Re: [LARTC] HTB problem
Doesn't anyone have any ideas regarding my problem ? Mihai Tanasescu wrote: Hello, I'm having some problems using HTB to prioritize traffic on my linux router. The main problem is as follows: I have a 6Mbits channel on the metropolitan network and a 64kbps link for the sites outside my country. These 64kbps are dynamically allocated by my ISP so I usually get something like 128kbps , sometimes 512kbps and even 1 Mbit; it varies all the time. Because of this I don't know how to automatically adjust my HTB script depending on the total bandwidth available on the external link (without specifying the maximum to 64kbps thus limitting every connection even if my ISP grants me more than this bandwidth). Anyone got any ideas ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Upload restriction problem
Joel, : Is this list is died? or any one dont want to help. No, the list is not dead. Yes, there are people here who wish to help. So get in the queue and have some patience. : I am facing problem in restricting upload traffic on fake ip address : 10.0.0.0/8 network. I can easily restrict upload traffic on my real ip : address. : : eth0 --wan port connected to internet : eth1 --lan port connect to local network : : my script on eth1 is working properly bcoz it is for downlink traffic OK. Fair enough. : this is the script which is having problem. : : tc qdisc del dev eth0 root : tc qdisc add dev eth0 root handle 1: htb : tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil 80kbit quantum 1514 : ### Fake ip address : tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil 15kbit quantum 1514 : tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2 : tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.2.5.15 flowid 1:10 When you say "fake" IP address, I presume you mean an RFC 1918 address, which is not routable on public networks. If so, then you should probably read Stef Coene's FAQ note about this very situation [0]. : ### Real ip address : tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 25kbit quantum 1514 : tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2 : tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src x.x.x.x flowid 1:11 I presume that the x.x.x.x is a public IP address you are calling the "Real ip address". : This scipt can restrict the upload for Real ip address but Cant : restrict upload for Fake ip address. : I have checked this by # tc -s -d class ls dev eth0 Have you tried watching "tc -s -d class show dev eth0" at the same time as you are watching "tcpdump -nn -i eth0 host 10.2.5.15"? Do you see any packets leaving your box with a source address of 10.2.5.15? If not, then you should be able to figure out what you need to do. : tc filter cant match fake ip address ?? Well, frankly, "tc filter" only deigns to match on real addresses of transmitted packets*. And please don't tap the glass. This generally leads to irritated beasts. -Martin [0] http://www.docum.org/stef.coene/qos/faq/cache/59.html * This is humour. -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Upload restriction problem
Is this list is died? or any one dont want to help. ? Joel wrote: Dear all, I am facing problem in restricting upload traffic on fake ip address 10.0.0.0/8 network. I can easily restrict upload traffic on my real ip address. eth0 --wan port connected to internet eth1 --lan port connect to local network my script on eth1 is working properly bcoz it is for downlink traffic this is the script which is having problem. tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil 80kbit quantum 1514 ### Fake ip address tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil 15kbit quantum 1514 tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.2.5.15 flowid 1:10 ### Real ip address tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 25kbit quantum 1514 tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src x.x.x.x flowid 1:11 --- This scipt can restrict the upload for Real ip address but Cant restrict upload for Fake ip address. I have checked this by # tc -s -d class ls dev eth0 M i doing any thing wrong ?? tc filter cant match fake ip address ?? any Help ? Thanks joel ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
I tried the following rules and had the same bad latency results for the corp site to remote site. Below are the rules I tried which gave the bad (avg. 350ms) latency: corp rules tc qdisc add dev ipsec0 handle 1: root cbq bandwidth 600kbit avpkt 1000 tc class add dev ipsec0 parent 1: classid 1:1 cbq bandwidth 240kbit avpkt 500 prio 1 rate 240kbit bounded isolated tc filter add dev ipsec0 parent 1:0 protocol ip prio 100 route tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.20 flowid 1:1 tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.21 flowid 1:1 tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.22 flowid 1:1 remote rules-- tc qdisc add dev ipsec0 handle 1: root cbq bandwidth 580kbit avpkt 1000 tc class add dev ipsec0 parent 1: classid 1:1 cbq bandwidth 240kbit avpkt 500 prio 1 rate 240kbit bounded isolated tc filter add dev ipsec0 parent 1:0 protocol ip prio 100 route tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.0.7 flowid 1:1 Any help would be greatly appreciated. Please see the following post: Linux QOS and prioritization of real-time data (RTP/VoIP) From: Greg Freeman Sent: Wednesday, December 03, 2003 9:04 AM To: [EMAIL PROTECTED] Subject: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue Importance: High To stress the urgency and importance of my questions, I am willing to pay $100 to the first person that can provide me with the scripts/ rules that will work in my SnapGear firewalls that will solve the problems I am having. Please see the following post: Linux QOS and prioritization of real-time data (RTP/VoIP) Thank you! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] 2 internal nets, each one with its own provider
I tried the following rules and had the same bad latency results for the corp site to remote site. Below are the rules I tried which gave the bad (avg. 350ms) latency: corp rules tc qdisc add dev ipsec0 handle 1: root cbq bandwidth 600kbit avpkt 1000 tc class add dev ipsec0 parent 1: classid 1:1 cbq bandwidth 240kbit avpkt 500 prio 1 rate 240kbit bounded isolated tc filter add dev ipsec0 parent 1:0 protocol ip prio 100 route tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.20 flowid 1:1 tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.21 flowid 1:1 tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.22 flowid 1:1 remote rules-- tc qdisc add dev ipsec0 handle 1: root cbq bandwidth 580kbit avpkt 1000 tc class add dev ipsec0 parent 1: classid 1:1 cbq bandwidth 240kbit avpkt 500 prio 1 rate 240kbit bounded isolated tc filter add dev ipsec0 parent 1:0 protocol ip prio 100 route tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.0.7 flowid 1:1 Any help would be greatly appreciated. -Original Message- From: Cezar Atanasiu [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 7:37 AM To: [EMAIL PROTECTED] Subject: [LARTC] 2 internal nets, each one with its own provider Hi, and good evening, I encountered a quite weird problem yersterday evening, and I wonder if someone can explain the way of it. Anyway, there is goes : I have a client running two separate networks, NET-A (10.0.1.0/24) and NET-B (10.0.2.0/24) and two providers P-A, with gateway 192.168.0.1 and P-B with gateway 192.168.0.2. Now, as for the hardware part of it, there is one linux router hosting 4 ethernet cards on it, each connection having its on ethernet device, something like this : +-+ P-A eth0 | +--+---+ eth2 | if1 | NET-A ---+ | | Linux router | eth3 | | NET-B ---+ if2 | | | +--+---+ eth1 | +-+ P-B Hope you get the idea. As for the configuration, what I did was : setup 2 new routing tables, for P-A, and P-B, added the default gws to those tables, and setup 2 snat rules for the two networks in order to get each of them out on a separate provider. That does not seem to work, and I wonder if anyone has any idea why. Excuse me for the large email, and thankyou for your patience :) Cezar ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] compile errors
I've found a patch regarding this issue if still interested: http://englanders.cc/~jason/howtos.php?howto=iproute2 - Original Message - From: "Andrew Carson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 27, 2003 10:55 AM Subject: Re: [LARTC] compile errors > Jacek, > > Yep, that's what I ended up doing too... Oh well, it's a fix for now :^) > > > Andrew. > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
On Wednesday 03 December 2003 19:04, Greg Freeman wrote: > To stress the urgency and importance of my questions, I am willing to > pay $100 to the first person that can provide me with the scripts/ rules > that will work in my SnapGear firewalls that will solve the problems I > am having. Maybe this can help : - use the htb qdisc - for your RTP/VoIP class, use a short prio qdisc, not a sfq qdisc - preserve a minimum bandwidth for RTP/Voip example : limit all non RTP/Voip traffic to 600kbps so RTP/VoIP has always 40kbps immediatly available. This can be done with the ceil parameter if you use htb. If you don't do this and RTP/VoIP needs bandwidth, the other traffic has to throttle down and that can take some time. - if you use htb, give the RTP/VoIP class a lower prio BUT make sure that that class NEVER sends more data then the rate you give to that class. Good luck. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Willing to pay the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
Hello, To stress the urgency and importance of my questions, I am willing to pay $100 to the first person that can provide me with the scripts/ rules that will work in my SnapGear firewalls that will solve the problems I am having. Please see the following post: " Linux QOS and prioritization of real-time data (RTP/VoIP) " Thank you! <>
[LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
To stress the urgency and importance of my questions, I am willing to pay $100 to the first person that can provide me with the scripts/ rules that will work in my SnapGear firewalls that will solve the problems I am having. Please see the following post: Linux QOS and prioritization of real-time data (RTP/VoIP) Thank you! <>
