[LARTC] HTB class borrows from itself? Devik?

2003-04-12 Thread Martin A. Brown 
Devik/LARTC,

Stef has a note alluding to the possibility that a class can borrow from
itself, and has a recollection that he read this at one point in the HTB
documentation.

Would you be able to clear this up for us?  I don't see how a class can
borrow from itself!

Thank you,

-Martin

 [1] http://www.docum.org/stef.coene/qos/faq/cache/33.html


-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB rate, borrowing, and dequeuing

2003-04-12 Thread Martin A. Brown 
Hi Stef and list,

Get ready for another long mail!

 : >  - How is rate calculated in HTB?

Sorry, Stef, I was unclear with my question.  I understand how HTB
determines when to dequeue a packet and when not to dequeue a packet based
on presence of tokens or ctokens.  What I fail to understand is how HTB
reports to the user the rate in a given class.  [ See more below. ]

 : HTB is based on TBF.  Actually, htb uses 2 tbf queues, one for the rate
 : and one for the ceil to control a class.  So you can ask you the
 : quesion, how is rate calculated in tbf.
 :
 : I think rate is not really calculated and checked.

OK--the rate is not calculated in preparation for transmission of packets.
The mechanism controlling dequeuing of packets is essentially a classful
token bucket filter.

It has to be calculated somewhere, though, even if only for display,
because.when I run "tc -s class show dev $DEV", the output shows a
rate for each class.  I hope to learn how this rate is calculated for
reporting.

 : It's based on a bucket with tokens to control the rate.  You have a
 : rate of tokens and you need a token to send a packet. So if you control
 : the amount of tokens, you control the rate.  But I wonder if the size
 : of the packet is used in the calculations.

Right.  So, I understand the concept of tokens/ctokens, and that the rate
of dequeued packets is dependent on the rate of tokens entering the "rate"
bucket of size "burst".  It seems to me that a token is used for every
byte transmitted, so the size of the packet is explicitly used in the
calculations.

So, if I transmit a 500 byte ethernet frame, 500 tokens are used.  Is this
incorrect?

 : >  - Over what number of seconds is rate averaged?
 : The internal kernel clock is used for this.  After each tic, the rate
 : of the active class is checked again.  You can change this clock :
 : http://www.docum.org/stef.coene/qos/faq/cache/40.html That's also why
 : you need a minimal burst.  This burst depends on the clock you have.
 : If you have a more precize clock, you can specify a smaller burst.
 : The burst is the amount of data you can send between 2 timer tics.  A
 : smaller burst is useless, because you can not check it

If I understand your description correctly, a [leaf] class will dequeue as
much data as possible up to burst in one timer tick, and {c,}tokens are
not added to their buckets until the next timer tick.  Is this accurate?

I'll need to think about this some more--I'll have more questions about
this.  Something doesn't make sense, but I'm not sure how to articulate my
question or confusion.



 : >  - Is it calculated using exponential weighted moving average (EWMA)?
 : Again, I don't think you can speak about controlling a rate, but you
 : have to think about a bucket with tokens and a supply of tokens.

I retract this question.  This was my feeble rephrasing of my generally
worded question on how HTB calculates the rate for display to the user.
Let me take another stab:

How are the rate and pps figures in "tc -s class show dev $DEVICE"
calculated?

 : >  - Do children borrow tokens or ctokens from parent classes?
 :
 : Yes.  If a class sends a packet, a token and a ctoken is used.  So the
 : bucket of tokens and ctokens is decremented for each packet that's
 : send.  The same token is decremented from the parent ctoken en token
 : bucket. But there is also a supply of tokens and ctokens equal to the
 : rate and ceil.  So if child classes are sending packets equal to the
 : rate, the used tokens are also decrement from the token/ctokens if the
 : parent.
 :
 : I have some tests to prove this :
 : http://www.docum.org/stef.coene/qos/tests/htb/burst/ Take a look at the
 : first test.  Class 11 and 10 are sending packets.  So tokens are used
 : both from the classes and the parent.  But class 10 has a burst and so
 : it has some extra tokens and it can send more data then it's rate.
 : But the parent has no burst so it's tokens are dragged negative.

Interesting.  This makes HTB's rate and ceiling limiting mechanism a
double leaky bucket, right?  This is not obvious to me when I generate
traffic and watch the fluctuating class statistics.  Nonetheless, your
explanation convinces me.  Thank you.

 : Mhh.  I just asked my self why the parent tokens and the child tokens
 : are different even if you specify the same burst.  Somehow the rate is
 : used when tokens are calculated and when tokens are used.  But when the
 : tokens are used, there is also a correlation with the rate.  Mhh.

Stef!  This sounds like a cat chasing its tail!  :)

 : >  - What does it mean when a class lends (tokens?, ctokens?) to itself? [1]
 : >This seems illogical to me.  Is this a LARTC FAQ typo, Stef? Why would
 : >a class borrow from itself?
 : Ask Devik :)  I found that on his htb page, but I can't find it anymore.
 : Maybe Devik corrected it and then I shoud correct my faq page too.

OK.  I'll ask DevikI'll start a separate thread on this matter.

 :

Re: [LARTC] wondershaper script making connection worst.

2003-04-12 Thread Linux RedHat 
> i have the prob with my cable modem where the upload gets messed up with the
> download. So I donwload and tried the wondershaper script, but it seems to make my
> connection worst. If I start a download, and I'll get 180+K/s, then with a upload
> going it'll go down to about 50-60K/s. When I run the wondershaper script it goes
> down about 5K/s.  :(
>
> I tried both CBQ and HTB versions and they both do the samething.  I turned on all
> the QoS options, just incase.  Are there any issues with RedHat8?
>
> --
I use wondershaper on redhat 8 with no problem, but i did have to experiment quite a
bit with the values for UPLINK / DOWNLINK until i found ones that worked
well...which it now does :)



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] multiple uplinks/iptables -t nat -PREROUTING funny

2003-04-12 Thread Russell Senior 
> "Martin" == Martin A Brown <[EMAIL PROTECTED]> writes:

Russell> When I connect to the port forwarded address from the
Russell> outside, it looks like the returning packets are getting
Russell> routed _before_ the source IP is translated (and thus aren't
Russell> matching a special rule and thus get routed according to the
Russell> default rule).  Everything else seems to be working fine.

Russell> Has anyone seen this?  Is it a bug or am I just confused?

Martin> This is not a bug--this is a fact of packet flow through the
Martin> kernel.  See the kernel packet traveling diagram (KPTD) [1]
Martin> for more details on the sequence of operations.  So to answer
Martin> your question: you must be confused!  :)

What that very nice diagram doesn't show is how the reply packets to
DNAT'd connections are handled.  The prima facie evidence seems to be
that DNAT was in the PREROUTING iptable and "consequently" the reverse
translation should occur before routing.  That is the source of my
confusion.

Martin> You should try adding just one more rule:

Martin> # ip rule add from 192.168.0.2 table T2

That would "work", but it is kind of messy.  What if I have a second
DNAT from IF1 that also forwards to 192.168.0.2?  It would get
complicated in a hurry.  

All would be solved if the reverse translation just occurred in
PREROUTING as seems like it "should".  I don't understand yet why it
doesn't.  Perhaps there is a good reason that I just don't see.  Or,
maybe there isn't a good reason, and it should be "fixed".  Too soon
for me to say.

If anyone can point me at some detailed documentation on DNAT or even
the relevant bits of the source code, I'd really appreciate it!

-- 
Russell Senior ``I've seen every kind of critter God ever made,
[EMAIL PROTECTED]  and I ain't never seen a meaner, lower, more
 stinkin' yellow hypocrite than you!'' 
-- Burl Ives as Rufus Hennessy
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Multiple gateways from multiple ISPs: how to add specificroutes?

2003-04-12 Thread Martin A. Brown 
Steen,

 : I have a box here with six ADSLs, two from each of three providers. The
 : system is setup in direct accordance with the configuration outlined in
 : the Nano-HOWTO.txt.

Damn!  That's a pile of DSL lines.

 : This means that I'd have to put in rules and/or routes that handles
 : these nets specifically and routes the traffic through the proper
 : gateway.

Why not use a technique like this, assuming that nexthops 111.1.1.1 and
112.1.1.1 are both connected to ISP 1's network?

# ip route add $ISP1_DNS/32 table 222 \
>  nexthop via 111.1.1.1  dev eth1 weight 1 \
>  nexthop via 112.1.1.1  dev eth2 weight 1

  OR, more generally,

# ip route add $ISP1_NET/$ISP1_NETMASK table 222 \
>  nexthop via 111.1.1.1  dev eth1 weight 1 \
>  nexthop via 112.1.1.1  dev eth2 weight 1

Now, you simply add a similar set of rules for each subnet inside the
provider which needs to be reached through a particular set of the ADSL
links.

Seems simpler than creating new routing tables and adding more entries to
the RPDB.  (I subscribe to the keep-it-simple-stupid philosophy of network
administration.)

 : Is this correct?

I don't know.

 : Is this the way to go?

I don't know.

 : What is "best practice" in this matter?

I don't know.

I sure hope somebody else on the list knows.

[ snipped "ip route" and iptables output ]

Thanks very much for the detailed description.

Good luck--I imagine I'm not the only one who'd like to hear what you end
up doing.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] multiple uplinks/iptables -t nat -PREROUTING funny

2003-04-12 Thread Martin A. Brown 
Russell,

 : I have a network much like that show in:
 :
 :   
 :
 : with a few wrinkles.  This is with a ptrace patched 2.4.20 kernel.
 :
 : The wrinkles are that one interface has 14 IPs (.2 to .15) total (via
 : eth1 and aliasing), the other being a single DHCP-provided IP (eth0).

As a side note, after reading your post, Russell, I'm a touch confused why
you have so many IPs hosted on your eth1 interface.  It strikes me that
you really just want packets to arrive (inbound) on eth1.  So, you really
don't need to have all these IPs locally hosted on your box.  You can
simply proxy ARP for the IPs, and ethernet frames with IP packets bound
for e.f.g.2-15 will arrive on your eth1.  Perhaps you are doing more than
that with these 14 IP addresses, but if not, why bother hosting the IPs
locally?

Suggestion:

# for h in $( seq 2 15 ) ; do
>   arp -s e.f.g.$h -i eth1 -D eth1 pub
> done

Purely out of curiousity, I wonder if you are doing something else with
these IPs?

[ snipped iptables rules that look fine ]

 : When I connect from the outside to eee.fff.ggg.11:22, I never hear a
 : reply.  Ethereal (on the internal interface, eth2) shows replies, but
 : looking on the other external interface (eth0) it appears that the
 : replies are all shooting out of it (the default path).  Nothing ever
 : returns out the eth1 interface as it "should".  I have the ip rules
 : set up as follows:

[ thank you for the "ip route" and "ip rule" output, which has been
  snipped to save space  ]

 : When I connect to the port forwarded address from the outside, it
 : looks like the returning packets are getting routed _before_ the
 : source IP is translated (and thus aren't matching a special rule and
 : thus get routed according to the default rule).  Everything else seems
 : to be working fine.
 :
 : Has anyone seen this?  Is it a bug or am I just confused?

This is not a bug--this is a fact of packet flow through the kernel.  See
the kernel packet traveling diagram (KPTD) [1] for more details on the
sequence of operations.  So to answer your question:  you must be
confused!  :)

You should try adding just one more rule:

# ip rule add from 192.168.0.2 table T2

For a more thorough analysis of this interaction between routing and
netfilter, see my advanced routing with multiple Internet connections
chapter [2] and/or this informative post from Wes Hodges [3].

-Martin

 [1]  http://www.docum.org/stef.coene/qos/kptd/
 [2]  http://linux-ip.net/html/adv-multi-internet.html
 [3]  http://lists.netfilter.org/pipermail/netfilter/2001-May/011697.html

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] [LARTC] 2 ADSL lines + 2 Net´s routing

2003-04-12 Thread Martin A. Brown 
Fox,

 : hello, first sorry for my english.

Agreed--your English isn't fantastic--even so, you didn't provide enough
details to telp us figure what you are really asking and what you are
trying to do.

 : I have 2 ADSL conetions, 1 in eth0, ip 192.168.2.200, conected to a 1
 : ADSL router (192.168.2.100), and de other ADSL in eth2, ip 10.10.5.200
 : conected a ADSL router (10.10.5.1). In other part, a have eth1 ip
 : 192.168.2.201, an eth3 10.10.5.201.

It seems that you must be using some interesting subnetting and/or proxy
ARP magic to make everything work, because you have only shown us two
networks here:

  10.10.5.0/24 eth2 and eth3
  192.168.2.0/24   eth0 and eth1

My guess is that you haven't worked out the subnetting issues properly.
In order to help a bit more, we'd need a diagram and/or a description of
your network.  Send us the relevant routing tables ("ip route show table
main", "ip route show table $OTHER") and the RPDB ("ip rule show"), and
there are quite a few people here who will look at it.

 : I need to route everthing in 10.10.5.0/24 to eth2 and everthing in
 : 192.168.2.0/24 to eth0, went i probe it, it´s working for
 : 192.168.2.0/24, but 10.10.5.0/24 not´s work, in this moment i don´t
 : have a copy of the script used todo this, but, in aparenced, the script
 : is good.

Please send us details.

 : Apart of this, i do a rate limit of the trafic in eth0 and eth2 with
 : htb. If i used trafic control, the script don´t work for 10.10.5.0/24,
 : but if i desectiv trafic control, the 2 net´s wroks ok.

In the matter of this question, I must say I have no idea what you are
asking.  Perhaps you could clarify.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/