Re: [LARTC] routing solution
On Wed, 2 Oct 2002, Muhammad Reza wrote: > eth1=eth2=DSL (cable modem) > > How can LARTC deal with this kind of network. > Can you give me any idea..??? I'am not sure if this will work, maybee your ISP check the pakets and drop them. But if he don't check the pakets folling may work: Source-Nat all outgoing pakets on eth1 to the IP- address from eth2. greets, Tami ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] to route a source address
Hi folks, How with "ip route" to route source address? for example I want to route an internal (local) address to go via specific gateway? Thank you Rimas
[LARTC] lartc.org and Google
I tripped across lartc.org accidentally by looking for the literal name of the HOWTO mentioned in the Linux Symposium paper. A search for "iproute2" and "tc" did not turn it up. I'd suggest getting those terms, and any others that might be relevant, somewhere on the main web page so that Google will find them. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] routing solution
Dear Milis... I'm newbie in this area.This is my plan for my new office. upstream ---> |-- ISP eth1 | Intranet-- Linux box--- Internet 192.168.10.x eth0 eth2 | |-- ISP downstream <-- eth1=eth2=DSL (cable modem) How can LARTC deal with this kind of network. Can you give me any idea..??? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] re: Anyone else seen this one? (ping)
Anyone else seen this one? > > ping -n {remote host} > { 6 second delay } > 64 bytes from 216.168.105.33: icmp_seq=0 ttl=255 time=6sec > 64 bytes from 216.168.105.33: icmp_seq=1 ttl=255 time=5sec > 64 bytes from 216.168.105.33: icmp_seq=2 ttl=255 time=4sec > 64 bytes from 216.168.105.33: icmp_seq=3 ttl=255 time=3sec > 64 bytes from 216.168.105.33: icmp_seq=4 ttl=255 time=2sec > 64 bytes from 216.168.105.33: icmp_seq=5 ttl=255 time=1sec > 64 bytes from 216.168.105.33: icmp_seq=6 ttl=255 time=242usec > 64 bytes from 216.168.105.33: icmp_seq=7 ttl=255 time=250usec > ... Yes, and I know just how to make it happen. You put ping packets and some other type of packets into the same low rate class. Then you send a bunch of the other kind of packet and start your ping. Suppose your class is allowed to send 10 pps and you start with 60 other packets (perhaps even ping packets belonging to someone else) in the queue when you start your ping. 6 seconds later all of your ping packets get to the head of the queue and are sent in the next second. Of course, the first one was sent 6 sec ago, but the next was sent 5 sec. ago, the third 4 sec. ago, etc. The first 6 replies all return at about the same time and look like those above. The rest appear at 1 sec intervals as you send them and look like the last two. BTW, this is pretty similar to the example that lead me to suggest a limited lifetime in the queue. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Problems with GRE-tunnel and IP Masq
Hi all, I'm managing a wireless network with around 70 sites in Ecuador, all linux routers and Lucent RG-1000/Aironet bridges. I have 5 exits (5 diffent ISPs) in my network and I want to change the static routing for dynamic routing with redundancy. Because all 5 ISPs have their own clients I want to connect all clients to their ISP using GRE tunnels (and in the future IPSEC) and internally do dynamic routing between client and ISP. But I run in a strange problem: When I use GRE tunnel with static routing (with and without IP Masq), sending and recieving e-mail, pinging internet and traceroute works OK, but surfing the web is extreemly slow (NOT WORKING). (below more information on setup, without tunnel everything is working OK) I searched the internet but could not find any similar cases, what's happening? Is this a problem with MTU? GRE is 1476 the other interfaces 1500 or something else? (we observed a strange effect, if we surf the web via a yahoo messenger it does work!!!, but within IE it doesn't) Can I solve the dynamic routing with 5 exits (and for every client it's own exit ) in another way? (it's important that very client enters/leaves through their ISP, only my internal network should be dynamic) Ramon --- Setup - I'm using RedHat linux 7.3 kernel 2.4.9-31 client network (windows) 192.168.236.0/24 | | linux box eth0 192.168.236.1 eth1 10.9.8.61 eth1 GRE tunnel to 10.8.8.1 | | wireless network 10.0.0.0/8 (3 linux hops, min 50 ms avg 150ms max 250ms) | | linux box eth1 10.8.8.1 eth1 GRE tunnel to 10.9.8.61 eth0 real IP 200.61.x.y using IP Masq for private net 192.168.0.0/16 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] split traffic