[LARTC] 2 internal nets, each one with its own provider
Hi, and good evening, I encountered a quite weird problem yersterday evening, and I wonder if someone can explain the way of it. Anyway, there is goes : I have a client running two separate networks, NET-A (10.0.1.0/24) and NET-B (10.0.2.0/24) and two providers P-A, with gateway 192.168.0.1 and P-B with gateway 192.168.0.2. Now, as for the hardware part of it, there is one linux router hosting 4 ethernet cards on it, each connection having its on ethernet device, something like this : +-+ P-A eth0 | +--+---+ eth2 | if1 | NET-A ---+ | | Linux router | eth3 | | NET-B ---+ if2 | | | +--+---+ eth1 | +-+ P-B Hope you get the idea. As for the configuration, what I did was : setup 2 new routing tables, for P-A, and P-B, added the default gws to those tables, and setup 2 snat rules for the two networks in order to get each of them out on a separate provider. That does not seem to work, and I wonder if anyone has any idea why. Excuse me for the large email, and thankyou for your patience :) Cezar ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multiple connections
On Tuesday 02 December 2003 16:42, Mihai Vlad wrote: > I hope I am not that pushy, but I cannot figure this out. > > > If 2 of my clients are downloading from the internet one file each, the > splitting works and one client gets 64kbps and the other 64kbps. > If one of those 2 clients are downloading by means of a Download Manager > (like Flash Get or Download Accelerator) every gets messed up. > The one downloading with multiple connections gets 90-95% of the bandwidth > and the other client gets almost nothing. > > In my opinion if I have 2 clients downloading at the same time, the sum of > all the connections from each other would have to be 64kbbit. > Please tell me what I have to change to make sure that the splitting works > ok. > I am sure for you this is a piece of cake but for me it's a nightmare :) > > This is the script that I use. > > > > $TC qdisc add dev $LAN_IFACE root handle 1: htb default 30 > $TC class add dev $LAN_IFACE parent 1: classid 1:1 htb rate 128kbit ceil > 128kbit burst 80k > > > #default- > $TC class add dev $LAN_IFACE parent 1:1 classid 1:30 htb rate 1kbit ceil > 128kbit burst 80k > $TC qdisc add dev $LAN_IFACE parent 1:30 handle 300: sfq perturb 10 > > > > > #-clients...- > > $TC class add dev $LAN_IFACE parent 1:1 classid 1:11 htb rate 8kbit ceil > 128kbit burst 80k > $FILTER_IP 192.168.0.121 flowid 1:11 > $TC qdisc add dev $LAN_IFACE parent 1:11 handle 110: sfq perturb 10 > > $TC class add dev $LAN_IFACE parent 1:1 classid 1:13 htb rate 8kbit ceil > 96kbit burst 80k > $FILTER_IP 192.168.0.123 flowid 1:13 > $TC qdisc add dev $LAN_IFACE parent 1:13 handle 130: sfq perturb 10 I don't know if it's the cause if your problems, but burst 80k is too high and your rate is too low. Burst is made for small burst of a few k, not 80k. And htb needs a minimal burst before htb can work properly. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] help with tc script to manage bandwidth
On Tuesday 02 December 2003 16:19, makinde olojede wrote: > Please can anybody provide a tc script and any other necessary detail to > manage my bandwidth that can just fit into my network. These are what I > want to achieve. > > 1. I want to dedicate 32K for my IP phone to have a clear phone call. > 2. I want all the computers on my network to share the remaining > bandwidth(N.B My ISP allocated abandwidth of 64K uplink and 128K > downlink) in such a way that allthe computers must shareequal > bandwidth and none of the computers should exhaust more than necessary > bandwidth todisturb others.Also the bandwidth should be shared based on > the number of computers that areactive. i.e if few computers are > available at any time they can use all the bandwidth sharedevenly. Can be done. > My intended network configuration are stated below: > > 1.I have a Linux box runing RH 9.0 with two network cards one(eth0) > connected to my ISP gateway modem with default gateway IP as > 10.0.0.254.The other network card(eth1) connected directly to my 24port hub > through which my entire network is connected. > 2. I assigned a private ip > address to eth0 192.168.1.1 and 192.168.2.1 for eth1 . ?? Eth0 is connected to your ip so you need an ip address on eth0 that's in the network of your ISP and this propably done with dhcp. > 3. I have up to 20 > workstations which I will assign ip address ranging from 192.168.2.3-22 > withtheir gateway set as 192.168.1.1. Shouldn't the gateway be 192.168.2.1 ? > 4. I have also set up the same > Linux box as a proxy server to allow all http request from all computer on > my LAN except 3computers with ip address 192.168.2.20-22 5. My ip phone > with ip address 192.168.2.25 cannot be under the proxy server also. This can be a problem. If you want to shape traffic and you use a proxy server on the same box, you don't know if the object was fetched from the cache or from the internet. Try to create a dedicated proxy server. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/