[LARTC] Sch_teql or multilink def. gw?

[Steen Suder, privat]

I'm to build a "bundlerbox" spanning over two or more DSLlines as 
outlined in the .

The idea is to multiplex a LAN over e.g. four cheap DSLs, SNATing it in 
the action. The DSLs are from different ISPs, but all equal in speed 
(2048/512Kb/s).

Now, it has come to my attention that there exist a tc-module called 
sch_teql.

As I understand it sch_teql + SNAT on each device will functionally be 
the same as the

"ip rule add prio 222 table 222
ip route add default table 222 proto static \
		nexthop via GWE1 dev IFE1 \
		nexthop via GWE2 dev IFE2" -thing from nano.txt.

Which one is the better one in terms of overall performance, usability 
and stability seen from a users perspective?

I know that there has been several questions regarding "cheap 
line"-multiplexing, but I couldn't a definitive answer to my question.

Either that or I havn't really understood what sch_teql does and how it 
could be utilized.

Another, though related question:

The multilink def. gw-example above does gw-selection on a per-session 
basis, as I've understood it.
The keyword "equalize" as in
"ip route add default equalize nexthop via gateway.number.1.ip \
	dev eth0 nexthop via gateway.number.2.ip dev eth1"

chooses routes on per-packet basis.
Can they both be used for my "box"? Why/Why not?

--
Steen Suder

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] my qos-cbq didn't work

[James Ma]

Hi, All,
I implemented the following qos scripts in my Linux gateway (redhat7.3, 
kernel 2.4.18), put ftp server (10.10.3.49) on one side (eth0 nic) and ftp 
client (10.10.5.3) on the other side (eth1 nic). I tried to up load a file 
(211kbytes) from client to ftp server. I wanted to see a 22kbps transmission 
rate. Quite surprise, the ftp client showed transmission rate as 6.8e+02 
kbytes/s (211k transmitted in 0.3 seconds). It was the same as it without qos 
implementation. So the conclusion is the QoS was not working at all.
Could anybody tell me what's wrong with the setting?
Thanks,
 
James
 

#!/bin/sh


OPTION="allot 1514 maxburst 20 avpkt 500"
tc qdisc del dev eth0 root 
tc qdisc add dev eth0 root handle 10: cbq bandwidth 10mbit avpkt 500
tc class add dev eth0 parent 10:0 classid 10:2 cbq bandwidth 10mbit 
rate 22kbps $OPTION prio 3 bounded
tc qdisc add dev eth0 parent 10:2 handle 20: cbq bandwidth 10mbit allot 1514 
avpkt 500
tc class add dev eth0 parent 20: classid 20:10 cbq bandwidth 10mbit rate 
11kbps $OPTION prio 3 bounded 
tc class add dev eth0 parent 20: classid 20:20 cbq bandwidth 10mbit 
rate 11kbps $OPTION prio3 bounded
tc filter add dev eth0 parent 10: protocol ip prio 3 u32 match ip tos 
0xa0 0xff flowid 10:2
tc filter add dev eth0 parent 10: protocol ip prio 3 u32 match ip 
src 10.10.5.3/24 flowid 10:2
tc filter add dev eth0 parent 20: protocol ip prio 3 u32 match ip tos 0xa0 
0xff flowid 20:10
tc filter add dev eth0 parent 20: protocol ip prio 3 u32 match ip 
src 10.10.5.3/24 flowid 20:20

Re: [LARTC] VRRPD (rfc2338)

[sabat]

Dmitry Golubev wrote:

  But as far as I know, there is no VRRP implementations that fully comply
with rfc2338 as it requires multiple MAC addresses for the one poor linux
box's interface. Maybe, someone can suggest a working solution of this
problem?

Yes, there is a way -- the VLAN code in the linux kernel supports
setting the MAC address of virtual interfaces (eth0.5, for instance).
AFAIC, this is much superior (in concept) to multicast MACs, given the
Cisco problem.


  

I have seen one idea, but haven't tested it yet (hope someone can try it out):

To bridge the physical iface with TAP on which the vrrpd (or keepalived) is
running. In that case we could make the VRRP-router that fully comply with RFC.

For more info see: http://www.math.leidenuniv.nl/pipermail/bridge/2002-June/002021.html

BR, Dmitry

=== At 2002-12-11, 03:56:00 you wrote: ===

  
  
The daemon at http://www.keepalived.org/ is the VRRPd implementation 
that's supposed to be the best. It's actually part of the Linux Virtual 
Server project (layer 4 load balancer), but the author claims you should 
be able to use it as a pure VRRP daemon -- although when I've read the 
doc, I couldn't figure out how. (But don't be discouraged by my 
impatience. :) It's supposed to be the most mature and ready-for-production.

