[LARTC] public subnet routing
Just wondering if someone could answer this question for me. I would like to route public addresses only. Their will be no firewall but maybe a few rules to deny certain types of traffic. Here is the configuration of the router. My provider gave a me a /30 link to their router also they gave me a /25 network for my customers public ip's Their cisco router has static route entrys for my public subnet The router has been configured as follows eth0 has been configured with : 205.95.67.102/30 eth1 is configured as 209.95.45.1/25 and is the gateway for my customers. Beside ip_forwarding being enabled is their anything that I need to do so my customers can access the ouside and the public to access their ip's. Thanks in advance for the help ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] sum of child rates exceeds parent rate
> > Wow wow, wait ! > Ok :) > > you can have 100 child classess in a sum of 100Megs, root class equal > > 10Megs. > > the sum of all child classes will be 10Megs, and no more (if > you ceil root > > rate to 10Megs it at htb) > Wrong. The configured rate of a class is _always_ satisfied. > If you have a > 100M link, a parent class ceiled to 10M and 100 classes with > rate = 1M, each > class will get 1M. So together they will get 100M. And even if > that is more > the the ceil of the parent. > So you can overlimit a parent class. Well, i must practice that. I've always thougght that root/parent queue tell lower queues to start dropping packets. Sure, you must be right, the queues will be told to drop packets, but they will not do it unless they get their typed rate. So if any of my 100 queues have 1Mbit traffic, then lower queues will start to drop anything that is above 1Mbit for each queue individually. So we overlimit 10Mbit celi about 10 times (in special case). A.Binder ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] ingress policing
Hi, I'm trying to police the incoming traffic by using ingress qdisc,this is what I have in my script tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 4 \ handle 1: u32 divisor 1 tc filter add dev eth0 parent : protocol ip prio 4 u32 \ match ip dport 4001 0x \ police rate 2000kbit burst 50k drop \ flowid 1:1 I'm sending a 9Mb traffic using iperf but noticed that the bandwith at the receiving end is 4 MB instead of 2M. When Im changing the police rate to 3MB, the traffic at the receiving end is 6MB. Any ideas why does this happen? Your help is greatly appreciated. Vince UTS CRICOS Provider Code: 00099F DISCLAIMER This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] sum of child rates exceeds parent rate
On Tuesday 13 January 2004 11:13, [EMAIL PROTECTED] wrote: > > It will try to give each class it's configured rate. An other > > problem is the > > bottleneck. YOU have to be the bottleneck and if you send more > > then your > > modem can handle, the modem will be the bottleneck and undo the traffic > > shaping. > > Wow wow, wait ! Ok :) > you can have 100 child classess in a sum of 100Megs, root class equal > 10Megs. > > the sum of all child classes will be 10Megs, and no more (if you ceil root > rate to 10Megs it at htb) Wrong. The configured rate of a class is _always_ satisfied. If you have a 100M link, a parent class ceiled to 10M and 100 classes with rate = 1M, each class will get 1M. So together they will get 100M. And even if that is more the the ceil of the parent. So you can overlimit a parent class. > The behave of which child class get more /equal tokens than other you set > by priority parameter. Yes and no. Each class will get his configured rate as a minimum. If the parent class has some bandwidth left, it will be given to the class with the lowest prio. At the same time, the class with the lowest prio will be able to send it's packets first and so will have a lower delay. BUT, if a low prio class uses more bandwidth then the configured rate, the latency goes up. > That is my theory with HTB+linux. With cbq many times total rate exceeds, > so i use it no more (it was not accurate). But HTB is accurate. Yes, but trust me, you need to follow some rules. You can find them on the faq page on docum.org. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bridge + leased line + tc