I have the next network: Users LANServers LAN (10.0.0.0/24(mail and web [200.30.57.32/24] web surf main activity) homologated ip's) || || || || || | eth1:1 10.0.0.138 | eth1 200.30.57.33 | {Linux Firewall. kernel 2.4.18} | eth2 | eth0 200.30.53.22/30 192.168.1.2/30| | ___/ \__ || || {adsl router} {Cisco router} 200.30.53.21/30 |192.168.1.1 | |(phone line)|(DS0) || || { Internet ---} A network with two links to internet: a DS0 and an adsl. I want that servers with homologated ip's go via the DS0, and end users, with 10.0.0.0 addresses go via adsl. Both links through the same firewall. Also, end users must have Nat, and servers dont. For this i use: iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth2 -j MASQUERADE The default gateway in the firewall is the cisco router, my question is: How can I make to force packets from 10.0.0.0 go via eth2(192.168.1.2) ? I imagine something like: ip route add 192.168.1.1/30 via 192.168.1.2 table 1 ip rule add from 10.0.0.0/24 table 1 But doesn't work. What'd be the correct way to do it? Omar ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Paul Damink/EHV/RESEARCH/PHILIPS is out of the office.
I will be out of the office starting 02-10-2002 and will not return until 03-10-2002. I will respond to your message when I return. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] split traffic
Omar, It looks like you want to set a different default route for the 10.0.0.0/24 network. This can be done as follows: # ip route add default via 192.168.1.1 table 1 # ip rule add from 10.0.0.0/24 table 1 Your iptables line should work just dandily. I think what you are getting confused about is why your existing route doesn't work. I'd suggest thinking about the name of the chain in the nat table: POSTROUTING!! Unless routing table 1 contains something else, there's no explicit instruction for the outbound packets from 10.0.0.0/24. Add a default route to that table, and you should have a better solution. Check out "Multiple Connections to the Internet" in Chapter 7 in my guide (which is still in the process of being written): http://plorf.net/linux-ip/ Good luck, -Martin : I have the next network: : : : Users LANServers LAN : (10.0.0.0/24(mail and web [200.30.57.32/24] : web surf main activity) homologated ip's) : || : || : || : || : || : | : eth1:1 10.0.0.138 | eth1 200.30.57.33 : | : {Linux Firewall. kernel 2.4.18} : | : eth2 | eth0 200.30.53.22/30 : 192.168.1.2/30| : | : ___/ \__ : || : || : {adsl router} {Cisco router} 200.30.53.21/30 : |192.168.1.1 | : |(phone line)|(DS0) : || : || : { Internet ---} : : : : : A network with two links to internet: a DS0 and an adsl. : : I want that servers with homologated ip's go via the DS0, and end users, : with 10.0.0.0 addresses go via adsl. Both links through the same : firewall. : : Also, end users must have Nat, and servers dont. For this i use: : iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth2 -j MASQUERADE : : The default gateway in the firewall is the cisco router, my question is: : How can I make to force packets from 10.0.0.0 go via eth2(192.168.1.2) ? : : : I imagine something like: : : ip route add 192.168.1.1/30 via 192.168.1.2 table 1 : ip rule add from 10.0.0.0/24 table 1 : : : But doesn't work. What'd be the correct way to do it? : : : Omar : : : : : : : : ___ : LARTC mailing list / [EMAIL PROTECTED] : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ : -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] two internet connections + filter?
