[LARTC] PRIO qdisc
Hello , Iam trying to use tc to dothe following ..on the interface(eth0) I want to give priority to to packets coming from a specific IP address 1.2.3.4over packets from IP address 1.2.3.5 . I would like to know if the following setup would work with PRIO qdisc. tc qdisc add dev eth0 root handle 10 : prio tc filter add dev eth0 parent 10:0 protocol ip prio 1 u32 \match ip src 1.2.3.4/32 flowid 10:1 tc filter add dev eth0 parent 10:0 protocol ip prio 1 u32 \match ipdst 1.2.3.4/32 flowid 10:1 tc filter add dev eth0 parent 10:0 protocol ip prio 1 u32 \match ip src 1.2.3.5/32 flowid 10:2 tc filter add dev eth0 parent 10:0 protocol ip prio 1 u32 \match ipdst 1.2.3.5/32 flowid 10:2 Can I test this setup by using flooding ping from 1.2.3.4 and 1.2.3.5 to the machine configured with tc ? I expected that pings from 1.2.3.5 will be dropped giving priority to 1.2.3.4 Looking forward to your input, Andreas. With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
[LARTC] HTB classes, ceil and prio
Hello, I'm looking some recommendation how to configure htb. I have ADSL 512k/256k connection at my home for the 3 clients PCs and one Linux Box like firewall. Network looks like usual: ADSL connection (eth0) - | firewall | - (eth1) local network I would like to divide Internet connection like this: Download eth0 (512K) SSH/IPSec rate=256k, ceil=512k and prio=0 (it can be used from the local PC1 or PC2) PC1 1.2.3.1(local ip) rate=170k, ceil=512k and prio=1 PC2 1.2.3.2 (local ip) rate=170k, ceil=512k and prio=1 PC3 1.2.3.3 (local ip) rate=170k, ceil=512k and prio=1 SMTP server (exist on firewall) rate=64k, ceil=128k and prio=2 or better 1 Do I understand right if some of PCs (PC1or PC2) use SSH/IPsec it gets speed from 256k up to 512k if it not in use. Two anothers PCs and SMTP server share 256k between them. Is that right? What speed they get each? Upload eth0 (256k) htb/imq SSH/IPSec rate=128k, ceil=256k and prio=0 (it can be used from the local PC1 or PC2) PC1 1.2.3.1(local ip) rate=80k, ceil=256k and prio=1 PC2 1.2.3.2 (local ip) rate=80k, ceil=256k and prio=1 PC3 1.2.3.3 (local ip) rate=80k, ceil=256k and prio=1 SMTP server (exist on firewall) rate=64k, ceil=128k and prio=2 or better 1 If I'm not correct just correct me, please. Is it enough to have only one class or more? I know that running htb on external eth, htb cannot see local ip addresses. Can I mark them with the iptables and use it with the htb? Or do I have to make htb rules on my local eth1 as well? Thank you in advance for any help/ideas Remus ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB: quantum vs. burst
On Thu, Jan 16, 2003 at 09:28:17PM +0100, Stef Coene wrote: If you want to undestand what's going on, you also have to graph the tokens and ctokens. Oh, I see. The negative values of tokens and ctokens that can be seen frequently are because of the hysteresis setting? Also, I have some trouble understanding the tokens/ctokens example on www.docum.org. First, I would suggest that you add an additional bullet specifying initial conditions more explicitly. I suppose that the burst bucket is filled up when the 200bps transmission starts, am I right? Second, it would be useful to state what ceil the example class has since bursting is limited by ceil as we agreed before. Without knowing the class' ceil it's hard to say at what speed the first burst bytes will be released to the network - which is what the other calculations depend on. I use the ethloop from Devik. It's a very nice think ones you understand how it works. I can send you my scripts and config files if you are intersed (and I think you are :) You bet I am, thanks a lot. :) Indeed. I think I need some sleep :) Indeed, the ceil is respected if you use the burst parameter. It's the parent ceil that's broken. That brings up a question: what happens if the parent, say 1:20, has its own parent, say 1:10, and the 1:10 has already been overlimit. In other words, class 1:10, already transmitting at its ceil speed, has a child 1:20 that breaks its ceil because one or more its own children are bursting. Unevitably, 1:10 is forced above its ceil too, right? If that is the case, the state of being overceil will spread all the way up the class hierarchy to the root class? I had a hard time finding the directory where I stored my files :) But I found it. Now I have to figure out what I wanted to document :) Oh, don't feel pressed, take your time, it's been a long time coming anyway. ;-) pvl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] routing bug?
