[LARTC] TC HTB Traffic Shaping

2002-11-22 Thread Reginald R. Richardson 
Hi guys,

I'm new to TC HTB traffic shaping

I installed it at my first try on my Bearing Leaf Router/Firewall

I use the tc -s class show dev eth? To see my output
All looks dandy and nice, but it's figures, of which at current momment
looks like French to me,

I would like to see exactly what these figures looks like in a GRAPH
style...

I know I can use MRTG, I do have some litte expience in it..
But I need to figure out, what will be THE TARGET to caputre to output
via the VARIOIUS class from HTB

If Mrtg, is not the best tool for this...can some one tell me of
something very simple, not to much programming language to see, my
output in a graph style..

What would be also very nice, if some on has a config file for MRTG or
what every other tool propose, if they can e-mail it to me, for me to
atleast get an ideal, how to build up the TARGET that should be
monitored..

Thnks

__
Reginald Richardson
ICQ#: 365841
Current ICQ status:   
+  More ways to contact me 
__
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] ip rule show

2002-11-22 Thread Nickola Kolev 
 virdzek, wrote:

   hi,
  
  at any machines when I execute command ip rule show ,
  i got answer:
  
   RTNETLINK answers: Invalid argument
   Dump terminated
  
  what does this mean?
  

Hello,

You should read ip-cref.ps, included with your distribution of
iproute2. Generally it means that you have to turn on these 
features in your kernel config:

CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y

Hth,
Nickola



msg02977/pgp0.pgp
Description: PGP signature

Re: [LARTC] many ways to do load balancing (or not?)

2002-11-22 Thread Andreas Hasenack 
Em Thu, Nov 21, 2002 at 02:20:57PM -0800, William L. Thomson Jr. escreveu:
 Also I do not believe the load balancing is packet based. Usually it's
 more connection based. Meaning that if you request a file, more than
 likely all parts of that file will be transfered using the same route.
 If you request it again, it may take the same route or another.

If I make many connections from one IP (inside) to a web server (outside),
for example (like many simultaneous downloads, or a complex page), I think
they will all go via the same route, because the originating IP and the
destination are the same. It will hit the cache.
Hmm, not good if your users use a proxy, but then again, the proxy would
cache the page probably.

 Now if the request was generated from the inside it would still work
 some what the same. If I send two emails out at once, the first will use
 gw1 and the other will use gw2.

Unless they are sent to the same MTA in the outside, then it will get a
cache hit (supposing the 60s haven't gone by then). Or not?

 All packets for each will travel via the same route and use the same
 gateway from start to finish.

Agreed.

 If it was more on a packet level, the other end would be confused.

Sure. When I said packet count before I was thinking about something
along the lines of real traffic balancing, that is, the router somehow
remembering how many packets it sent to each route and choosing the
less used one.

 It would be getting responses from an IP it was not expecting response
 from. I would imagine each side to send redirects, and all sorts of
 problems. Like it receiving every other packet and dropping the packets
 in between.

And breaking stateful firewalls.

 If during a file transfer the route cache is flushed, there is the
 possibility of the rest of the packets going out a different interface.

Uh oh... It shouldn't be that simple, what about that 60s timeout for
the cache? It's very likely to occur during a file transfer.

 Neither does it perfectly or with intelligent algorithms. Neither allow
 you to use all paths for a single transfer.

Only things like MPPP I guess, for example, or channel bonding, or TQL.

 So if you have two 1.5 mbs connection, you do not end up with a 3.0 mbs
 line. You do have one internal gateway for both, and if one goes down
 the other can be used. So you do have redundancy, and both lines can be
 used to serve difference requests to different places.

So it's more like redundancy/HA with a best effort towards balancing.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] many ways to do load balancing (or not?)

2002-11-22 Thread Andreas Hasenack 
Em Thu, Nov 21, 2002 at 08:55:05PM -0200, Christoph Simon escreveu:
 My understanding is, that for equalize to work, all lines must go to
 the same point and that must not be the end point. Also, this same
 point must implement the equalize very much the same way.

What is it that you call a point here (destination)? The same ISP? The
same network?

I understand that it should be the same ISP because of egress filtering, that
is, one ISP should block packets with a source address that doesn't belong
to the ISP supplying the link.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] many ways to do load balancing (or not?)

2002-11-22 Thread Andreas Hasenack 
Em Thu, Nov 21, 2002 at 04:24:06PM -0800, William L. Thomson Jr. escreveu:
 But I have been informed I believe by Julian and others that the load
 balancing, multipath equalize feature can be used even without NAT but
 in a different situation that mine?

I'm confused as well. Suppose you have two links to the internet, a DMZ,
and an internal network, SNAT'ed. Suppose you have a public web server
in the DMZ (the DMZ is not SNAT'ed).

How would multipath route (with or without equalize) help here? I mean,
it would only really help if there were connections starting from
the inside (DMZ or SNAT'ed network) to the outside. But:

- the internal network would probably do many downloads, and not uploads

- the web server doesn't originate traffic, it responds to requests from
the outside world, and it will respond using the same link the request
came in (or not?)

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] many ways to do load balancing (or not?)

2002-11-22 Thread Christoph Simon 
On Fri, 22 Nov 2002 10:30:35 -0200
Andreas Hasenack [EMAIL PROTECTED] wrote:

 Em Thu, Nov 21, 2002 at 08:55:05PM -0200, Christoph Simon escreveu:
  My understanding is, that for equalize to work, all lines must go to
  the same point and that must not be the end point. Also, this same
  point must implement the equalize very much the same way.
 
 What is it that you call a point here (destination)? The same ISP? The
 same network?
 
 I understand that it should be the same ISP because of egress filtering,
 that is, one ISP should block packets with a source address that doesn't
 belong to the ISP supplying the link.

I was thinking of a configuration like:

Satelite Main-Office

 - ISP1 -m-
LAN1 - ISP2 -m- ISPx - linux-router2 - ISP-BIG -
 - ISP3 -m-

If I have an office with one big Internet tube (e.g., MBs), I can put
linux-router2 there. Then all satelite offices could use one or more
modems to reach this router. That linux-router2 would NAT everybody
coming from the modems and forward the packets to ISP-BIG. Nobody in
LAN1 would even attempt to reach linux-router2, which is the last
point where their actually source addresses are known. With equalize
this should allow for a packetwise loadbalancing to increase the
effective bandwidth even for a single file transfer between a host in
LAN1 and ISP-BIG. In this configuration, all modem lines go finally to
one point (linux-router2) and that is not the endpoint. In fact, all
internal clients would use linux-router2 as the default gateway. No
cooperation of any ISP is required.

This configuration makes sense if LAN1 and linux-router2 are in
different cities and either LAN1 has no other reliable choice than
modems or wants redundancy. ISP-BIG also needs to be cheap and
reliable enough for this to make sense.

As I said before, I didn't play too much with equalize, but can't see
a essencially different scenario for a packet-wise loadbalancing.

-- 
Christoph Simon
[EMAIL PROTECTED]
---
^X^C
q
quit
:q
^C
end
x
exit
ZZ
^D
?
help
.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Fair Queuing

2002-11-22 Thread ajay 
Dear all,

Am trying to distribute our 256kbps internet link to our internel 
LAN and want to give 32kbps each to our 8 nodes.  how should one go about it.

I have a server with 2 LAN cards.


LAN (192.168.0.0/24)-Linux Box---Internet Router---ISP


Thanx 

AJ
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] High-performance shaping

2002-11-22 Thread Thomas Jalsovsky 

Hello,

does the PC/Linux 2.4 architecture good for the following:
some FastEthernet cards (maybe a Gbit uplink)
- traffic-shaping between VLANs/interfaces
- scheduling
- filtering (some smart iptables rules :)

I would like to build a central router based on Linux which does
VLANs, traffic-shaping, QoS for voip/interactive protocols, maybe some
tunnels and BGP with Zebra.

Is this possible? What HW do I need?

Thanks in advance,
Thomas

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Router

2002-11-22 Thread Rimas 
Hi guys,

I'm asking the same question again (it's very urgent for me).

How to build a router on Linux box?

I have a Linux box (Redhat 7.3) with two network cards.
eth0 is connection to my wireless ISP and eth1 to my FWs.
I want to route eth0--eht1. Both NIC have real Internet IP as well like
FWs.
I need no NAT (no needs to hide my real IP, because it have to be seen from
Internet).
Do I have to use ip route or iptables or combination of it.

Thank you

Rimas




___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Router

2002-11-22 Thread David Boreham 
 
 How to build a router on Linux box?

This is a bit like asking 'How do I build a nuclear reactor, I need to
have it done by monday' :)

You will need to sit down and do quite a bit of reading.
There are howto documents, there are books on the subject,
there are mailing lists like this. You'll need to spend time with
all three types of information source.

The book Linux Firewalls, despite the title, is a good
source of informaiton on routing with Linux.

The book Linux Routing is also good.





___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Router

2002-11-22 Thread Stef Coene 
On Friday 22 November 2002 16:08, Rimas wrote:
 Hi guys,

 I'm asking the same question again (it's very urgent for me).

 How to build a router on Linux box?

 I have a Linux box (Redhat 7.3) with two network cards.
 eth0 is connection to my wireless ISP and eth1 to my FWs.
 I want to route eth0--eht1. Both NIC have real Internet IP as well like
 FWs.
 I need no NAT (no needs to hide my real IP, because it have to be seen from
 Internet).
 Do I have to use ip route or iptables or combination of it.
If the box is up and running with 2 nic's configured, try this :

echo 1  /proc/sys/net/ipv4/ip_forward

Stef

-- 

[EMAIL PROTECTED]
 Using Linux as bandwidth manager
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] traffic shaping using HTB (doesn't seem to work as expected)

2002-11-22 Thread Stef Coene 
On Friday 22 November 2002 11:58, Abraham van der Merwe wrote:
 Hi!

 I started shaping our clients using HTB/Linux recently (since about 2 days
 ago). (Previously I used dummynet/FreeBSD and before that CBQ/GTS/IOS).

 I tested HTB in a lab setup (just shaped 2 connections to different speeds
 and tried it). That seemed to work, so then I switched, but in a live setup
 it all turns to .

