RE: [LARTC] Bridge with Traffic shaping
> what kinda bridge are you using? > bridge-nf? if you are it says it only supports iptables, you would have to > mark the packets then use filter to put the marked packets into > teh correct > queue for managing Yes I'm using bridge-nf, but as far as I understand bridge-nf doesn't require iptables for shaping - you only need to patch your kernel if you _want_ to use iptables. I am in any case not using "fw" but using "u32" which should match anything in a packet header. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bridge with Traffic shaping
what kinda bridge are you using? bridge-nf? if you are it says it only supports iptables, you would have to mark the packets then use filter to put the marked packets into teh correct queue for managing - Original Message - From: "Roché Compaan" <[EMAIL PROTECTED]> To: "Stef Coene" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, July 28, 2002 10:27 PM Subject: RE: [LARTC] Bridge with Traffic shaping > On Saturday 27 July 2002 19:56, Roché Compaan wrote: > > Hi, > > > > I am fairly new to routing and traffic control but I with the > > help of the lartc howto I managed to setup a bridge with htb > > traffic control. The traffic shapping does not seem to work > > as I expected and I would really appreciate if somebody > > can tell my why this is the case. > > > > My setup: > > I have a DSL router connecting a /28 network to the internet. > > I put a linux box with 2 ethernet cards between my router and > > the rest of the subnet. I set up the linux box as an ethernet > > bridge where the 2 ethernet cards has no ip address and the > > bridge has an ip address. I patched the kernel with the IMQ > > patch so that I can shape incoming traffic. eth0 is connected > > to the router and eth1 is connect to the rest of the public > > subnet. I have an iptables rule that routes all traffic on eth1 > > to the imq device. > If you put all incoming traffic on eth1 in the imq device, why > don't you use > the outgoing traffic on eth0 do the same shaping? All traffic > entering the > box on eth1 leaves the box on eth0. That way you don't need the > imq device. If I understand correctly I can shape incoming traffic by setting up a qdisc on eth0 and filters that match any of the ip addresses in my public subnet sitting behind the linux box that currently does the traffic shaping. Ok, I tried this but all traffic still seems to match only the default htb class. Here's my tc script: #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.53 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.54 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.55 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.51 flowid 1:11 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.52 flowid 1:11 And this is the ouput of "tc -s -d class show dev eth0": class htb 1:1 root prio 0 rate 128Kbit ceil 128Kbit burst 1753b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 1638 level 3 Sent 83954 bytes 576 pkts (dropped 0, overlimits 0) rate 30bps lended: 114 borrowed: 0 giants: 0 injects: 0 tokens: 101 ctokens: 101 class htb 1:10 parent 1:1 prio 0 rate 64Kbit ceil 128Kbit burst 1679b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 819 level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 205 ctokens: 107 class htb 1:12 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 12864 bytes 215 pkts (dropped 0, overlimits 0) rate 30bps lended: 215 borrowed: 0 giants: 0 injects: 0 tokens: 387 ctokens: 104 class htb 1:11 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 71090 bytes 361 pkts (dropped 0, overlimits 97) lended: 247 borrowed: 114 giants: 0 injects: 0 tokens: 373 ctokens: 101 No packets seem to match any of the other classes although tcpdump confirms that there are definitely traffic destined for the ip addresses mentioned in my filters. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Bridge with Traffic shaping
> On Saturday 27 July 2002 19:56, Roché Compaan wrote: > > Hi, > > > > I am fairly new to routing and traffic control but I with the > > help of the lartc howto I managed to setup a bridge with htb > > traffic control. The traffic shapping does not seem to work > > as I expected and I would really appreciate if somebody > > can tell my why this is the case. > > > > My setup: > > I have a DSL router connecting a /28 network to the internet. > > I put a linux box with 2 ethernet cards between my router and > > the rest of the subnet. I set up the linux box as an ethernet > > bridge where the 2 ethernet cards has no ip address and the > > bridge has an ip address. I patched the kernel with the IMQ > > patch so that I can shape incoming traffic. eth0 is connected > > to the router and eth1 is connect to the rest of the public > > subnet. I have an iptables rule that routes all traffic on eth1 > > to the imq device. > If you put all incoming traffic on eth1 in the imq device, why > don't you use > the outgoing traffic on eth0 do the same shaping? All traffic > entering the > box on eth1 leaves the box on eth0. That way you don't need the > imq device. If I understand correctly I can shape incoming traffic by setting up a qdisc on eth0 and filters that match any of the ip addresses in my public subnet sitting behind the linux box that currently does the traffic shaping. Ok, I tried this but all traffic still seems to match only the default htb class. Here's my tc script: #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.53 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.54 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.55 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.51 flowid 1:11 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.52 flowid 1:11 And this is the ouput of "tc -s -d class show dev eth0": class htb 1:1 root prio 0 rate 128Kbit ceil 128Kbit burst 1753b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 1638 level 3 Sent 83954 bytes 576 pkts (dropped 0, overlimits 0) rate 30bps lended: 114 borrowed: 0 giants: 0 injects: 0 tokens: 101 ctokens: 101 class htb 1:10 parent 1:1 prio 0 rate 64Kbit ceil 128Kbit burst 1679b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 819 level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 205 ctokens: 107 class htb 1:12 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 12864 bytes 215 pkts (dropped 0, overlimits 0) rate 30bps lended: 215 borrowed: 0 giants: 0 injects: 0 tokens: 387 ctokens: 104 class htb 1:11 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 71090 bytes 361 pkts (dropped 0, overlimits 97) lended: 247 borrowed: 114 giants: 0 injects: 0 tokens: 373 ctokens: 101 No packets seem to match any of the other classes although tcpdump confirms that there are definitely traffic destined for the ip addresses mentioned in my filters. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bridge with Traffic shaping
