[LARTC] TC HTB Traffic Shaping
Hi guys, I'm new to TC HTB traffic shaping I installed it at my first try on my Bearing Leaf Router/Firewall I use the tc -s class show dev eth? To see my output All looks dandy and nice, but it's figures, of which at current momment looks like French to me, I would like to see exactly what these figures looks like in a GRAPH style... I know I can use MRTG, I do have some litte expience in it.. But I need to figure out, what will be THE TARGET to caputre to output via the VARIOIUS class from HTB If Mrtg, is not the best tool for this...can some one tell me of something very simple, not to much programming language to see, my output in a graph style.. What would be also very nice, if some on has a config file for MRTG or what every other tool propose, if they can e-mail it to me, for me to atleast get an ideal, how to build up the TARGET that should be monitored.. Thnks __ Reginald Richardson ICQ#: 365841 Current ICQ status: + More ways to contact me __ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ip rule show
virdzek, wrote: hi, at any machines when I execute command ip rule show , i got answer: RTNETLINK answers: Invalid argument Dump terminated what does this mean? Hello, You should read ip-cref.ps, included with your distribution of iproute2. Generally it means that you have to turn on these features in your kernel config: CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y Hth, Nickola msg02977/pgp0.pgp Description: PGP signature
Re: [LARTC] many ways to do load balancing (or not?)
Em Thu, Nov 21, 2002 at 02:20:57PM -0800, William L. Thomson Jr. escreveu: Also I do not believe the load balancing is packet based. Usually it's more connection based. Meaning that if you request a file, more than likely all parts of that file will be transfered using the same route. If you request it again, it may take the same route or another. If I make many connections from one IP (inside) to a web server (outside), for example (like many simultaneous downloads, or a complex page), I think they will all go via the same route, because the originating IP and the destination are the same. It will hit the cache. Hmm, not good if your users use a proxy, but then again, the proxy would cache the page probably. Now if the request was generated from the inside it would still work some what the same. If I send two emails out at once, the first will use gw1 and the other will use gw2. Unless they are sent to the same MTA in the outside, then it will get a cache hit (supposing the 60s haven't gone by then). Or not? All packets for each will travel via the same route and use the same gateway from start to finish. Agreed. If it was more on a packet level, the other end would be confused. Sure. When I said packet count before I was thinking about something along the lines of real traffic balancing, that is, the router somehow remembering how many packets it sent to each route and choosing the less used one. It would be getting responses from an IP it was not expecting response from. I would imagine each side to send redirects, and all sorts of problems. Like it receiving every other packet and dropping the packets in between. And breaking stateful firewalls. If during a file transfer the route cache is flushed, there is the possibility of the rest of the packets going out a different interface. Uh oh... It shouldn't be that simple, what about that 60s timeout for the cache? It's very likely to occur during a file transfer. Neither does it perfectly or with intelligent algorithms. Neither allow you to use all paths for a single transfer. Only things like MPPP I guess, for example, or channel bonding, or TQL. So if you have two 1.5 mbs connection, you do not end up with a 3.0 mbs line. You do have one internal gateway for both, and if one goes down the other can be used. So you do have redundancy, and both lines can be used to serve difference requests to different places. So it's more like redundancy/HA with a best effort towards balancing. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] many ways to do load balancing (or not?)
Em Thu, Nov 21, 2002 at 08:55:05PM -0200, Christoph Simon escreveu: My understanding is, that for equalize to work, all lines must go to the same point and that must not be the end point. Also, this same point must implement the equalize very much the same way. What is it that you call a point here (destination)? The same ISP? The same network? I understand that it should be the same ISP because of egress filtering, that is, one ISP should block packets with a source address that doesn't belong to the ISP supplying the link. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] many ways to do load balancing (or not?)
Em Thu, Nov 21, 2002 at 04:24:06PM -0800, William L. Thomson Jr. escreveu: But I have been informed I believe by Julian and others that the load balancing, multipath equalize feature can be used even without NAT but in a different situation that mine? I'm confused as well. Suppose you have two links to the internet, a DMZ, and an internal network, SNAT'ed. Suppose you have a public web server in the DMZ (the DMZ is not SNAT'ed). How would multipath route (with or without equalize) help here? I mean, it would only really help if there were connections starting from the inside (DMZ or SNAT'ed network) to the outside. But: - the internal network would probably do many downloads, and not uploads - the web server doesn't originate traffic, it responds to requests from the outside world, and it will respond using the same link the request came in (or not?) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] many ways to do load balancing (or not?)
On Fri, 22 Nov 2002 10:30:35 -0200 Andreas Hasenack [EMAIL PROTECTED] wrote: Em Thu, Nov 21, 2002 at 08:55:05PM -0200, Christoph Simon escreveu: My understanding is, that for equalize to work, all lines must go to the same point and that must not be the end point. Also, this same point must implement the equalize very much the same way. What is it that you call a point here (destination)? The same ISP? The same network? I understand that it should be the same ISP because of egress filtering, that is, one ISP should block packets with a source address that doesn't belong to the ISP supplying the link. I was thinking of a configuration like: Satelite Main-Office - ISP1 -m- LAN1 - ISP2 -m- ISPx - linux-router2 - ISP-BIG - - ISP3 -m- If I have an office with one big Internet tube (e.g., MBs), I can put linux-router2 there. Then all satelite offices could use one or more modems to reach this router. That linux-router2 would NAT everybody coming from the modems and forward the packets to ISP-BIG. Nobody in LAN1 would even attempt to reach linux-router2, which is the last point where their actually source addresses are known. With equalize this should allow for a packetwise loadbalancing to increase the effective bandwidth even for a single file transfer between a host in LAN1 and ISP-BIG. In this configuration, all modem lines go finally to one point (linux-router2) and that is not the endpoint. In fact, all internal clients would use linux-router2 as the default gateway. No cooperation of any ISP is required. This configuration makes sense if LAN1 and linux-router2 are in different cities and either LAN1 has no other reliable choice than modems or wants redundancy. ISP-BIG also needs to be cheap and reliable enough for this to make sense. As I said before, I didn't play too much with equalize, but can't see a essencially different scenario for a packet-wise loadbalancing. -- Christoph Simon [EMAIL PROTECTED] --- ^X^C q quit :q ^C end x exit ZZ ^D ? help . ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Fair Queuing
Dear all, Am trying to distribute our 256kbps internet link to our internel LAN and want to give 32kbps each to our 8 nodes. how should one go about it. I have a server with 2 LAN cards. LAN (192.168.0.0/24)-Linux Box---Internet Router---ISP Thanx AJ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] High-performance shaping
Hello, does the PC/Linux 2.4 architecture good for the following: some FastEthernet cards (maybe a Gbit uplink) - traffic-shaping between VLANs/interfaces - scheduling - filtering (some smart iptables rules :) I would like to build a central router based on Linux which does VLANs, traffic-shaping, QoS for voip/interactive protocols, maybe some tunnels and BGP with Zebra. Is this possible? What HW do I need? Thanks in advance, Thomas ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Router
Hi guys, I'm asking the same question again (it's very urgent for me). How to build a router on Linux box? I have a Linux box (Redhat 7.3) with two network cards. eth0 is connection to my wireless ISP and eth1 to my FWs. I want to route eth0--eht1. Both NIC have real Internet IP as well like FWs. I need no NAT (no needs to hide my real IP, because it have to be seen from Internet). Do I have to use ip route or iptables or combination of it. Thank you Rimas ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Router
How to build a router on Linux box? This is a bit like asking 'How do I build a nuclear reactor, I need to have it done by monday' :) You will need to sit down and do quite a bit of reading. There are howto documents, there are books on the subject, there are mailing lists like this. You'll need to spend time with all three types of information source. The book Linux Firewalls, despite the title, is a good source of informaiton on routing with Linux. The book Linux Routing is also good. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Router
On Friday 22 November 2002 16:08, Rimas wrote: Hi guys, I'm asking the same question again (it's very urgent for me). How to build a router on Linux box? I have a Linux box (Redhat 7.3) with two network cards. eth0 is connection to my wireless ISP and eth1 to my FWs. I want to route eth0--eht1. Both NIC have real Internet IP as well like FWs. I need no NAT (no needs to hide my real IP, because it have to be seen from Internet). Do I have to use ip route or iptables or combination of it. If the box is up and running with 2 nic's configured, try this : echo 1 /proc/sys/net/ipv4/ip_forward Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] traffic shaping using HTB (doesn't seem to work as expected)
On Friday 22 November 2002 11:58, Abraham van der Merwe wrote: Hi! I started shaping our clients using HTB/Linux recently (since about 2 days ago). (Previously I used dummynet/FreeBSD and before that CBQ/GTS/IOS). I tested HTB in a lab setup (just shaped 2 connections to different speeds and tried it). That seemed to work, so then I switched, but in a live setup it all turns to . Basically I've got setup like this: internet | eth0 +-+ eth2 | qos box | DMZ +-+ | eth1 +-+ | clients | +-+ I'm shaping egress on both eth0 and eth1 (shaping traffic to clients on eth1 and traffic to internet on eth0) my config looks like this: snip -- snip -- snip # usage: class cid in-rate out-rate prio function class() { $tc class add dev $iface_uunet parent 1:1 classid $1 htb rate $2 prio $4 $tc class add dev $iface_wan parent 1:1 classid $1 htb rate $3 prio $4 } # usage: filter cid net function filter() { $tc filter add dev $iface_uunet protocol ip parent 1: prio 1\ u32 match ip src $2 flowid $1 $tc filter add dev $iface_wan protocol ip parent 1: prio 1 \ u32 match ip dst $2 flowid $1 } for i in $iface_uunet $iface_wan; do # remove all queueing disciplines $tc qdisc del dev $i root 2 /dev/null # add a hierarchial token bucket queueing discipline $tc qdisc add dev $i root handle 1: htb default 99 r2q 3 done class 1:10 xxx yyy 1 filter 1:10 a.b.c.d/e filter 1:10 ... class 1:11 ... . . . # catch the rest class 1:99 128kbit 128kbit 1 filter 1:99 66.8.28.0/24 filter 1:99 66.8.85.0/24 snip -- snip -- snip I'm not sure what is going wrong. I suspect one/more of the following 1. HTB only works if the total number of classes does not exceed total bandwidth - is this true? if so, it explains why this does not work since we oversell bandwidth with priority 2. how can I add shaping rules and interface bandwidth and let the qos subsystem handle the congestion avoidance? 2. I'm missing a client's subnet which may be eating up all me bandwidth (esp true for DMZ since I'm not shaping incoming bandwidth for DMZ) 3. I'm doing something wrong. If anyone has suggestions/comments re (1) and (3), please let me know. I don't have the command that creates clasqs 1:1, but if you have a 128kbit connection, you have to take 120kbit or so for the maximum bandwidth. You loose some small amounts of bandwidth, but that's needed. Otherwise it can be the modem or router that's shaping and not your firewall. Try it with 100kbit and raise it untill your box is not shaping anymore. If you add a class, you don't provide a ceil parameter. So ceil = rate. So the classes can never borrow bandwidth to each other. And regarding to 1., htb assumes that the sum of the rates of the child classes is = the rate of parent. You don't have to follow this rule, but htb will work better if you do. And if the qos box is natting, you can't use the src address on eth2 because the source address of the packets is natted to the address of the qos box. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TC HTB Traffic Shaping
On Friday 22 November 2002 10:49, Reginald R. Richardson wrote: Hi guys, I'm new to TC HTB traffic shaping I installed it at my first try on my Bearing Leaf Router/Firewall I use the tc -s class show dev eth? To see my output All looks dandy and nice, but it's figures, of which at current momment looks like French to me, I would like to see exactly what these figures looks like in a GRAPH style... http://home.docum.org/stef.coene/qos/gui/rrd.html I know I can use MRTG, I do have some litte expience in it.. But I need to figure out, what will be THE TARGET to caputre to output via the VARIOIUS class from HTB If Mrtg, is not the best tool for this...can some one tell me of something very simple, not to much programming language to see, my output in a graph style.. What would be also very nice, if some on has a config file for MRTG or what every other tool propose, if they can e-mail it to me, for me to atleast get an ideal, how to build up the TARGET that should be monitored.. More info on www.docum.org under gui. I use rrdtool to store and graph the data. Rrdtool is part of the mrtg package. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Problem with flowid filter example from howto
On Thursday 21 November 2002 22:10, Andrew D wrote: Thanks. Though it doesn't quite work, I messed around with it till I got this which does: tc filter add dev eth0 protocol ip parent 1: prio 2 u32 match \ ip src 0/0 flowid 1:1 Seems like an extra if statement, but it does the job. Now I am wondering, is this wrong in the howto (section 9.6.1) or is my system just broken? I think you can say it's a features that's missing in tc :) You have to match something, if if you match everything. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] shaping on PC with more than 3 interfaces