 Basically I've got setup like this:


 internet

| eth0

 +-+ eth2

 | qos box | DMZ

 +-+

| eth1

 +-+

 | clients |

 +-+

 I'm shaping egress on both eth0 and eth1 (shaping traffic to clients on
 eth1 and traffic to internet on eth0)

 my config looks like this:

  snip -- snip -- snip 
 # usage: class cid in-rate out-rate prio
 function class()
 {
 $tc class add dev $iface_uunet parent 1:1 classid $1 htb rate $2
 prio $4
 $tc class add dev $iface_wan parent 1:1 classid $1 htb rate $3 prio
 $4 }

 # usage: filter cid net
 function filter()
 {
 $tc filter add dev $iface_uunet protocol ip parent 1: prio 1\
 u32 match ip src $2 flowid $1

 $tc filter add dev $iface_wan protocol ip parent 1: prio 1
 \
 u32 match ip dst $2 flowid $1
 }

 for i in $iface_uunet $iface_wan; do
 # remove all queueing disciplines
 $tc qdisc del dev $i root 2 /dev/null

 # add a hierarchial token bucket queueing discipline
 $tc qdisc add dev $i root handle 1: htb default 99 r2q 3
 done

 class 1:10 xxx yyy 1
 filter 1:10 a.b.c.d/e
 filter 1:10 ...

 class 1:11 ...
 .
 .
 .

 

 # catch the rest
 class 1:99 128kbit 128kbit 1
 filter 1:99 66.8.28.0/24
 filter 1:99 66.8.85.0/24
  snip -- snip -- snip 

 I'm not sure what is going wrong. I suspect one/more of the following

 1. HTB only works if the total number of classes does not exceed total
 bandwidth - is this true? if so, it explains why this does not work since
 we oversell bandwidth with priority 2. how can I add shaping rules and
 interface bandwidth and let the qos subsystem handle the congestion
 avoidance?

 2. I'm missing a client's subnet which may be eating up all me bandwidth
 (esp true for DMZ since I'm not shaping incoming bandwidth for DMZ)

 3. I'm doing something wrong.

 If anyone has suggestions/comments re (1) and (3), please let me know.
I don't have the command that creates clasqs 1:1, but if you have a 128kbit 
connection, you have to take 120kbit or so for the maximum bandwidth.  You 
loose some small amounts of bandwidth, but that's needed.  Otherwise it can 
be the modem or router that's shaping and not your firewall.  Try it with 
100kbit and raise it untill your box is not shaping anymore.

If you add a class, you don't provide a ceil parameter.  So ceil = rate.  So 
the classes can never borrow bandwidth to each other.
And regarding to 1., htb assumes that the sum of the rates of the child 
classes is = the rate of parent.  You don't have to follow this rule, but 
htb will work better if you do.

And if the qos box is natting, you can't use the src address on eth2 because 
the source address of the packets is natted to the address of the qos box.


Stef

-- 

[EMAIL PROTECTED]
 Using Linux as bandwidth manager
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] TC HTB Traffic Shaping

2002-11-22 Thread Stef Coene 
On Friday 22 November 2002 10:49, Reginald R. Richardson wrote:
 Hi guys,

 I'm new to TC HTB traffic shaping

 I installed it at my first try on my Bearing Leaf Router/Firewall

 I use the tc -s class show dev eth? To see my output
 All looks dandy and nice, but it's figures, of which at current momment
 looks like French to me,

 I would like to see exactly what these figures looks like in a GRAPH
 style...
http://home.docum.org/stef.coene/qos/gui/rrd.html

 I know I can use MRTG, I do have some litte expience in it..
 But I need to figure out, what will be THE TARGET to caputre to output
 via the VARIOIUS class from HTB

 If Mrtg, is not the best tool for this...can some one tell me of
 something very simple, not to much programming language to see, my
 output in a graph style..

 What would be also very nice, if some on has a config file for MRTG or
 what every other tool propose, if they can e-mail it to me, for me to
 atleast get an ideal, how to build up the TARGET that should be
 monitored..
More info on www.docum.org under gui.
I use rrdtool to store and graph the data.  Rrdtool is part of the mrtg 
package.

Stef

-- 

[EMAIL PROTECTED]
 Using Linux as bandwidth manager
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Problem with flowid filter example from howto

2002-11-22 Thread Stef Coene 
On Thursday 21 November 2002 22:10, Andrew D wrote:
 Thanks.  Though it doesn't quite work, I messed around with it till I
 got this which does:

 tc filter add dev eth0 protocol ip parent 1: prio 2 u32 match \
   ip src 0/0 flowid 1:1

 Seems like an extra if statement, but it does the job.  Now I am
 wondering, is this wrong in the howto (section 9.6.1) or is my system
 just broken?
I think you can say it's a features that's missing in tc :)
You have to match something, if if you match everything.

Stef

-- 

[EMAIL PROTECTED]
 Using Linux as bandwidth manager
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] shaping on PC with more than 3 interfaces

2002-11-22 Thread Abraham van der Merwe 
Hi!