Hello, On 30 Sep 2002, William L. Thomson Jr. wrote: > I will go in order and below are the values I last tested, and the > default values. > # Default Values > #echo 256 > /proc/sys/net/ipv4/route/gc_elasticity # 8 gc_elasticity can be 1..16, gc_elasticity*gc_thresh is the desired number of entries we can live with, after that point we start to worry about filling the cache. > #echo 1 > /proc/sys/net/ipv4/route/gc_interval # 60 > #echo 0 > /proc/sys/net/ipv4/route/gc_timeout # 300 On each interval (gc_interval) up to gc_interval/gc_timeout entries are checked for expiration. With the default parameters, 1/5 of the table on each 60sec, each cache entry lives up to 300sec by default. > #echo 0 > /proc/sys/net/ipv4/route/gc_min_interval # 5 gc_min_interval 0 means no restrictions for running GC, may be it is good on load. > #echo 128 > /proc/sys/net/ipv4/route/gc_thresh # 256 > #echo 1 > /proc/sys/net/ipv4/route/max_delay# 10 > #echo 1 > /proc/sys/net/ipv4/route/min_delay# 2 > #echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter# 1 > #echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter# 1 > The gc_timeout seems to be a timeout between gc's? this is gc_interval Regards -- Julian Anastasov <[EMAIL PROTECTED]> ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] how to delete routes
On Tue, 1 Oct 2002, Robert Penz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi! > > I've setup some routing tables, but how can I delete them? > > currently it looks like that, but how I delete the tables stuebi and notebook > and how the entry in the main table. thx for your help. > > Babylon5:~# ip rule ls > 0: from all lookup local > 32759: from 10.149.19.168 lookup stuebi ip ru d from 10.149.19.168 t stuebi or ip ru d from 10.149.19.168 pref 32759 -- Wojtek Sawasciuk, net & sys administrator, ALT MAIL: [EMAIL PROTECTED] http://GAD.pl - e-biznes, e-multimedia, | tel.: 077 44 14 105, http://PUNKT.pl - lacza, hosting| fax: 077 45 31 222, ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] specialness of 'local' table..
Hi all, When try to move a local route (for an ip addr configured locally) to a different route table from the local one I can no longer ping the address. My suspicion is that the local (0) table is "special" and used directly without regard for the rules in some circumstances, but I'd like to confirm that what I'm trying to do isn't possible before giving up! here's the rule for my new local2 table: cogneo:~ 11:28am # ip rule ls 0: from all lookup local 100:from 192.168.2.1 lookup redir <-- eventual trickiness 200:from all lookup local2 <-- new table 32766: from all lookup main 32767: from all lookup default and i moved a single 'local' route to that table (removed from local, added to local2): cogneo:~ 11:27am # ip route ls table local2 local 66.33.206.41 dev eth1 proto kernel scope host src 66.33.206.41 cogneo:~ 11:27am # ip route ls table local local 10.3.64.2 dev eth0 proto kernel scope host src 10.3.64.2 local 10.3.64.2 dev eth1 proto kernel scope host src 10.3.64.2 broadcast 192.168.2.255 dev tunl2 proto kernel scope link src 192.168.2.1 broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 broadcast 66.33.206.0 dev eth1 proto kernel scope link src 66.33.206.41 broadcast 10.3.64.0 dev eth1 proto kernel scope link src 10.3.64.2 local 192.168.2.1 dev tunl2 proto kernel scope host src 192.168.2.1 broadcast 192.168.2.0 dev tunl2 proto kernel scope link src 192.168.2.1 broadcast 66.33.206.255 dev eth1 proto kernel scope link src 66.33.206.41 broadcast 10.255.255.255 dev eth1 proto kernel scope link src 10.3.64.2 broadcast 10.3.64.255 dev eth1 proto kernel scope link src 10.3.64.2 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 broadcast 66.255.255.255 dev eth1 proto kernel scope link src 66.33.206.41 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 Once i do that, i can no longer ping 66.33.206.41. (I can before i make the change, and if i move the route back to the local table. I also verified that the 100 rule wasn't to blame.) Is this destined to not work? My end goal with this is to allow monitoring of realservers on a linux virtual server director box. With the TUN or DR directing mechanisms, the service IP is configured on the director box AND on the realservers, but only the director responds to arp requests and gets the router traffic. It decides where packets should go and either rewrites the mac address or sends packets to the realserver via an IPIP tunnel. What I'd like to do is allow the director to test the realservers (make sure services are up) by tunneling a request to the realsrever in question via an IPIP tunnel. Since that service is on a ip that's also configured locally (on the director, as above) this requires some trickery to send that traffic through a tunnel interface and not direct it to localhost. Is that even possible? Or should I give up and use an external host to do the monitoring? (Or bite the bullet and make all my services bind to multiple IPs?) Any suggestions would be much appreciated, thanks! sage ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] wee humble school (CBQ/SFQ problems)
