[LARTC] Traffic shaping: upload should not hurt download
Hello! I have a small home network and I'd like to use traffic shaping because every time someone uploads a file at full speed, my download speed drops to ~10 KB/s. My connection is 768/128 DSL. I found a script at http://www.knowplace.org/shaper/examples.html $TC qdisc add dev $INTERFACE root handle 1: htb default 60 $TC class add dev $INTERFACE parent 1: classid 1:1 htb rate 116kbit $TC class add dev $INTERFACE parent 1:1 classid 1:10 htb rate 32kbit ceil 116kbit prio 0 $TC class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 22kbit ceil 116kbit prio 1 $TC class add dev $INTERFACE parent 1:1 classid 1:30 htb rate 22kbit ceil 116kbit prio 2 $TC class add dev $INTERFACE parent 1:1 classid 1:40 htb rate 20kbit ceil 116kbit prio 3 $TC class add dev $INTERFACE parent 1:1 classid 1:50 htb rate 18kbit ceil 116kbit prio 4 $TC class add dev $INTERFACE parent 1:1 classid 1:60 htb rate 2kbit ceil 116kbit prio 5 $TC qdisc add dev$INTERFACE parent 1:10 handle 10: sfq perturb 10 $TC qdisc add dev$INTERFACE parent 1:20 handle 20: sfq perturb 10 $TC qdisc add dev$INTERFACE parent 1:30 handle 30: sfq perturb 10 $TC qdisc add dev$INTERFACE parent 1:40 handle 40: sfq perturb 10 $TC qdisc add dev$INTERFACE parent 1:50 handle 50: sfq perturb 10 $TC qdisc add dev$INTERFACE parent 1:60 handle 60: sfq perturb 10 This works quite well as I can download a file at about 70 KB/s when uploading a file at full speed. But http traffic is not that good. I still want to have a good surfing speed. I slightly modified the line where iptables classifies http packets. I set this rule to class 1:10 (highest priority). But that doesn't change very much. It should be possible because I have seen such a solution under Windows using the cFos PPPoE driver. You are able to upload and download a file at full speed while surfing is still possible. So do you have any ideas how to optimize the above script or do you know a better solution? It is only important to me that downloading and surfing is still possible while uploading at a good speed (should be around 12 KB/s). Thanks! -- Regards, André ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] the cisco vs. Linux thread
On Thu, Jul 08, 2004 at 02:44:26PM -0700, Nicholas Erkert wrote: On a side note has anyone built a linux router with dual/quad port ethernet cards (ie Intel PRO/1000 MT Quad Port Server Adapter)? I have bulit a linux router with quad D-Link DFE-580TX nics. It works like a charm and is routing between four local LANs. But had to use kernel patch for those cards because in-kernel driver wasn't good enough. przemol ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Traffic shaping: upload should not hurt download
So do you have any ideas how to optimize the above script or do you know a better solution? It is only important to me that downloading and surfing is still possible while uploading at a good speed (should be around 12 KB/s). Yes its easily possible. Why not trying to start from one of the following scripts (which are very good) I prefer the first for most home applications http://digriz.org.uk/jdg-qos-script/ http://www.metamorpher.de/fairnat/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] the cisco vs. Linux thread
Hi przemolicc@2004.07.12_09:18:07_+0200 On a side note has anyone built a linux router with dual/quad port ethernet cards (ie Intel PRO/1000 MT Quad Port Server Adapter)? I have bulit a linux router with quad D-Link DFE-580TX nics. It works like a charm and is routing between four local LANs. But had to use kernel patch for those cards because in-kernel driver wasn't good enough. Could you please post a link to the driver for that nic? -- Regards Abraham TODAY the Pond! TOMORROW the World! -- Frogs (1972) ___ Abraham vd Merwe - Frogfoot Networks CC 1st Floor, Albion Springs, 183 Main Road, Newlands Phone: +27 21 689 3876 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/ Email: [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Please help... classical problem
Hello all.. i'm a newbie in LARTC... And I reallize that my problem is a clasical problem in this LARTC milist. So if anyone dont mind.. please help me with this... Situation : LAN -- Gateway-- Internet 10.0.0.0/8 -- eth0 eth1-- 20.0.0.0/8 Linux Box: RedHat 8.0 /sbin/tc size is +- 700 kb #NAT to all computer to access the internet iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE # partly copy from : http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbps tc class add dev eth0 parent 1:1 classid 1:10 htb rate 30kbps tc class add dev eth0 parent 1:1 classid 1:11 htb rate 10kbps tc class add dev eth0 parent 1:1 classid 1:12 htb rate 60kbps # i want to filter all ftp activity to get a slower bandwidth tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.0.0.0/8 match ip dport 20 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.0.0.0/8 match ip sport 20 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.0.0.0/8 match ip dport 21 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.0.0.0/8 match ip sport 21 0x flowid 1:10 # i read in docum.org that source and destinantion should be write in hexa tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.0.0.0/8 match ip dport 14 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.0.0.0/8 match ip sport 14 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.0.0.0/8 match ip dport 15 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.0.0.0/8 match ip sport 15 0x flowid 1:10 I have try this script... and the result is that the script is not doing like what i like to do. FTP is running in default bandwidth, 60kbps, not 30 kbps. Is anyone can help me ? what wrong with this configuration ? __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] the cisco vs. Linux thread
On Mon, Jul 12, 2004 at 10:15:57AM +0200, Abraham van der Merwe wrote: Hi przemolicc@2004.07.12_09:18:07_+0200 On a side note has anyone built a linux router with dual/quad port ethernet cards (ie Intel PRO/1000 MT Quad Port Server Adapter)? I have bulit a linux router with quad D-Link DFE-580TX nics. It works like a charm and is routing between four local LANs. But had to use kernel patch for those cards because in-kernel driver wasn't good enough. Could you please post a link to the driver for that nic? This is part of a header: /* These identify the driver base version and may not be removed. */ static const char version1[] = sundance.c:v1.11 2/4/2003 Written by Donald Becker [EMAIL PROTECTED]\n; static const char version2[] = http://www.scyld.com/network/sundance.html\n;; /* Updated to recommendations in pci-skeleton v2.12. */ przemol ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] ebtables and HTB bandwidth shaping - change frame or packet sizes
Hallo I have recently implemented a Fedora core 2 Linux box with ebtables and HTB for doing some traffic shaping What I would like to know is if there are some way to change the packet or frame sizes of the traffic that passes through this type of system. If I am understand correctly this will also help with the bandwidth, maybe not on throughput but definitely on continues throughput if the data line is running in the 99% utilization. We had a demo on our data line with a system called packeteer, and it seems as if this product intercepts the packet and changes the packet or frame size and therefore the traffic will not hog the bandwidth that easily. This how ever is a very expensive product and if one can do it on Linux why not. I have more or less the same queues setup than what was the case for the packeteer demo and currently I do not see that big a change than with packeteer. Can someone give me some advice and if at all possible give me an indication of how to go about to do this. Groete / Regards Thomas ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] the cisco vs. Linux thread
On Mon, Jul 12, 2004 at 10:56:56AM +0200, Abraham vd Merwe wrote: This is part of a header: /* These identify the driver base version and may not be removed. */ static const char version1[] = sundance.c:v1.11 2/4/2003 Written by Donald Becker [EMAIL PROTECTED]\n; static const char version2[] = http://www.scyld.com/network/sundance.html\n;; /* Updated to recommendations in pci-skeleton v2.12. */ That looks rather outdated. The link is stale and Donald Becker hasn't worked on network drivers in ages. I don't remember exact link. But you can look for string sundance.c:v1.11 in google. Please don't send me cc copy - I am on the list. przemol ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ebtables and HTB bandwidth shaping - change frame or packet sizes
What I would like to know is if there are some way to change the packet or frame sizes of the traffic that passes through this type of system. If I am understand correctly this will also help with the bandwidth, maybe not on throughput but definitely on continues throughput if the data line is running in the 99% utilization. We had a demo on our data line with a system called packeteer, and it seems as if this product intercepts the packet and changes the packet or frame size and therefore the traffic will not hog the bandwidth that easily. This how ever is a very expensive product and if one can do it on Linux why not. I'm not quite sure what you are asking for, but perhaps you mean fragmenting packets so that they are smaller (ie 5 small packets rather than 1 large one?) The trick here is either to change every machine to have a lower MTU in your office (can be tedious), or look at using MSS clamping. This is something that you can do in iptables. Search google, and I think in the LARTC for more details. There are other tricks you can do with MTU Packeteer is perhaps the premier product out there, but you should be able to do 90% of the same things with Linux, and for many cases far *more* than with packeteer. I think there are a few people who will offer paid support as well, so you are not necessarily disadvantaged here either. Out of curiousity, what does a packeteer box set you back these days? My old firm was looking at buying one, I was thinking about biding against them... Ed W ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Layer 7 netfilter not working
Everyone, Don't you mark on the inbound interface and shape on the outbound interface? Mike Fetherston -Original Message- From: FB [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 1:11 PM To: [EMAIL PROTECTED] Subject: [LARTC] Layer 7 netfilter not working Hello there! I am trying to get traffic shaping working on my Linux router (debian woody 3r02) and for some things I wanted to use the layer 7 packet classifier, but I can't get it to work. Here is what I did: -downloaded the patches from http://l7-filter.sourceforge.net -downloaded the kernel 2.6.7 source -downloaded the iptables 1.2.11 source -patched kernel (layer7 patch and some patch to get iptables 1.2.11 working with kernel 2.6.7) -patched iptables -compiled iptables -activated layer 7 support in kernel-config (and a lot of other packet classifing options) -compiled and installed kernel Now I tried to mark some packets with layer 7 so that I can shape them with tc afterwards. But nothing changed, outgoing connection still didn't changed. So I changed the line in the iptables-script to this: $IPTABLES -t filter -A OUTPUT -m layer7 --l7dir /etc/l7-protocols --l7proto ftp -j DROP before it was: $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK --set-mark 322 but nothing of them worked (I could still connect over ftp). The /proc/net/layer7_numpackets is 08 (don't know which 8 packets got identified there, but the number is not going any higher). Any help is really appreciated! -FB ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Performance difference with HTB patch in 2.4.14 and without patch in 2.4.20
Hi, I am using linux 2.4.14 box for my bandwidth management.I patched the kernel for HTB support.I think HTB comes by default with 2.4.20.My doubt is "Is there any performancedifference between patchedkernel i.e.2.4.14 and unpatched kernel 2.4.20 with respect to bandwidth management ?" Thanks in advance, Aravind. Yahoo! India Careers: Over 50,000 jobs online.