Hi! I have a machine ISP | | eth0 +---+ | Linux | eth2 | QoS |-- DMZ | box | +---+ | eth1 | WAN I want to shaping incoming bandwidth and outgoing bandwidth where incoming means all packets entering eth0 and outgoing means all packets entering eth1 _or_ eth2. How do I do that? Outgoing traffic is easy since I can do shaping on eth0, but incoming is not so simple since I want to do shaping on eth1+eth2. Can I just use the IMQ device and do this: iptables -t mangle -A PREROUTING -i eth1 -j IMQ iptables -t mangle -A PREROUTING -i eth2 -j IMQ and then use imq0 as the interface on which I do my incoming shaping? -- Regards Abraham The Marines: The few, the proud, the not very bright. ___ Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks P.O. Box 3472, Matieland, Stellenbosch, 7602 Cell: +27 82 565 4451 Http: http://www.frogfoot.net Email: [EMAIL PROTECTED] msg02994/pgp0.pgp Description: PGP signature
Re: [LARTC] Fair Queuing
Thanx, I managed it to get the basic script working but the result IS NOT satisfactory. What is happening is this:- When any user (ex 192.168.0.4 in my script) starts to download a file (Download1) after a while it settles down to the alloted bandwidth 32kbps. If he puts another download (Download 2) after a while it occupies approximately half of the total bandwidht alloted to 192.168.0.4. So far so good. NOW, when the user(192.168.0.4) cancels any one of the downloads (Say download 1) the other download (download 2) takes a very long time to grow up to the total alloted bandwidth i.e 32kbps. Why is that happening? I can't figure it out. Could SFQ Help? Script : ___ /sbin/tc qdisc add root dev eth1 handle 1:0 cbq bandwidth 10Mbit avpkt 1000 /sbin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate 256Kbit allot 1514 bounded /sbin/tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 256Kbit rate 32Kbit allot 1514 bounded /sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.0.4 flowid 1:2 /sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.4 flowid 1:2 Thanx in advance PS: Yes, I want each individual user to get 32kbps - Original Message - From: Stef Coene [EMAIL PROTECTED] Dear all, Am trying to distribute our 256kbps internet link to our internel LAN and want to give 32kbps each to our 8 nodes. how should one go about it. I have a server with 2 LAN cards. LAN (192.168.0.0/24)-Linux Box---Internet Router---ISP Do you want them to be able to share the bandwidth, or is 32kbps the maximum they may get? You can create 1 bounded class with rate = 256kbps and 8 child classes with rate = 32kbps. And you need 8 filter so put the traffic in the 8 classes. You can filter based on ip-address if the nodes has fixed ip-addresses. You can do this with htb or cbq. Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Router
On Friday 22 November 2002 10:33 am, Stef Coene wrote: On Friday 22 November 2002 16:08, Rimas wrote: Hi guys, I'm asking the same question again (it's very urgent for me). How to build a router on Linux box? I have a Linux box (Redhat 7.3) with two network cards. eth0 is connection to my wireless ISP and eth1 to my FWs. I want to route eth0--eht1. Both NIC have real Internet IP as well like FWs. I need no NAT (no needs to hide my real IP, because it have to be seen from Internet). Do I have to use ip route or iptables or combination of it. If the box is up and running with 2 nic's configured, try this : echo 1 /proc/sys/net/ipv4/ip_forward Stef Just to enable routing (without any firewall stuff) the above command would be sufficient. To make it permanent, add the following to /etc/sysctl.conf: # Enables packet forwarding net.ipv4.ip_forward=1 You could also add the following to enable route verification: # Enables source route verification net.ipv4.conf.default.rp_filter = 1 Thanks, Ashok ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Kernel config for HTB
Hello all, Reading through the list I realize that most of what you people talk about is way over my head... But I'm trying. I'm new to all this traffic shaping thing and I'm stuck at the very beginning: I'm trying to configure my kernel so I can set up a HTB on my ppp0 interface. I'm running Debian sarge and have iproute2 installed (2.4.7). I downloaded kernel 2.4.20-rc2 which includes the HTB code. Now I gathered that I need to enable CONFIG_NETLINK and CONFIG_RTNETLINK among other options. However, for the life of mine I can't find these options. Even when I grep through the .config file they don't show up. I see CONFIG_NETLINK_DEV but that's it. And when I want to set up a qdisc on ppp0, for instance tc qdisc add dev ppp0 root handle 1:0 htb default 5 all I get is HTB init, kernel part version 3.7 HTB: need tc/htb version 3 (minor is 7), you have 10 RTNETLINK answers: Invalid argument Can anyone please point me to the relevant section in menuconfig to enable the CONFIG_*NETLINK options Thanks, Ben ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Fair Queuing