On Tue, 1 Oct 2002, William Diehl III wrote: > Greetings! > > As the network administrator of a small private university in Riverside, CA with >little funding for bandwidth but 1500 on-campus students, I find it necessary to >shape our 3mbit bonded T1s so that students don't clobber the staff (and perhaps vice >versa). I've been a huge fan of linux traffic shaping since forever but have always >had issues with the priority and the fairness. > > I come to you today with a problem. I need to be able to shape traffic and ensure >fairness. Consequently, I have the following script which enables 3 cbq's with 3 >levels of priority, the lowest (student queue) being limited to ony 2/3rds of the >bandwidth (2mbit). Each class has an SFQ attached as well as an SFQ on the top class. > > The limit to 2mbit seems to function properly. However, neither the priority or the >fairness seem to work. I get students downloading at 40-50KB/s, out performing a >"high priority" address by 10x!! Also, one or two students can dominate the entire >student class which says to me the SFQ is not doing its job. try with esfq (www.ssi.bg/~alex/esfq/) or rebuild your flows with wrr (wipl-wrr.sourceforge.net/wrr.html). you can read about this things in list archive. -- Wojtek Sawasciuk, net & sys administrator, ALT MAIL: [EMAIL PROTECTED] http://GAD.pl - e-biznes, e-multimedia, | tel.: 077 44 14 105, http://PUNKT.pl - lacza, hosting| fax: 077 45 31 222, ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] wee humble school (CBQ/SFQ problems)
On Tuesday 01 October 2002 19:58, William Diehl III wrote: > Greetings! > > As the network administrator of a small private university in Riverside, CA > with little funding for bandwidth but 1500 on-campus students, I find it > necessary to shape our 3mbit bonded T1s so that students don't clobber the > staff (and perhaps vice versa). I've been a huge fan of linux traffic > shaping since forever but have always had issues with the priority and the > fairness. > > I come to you today with a problem. I need to be able to shape traffic and > ensure fairness. Consequently, I have the following script which enables 3 > cbq's with 3 levels of priority, the lowest (student queue) being limited > to ony 2/3rds of the bandwidth (2mbit). Each class has an SFQ attached as > well as an SFQ on the top class. > > The limit to 2mbit seems to function properly. However, neither the > priority or the fairness seem to work. I get students downloading at > 40-50KB/s, out performing a "high priority" address by 10x!! Also, one or > two students can dominate the entire student class which says to me the SFQ > is not doing its job. Sfq uses a ip-address AND ports to sepearate the flows. You can use efsq if you want. Efsq is sfq but you can configure it so it uses only the ip-address as hash key. > Here is my script, if any kind soul would help and let me know the issue, > we here would be eternally grateful (not to mention you would save us from > buying a packeteer which is VERY expensive!) Perhaps my understanding of > priority is off, but as I see it, if there's traffic in the high priority > queues, the lower queues must wait until dequeued. And the SFQs are > supposed to prevent one host from dominating traffic. I supposed if the > host has many simultaneous connections to different hosts this might be > construed as multiple streams in which case such a host could defeat the > SFQ. Is this what's happening? I have also tried with HTB and had similiar > results. I don't know about cbq, but the prio in htb is only used for excess bandwidth. So each class will get his rate no mather what the prio is. If each class is served, the remaining bandwidth is devided with the lowest prio class first. If you use htb, make sure the sum of the rate of the class = the ceil of the parent class. Same for cbq. > ## > tc class add dev $eth parent 1:0 classid 1:1 cbq rate $bandwidth allot 1500 > bounded prio 1 > tc qdisc add dev $eth parent 1:1 handle 11: sfq perturb 5 This qdisc is useless. A qdisc is only usefull in leaf classes. For cbq, each time you add a class, you also should provide a weight parameter. As thumb rule : weight = rate / 10. Also provide a bandwidth parameter with value = link bandwdith = 10 Mbit when you add a class. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wee humble school (CBQ/SFQ problems)