Re: [LARTC] the cisco vs. Linux thread
Hi! Message: 9 Date: Sat, 10 Jul 2004 16:51:40 -0600 To: LARTC Mailing List [EMAIL PROTECTED] Subject: Re: [LARTC] the cisco vs. Linux thread Reply-To: [EMAIL PROTECTED] From: Glen Mabey [EMAIL PROTECTED] On Fri, Jul 09, 2004 at 10:35:22AM -0400, Alfie Viechweg wrote: Regarding building your own router/switch. You might want to check out www.routerboard.com for a really reasonably priced 4 port NIC. I had no idea this type of board existed! (forgive my excitement) Alfie, have you used the Routerboard 230 or 240 products? Anyone else? Could anyone else recommend other manufacturers of this type of hardware: an embedded system board with * a couple of NICs * PCMCIA * runs linux This one, and its cheaper: http://www.soekris.com/ you may want to check out: http://www.netgate.com/ (good wireless stuff). I'm trying to buy some of the soekris hardware, but still need to get some more money. :( Thanks -- Glen -- ** Glen W. Mabey [EMAIL PROTECTED] http://mabeys.homelinux.com/glen/ ** ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] the cisco vs. Linux thread
Alfie, have you used the Routerboard 230 or 240 products? Anyone else? Could anyone else recommend other manufacturers of this type of hardware: an embedded system board with * a couple of NICs * PCMCIA * runs linux This one, and its cheaper: http://www.soekris.com/ Actually, I am really interested in this kind of hardware. But it's actually not really as cheap as it looks. (Bear in mind I am based in the UK so I am looking post-shipping price) Most of these tiny embeded devices need $20-30 or powersupply, and same again for a case, and a bit of RAM... It looks like around £300 sterling to me all in. However, you can often pickup a bottom of the range Compaq/HP server for that price... (OK, not as small and neat!) There are some really nice and neat little boxes, which would be good for a mid-priced box where you need the grunt. ...But for low end hardware it seems hard to beat the Linksys WRT54GS which is around £50 GPB from ebuyer This gets you 32Mb and a 200Mhz processor! (and 2 net cards, a small switch and a wireless radio!) The S model is only starting to arrive in the UK so mine's on backorder, but I think it's easily available in the US? Ed W ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Layer 7 netfilter not working
You may be marking on the ingress interface. Locally generated packets do not go through that NIC and therefore do not get marked. You would have to mark them on the INPUT chain of your egress interface. Mike Fetherston -Original Message- From: FB [mailto:[EMAIL PROTECTED] Sent: Monday, July 12, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: Re: [LARTC] Layer 7 netfilter not working heya! first thanks to all for your help. shaping is working now (not 100% but working). This is why I didn't notice that it already worked: My settings where all correct, BUT when I establish for example a FTP connection from the router itself, it is somehow not shaped, however a connection over the router (from a computer inside the lan) the connection is shaped perfectly (with layer7). So my question: Why do the layer7 rules only work with connections over the router but not from the router itself? -FB ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Layer 7 netfilter not working
So my question: Why do the layer7 rules only work with connections over the router but not from the router itself? Look at your script and look at which interface you are shaping on. Most likely you are shaping on the interface which talks to the lan. So the stuff destined for the local machine never sees the shaper The only real solution is to add the IMQ device to the wan side and use this to effectively put something upstream of the machine that you can shape on ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Layer 7 netfilter not working
On Monday 12 July 2004 13:46, Mike wrote: You may be marking on the ingress interface. Locally generated packets do not go through that NIC and therefore do not get marked. You would have to mark them on the INPUT chain of your egress interface. Keeping in mind that INPUT doesn't see both sides of the connection, so some (many) L7 filters would fail. Mike Fetherston ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] TC Hashing Filters
Hey all, So I got the script to run and populate everything. I watch as the script uses the tc commands to add filters for each IP into their appropriate tables. After 2045 entries, it starts to give me a File Exists error. I've done extensive testing on the script and everything else to come to this same result. I also looked at how many entries were going into individual tables. It seems there are only 15-20 per table and this isn't a lot. So my question is does the hash filter have a limit on the number of entries? I wouldn't believe so but I keep running into this problem. If this is the case, I guess I'll be looking for another alternative. Thanks! Adam Towarnyckyj ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Layer 7 netfilter not working
You may be marking on the ingress interface. Locally generated packets do not go through that NIC and therefore do not get marked. You would have to mark them on the INPUT chain of your egress interface. Mike Fetherston Thats the line in my iptables-skript: $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK --set-mark 322 Any suggestion how to modify it? (-A INPUT doesn't work, no shaping anymore at all, when I put this) -FB ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Performance difference with HTB patch in 2.4.14 and without patch in 2.4.20
Hi, I am using linux 2.4.14 box for my bandwidth management.I patched the kernel for HTB support.I think HTB comes by default with 2.4.20.My doubt is "Is there any performancedifference between patchedkernel i.e.2.4.14 and unpatched kernel 2.4.20 with respect to bandwidth management ?" Thanks in advance, Aravind. Yahoo! India Careers: Over 50,000 jobs online.