I have a machine

   ISP
|
| eth0
+---+
| Linux | eth2
|  QoS  |-- DMZ
|  box  |
+---+
| eth1
|
   WAN

I want to shaping incoming bandwidth and outgoing bandwidth where incoming
means all packets entering eth0 and outgoing means all packets entering eth1
_or_ eth2.

How do I do that?

Outgoing traffic is easy since I can do shaping on eth0, but incoming is not
so simple since I want to do shaping on eth1+eth2. Can I just use the IMQ
device and do this:

iptables -t mangle -A PREROUTING -i eth1 -j IMQ
iptables -t mangle -A PREROUTING -i eth2 -j IMQ

and then use imq0 as the interface on which I do my incoming shaping?

-- 

Regards
 Abraham

The Marines:
The few, the proud, the not very bright.

___
 Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks
 P.O. Box 3472, Matieland, Stellenbosch, 7602
 Cell: +27 82 565 4451 Http: http://www.frogfoot.net
 Email: [EMAIL PROTECTED]




msg02994/pgp0.pgp
Description: PGP signature

Re: [LARTC] Fair Queuing

2002-11-22 Thread ajay 
Thanx, I managed it to get the basic script working but the result IS NOT
satisfactory. What is happening is this:-

When any user (ex 192.168.0.4 in my script) starts to download a file
(Download1) after a while it settles down to the alloted bandwidth 32kbps.
If he puts another download (Download 2) after a while  it occupies
approximately half of the total bandwidht alloted to 192.168.0.4.  So far so
good.
NOW, when the user(192.168.0.4) cancels any one of the downloads (Say
download 1) the other download (download 2) takes a very long time to grow
up to the total alloted bandwidth i.e 32kbps.

Why is that happening?
I can't figure it out. Could SFQ Help?

Script :
___
/sbin/tc qdisc add root dev eth1 handle 1:0 cbq bandwidth 10Mbit avpkt 1000
/sbin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate
256Kbit allot 1514 bounded
/sbin/tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 256Kbit
rate 32Kbit allot 1514 bounded
/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.0.4 flowid 1:2
/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst
192.168.0.4 flowid 1:2


Thanx in advance

PS: Yes, I want each individual user to get 32kbps
- Original Message -
From: Stef Coene [EMAIL PROTECTED]
  Dear all,
 
  Am trying to distribute our 256kbps internet link to our
  internel LAN and want to give 32kbps each to our 8 nodes.  how should
one
  go about it.
 
  I have a server with 2 LAN cards.
 
 
  LAN (192.168.0.0/24)-Linux Box---Internet Router---ISP
 Do you want them to be able to share the bandwidth, or is 32kbps the
maximum
 they may get?

 You can create 1 bounded class with rate = 256kbps and 8 child classes
with
 rate = 32kbps.  And you need 8 filter so put the traffic in the 8 classes.
 You can filter based on ip-address if the nodes has fixed ip-addresses.
You
 can do this with htb or cbq.

 Stef



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Router

2002-11-22 Thread Ashok N N 
On Friday 22 November 2002 10:33 am, Stef Coene wrote:
 On Friday 22 November 2002 16:08, Rimas wrote:
  Hi guys,
 
  I'm asking the same question again (it's very urgent for me).
 
  How to build a router on Linux box?
 
  I have a Linux box (Redhat 7.3) with two network cards.
  eth0 is connection to my wireless ISP and eth1 to my FWs.
  I want to route eth0--eht1. Both NIC have real Internet IP as well like
  FWs.
  I need no NAT (no needs to hide my real IP, because it have to be seen 
from
  Internet).
  Do I have to use ip route or iptables or combination of it.
 If the box is up and running with 2 nic's configured, try this :
 
 echo 1  /proc/sys/net/ipv4/ip_forward
 
 Stef
 

Just to enable routing (without any firewall stuff) the above command would be 
sufficient. To make it permanent, add the following to /etc/sysctl.conf:
# Enables packet forwarding
net.ipv4.ip_forward=1

You could also add the following to enable route verification:
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1

Thanks,
Ashok
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Kernel config for HTB

2002-11-22 Thread Benjamin Goedeke 
Hello all, 

Reading through the list I realize that most of what you people talk
about is way over my head... But I'm trying. I'm new to all this traffic
shaping thing and I'm stuck at the very beginning: I'm trying to
configure my kernel so I can set up a HTB on my ppp0 interface. 

I'm running Debian sarge and have iproute2 installed (2.4.7). I
downloaded kernel 2.4.20-rc2 which includes the HTB code. Now I gathered
that I need to enable CONFIG_NETLINK and CONFIG_RTNETLINK among other
options. However, for the life of mine I can't find these options. Even
when I grep through the .config file they don't show up. I see
CONFIG_NETLINK_DEV but that's it. And when I want to set up a qdisc on
ppp0, for instance 

tc qdisc add dev ppp0 root handle 1:0 htb default 5 

all I get is

HTB init, kernel part version 3.7
HTB: need tc/htb version 3 (minor is 7), you have 10
RTNETLINK answers: Invalid argument 

Can anyone please point me to the relevant section in menuconfig to
enable the CONFIG_*NETLINK options

Thanks, 
Ben 

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Fair Queuing

2002-11-22 Thread Stef Coene 
On Saturday 23 November 2002 06:58, [EMAIL PROTECTED] wrote:
 Thanx, I managed it to get the basic script working but the result IS NOT
 satisfactory. What is happening is this:-

 When any user (ex 192.168.0.4 in my script) starts to download a file
 (Download1) after a while it settles down to the alloted bandwidth 32kbps.
 If he puts another download (Download 2) after a while  it occupies
 approximately half of the total bandwidht alloted to 192.168.0.4.  So far
 so good.
 NOW, when the user(192.168.0.4) cancels any one of the downloads (Say
 download 1) the other download (download 2) takes a very long time to grow
 up to the total alloted bandwidth i.e 32kbps.

