[LARTC] IMQ problem
Hi, I tried to make IMQ device to work... So I patched the kernel, patched iptables, made all the stuff, boot to new kernel was ok, module imq was there and it was ok to load it and 'ip link imq0 up' also worked and imq0 was present in ifconfig listing. Unitil imq0 was inactive everything was clear and stable. BUT: Anytime I redirected any traffic to imq0 (with the iptables ... -j IMQ comand), then the kernel crashed with "Kernal panic!" message kernel 2.4.21 patched with linux-2.4.21-imq-1.diff iptables 1.2.8 patched via patch-o-matic-20030107 with pom-20030625.diff Any tips, hints or whatever?? Thanks, Mike ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] CBQ.init
On Tuesday 09 September 2003 09:42, Mitsuru MIZUTANI wrote: (B> Hello everyone, (B> I am using CBQ.init to shape bandwidth but I have a problem. (B> Linux PC2 (192.168.0.10) (B> +-+ (B> |eth0 192.168.0.1 | $B"+(B Linux router (B> |-| (B> |eth1 192.168.1.1 | (B> +-+ (B>Linux PC1 (192.168.1.10) (B> I want to limit bandwidth from "Linux PC1" to "Linux PC2" (B> more than 10Mbps. (B> So I set CBQ.init following like this. (B> /etc/rc.d/CBQ.init (B> DEVICE=eth0,100Mbit,10Mbit (B> RATE=10Mbit (B> WEIGHT=1Mbit (B> PRIO=5 (B> When I set RATE=6Mbit,I can limit bandwidth 6Mbps. (B> But I set RATE=7Mbit,8Mbit,... (B> I can limit bandwidth only 6.95Mbps everytime. (B> Why? (B> Could you tell me how to limit bandwidth more than 7Mbps. (B (BHave you checked link quality before you applied CBQ and after you applied CBQ (Bqdisc ? Perhaps this is caused by your switch, cable, etc. (B (BOnce you have checked it all, than we consider to take CBQ as the problem. (B (BRegards, (BRio Martin. (B (B (B (B (B (B (B___ (BLARTC mailing list / [EMAIL PROTECTED] (Bhttp://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] CBQ.init
Hello everyone, (B (BI am using CBQ.init to shape bandwidth but I have a problem. (B (B (B Linux PC2 (192.168.0.10) (B (B| (B +-+ (B |eth0 192.168.0.1 | $B"+(J Linux router (B |-| (B |eth1 192.168.1.1 | (B +-+ (B| (B (B Linux PC1 (192.168.1.10) (B (B (BI want to limit bandwidth from "Linux PC1" to "Linux PC2" (Bmore than 10Mbps. (B (BSo I set CBQ.init following like this. (B (B/etc/rc.d/CBQ.init (BDEVICE=eth0,100Mbit,10Mbit (BRATE=10Mbit (BWEIGHT=1Mbit (BPRIO=5 (B (BWhen I set RATE=6Mbit,I can limit bandwidth 6Mbps. (BBut I set RATE=7Mbit,8Mbit,... (B I can limit bandwidth only 6.95Mbps everytime. (BWhy? (B (BCould you tell me how to limit bandwidth more than 7Mbps. (B (BMitsuru MIZUTANI (B (B___ (BLARTC mailing list / [EMAIL PROTECTED] (Bhttp://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] questions
Hey guys, Im going to be setting up a qos system for the college I attend and I had some questions. First, the box will be a transparent bridge and I would like to prioritize traffic (3 class/types only, [interactive, web+mail+etc, bulk]) and also limit single ips to specified up/down speeds. I want to use HTB. 1) the network here will have about 500-600 computers on the network, with 400 active at any one time. Any ideas on what kind of hardware will be needed to accomodate this? They have given me a P-II 350 with 256Mb of RAM and 2 realtek based 10/100 NICs. Should this be enough? 2) What would be the most efficient way (qdisc/class structure) to accomplish this? The school's main link is approx 6mbit, yet if I split that among the anticipated active computers, that would average about 15kbit per computer, which is terrible. So, that means if I want to allot any useful amount of bandwidth to all of the computers, my total alloted bandwidth would be greater than the link. Am I correct in my reasoning here? If so, what would all of you experienced shapers recommend for my setup? (tree diagrams, descriptions would be great) 3) iptables marking will not work over the bridge (correct?) so I need to learn to use u32 filter classifiers. Are there any in depth howto's, etc out there? Im looking at the LARTC page on it and Im still pretty confused. 4) Anything else I should remember/consider? Please CC replies to my address shad at wnoc dot com Jay ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ and 2.6 kernel
On Wednesday 03 September 2003 10:09, Remus wrote: > Hi folks, > > I would like to know if IMQ (http://trash.net/~kaber/imq/) is going to be > ported to the 2.6 kernel or there is something else? I just took a quick look at the imq patch and I don't think it's difficult to port it to 2.6. As far as I know, there are not much changes in the network code. Have you tried to apply the patch? Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Problem while using HTB bandwidth limitation
