters@inbox.lv
> 

Here you've an slackware package for iproute2:

http://pof.eslack.org/slackpacks/iproute2-2.4.7/

pof.

-- 
=====================Name: Pau Oliva     - Email: pau@eSlack.org
Linux user: #97195  - BSD user:  #BSD050609
WWW: www.eSlack.org - WWW:   pof.eSlack.org
=====================:wq
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Nandan Kaushik]

hi all,
Iam using the following CBQs to limit the FTP bandwidth
pease tell what changes are rquired to make it work....

tc qdisc del dev eth0  root
tc qdisc add dev eth0 root handle 1:0 cbq allot 1514 avpkt 1000 
bandwidth 100Mbit
tc class add dev eth0 parent 1:0 classid 1:1 cbq allot 1514  
bandwidth 100Mbit rate .4Mbit  weight .4 prio 2   maxburst 20 cell 
8 avpkt 1000

tc class add dev eth0 parent 1:0  classid 1:2 cbq allot 1514 
bandwidth 100Mbit rate .6Mbit weight .4 prio 4   cell 8 maxburst 
20 avpkt 1000

tc qdisc add dev eth0 parent 1:1 handle 10:1 sfq

tc qdisc add dev eth0 parent 1:2 handle 20:1 sfq

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip 
sport 21  0xffff match ip dport 21 0xffff flowid 1:1

ip route add    172.17.1.0/24 via 172.17.1.0 dev eth0 realm 10

tc filter add dev eth0 parent 1:0 prio 2 protocol ip route to 10 
flowid 1:2

Thanks
NAndan
_________________________________________________________
Click below to visit monsterindia.com and review jobs in India or 
Abroad
http://monsterindia.rediff.com/jobs

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Friday 03 May 2002 11:09, Nandan Kaushik wrote:
> hi all,
> Iam using the following CBQs to limit the FTP bandwidth
> pease tell what changes are rquired to make it work....
You are only matching port 21.  This is only the command path.  There is also 
a data-path in an ftp-channel.  But the data-channel has no fixed ports.  So 
you can't match them.   But there is a iptables-hack that can mark all 
ftp-packets and after that you can use that mark with the fw filter to put 
all packets in a class.

Stef

>
> tc qdisc del dev eth0  root
> tc qdisc add dev eth0 root handle 1:0 cbq allot 1514 avpkt 1000
> bandwidth 100Mbit
> tc class add dev eth0 parent 1:0 classid 1:1 cbq allot 1514
> bandwidth 100Mbit rate .4Mbit  weight .4 prio 2   maxburst 20 cell
> 8 avpkt 1000
>
> tc class add dev eth0 parent 1:0  classid 1:2 cbq allot 1514
> bandwidth 100Mbit rate .6Mbit weight .4 prio 4   cell 8 maxburst
> 20 avpkt 1000
>
> tc qdisc add dev eth0 parent 1:1 handle 10:1 sfq
>
> tc qdisc add dev eth0 parent 1:2 handle 20:1 sfq
>
> tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip
> sport 21  0xffff match ip dport 21 0xffff flowid 1:1
>
> ip route add    172.17.1.0/24 via 172.17.1.0 dev eth0 realm 10
>
> tc filter add dev eth0 parent 1:0 prio 2 protocol ip route to 10
> flowid 1:2
>
> Thanks
> NAndan
> _________________________________________________________
> Click below to visit monsterindia.com and review jobs in India or
> Abroad
> http://monsterindia.rediff.com/jobs
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Adrian Chung]

On Fri, May 03, 2002 at 12:21:13PM +0200, Stef Coene wrote:
[...]
> you can't match them.   But there is a iptables-hack that can mark all 
> ftp-packets and after that you can use that mark with the fw filter to put 
> all packets in a class.

I searched for this a while back, and didn't see it in the standard
patch-o-matic stuff...  Do you know where it can be found (the patch
for marking ftp-packets)?

--
Adrian Chung (adrian at enfusion-group dot com)
http://www.enfusion-group.com/~adrian
GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
[toad.enfusion-group.com] up 40 days, 20:27, 20 users

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Lei Bao]

the data transfer port of ftp (in most cases at least) is 20 at the service 
side.
try to match this. i have done this before.

bl

>From: Stef Coene <stef.coene@docum.org>
>To: "Nandan Kaushik" <nandan_kaushik@rediffmail.com>, lartc@mailman.ds9a.nl
>Subject: Re: [LARTC] (no subject)
>Date: Fri, 3 May 2002 12:21:13 +0200
>
>On Friday 03 May 2002 11:09, Nandan Kaushik wrote:
> > hi all,
> > Iam using the following CBQs to limit the FTP bandwidth
> > pease tell what changes are rquired to make it work....
>You are only matching port 21.  This is only the command path.  There is 
>also
>a data-path in an ftp-channel.  But the data-channel has no fixed ports.  
>So
>you can't match them.   But there is a iptables-hack that can mark all
>ftp-packets and after that you can use that mark with the fw filter to put
>all packets in a class.
>
>Stef
>
> >
> > tc qdisc del dev eth0  root
> > tc qdisc add dev eth0 root handle 1:0 cbq allot 1514 avpkt 1000
> > bandwidth 100Mbit
> > tc class add dev eth0 parent 1:0 classid 1:1 cbq allot 1514
> > bandwidth 100Mbit rate .4Mbit  weight .4 prio 2   maxburst 20 cell
> > 8 avpkt 1000
> >
> > tc class add dev eth0 parent 1:0  classid 1:2 cbq allot 1514
> > bandwidth 100Mbit rate .6Mbit weight .4 prio 4   cell 8 maxburst
> > 20 avpkt 1000
> >
> > tc qdisc add dev eth0 parent 1:1 handle 10:1 sfq
> >
> > tc qdisc add dev eth0 parent 1:2 handle 20:1 sfq
> >
> > tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip
> > sport 21  0xffff match ip dport 21 0xffff flowid 1:1
> >
> > ip route add    172.17.1.0/24 via 172.17.1.0 dev eth0 realm 10
> >
> > tc filter add dev eth0 parent 1:0 prio 2 protocol ip route to 10
> > flowid 1:2
> >
> > Thanks
> > NAndan
> > _________________________________________________________
> > Click below to visit monsterindia.com and review jobs in India or
> > Abroad
> > http://monsterindia.rediff.com/jobs
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>--
>
>stef.coene@docum.org
>  "Using Linux as bandwidth manager"
>      http://www.docum.org/
>      #lartc @ irc.openprojects.net
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/




_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[William L. Thomson Jr.]

What is the difference between

ip route add default equalize
and
ip route add default 

when using more than one gateway?

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Martin Devera]

equalize tries to probabilisticaly change between more
equal cost gateways for each packet while without equalize
it assigns one gateway for one src/dst pair for its life.
Latter is often better for more connections and slow links.
devik

On 18 May 2002, William L. Thomson Jr. wrote:

> What is the difference between
>
> ip route add default equalize
> and
> ip route add default
>
> when using more than one gateway?
>
> --
> Sincerely,
> William L. Thomson Jr.
> Obsidian-Studios, Inc.
> 439 Amber Way
> Petaluma, Ca. 94952
> Phone  707.766.9509
> Fax    707.766.8989
> http://www.obsidian-studios.com
> --
> Sincerely,
> William L. Thomson Jr.
> Support Group
> Obsidian-Studios Inc.
> 439 Amber Way
> Petaluma, Ca. 94952
> Phone  707.766.9509
> Fax    707.766.8989
> http://www.obsidian-studios.com
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Karasik, Vitaly]

We use   RH 7.0 [kernel 2.2.19-7 installed from Redhat's RPM].

From time to time [time in a few days],   server is freezing [no
ping].
In the syslog I see a lot of

"kernel: dst cache overflow"

messages.


I found a lot of recommendations about tuning parameters  under
/proc/sys/net/ipv4/route, but I'd like to see some doc describing these
parameters.

Any help is welcome!

Thanks,

Vitaly  
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Alexey Talikov]

Try to recompile or even upgrade your kernel to 2.2.20
RH own kernel as I remember have some problem

23.05.2002 14:38:15, "Karasik, Vitaly" <vkarasik@ndsisrael.com> wrote:

>We use   RH 7.0 [kernel 2.2.19-7 installed from Redhat's RPM].
>
From time to time [time in a few days],   server is freezing [no
>ping].
>In the syslog I see a lot of
>
>"kernel: dst cache overflow"
>
>messages.
>
>
>I found a lot of recommendations about tuning parameters  under
>/proc/sys/net/ipv4/route, but I'd like to see some doc describing these
>parameters.
>
>Any help is welcome!
>
>Thanks,
>
>Vitaly  
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

-----------------------------------
mailto:alexey_talikov@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[alouini khalif]

[-- Attachment #1: Type: text/plain, Size: 565 bytes --]

hello 
ok,i wrote the EDP algorithm code as you can see in
the attached file
please, look at it, and if there is any mistake, would
you like to indicate it to me

if is ok, how can i write my pacth, i'm using red hat
7.2(kernel2.4.7-10) 
is it necessairely to write this pacth and also the
pacth for tc . can i change the files indicated in the
htb pacth or not

thank you in advance

___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

[-- Attachment #2: sch_edp.c --]
[-- Type: application/x-unknown, Size: 4584 bytes --]

[LARTC] (no subject)

[Alfred Quah]

Hi,
I'm currently doing some test on HTB and realised that cburst is a very 
important parameter that will shapes the throughput of the traffic. Also I 
realise that if all the traffic are given the same priority in HTB, there is 
a lot of pertubations in the bandwidth consumed by each traffic. As a 
result, the rate and ceil are not well-managed. Why is this so. I'm useing 
HTB2 code that i have downloaded from the home page. Is it because of the 
bug that is in HTB2?. Please Help!