 Why is that happening?
I'm not sure, but when the scond download is started, both ends of the 
connection are using as much bandwidth as possible untill packets are 
dropped.  If the connection has suddenly more bandwidth because the other 
download is stopped, it takes some time before both ends of the connection 
realize this.  And when they do so, they are trying to push again as much as 
possible untill they are throttled to 64kbps.  I think that's the way how tcp 
is handle the bandwidth limitaion.

 I can't figure it out. Could SFQ Help?
Not really.  SFQ give each data stream the same opportunity to send something.  
If one of the streams is gone, the other can send all of the time.  But you 
can try to add one to see what happens.

 ___
 /sbin/tc qdisc add root dev eth1 handle 1:0 cbq bandwidth 10Mbit avpkt 1000
 /sbin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 10Mbit
 rate 256Kbit allot 1514 bounded
 /sbin/tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 256Kbit
 rate 32Kbit allot 1514 bounded
 /sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
 192.168.0.4 flowid 1:2
 /sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst
 192.168.0.4 flowid 1:2
 
bandwidth is always the nic bandwidth so 10Mbit.
And shaping on eth1 is shaping all the packets that are leaving eth2.  So the 
usung src and dst in 2 filters is useless.  The src filter will never match.

Stef

-- 

[EMAIL PROTECTED]
 Using Linux as bandwidth manager
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Kernel config for HTB

2002-11-22 Thread Marc-Christian Petersen 
On Friday 22 November 2002 18:00, Benjamin Goedeke wrote:

Hi Benjamin,

 tc qdisc add dev ppp0 root handle 1:0 htb default 5
 all I get is
 HTB init, kernel part version 3.7
 HTB: need tc/htb version 3 (minor is 7), you have 10
 RTNETLINK answers: Invalid argument
wrong tc version :)

 Can anyone please point me to the relevant section in menuconfig to
 enable the CONFIG_*NETLINK options
CONFIG_NETLINK does not exist anylonger on any 2.4 kernel. 2.2 have this 
config option.

Download this: http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz

extract it, you'll see a tc binary. Do a mv ./tc /sbin and try the above 
again and you'll see that it works :) ... That binary has the needed patches 
for tc already applied to use HTB.

have fun :)


-- 
Kind regards
Marc-Christian Petersen

http://sourceforge.net/projects/wolk

PGP/GnuPG Key: 1024D/569DE2E3DB441A16
Fingerprint: 3469 0CF8 CA7E 0042 7824 080A 569D E2E3 DB44 1A16
Key available at www.keyserver.net. Encrypted e-mail preferred.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] traffic _control_

2002-11-22 Thread Tomas Bonnedahl 
since this list includes control of traffic, i was wondering if there is anyone that 
uses MRTG and knows how to set the bandwidth
static? it dynamicly changes accroding to the traffic, but i want to set it at a 
specified bandwidth (bits/sec or bytes/sec).
anyone?

thanks,
tomas bonnedahl
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Kernel config for HTB

2002-11-22 Thread Stef Coene 
On Friday 22 November 2002 18:00, Benjamin Goedeke wrote:
 Hello all,

 Reading through the list I realize that most of what you people talk
 about is way over my head... But I'm trying. I'm new to all this traffic
 shaping thing and I'm stuck at the very beginning: I'm trying to
 configure my kernel so I can set up a HTB on my ppp0 interface.

 I'm running Debian sarge and have iproute2 installed (2.4.7). I
 downloaded kernel 2.4.20-rc2 which includes the HTB code. Now I gathered
 that I need to enable CONFIG_NETLINK and CONFIG_RTNETLINK among other
 options. However, for the life of mine I can't find these options. Even
 when I grep through the .config file they don't show up. I see
 CONFIG_NETLINK_DEV but that's it. And when I want to set up a qdisc on
 ppp0, for instance
You need to enable CONFIG_NETLINK_DEV option.  And all the options under QoS 
and/or fair queueing menu.

 tc qdisc add dev ppp0 root handle 1:0 htb default 5

 all I get is

 HTB init, kernel part version 3.7
 HTB: need tc/htb version 3 (minor is 7), you have 10
 RTNETLINK answers: Invalid argument
Have you patched tc so you have htb support?  I don't know if the tc command 
that comes with debian has htb support.

Stef

-- 

[EMAIL PROTECTED]
 Using Linux as bandwidth manager
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Kernel config for HTB

2002-11-22 Thread Benjamin Goedeke 
On Fri, 2002-11-22 at 18:07, Marc-Christian Petersen wrote:

 Download this: http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz
 
 extract it, you'll see a tc binary. Do a mv ./tc /sbin and try the above 
 again and you'll see that it works :) ... That binary has the needed patches 
 for tc already applied to use HTB.

