[LARTC] PRIO qdisc

2003-01-17 Thread Andreas Wright 
Hello ,
Iam trying to use tc to dothe following ..on the interface(eth0) I want to give priority to to packets coming from a specific IP address 1.2.3.4over packets from IP address 1.2.3.5 .
I would like to know if the following setup would work with PRIO qdisc.
tc qdisc add dev eth0 root handle 10 : prio
tc filter add dev eth0 parent 10:0 protocol ip prio 1 u32 \match ip src 1.2.3.4/32 flowid 10:1
tc filter add dev eth0 parent 10:0 protocol ip prio 1 u32 \match ipdst 1.2.3.4/32 flowid 10:1
tc filter add dev eth0 parent 10:0 protocol ip prio 1 u32 \match ip src 1.2.3.5/32 flowid 10:2
tc filter add dev eth0 parent 10:0 protocol ip prio 1 u32 \match ipdst 1.2.3.5/32 flowid 10:2
Can I test this setup by using flooding ping from 1.2.3.4 and 1.2.3.5 to the machine configured with tc ?
I expected that pings from 1.2.3.5 will be dropped giving priority to 1.2.3.4
Looking forward to your input,
Andreas.

With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs

[LARTC] HTB classes, ceil and prio

2003-01-17 Thread Remus 
Hello,

I'm looking some recommendation how to configure htb.
I have ADSL 512k/256k connection at my home for the 3 clients PCs and one
Linux Box like firewall.

Network looks like usual:
ADSL connection (eth0) - | firewall | - (eth1) local network

I would like to divide Internet connection like this:
Download eth0 (512K)
SSH/IPSec rate=256k, ceil=512k and prio=0 (it can be used from the local PC1
or PC2)
PC1 1.2.3.1(local ip) rate=170k, ceil=512k and prio=1
PC2 1.2.3.2 (local ip) rate=170k, ceil=512k and prio=1
PC3 1.2.3.3 (local ip) rate=170k, ceil=512k and prio=1
SMTP server (exist on firewall) rate=64k, ceil=128k and prio=2 or better 1

Do I understand right if some of PCs (PC1or PC2) use SSH/IPsec it gets speed
from 256k up to 512k if it not in use.
Two anothers PCs and SMTP server share 256k between them. Is that right?
What speed they get each?

Upload eth0 (256k) htb/imq
SSH/IPSec rate=128k, ceil=256k and prio=0 (it can be used from the local PC1
or PC2)
PC1 1.2.3.1(local ip) rate=80k, ceil=256k and prio=1
PC2 1.2.3.2 (local ip) rate=80k, ceil=256k and prio=1
PC3 1.2.3.3 (local ip) rate=80k, ceil=256k and prio=1
SMTP server (exist on firewall) rate=64k, ceil=128k and prio=2 or better 1

If I'm not correct just correct me, please.
Is it enough to have only one class or more?

I know that running htb on external eth, htb cannot see local ip addresses.
Can I mark them with the iptables and use it with the htb?
Or do I have to make htb rules on my local eth1 as well?

Thank you in advance for any help/ideas

Remus





___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB: quantum vs. burst

2003-01-17 Thread Pavel Mores 
On Thu, Jan 16, 2003 at 09:28:17PM +0100, Stef Coene wrote:

 If you want to undestand what's going on, you also have to graph the tokens 
 and ctokens.

Oh, I see.  The negative values of tokens and ctokens that can be seen
frequently are because of the hysteresis setting?

Also, I have some trouble understanding the tokens/ctokens example on
www.docum.org.  First, I would suggest that you add an additional bullet
specifying initial conditions more explicitly.  I suppose that the burst
bucket is filled up when the 200bps transmission starts, am I right?
Second, it would be useful to state what ceil the example class has since
bursting is limited by ceil as we agreed before.  Without knowing the
class' ceil it's hard to say at what speed the first burst bytes will
be released to the network - which is what the other calculations depend
on.

 I use the ethloop from Devik.  It's a very nice think ones you 
 understand how it works.  I can send you my scripts and config files if you 
 are intersed (and I think you are :)

You bet I am, thanks a lot. :)

 Indeed.  I think I need some sleep :)  Indeed, the ceil is respected if you 
 use the burst parameter.  It's the parent ceil that's broken.

That brings up a question: what happens if the parent, say 1:20, has its
own parent, say 1:10, and the 1:10 has already been overlimit.  In other
words, class 1:10, already transmitting at its ceil speed, has a child
1:20 that breaks its ceil because one or more its own children are
bursting.  Unevitably, 1:10 is forced above its ceil too, right?  If
that is the case, the state of being overceil will spread all the way
up the class hierarchy to the root class?

 I had a hard time finding the directory where I stored my files :)
 But I found it.  Now I have to figure out what I wanted to document :)

Oh, don't feel pressed, take your time, it's been a long time coming
anyway. ;-)

pvl

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] routing bug?