There's also Jerome Etienne's reference implementation (don't have a 
URL, but it's easy to Google). However, I've heard from more than place 
that this is too proof-of-concept and perhaps not production-worthy. 
Here's a link to a paper about running VRRPd as the hotspare protocol 
for linux firewalls (uses Jerome Etienne's implementation): 
http://www.gnusec.com/resource/security/docs/HAFirewallLinux-VRRP.pdf.

BTW, keep in mind that if you intend to use VRRP in an environment with 
Cisco routers, you'll need to do some work on them too. Cisco routers do 
not accept multicast MAC addresses as legit ARP replies by default. 
Unfortunately, the VRRP RFC and all implementations use multicast MACs. 
What that means is that you'll need to either 1) turn the switch on the 
Cisco routers that makes them accept multicast MAC ARP replies (good), 
or 2) put a static ARP entry in the Cisco routers for the VRRP multicast 
MACs (better).

Hope that helps.

-S


Anton Tinchev wrote:



  Can someone point me for good VRRPD (rfc2338) implementation on linux.
Some stable and live project
Thanks

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 

  

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

  
  
			



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
  

[LARTC] How to limit bandwidth by port?

[David Coello]

Hi again

I am making all the test and probes i cann´t imagine but i begin to think 
it´s imposible to limit bandwidth by port. Anybody could put me a code 
example that makes this please?

Thanks and regards
		David Coello



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] htb version 3.7 in kernel 2.4.20?

[Martin Devera]

Bug fixes only. Think about it like 3.6 was beta and 3.7 is final.

On Thu, 12 Dec 2002, Julio E. Gonzalez P. wrote:

> When you use HTB with a stock linux kernel 2.4.20, in /var/log/messages
> say it is version 3.7.
> Anyone know something about this?
> The HTB home page only mentions HTB version 3.6.
> What changes it have?
>
> Julio.
>
> ___
> LARTC mailing list / [EMAIL PROTECTED]
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB and theory

[Stef Coene]

On Thursday 12 December 2002 12:19, Abraham van der Merwe wrote:
> Hi Stef!
>
> > I did some small tests :
>
> [snip]
>
> > Conclusion : if you want to know how traffic will be shaped, you have to
> > follow some basic rules.
> > I will update docum.org tonight.
>
> You're right. I did some tests this weekend as well and realised that you
> have to stick with the basics. The problem was that it was not so clear to
> me how HTB behaves when the child's rates/ceil exceed the parent's.
>
> Some other questions I'd like to ask you while I'm at it:
>
> 1) if you have:
>
>1:1
>   /   \
> /   \
>   1:2   1:3
>   / \   / \
>  /   \ /   \
>1:4   1:5 1:6   1:7
>
> If
>
> 1:2 = prio 1
> 1:3 = prio 2
>
> 1:4 = prio 10
> 1:5 = prio 11
>
> 1:6 = prio 5
> 1:7 = prio 6
>
> Is 1:4, 1:5 evaluated first or 1:6, 1:7? Iow, does HTB start at the root
> node, prioritize its children and, subprioritize their children, etc. or
> is only the leaf nodes' priorities important (i.e. 1:6, 1:7, 1:4, 1:5)
I don't know.  But I think only the leaf nodes are important.  I have some 
work to do tonight, but I hope to test it this evening.

> 2) if a class is evaluated and there is some bandwidth available to borrow,
> is the first non-congested child given all bandwidth that is available and
> then the next is given the rest and so on or is each child given a quantum
> of bandwidth, then if there is some bandwidth left, a second round and so
> on?
If each class received his rate and the parent has some bandwidth left, the 
bandwidth is distributed in a round robin so each class can send quantum 
bytes.

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] htb version 3.7 in kernel 2.4.20?

[Stef Coene]

On Thursday 12 December 2002 14:32, Julio E. Gonzalez P. wrote:
> When you use HTB with a stock linux kernel 2.4.20, in /var/log/messages
> say it is version 3.7.
> Anyone know something about this?
> The HTB home page only mentions HTB version 3.6.
> What changes it have?
3.7 is 3.6 in kernel 2.4.20.  So you know the difference between a patched 
kernel and a stock kernel.  Maybe there are some minor changes, but I don't 
think so.

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] 2 networks - 2 routers maybe three

[jan . haud . huyze]

Hi,

I need some hints on where to start on this one: I have an ISDN router -
everything which is between 172.31.55.168 - 172.31.55.175 goes via gateway
172.31.55.169 the subnetmask is 255.255.255.248.
The PC's in the network get their IP address from a broadband router which
will give dynamic ip's and internet access to my small network. The
broadband router services network 192.168.123.0 and has gateway
192.168.123.254 with netmask 255.255.255.0

Windows PC's (oops) on the network should get their ip adress from the
broadband router and they should be able to access the internet and access
the remote application over the ISDN router. I put 2 nics in the linux
router/server which will also run SAMBA one goes to the ISDN router and one
goes to the broadband router.

Where do I go from here - I've read the adv-routing thing and the
networking guide but I'm running out of time so I could use a jumpstart. I
don't think I need masquerading as the routers will do that. Is it as
simple as telling the linux machine which network is on which ethx?

If it helps I'm using Suse 8.1.

Thank you!

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: Re: [LARTC] VRRPD (rfc2338)

[Dmitry Golubev]

Hello,

But as far as I know, there is no VRRP implementations that fully comply
with rfc2338 as it requires multiple MAC addresses for the one poor linux
box's interface. Maybe, someone can suggest a working solution of this
problem?

I have seen one idea, but haven't tested it yet (hope someone can try it out):

To bridge the physical iface with TAP on which the vrrpd (or keepalived) is
running. In that case we could make the VRRP-router that fully comply with RFC.

For more info see: http://www.math.leidenuniv.nl/pipermail/bridge/2002-June/002021.html

BR, Dmitry

=== At 2002-12-11, 03:56:00 you wrote: ===

>The daemon at http://www.keepalived.org/ is the VRRPd implementation 
>that's supposed to be the best. It's actually part of the Linux Virtual 
>Server project (layer 4 load balancer), but the author claims you should 
>be able to use it as a pure VRRP daemon -- although when I've read the 
>doc, I couldn't figure out how. (But don't be discouraged by my 
>impatience. :) It's supposed to be the most mature and ready-for-production.
>
>There's also Jerome Etienne's reference implementation (don't have a 
>URL, but it's easy to Google). However, I've heard from more than place 
>that this is too proof-of-concept and perhaps not production-worthy. 
>Here's a link to a paper about running VRRPd as the hotspare protocol 
>for linux firewalls (uses Jerome Etienne's implementation): 
>http://www.gnusec.com/resource/security/docs/HAFirewallLinux-VRRP.pdf.
>
>BTW, keep in mind that if you intend to use VRRP in an environment with 
>Cisco routers, you'll need to do some work on them too. Cisco routers do 
>not accept multicast MAC addresses as legit ARP replies by default. 
>Unfortunately, the VRRP RFC and all implementations use multicast MACs. 
>What that means is that you'll need to either 1) turn the switch on the 
>Cisco routers that makes them accept multicast MAC ARP replies (good), 
>or 2) put a static ARP entry in the Cisco routers for the VRRP multicast 
>MACs (better).
>
>Hope that helps.
>
>-S
>
>
>Anton Tinchev wrote:
>
>>Can someone point me for good VRRPD (rfc2338) implementation on linux.
>>Some stable and live project
>>Thanks
>>
>>___
>>LARTC mailing list / [EMAIL PROTECTED]
>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>  
>>
>
>___
>LARTC mailing list / [EMAIL PROTECTED]
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/





___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] htb version 3.7 in kernel 2.4.20?

[Julio E. Gonzalez P.]

When you use HTB with a stock linux kernel 2.4.20, in /var/log/messages 
say it is version 3.7.
Anyone know something about this?
The HTB home page only mentions HTB version 3.6.
What changes it have?

Julio.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB and theory

[Abraham van der Merwe]

Hi Stef!

> I did some small tests :

[snip]

> Conclusion : if you want to know how traffic will be shaped, you have to 
> follow some basic rules.
> I will update docum.org tonight.

You're right. I did some tests this weekend as well and realised that you
have to stick with the basics. The problem was that it was not so clear to
me how HTB behaves when the child's rates/ceil exceed the parent's.

Some other questions I'd like to ask you while I'm at it:

1) if you have:

   1:1
  /   \
/   \
  1:2   1:3
  / \   / \
 /   \ /   \
   1:4   1:5 1:6   1:7

If

1:2 = prio 1
1:3 = prio 2

1:4 = prio 10
1:5 = prio 11

1:6 = prio 5
1:7 = prio 6

Is 1:4, 1:5 evaluated first or 1:6, 1:7? Iow, does HTB start at the root
node, prioritize its children and, subprioritize their children, etc. or
is only the leaf nodes' priorities important (i.e. 1:6, 1:7, 1:4, 1:5)

2) if a class is evaluated and there is some bandwidth available to borrow,
is the first non-congested child given all bandwidth that is available and
then the next is given the rest and so on or is each child given a quantum
of bandwidth, then if there is some bandwidth left, a second round and so on?

-- 

Regards
 Abraham

History repeats itself.  That's one thing wrong with history.