Greetings! As the network administrator of a small private university in Riverside, CA with little funding for bandwidth but 1500 on-campus students, I find it necessary to shape our 3mbit bonded T1s so that students don't clobber the staff (and perhaps vice versa). I've been a huge fan of linux traffic shaping since forever but have always had issues with the priority and the fairness. I come to you today with a problem. I need to be able to shape traffic and ensure fairness. Consequently, I have the following script which enables 3 cbq's with 3 levels of priority, the lowest (student queue) being limited to ony 2/3rds of the bandwidth (2mbit). Each class has an SFQ attached as well as an SFQ on the top class. The limit to 2mbit seems to function properly. However, neither the priority or the fairness seem to work. I get students downloading at 40-50KB/s, out performing a "high priority" address by 10x!! Also, one or two students can dominate the entire student class which says to me the SFQ is not doing its job. Here is my script, if any kind soul would help and let me know the issue, we here would be eternally grateful (not to mention you would save us from buying a packeteer which is VERY expensive!) Perhaps my understanding of priority is off, but as I see it, if there's traffic in the high priority queues, the lower queues must wait until dequeued. And the SFQs are supposed to prevent one host from dominating traffic. I supposed if the host has many simultaneous connections to different hosts this might be construed as multiple streams in which case such a host could defeat the SFQ. Is this what's happening? I have also tried with HTB and had similiar results. Thank you, William Diehl Network Administrator La Sierra University #!/bin/bash #total available bandwidth on the linebandwidth=3mbit #Which ethernet interface# NOTE: On this machine, at this time (4/24/01),# eth0 is external (public)# eth1 is internal (private)eth=eth1 #Which direction are the packets flowingdir=dst ### Clean up any old settings##tc qdisc del root dev $eth Create "Root" Queue Discipline# Queue running on 10mbit fiber card ### tc qdisc add dev $eth root handle 1:0 cbq bandwidth 10Mbit avpkt 1000 Create topmost class# (throttled at the speed of# our bandwidth)### tc class add dev $eth parent 1:0 classid 1:1 cbq rate $bandwidth allot 1500 bounded prio 1tc qdisc add dev $eth parent 1:1 handle 11: sfq perturb 5 Create priority class# (un-throttled)# Priority 1 (high)### tc class add dev $eth parent 1:1 classid 1:10 cbq rate $bandwidth prio 1 allot 1500 avpkt 1000tc qdisc add dev $eth parent 1:10 handle 10: sfq perturb 5 Create general class# (unthrottled)# Priority 4 (medium)### tc class add dev $eth parent 1:1 classid 1:20 cbq rate $bandwidth prio 4 allot 1500 avpkt 1000 tc qdisc add dev $eth parent 1:20 handle 20: sfq perturb 5 Create student class# (throttled)# Priority 7 (low)###tc class add dev $eth parent 1:1 classid 1:30 cbq rate 2Mbit prio 7 allot 1500 avpkt 1000 boundedtc qdisc add dev $eth parent 1:30 handle 30: sfq perturb 5 Special Hosts with HIGH priority# [1:10 = high priority class]###tc filter add dev $eth parent 1:0 protocol ip prio 10 u32 match ip $dir xxx.xxx.xxx.xxx flowid 1:10 . . . tc filter add dev $eth parent 1:0 protocol ip prio 10 u32 match ip $dir xxx.xxx.xxx.xxx flowid 1:10 General Classes with MEDIUM priority# (Includes all non student subnets) # [1:20 = medium priority class]### tc filter add dev $eth parent 1:0 protocol ip prio 20 u32 match ip $dir xxx.xxx.xxx.0/24 flowid 1:20. . . tc filter add dev $eth parent 1:0 protocol ip prio 20 u32 match ip $dir xxx.xxx.xxx.0/24 flowid 1:20 Student Classes with LOW priority# (Matches the dormitory subnets)# [1:30 = low priority class]### tc filter add dev $eth parent 1:0 protocol ip prio 30 u32 match ip $dir xxx.xxx.xxx.0/24 flowid 1:30. . . tc filter add dev $eth parent 1:0 protocol ip prio 30 u32 match ip $dir xxx.xxx.xxx.0/24 flowid 1:30
[LARTC] RE: IP routing