2003-01-17 Thread Gabor Gludovatz 
Hello,

I have set up the following route:

ip rule add prio 20 table test
ip route add default table test proto static \
  nexthop dev eth0 via 80.98.79.254 weight 1 \
  nexthop dev ppp0 via 62.112.192.134 weight 1

[root@roadrunner ~ ] # ip route get 195.228.120.3
195.228.120.3 via 62.112.192.134 dev ppp0  src 62.112.220.27
cache  mtu 1454 advmss 1414

then I try to telnet to the ssh port of 195.228.120.3

In the meantime:
[root@roadrunner ~ ] # tcpdump -i ppp0 host 195.228.120.3
tcpdump: listening on ppp0
22:59:44.177458 80.98.79.17.35279  195.228.120.3.ssh: S 3019355410:3019355410(0) win 
5656 mss 1414,sackOK,timestamp 550913 0,nop,wscale 0 (DF) [tos 0x10]
[...repeated for 4 times...]
23:00:13.299255 195.228.120.3.ssh  62.112.220.27.35251: P 2635459978:2635460026(48) 
ack 2627843263 win 15532 nop,nop,timestamp 383251 514492 (DF)
23:00:29.174513 80.98.79.17.35279  195.228.120.3.ssh: S 3019355410:3019355410(0) win 
5656 mss 1414,sackOK,timestamp 555413 0,nop,wscale 0 (DF) [tos 0x10]

(Notice that the source address (80.98.79.17) belongs to eth0 not to ppp0)

At the same time I ran a tcpdump on the eth0 interface as well and it had
gotten no packets from 195.228.120.3 at all.

The packet that came at 23:00:13 is rather strange. I do not know, how did
it find out where should it send its packet back if my own packet's source
address was wrong.
(After I had repeated the operation several times, I was not able to catch
this packet again. It might had been a stale packet from a previous
connection, I don't know.)

After all of this:
[root@roadrunner /stor/home/ggabor ] # ip route get 195.228.120.3
195.228.120.3 via 62.112.192.134 dev ppp0  src 62.112.220.27
cache  mtu 1454 advmss 1414

Can this be a bug or did I make a mistake somewhere?
During the operation there had been no rules in iptables' tables.

If a program tries to use eth0 with the same routing settings, there is no
problem.

thanks in advance

-- 
 Gabor Gludovatz [EMAIL PROTECTED]  -  Phone: +36 (20) 9 109 129
 http://gludo.sopron.hu/ * http://gludo.sopron.hu/gpg.txt
GPG fingerprint: 8D0C 6AE8 5875 751E 5122-1DAE 4990 1A4E BC2E C8B9
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] part 2

2003-01-17 Thread Gabor Gludovatz 

After I sent my previous letter, I deleted the routes from my routing
tables:

ip rule del table test
ip route flush table test

And the rule and the route have been deleted.

In spite of this:
[root@roadrunner /stor/home/ggabor ] # ip route get 195.228.120.3
195.228.120.3 via 62.112.192.134 dev ppp0  src 62.112.220.27
cache  mtu 1454 advmss 1414

But there is no any route that would point to 62.112.192.134.


-- 
 Gabor Gludovatz [EMAIL PROTECTED]  -  Phone: +36 (20) 9 109 129
 http://gludo.sopron.hu/ * http://gludo.sopron.hu/gpg.txt
GPG fingerprint: 8D0C 6AE8 5875 751E 5122-1DAE 4990 1A4E BC2E C8B9

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] part 2

2003-01-17 Thread Martin A. Brown 

Gabor,

I admit, I haven't read your problem thoroughly (still at work).  I'll
read through it later.

I did want to suggest however that you make sure to ip route flush cache
before you try using ip route get again.

Good luck,

-Martin

 : After I sent my previous letter, I deleted the routes from my routing
 : tables:
 :
 : ip rule del table test
 : ip route flush table test
 :
 : And the rule and the route have been deleted.
 :
 : In spite of this:
 : [root@roadrunner /stor/home/ggabor ] # ip route get 195.228.120.3
 : 195.228.120.3 via 62.112.192.134 dev ppp0  src 62.112.220.27
 : cache  mtu 1454 advmss 1414
 :
 : But there is no any route that would point to 62.112.192.134.
 :
 :
 :

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Game servers used as smurf reflectors

2003-01-17 Thread Kenneth Porter 
http://www.pivx.com/press_releases/mk_mk001.html
http://www.pivx.com/kristovich/adv/mk001/

Could TC be used to throttle Quake-style game server queries until the game
servers are updated to do this on their own? Seems like one could create a
filter that tags UDP messages to one's game server ports that have some
initial string matching a status query, and throttle these.

(I'm already using the WonderShaper to keep my website and FTP from taking
bandwidth away from my game servers, by putting HTTP and FTP source in the
traffic we hate queue.)
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/