___
 Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks
 P.O. Box 3472, Matieland, Stellenbosch, 7602
 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/
 Email: [EMAIL PROTECTED]




msg03362/pgp0.pgp
Description: PGP signature

Re: [LARTC] HTB and theory

[Stef Coene]

On Thursday 12 December 2002 09:36, Abraham van der Merwe wrote:
> Hi Stef!
> I think your explanation of "rate of class" in your FAQ is wrong. it
> caught me as well, but from devik's faq page
> (http://luxik.cdi.cz/~devik/qos/htb/htbfaq.htm):
>
> < snip <--< snip <--< snip <
> What if sum of child rates is greater than parent rate ?
>
> Then interesting things can happen. Total rate delivered by children can be
> higher that parent's rate (thus its rate is not respected). However when
> sum of actual child rates are under parent's rate then borrowing will occur
> like in regular case.
>
> < snip <--< snip <--< snip <
>
> Thus, if sum (rate of childs) > parent rate, then the parent rate is _not
> respected_.
:)
Devik is right, I'm wrong.  Do you know why I was convinced that my rule was 
OK?  Because I always followed my own rules :)

I did some small tests :


 ceil rate
1200  200
 \- 10   200  100
 \- 100  200  100
 \- 101  200  100
 \- 20   200  100

Traffic in 100, 101 and 20 : each gets 67 (33%)
Parent rate (10) is not respected otherwise 10 should share 50% with 
20.
Traffic in 100 and 20 : each gets 100 (50%)

If you respect "sum (rate of childs) = parent rate" it works like expected :

 ceil rate
1200  200
 \- 10   200  100
 \- 100  200  50
 \- 101  200  50
 \- 20   200  100

Traffic in 100, 101 and 20 : 20 gets 100 (50%), 101 50 (25%) and 101 50 (25%).
Traffic in 100 and 20 : each gets 100 (50%)


Conclusion : if you want to know how traffic will be shaped, you have to 
follow some basic rules.
I will update docum.org tonight.

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] devik's apologize

[devik]

Hi All,

I'd like to apologize that I forwarded copy of my yesterday
mail to the list. Probably I haven't understood author right
- I still don't know ...
In any case there was too many emotions on my side and it is
not good (I should work less and sleep more). No flames please.

devik


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB and theory

[Abraham van der Merwe]

Hi Stef!

> > > > How does this influence the shaping results and the shaping of other
> > > > classes? I've actually asked a similar question before: If you have
> > > >
> > > >1:1
> > > >/ \
> > > >  / \
> > > >1:2 1:3
> > > >/|\   \--
> > > >  /  |  \   \ \
> > > >1:4 1:5 1:6 1:7   1:8
> > > >
> > > > if 1:7 and 1:8 respects the rate/ceil of 1:3 and 1:3 respects the
> > > > rate/ceil of 1:1, but 1:4 does not respect the rate/ceil of 1:2 and 1:2
> > > > respects the rate/ceil of 1:1, does the shaping of 1:3 work as normal
> > > > and only those classes under 1:2 are adversely affected or not? from
> > > > your previous answer, it seems that the classes under 1:3 would not be
> > > > affected, but I would love to know why. what happens with 1:4 requests
> > > > some bandwidth which 1:2 does not have...
> > >
> > > It's easier if you add some numbers of ceil/rate to understand the
> > > question.
> > >
> > > I'm going to create an extra page on www.docum.org with your questions
> > > and my answer to explain how rate and ceil of classes and parent classes
> > > are used. Ok?
> >
> > That would be great, thanks
> I wrote some more information about ceil and rate.  You can find it on the faq 
> page on www.docum.org under "Basic rules for traffic shaping with HTB".  If 
> you have more questions, let me know and I will try to answer them.
> Remember, htb will work if you don't follow this rule.  But it will be less 
> obviuos to figure out how the bandwidth will be distributed.

I think your explanation of "rate of class" in your FAQ is wrong. it
caught me as well, but from devik's faq page
(http://luxik.cdi.cz/~devik/qos/htb/htbfaq.htm):

< snip <--< snip <--< snip <
What if sum of child rates is greater than parent rate ?

Then interesting things can happen. Total rate delivered by children can be
higher that parent's rate (thus its rate is not respected). However when sum
of actual child rates are under parent's rate then borrowing will occur like
in regular case.

< snip <--< snip <--< snip <

Thus, if sum (rate of childs) > parent rate, then the parent rate is _not
respected_.

-- 

Regards
 Abraham

An American's a person who isn't afraid to criticize the president but is
always polite to traffic cops.

___
 Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks
 P.O. Box 3472, Matieland, Stellenbosch, 7602
 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/
 Email: [EMAIL PROTECTED]




msg03359/pgp0.pgp
Description: PGP signature