[LARTC] [tcng] More complex example?

2002-12-30 Thread Donald Gordon 
Hi

I'm completely stuck with the tcng language - I assume there must be
some way to arrange queues hierachically like

 eth1
  |
 TBF
  |
 PRIO
 /  \
   class class

but my attempt (below) produces a "inferno.tc:8: qdisc "tbf" has no
classes near "prio"" when run through tcc.

dev eth1 {
  egress {
tbf (rate 128kbps, burst 64kb, limit 64kb, mtu 1510B) {
  prio (bands 2) {
$ssh_fast = SLB(cir 32kbps, cbs 3kB);

class if ((tcp_sport == 22 || tcp_dport == 22) &&
  SLB_ok($ssh_fast));
class if 1;
  }
}
  }
}

Are there any examples of tcng scripts that do something slightly more
complex than those in the tcng tarball?

don
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] QoS (HTB) without IP address

2002-12-30 Thread S Mohan 
I think bridging is the best and simplest method. Bridging allows for
multiple interfaces in the same subnet while all other solutions assume a 2
interface scenario only.

Proxy ARP is a better if you want to implement firewalling. Either you can
set this up by hand or implement using parprouted (google to find location)
which is normally used to implement bridging in a wireless network where MAC
addresses cannot be propogated.

Mohan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Daniel Egger
Sent: 31 December 2002 04:34
To: Gilles Douillet
Cc: [EMAIL PROTECTED]
Subject: RE: [LARTC] QoS (HTB) without IP address


Am Mon, 2002-12-30 um 21.36 schrieb Gilles Douillet:

> But if I wat to manage it remotely, AND if I have NO ip available (cause
> netmask is 255.255.255.252), can I have a third interface, not put it
brctl
> and assign an IP of the private network (IP from RFC 1918) normally the
> bridge software should ignore it and I can put a nice Apache with RRD
Tool,
> with MRTG, with any other nice tool to monitor bandwith and connections ?

Forget the bridging junk. Pick an ipaddress, assign it to both
interfaces and make sure you configure iptables to FORWARD traffic
comming from either side to the other. Additionally you can setup
whatever sort of traffic shaping you desire and/or implement a
transparent proxy.

--
Daniel Egger <[EMAIL PROTECTED]>

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] QoS (HTB) without IP address

2002-12-30 Thread S Mohan 
I'm doing this on a  LEAF box using bridge-cf-0.03 code from
bridge.sourceforge.net and htb on a Bering version of LEAF. Works well.

Mohan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Martin A. Brown
Sent: 31 December 2002 01:16
To: Gilles Douillet
Cc: [EMAIL PROTECTED]
Subject: Re: [LARTC] QoS (HTB) without IP address


Gilles,

Yes.  You can most certainly do so.

  http://lartc.org/howto/lartc.bridging.html
  http://lartc.org/howto/lartc.bridging.shaping.html

-Martin

 : Hi all,
 :
 : After a long reading of the LARTC, I were able to set up a working HTB
 : config on my firewall.
 :
 : But my question is :
 :
 : Can I use a "ip less" box to do QoS ? With bridging software (or even
 : without?) or thing like this and use an u32 filter to direct the traffic
to
 : the right class ?
 :
 : In other words, I can't modify the existing network config or inster into
 : (netmask is 255.255.255.252) and I want to shape traffic before the
router.
 : (And the firewall can't do bandwitdth managment...)
 :
 : Many thanks in advance and happy new year 2003 !
 :
 : G.
 :
 : ___
 : LARTC mailing list / [EMAIL PROTECTED]
 : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 :

--
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] How HTB treats priorities?

2002-12-30 Thread Stef Coene 
On Monday 30 December 2002 23:35, ISC Robert Kryczało wrote:
> Hello,
>
> Thank you for your replies. Let me summarize your opinions
>
> Let's assume I have 512 kbit/s synchronous link to my upstream provider.
> I have two customers named "B" and "C". I want to be sure that they get at
> last 8kbit/s. I want to limit maximum traffic generated per each customer
> to 128 kbit/s.
>
> A tree that follows describes what I did.
>
>   A
>  / \
> B   C
>
>  Class A rate and ceiling is set to something like 490kbit/sek (or lower)
> to move queues to my linux traffic shaper. I set equal prios, rate for B
> and C equals 8 kbit/s, ceiling for B and C equals 128 kbit/s. This setup
> is supposed to fulfill my needs. It should work as expected, right?
No.  Why don't you take rate = ceil = 128kbit/s ??  If A uses all it can, 128, 
there is still 512-128 left for the other as his mimum bandwidth.  Or do you 
want so say 8kilobyte ?

> Now I try to improve my setup. What I require is to divide customer B and
> C traffic into 3 classes - interactive(D,G) , www (E,H) and other
> (F,I)respectively. I dont want to allow customer B or C traffic to go over
> 128kbit/s.I expanded last tree and created following tree.
>  A
>/   \
>   B C
>  /|\   /|\
> D E F G H I
>
> D,G rate=4/ceil=64
> E,H rate=3/ceil=128
> F,I rate=1/ceil=32
>
> Priorities for all classes are the same.
>
> Lets assume all classes try to send at their maximum speed trying to
> saturate the link. According to what you have written class D will get
> 64kbit/s, class E 128kbit/s and class F will get 32kbit/s. The sum is
> 224kbit/s if I am correct. Am I right?
Yes.  So the rate of the parent B must also be at least 224kbit/s.  And not 
8kbis/s like you wrote before.

> I dont want it to happen since customers have paid for 128kbit/s with
> guaranteed rato of 8kbit/s. Is there a way to acomplish my task???. Can it
> be done using HTB only?
Yes, make the sum of D,E and F = 128kbit/s.

> >> >Remaining bandwidth inside class B is distributed first to class D,
> >>
> >> then E and then F and is limited by ceiling parameter . Right???
> >>   yes, what you have said is right.
> >
> > Confirmed.  Lowest prio classes are allowed to send first.
>
> It is intuitive. Thanks for confirmation. Anyway, classes D,E,F are
> limited only by their ceil, not by ceil of class B. Hm?. Performance
> reasons, right?
I have some rules on the faq page on www.docum.org regarding the rate and ceil 
of parent and child classes.  If you follow these rules, it will be easier to 
understand how each class will behave.

> >>   I remember having read something about the "rate" parameter of a
> >> parent HTB class.  I think it was that the "rate" parameter isn't
> >> used, only the "ceil" parameter (of a parent HTB class) is important.
> >> Check the list archive and the HTB home page because I'm not sure.
> >
> > Nor the rate, nor the ceil are respected if the child class can send.
> > So if B  end C can send the remaining bandwidth, they will.  Even if the
> > parent ceil  is not permitting it.
>
> Well... I hoped for opposite. If the ceiling of parent class is not
> respected, then setting htb up the way I require is rather impossible.?
> Right:( ?
No.  You have to see the rate as a minimum bandwidth and also like a 
"proportion".  I mean if you have a class with child rate = 10 and an other 
child class with rate = 30, the first class will get 25% of the bandwidth.  
So the real value of rate doesn't mather.

> >>   If what I have written is true, there is a possibility that
> >> bandwidth
> >> is not distributed equally between classes B and C.
> >
> > Indeed.  This can be true IF class B and C have different rates.  But I
> > did  some tests and it seems to be that remaining bandwidth is splitted
> > 50-50 and  according to the rates.  Strange.  I will test it further
> > tomorrow.  But the  prio of the parent is respected.  So the parent with
> > the lowest prio get all  remaining bandwidth.
>
> I would like to see the results, if you were so kind...
I didn't had the time to write it down, but it seems to me that each parent 
class can use it's rate like it should be, but the remaining bandwidth is 
splitted 50-50 and according to the quantums.

> >> >What if C and B have different rates?
> >> >Is prio parameter taken into account when htb tries to meet
> >> guaranteed rate rules?
> >>
> >>I think the "prio" parameter is only used after all classes have
> >> reached their guaranteed minimum rate, to allow the user to create
> >> classes that will borrow bandwidth over other classes.
> >
> > Yep.
>
> OK. You have cleared thing up:)
I think there is a page on the htb homepage that state that only prio of leaf 
classes are used.  In fact if you have a htb setup, and you asks the setup, 
the prio of non-leaf classes isn't even shown.  On the other hand, I did some 
small tests and the prio parameter seems to be important.  I really have to 
do some tests .

> This FAQ

Re: [LARTC] QoS (HTB) without IP address

2002-12-30 Thread Stef Coene 
On Tuesday 31 December 2002 00:14, Martin A. Brown wrote:
> Hi there,
>
> It's a good thought, Daniel, but he is restricted by his /30 network.
> This means he only has two IPs, hence his need for a bridging device.
>
> [ Gilles, you should be able to enter a static route from each of these
>   hosts to an RFC1918 address on the bridge itself (as Stef Coene had
>   suggested), and per http://bridge.sourceforge.net/docs/bridge.html.
>   the ARP will work just fine--no need for static entries in ARP tables. ]
>
> Setting the problem of the tiny network aside, I'm interested in your
> suggestion, Daniel, that he use the same IP on both interfaces of the
> box--I've not tried that before.
>
> Do you have an example config?
> Have you seen any problems with this configuration?
I tried it once on a firewall with 3 interfaces with the same ip-address and 
it worked very well.  You just have to be sure you configure the right 
routing.

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] wondershaper + htb prio + qdisc prio

2002-12-30 Thread Ciprian Niculescu 
On Mon, 30 Dec 2002 22:22:28 +0100, "Tornado"
<[EMAIL PROTECTED]> said:
> > >
> > this is what i try, beacouse i dont realy play the game, i generate
> > trafic to saturate the link, and ping from shell from an externat host
> 
> In which case, you should check if your downstream is not chocking. Even
> if
> you shape outgoing packets, you can still get get bad pings, if your
> downstream is running at max.

no a 1Mbit trafic on a 5M no chocking :

C
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] QoS (HTB) without IP address

2002-12-30 Thread Martin A. Brown 
Hi there,

It's a good thought, Daniel, but he is restricted by his /30 network.
This means he only has two IPs, hence his need for a bridging device.

[ Gilles, you should be able to enter a static route from each of these
  hosts to an RFC1918 address on the bridge itself (as Stef Coene had
  suggested), and per http://bridge.sourceforge.net/docs/bridge.html.
  the ARP will work just fine--no need for static entries in ARP tables. ]

Setting the problem of the tiny network aside, I'm interested in your
suggestion, Daniel, that he use the same IP on both interfaces of the
box--I've not tried that before.

Do you have an example config?
Have you seen any problems with this configuration?

I'm going to have to try that out!  Thanks for the idea.

-Martin

 : > But if I wat to manage it remotely, AND if I have NO ip available (cause
 : > netmask is 255.255.255.252), can I have a third interface, not put it brctl
 : > and assign an IP of the private network (IP from RFC 1918) normally the
 : > bridge software should ignore it and I can put a nice Apache with RRD Tool,
 : > with MRTG, with any other nice tool to monitor bandwith and connections ?
 :
 : Forget the bridging junk. Pick an ipaddress, assign it to both
 : interfaces and make sure you configure iptables to FORWARD traffic
 : comming from either side to the other. Additionally you can setup
 : whatever sort of traffic shaping you desire and/or implement a
 : transparent proxy.
 :
 :

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] QoS (HTB) without IP address

2002-12-30 Thread Daniel Egger 
Am Mon, 2002-12-30 um 21.36 schrieb Gilles Douillet:

> But if I wat to manage it remotely, AND if I have NO ip available (cause
> netmask is 255.255.255.252), can I have a third interface, not put it brctl
> and assign an IP of the private network (IP from RFC 1918) normally the
> bridge software should ignore it and I can put a nice Apache with RRD Tool,
> with MRTG, with any other nice tool to monitor bandwith and connections ?

Forget the bridging junk. Pick an ipaddress, assign it to both
interfaces and make sure you configure iptables to FORWARD traffic
comming from either side to the other. Additionally you can setup
whatever sort of traffic shaping you desire and/or implement a
transparent proxy.

-- 
Daniel Egger <[EMAIL PROTECTED]>

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] How HTB treats priorities?

2002-12-30 Thread ISC Robert Kryczało 
Hello,

Thank you for your replies. Let me summarize your opinions

Let's assume I have 512 kbit/s synchronous link to my upstream provider.
I have two customers named "B" and "C". I want to be sure that they get at
last 8kbit/s. I want to limit maximum traffic generated per each customer
to 128 kbit/s.

A tree that follows describes what I did.

  A
 / \
B   C

 Class A rate and ceiling is set to something like 490kbit/sek (or lower)
to move queues to my linux traffic shaper. I set equal prios, rate for B
and C equals 8 kbit/s, ceiling for B and C equals 128 kbit/s. This setup
is supposed to fulfill my needs. It should work as expected, right?

Now I try to improve my setup. What I require is to divide customer B and
C traffic into 3 classes - interactive(D,G) , www (E,H) and other
(F,I)respectively. I dont want to allow customer B or C traffic to go over
128kbit/s.I expanded last tree and created following tree.
 A
   /   \
  B C
 /|\   /|\
D E F G H I

D,G rate=4/ceil=64
E,H rate=3/ceil=128
F,I rate=1/ceil=32

Priorities for all classes are the same.

Lets assume all classes try to send at their maximum speed trying to
saturate the link. According to what you have written class D will get
64kbit/s, class E 128kbit/s and class F will get 32kbit/s. The sum is
224kbit/s if I am correct. Am I right?

I dont want it to happen since customers have paid for 128kbit/s with
guaranteed rato of 8kbit/s. Is there a way to acomplish my task???. Can it
be done using HTB only?


>> >Remaining bandwidth inside class B is distributed first to class D,
>> then E and then F and is limited by ceiling parameter . Right???
>>   yes, what you have said is right.
> Confirmed.  Lowest prio classes are allowed to send first.
It is intuitive. Thanks for confirmation. Anyway, classes D,E,F are
limited only by their ceil, not by ceil of class B. Hm?. Performance
reasons, right?

>> >Class A has available bandwidth. Rules for guaranteed rates for
>> classes D,E,F,G,H,I are fulfilled. So available bandwidth has to
>> >be distributed between class B and C equaly (assuming B and C has the
>> same rate and prio). Is remaining bandwidth distributed to classes D
>> and G, and then to classes E and H and at the end to classes F and
>> I???
> Yes.
It is also rather intuitive.

>
>>   I remember having read something about the "rate" parameter of a
>> parent HTB class.  I think it was that the "rate" parameter isn't
>> used, only the "ceil" parameter (of a parent HTB class) is important.
>> Check the list archive and the HTB home page because I'm not sure.
> Nor the rate, nor the ceil are respected if the child class can send.
> So if B  end C can send the remaining bandwidth, they will.  Even if the
> parent ceil  is not permitting it.
Well... I hoped for opposite. If the ceiling of parent class is not
respected, then setting htb up the way I require is rather impossible.?
Right:( ?

>
>>   If what I have written is true, there is a possibility that
>> bandwidth
>> is not distributed equally between classes B and C.
> Indeed.  This can be true IF class B and C have different rates.  But I
> did  some tests and it seems to be that remaining bandwidth is splitted
> 50-50 and  according to the rates.  Strange.  I will test it further
> tomorrow.  But the  prio of the parent is respected.  So the parent with
> the lowest prio get all  remaining bandwidth.
I would like to see the results, if you were so kind...

>
>> >What if C and B have different rates?
>> >
>> >Is prio parameter taken into account when htb tries to meet
>> guaranteed rate rules?
>>
>>I think the "prio" parameter is only used after all classes have
>> reached their guaranteed minimum rate, to allow the user to create
>> classes that will borrow bandwidth over other classes.
> Yep.
OK. You have cleared thing up:)

>
>> >What happens when sum of guaranteed rates of children class is bigger
>> than guaranteed rate of parent (rate parameter is overbooked) and all
>> of classes are requesting maximum bandwidth? Are classes with lower
>> prio given bandwidth first?
>>
>> There are rules that you should respect when creating classes.
>>  Check the FAQ on the HTB home site.
> And I have some more on the faq page on www.docum.org
This FAQ is a nice piece of work Stef:) Well done:)

>
>> >Are packets classfied to class D and G sent first?
>>
>>No, unless classes D and G haven't reached their guaranteed minimum
>> rate.
>>
>> >What will happen if prio of class B is 0 and class C is 3? I assume
>> remaining bandwidth is first distributed to class B and to its
>> children. Right???
>>
>> Same answer regarding parent HTB classes.  I'm not sure.
> All remaining bandwidth goes to B.
It goes to B and then to its children, right? I mean, there are no
classifiers (filters) pointing to class B directly, only to its children.

Robert Kryczało



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/list

Re: [LARTC] QoS (HTB) without IP address

2002-12-30 Thread Stef Coene 
On Monday 30 December 2002 21:36, Gilles Douillet wrote:
> Many Thanks Martin for your quick response !
>
> Just another question about bridge (may be stupid)
>
> For me it should work (I'll test it tomorrow)
>
> Normally, a Nunux Box with bridge-utils doesn't require echo 1 >
> /proc/sys/net/ipv4/ip_forward ? (right ?)
>
> But if I wat to manage it remotely, AND if I have NO ip available (cause
> netmask is 255.255.255.252), can I have a third interface, not put it brctl
> and assign an IP of the private network (IP from RFC 1918) normally the
> bridge software should ignore it and I can put a nice Apache with RRD Tool,
> with MRTG, with any other nice tool to monitor bandwith and connections ?
Or if you know the mac address, you can insert a static arp entry in a host 
that's connected to the bridge so you can reach that bridge on that 
ip-address.
Or give the bridge a ip-address in the private range (10.x.x.x or so).  And 
give a box connected to the bridge an ipaddress in the same rage so you can 
reach the bridge on that private ip-address.

I'm not sure it's possible, but maybe it will give you some new ideas.

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Ingress qdisc functional?

2002-12-30 Thread Stef Coene 
On Monday 30 December 2002 22:19, Brad Davidson wrote:
> Hello all!
>
> I've just subscribed to the list after looking around on Google and
> checking out the TC source code a bit. Here's my situation:
>
> I have a megabit DSL line that I'd like to set up some shaping on. I only
> have access to the linux router on my (client) end. Because of that, I was
> looking to do some shaping using the 'ingress' qdisc. However, I'm getting
> mixed messages as to whether or not it works. The source of q_ingress.c
> from ss020116 says in the header:
> --
>  * This is here just in case it is needed
>  * useless right now; might be useful in the future
> --
> Which leads me to believe that it's not really working, allthough I've seen
> posts claiming that it is. Can I get some verification either way, or
>  possibly a
> newer version of the tools that I'm missing?
Ingress is working.
But if you have a dedicated router (I mean no proxy or so on it), you can use 
both interfaces for shaping so you can use egress qdiscs like cbq or htb who 
are much more powerfull then the ingress qdisc.

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] wondershaper + htb prio + qdisc prio

2002-12-30 Thread Tornado 
> >
> > Is it the ICMP ping (generated by the 'ping' tool), or do you mean when
> > you
> > play Counter-Strike, and you look at the players tab, that shows you're
> > lagged with 300ms?
>
> by ping i meen the real ping program with icmp, i see that i could not
> specify counterstrike to don't create confusion.
>
> and the ideea is not to priorize the counter game, but only the ping used
> by the counter game
>
> so another question is, the counter strike game use udp/270015 only for
> ping probing or also for game packets

The counter-strike server does not 'ping' you in a "normal" fashion. It's an
in-game feature, which doesn't use extra protocols to retrieve ping, hence
counter-trike server uses port 27015 to both game packets and
"ping-in-game"-packets.

And besides, it wouldn't make any difference to only prioritize the
"ping-in-game"-packets, even if you could - the game would still lag as
without traffic control.


> this is what i try, beacouse i dont realy play the game, i generate
> trafic to saturate the link, and ping from shell from an externat host

In which case, you should check if your downstream is not chocking. Even if
you shape outgoing packets, you can still get get bad pings, if your
downstream is running at max.


--
Theepan


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Ingress qdisc functional?

2002-12-30 Thread Brad Davidson 
Hello all!

I've just subscribed to the list after looking around on Google and checking out
the TC source code a bit. Here's my situation:

I have a megabit DSL line that I'd like to set up some shaping on. I only have
access to the linux router on my (client) end. Because of that, I was looking to
do some shaping using the 'ingress' qdisc. However, I'm getting mixed messages
as to whether or not it works. The source of q_ingress.c from ss020116 says in
the header:
--
 * This is here just in case it is needed
 * useless right now; might be useful in the future
--
Which leads me to believe that it's not really working, allthough I've seen
posts claiming that it is. Can I get some verification either way, or possibly a
newer version of the tools that I'm missing?

Thanks!

-Brad
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] QoS (HTB) without IP address

2002-12-30 Thread Gilles Douillet 
Many Thanks Martin for your quick response !

Just another question about bridge (may be stupid)

For me it should work (I'll test it tomorrow)

Normally, a Nunux Box with bridge-utils doesn't require echo 1 >
/proc/sys/net/ipv4/ip_forward ? (right ?)

But if I wat to manage it remotely, AND if I have NO ip available (cause
netmask is 255.255.255.252), can I have a third interface, not put it brctl
and assign an IP of the private network (IP from RFC 1918) normally the
bridge software should ignore it and I can put a nice Apache with RRD Tool,
with MRTG, with any other nice tool to monitor bandwith and connections ?

G.

Thanks in advance ...