On Saturday 27 July 2002 19:56, Roché Compaan wrote: > Hi, > > I am fairly new to routing and traffic control but I with the > help of the lartc howto I managed to setup a bridge with htb > traffic control. The traffic shapping does not seem to work > as I expected and I would really appreciate if somebody > can tell my why this is the case. > > My setup: > I have a DSL router connecting a /28 network to the internet. > I put a linux box with 2 ethernet cards between my router and > the rest of the subnet. I set up the linux box as an ethernet > bridge where the 2 ethernet cards has no ip address and the > bridge has an ip address. I patched the kernel with the IMQ > patch so that I can shape incoming traffic. eth0 is connected > to the router and eth1 is connect to the rest of the public > subnet. I have an iptables rule that routes all traffic on eth1 > to the imq device. If you put all incoming traffic on eth1 in the imq device, why don't you use the outgoing traffic on eth0 do the same shaping? All traffic entering the box on eth1 leaves the box on eth0. That way you don't need the imq device. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] dhclient
On Sunday 28 July 2002 09:07, Alejandro Mery Pellegrini wrote: > hi :< > > how do i write 'ifconfig eth1:0- init 0' in iproute2 sintaxis? > and how does a route add -host looks like? > > Please. i really need your help. You don't have alias in iproute like you have with the old util ipconfig. ip link show : shows the devices ip add show : shows the addresses A NIC has multiple addresses. So you can have more then 1 address / NIC without having 1 primary and mutiple addresses. All addresses are equal. Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [patch] Improvements for the TBF chapter
Hi Please consider applying this patch: - Clearifies the relation between 'rate' and 'burst' - Corrects statement about non-existing input qdisc (-> IMQ) bye, -christian- Index: lartc.db === RCS file: /var/cvsroot/2.4routing/lartc.db,v retrieving revision 1.12 diff -u -B -b -r1.12 lartc.db --- lartc.db20 Jul 2002 14:44:26 - 1.12 +++ lartc.db28 Jul 2002 11:25:06 - @@ -2102,18 +2102,27 @@ -burst/buffer/maxburst +rate and burst/buffer/maxburst -Size of the bucket, in bytes. This is the maximum amount of bytes that -tokens can be available for instantaneously. In general, larger shaping -rates require a larger buffer. For 10mbit/s on Intel, you need at least -10kbyte buffer if you want to reach your configured rate! +Rate is the amount of tokens that are tried to put into the bucket every +second specified in mbit/s. + + +Burst is the size of the bucket, in bytes. This is the maximum amount of bytes +that tokens can be available for instantaneously. - -If your buffer is too small, packets may be dropped because more tokens -arrive per timer tick than fit in your bucket. +In general, larger shaping rates require a larger buffer. Remember that if +your buffer is too small, packets may be dropped because regardless how +much tokens the 'rate' parameter tries to put in the bucket, the ones that +actually fit into it are not sufficient for all waiting data. + +To archive a throughput of 10mbit/s on Intel you have to set the buffer +to 12.8kbyte. Calculation: On Intel the kernel HZ variable is 100, which means +that the token filler function is called 100 times per second. 100 times +12.8kbyte are 1310720byte or 10485760bit that are pushed into the bucket - +assuming a high enough value for the rate variable. @@ -2125,13 +2134,6 @@ token usage for a packet. - -rate - - -The speedknob. See remarks above about limits! - - @@ -2502,8 +2504,10 @@ Delaying or dropping packets in order to make traffic stay below a -configured bandwidth. In Linux, policing can only drop a packet and not -delay it - there is no 'ingress queue'. +configured bandwidth. In Linux, policing used to be only able to drop a packet +and not delay it - there was no 'ingress queue'. A currently developed solution +is the 'intermediate queueing device' (IMQ). It is discussed in a seperate +chapter. -- Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0 [EMAIL PROTECTED] Internet & Security for ProfessionalsFax 0241/911879 WESTEND ist CISCO Systems Partner - Authorized Reseller ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] "For ethernet, no packet uses less than 64 bytes" - why?
Hi Well, subject says all. In Chapter 9.2.2.1, TBF, the parameter mpu or "minimum packet size" is explained as: > A zero-sized packet does not use zero bandwidth. For ethernet, no packet > uses less than 64 bytes. The Minimum Packet Unit determines the minimal > token usage for a packet. In my understanding an ethernet packet needs at least 14 (2*6+2) bytes or 54 bytes if there's an ip header present. If this is a kernel issue it should be noted. To which layer does the term "zero-sized" apply anyway? I mean, how can I tell C to send "nothing"? bye, -christian- -- Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0 [EMAIL PROTECTED] Internet & Security for ProfessionalsFax 0241/911879 WESTEND ist CISCO Systems Partner - Authorized Reseller ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/