[LARTC] tc filter information

2006-03-29 Thread Ian Hogben 
Hello list,

I guess I am jumping in here at the deep end... I have had a look at the
lartc web pages, found the wondershaper script, read through as much of
the HOWTO as possible without my brain exploding, and I feel that I get
the concepts kinda OK. The thing that I am having trouble with are the
tc filtertype specific parameters. I've read a great message on the
archives of this mailing list with some examples (Andrea Rossato did a
lot to help me understand the syntax better with a posting from 2002 for
example) but I just can't find anything that outlines how the filters
work in tc. Am I not looking in the right spots or is it not out there?

I'd really appreciate some pointers to some good resources, or failing
that some good archived messages that explain how this tc filter magic
works.

... the crux of my inquiry is that I am hoping to prioritise all ipsec
packets and only allow web and email traffic with the remaining
bandwidth. The wondershaper goes a long way to helping me with this but
doesn't go the whole distance. ;-)

Thanks,

Ian Hogben
Network/Systems Administrator
Department of Sport and Recreation 
246 Vincent Street, Leederville, WA 6007 
PO Box 329 Leederville WA 6903 
Tel: (08) 9492 9860
Fax: (08) 9492 9711
Mob: 0419 909 171
Web: www.dsr.wa.gov.au
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] qdisc prio problem

2006-03-29 Thread Fabio 
Hi to all!
I'm studying qdisc prio but I have some problems.

I want to create 3 queue (3 bands prio), each one associated to a
workstation.

I mark (with iptables) packets using workstation mac address and then send
all packets in a particular queue.

qdisc prio with handle 10: (default priomap)

WS1 - queue  10:1
WS2 - queue  10:2
WS3 - queue  10:3

I set it correctly (with no problem), but if WS1, WS2 and WS3 generate the
same traffic (same protocol) at the same time, bandwidth is equally
divided (priority is not applied).

If WS1 generate traffic with scp tool and WS2 generate traffic with ssh
(interactive), priority is correctly applied.

is there a way to configure qdisc prio so that all traffic generated by a
ws has a fixed priority (not depending on tos, protocol used,...) ?

Very thanks,
Fabio

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp - solution

2006-03-29 Thread sAwAr 

hi for those who was fallowing this topic I can say that 

IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I'm quite sure that 
this was cousing my problems. Now I'm using 2.5.15 kernel without patch of 
Julian Anastasov and load-balancing is working. 

lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both are 
working fine

Now I will try to use fwmark based routing and propably I will write with next 
problem soon :P

Pozdrawiam
Szymon Mroofka
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp - solution

2006-03-29 Thread William L. Thomson Jr. 
On Wed, 2006-03-29 at 19:12 +0200, sAwAr wrote:
 hi for those who was fallowing this topic I can say that 
 
 IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I'm quite
 sure that this was cousing my problems. Now I'm using 2.5.15 kernel
 without patch of Julian Anastasov and load-balancing is working. 

FYI those patches do allot of things. Like static routes, unplug an
interface or shut it down and watch all your routes and tables go away.
Much less all the stuff the alt routes patch addresses.

As for no nat? Interesting.

 lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both
 are working fine

Yeah over all you are cool if the rules are correct, but if you have a
line go down or etc. You will want the prohibit line so a icmp message
is sent.

 Now I will try to use fwmark based routing and propably I will write
 with next problem soon :P

Cool, that's one I have not done myself. Not found a need so far, been
able to do all I have need via other means.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp - solution

2006-03-29 Thread Szymon Mroofka 
Dnia środa, 29 marca 2006 20:18, William L. Thomson Jr. napisał:
 On Wed, 2006-03-29 at 19:12 +0200, sAwAr wrote:
  hi for those who was fallowing this topic I can say that
 
  IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I'm quite
  sure that this was cousing my problems. Now I'm using 2.5.15 kernel
  without patch of Julian Anastasov and load-balancing is working.

 FYI those patches do allot of things. Like static routes, unplug an
 interface or shut it down and watch all your routes and tables go away.
 Much less all the stuff the alt routes patch addresses.

I'll patch when I'll upgrading kernel or if there will be such need maby very 
soon. For now I'm tired of compiling and instaling new kernel it takes too 
long on my old and slow box ;).


 As for no nat? Interesting.

lucy ~ # iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 47557 packets, 5508K bytes)
 pkts bytes target prot opt in out source   
destination

Chain POSTROUTING (policy ACCEPT 1484 packets, 116K bytes)
 pkts bytes target prot opt in out source   
destination

Chain OUTPUT (policy ACCEPT 1404 packets, 99243 bytes)
 pkts bytes target prot opt in out source   
destination

Yes... no nat needed.

  lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both
  are working fine

 Yeah over all you are cool if the rules are correct, but if you have a
 line go down or etc. You will want the prohibit line so a icmp message
 is sent.

My box is only used as a desktop so I don't need to care about any errors, 
this will not couse any problem like in big networks or companys where people 
need to have access to the internet all the time.

I thing I've done it by in my script:
 ip route append prohibit default table wew metric 1 proto static
 ip route append prohibit default table zew metric 1 proto static

in my new routing tables.