Confused
Alfred



_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Thursday 25 July 2002 04:31, Alfred Quah wrote:
> Hi,
> I'm currently doing some test on HTB and realised that cburst is a very
> important parameter that will shapes the throughput of the traffic. Also I
> realise that if all the traffic are given the same priority in HTB, there
> is a lot of pertubations in the bandwidth consumed by each traffic. As a
> result, the rate and ceil are not well-managed. Why is this so. 
Can you post the script you use to test this?  There are other parameters who 
are also important and that can explain the behaviour you get.  And also the 
results why you think there is a problem.
cburst is indeed an important paramater.  Ideal, cburst = packet size.  So 
there is no burst on the ceil and you _never_ exceed the burst.  But you can 
make surfing more attractive by allowing a cburst so small pages/images are 
loaded very quickly.

> I'm useing
> HTB2 code that i have downloaded from the home page. Is it because of the
> bug that is in HTB2?. Please Help!
I don't think so.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[noroozi]

Hello every body,
I install Traffic control on the my system(Kernel 2.4.7),when I adjust rule on that,my 
network rate decrease,I don't know why,
In the normal operation I get 98Mbps ,but when I use cbq class ,and set the bandwith 
50Mbit I get 15Mbps, :(
what is the TC buttleneck ?
I am really wait for you help,
Thanks
Noroozi

---------------------------------------------
This message was sent using sharif web-based mail.
http://mehr.sharif.edu


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Eric Leblond]

Le dim 18/08/2002 à 13:28, noroozi@mehr.sharif.edu a écrit :

> In the normal operation I get 98Mbps ,but when I use cbq class ,and set the bandwith 
> 50Mbit I get 15Mbps, :(
> what is the TC buttleneck ?

The bandwith parameter has to be set to the physical bandwith (use in
internal computation), not to the deisirated one, use rate to specify
the bandwith of the class.

-- 
Eric Leblond
Mail: regit@regit.org
Tips and Linux: http://www.regit.org
*---------------------------------------------------------------------------*
 Computers are like air conditioners. They don't work when Windows are
open.
*---------------------------------------------------------------------------*

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Fred Thep]

[-- Attachment #1: Type: text/plain, Size: 395 bytes --]


I want to know how I can put two statics default routes on a linux machine: one route with a preference inferior at the other in order to switch via the other when the first gateway fall, and if it's not possible -what I think- I want know how I can implement this with gateD.

 

 



---------------------------------
Yahoo! Mail -- Une adresse @yahoo.fr gratuite et en français !

[-- Attachment #2: Type: text/html, Size: 441 bytes --]

[LARTC] (no subject)

[Albuquerque, Marcelo M]

I am trying to limit the rate for all traffic on the incoming interface of a
Linux bridge. So far I have only been able to limit the outgoing rate. I am
assuming I will have to use an ingress qdisc. The example found on the
documentation works without errors but I can't see any rate reduction (maybe
because it applies to SYN's only). Does anybody know if limiting rate on the
incoming interface is possible on a Linux bridge, and if so, how to go about
configuring it.

Thanks.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Friday 11 October 2002 20:40, Albuquerque, Marcelo M wrote:
> I am trying to limit the rate for all traffic on the incoming interface of
> a Linux bridge. So far I have only been able to limit the outgoing rate. I
> am assuming I will have to use an ingress qdisc. The example found on the
> documentation works without errors but I can't see any rate reduction
> (maybe because it applies to SYN's only). Does anybody know if limiting
> rate on the incoming interface is possible on a Linux bridge, and if so,
> how to go about configuring it.
If you shape on a bridge, why not shaping on both interfaces ?  That way you 
can shape in both directions.
And you can use the ingress qdisc, but the shaping acutally happens with the 
policers in combination with the filters.  Policsers are a sort of tbf, you 
can specify a maximum rate to it.  So the filters will only match packets at 
a certain rate and you can drop packets exceeding that rate.  So you can 
limit incoming packets.


Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] (no subject)

[Albuquerque, Marcelo M]

Stef,

Thanks for the reply.

I want my bridge to "emulate" a rate limit on the transmitter of the device
connected to that particular bridge interface. That's why I need an ingress
qdisc on each and every interface of my Linux bridge. This is what I tried:

tc qdisc add dev eth4 handle ffff: ingress
tc filter add dev eth4 parent ffff: protocol ip prio 50 u32 match ip \
        src 0.0.0.0/0 police rate 100kbit burst 10k drop flowid :1

I didn't obeserve any rate reduction though. I suspect that on the bridge,
packets are being forwarded and therefore the ip-related matches have no
effect. How can I have the 'police rate 100kbit' portion of the command
without the ip-related arguments?

Thanks,

Marcelo.

> -----Original Message-----
> From: Stef Coene [mailto:stef.coene@docum.org]
> Sent: Friday, October 11, 2002 12:37 PM
> To: Albuquerque, Marcelo M; 'lartc@mailman.ds9a.nl'
> Subject: Re: [LARTC] (no subject)
> 
> 
> On Friday 11 October 2002 20:40, Albuquerque, Marcelo M wrote:
> > I am trying to limit the rate for all traffic on the incoming interface
of
> > a Linux bridge. So far I have only been able to limit the outgoing rate.
I
> > am assuming I will have to use an ingress qdisc. The example found on
the
> > documentation works without errors but I can't see any rate reduction
> > (maybe because it applies to SYN's only). Does anybody know if limiting
> > rate on the incoming interface is possible on a Linux bridge, and if so,
> > how to go about configuring it.
>
> If you shape on a bridge, why not shaping on both interfaces 
> ?  That way you 
> can shape in both directions.
> And you can use the ingress qdisc, but the shaping acutally 
> happens with the 
> policers in combination with the filters.  Policsers are a 
> sort of tbf, you 
> can specify a maximum rate to it.  So the filters will only 
> match packets at 
> a certain rate and you can drop packets exceeding that rate.  
> So you can 
> limit incoming packets.
> 
> 
> Stef
> 
> -- 
> 
> stef.coene@docum.org
>  "Using Linux as bandwidth manager"
>      http://www.docum.org/
>      #lartc @ irc.oftc.net
> 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Friday 11 October 2002 23:17, Albuquerque, Marcelo M wrote:
> Stef,
>
> Thanks for the reply.
>
> I want my bridge to "emulate" a rate limit on the transmitter of the device
> connected to that particular bridge interface. That's why I need an ingress
> qdisc on each and every interface of my Linux bridge. This is what I tried:

> tc qdisc add dev eth4 handle ffff: ingress
> tc filter add dev eth4 parent ffff: protocol ip prio 50 u32 match ip \
>         src 0.0.0.0/0 police rate 100kbit burst 10k drop flowid :1
>
> I didn't obeserve any rate reduction though. I suspect that on the bridge,
> packets are being forwarded and therefore the ip-related matches have no
> effect. How can I have the 'police rate 100kbit' portion of the command
> without the ip-related arguments?
All packets arriving are ip related, so the above command should work.  Can 
you test it without a switch?  Connect the box to a hub, send some data and 
record the speed.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Andreani Luca]

Dear all,

I found this command in the HOWTO:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128

It resolve (almost) all my problems with the voip traffic on my linux-based
router.
The question is: What does it make exactly? It is safe to use it?

Thanks for your attention,



Luca Andreani

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[raptor]

--mss value[:value]
              Match TCP SYN or SYN/ACK packets with the  specified  MSS  value
              (or  range), which control the maximum packet size for that con-
              nection.


TCPMSS
       This  target  allows to alter the MSS value of TCP SYN packets, to con-
       trol the maximum size for that connection (usually limiting it to  your
       outgoing  interface's  MTU minus 40). Of course, it can only be used in
       conjunction with -p tcp.
       This target is used to overcome criminally braindead  ISPs  or  servers
       which  block  ICMP  Fragmentation Needed packets.  The symptoms of this
       problem are that everything works fine from your Linux firewall/router,
       but machines behind it can never exchange large packets:
        1) Web browsers connect, then hang with no data received.
        2) Small mail works fine, but large emails hang.
        3) ssh works fine, but scp hangs after initial handshaking.
       Workaround:  activate  this option and add a rule to your firewall con-
       figuration like:
        iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
                    -j TCPMSS --clamp-mss-to-pmtu



|Dear all,
|
|I found this command in the HOWTO:
|
|iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128
|
|It resolve (almost) all my problems with the voip traffic on my linux-based
|router.
|The question is: What does it make exactly? It is safe to use it?
|
|Thanks for your attention,
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[zoop]

In this statement what does the divisor do?

tc filter add dev eth2 parent 1:0 prio 5 handle 2: protocol ip u32 divisor 
256

If you need more information the next line might help.
tc filter add dev eth2 protocol ip parent 1:0 prio 5 u32 ht 800:: match ip
src 10.1.0.0/16 hashkey mask 0x0000ff00 at 12 link 2:

I had another quick question 
tc filter add dev eth2 protocol ip parent 1:0 prio 5 u32 ht 3:00: match ip
src 10.1.28.0/24 hashkey mask 0x000000fc at 12 link 4:
In this line would this mask it out so that it would only get the last two
bits?

thank you for your time.

-zoop

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Waters]

Hello all!

I'm on the DSL 1Mbit/256Kbit sharing a connection with my friends.
There is one big problem with it - when someone is uploading a file to
the Internet, speed for others is falling down. I figured out, if I
limit the outgoing speed for about 70% it could be better. I have a
iproute2 and iptables on my router, is there already some ready script
for limiting outgoing traffic (for all services) to the Internet?

-- 
Best regards,
 Waters                          mailto:waters@inbox.lv

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Saturday 16 November 2002 22:54, Waters wrote:
> Hello all!
>
> I'm on the DSL 1Mbit/256Kbit sharing a connection with my friends.
> There is one big problem with it - when someone is uploading a file to
> the Internet, speed for others is falling down. I figured out, if I
> limit the outgoing speed for about 70% it could be better. I have a
> iproute2 and iptables on my router, is there already some ready script
> for limiting outgoing traffic (for all services) to the Internet?
You can try the wondershaper (www.lartc.org).
You can adapt it to your needs if you want.  More info on www.lartc.org and 
www.docum.org.

Good luck :)

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Ashok N N]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 16 November 2002 05:18 pm, Stef Coene wrote:
> On Saturday 16 November 2002 22:54, Waters wrote:
> > Hello all!
> >
> > I'm on the DSL 1Mbit/256Kbit sharing a connection with my friends.
> > There is one big problem with it - when someone is uploading a file to
> > the Internet, speed for others is falling down. I figured out, if I
> > limit the outgoing speed for about 70% it could be better. I have a
> > iproute2 and iptables on my router, is there already some ready script
> > for limiting outgoing traffic (for all services) to the Internet?
> You can try the wondershaper (www.lartc.org).
> You can adapt it to your needs if you want.  More info on www.lartc.org and 
> www.docum.org.
> 
> Good luck :)
> 
> Stef
> 

hi,
    a section in the Linux Advanced Routing & Traffic Control HOWTO
(http://lartc.org/howto/lartc.cookbook.ultimate-tc.html) specifically about 
how to make sure that upload does not harm the downloads. the howto itself is 
a very instructive document.

thanks,
ashok
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE91zMNRhXpVty0Ty4RAtl9AJ9IoMZdVBecp3ACO0OAJ3cjg3HOEwCdEsDO
rtcByp2DPqyXm/5AZcw3w6w=xl4m
-----END PGP SIGNATURE-----

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[ajay]

I m setting a linux gateway cum router for bandwith management of my internal 
network to share a link of 128kbps.  I use CBQ and SFQ for this perpose.  I 
want 2 control bandwidth peruser basis (IP basis).  According 2 my script i m 
able 2 control the bandwidth.  But i whenever i open a new window for surfing 
or downloading it comes up with a burst.  which is equal 2 allocated 
bandwidth.  and when ever i close the download then second window will not 
aquire total bandwidth allocated immediatily.. It takes time.  what is the 
wrong thing in my script.  Some one guide me.   
 

the script is as under.....



################My Configuratin Script  ######################
##BandCont.sh

#!/bin/sh

#############Path of Tc Command###########
tc=/sbin/tc

##########Setting few Arguments#########
t1\x100Mbit # Link BandWidth & Land Bandwidth
w\x10Mbit   # weighting of your Link & Lan (Adjustment)
NIC_EXT=eth0       # interface (External)
NIC_INT=eth1       # interface (Internal)

############Creating Pool Bandwidth##########
p1\x128Kbit #Pool Size

###########User Bandwidth Under Pool########
t2\x128Kbit   # 32Kbps Pool
w2\x12.8Kbit   # weighting of 32Kbps Pool

######Creating Main Disc for Bandwidth Management##########

### first things first.  delete the old rules if any.##############
$tc qdisc del root dev $NIC_EXT
$tc qdisc del root dev $NIC_INT

#######Creating New Rule & Main Bandwidth Disc########
$tc qdisc add dev $NIC_EXT root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 
cell 8
$tc qdisc add dev $NIC_INT root handle 2:0 cbq bandwidth 100Mbit avpkt 1000 
cell 8

############Creating Main Disc Base################
$tc class add dev $NIC_EXT parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 
$t1 weight $w prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded
$tc class add dev $NIC_INT parent 2:0 classid 2:1 cbq bandwidth 100Mbit rate 
$t1 weight $w prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded

####################Creating Sub Classes For BandWidth 
Restrictions##############
$tc class add dev $NIC_EXT parent 1:1 classid 1:2 cbq bandwidth $p1 rate $t2 
weight $w2 prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded
$tc qdisc add dev $NIC_EXT parent 1:2 handle 20: sfq
$tc class add dev $NIC_INT parent 2:1 classid 2:2 cbq bandwidth $p1 rate $t2 
weight $w2 prio 8 allot 1514 cell 8 maxburst 200 avpkt 100000 bounded
$tc qdisc add dev $NIC_INT parent 2:2 handle 20: sfq


####################Creating Sub Sub Classes For BandWidth 
Restrictions##############
$tc filter add dev $NIC_INT protocol ip parent 2:0 prio 8 u32 match ip src 
192.168.0.4 flowid 2:2
$tc filter add dev $NIC_INT protocol ip parent 2:0 prio 8 u32 match ip dst 
192.168.0.4 flowid 2:2
$tc filter add dev $NIC_EXT protocol ip parent 2:0 prio 8 u32 match ip src 
192.168.0.4 flowid 1:2
$tc filter add dev $NIC_EXT protocol ip parent 2:0 prio 8 u32 match ip dst 
192.168.0.4 flowid 1:2



I m thankful  for the hints .....

Thanx in Advance
--------------------------------------------------------------------------------
    /\         _ _     |    Proud to be an Indian
  /__\         |       |    India Is Great
/       \  [ __|       |   
--------------------------------------------------------------------------------


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Kjell Chris Flor]

[-- Attachment #1: Type: text/plain, Size: 869 bytes --]

Hi,

IPTABLES --- HTB

I am running HTB+static-route on multiple adsl lines
and like to mark packets in iptables on LAN dev,
so that I can shape traffic so that every machine in
my LAN will get it's fair share.

Q1: How many different id's is possible for mark?
I would like to have about 2000. Is it possible?

Q1b: Is it possible to set an id as a fuction of the
src IP's? Could I mark with id 256*zzz+www when
src IP is xxx.yyy.zzz.www ?
This because I would like to help iptables not using
too much ticks, and it will reduse my code.

Q2: I am running 2.4.20 with static route patch,
and would like to patch this with 
connbytes-1.0a-patches.tgz , any reason I shouldn't?

Q2b: Does it exist a connbytes patch for 2.4.20 that
is allready pached with static route?

in adv., 
thnx for any answer that could lead to success.



Kjell


[-- Attachment #2: Type: text/html, Size: 2660 bytes --]

Re: [LARTC] (no subject)

[Martin A. Brown]

Kjell,

 : Q1: How many different id's is possible for mark?
 : I would like to have about 2000. Is it possible?

fwmark is a u32, meaning it can accept values between 0 and 4294967295.

Is that large enough for you?  :)

 : Q1b: Is it possible to set an id as a fuction of the
 : src IP's? Could I mark with id 256*zzz+www when
 : src IP is xxx.yyy.zzz.www ?
 : This because I would like to help iptables not using
 : too much ticks, and it will reduse my code.

I wonder if you might make good use of the hashing functions supported by
tc filter:

  http://lartc.org/howto/lartc.adv-filter.hashing.html

I can't answer the performance question you imply here, but if the tc
filter hashing didn't work for me, then I'd use a little shell script loop
to create the entries.

Instead of doing this, though you might find it easier to put an SFQ qdisc
in the leaf HTB class and let SFQ do the hard work for you.  Then you
don't need the tc filter hashing.

You can separate your users by large classes, and make some special high
priority classes for picky users or yourself!

 : Q2: I am running 2.4.20 with static route patch,
 : and would like to patch this with
 : connbytes-1.0a-patches.tgz , any reason I shouldn't?

I don't know......

 : Q2b: Does it exist a connbytes patch for 2.4.20 that
 : is allready pached with static route?

I don't know this one either.

 : in adv.,
 : thnx for any answer that could lead to success.

Good luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Kjell Chris Flor]

Hi

In the introduction of IMQ ( http://luxik.cdi.cz/~patrick/imq/ )
it sais:

Quote start.
"This allows you to treat network devices 
as classes and distribute bandwidth among 
them as well as doing real ingress traffic 
control using egress qdiscs"
quote stop.

Where and how exactly do I tell that a HTB 
class should use which phy. dev.?

I fail to see where this is done in the 
example at the ref. link over. 



Kjell


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Sunday 02 March 2003 11:51, Kjell Chris Flor wrote:
> Hi
>
> In the introduction of IMQ ( http://luxik.cdi.cz/~patrick/imq/ )
> it sais:
>
> Quote start.
> "This allows you to treat network devices
> as classes and distribute bandwidth among
> them as well as doing real ingress traffic
> control using egress qdiscs"
> quote stop.
>
> Where and how exactly do I tell that a HTB
> class should use which phy. dev.?
You can do this with iptables + fw filter.  Mark the packets coming from each 
interface with a different mark and put the packets with the fw filter in 
it's own class.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Kjell Chris. Flor]

> > Hi
> >
> > In the introduction of IMQ ( http://luxik.cdi.cz/~patrick/imq/ )
> > it sais:
> >
> > Quote start.
> > "This allows you to treat network devices
> > as classes and distribute bandwidth among
> > them as well as doing real ingress traffic
> > control using egress qdiscs"
> > quote stop.
> >
> > Where and how exactly do I tell that a HTB
> > class should use which phy. dev.?
> You can do this with iptables + fw filter.  Mark the packets coming from
each
> interface with a different mark and put the packets with the fw filter in
> it's own class.

But why do I need IMQ for this?

Kjell


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Nickola Kolev]

[-- Attachment #1: Type: text/plain, Size: 589 bytes --]

On Fri, 21 Mar 2003 23:38:17 +0100
"Kjell Chris. Flor" <kjell@mastercad.se> wrote:

[ cut ]
> > > Where and how exactly do I tell that a HTB
> > > class should use which phy. dev.?
> > You can do this with iptables + fw filter.  Mark the packets coming from
> each
> > interface with a different mark and put the packets with the fw filter in
> > it's own class.
> 
> But why do I need IMQ for this?

Because it serves as sort of a virtual bucket (literally), in which you are 
collecting packets, comming from the physical devices, once you "-j IMQ"-ed them
whith iptables.

Hth,
Nickola

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] (no subject)

[Kjell Chris. Flor]

>>>> Where and how exactly do I tell that a HTB
>>>> class should use which phy. dev.?
>>> You can do this with iptables + fw filter.  Mark the packets coming from
>>> each interface with a different mark and put the packets with the fw
filter
>>> in it's own class.
>>
>> But why do I need IMQ for this?
>
>Because it serves as sort of a virtual bucket (literally), in which you are
>collecting packets, comming from the physical devices, once you "-j IMQ"-ed
them
>whith iptables.