On Saturday 23 November 2002 06:58, [EMAIL PROTECTED] wrote: Thanx, I managed it to get the basic script working but the result IS NOT satisfactory. What is happening is this:- When any user (ex 192.168.0.4 in my script) starts to download a file (Download1) after a while it settles down to the alloted bandwidth 32kbps. If he puts another download (Download 2) after a while it occupies approximately half of the total bandwidht alloted to 192.168.0.4. So far so good. NOW, when the user(192.168.0.4) cancels any one of the downloads (Say download 1) the other download (download 2) takes a very long time to grow up to the total alloted bandwidth i.e 32kbps. Why is that happening? I'm not sure, but when the scond download is started, both ends of the connection are using as much bandwidth as possible untill packets are dropped. If the connection has suddenly more bandwidth because the other download is stopped, it takes some time before both ends of the connection realize this. And when they do so, they are trying to push again as much as possible untill they are throttled to 64kbps. I think that's the way how tcp is handle the bandwidth limitaion. I can't figure it out. Could SFQ Help? Not really. SFQ give each data stream the same opportunity to send something. If one of the streams is gone, the other can send all of the time. But you can try to add one to see what happens. ___ /sbin/tc qdisc add root dev eth1 handle 1:0 cbq bandwidth 10Mbit avpkt 1000 /sbin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate 256Kbit allot 1514 bounded /sbin/tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 256Kbit rate 32Kbit allot 1514 bounded /sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.0.4 flowid 1:2 /sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.4 flowid 1:2 bandwidth is always the nic bandwidth so 10Mbit. And shaping on eth1 is shaping all the packets that are leaving eth2. So the usung src and dst in 2 filters is useless. The src filter will never match. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Kernel config for HTB
On Friday 22 November 2002 18:00, Benjamin Goedeke wrote: Hi Benjamin, tc qdisc add dev ppp0 root handle 1:0 htb default 5 all I get is HTB init, kernel part version 3.7 HTB: need tc/htb version 3 (minor is 7), you have 10 RTNETLINK answers: Invalid argument wrong tc version :) Can anyone please point me to the relevant section in menuconfig to enable the CONFIG_*NETLINK options CONFIG_NETLINK does not exist anylonger on any 2.4 kernel. 2.2 have this config option. Download this: http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz extract it, you'll see a tc binary. Do a mv ./tc /sbin and try the above again and you'll see that it works :) ... That binary has the needed patches for tc already applied to use HTB. have fun :) -- Kind regards Marc-Christian Petersen http://sourceforge.net/projects/wolk PGP/GnuPG Key: 1024D/569DE2E3DB441A16 Fingerprint: 3469 0CF8 CA7E 0042 7824 080A 569D E2E3 DB44 1A16 Key available at www.keyserver.net. Encrypted e-mail preferred. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] traffic _control_
since this list includes control of traffic, i was wondering if there is anyone that uses MRTG and knows how to set the bandwidth static? it dynamicly changes accroding to the traffic, but i want to set it at a specified bandwidth (bits/sec or bytes/sec). anyone? thanks, tomas bonnedahl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Kernel config for HTB
On Friday 22 November 2002 18:00, Benjamin Goedeke wrote: Hello all, Reading through the list I realize that most of what you people talk about is way over my head... But I'm trying. I'm new to all this traffic shaping thing and I'm stuck at the very beginning: I'm trying to configure my kernel so I can set up a HTB on my ppp0 interface. I'm running Debian sarge and have iproute2 installed (2.4.7). I downloaded kernel 2.4.20-rc2 which includes the HTB code. Now I gathered that I need to enable CONFIG_NETLINK and CONFIG_RTNETLINK among other options. However, for the life of mine I can't find these options. Even when I grep through the .config file they don't show up. I see CONFIG_NETLINK_DEV but that's it. And when I want to set up a qdisc on ppp0, for instance You need to enable CONFIG_NETLINK_DEV option. And all the options under QoS and/or fair queueing menu. tc qdisc add dev ppp0 root handle 1:0 htb default 5 all I get is HTB init, kernel part version 3.7 HTB: need tc/htb version 3 (minor is 7), you have 10 RTNETLINK answers: Invalid argument Have you patched tc so you have htb support? I don't know if the tc command that comes with debian has htb support. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Kernel config for HTB