On Tuesday 13 January 2004 17:15, Wouter Coppens wrote: > Hi, > > I can't get traffic shaping working. > > This is my situation: > > > -- > Net1 - |router| | TC | --- Net2 > leased line -- > > eth1eth0 > > We use the leased line for normal traffic but also for synchronisation > between 2 servers. The leased line is 2mbit. The synchronisation > generates too much traffic and uses completely the 2mbit capacity of the > leased line. This is no problem during night, but we want to limit the > synchronisation traffic during day (or in other words: the sync-traffic > should get the lowest priority and the other traffic can use up to > 2mbit). > > According to the documentation, you can only shape outgoing traffic. We > took a PC (named TC) and put the network interfaces in bridge mode. > The synchronisation happens from Net1 to Net2, so TC is after the leased > line. > Normally you would shape the outgoing traffic on eth0, but this doesn't > work. We even tried to limit eth0 to 20kbit, but the synch-traffic > completely fills the leased line and no other traffic gets through. > > We found a temporary fix by using IMQ with iptables: > /sbin/tc qdisc del root dev imq0 > /sbin/tc qdisc add dev imq0 root handle 1: htb default 20 > /sbin/tc class add dev imq0 parent 1: classid 1:1 htb rate 2Mbit burst > 6k > /sbin/tc class add dev imq0 parent 1:1 classid 1:10 htb rate 64kbit ceil > 787kbit > /sbin/tc class add dev imq0 parent 1:1 classid 1:20 htb rate 2Mbit > /sbin/tc qdisc add dev imq0 parent 1:10 handle 10: sfq perturb 10 > /sbin/tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10 > /sbin/tc filter add dev imq0 parent 1: protocol ip prio 18 u32 match ip > dst 10.10.10.10 flowid 1:10 (10.10.10.10 is ip of server in Net2). > > > Is there a better way to give the sync-traffic the lowest priority? If > somybody starts a download it should get 2mbit and the sync-traffic > should get the rest (if any). > > We would like to upgrade to 2.6, but imq is not maintained. Any help? Your idea of using eth0 for shaping should work. What if you add a simple tbf qdisc to eth0? This limits all traffic leaving eth0 and can be used to "test" tc. If the tbf works, you can try to replace it with htb or cbq to do more fancy shaping. I never used a bridge to shape the traffic, but I found this im own faq : http://docum.org/stef.coene/qos/faq/cache/41.html Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bandwith Aggregation
Witaj Felipe, W Twoim licie datowanym 13 stycznia 2004 (19:49:34) mo¿na przeczytaæ: FH> I am working on my Diploma Thesis on Computer Science Engineering. FH> The main idea behind of my work is to make it possible to have FH> a Linux box combining multiple ISP/network connections together FH> providing a single connection with an aggregated bandwith. FH> I have been surfing the Internet and I haven't found anything FH> like that running on Linux. I would like to implement it using FH> iproute 2 tools, but I don't really know it it is possible now. FH> By the way, I have seen that in the LARTC jobs list there is FH> one called "Multipath routing". FH> Has anyone any idea of what is it about? Yes, I suppose this is what you want - Equal Cost Multipath Routes. This issue is discussed here almost every few days :( so for the start just -READ THE ARCHIVES- and you will find everything you need. IMHO the idea is well known but sometimes makes some troubles (I have such a setup with 3 ISP and no BGP just plain bandwidth aggregation), and there were much more examples in last year :) on the list. For the start read my posting from 15th Oct 03 as an working example. FH>Thank you in advance. FH> ___ FH> LARTC mailing list / [EMAIL PROTECTED] FH> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Pozdrowienia, Robert ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Bandwith Aggregation
I am working on my Diploma Thesis on Computer Science Engineering. The main idea behind of my work is to make it possible to have a Linux box combining multiple ISP/network connections together providing a single connection with an aggregated bandwith. I have been surfing the Internet and I haven't found anything like that running on Linux. I would like to implement it using iproute 2 tools, but I don't really know it it is possible now. By the way, I have seen that in the LARTC jobs list there is one called "Multipath routing". Has anyone any idea of what is it about? Thank you in advance. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Bridge + leased line + tc