> -Message d'origine-
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De
> la part de Martin A. Brown
> Envoye : lundi 30 decembre 2002 20:46
> A : Gilles Douillet
> Cc : [EMAIL PROTECTED]
> Objet : Re: [LARTC] QoS (HTB) without IP address
>
>
> Gilles,
>
> Yes.  You can most certainly do so.
>
>   http://lartc.org/howto/lartc.bridging.html
>   http://lartc.org/howto/lartc.bridging.shaping.html
>
> -Martin
>
>  : Hi all,
>  :
>  : After a long reading of the LARTC, I were able to set up a working HTB
>  : config on my firewall.
>  :
>  : But my question is :
>  :
>  : Can I use a "ip less" box to do QoS ? With bridging software (or even
>  : without?) or thing like this and use an u32 filter to direct
> the traffic to
>  : the right class ?
>  :
>  : In other words, I can't modify the existing network config or
> inster into
>  : (netmask is 255.255.255.252) and I want to shape traffic
> before the router.
>  : (And the firewall can't do bandwitdth managment...)
>  :
>  : Many thanks in advance and happy new year 2003 !
>  :
>  : G.
>  :
>  : ___
>  : LARTC mailing list / [EMAIL PROTECTED]
>  : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>  :
>
> --
> Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]
>
> ___
> LARTC mailing list / [EMAIL PROTECTED]
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] QoS (HTB) without IP address

2002-12-30 Thread Martin A. Brown 
Gilles,

Yes.  You can most certainly do so.

  http://lartc.org/howto/lartc.bridging.html
  http://lartc.org/howto/lartc.bridging.shaping.html

-Martin

 : Hi all,
 :
 : After a long reading of the LARTC, I were able to set up a working HTB
 : config on my firewall.
 :
 : But my question is :
 :
 : Can I use a "ip less" box to do QoS ? With bridging software (or even
 : without?) or thing like this and use an u32 filter to direct the traffic to
 : the right class ?
 :
 : In other words, I can't modify the existing network config or inster into
 : (netmask is 255.255.255.252) and I want to shape traffic before the router.
 : (And the firewall can't do bandwitdth managment...)
 :
 : Many thanks in advance and happy new year 2003 !
 :
 : G.
 :
 : ___
 : LARTC mailing list / [EMAIL PROTECTED]
 : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 :

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] QoS (HTB) without IP address

2002-12-30 Thread Gilles Douillet 


Hi all,

After a long reading of the LARTC, I were able to set up a working HTB
config on my firewall.

But my question is :

Can I use a "ip less" box to do QoS ? With bridging software (or even
without?) or thing like this and use an u32 filter to direct the traffic to
the right class ?

In other words, I can't modify the existing network config or inster into
(netmask is 255.255.255.252) and I want to shape traffic before the router.
(And the firewall can't do bandwitdth managment...)

Many thanks in advance and happy new year 2003 !

G.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Routing between two RFC1918 networks.

2002-12-30 Thread Jason A. Pattie 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Just a hunch: is forwarding enabled? i.e., 'echo 1 >
/proc/sys/net/ipv4/ip_forward'

Dave Hunt wrote:
>
> Hi all,
>
> I've two RFC1918 networks with a RedHat Linux 7.3 box in the middle.
> They are 10.4.2.0 and 10.4.7.0. There are a couple of boxes on each
network,
> but I can't ping a box on one network from the other.
>
> Destination Gateway Genmask Flags Metric RefUse
> Iface
> 217.78.4.128*   255.255.255.192 U 0  0
0 eth2
> 10.4.7.0*   255.255.255.0   U 0  0
0 eth3
> 10.4.2.0*   255.255.255.0   U 0  0
0 eth0
> 192.168.200.0   *   255.255.255.0   U 0  0
0 eth1
> 127.0.0.0   *   255.0.0.0   U 0  00 lo
> default 217.78.4.1900.0.0.0 UG0  0
0 eth2
> The above is the routing table of the machine. All iptables policies are
> set to accept.
> I can access the internet fine from the 192 and 10 networks, as
> masquerading is enabled on eth2.
> However, I do not want to masquerade the address from 10.4.2.0 onto
> 10.4.7.0
> and vice-versa.
> Am I missing something obvious?
> Cheers,
> Dave.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* , and is
> believed to be clean.

- --
Jason A. Pattie
[EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+EG6KuYsUrHkpYtARAqUXAJ960GrM0q2N9r5w408H3PZ9nVRbxwCgggvy
r3745Y0oFWzeh/CjPBncht4=
=BOMI
-END PGP SIGNATURE-


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Semi-shaped traffic

2002-12-30 Thread Mindaugas Riauba 
> >
> >   Well I'd prefer to leave that to professionals :). Who is packet
> > filters maintainer? Alexey Kuznetsov?
> 
> Filters ?? If you mean qos classifiers (badly named filters in tc tool)
> then yes, Alexey. If you mean iptables then I'm not sure.

  I mean packet schedulers :).

  And OK. This problem is avoidable. But as another test I tried to
flood link with two data streams - one UDP, one TCP, both going the same
direction. Then total traffic drops considerably. Data is below.
In bytes. Traffic is shaped to 256kbit.