Hi all, 1- I have a CIPE Linux Box (10.73.0.254) which is in the LAN (10.73/16) and which has access to other LANs (10.78/16 , 10.60/16 etc..) thru tunnels I built with CIPE tool. 2- My users on the LAN 10.73/16 have 10.73.0.1 as the default gateway, In this default gateway, I have setup routes to go 10.78/16, 10.60.16 network using the CIPE box (10.73.0.254). This default gateway has also other routes for others internal network (198.162... etc...) The pb: When users from remote LANs try to reach a windows server in 10.73 they cannot because, the IP packet is forwarded by the CIPE Box directly to the windows server without going thru 10.73.0.1. To reply the server will try to use it s default gateway: 10.73.0.1 and not the 10.73.0.254. Of course I could add a static route on my desktops and servers but, it as painful process. The funny thing is that when from my windows server, I ping a remote LAN desktop, it creates a dynamic route and starting from here the remote desktop will be able to ping my windows server Is there any way to avoid that using IP routing: For instance on my CIPE box I would like to say: For source packet which are not from 10.73/16 and which want to reach 10.73/16 the go thru 10.73.0.1 ??? Any suggestions Enclosed a little drawing to explain. NB: I use Linux 7.0 and Linux 7.1
Re: [LARTC] how to delete routes
Robert, : I've setup some routing tables, but how can I delete them? currently it : looks like that, but how I delete the tables stuebi and notebook and : how the entry in the main table. thx for your help. You say "how can I delete routes?", yet you show the routing policy database. Here's how you can remove routes from an entire table: # ip route flush table stuebi # ip route flush table notebook You can also do something like the following: # ip route show table stuebi And then pick out the routes you want to eliminate by hand like this (e.g.): # ip route del table stuebi default via 192.168.0.1 If what you really wish to do is remove rules from the routing policy database, then you need something like this: # ip rule del from 10.149.19.168 lookup stuebi (The word "lookup" can be replaced with the word "table" if you prefer.) : Babylon5:~# ip rule ls : 0: from all lookup local : 32759: from 10.149.19.168 lookup stuebi : 32760: from 10.149.17.72 lookup stuebi : 32761: from 10.149.17.72 lookup stuebi : 32762: from 10.149.17.72 lookup stuebi : 32763: from 10.149.17.72 lookup stuebi : 32764: from 10.149.19.168 lookup stuebi : 32765: from 10.149.19.168 lookup stuebi : 32766: from all lookup main : 32767: from all lookup default -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB with dynamic bandwidth
On Tue, 2002-10-01 at 23:43, James Ma wrote: > Hi, All, > > We want to implement QoS in Linux gateway for different traffic, there are three >types of traffic as below; > > 1. VoIP, total 34k, highest priority > 2. HTTP, total 66k, medium priority > 3. FTP, total 20k, low priority Actuall - 4, if you count the HTML mail :-/ -- Cheers, Mattt. icq : 117539757 aboveNetworks www : www.above.nq4u.net [EMAIL PROTECTED]jabber: [EMAIL PROTECTED] What's got four legs and an arm? A happy Pit Bull... ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB with dynamic bandwidth
Hello, while you want VoIP which is real-time, I will recommend to use PRIO with 2 bands. In the 1st band will VoIP, and in second a HTB or CBQ qdisc, which will make bandwidth division for HTTP and FTP. But the priority/delay is important for VoIP. Right now, I'm working on a PRIO shaper for VoIP. Regards, Thomas On Tue, 1 Oct 2002, James Ma wrote: > Hi, All, > > We want to implement QoS in Linux gateway for different traffic, there are three >types of traffic as below; > > 1. VoIP, total 34k, highest priority > 2. HTTP, total 66k, medium priority > 3. FTP, total 20k, low priority > > However, the bandwidth on the WAN side is dynamic, it could be any where from 34k to >120k. Can we use IPROUTE2 to do it? How to do it, HTB? It there similar work has been >down before? > > Thanks in advance, > > James > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] HTB with dynamic bandwidth
Hi, All, We want to implement QoS in Linux gateway for different traffic, there are three types of traffic as below; 1. VoIP, total 34k, highest priority 2. HTTP, total 66k, medium priority 3. FTP, total 20k, low priority However, the bandwidth on the WAN side is dynamic, it could be any where from 34k to 120k. Can we use IPROUTE2 to do it? How to do it, HTB? It there similar work has been down before? Thanks in advance, James
Re: [LARTC] HTB or CBQ ?