Hi, I can't get traffic shaping working. This is my situation: -- Net1 - |router| | TC | --- Net2 leased line -- eth1eth0 We use the leased line for normal traffic but also for synchronisation between 2 servers. The leased line is 2mbit. The synchronisation generates too much traffic and uses completely the 2mbit capacity of the leased line. This is no problem during night, but we want to limit the synchronisation traffic during day (or in other words: the sync-traffic should get the lowest priority and the other traffic can use up to 2mbit). According to the documentation, you can only shape outgoing traffic. We took a PC (named TC) and put the network interfaces in bridge mode. The synchronisation happens from Net1 to Net2, so TC is after the leased line. Normally you would shape the outgoing traffic on eth0, but this doesn't work. We even tried to limit eth0 to 20kbit, but the synch-traffic completely fills the leased line and no other traffic gets through. We found a temporary fix by using IMQ with iptables: /sbin/tc qdisc del root dev imq0 /sbin/tc qdisc add dev imq0 root handle 1: htb default 20 /sbin/tc class add dev imq0 parent 1: classid 1:1 htb rate 2Mbit burst 6k /sbin/tc class add dev imq0 parent 1:1 classid 1:10 htb rate 64kbit ceil 787kbit /sbin/tc class add dev imq0 parent 1:1 classid 1:20 htb rate 2Mbit /sbin/tc qdisc add dev imq0 parent 1:10 handle 10: sfq perturb 10 /sbin/tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10 /sbin/tc filter add dev imq0 parent 1: protocol ip prio 18 u32 match ip dst 10.10.10.10 flowid 1:10 (10.10.10.10 is ip of server in Net2). Is there a better way to give the sync-traffic the lowest priority? If somybody starts a download it should get 2mbit and the sync-traffic should get the rest (if any). We would like to upgrade to 2.6, but imq is not maintained. Any help? Thanks in advance, Wouter ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] sum of child rates exceeds parent rate
> > Note : The actual traffic flowing via that pc is around 6Meg to 15Meg > > I assume the problem will come only when the traffic is more > than 45Meg. > Indeed. > > > Now if i create child classes whose sum of rates crosses more > than 45Meg ? > > 1.How that tc behaves. > It will try to give each class it's configured rate. An other > problem is the > bottleneck. YOU have to be the bottleneck and if you send more > then your > modem can handle, the modem will be the bottleneck and undo the traffic > shaping. Wow wow, wait ! you can have 100 child classess in a sum of 100Megs, root class equal 10Megs. the sum of all child classes will be 10Megs, and no more (if you ceil root rate to 10Megs it at htb) The behave of which child class get more /equal tokens than other you set by priority parameter. That is my theory with HTB+linux. With cbq many times total rate exceeds, so i use it no more (it was not accurate). But HTB is accurate. A.Binder ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] simple(?!?) source routing
Hi, I've set up a Linux box with redhat on to act as an internet gateway and I'm running into a few problems. Its got two adsl modems connected to it, both connected to seperate 512kbs lines. Now I've followed the simple source routing in the advanced routing howto to the letter but it doesnt work. I've got it autoconnecting on startup and redhat puts ppp1 as the default gateway, this is then setup for masquerading for the entire network. Therefore I've tried setting up ppp0 as the deafult gateway for only one computer (10.0.0.11), as it says at http://lartc.org/howto/lartc.rpdb.html#LARTC.RPDB.SIMPLE I've done everything it says there and im 99% sure I've put the right ip addreses in etc. When Ive gone through it that computer is no longer able to access the net (the rest of the network is unaffected). I'm pretty sure its the way ppp0 is configured, if I set it up so 10.0.0.11 uses ppp1 instead of ppp0 (ip rule add default via xxx.xxx.xxx.xxx dev ppp1 table chris) it works fine but obviously thers no point in that. Hope all this makes sence to someone, it baerly does ti me. May thanks in advance. Chris
[LARTC] problem with the new htb 3.14 patch (fwd)
Hello ! I have patched with htb 3.14 and recompiled my 2.4.23 kernel but after that the tc didn't use the htb modul and said that for the command: yoda:~# tc -d qdisc qdisc pfifo_fast 0: dev eth0 [Unknown qdisc, optlen=20] qdisc pfifo_fast 0: dev eth1 [Unknown qdisc, optlen=20] My system runs on a dual 2.4 Intel Xeon system with Debian Woody rc1 and use SMP support. please if you need any further info or have idea for the promlem write me. thanx Szabolcs Toth ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/