I've got three ADSL lines. ADSL1, ADSL2 and ADSL3.
When packets arrives I mark them in IPtables with 1, 2 or 3 so I can
know in my LAN interface what interface each packet arrived on at
the INTERNET interfaces, so each packet can be put into a HTB class
that represent each ADSL bandwidth.
In addition to this I also match for dest IP in LAN, and put each IP
in a different HTB class with different rates, ceil and prio. Also I
use SFQ in HTB.

This is it for shaping incoming packets from Internet on ADSL 1-3,
to my single LAN.

Now I want to shape what is coming from LAN going out on Internet's
ADSL lines. This I do by making three HTB qdiscs, one for each ADSL
line. As my LAN is NATed I don't know from whom I got a packet,
so I use mark in IPtables to identify an LAN IP with a HTB class.

This is how I shape. I don't know what is more clever, and I don't know
how IMQ could help me to do this neater, but I really would like to know.


regards,

Kjell

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Nickola Kolev]

[-- Attachment #1: Type: text/plain, Size: 1843 bytes --]

On Sat, 22 Mar 2003 04:03:22 +0100
"Kjell Chris. Flor" <kjell@mastercad.se> wrote:

Hello, Chris,

[ cut ]
> >Because it serves as sort of a virtual bucket (literally), in which you are
> >collecting packets, comming from the physical devices, once you "-j IMQ"-ed
> them
> >whith iptables.
> 
> I've got three ADSL lines. ADSL1, ADSL2 and ADSL3.
> When packets arrives I mark them in IPtables with 1, 2 or 3 so I can
> know in my LAN interface what interface each packet arrived on at
> the INTERNET interfaces, so each packet can be put into a HTB class
> that represent each ADSL bandwidth.
> In addition to this I also match for dest IP in LAN, and put each IP
> in a different HTB class with different rates, ceil and prio. Also I
> use SFQ in HTB.
> 
> This is it for shaping incoming packets from Internet on ADSL 1-3,
> to my single LAN.

This is nice example of egress traffic control.

> Now I want to shape what is coming from LAN going out on Internet's
> ADSL lines. This I do by making three HTB qdiscs, one for each ADSL
> line. As my LAN is NATed I don't know from whom I got a packet,
> so I use mark in IPtables to identify an LAN IP with a HTB class.
> 
> This is how I shape. I don't know what is more clever, and I don't know
> how IMQ could help me to do this neater, but I really would like to know.

Well, if this is working for you, there's absolutely no need to use the IMQ
device, I think. :))

But nevertheless, you could use just one HTB, instead of three fo each ADSL,
if you use iptrables -j IMQ for packets coming from your LAN and going out
to the Internet, no matter to which line they're destined.

		LAN
		 |
		ETH
		 |
		IMQ
		 |
		3xADSL

or sorta. :))) I really dont know if I made myself clear, but this is the idea
of using IMQ. In fact you'll be doing traffic control in a single point.

Hth,
Nickola

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

[LARTC] (no subject)

[GoMi .]

I have an ethernet device connected directly to my ADSL router, i have it 
set up as a broadcast device, could it be changed to point to point, would i 
notice any change?

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.yupimsn.com/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[rio]

Dear folks,
I want to manage fair bandwidth to all of my clients with total of 512Kbit
from linux gateway. I am using HTB.
Here goes my network:

INTERNET -----------------
                          |
          -----------------------------------
         |               HUB                 |
          -----------------------------------
                 |                         |
                 |                         |
  ------------ eth0 ----------------       |
 |   LINUX-BOX ip= 64.1.1.1         |      |
 |             alias = 192.168.1.10 |      |
  ----------------------------------       |
                                           |
                                  ----------------------------
                                   PRIVATE LAN 192.168.1.0/24 (4 clients)

I ve setup under /etc/sysconfig/htb :
sh-2.05a# cat eth0
DEFAULT0

sh-2.05a# cat eth0-2.all
RATEQ2Kbit
BURST\x15k

sh-2.05a# cat  eth0-2:11.host01
RATE\x128Kbit
CEILQ2Kbit
BURST\x15k
LEAF=sfq
RULE\x192.168.1.1

sh-2.05a# cat eth0-2:12.host02
RATE\x128Kbit
CEILQ2Kbit
BURST\x15k
LEAF=sfq
RULE\x192.168.1.2

sh-2.05a# cat eth0-2:13.host03
RATE\x128Kbit
CEILQ2Kbit
BURST\x15k
LEAF=sfq
RULE\x192.168.1.3

sh-2.05a# cat eth0-2:14.host04
RATE\x128Kbit
CEILQ2Kbit
BURST\x15k
LEAF=sfq
RULE\x192.168.1.4

sh-2.05a#

All traffic from Private LAN NATed to linux gateway. When only 1 host
active   and download something from the internet using DAP (download
software) he reached 512Kbit maximum. When host 2 or 3 or 4 up, the
bandwidth didnt share fairly among those host. It should be 128Kbit each.
But why host 2..4 only got at least 10 - 20 Kbit?

Please, i need help on this.

Thank you.
Regards,
Rio Martin.


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Friday 18 April 2003 19:21, rio@martin.mu wrote:
> Dear folks,
> I want to manage fair bandwidth to all of my clients with total of 512Kbit
> from linux gateway. I am using HTB.
> Here goes my network:
>
> INTERNET -----------------
>
>           -----------------------------------
>
>          |               HUB                 |
>
>           -----------------------------------
>
>
>   ------------ eth0 ----------------       |
>
>  |   LINUX-BOX ip= 64.1.1.1         |      |
>  |             alias = 192.168.1.10 |      |
>
>   ----------------------------------       |
>
>                                   ----------------------------
>                                    PRIVATE LAN 192.168.1.0/24 (4 clients)
>
> I ve setup under /etc/sysconfig/htb :
> sh-2.05a# cat eth0
> DEFAULT0
>
> sh-2.05a# cat eth0-2.all
> RATEQ2Kbit
> BURST\x15k
>
> sh-2.05a# cat  eth0-2:11.host01
> RATE\x128Kbit
> CEILQ2Kbit
> BURST\x15k
> LEAF=sfq
> RULE\x192.168.1.1
>
> sh-2.05a# cat eth0-2:12.host02
> RATE\x128Kbit
> CEILQ2Kbit
> BURST\x15k
> LEAF=sfq
> RULE\x192.168.1.2
>
> sh-2.05a# cat eth0-2:13.host03
> RATE\x128Kbit
> CEILQ2Kbit
> BURST\x15k
> LEAF=sfq
> RULE\x192.168.1.3
>
> sh-2.05a# cat eth0-2:14.host04
> RATE\x128Kbit
> CEILQ2Kbit
> BURST\x15k
> LEAF=sfq
> RULE\x192.168.1.4
>
> sh-2.05a#
>
> All traffic from Private LAN NATed to linux gateway. When only 1 host
> active   and download something from the internet using DAP (download
> software) he reached 512Kbit maximum. When host 2 or 3 or 4 up, the
> bandwidth didnt share fairly among those host. It should be 128Kbit each.
> But why host 2..4 only got at least 10 - 20 Kbit?
>
> Please, i need help on this.
I'm not sure, but I think you use htb.init.  And this is not the htb.init 
mailing list.  This is the LARTC lists to discuss topics like shaping, 
advanced routing and other network stuff.

But answering on your question : 
You have to create 1 class attached to the root qdisc and add the 4 other 
classes to that class (don't ask me how you have to do that with htb.init).  
Can you also check that the filters are working and the traffic is placed in 
the class where it belongs?

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[larry lefthook]

192.168.100.0/24  LAN1---eth1 LINUX eth0------ISP1
                            |       |
192.168.200.0/24  LAN2---eth3       eth2------ISP2

eth0 192.168.10.2
eth2 192.168.20.2

Is this enough if I want all traffic from LAN1 go to ISP1 & LAN2 to ISP2?
Or do I have to do packet marking? Problems with SNAT?

echo 100 LAN1 >> /etc/iproute2/rt_tables
ip rule add from 192.168.100.0/24 table LAN1
ip route add default via 192.168.10.2 dev eth0 table LAN1

echo 200 LAN2 >> /etc/iproute2/rt_tables
ip rule add from 192.168.200.0/24 table LAN2
ip route add default via 192.168.20.2 dev eth0 table LAN2
ip route flush cache

# SNAT LANs 1 & 2
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.10.2
iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.20.2
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i eth3 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward







_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid963

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Martin A. Brown]

Larry,

 : 192.168.100.0/24  LAN1---eth1 LINUX eth0------ISP1
 :                             |       |
 : 192.168.200.0/24  LAN2---eth3       eth2------ISP2
 :
 : eth0 192.168.10.2
 : eth2 192.168.20.2
 :
 : Is this enough if I want all traffic from LAN1 go to ISP1 & LAN2 to ISP2?
 : Or do I have to do packet marking? Problems with SNAT?

Yes, indeed.

 : echo 100 LAN1 >> /etc/iproute2/rt_tables
 : ip rule add from 192.168.100.0/24 table LAN1
 : ip route add default via 192.168.10.2 dev eth0 table LAN1
 :
 : echo 200 LAN2 >> /etc/iproute2/rt_tables
 : ip rule add from 192.168.200.0/24 table LAN2
 : ip route add default via 192.168.20.2 dev eth0 table LAN2
 : ip route flush cache

I think you meant to add the following default route:

  ip route add default via 192.168.20.2 dev eth2 table LAN2

Right?

 : # SNAT LANs 1 & 2
 : iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.10.2
 : iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.20.2
 : iptables -A FORWARD -i eth1 -j ACCEPT
 : iptables -A FORWARD -i eth3 -j ACCEPT
 :
 : echo 1 > /proc/sys/net/ipv4/ip_forward

Looks like it should work just fine.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Alejandro Sager]

Hello.

Hera i´m with my problem, until now unfinished.

Everything is simple if the interfaces to INET are in the same linux.

My i raise is: the interfaces to INET are in different linux. The first 
subject is to cross the routes for the the packages leave by default to its 
INET, opposite case, in order, to first linux in the route, soon to the 
other, and the same in the others linux, obtaining redundancy of coneccion.

They do not concern the IP now, the configuration is, in summary, that: 3 
linux, each one with ADSL, each linux has 3 interfaces: eth0=INET, eth1=LAN, 
eth2=switch to interconnect linux.

This is for redundancy in same linux:
  # ip route add default nexthop dev ppp0 nexthop dev ppp1

As he is in different linux?

1k thanks!




Hola de nuevo.

Ak estoy con mi problema, hasta ahora inconcluso.

Todo es facil si las interfaces a INET estan en el mismo linux.

Mi planteo es: las interfaces a INET estan en distintos linux. El tema ppal 
es crusar las rutas para q los paquetes salgan por la default a su INET, 
caso contrario, en orden, al primer linux en la ruta, luego al otro, y asi 
en los otros linux, logrando redundancia de coneccion.

No importan las ip ahora, la configuracion es, en resumen, asi: 3 linux, 
cada uno con adsl, cada linux tiene 3 interfaces: eth0=INET, eth1=LAN, 
eth2=switch para interconectar los linux.

Esto es para redundancia en un mismo linux:
  # ip route add default nexthop dev ppp0 nexthop dev ppp1

¿Como es en distintos linux?

1k gracias!!!!

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.yupimsn.com/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Daniel Ardelian]

  I have a 64 Kbps leased line IDSL connection (with static IP address). My 
modem is connected to the server via a 10 Mbps Ethernet connection. The server 
currently runs Win2000 Pro with Internet Connection Sharing to provide Internet 
access to my private network (10 workstations). I also use an Apache Web server 
to host my company's web page on this server. This configuration provided good 
service until the number of workstations increased from 5 to 10 and Kazaa 
appeared. If a user starts a longer download, others cant access the Internet. 
So I'm considering switching from Win2000 to Linux and using some sort of 
traffic shaping. Furthermore, the internal network will have to be split into 2 
subnets for privacy purposes.
  What I want to achieve looks something like this:

  1) Incoming traffic (outside surfers visiting the company web page) must have 
the highest priority, and probably, for some time, the web server will still 
have to run on Win2000, until some CGI web apps are ported to linux
  2) The two internal subnets should have the same download priority, lower 
than incoming traffic
  3) The available bandwidth should be equally split between any active 
internal users (if only 1 user is active, it should get all available 
bandwitdh).

  Can anyone tell me if I can achieve all that with a linux box and 3 NIC's ?
  I have no previous linux experience, but after googling for a day or two, I 
know this:
  1) I will have to use IP Masquerading
  2) It looks like i should use the Stochastic Fairness Queueing (SFQ) to shape 
outgoing traffic
  3) I have no idea how to achieve requirement no. 1 (regarding incoming 
traffic to my web site before any other traffic)

  Thanks in advance. Any suggestions are welcome, I dont expect anyone to solve 
the problem for me, maybe just some hints as to where I should look next...

______________________________________________________________________
Do you want a free e-mail for life ? Get it at http://www.personal.ro/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Wednesday 30 July 2003 19:04, Daniel Ardelian wrote:

This can be fun :)  A windows guy playing with traffic shaping :)

>   I have a 64 Kbps leased line IDSL connection (with static IP address). My
> modem is connected to the server via a 10 Mbps Ethernet connection. The
> server currently runs Win2000 Pro with Internet Connection Sharing to
> provide Internet access to my private network (10 workstations). I also use
> an Apache Web server to host my company's web page on this server. This
> configuration provided good service until the number of workstations
> increased from 5 to 10 and Kazaa appeared. If a user starts a longer
> download, others cant access the Internet. So I'm considering switching
> from Win2000 to Linux and using some sort of traffic shaping. Furthermore,
> the internal network will have to be split into 2 subnets for privacy
> purposes.
>   What I want to achieve looks something like this:
>
>   1) Incoming traffic (outside surfers visiting the company web page) must
> have the highest priority, and probably, for some time, the web server will
> still have to run on Win2000, until some CGI web apps are ported to linux
You can put your web-server in your LAN and do port forwarding :

# Redirecting incoming traffic on port 80 to your web-server (eth1 is you 
internet NIC and 192.168.1.253 is you web-server ip address)
 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 
192.168.1.253:80

> 2) The two internal subnets should have the same download priority, lower
> than incoming traffic
No problem.

>   3) The available bandwidth should be equally split between any active
> internal users (if only 1 user is active, it should get all available
> bandwitdh).
No problem.

>   Can anyone tell me if I can achieve all that with a linux box and 3 NIC's
> ? I have no previous linux experience, but after googling for a day or two,
> I know this:
>   1) I will have to use IP Masquerading
>   2) It looks like i should use the Stochastic Fairness Queueing (SFQ) to
> shape outgoing traffic
Not really.

>   3) I have no idea how to achieve requirement no. 1 (regarding incoming
> traffic to my web site before any other traffic)
>
>   Thanks in advance. Any suggestions are welcome, I dont expect anyone to
> solve the problem for me, maybe just some hints as to where I should look
> next...
Ok, first of all, you can only shape outgoing traffic.  If you have 3 nic's 
and want to shape traffic from the internet to you, this can be problem.  But 
you can patch the kernel so you can create a virtial imq device.  And with 
simple iptables commands, you can redirect all incoming packets from the 
internet to this imq device.  The good news is you can shape on that imq 
device.

For the shaping part (once you have all the trafffic entering the imq device), 
you have to create 3 classes : one for the web-server, one for subnet 1 and 
one for subnet 2.  The only problem you will have is splitting the traffic.  
Incoming traffic has the src address of the firewall so you can not use the 
src address to filter.

The classes can be htb or cbq class.  But I suggest you go for htb.  
To create the htb classes, see lartc.org and docum.org

Good luck :)

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Gabriel Corcodel]

Well,
I came here with a strange problem.
Let's have the following topology.
Equipment A (IPAddr 192.168.1.x) - Interface 1 Linux Router
(192.168.1.1)-Interface 2 Linux Router (192.168.2.1) - Equipment B (IPAddr
192.168.2.x)
Quite simple, isn't it?
What I want...
I want a program onto the Linux Router which can modify the values of ping
and packet loss which are obtained between equipments A and B.
I want to ... shuffle the packets, to make, for example, that always packets
5,6 and 7 from a raw of 8 packets sent from device A to B to reach device B
after the arrival of packet 8, etc.
Whats the point?
I want to inform the customers which are using those equipments/applications
that if the ping is increasing, let's say, over 180 ms, or, if the packet
loss is increased over 30% or the jitter, or... they will loose
connectivity/they will experience [...] problems.
And, in order for me to have this informations, I have to emulate diferent
aspects of a real network.
So... how can I do this?
Any ideas?
BTW - it's not a matter of bandwidth here...
Bandwidth used can be something between 64k and 256k, for example, but I am
not interested in increasing trafic over the interfaces in order to emulate
network losses/problems.

BRGS,
Gabriel Corcodel
Alsys Data SRL Bucuresti
Network, HP Netservers & HP Networking solutions manager


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Monday 01 September 2003 20:05, Gabriel Corcodel wrote:
> Well,
> I came here with a strange problem.
> Let's have the following topology.
> Equipment A (IPAddr 192.168.1.x) - Interface 1 Linux Router
> (192.168.1.1)-Interface 2 Linux Router (192.168.2.1) - Equipment B (IPAddr
> 192.168.2.x)
> Quite simple, isn't it?
> What I want...
> I want a program onto the Linux Router which can modify the values of ping
> and packet loss which are obtained between equipments A and B.
> I want to ... shuffle the packets, to make, for example, that always
> packets 5,6 and 7 from a raw of 8 packets sent from device A to B to reach
> device B after the arrival of packet 8, etc.
> Whats the point?
> I want to inform the customers which are using those
> equipments/applications that if the ping is increasing, let's say, over 180
> ms, or, if the packet loss is increased over 30% or the jitter, or... they
> will loose
> connectivity/they will experience [...] problems.
> And, in order for me to have this informations, I have to emulate diferent
> aspects of a real network.
> So... how can I do this?
> Any ideas?
Only one :
http://snad.ncsl.nist.gov/itg/nistnet/

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Randolph Carter]

Seem you want to achieve somekind of concave service curve but with
terrible times, maybe you could try to do it some way the HFSC queuer
does but definitly not in a script or using HTB, HTB uses a linear service
curve as a Token Bucket actually does, you should try using the linux port
of the HFSC made by Alex Goldney you can find further info here

http://members.optushome.com.au/agoldney/

HFSC is intented for delay bounding, but I think you could do some strange
arragments to achieve what u say. Tell me if u get it.

You're not drunk if you can lie on the floor without holding on.
		-- Dean Martin
last night.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Senthil Nathan V]

Hi all,
        I 'm working on Bandwidth management. I need the facility of
traversing the rules in IPTABLES even after processing a rule. I
was told that IPT_CONTINUE would help me. But I 'm not able to get
information about FROM WHERE TO GET and HOW TO MAKE MY KERNEL
PATCHED WITH IPT_CONTINUE.
        I will be greatful if any one can help me out.

   -regards,

    Senthil Nathan V
    Deeproot Linux Pvt Ltd,
    Bangalore

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Edmund Turner]

Hey guys and gals,
Sorry for the 'newbie' question, but I would like to get some help on
configuring my HTB qdiscs form my network. My network setup:

LAN --> Firewall --> Router -->Internet
		|
		|
		--> DMZ

So much for the Ascii artist in me. :)
The firewall has 3 interfaces:
Eth0 = LAN --> 100Mbps NIC
Eth1 = DMZ --> 100Mbps NIC 
Eth2 = Internet --> 4MB link to internet

Backgrond:
DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs)
I notice that users download A LOT of data at high transfer rates from a
servers in DMZ zone. 
WEB/FTP server :10.100.1.1/24
SMTP server:10.100.1.2/24

LAN Eth0: I have 3 different VLANs to categories the 3 different
departments. 
VLAN1 -192.168.1.0/24
VLAN2 -192.168.2.0/24
VLAN3 -192.168.3.0/24

External Eth2 : 4MB Leased line to the internet.