On Fri, 2002-11-22 at 18:07, Marc-Christian Petersen wrote: Download this: http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz extract it, you'll see a tc binary. Do a mv ./tc /sbin and try the above again and you'll see that it works :) ... That binary has the needed patches for tc already applied to use HTB. Yes, it works indeed. have fun :) I will. Thanks a bunch, Ben -- Your fortune cookie for today: BOFH excuse #271: The kernel license has expired ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RIF: [LARTC] Routing problem
Thanks Jose, I found the key in the routing table of Router2; it had bad entries for the farest subnets (didn't have the 'via' commands...). Thanks for helping me. Now I'm gonna configure the network with IPv6 'cause I have to make it work with Mobile IPv6. Anybody working on these funny things can mail me, so we can suffer togheter! :-) Bye, Mauro -Messaggio originale- Da: Jose Luis Domingo Lopez [mailto:[EMAIL PROTECTED]] Inviato: ven 22/11/2002 1.03 A: [EMAIL PROTECTED] Cc: Oggetto: Re: [LARTC] Routing problem On Wednesday, 20 November 2002, at 18:31:42 +0100, Mauro Cerboni wrote: I have 3 routers (Linux boxes with Red Hat 8.0 server), with iproute2 and ip_forward activated; they are linked together in this way: AP1--Router1-Router2--Router3-AP2 The routing tables seem correct. But the symptoms you describe seem to tell the opposite :-( Router1 and Router3 can ping each other, Router1 and Router2 share a network segment, as well as Router2 and Router3. So as Router2 seems to be forwarding packets, and it has router to directly connected networks (shared with Router1 and Router3) the communication between Router1 and Router3 works. My guess is a wrong configuration of routing tables. Maybe you could try traceroute to see if packets reach the other end, or they get lost at some point. It wouldn't be unusual for the packets to reach the destination, but be unable to return to the source, so check the routing tables and follow the path the packets would travel. Hope it helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ,S f¢)à+-ü°L)YÛ=jya¶Úþf¢f§vÏZ_æj)fjåËbú?ªípsLèm¶ÿªírà
Re: [LARTC] many ways to do load balancing (or not?)
On Fri, 2002-11-22 at 04:28, Andreas Hasenack wrote: Sure. When I said packet count before I was thinking about something along the lines of real traffic balancing, that is, the router somehow remembering how many packets it sent to each route and choosing the less used one. That would be one step closer to true load balancing but I do not thing would work for the other end the client. Instead it just splits requests/lookups and does not completely load balance traffic or packets. It is very easy to have uneven loads. For this one day I will look into QoS when the time is right, hoping it may be able to help even out the load? At least from the inside. Once again from the outside load balancing is done via DNS. It would be getting responses from an IP it was not expecting response from. I would imagine each side to send redirects, and all sorts of problems. Like it receiving every other packet and dropping the packets in between. And breaking stateful firewalls. Yep If during a file transfer the route cache is flushed, there is the possibility of the rest of the packets going out a different interface. Uh oh... It shouldn't be that simple, what about that 60s timeout for the cache? It's very likely to occur during a file transfer. Well that's more a worse case scenario like manually flushing the cache. I believe the cache gc algorithm takes in consideration routes that are currently in use. So lookups do not occur during a transfer? I have not really seen this to be a big problem. Although I do not have any large files being downloaded, and if I did it could cause problems there. But so far I have not had any problems along those lines. Neither does it perfectly or with intelligent algorithms. Neither allow you to use all paths for a single transfer. Only things like MPPP I guess, for example, or channel bonding, or TQL. Yes, but I believe each of those requires special configurations on both ends, client and ISP. So if you have two 1.5 mbs connection, you do not end up with a 3.0 mbs line. You do have one internal gateway for both, and if one goes down the other can be used. So you do have redundancy, and both lines can be used to serve difference requests to different places. So it's more like redundancy/HA with a best effort towards balancing. Yes, or in other terms. My need was a single gateway for my servers although I have two ISPs. The amount of load balancing you get it about the same as the amount of redundancy. You get a partial solution to both, but not a complete solution. -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax707.766.8989 http://www.obsidian-studios.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] many ways to do load balancing (or not?)