  Two TCP streams or one UDP stream is shaped without problems.
Traffic flows at ~33000

  Mindaugas

1 1041255151 1041255161 21100.6 21100.6 21100.6
1 1041255161 1041255171 18968.4 18968.4 18968.4
1 1041255171 1041255181 19081.9 19081.9 19081.9
1 1041255181 1041255191 19946.4 19946.4 19946.4
1 1041255191 1041255201 33362 33362 33362
1 1041255201 1041255211 33105.7 33105.7 33105.7
1 1041255211 1041255221 17019.4 17019.4 17019.4
1 1041255221 1041255231 17146.2 17146.2 17146.2
1 1041255231 1041255241 18635.5 18635.5 18635.5
1 1041255241 1041255251 16486.2 16486.2 16486.2

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Routing between two RFC1918 networks.

2002-12-30 Thread Dave Hunt 
Title: Message



 
Hi all, 

 
I've two RFC1918 
networks with a RedHat Linux 7.3 box in the middle.
They are 10.4.2.0 
and 10.4.7.0. There are a couple of boxes on each network,
but I can't ping a 
box on one network from the other.
 
Destination 
Gateway 
Genmask Flags Metric 
Ref    Use Iface217.78.4.128    
*   
255.255.255.192 U 0  
0    0 
eth210.4.7.0    
*   
255.255.255.0   U 
0  0    0 
eth310.4.2.0*  
 255.255.255.0   U 
    0  
0    0 eth0192.168.200.0   
*   
255.255.255.0   U 
0  0    0 
eth1127.0.0.0   
*   
255.0.0.0   U 
0  0    0 
lodefault 
217.78.4.190    
0.0.0.0 UG    
0  0    0 
eth2
The above is the routing table of the machine. All iptables policies 
are set to accept.
I can access the 
internet fine from the 192 and 10 networks, as masquerading is enabled on 
eth2.
However, I do not 
want to masquerade the address from 10.4.2.0 onto 10.4.7.0 
and 
vice-versa.
Am I missing 
something obvious?
Cheers,
Dave.
 

Re: [LARTC] Semi-shaped traffic

2002-12-30 Thread devik 
> > #define PSCHED_JSCALE 0
> > #endif
> >
> > I'm not sure if variable-HZ patch repaired this too. Simply
> > QoS subsystem is not aware what to do with this HZ rate.
> > You might try to redefine PSCHED_JSCALE to be 10 for your
> > case.
> > Also try to set PSCHED_CLOCK_SOURCE to PSCHED_CPU in the same
> > file. It might help.
>
>   Well I'd prefer to leave that to professionals :). Who is packet
> filters maintainer? Alexey Kuznetsov?

Filters ?? If you mean qos classifiers (badly named filters in tc tool)
then yes, Alexey. If you mean iptables then I'm not sure.
devik

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] wondershaper + htb prio + qdisc prio

2002-12-30 Thread Ciprian Niculescu 
On Mon, 30 Dec 2002 11:49:58 +0100, "Tornado"
<[EMAIL PROTECTED]> said:
> Hey there,
> 
> Maybe I'm misunderstanding you, maybe not - but what exactly do you mean
> by
> "the ping from the server is always 300ms"?
> 
> Is it the ICMP ping (generated by the 'ping' tool), or do you mean when
> you
> play Counter-Strike, and you look at the players tab, that shows you're
> lagged with 300ms?

by ping i meen the real ping program with icmp, i see that i could not
specify counterstrike to don't create confusion.

and the ideea is not to priorize the counter game, but only the ping used
by the counter game

so another question is, the counter strike game use udp/270015 only for
ping probing or also for game packets


> 
> Have you tried to ping the counter-strike server direct from the shell
> using
> the 'ping' tool? If this results in very low ping replies, your tc setup
> is
> correctly set up.

this is what i try, beacouse i dont realy play the game, i generate
trafic to saturate the link, and ping from shell from an externat host

C

> 
> The only thing you're missing now, is to prioritize counter-strike
> specific
> traffic. Usually the portnumbers used by Couter-Strike servers are 27015
> and
> some numbers up, so this is what you have to prioritize.
> 
> An example (class id is from your first script, using htb) - this will
> put
> the packets leaving your $IF_EXT to port 27015, 27016 and 27017 to any
> hosts
> in the class 1:1:
> 
> for cs_p in 27015 27016 27017; do
>   tc filter add dev $IF_EXT parent 1:0 protocol ip prio 10 u32 \
>  match ip dport $cs_p 0x flowid 1:1
> done
> 
> You may need to modify the above example to fit your script.
> 
> 
> --
> Theepan
> 
> 
> 
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] wondershaper + htb prio + qdisc prio