Yes, it works indeed.

 
 have fun :)
 

I will.

Thanks a bunch,
Ben


-- 
Your fortune cookie for today:

BOFH excuse #271:

The kernel license has expired

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RIF: [LARTC] Routing problem

2002-11-22 Thread Mauro Cerboni 
Thanks Jose,
 
I found the key in the routing table of Router2; it had bad entries for the farest 
subnets (didn't have the 'via' commands...).
 
Thanks for helping me.
 
Now I'm gonna configure the network with IPv6 'cause I have to make it work with 
Mobile IPv6. 
Anybody working on these funny things can mail me, so we can suffer togheter! :-)
 
Bye,
 
Mauro

-Messaggio originale- 
Da: Jose Luis Domingo Lopez [mailto:[EMAIL PROTECTED]] 
Inviato: ven 22/11/2002 1.03 
A: [EMAIL PROTECTED] 
Cc: 
Oggetto: Re: [LARTC] Routing problem



On Wednesday, 20 November 2002, at 18:31:42 +0100,
Mauro Cerboni wrote:

 I have 3 routers (Linux boxes with Red Hat 8.0 server), with iproute2 and 
ip_forward activated; they are linked together in this way:

 AP1--Router1-Router2--Router3-AP2

 The routing tables seem correct.

But the symptoms you describe seem to tell the opposite :-(

 Router1 and Router3 can ping each other,

Router1 and Router2 share a network segment, as well as Router2 and
Router3. So as Router2 seems to be forwarding packets, and it has router
to directly connected networks (shared with Router1 and Router3) the
communication between Router1 and Router3 works.

My guess is a wrong configuration of routing tables. Maybe you could try
traceroute to see if packets reach the other end, or they get lost at
some point. It wouldn't be unusual for the packets to reach the
destination, but be unable to return to the source, so check the routing
tables and follow the path the packets would travel.

Hope it helps.

--
Jose Luis Domingo Lopez
Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1)
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


,S
f¢–)à–+-ü°L)šŠYšÛ=jya¶Úþf¢–f§vÏZž_æj)fjåŠËbú?•ªíps–Lèm¶Ÿÿ•ªírŠà

Re: [LARTC] many ways to do load balancing (or not?)

2002-11-22 Thread William L. Thomson Jr. 
On Fri, 2002-11-22 at 04:28, Andreas Hasenack wrote:

 Sure. When I said packet count before I was thinking about something
 along the lines of real traffic balancing, that is, the router somehow
 remembering how many packets it sent to each route and choosing the
 less used one.

That would be one step closer to true load balancing but I do not thing
would work for the other end the client. Instead it just splits
requests/lookups and does not completely load balance traffic or
packets. 

It is very easy to have uneven loads. For this one day I will look into
QoS when the time is right, hoping it may be able to help even out the
load? At least from the inside.

Once again from the outside load balancing is done via DNS.

  It would be getting responses from an IP it was not expecting response
  from. I would imagine each side to send redirects, and all sorts of
  problems. Like it receiving every other packet and dropping the packets
  in between.
 
 And breaking stateful firewalls.

Yep

  If during a file transfer the route cache is flushed, there is the
  possibility of the rest of the packets going out a different interface.
 
 Uh oh... It shouldn't be that simple, what about that 60s timeout for
 the cache? It's very likely to occur during a file transfer.

Well that's more a worse case scenario like manually flushing the cache.
I believe the cache gc algorithm takes in consideration routes that are
currently in use. So lookups do not occur during a transfer?

I have not really seen this to be a big problem. Although I do not have
any large files being downloaded, and if I did it could cause problems
there.

But so far I have not had any problems along those lines.

  Neither does it perfectly or with intelligent algorithms. Neither allow
  you to use all paths for a single transfer.
 
 Only things like MPPP I guess, for example, or channel bonding, or TQL.

Yes, but I believe each of those requires special configurations on both
ends, client and ISP.

  So if you have two 1.5 mbs connection, you do not end up with a 3.0 mbs
  line. You do have one internal gateway for both, and if one goes down
  the other can be used. So you do have redundancy, and both lines can be
  used to serve difference requests to different places.
 
 So it's more like redundancy/HA with a best effort towards balancing.

Yes, or in other terms. My need was a single gateway for my servers
although I have two ISPs. The amount of load balancing you get it about
the same as the amount of redundancy. You get a partial solution to
both, but not a complete solution.

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax707.766.8989
http://www.obsidian-studios.com

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] many ways to do load balancing (or not?)

2002-11-22 Thread William L. Thomson Jr. 
On Fri, 2002-11-22 at 04:41, Andreas Hasenack wrote:
 Em Thu, Nov 21, 2002 at 04:06:26PM -0800, William L. Thomson Jr. escreveu:
  Not necessarily. I have two lines going in completely different
  directions, different private nets, and then via different ISP/Public
  IPs.
 
 Do you have public servers that are accessed from the outside? 

Yes that's basically all I have. I have three lines, two 1.1mps SDSL and
one ADSL.