On Fri, 2002-11-22 at 04:41, Andreas Hasenack wrote: Em Thu, Nov 21, 2002 at 04:06:26PM -0800, William L. Thomson Jr. escreveu: Not necessarily. I have two lines going in completely different directions, different private nets, and then via different ISP/Public IPs. Do you have public servers that are accessed from the outside? Yes that's basically all I have. I have three lines, two 1.1mps SDSL and one ADSL. My ADSL line is for surfing, and is my main inbound line for normal office traffic. My SDSL lines handle all requests to and from my public servers. So most of the traffic is initiated from the outside. Very little inbound traffic, mostly allot of outbound. How do you respond to requests comming down one link? I suppose via the same link, or using SNAT, otherwise you would have packets with a source IP from ISP1 traveling through the link to ISP2, right? That's where it gets a little crazy. Each SDSL line terminates in a router that performs PAT. From the two SDSL routers doing PAT, the requests then make it to the Linux router, which does a second round of PAT, or DPAT. Now when inbound request leave then get SPAT as they leave the Linux router heading for the SDSL routers to be PAT again back to Public IPs. A little excessive, but having two firewalls back to back on either connection is nice. Pretty dam hard to get any packet through both that's is not supposed to be going through them. Now the hardest part for me to grasp, was how ipchains is able to take a single internal IP and convert it into two different internal/external IPs. Internal in my case, since I do not use Public IPs until hitting and leaving the SDSL routers. There is a particular rule that does this, but I have not found an equivalent using iptables. Although I am sure one exists, or hope one does. Now this is also where Julian's patches came into play. By using NAT and Julian's patches, the NAT cache is looked at so the choice of what IP to map the servers IP to is based on the cache. If there is nothing there in the cache, then it goes to the multipath route. Sounds simple, but was a pain for me to grasp, and get working. But it has been working perfectly ever since, or at least as good as can be expected. Since I have implemented true dead gateway detection, nor have I dialed things in specifically with cache timeouts, gcs, etc. -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax707.766.8989 http://www.obsidian-studios.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] many ways to do load balancing (or not?)
On Fri, 2002-11-22 at 04:39, Andreas Hasenack wrote: Em Thu, Nov 21, 2002 at 04:24:06PM -0800, William L. Thomson Jr. escreveu: But I have been informed I believe by Julian and others that the load balancing, multipath equalize feature can be used even without NAT but in a different situation that mine? I'm confused as well. Suppose you have two links to the internet, a DMZ, and an internal network, SNAT'ed. Suppose you have a public web server in the DMZ (the DMZ is not SNAT'ed). How would multipath route (with or without equalize) help here? I mean, it would only really help if there were connections starting from the inside (DMZ or SNAT'ed network) to the outside. But: Exactly - the internal network would probably do many downloads, and not uploads In this case the multipath will help out. Splitting the downloads over the different interfaces. This way all lines will be used for downloads. Although the actual load will not be equal on all lines, as previously mentioned. But depending on the amount of routes and weights, the requests/lookups will be properly balanced. - the web server doesn't originate traffic, it responds to requests from the outside world, and it will respond using the same link the request came in (or not?) This is why I kept saying that you have to load balance from the outside in and the inside out. Inside out was above using multipath. Outside in is load balanced using DNS. Bind allows you to specify multiple IPs for a domain, and a similar weight value. So you can load balance DNS look ups. In my case where everything is even I have two Public IPs for each server in my DNS records. Do a dig on my domain. You will get two IPs, and each time a dns lookup occurs you should get on or the other. In theory every other request gets a different IP. So Bind is trying to load balance things from the outside world. But depending on allot of different variables, the client could end up doing another lookup or using an interface out of the load balancing order. So it's not perfect. But to complete the load balancing scenario it's absolutely necessary. Otherwise there is no way to load balance from the outside world without your ISP providing a service or using something like BGP. So load balancing inside out is done via multipath equalize, and load balancing from the outside in is done via DNS, in my case BIND. -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax707.766.8989 http://www.obsidian-studios.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Forced route
Hi All, I have the following topology with four linux routers. AB-C | | +..E0(D)E1.+ In this I want to send some traffic from interface E0 of router D to interface E1 of same router via route ABC. How can I do this? Any help on this will be highly appreciable. Thanks, Nitin __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Forced route