Currently my router that is connected to the 4MB leased line is becoming
the bottleneck! How do I make the firewall Eth0 become the
bottleneck????

My objectives:
1.) I want to limit the bandwidth from the WEB/FTP servers from the DMZ
to either the internet or the LAN.
This is what I did:

tc qdisc add dev eth0 root handle 1: htb default 10 
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil
256kbps prio 7
tc filter add dev eth0 protocol ip parent 1:1 prio 7 handle 7 fw classid
1:10

tc qdisc add dev eth1 root handle 2: htb default 10 
tc class add dev eth1 parent 2: classid 2:1 htb rate 3840kbps 
tc class add dev eth1 parent 2:1 classid 2:10 htb rate 128kbps ceil
128kbps prio 7
tc filter add dev eth1 protocol ip parent 2:1 prio 7 handle 7 fw classid
2:10


tc qdisc add dev eth2 root handle 3: htb default 10 
tc class add dev eth2 parent 3: classid 3:1 htb rate 3840kbps 
tc class add dev eth2 parent 3:1 classid 3:10 htb rate 128kbps prio 7
tc filter add dev eth2 protocol ip parent 3:1 prio 7 handle 7 fw classid
3:10

/sbin/iptables -A PREROUTING -I eth1 -s 10.100.1.1 -t mangle -j MARK
--set-mark 7
/sbin/iptables -A PREROUTING -I eth1 -d 10.100.1.1 -t mangle -j MARK
--set-mark 7

After testing Via FTP/web downloads. It appears that Ive managed to
limit the amount of bandwidth thru and from the FTP/WEB server from the
DMZ. All other traffic (internet surfing etc) will fall into the default
rules correct? Did I miss anything out? 

I would like to limit the max amount of bandwidth on Eth0 to 10MB
I would like to limit the max amount of bandwidth on Eth0 to 3840kbps
I would like to limit the max amount of bandwidth on Eth2 to 3840kbps.
(4MB leased line to internet.
Did I accomplish this?

Any help in anyway is appreciated!
Regards
edmund


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Edmund Turner]

Hey guys and gals,
Sorry for the 'newbie' question, but I would like to get some help on
configuring my HTB qdiscs form my network. My network setup:

LAN --> Firewall --> Router -->Internet
		|
		|
		--> DMZ

So much for the Ascii artist in me. :)
The firewall has 3 interfaces:
Eth0 = LAN --> 100Mbps NIC
Eth1 = DMZ --> 100Mbps NIC 
Eth2 = Internet --> 4MB link to internet

Backgrond:
DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs)
I notice that users download A LOT of data at high transfer rates from a
servers in DMZ zone. 
WEB/FTP server :10.100.1.1/24
SMTP server:10.100.1.2/24

LAN Eth0: I have 3 different VLANs to categories the 3 different
departments. 
VLAN1 -192.168.1.0/24
VLAN2 -192.168.2.0/24
VLAN3 -192.168.3.0/24

External Eth2 : 4MB Leased line to the internet.

Currently my router that is connected to the 4MB leased line is becoming
the bottleneck! How do I make the firewall Eth0 become the
bottleneck???? Should I limit it to 10mbits as such:
tc qdisc add dev eth0 root handle 1: htb default 10 
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit


My objectives:
1.) I want to limit the bandwidth from the WEB/FTP servers from the DMZ
to either the internet or the LAN.
This is what I did:

tc qdisc add dev eth0 root handle 1: htb default 10 
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil
256kbps prio 7
tc filter add dev eth0 protocol ip parent 1:1 prio 7 handle 7 fw classid
1:10

tc qdisc add dev eth1 root handle 2: htb default 10 
tc class add dev eth1 parent 2: classid 2:1 htb rate 3840kbps 
tc class add dev eth1 parent 2:1 classid 2:10 htb rate 128kbps ceil
128kbps prio 7
tc filter add dev eth1 protocol ip parent 2:1 prio 7 handle 7 fw classid
2:10


tc qdisc add dev eth2 root handle 3: htb default 10 
tc class add dev eth2 parent 3: classid 3:1 htb rate 3840kbps 
tc class add dev eth2 parent 3:1 classid 3:10 htb rate 128kbps prio 7
tc filter add dev eth2 protocol ip parent 3:1 prio 7 handle 7 fw classid
3:10

/sbin/iptables -A PREROUTING -I eth1 -s 10.100.1.1 -t mangle -j MARK
--set-mark 7
/sbin/iptables -A PREROUTING -I eth1 -d 10.100.1.1 -t mangle -j MARK
--set-mark 7

After testing Via FTP/web downloads. It appears that Ive managed to
limit the amount of bandwidth thru and from the FTP/WEB server from the
DMZ. All other traffic (internet surfing etc) will fall into the default
rules correct? Did I miss anything out? 

I would like to limit the max amount of bandwidth on Eth0 to 10MB
I would like to limit the max amount of bandwidth on Eth0 to 3840kbps
I would like to limit the max amount of bandwidth on Eth2 to 3840kbps.
(4MB leased line to internet.
Did I accomplish this?

Any help in anyway is appreciated!
Regards
edmund


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Edmund Turner]

Hey everyone,

I tried to mark traffic based on per subnet as to the usual per ip.
Example:
Tc class add dev eth0 parent 1:11 htb rate 400kbit ceil 500kbit prio4
Tc filter add dev eth0 parent 1:0 protocol ip prio 7 u32 dst
192.168.0.0/24 classid 1:11

After I enter this command, I did not get any errors. 
Does this mean that EACH IP belonging to that subnet will have a maximum
rate of 400kbit? 
Or does it mean that ALL the IPs in that subnet have a total of 400kbit?

Thanks in advance.

Regards
edmund 
	



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Stef Coene]

On Thursday 30 October 2003 06:51, Edmund Turner wrote:
> Hey everyone,
>
> I tried to mark traffic based on per subnet as to the usual per ip.
> Example:
> Tc class add dev eth0 parent 1:11 htb rate 400kbit ceil 500kbit prio4
> Tc filter add dev eth0 parent 1:0 protocol ip prio 7 u32 dst
> 192.168.0.0/24 classid 1:11
>
> After I enter this command, I did not get any errors.
> Does this mean that EACH IP belonging to that subnet will have a maximum
> rate of 400kbit?
No.

> Or does it mean that ALL the IPs in that subnet have a total of 400kbit?
Yes.

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] (no subject)

[Edmund Turner]

Thanks Stef!!!
Regards
edmund

-----Original Message-----
From: Stef Coene [mailto:stef.coene@docum.org] 
Sent: Thursday, October 30, 2003 6:12 PM
To: eturner@monash.edu.my; lartc@mailman.ds9a.nl
Subject: Re: [LARTC] (no subject)

On Thursday 30 October 2003 06:51, Edmund Turner wrote:
> Hey everyone,
>
> I tried to mark traffic based on per subnet as to the usual per ip.
> Example:
> Tc class add dev eth0 parent 1:11 htb rate 400kbit ceil 500kbit prio4
> Tc filter add dev eth0 parent 1:0 protocol ip prio 7 u32 dst
> 192.168.0.0/24 classid 1:11
>
> After I enter this command, I did not get any errors.
> Does this mean that EACH IP belonging to that subnet will have a
maximum
> rate of 400kbit?
No.

> Or does it mean that ALL the IPs in that subnet have a total of
400kbit?
Yes.

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Emmanuel]

Hello everyone,

I wanted to make some statistics about the use of TC in the beginning of
september. For that i asked you 4 questions. Some of you did answer. I told
you i would send the result and i Felt asleep. Yet I am awake back and I
send it.

First, I really thank those who answered my questions. Your contribution is
very usefull for me. So once more: THANK YOU !

Here are the results:

 - what type of qdisc you use
	HTB		12	43%
	CBQ		6	21%
	SFQ		4	16%
	PRIO		2	8%
	RED		1	3%
	GRED		1	3%
	DSMARK	1	3%
	TBF		1	3%
	TOTAL		28

 - if it is only for tests or for a "real" use (what use)
	Production	12	60%
	Tests		5	25%
	Domestique	3	15%
	TOTAL		20

 - how much qos box do you use
     1 - 4 - 5 - 3 - 6 - 9 - 3 - 1 - 1 - 1 - 2 - 1 - 1 - 10
	Between 1 and 10 PCs ; average 3

 - do you use anything else (Cisco, Unix ...)
	Uniquement Linux		11	61%
	FreeBSD + ALTQ		2	11%
	Cisco				2	11%
	Cisco (nothing serious)	3	17%
	TOTAL				18

Sorry for the time it took to come back and thank you for being patient.

Emmanuel

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[james jones]

Woops you might like to ask this question to the Gentoo mailing list
:-).

Unfortunatly I haven't had these problems with esearch, so I am not
of much help to ya.
 
James

|any idea why i get this :
|
|# esearch cfg-update
|Traceback (most recent call last):
|  File "/usr/bin/esearch", line 3, in ?
|    from output import bold, red, green, darkgreen, turquoise,
||nocolor
|ImportError: No module named output
|
| # eupdatedb
|Traceback (most recent call last):
|  File "/usr/sbin/eupdatedb", line 7, in ?
|    from output import red, darkgreen, green, bold, nocolor
|ImportError: No module named output
|
|
| app-portage/esearch-0.5.2

|tia
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Georgi Moskov]

Hi,

A machine behind my router sends ~ 60kbytes icmp packets which are
filtered to this class:

class htb 20:2072 root leaf 2072: prio 0 rate 256Kbit ceil 256Kbit burst
1926b cburst 1926b
Sent 11193783 bytes 5727 pkts (dropped 0, overlimits 0)
rate 60778bps 27pps
lended: 5727 borrowed: 0 giants: 712
tokens: 47175 ctokens: 47175

Because the packets are bigger than the mtu of the interface they get
fragmented, but as I understatnd it htb doesnt seem to shape them right
(the second rate should be ~32000bps, not 60778bps).