My ADSL line is for surfing, and is my main inbound line for normal
office traffic.

My SDSL lines handle all requests to and from my public servers. So most
of the traffic is initiated from the outside. Very little inbound
traffic, mostly allot of outbound.

 How do you
 respond to requests comming down one link? I suppose via the same link, or
 using SNAT, otherwise you would have packets with a source IP from ISP1
 traveling through the link to ISP2, right?

That's where it gets a little crazy. Each SDSL line terminates in a
router that performs PAT. From the two SDSL routers doing PAT, the
requests then make it to the Linux router, which does a second round of
PAT, or DPAT.

Now when inbound request leave then get SPAT as they leave the Linux
router heading for the SDSL routers to be PAT again back to Public IPs.

A little excessive, but having two firewalls back to back on either
connection is nice. Pretty dam hard to get any packet through both
that's is not supposed to be going through them.

Now the hardest part for me to grasp, was how ipchains is able to take a
single internal IP and convert it into two different internal/external
IPs. Internal in my case, since I do not use Public IPs until hitting
and leaving the SDSL routers. There is a particular rule that does this,
but I have not found an equivalent using iptables. Although I am sure
one exists, or hope one does.

Now this is also where Julian's patches came into play. By using NAT and
Julian's patches, the NAT cache is looked at so the choice of what IP to
map the servers IP to is based on the cache. If there is nothing there
in the cache, then it goes to the multipath route.

Sounds simple, but was a pain for me to grasp, and get working. But it
has been working perfectly ever since, or at least as good as can be
expected. Since I have implemented true dead gateway detection, nor have
I dialed things in specifically with cache timeouts, gcs, etc.

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax707.766.8989
http://www.obsidian-studios.com

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] many ways to do load balancing (or not?)

2002-11-22 Thread William L. Thomson Jr. 
On Fri, 2002-11-22 at 04:39, Andreas Hasenack wrote:
 Em Thu, Nov 21, 2002 at 04:24:06PM -0800, William L. Thomson Jr. escreveu:
  But I have been informed I believe by Julian and others that the load
  balancing, multipath equalize feature can be used even without NAT but
  in a different situation that mine?
 
 I'm confused as well. Suppose you have two links to the internet, a DMZ,
 and an internal network, SNAT'ed. Suppose you have a public web server
 in the DMZ (the DMZ is not SNAT'ed).
 
 How would multipath route (with or without equalize) help here? I mean,
 it would only really help if there were connections starting from
 the inside (DMZ or SNAT'ed network) to the outside. But:

Exactly
 
 - the internal network would probably do many downloads, and not uploads

In this case the multipath will help out. Splitting the downloads over
the different interfaces. This way all lines will be used for downloads.
Although the actual load will not be equal on all lines, as previously
mentioned. But depending on the amount of routes and weights, the
requests/lookups will be properly balanced.

 - the web server doesn't originate traffic, it responds to requests from
 the outside world, and it will respond using the same link the request
 came in (or not?)

This is why I kept saying that you have to load balance from the outside
in and the inside out. 

Inside out was above using multipath.

Outside in is load balanced using DNS. Bind allows you to specify
multiple IPs for a domain, and a similar weight value. So you can load
balance DNS look ups.

In my case where everything is even I have two Public IPs for each
server in my DNS records. Do a dig on my domain.

You will get two IPs, and each time a dns lookup occurs you should get
on or the other.

In theory every other request gets a different IP. So Bind is trying to
load balance things from the outside world. But depending on allot of
different variables, the client could end up doing another lookup or
using an interface out of the load balancing order. So it's not perfect.

But to complete the load balancing scenario it's absolutely necessary.
Otherwise there is no way to load balance from the outside world without
your ISP providing a service or using something like BGP.

So load balancing inside out is done via multipath equalize, and load
balancing from the outside in is done via DNS, in my case BIND.

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax707.766.8989
http://www.obsidian-studios.com

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Forced route

2002-11-22 Thread nitin panjwani 
Hi All,
I have the following topology with four linux routers.

  AB-C
  |  |
  +..E0(D)E1.+

In this I want to send some traffic from interface E0
of router D to interface E1 of same router via route
ABC. How can I do this? 

Any help on this will be highly appreciable.

Thanks,
Nitin


__
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Forced route

2002-11-22 Thread Ramin Alidousti 
On Fri, Nov 22, 2002 at 11:11:04AM -0800, nitin panjwani wrote:

 Hi All,
 I have the following topology with four linux routers.
 
   AB-C
   |  |
   +..E0(D)E1.+
 
 In this I want to send some traffic from interface E0
 of router D to interface E1 of same router via route
 ABC. How can I do this? 

In general you can't. The traffic generated on D, destined for
D never reaches the nic card. So, your statement above
from interface E0 is irrelevant. The packets would go down
the IP stack to the loopback and come back up again.

What are A, B or C? If there is ability to do nat, you can
send packets to, eg, A and have A DNAT it to E1 and SNAT it
to A. Doing this and having the right routes on A, B and C
and of course D, you can do what you're asking.

Ramin

 Any help on this will be highly appreciable.
 