Robert Penz wrote: >suse linux? if so, reverse lookup doesn't work, for that ip. > > Note the 'ping -n' -- no reverse lookup being done. -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB or CBQ ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Anyone else seen this one? > > ping -n {remote host} > { 6 second delay } > 64 bytes from 216.168.105.33: icmp_seq=0 ttl=255 time=6sec > 64 bytes from 216.168.105.33: icmp_seq=1 ttl=255 time=5sec > 64 bytes from 216.168.105.33: icmp_seq=2 ttl=255 time=4sec > 64 bytes from 216.168.105.33: icmp_seq=3 ttl=255 time=3sec > 64 bytes from 216.168.105.33: icmp_seq=4 ttl=255 time=2sec > 64 bytes from 216.168.105.33: icmp_seq=5 ttl=255 time=1sec > 64 bytes from 216.168.105.33: icmp_seq=6 ttl=255 time=242usec > 64 bytes from 216.168.105.33: icmp_seq=7 ttl=255 time=250usec > ... suse linux? if so, reverse lookup doesn't work, for that ip. - -- Regards, Robert - Robert Penz robert.penz AT outertech.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9mZ7y8tTsQqJDUBMRAs+5AJ9lWrTDyCN8RA1MWwWXPazCoxkSrACgnrhC xh2G6e1NzgmDzQlJI2qOfjs= =ryCz -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] filtered gateway
On Tuesday 01 October 2002 14:44, [EMAIL PROTECTED] wrote: > Hi > I am trying to configure my linux box with 2.4.18 as a gateway/firewall for > my public network. I don't know what rules I must use to accept incoming > packets for other hosts with publics ips (like a router with filtering). > Nat table is for masquerading only, where I configure these rules and how? > topology: > ISP -> router -> linux box -> other hosts with public ip If the routing is ok and you enabled ip forwarding, it should work. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB or CBQ ?
Vladimír Trebický wrote: >I use ESFQ and it's stable and functional ;-) Really. Read my article about >not setting perturb too small. > > Yes, I saw that; its a good hint for SFQ as well (and it fixed some neat oddities too). Anyone else seen this one? ping -n {remote host} { 6 second delay } 64 bytes from 216.168.105.33: icmp_seq=0 ttl=255 time=6sec 64 bytes from 216.168.105.33: icmp_seq=1 ttl=255 time=5sec 64 bytes from 216.168.105.33: icmp_seq=2 ttl=255 time=4sec 64 bytes from 216.168.105.33: icmp_seq=3 ttl=255 time=3sec 64 bytes from 216.168.105.33: icmp_seq=4 ttl=255 time=2sec 64 bytes from 216.168.105.33: icmp_seq=5 ttl=255 time=1sec 64 bytes from 216.168.105.33: icmp_seq=6 ttl=255 time=242usec 64 bytes from 216.168.105.33: icmp_seq=7 ttl=255 time=250usec ... -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] filtered gateway
Hi I am trying to configure my linux box with 2.4.18 as a gateway/firewall for my public network. I don't know what rules I must use to accept incoming packets for other hosts with publics ips (like a router with filtering). Nat table is for masquerading only, where I configure these rules and how? topology: ISP -> router -> linux box -> other hosts with public ip thanks in advance. --- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] PPPoE & packet size
Hello, does the following filter work on a ppp interface (which is for PPPoE - ADSL)? # prioritize small packets (<64 bytes) $TC filter add dev $DEV parent 1: protocol ip prio 12 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x 0xffc0 at 2 \ flowid 1:2 - given from the HOWTO Thanks, Thomas ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] how to delete routes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! I've setup some routing tables, but how can I delete them? currently it looks like that, but how I delete the tables stuebi and notebook and how the entry in the main table. thx for your help. Babylon5:~# ip rule ls 0: from all lookup local 32759: from 10.149.19.168 lookup stuebi 32760: from 10.149.17.72 lookup stuebi 32761: from 10.149.17.72 lookup stuebi 32762: from 10.149.17.72 lookup stuebi 32763: from 10.149.17.72 lookup stuebi 32764: from 10.149.19.168 lookup stuebi 32765: from 10.149.19.168 lookup stuebi 32766: from all lookup main 32767: from all lookup default - -- Regards, Robert - Robert Penz robert.penz AT outertech.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9mXPI8tTsQqJDUBMRAvRsAJ9vWIeQ9gMkps/vEdVYzE02FZlOJACfRhY8 3Iu2ubWWEN4WdF+VbLoxTYw= =wt7S -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/