Am I missing something and if not will there be any problem if I filter
all packets bigger than 1500 bytes on my outgoing interface ?

Georgi Moskov,
TU-Varna
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Sam]

Hi,

are there any graphical frontends to iproute2/tc that are known to work
under Fedora core 1 ?

regards,

Sam.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Ibrahim Cherri]

Hello

I was testing HTB using IPerf TCP traffic and the results were very good. 
Until I tried to add some UDP traffic the results were a little strange.
this is my setup

tc qdisc del dev eth1 root
tc qdisc add dev eth1 handle 1:0 root htb default 2

tc class add dev eth1 parent 1:0 classid 1:1 htb rate 1mbit
tc class add dev eth1 parent 1:1 classid 1:2 htb rate 500kbit ceil 1mbit
tc class add dev eth1 parent 1:1 classid 1:3 htb rate 500kbit ceil 1mbit

tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip protocol 
17 0xff flowid 1:3

tc qdisc add dev eth1 parent 1:2 handle 20 pfifo limit 10
tc qdisc add dev eth1 parent 1:3 handle 30 pfifo limit 10

This simple setup should split the 1mbit bandwidth between TCP and UDP.
I run 2 IPerf clients simultaneously
Server:
iperf -s -p 200
iperf -s -p 400 -u
Client:
iperf -c $ServerIP -p 200
iperf -c $ServerIP -p 400 -u

then UDP traffic takes about 750kbit and TCP traffic takes about 250kbit
Can anyone tell me why is that?

thanx,
Ibrahim

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid963

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Roy]

Udp forwarding mostly cannnot be controled.
you can drop udp packets but server will not stop sending then to you
anyway.
(of course this depends on server software)

tcp can be controled so do not have this problem

----- Original Message ----- 
From: "Ibrahim Cherri" <ibrahim_cherri@hotmail.com>
To: <lartc@mailman.ds9a.nl>
Sent: Wednesday, April 07, 2004 5:12 PM
Subject: [LARTC] (no subject)


> Hello
>
> I was testing HTB using IPerf TCP traffic and the results were very good.
> Until I tried to add some UDP traffic the results were a little strange.
> this is my setup
>
> tc qdisc del dev eth1 root
> tc qdisc add dev eth1 handle 1:0 root htb default 2
>
> tc class add dev eth1 parent 1:0 classid 1:1 htb rate 1mbit
> tc class add dev eth1 parent 1:1 classid 1:2 htb rate 500kbit ceil 1mbit
> tc class add dev eth1 parent 1:1 classid 1:3 htb rate 500kbit ceil 1mbit
>
> tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip protocol
> 17 0xff flowid 1:3
>
> tc qdisc add dev eth1 parent 1:2 handle 20 pfifo limit 10
> tc qdisc add dev eth1 parent 1:3 handle 30 pfifo limit 10
>
> This simple setup should split the 1mbit bandwidth between TCP and UDP.
> I run 2 IPerf clients simultaneously
> Server:
> iperf -s -p 200
> iperf -s -p 400 -u
> Client:
> iperf -c $ServerIP -p 200
> iperf -c $ServerIP -p 400 -u
>
> then UDP traffic takes about 750kbit and TCP traffic takes about 250kbit
> Can anyone tell me why is that?
>
> thanx,
> Ibrahim
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid963
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Amita Maheshwari]

hi,
I am currently working on a project on implementation of diffserv testbed
using tc utility from iproute2 package. i am struck in the dsmark qdisc
which allows to mark the DSCP field in IP header at the first hop router.
Once the packets are marked at the first hop , how to schedule them at the
outgoing interface of the router.What i mean is after creating classes for
each DS value, how to set priorities among these marked packets. What is tc
command for it? is there some default priority set like EF marked packets
will go fisrt then AF , etc.
Can someone help me?
 
Amita
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Anton Glinkov]

Hi

I want to block the IP traffic between any 2 hosts on a switched ethernet
LAN. Will setting all the possible IP addresses on a linux machine in the
LAN do the trick or there is another easier solution?

-- 
Anton Glinkov
network administrator

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] (no subject)

[Ed Wildgoose]

>I want to block the IP traffic between any 2 hosts on a switched ethernet
>LAN. Will setting all the possible IP addresses on a linux machine in the
>LAN do the trick or there is another easier solution?
>  
>

You need to arrange to have the linux machine running as that switch, 
which is unlikely to be practical.

See if your switch has such options (if it's a high end device).  
Otherwise your best option is to segregate the two LAN's and then route 
or bridge between then, the linux box will do filtering in the middle.

You haven't said what you are trying to achieve, so it's hard to offer 
better suggestions
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Alin Nonosel]

[-- Attachment #1.1: Type: text/plain, Size: 669 bytes --]

Hi

I set-up a gre tunnel between two linux boxes.
A short diagram is like this

lan1 -> router1 ----- router2 <- lan2

The tunnel works fine, i can ping from lan1 to lan2 but the problem is the speed between lan1 and lan2 is lower than it supposed to be
If i log in to router1 and transfer something from router2 or lan2 it is working at maximum speed, 1024kbits/s. The problem is if i log in to a computer in lan1 and try to transfer something either from router2 or lan2 is working very poor, with 256kbits or worse.
I also tried to add that line in iptables with --clamp-mss... same no luck 
I ran out of ideas and this is driving me crazy. PLease help!

[-- Attachment #1.2: Type: text/html, Size: 1185 bytes --]

[-- Attachment #2: frown.gif --]
[-- Type: image/gif, Size: 374 bytes --]

[LARTC] (no subject)

[james jones]

You might want to check out this script
http://www.geocities.com/jame_sj I just noticed a bug (that I need to
figure out...) in it but this should give a start..

James

Message: 4
From: "Cow" <cow@gline.us>
To: <lartc@mailman.ds9a.nl>
Date: Mon, 6 Sep 2004 23:56:13 +0200
Subject: [LARTC] HTB problem...

Hi folks.

Let's say I would like to make some bandwidth control on my network
using HTB. I have 2 clients:

PC1: 192.168.100.2
PC2: 192.168.100.3

Server:
192.168.100.1
This has 2 NIC's eth1 is local and eth2 is connected to the internet.

It could be nice to have a script, where you could specify, how much
bandwidth you want for a specific host on a network, like, PC1 has
10/100 MBit network, but only has 256/128, when surfing the net. PC2
has
the same network ofc, but 768/384 when surfing/downloading assuming
the
shared connection is 1024/512.

I am currently running wondershaper1.1a which works prefectly, but i
wish, it could be more specific.
Could also be nice, if it would be someway possible to check on the
clients IP or MAC address to verify, if it's "really them". Like it's
only PC1 and PC2 who have access to the server in the 192.168.*.*
segment. Hope i make myself clear.

My server runs redhat 9 in cmd mode/no GUI.
Iptables installed script, as firewall.

I think a script as i described, could be very complex to write,
therefore i ask, whoever is here, for help.
Thank you all in advance.

Regards
Rune Johannesen
Denmark
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[tepesu]

 first: my ISP mark MAN traffic with TOS 15 and i want tu can to filter
this kind of traffic with iptables

 second: i use imq patch for kernel 2.6.9 and htb for some traffic
management 

 third: i want to redirect the traffic marked with TOS 15 imq1 or imq0 and
then to came with some htb rules. just this ...

 how must to modified to can to do some thins ? ...

#iptables -t mangle -A PREROUTING -m tos --tos 0x15 -j IMQ --todev 0
iptables v1.2.11: Bad TOS value `0x15'
Try `iptables -h' or 'iptables --help' for more information.

#iptables -t mangle -A PREROUTING -m tos --tos 15 -j IMQ --todev 0
iptables v1.2.11: Bad TOS value `15'
Try `iptables -h' or 'iptables --help' for more information.


thanks
Mihai



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Oswin Budiman]

> Have you done ifconfig lo mtu 1500 ?

Yup, it also didn't work. Any clue?

Just for note, when I try a TBF shaping example from internet, it
works flawlessly.

-- 
- There's always the first for everything -
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[naveen andrew]

hi guyz
        i am doing a project on LARTC can some one
help me out with documentation part...is so plz send
the documentation for this Project



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] (no subject)

[Stanislav Nedelchev]

   ------------------
---------| external ip eth0 | ----------
        --------------------------           |
|---------------------------
                                             |  -------| Internal IP eth1    |
        --------------------------           |
|--------------------------
---------| external Ip eth2 | ----------
        --------------------------

i want to put web and ftp traffic to eth2 and all other traffic to eth0
is it possible can anybody help me to do that

here is my config
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.0.0/0 -d !
192.168.0.0/16 -p tcp --dport 80 -j SNAT --Extermal IP on Eth2
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/0 -d !
192.168.0.0/16 -j  SNAT --External IP on Eth0

213.32.208.248    0.0.0.0                255.255.255.248 U     0
0        0 eth0
213.32.208.248    0.0.0.0               255.255.255.248 U     0      0
      0 ipsec0
192.168.5.0         213.32.208.249  255.255.255.0   UG    0      0
  0 ipsec0
217.10.130.0        0.0.0.0              255.255.255.0   U     0
0        0 eth2
192.168.128.0      213.32.208.249  255.255.255.0   UG    0      0
 0 ipsec0
192.168.0.0         0.0.0.0               255.255.255.0   U     0
0        0 eth1
192.168.32.0      213.32.208.249    255.255.240.0   UG    0      0
  0 ipsec0
127.0.0.0            0.0.0.0               255.0.0.0       U     0
0        0 lo
0.0.0.0              213.32.208.249     0.0.0.0         UG    1      0
      0 eth0
0.0.0.0               217.10.130.1        0.0.0.0         UG    2
0        0 eth2

Thanks is Advance
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] (no subject)

[Supratim Mitra]

[-- Attachment #1: Type: text/plain, Size: 686 bytes --]

Hi.

Need some solution to resolve Vlan on Fedora Core 2 release Operating
system configured on HP Proliant DL 320 G3 server (Monitor Server).