 Thanks,
 Nitin
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] TC HTB Traffic Shaping

2002-11-22 Thread Reginald R. Richardson 
I must give credit where credit is DUE

THnks a LOT...this is a well PUT Together site, I couldn't ask for a
better documentation about Traffic Shapping, I received way more infor,
than I ask for...

And your website, give me more insight about Traffic Shapping, even
better than the HTB website..

Job well don Mr. Coene

 -Original Message-
 From: Stef Coene [mailto:[EMAIL PROTECTED]] 
 Sent: Friday, November 22, 2002 16:45
 To: Reginald R. Richardson; [EMAIL PROTECTED]
 Subject: Re: [LARTC] TC HTB Traffic Shaping
 
 
 On Friday 22 November 2002 10:49, Reginald R. Richardson wrote:
  Hi guys,
 
  I'm new to TC HTB traffic shaping
 
  I installed it at my first try on my Bearing Leaf Router/Firewall
 
  I use the tc -s class show dev eth? To see my output
  All looks dandy and nice, but it's figures, of which at current 
  momment looks like French to me,
 
  I would like to see exactly what these figures looks like 
 in a GRAPH 
  style...
 http://home.docum.org/stef.coene/qos/gui/rrd.html
 
  I know I can use MRTG, I do have some litte expience in it.. But I 
  need to figure out, what will be THE TARGET to caputre to 
 output via 
  the VARIOIUS class from HTB
 
  If Mrtg, is not the best tool for this...can some one tell me of 
  something very simple, not to much programming language to see, my 
  output in a graph style..
 
  What would be also very nice, if some on has a config file 
 for MRTG or 
  what every other tool propose, if they can e-mail it to me, 
 for me to 
  atleast get an ideal, how to build up the TARGET that should be 
  monitored..
 More info on www.docum.org under gui.
 I use rrdtool to store and graph the data.  Rrdtool is part 
 of the mrtg 
 package.
 
 Stef
 
 -- 
 
 [EMAIL PROTECTED]
  Using Linux as bandwidth manager
  http://www.docum.org/
  #lartc @ irc.oftc.net
 
 
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] burst per connection or filter on packet numbers

2002-11-22 Thread Stef Coene 
On Friday 22 November 2002 19:32, Walter Haidinger wrote:
 Hi!

 I'd like put the first n packets of a connection into a seperate class
 like having a burst for each connection.

 The netfilter nth patch doesn't quite do this as it
 a. only matches a single packet count and
 b. works on the rule instead the connection count.

 I'm thinking of something like:
   iptables -t mangle -I foo -m nth --every :100 -j ...
 where the counter is reset for every new connection.

 Can this be done with filters?
Why not doing with htb?  It has a nice burst parameter that does exactly what 
you want.

Stef

-- 

[EMAIL PROTECTED]
 Using Linux as bandwidth manager
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] many ways to do load balancing (or not?)

2002-11-22 Thread Andreas Hasenack 
Em Fri, Nov 22, 2002 at 10:05:25AM -0800, William L. Thomson Jr. escreveu:
  So it's more like redundancy/HA with a best effort towards balancing.
 
 Yes, or in other terms. My need was a single gateway for my servers
 although I have two ISPs. The amount of load balancing you get it about
 the same as the amount of redundancy. You get a partial solution to
 both, but not a complete solution.

I just found this patch, has anybody already played with it?

ftp://sliepen.warande.net/pub/eql/patch-2.4.18-2.gz

Excerpt:

Load balancing needed a slight adjustment to the unpatched linux kernel,
because of the route cache. Multipath is an option already found in the old
2.1.x kernels. However, once a packet arrives, and it matches a multipath
route, a (quasi random) device out of the list of nexthops is taken for its
destination. That's okay, but after that the kernel puts everything into a
hash table, and the next time a packet with the same source/dest/tos arrives,
it finds it is in the hash table, and routes it via the same device as last
time. The adjustment I made is as follows: If the kernel sees that the route
to be taken has got the 'equalize' flag set, it not only selects the random
device, but also tags the packet with the RTCF_EQUALIZE flag. If another
packet of the same kind arrives, it is looked up in the hash table. It then
checks if our flag is set, and if so, it deletes the entry in the cache and
has to recalculate the destination again.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] burst per connection or filter on packet numbers

2002-11-22 Thread Walter Haidinger 
On Fri, 22 Nov 2002, Stef Coene wrote:

 Why not doing with htb?  It has a nice burst parameter that does exactly what
 you want.

Not exactly. If I understand the htb users guide correctly, then the
bursts only apply if there is the chance that they can recharge (i.e.
there is some period without packet flow). But what if there is a
continous packet flow because there are many concurrent connections?

I'd like to favour beginning connections (not just the starting packets,
but the first, say, 100 packets) _while_ there already established
connections which prevent recharging of the htb bursts.

I've already experimented with different burst/cburst settings but it did
not give me desired behaviour.

Regards, Walter


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Two Ethernet DSL mdems

2002-11-22 Thread Wayne Fallows 
Hi,

Is it possible to connect two or more Ethernet DSL modems to a Hub and 
connect to them with one Linux router computer?

Thanks in advance for your assistance

Regards

Wayne

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/