On Fri, Nov 22, 2002 at 11:11:04AM -0800, nitin panjwani wrote: Hi All, I have the following topology with four linux routers. AB-C | | +..E0(D)E1.+ In this I want to send some traffic from interface E0 of router D to interface E1 of same router via route ABC. How can I do this? In general you can't. The traffic generated on D, destined for D never reaches the nic card. So, your statement above from interface E0 is irrelevant. The packets would go down the IP stack to the loopback and come back up again. What are A, B or C? If there is ability to do nat, you can send packets to, eg, A and have A DNAT it to E1 and SNAT it to A. Doing this and having the right routes on A, B and C and of course D, you can do what you're asking. Ramin Any help on this will be highly appreciable. Thanks, Nitin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] TC HTB Traffic Shaping
I must give credit where credit is DUE THnks a LOT...this is a well PUT Together site, I couldn't ask for a better documentation about Traffic Shapping, I received way more infor, than I ask for... And your website, give me more insight about Traffic Shapping, even better than the HTB website.. Job well don Mr. Coene -Original Message- From: Stef Coene [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 16:45 To: Reginald R. Richardson; [EMAIL PROTECTED] Subject: Re: [LARTC] TC HTB Traffic Shaping On Friday 22 November 2002 10:49, Reginald R. Richardson wrote: Hi guys, I'm new to TC HTB traffic shaping I installed it at my first try on my Bearing Leaf Router/Firewall I use the tc -s class show dev eth? To see my output All looks dandy and nice, but it's figures, of which at current momment looks like French to me, I would like to see exactly what these figures looks like in a GRAPH style... http://home.docum.org/stef.coene/qos/gui/rrd.html I know I can use MRTG, I do have some litte expience in it.. But I need to figure out, what will be THE TARGET to caputre to output via the VARIOIUS class from HTB If Mrtg, is not the best tool for this...can some one tell me of something very simple, not to much programming language to see, my output in a graph style.. What would be also very nice, if some on has a config file for MRTG or what every other tool propose, if they can e-mail it to me, for me to atleast get an ideal, how to build up the TARGET that should be monitored.. More info on www.docum.org under gui. I use rrdtool to store and graph the data. Rrdtool is part of the mrtg package. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] burst per connection or filter on packet numbers
On Friday 22 November 2002 19:32, Walter Haidinger wrote: Hi! I'd like put the first n packets of a connection into a seperate class like having a burst for each connection. The netfilter nth patch doesn't quite do this as it a. only matches a single packet count and b. works on the rule instead the connection count. I'm thinking of something like: iptables -t mangle -I foo -m nth --every :100 -j ... where the counter is reset for every new connection. Can this be done with filters? Why not doing with htb? It has a nice burst parameter that does exactly what you want. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] many ways to do load balancing (or not?)
Em Fri, Nov 22, 2002 at 10:05:25AM -0800, William L. Thomson Jr. escreveu: So it's more like redundancy/HA with a best effort towards balancing. Yes, or in other terms. My need was a single gateway for my servers although I have two ISPs. The amount of load balancing you get it about the same as the amount of redundancy. You get a partial solution to both, but not a complete solution. I just found this patch, has anybody already played with it? ftp://sliepen.warande.net/pub/eql/patch-2.4.18-2.gz Excerpt: Load balancing needed a slight adjustment to the unpatched linux kernel, because of the route cache. Multipath is an option already found in the old 2.1.x kernels. However, once a packet arrives, and it matches a multipath route, a (quasi random) device out of the list of nexthops is taken for its destination. That's okay, but after that the kernel puts everything into a hash table, and the next time a packet with the same source/dest/tos arrives, it finds it is in the hash table, and routes it via the same device as last time. The adjustment I made is as follows: If the kernel sees that the route to be taken has got the 'equalize' flag set, it not only selects the random device, but also tags the packet with the RTCF_EQUALIZE flag. If another packet of the same kind arrives, it is looked up in the hash table. It then checks if our flag is set, and if so, it deletes the entry in the cache and has to recalculate the destination again. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] burst per connection or filter on packet numbers
On Fri, 22 Nov 2002, Stef Coene wrote: Why not doing with htb? It has a nice burst parameter that does exactly what you want. Not exactly. If I understand the htb users guide correctly, then the bursts only apply if there is the chance that they can recharge (i.e. there is some period without packet flow). But what if there is a continous packet flow because there are many concurrent connections? I'd like to favour beginning connections (not just the starting packets, but the first, say, 100 packets) _while_ there already established connections which prevent recharging of the htb bursts. I've already experimented with different burst/cburst settings but it did not give me desired behaviour. Regards, Walter ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Two Ethernet DSL mdems
Hi, Is it possible to connect two or more Ethernet DSL modems to a Hub and connect to them with one Linux router computer? Thanks in advance for your assistance Regards Wayne ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/