2002-12-30 Thread Tornado 
Hey there,

> hello,
>
> a friend of mine have this configuration:
>
> 10 x PC -- router/linux/rh8 -- ADSL Modem -- ISP
>
> let's say that the bandwidth is: 5M and 800K
>
> he does dc++ and counter-strike, so let's say the UP is full, and the
> ping from the counter server is 300ms, the server cut the connection, and
> no more game, the player is unhappy. The normal ping is 50ms.
>
> so he thinks to put some prio on the ping-echo packets to make the ping
> be extra small, he try the wondershapper from the lartc, don't work, make
> a simplified script just for icmp with is:
>
> $tc qdisc del $IF_EXT root
> $tc qdisc add $IF_EXT handle 1: root htb default 2
> $tc class add $IF_EXT parent 1: classid 1:9 htb rate 500kbit burst 6k
> $tc class add $IF_EXT parent 1:9 classid 1:1 htb rate 500kbit ceil
> 500kbit burst 6k prio 1
> $tc class add $IF_EXT parent 1:9 classid 1:2 htb rate 64kbit ceil 500kbit
> burst 6k prio 2
>
> $tc filter add $IF_EXT protocol ip prio 2 parent 1: u32 \
> match ip protocol 1 0xff flowid 1:1
>
> first tryed it with ceil 800kbit, after with a smaller value, the "real"
> bandwidth was somewhere around 700kbit, at that moment.
>
> didn't work
>
[ -- SNIP --]

> still with no result the ping from the counter server is always 300ms,
> what's wrong

Maybe I'm misunderstanding you, maybe not - but what exactly do you mean by
"the ping from the server is always 300ms"?

Is it the ICMP ping (generated by the 'ping' tool), or do you mean when you
play Counter-Strike, and you look at the players tab, that shows you're
lagged with 300ms?

Have you tried to ping the counter-strike server direct from the shell using
the 'ping' tool? If this results in very low ping replies, your tc setup is
correctly set up.

The only thing you're missing now, is to prioritize counter-strike specific
traffic. Usually the portnumbers used by Couter-Strike servers are 27015 and
some numbers up, so this is what you have to prioritize.

An example (class id is from your first script, using htb) - this will put
the packets leaving your $IF_EXT to port 27015, 27016 and 27017 to any hosts
in the class 1:1:

for cs_p in 27015 27016 27017; do
  tc filter add dev $IF_EXT parent 1:0 protocol ip prio 10 u32 \
 match ip dport $cs_p 0x flowid 1:1
done

You may need to modify the above example to fit your script.


--
Theepan


PS: I'm sorry if you receive this mail twice. I forgot to CC it the list the
first time.



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] ECN vs. RED

2002-12-30 Thread Thomas Jalsovsky 

Hello,

I read some documents about ECN (Exlicit Congestion Notofocation)
for Linux. Compiled the kernel with it and I turned it on. But I don't
know how can I use it with my shaper (HTB+IMQ) on an ADSL environment.
I took a look into kernel sources and I found that RED uses ECN
(sch_red.c).
So my question is: does RED works with ECN?
I would like to use VoIP on ADSL line and I need to slow down the
up-/downstream. RED looks great for me (for queue with bulk traffic).
Is it a good idea? What about GRED?

Thanks in advance,
Thomas

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Semi-shaped traffic

2002-12-30 Thread Mindaugas Riauba 


> > Setting HZ back to 100 fixed the problem.
> >
> >   Is this some bug in HTB or HZ has to be set to 100?
> 
> ehh other thought - htb is tested with HZ=1024 or HZ=100.
> You said that you use HZ 1000.

  Yes. You are right. If I set HZ to 1024 everything worked OK.

> In include/net/pkt_sched.h:
> #if HZ == 100
> #define PSCHED_JSCALE 13
> #elif HZ == 1024
> #define PSCHED_JSCALE 10
> #else
> #define PSCHED_JSCALE 0
> #endif
> 
> I'm not sure if variable-HZ patch repaired this too. Simply
> QoS subsystem is not aware what to do with this HZ rate.
> You might try to redefine PSCHED_JSCALE to be 10 for your
> case.
> Also try to set PSCHED_CLOCK_SOURCE to PSCHED_CPU in the same
> file. It might help.

  Well I'd prefer to leave that to professionals :). Who is packet
filters maintainer? Alexey Kuznetsov?

  Mindaugas

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/