The system is part of telecommunication equipment to manage the data
VLAN tagging of data or management traffic.I have enclosed a brief
connectivity diagram. The problem is when FTP is initiated within VLAN
the downloading is reduced to half, user is configured to 512 KBPS
Broadband Connection. If the vlan is removed the FTP is fine both
direct (Down & Uploading).

I feel the problem is somever in the VLAN configuration which we are
not to pinpoint the problem.

Please suggest!.

Thanx in Advance!

Regards
Supratim

[-- Attachment #2: Slide1.GIF --]
[-- Type: image/gif, Size: 4481 bytes --]

[-- Attachment #3: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] (no subject)

[KOMUNIKA SYSTEM]

Dear all,

I've install htb init on my fedora core 3. and I also have 2 VSAT with 4 meg
each link. How can I merge both of the link into 8 meg? Is it possible to do
that? 

Thx.

KOMUNIKA SYSTEM
Internet Solution Provider
www.komunikasys.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] (no subject)

[KOMUNIKA SYSTEM]

Dear all,

Please someone help me regarding how to merge 2 internet link connection. I
need to double the speed into my LAN. Is it possible to do that?

Thx.

KOMUNIKA SYSTEM
Internet Solution Provider
www.komunikasys.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] (no subject)

[Marek Kierdelewicz]

> Dear all,

Hi there!

> Please someone help me regarding how to merge 2 internet link
> connection. I need to double the speed into my LAN. Is it possible to
> do that?

Please read appropriate chapter of the Linux Advanced Routing and
Traffic Control Howto:

http://lartc.org/howto/lartc.loadshare.html

> KOMUNIKA SYSTEM
> Internet Solution Provider
> www.komunikasys.com

Marek Kierdelewicz
KoBa ISP
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] (no subject)

[comp.techs]

[-- Attachment #1: Type: text/plain, Size: 206 bytes --]

--===============0947133745==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5D5C4.969BF3F8"

This is a multi-part message in MIME format.

[-- Attachment #2: Type: text/plain, Size: 2122 bytes --]

Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport].
Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic.
Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces.
 
Testing with an ftp transfer of 300MB I would get various results:
1. one interface would be transfering at 36Mbit/s the other would be at 1.5Mbits/s [a -> b]
    or one interface would be transfering at 29Mbit/s and the other a 0.
2. I would get the same results from [b->a]
 
Is there something I missed or did not configure properly? Any help or suggestions would be appreciated.
 
jason
 
 
                    192.168.0.1     [ipsec tunnel]             192.168.0.2
             [A]      -------------------------------------------------------------        [B]
                    172.16.0.1       [ipsec tunnel]             172.16.0.2
                       -------------------------------------------------------------
 
 
[A] linux 2.6.13
internal 10.200.1.2/24
ext 192.168.0.1
ext 172.16.0.1
 
[gre tunnels]
netb 10.200.1.2
netb2 10.200.1.2
 
[B] linux 2.6.13
internal 10.200.0.2
ext 192.168.0.2
ext 172.16.0.2
 
[gre tunnels]
neta 10.200.0.2
neta2 10.200.0.2
 
 
a.
ip tunnel add netb mode gre remote 172.16.0.2 local 172.16.0.1 ttl 255
ip link set netb up
ip addr add 10.200.1.2 deb netb
 
ip tunnel add netb2 mode gre remote 192.168.0.2 local 192.168.0.1 ttl 255
ip link set netb2 up
ip addr add 10.200.1.2 dev netb2
ip route add equalize 10.200.0.0/24 nexthop via 10.200.1.2 dev netb nexthop via 10.200.1.2 dev netb2
 
b.
ip tunnel add neta mode gre remote 172.16.0.1 local 172.16.0.2 ttl 255
ip link set neta up
ip addr add 10.200.0.2 deb netb
 
ip tunnel add neta2 mode gre remote 192.168.0.1 local 192.168.0.2 ttl 255
ip link set neta2 up
ip addr add 10.200.0.2 dev neta2
ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via 10.200.0.2 dev neta2
 
 
 
 

[-- Attachment #3: Type: text/html, Size: 5741 bytes --]

[LARTC] (no subject)

[Greg Scott]

[-- Attachment #1.1: Type: text/plain, Size: 2998 bytes --]

Hello - 

I am using kernel 2.4.27 and running into behavior I don't know how to
explain.  

I have 2 relevant interfaces. eth0 is external, eth1 is internal.  My
internal LAN is 10.10.10.0/24.  My External range is 1.2.3.0/27 (dummied
up).  I have an H.323 videoconference device inside my internal LAN, but
at IP Address 1.2.3.11/27.  (IP Address dummied up.)  I want to proxy
ARP this device.  

Both eth0 and eth1 on my firewall have IP Addresses 1.2.3.2/27.  eth1
also has IP Address 10.10.10.1/24 and is the default gateway for all my
internal hosts.  The router outside my firewall is 1.2.3.1.  

So the network looks like this (apologies if email butchers my ASCII
art):

10.10.10.0/27               1.2.3.0/27
       10.10.10.n
     internal hosts
           |
<----+-----+--------+    +-------+------>to the Internet
     |              |    |       |
  Proxied           |    |       |
H.323 device       Firewall      Router
                  eth1   eth0
1.2.3.11    10.10.10.1  1.2.3.2  1.2.3.1
             1.2.3.2

/proc/sys/net/ipv4/conf/eth0/proxy_arp is 1.  
/proc/sys/net/ipv4/conf/eth1/proxy_arp is 1. 

My firewall has a route to 1.2.3.11 dev eth1.

The host at 1.2.3.11 has a default GW of 1.2.3.1.

This is where it gets weird.  The H.323 device should exchange a few TCP
packets with the far end and then thousands of UDP packets.  And I
should see this stream on the firewall watching both interfaces.  

I run tcpdump in two different windows on the firewall - one for eth1,
the other for eth0.  When I initiate an outbound H.323 call from the
device at .11, tcpdump on the firewall shows TCP packets flying on eth1,
but nothing on eth0 - almost all the time.  Calls don't complete most of
the time, although one call kind of completed.  Watching on the
firewall, I saw a TCP conversation on eth1, but nothing on eth0.  Very
strange!  One time a call completed all the way and UDP started flying -
as it should.  I saw a few UDP packets on eth0 and lots (thousands) of
UDP packets on eth1.  For the call that really completed, I would expect
to see thousasnds of UDP packets on both eth0 and eth1 - but instead saw
only a few on eth0.  

This behavior happens even with no firewall filtering rules in place.

My NATed 10.10.10.nn internal hosts work fine - in fact, my email server
posting this item to the list is one of those hosts.  

The obvious question - why such an old kernel?  Because it's worked for
everything I need so far and every 2.6.nn I try has other bugs with one
module or another.  

My questions - was proxy ARP broken in the 2.4.27 days?  Why doen't
tcpdump show me packets on both interfaces of the firewall?  Am I
missing a setup ingredient someplace?  Should the default GW on that
H.323 device be .2 (the firewall) or .1 (the Internet router)?  Does
mixing NAT and proxy ARP create problems?  Should I put the H.323 device
in its own little DMZ?

Thanks

- Greg Scott




[-- Attachment #1.2: Type: text/html, Size: 5386 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] (no subject)

[Leigh Sharpe]

[-- Attachment #1.1: Type: text/plain, Size: 1672 bytes --]

Hi all,
 I'm having a hell of a time getting my IFB to work. I know I've done
this before, so I'm missing something stupid. Can anybody tell me what
it might be?
Configs as follows:
 
--------
#!/bin/sh
modprobe ifb numifbs=1000
modprobe act_mirred
modprobe 8021q
 
brctl addbr br0
brctl setfd br0 0
brctl stp br0 off
brctl addif br0 eth1
brctl addif br0 eth2
ifconfig eth1 up
ifconfig eth2 up
ifconfig br0 up
 
tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
cell 8
tc qdisc add dev eth2 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
cell 8
 
ifconfig ifb0 up
 
tc qdisc add dev ifb0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
cell 8
 
tc class add dev ifb0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate
100Kbit weight 10Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated
 
tc qdisc add dev eth1 ingress
tc qdisc add dev eth2 ingress
tc filter add dev eth1 parent ffff: protocol ip prio 10 u32 match u32 0
0 action mirred egress redirect dev ifb0
tc filter add dev eth2 parent ffff: protocol ip prio 10 u32 match u32 0
0 action mirred egress redirect dev ifb0
 
tc filter add dev ifb0 parent 1:0 protocol ip prio 1 u32 match u32 0 0
flowid 1:1
--------------
 
By my reckoning, this should redirect all packets passing through eth2
and eth1 through the IFB, and put a rate limit on the IFB of
100Kbits/sec.
What have I missed?
 
 
 
 
Regards,
             Leigh
 
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
Helpdesk 1300 300 616
email lsharpe@pacificwireless.com.au
web www.pacificwireless.com.au
 


[-- Attachment #1.2: Type: text/html, Size: 4413 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] (no subject)

[Anirudh Gottumukkala)me in Google Accounts (Anirudh Gottumukkala]

[-- Attachment #1.1: Type: text/plain, Size: 272 bytes --]

Hello

I am anirudh, I need help to write script to fetch detail like ips,
speedlimit  from mysql and add htb rules at the starting of the server. it
is for a small isp i am working for.

can any one help me out!, i had tried but fail to limit speed

-- 
Anirudh Chowdary

[-- Attachment #1.2: Type: text/html, Size: 312 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] <no subject>

[Stef Coene]

On Saturday 12 October 2002 18:28, Samuel Kerschbaumer wrote:
> Hello.
> Is it possible to configure Linux so that each machine connecting to the
> router gets the same bandwidth? I mean if one computer is downloading three
> things and another only one, can all computers get the same bandwidth?
Yes it can be done.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] <no subject>

[Samuel Kerschbaumer]

Hello.
Is it possible to configure Linux so that each machine connecting to the router gets the same bandwidth?
I mean if one computer is downloading three things and another only one, can all computers get the same bandwidth?
________________________________________________________________
Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! 
Beim WEB.DE Lottoservice: http://tippen2.web.de/?x\x13


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/