Hello, I have set up the following route: ip rule add prio 20 table test ip route add default table test proto static \ nexthop dev eth0 via 80.98.79.254 weight 1 \ nexthop dev ppp0 via 62.112.192.134 weight 1 [root@roadrunner ~ ] # ip route get 195.228.120.3 195.228.120.3 via 62.112.192.134 dev ppp0 src 62.112.220.27 cache mtu 1454 advmss 1414 then I try to telnet to the ssh port of 195.228.120.3 In the meantime: [root@roadrunner ~ ] # tcpdump -i ppp0 host 195.228.120.3 tcpdump: listening on ppp0 22:59:44.177458 80.98.79.17.35279 195.228.120.3.ssh: S 3019355410:3019355410(0) win 5656 mss 1414,sackOK,timestamp 550913 0,nop,wscale 0 (DF) [tos 0x10] [...repeated for 4 times...] 23:00:13.299255 195.228.120.3.ssh 62.112.220.27.35251: P 2635459978:2635460026(48) ack 2627843263 win 15532 nop,nop,timestamp 383251 514492 (DF) 23:00:29.174513 80.98.79.17.35279 195.228.120.3.ssh: S 3019355410:3019355410(0) win 5656 mss 1414,sackOK,timestamp 555413 0,nop,wscale 0 (DF) [tos 0x10] (Notice that the source address (80.98.79.17) belongs to eth0 not to ppp0) At the same time I ran a tcpdump on the eth0 interface as well and it had gotten no packets from 195.228.120.3 at all. The packet that came at 23:00:13 is rather strange. I do not know, how did it find out where should it send its packet back if my own packet's source address was wrong. (After I had repeated the operation several times, I was not able to catch this packet again. It might had been a stale packet from a previous connection, I don't know.) After all of this: [root@roadrunner /stor/home/ggabor ] # ip route get 195.228.120.3 195.228.120.3 via 62.112.192.134 dev ppp0 src 62.112.220.27 cache mtu 1454 advmss 1414 Can this be a bug or did I make a mistake somewhere? During the operation there had been no rules in iptables' tables. If a program tries to use eth0 with the same routing settings, there is no problem. thanks in advance -- Gabor Gludovatz [EMAIL PROTECTED] - Phone: +36 (20) 9 109 129 http://gludo.sopron.hu/ * http://gludo.sopron.hu/gpg.txt GPG fingerprint: 8D0C 6AE8 5875 751E 5122-1DAE 4990 1A4E BC2E C8B9 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] part 2
After I sent my previous letter, I deleted the routes from my routing tables: ip rule del table test ip route flush table test And the rule and the route have been deleted. In spite of this: [root@roadrunner /stor/home/ggabor ] # ip route get 195.228.120.3 195.228.120.3 via 62.112.192.134 dev ppp0 src 62.112.220.27 cache mtu 1454 advmss 1414 But there is no any route that would point to 62.112.192.134. -- Gabor Gludovatz [EMAIL PROTECTED] - Phone: +36 (20) 9 109 129 http://gludo.sopron.hu/ * http://gludo.sopron.hu/gpg.txt GPG fingerprint: 8D0C 6AE8 5875 751E 5122-1DAE 4990 1A4E BC2E C8B9 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] part 2
Gabor, I admit, I haven't read your problem thoroughly (still at work). I'll read through it later. I did want to suggest however that you make sure to ip route flush cache before you try using ip route get again. Good luck, -Martin : After I sent my previous letter, I deleted the routes from my routing : tables: : : ip rule del table test : ip route flush table test : : And the rule and the route have been deleted. : : In spite of this: : [root@roadrunner /stor/home/ggabor ] # ip route get 195.228.120.3 : 195.228.120.3 via 62.112.192.134 dev ppp0 src 62.112.220.27 : cache mtu 1454 advmss 1414 : : But there is no any route that would point to 62.112.192.134. : : : -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Game servers used as smurf reflectors
http://www.pivx.com/press_releases/mk_mk001.html http://www.pivx.com/kristovich/adv/mk001/ Could TC be used to throttle Quake-style game server queries until the game servers are updated to do this on their own? Seems like one could create a filter that tags UDP messages to one's game server ports that have some initial string matching a status query, and throttle these. (I'm already using the WonderShaper to keep my website and FTP from taking bandwidth away from my game servers, by putting HTTP and FTP source in the traffic we hate queue.) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/