  Now I will try to use fwmark based routing and propably I will write
  with next problem soon :P

 Cool, that's one I have not done myself. Not found a need so far, been
 able to do all I have need via other means.

I'm using iptables to mark packets for htb so it should be easy to add few new 
rules and use it in routing... I hope it will be but I'm afraid that 
becouse of I can't use PRERUTING chain (only local packets OUTPUT chain) 
there may be some problems with it I'll check it soon. 


Pozdrawiam

--
Seksualna edukacja...  http://link.interia.pl/f191b

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] How to define class type hierarchy of speeds?

2006-03-29 Thread Beat Meier 
Hi

I'm very very new to tc iproute etc and have read the LARTC howto.
What I want to do is create some master classes of bandwidth limit and
below that per ip address which inherits from this master class.

Example:

one queue for 128Kbps
other queue for 256Kbps

What I want now is that for example in class 128Kbps the ip
10.0.0.5, 10.0.0.8 etc. goes BUT every ip adress will have 128Kbps.
The same for 256Kbps.
128Kbps
  |_ 10.0.0.5
  |_ 10.0.0.8 

256Kbpss
  |_ 10.0.0.6
  |_ 10.0.0.7

Is there now way to do that without create for any ip address its own
master class?
Do I have to do it like in example 15.1 (Cookbook) in the howto i.e.
if I have 1000 ip addresses they are all flat there in?


It would be nice to add such an example to ilustrate that.
What I have noticed there are a lot of example but always with 2 different
speeds but no one with customers of the same speed, same queueing disiplines
but should not share the bandwidth but have each one the full speficied
bandwidth.
Or do I have overlooked or missinterpreted this examples?

Thanks for any information!

Beat


-- 
Echte DSL-Flatrate dauerhaft für 0,- Euro*!
Feel free mit GMX DSL! http://www.gmx.net/de/go/dsl
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] linux bridging vlans?

2006-03-29 Thread Andraz Sraka 
re

can somebody tell me what am I doing wrong (at this late night hour),
because vlan are not getting bridged at all.

   ifconfig eth0 0.0.0.0 up
   ifconfig eth1 0.0.0.0 up
   brctl addbr br0
   brctl addif br0 eth0
   brctl addif br0 eth1
   ifconfig br0 up
   vconfig add br0 X
   vconfig add br0 Y

X = vlan-ID (example: 222)
Y = vlan ID (example: 223)

 # brctl show
   bridge name bridge id   STP enabled interfaces
   br0 8000.1a1a4c74   no  eth0
  eth1



 # cat /proc/net/vlan/config
  VLAN Dev name| VLAN ID
  Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
  br0.X   | X  | br0
  br0.Y   | Y  | br0



dmesg shows that:
br0: port 2(eth1) entering learning state
br0: port 1(eth0) entering learning state
br0: topology change detected, propagating
br0: port 2(eth1) entering forwarding state
br0: topology change detected, propagating
br0: port 1(eth0) entering forwarding state

but still no data is forwarded from one interface to another? Is there
any sysctl stuff, that I need to set up like 'ip_forwarding' when doing
routing? Is there something bridging parameter for forwarding or am I
misconfigured things above?

thanks and regards,
 Andraz


signature.asc
Description: This is a digitally signed message part


smime.p7s
Description: S/MIME cryptographic signature
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] How to define class type hierarchy of speeds?

2006-03-29 Thread Andreas Klauer 
On Thu, Mar 30, 2006 at 01:17:00AM +0200, Beat Meier wrote:
 What I want now is that for example in class 128Kbps the ip
 10.0.0.5, 10.0.0.8 etc. goes BUT every ip adress will have 128Kbps.
 The same for 256Kbps.
 128Kbps
   |_ 10.0.0.5
   |_ 10.0.0.8 
 
 256Kbpss
   |_ 10.0.0.6
   |_ 10.0.0.7

I don't know if such a scheduler exists. With HTB, you could do 
it, but you would have to create a separate class per user. 
Which is not that much different from what this scheduler would 
do, as it has to keep track of every single IP's bandwidth 
either way.

 Do I have to do it like in example 15.1 (Cookbook) in the howto i.e.
 if I have 1000 ip addresses they are all flat there in?

Example 15.1 seems to be based on CBQ. I did not have much luck 
with this scheduler myself. But as far as I know, it also would 
require you to create one separate class per user.

 What I have noticed there are a lot of example but always with 2 different
 speeds but no one with customers of the same speed, same queueing disiplines
 but should not share the bandwidth but have each one the full speficied
 bandwidth.

I do not know such a script, since I'm doing traffic shaping for home 
use only. If you're looking for a script that does not primarily work 
by prioritizing traffic classes, but which works on a per-user basis,
you could have a look at my own script. (http://www.metamorpher.de/fairnat)
That is if you're willing to regard my former flatmates as customers and 
my former linux-based old PC router as high-end internet gateway.

The script will by far not be flexible enough for a project of your 
scale, but at least it's user based and I put some effort into 
documenting it, so maybe it will be useful as an example to you.

Kind regards
Andreas Klauer
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc