[LARTC] IMQ problem

[michal]

Hi,
I tried to make IMQ device to work... So I patched the kernel, patched iptables,
made all the stuff, boot to new kernel was ok, module imq was there and it was
ok to load it and 'ip link imq0 up' also worked and imq0 was present in ifconfig
listing. Unitil imq0 was inactive everything was clear and stable.

BUT: Anytime I redirected any traffic to imq0 (with the iptables ... -j IMQ
comand), then the kernel crashed with "Kernal panic!" message 

kernel 2.4.21 patched with linux-2.4.21-imq-1.diff
iptables 1.2.8 patched via patch-o-matic-20030107 with pom-20030625.diff

Any tips, hints or whatever?? 

Thanks, Mike
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] CBQ.init

[Rio Martin]

On Tuesday 09 September 2003 09:42, Mitsuru MIZUTANI wrote:
(B> Hello everyone,
(B> I am using CBQ.init to shape bandwidth but I have a problem.
(B>  Linux PC2 (192.168.0.10)
(B>   +-+
(B>   |eth0 192.168.0.1 | $B"+(B Linux router
(B>   |-|
(B>   |eth1 192.168.1.1 |
(B>   +-+
(B>Linux PC1 (192.168.1.10)
(B> I want to limit bandwidth from "Linux PC1" to "Linux PC2"
(B> more than 10Mbps.
(B> So I set CBQ.init following like this.
(B> /etc/rc.d/CBQ.init
(B> DEVICE=eth0,100Mbit,10Mbit
(B> RATE=10Mbit
(B> WEIGHT=1Mbit
(B> PRIO=5
(B> When I set RATE=6Mbit,I can limit bandwidth 6Mbps.
(B> But I set RATE=7Mbit,8Mbit,...
(B>  I can limit bandwidth only 6.95Mbps everytime.
(B> Why?
(B> Could you tell me how to limit bandwidth more than 7Mbps.
(B
(BHave you checked link quality before you applied CBQ and after you applied CBQ 
(Bqdisc ? Perhaps this is caused by your switch, cable, etc.
(B
(BOnce you have checked it all, than we consider to take CBQ as the problem.
(B
(BRegards,
(BRio Martin.
(B
(B
(B
(B
(B
(B
(B___
(BLARTC mailing list / [EMAIL PROTECTED]
(Bhttp://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] CBQ.init

[Mitsuru MIZUTANI]

Hello everyone,
(B
(BI am using CBQ.init to shape bandwidth but I have a problem.
(B
(B
(B   Linux PC2 (192.168.0.10)
(B   
(B|
(B  +-+
(B  |eth0 192.168.0.1 | $B"+(J Linux router
(B  |-|
(B  |eth1 192.168.1.1 |
(B  +-+
(B|
(B
(B   Linux PC1 (192.168.1.10)
(B 
(B 
(BI want to limit bandwidth from "Linux PC1" to "Linux PC2"
(Bmore than 10Mbps.
(B
(BSo I set CBQ.init following like this.
(B
(B/etc/rc.d/CBQ.init
(BDEVICE=eth0,100Mbit,10Mbit
(BRATE=10Mbit
(BWEIGHT=1Mbit
(BPRIO=5
(B
(BWhen I set RATE=6Mbit,I can limit bandwidth 6Mbps.
(BBut I set RATE=7Mbit,8Mbit,...
(B I can limit bandwidth only 6.95Mbps everytime.
(BWhy?
(B
(BCould you tell me how to limit bandwidth more than 7Mbps.
(B
(BMitsuru MIZUTANI
(B
(B___
(BLARTC mailing list / [EMAIL PROTECTED]
(Bhttp://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] questions

[Jay Wineinger]

Hey guys,
Im going to be setting up a qos system for the college I attend and I
had some questions.  First, the box will be a transparent bridge and I would
like to prioritize traffic (3 class/types only, [interactive, web+mail+etc,
bulk]) and also limit single ips to specified up/down speeds.  I want to use
HTB.
1)  the network here will have about 500-600 computers on the network,
with 400 active at any one time.  Any ideas on what kind of hardware will be
needed to accomodate this?  They have given me a P-II 350 with 256Mb of RAM
and 2 realtek based 10/100 NICs.  Should this be enough?
2) What would be the most efficient way (qdisc/class structure) to
accomplish this?  The school's main link is approx 6mbit, yet if I split
that among the anticipated active computers, that would average about 15kbit
per computer, which is terrible.  So, that means if I want to allot any
useful amount of bandwidth to all of the computers, my total alloted
bandwidth would be greater than the link.  Am I correct in my reasoning
here? If so, what would all of you experienced shapers recommend for my
setup? (tree diagrams, descriptions would be great)
3) iptables marking will not work over the bridge (correct?) so I need
to learn to use u32 filter classifiers.  Are there any in depth howto's, etc
out there?  Im looking at the LARTC page on it and Im still pretty confused.
4) Anything else I should remember/consider?

Please CC replies to my address shad at wnoc dot com
Jay

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ and 2.6 kernel

[Stef Coene]

On Wednesday 03 September 2003 10:09, Remus wrote:
> Hi folks,
>
> I would like to know if IMQ (http://trash.net/~kaber/imq/) is going to be
> ported to the 2.6 kernel or there is something else?
I just took a quick look at the imq patch and I don't think it's difficult to 
port it to 2.6.  As far as I know, there are not much changes in the network 
code. 
Have you tried to apply the patch?

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Problem while using HTB bandwidth limitation

[Stef Coene]

On Wednesday 03 September 2003 06:59, Nimit Gupta wrote:
> Yeah its for a short period but it keeps happening, I mean it will reach
> to 48Kbit and then after few sec it will stablize at 24Kbit then again
> it will reach to 48 and this repeats.
>
> can you explain how to calculate burst rates for better control and
> accuracy?
Mhh.  How long is it stayig at 48Kbit?  Can you plot it?

> >>>In order for you to control
> >>>latency and bandwidth use, you must ensure that you are the slowest
> >>>point. Annoyingly, the only successful way to identify exactly what
> >>> speed to use as a bandwidth cap is experimentation.  A good general
> >>> suggestion is to lop off a couple of kbit and try capping your
> >>> bandwidth exactly as Stef suggests.  Try using 188kbit, and see if your
> >>> apparent control increases.
> >>
> >>Is there a ratio between the total available bandwidth and the amount
> >>you restrict it to or you can just arbitarily reduce by 5-7 Kbit.
> >
> > It should be quite accurate.  I tested it for different rates / ceils and
> > each time the results where allmost perfect.
>
> So I want to know what ratio it is as you said for 192Kbit make 188Kbit
> thats equivalent to 2 percent, is this the way.
It's not so easy to tell.  Sometimes, people lower the total bandwidth and 
suddenly the shaping is working.

> One more thing, Is there something like isolated(as in cbq) in htb, that
> is irrespective of others demand the bandwidth allocated to someone as
> isolated does not get affected.
Isolated is not working in cbq.  And no, there is no such option in htb.

> Is there an irc channel for lartc discussions?
Yes, #lartc @ irc.oftc.net.  But you have to be lucky to find someone not-away 
:)

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Ethloop

[Stef Coene]

On Sunday 07 September 2003 05:25, Yves Bergeron wrote:
> Hi,
>
> This is my scenario
>
> I have a 100mbit for 400 routes and the rest of Internet is at 2mbit
>
> #
> #1:1
> #  / \
> #1:2  1:12
> #   /   \
> #   1:10   1:11
>
>
> tc qdisc del dev lo root handle 1: htb default 10
> tc qdisc add dev lo root handle 1: htb default 10
>
> tc class add dev lo parent 1: classid 1:1 htb rate 100mbit quantum
> 1500
>
> tc class add dev lo parent 1:1 classid 1:2 htb rate 1950kbit
>
> tc class add dev lo parent 1:2 classid 1:10 htb rate 1500kbit ceil
> 1900kbit tc class add dev lo parent 1:2 classid 1:11 htb rate 100kbit ceil
> 1000kbit
>
> tc class add dev lo parent 1:1 classid 1:12 htb rate 98mbit quantum
> 1500
>
> tc qdisc add dev lo parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev lo parent 1:11 handle 11: sfq perturb 10
> tc qdisc add dev lo parent 1:12 handle 12: sfq perturb 10
>
>
>
> Is my class Ok ?
>
>
> I want to make simulation with Ethloop, How can I known which flow
> correspond to which classid ?
I use ethloop also and 0x10010 is class 1:10, 0x10011 is class 1:11.
(ethloop is a tool that can be used to test htb, see htb home page).

Example :

tc qdisc del dev lo root

ifconfig lo mtu 1500

tc qdisc add dev lo root handle 1: htb default 10
TC="tc class add dev lo parent"

$TC 1:  classid 1:1 htb rate 100kbps

$TC 1:1   classid 1:10  htb rate  40kbps ceil 100kbps
$TC 1:1   classid 1:11  htb rate  60kbps ceil 100kbps

tc qdisc add dev lo parent 1:10 pfifo
tc qdisc add dev lo parent 1:11 pfifo

0   i   0   lo
0   i   1   lo
0   P   0   0x10010
0   P   1   0x10011
0   S   0   1500
0   S   1   1500
# start all flows
0   R   0   120k
0   R   1   120k
12000   X   0   0

Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.oftc.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] source routing question

[Martin A. Brown]

Hello Aldrovando,

This is a not uncommon problem.

 :   I have the following situation to handle: a linux box is a firewall
 : and router of my internal network (192.168.1.0/24). This firewall is
 : connected to the net through two network cards that connect to two
 : different gateways. A picture of the situation is the following:

[ snipped netmap ]

Quick summary of configuration:

  - private (rfc1918) internal network with services published to the
world
  - two public networks
  - a single service (in the internal network) which should be reachable
on an IP in each public network

[ snipped some text ]

 : The package is then redirected to the server in the intranet by the
 : linux box. So how do I make sure ( i am using iproute and iptables)
 : that the answer by the server( web) when it reaches the linux box gets
 : sent through the same provider the request came from?

The key to the general solution of this problem is to use separate pairs
of IPs for the entire path from the outside world to the internal network.
The internal service (e.g., webserver) must host two IP addresses.  One IP
address can be reached via DNAT from public network 1 and the other IP
address can be reached via DNAT from the other network.

See also the following:

  http://linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-inbound
  http://lists.netfilter.org/pipermail/netfilter/2001-May/011697.html
  http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN616

And don't forget to turn off reverse path filtering!
(/proc/sys/net/ipv4/conf/all/rp_filter)

Best of luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] source-based-routing

[Jose Luis Domingo Lopez]

On Monday, 08 September 2003, at 11:50:53 -,
vadiraj c s wrote:

>   I need information on source-based-routing in detail. Please 
> help in getting this to me as soon as possible.
> 
As you are in a hurry, run to http://lartc.org. Period.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test4-mm4)
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] source-based-routing

[Martin A. Brown]

Vadiraj,

 :I need information on source-based-routing in detail. Please
 : help in getting this to me as soon as possible.

Do you mean policy-based routing, or do you *really* mean source-based
routing?

If you mean policy-based routing, there are a number of resources you will
find helpful:

  - http://www.policyrouting.org/PolicyRoutingBook/TOC.html
This is Matthew Marsh's book on policy routing.
  - http://linux-ip.net/html/ch-routing.html
This is a chapter in my book on Linux and the IP layer.

For reference, you will find Alexey Kuznetsov'z iproute2 command reference
(ip-cref) the most valuable resource:

  - http://linux-ip.net/gl/ip-cref/
which also comes with the iproute2 package

Good luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] source routing question

[azeredo]

   Hi,


  I have the following situation to handle: a linux box is a firewall and router
of my internal network  (192.168.1.0/24). This firewall is connected to the net
through two network cards that connect to two different gateways. A picture of
the situation is the following:

 
  ++/
  ||   |
+-+ Provider 1 +---
__  | || /
___/  \_ +--+---+ ++|
  _/\__  | if1  |  /
 / \ |  |  |
| Local network -+ Linux router |  | Internet
 \_   __/|  |  |
   \__ __/   | if2  |  \
  \___/  +--+---+ ++|
| || \
+-+ Provider 2 +---
  ||   |
  ++\






In the intranet (that is NATED) i have two services, web and a specific service
connected to a private protocol.  Lets say that some client connects from the
net to my web server comming from one of the providers. The package is then
redirected to the server in the intranet by the linux box. So how do I make sure
 ( i am using iproute and iptables) that the answer by the server( web) when it
reaches the linux box gets sent through the same provider the request  came
from? I can make it work for requests that stop at the firewall, but not for the
ones that go into the intranet.  If I   mark the packages (using the mangle
table) that are redirected to the web server does it happen that the mark comes
back together with the answer from the web so that I could send them through the
right gateway? 

Thanks in advance for your atention,


 Aldrovando Luís Azeredo

-
This mail sent through IMP: http://horde.org/imp/
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Routing problem

[gaston]

Well, I don't think its the cisco's problem. I think there is something
wrong with my linux routing config , here it is:

/proc/sys/net/ipv4 


icmp_echo_ignore_all:0
icmp_echo_ignore_broadcasts:0
icmp_ignore_bogus_error_responses:0
icmp_ratelimit:100
icmp_ratemask:6168
igmp_max_memberships:20
inet_peer_gc_maxtime:120
inet_peer_gc_mintime:10
inet_peer_maxttl:600
inet_peer_minttl:120
inet_peer_threshold:65664
ip_autoconfig:0
ip_conntrack_max:32656
ip_default_ttl:64
ip_dynaddr:0
ip_forward:1
ipfrag_high_thresh:262144
ipfrag_low_thresh:196608
ipfrag_time:30
ip_local_port_range:32768   61000
ip_nonlocal_bind:0
ip_no_pmtu_disc:0
tcp_abort_on_overflow:0
tcp_adv_win_scale:2
tcp_app_win:31
tcp_dsack:1
tcp_ecn:0
tcp_fack:1
tcp_fin_timeout:60
tcp_frto:0
tcp_keepalive_intvl:75
tcp_keepalive_probes:9
tcp_keepalive_time:7200
tcp_max_orphans:16384
tcp_max_syn_backlog:1024
tcp_max_tw_buckets:18
tcp_mem:97280   97792   98304
tcp_orphan_retries:0
tcp_reordering:3
tcp_retrans_collapse:1
tcp_retries1:3
tcp_retries2:15
tcp_rfc1337:0
tcp_rmem:4096   87380   174760
tcp_sack:1
tcp_stdurg:0
tcp_synack_retries:5
tcp_syncookies:0
tcp_syn_retries:5
tcp_timestamps:1
tcp_tw_recycle:0
tcp_tw_reuse:0
tcp_window_scaling:1
tcp_wmem:4096   16384   131072


/proc/sys/net/ipv4/conf/ethX


accept_redirects:1
accept_source_route:1
arp_filter:0
bootp_relay:0
forwarding:1
log_martians:0
mc_forwarding:0
medium_id:0
proxy_arp:0
rp_filter:1
secure_redirects:1
send_redirects:1
shared_media:1
tag:0




-Original Message-
From: Ani <[EMAIL PROTECTED]>
To: gaston <[EMAIL PROTECTED]>
Date: Sat, 6 Sep 2003 03:07:14 -0700 (PDT)
Subject: Re: [LARTC] Routing problem

> if u r able to reach from ur client machine to cisco router ( but not
> outside ) then its the cisco configuration u need to check... send the
> cisco config and we can get back to u.
> 
> gaston <[EMAIL PROTECTED]> wrote:
> Internet
> |
> |
> |
> | |
> | Cisco 2600 | | | 
> IP: 208.53.98.254 
> |___|
> |
> | 
> |
> |
> | 
> |
> |_
> | |
> | Switch 1 | 
> |___|
> 
> | 
> |
> |
> | 
> |
> ETH0 ---> IP:208.53.98.198 Net 208.53.98.0/25
> |
> | |
> | Linux | 
> |___|
> |
> ETH1 --> IP:208.53.164.254 Net 208.53.164.0/24 
> |
> |
> |_
> | |
> | Switch 2 | -- Clients 
> 
> |___|
> 
> Red Hat Linux 9
> Kernel: 2.4.20-8
> I used the traditional routing config (without iproute2)
> 
> 
> Routing table:
> 
> 208.53.98.128 0.0.0.0 255.255.255.128 U 0 eth0
> 208.53.164.0 0.0.0.0 255.255.255.0 U 0 eth1
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 lo
> 0.0.0.0 208.53.98.254 0.0.0.0 UG 0 eth0
> 
> 
> Cisco 2600 config:
> 
> ip route 208.53.164.0 255.255.255.0 208.53.98.198
> 
> 
> Problem:
> 
> This configuration didn't work. From the clients network (208.53.164.0)
> I
> could only reach the Cisco router but was unable to reach Internet. 
> 
> The only quick solution was to connect Switch 1 with Switch 2.
> 
> 
> Any ideas why this didn't work? 
> 
> ___
> LARTC mailing list / [EMAIL PROTECTED]
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 
> -
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] SQUID zero penalty for HIT trraffic patch

[Marin Stavrev]

Hi,

I was reviewing the patch Patrick McHardy has contributed to squid QoS
features (http://trash.net/~kaber/squid-qos/), and decided to do something
similar which could classify client side traffic based on whether SQUID's
response is a cache HIT or a cache MISS. I think I got it working. I made
a quick home page for this patch, so anyone interested in trying it can
learn more here: http://www.it-academy.bg/zph/

The patch is currently working flawlessly for me and i hope it will evolve
in the near future (as it is extremely barebone by now).


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] source-based-routing

[vadiraj c s]

Hi all,

  I need information on source-based-routing in detail. Please 
help in getting this to me as soon as possible.



vadiraj cs

deeprootlinux ltd
bangalore
___
Medicine meets Marketing; Dr. Swati Weds Jayaram.
Rediff Matchmaker strikes another interesting match !!
Visit http://rediff.com/matchmaker?2
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/