On Wednesday 03 September 2003 06:59, Nimit Gupta wrote: > Yeah its for a short period but it keeps happening, I mean it will reach > to 48Kbit and then after few sec it will stablize at 24Kbit then again > it will reach to 48 and this repeats. > > can you explain how to calculate burst rates for better control and > accuracy? Mhh. How long is it stayig at 48Kbit? Can you plot it? > >>>In order for you to control > >>>latency and bandwidth use, you must ensure that you are the slowest > >>>point. Annoyingly, the only successful way to identify exactly what > >>> speed to use as a bandwidth cap is experimentation. A good general > >>> suggestion is to lop off a couple of kbit and try capping your > >>> bandwidth exactly as Stef suggests. Try using 188kbit, and see if your > >>> apparent control increases. > >> > >>Is there a ratio between the total available bandwidth and the amount > >>you restrict it to or you can just arbitarily reduce by 5-7 Kbit. > > > > It should be quite accurate. I tested it for different rates / ceils and > > each time the results where allmost perfect. > > So I want to know what ratio it is as you said for 192Kbit make 188Kbit > thats equivalent to 2 percent, is this the way. It's not so easy to tell. Sometimes, people lower the total bandwidth and suddenly the shaping is working. > One more thing, Is there something like isolated(as in cbq) in htb, that > is irrespective of others demand the bandwidth allocated to someone as > isolated does not get affected. Isolated is not working in cbq. And no, there is no such option in htb. > Is there an irc channel for lartc discussions? Yes, #lartc @ irc.oftc.net. But you have to be lucky to find someone not-away :) Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Ethloop
On Sunday 07 September 2003 05:25, Yves Bergeron wrote: > Hi, > > This is my scenario > > I have a 100mbit for 400 routes and the rest of Internet is at 2mbit > > # > #1:1 > # / \ > #1:2 1:12 > # / \ > # 1:10 1:11 > > > tc qdisc del dev lo root handle 1: htb default 10 > tc qdisc add dev lo root handle 1: htb default 10 > > tc class add dev lo parent 1: classid 1:1 htb rate 100mbit quantum > 1500 > > tc class add dev lo parent 1:1 classid 1:2 htb rate 1950kbit > > tc class add dev lo parent 1:2 classid 1:10 htb rate 1500kbit ceil > 1900kbit tc class add dev lo parent 1:2 classid 1:11 htb rate 100kbit ceil > 1000kbit > > tc class add dev lo parent 1:1 classid 1:12 htb rate 98mbit quantum > 1500 > > tc qdisc add dev lo parent 1:10 handle 10: sfq perturb 10 > tc qdisc add dev lo parent 1:11 handle 11: sfq perturb 10 > tc qdisc add dev lo parent 1:12 handle 12: sfq perturb 10 > > > > Is my class Ok ? > > > I want to make simulation with Ethloop, How can I known which flow > correspond to which classid ? I use ethloop also and 0x10010 is class 1:10, 0x10011 is class 1:11. (ethloop is a tool that can be used to test htb, see htb home page). Example : tc qdisc del dev lo root ifconfig lo mtu 1500 tc qdisc add dev lo root handle 1: htb default 10 TC="tc class add dev lo parent" $TC 1: classid 1:1 htb rate 100kbps $TC 1:1 classid 1:10 htb rate 40kbps ceil 100kbps $TC 1:1 classid 1:11 htb rate 60kbps ceil 100kbps tc qdisc add dev lo parent 1:10 pfifo tc qdisc add dev lo parent 1:11 pfifo 0 i 0 lo 0 i 1 lo 0 P 0 0x10010 0 P 1 0x10011 0 S 0 1500 0 S 1 1500 # start all flows 0 R 0 120k 0 R 1 120k 12000 X 0 0 Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] source routing question
Hello Aldrovando, This is a not uncommon problem. : I have the following situation to handle: a linux box is a firewall : and router of my internal network (192.168.1.0/24). This firewall is : connected to the net through two network cards that connect to two : different gateways. A picture of the situation is the following: [ snipped netmap ] Quick summary of configuration: - private (rfc1918) internal network with services published to the world - two public networks - a single service (in the internal network) which should be reachable on an IP in each public network [ snipped some text ] : The package is then redirected to the server in the intranet by the : linux box. So how do I make sure ( i am using iproute and iptables) : that the answer by the server( web) when it reaches the linux box gets : sent through the same provider the request came from? The key to the general solution of this problem is to use separate pairs of IPs for the entire path from the outside world to the internal network. The internal service (e.g., webserver) must host two IP addresses. One IP address can be reached via DNAT from public network 1 and the other IP address can be reached via DNAT from the other network. See also the following: http://linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-inbound http://lists.netfilter.org/pipermail/netfilter/2001-May/011697.html http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN616 And don't forget to turn off reverse path filtering! (/proc/sys/net/ipv4/conf/all/rp_filter) Best of luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] source-based-routing
On Monday, 08 September 2003, at 11:50:53 -, vadiraj c s wrote: > I need information on source-based-routing in detail. Please > help in getting this to me as soon as possible. > As you are in a hurry, run to http://lartc.org. Period. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test4-mm4) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] source-based-routing
Vadiraj, :I need information on source-based-routing in detail. Please : help in getting this to me as soon as possible. Do you mean policy-based routing, or do you *really* mean source-based routing? If you mean policy-based routing, there are a number of resources you will find helpful: - http://www.policyrouting.org/PolicyRoutingBook/TOC.html This is Matthew Marsh's book on policy routing. - http://linux-ip.net/html/ch-routing.html This is a chapter in my book on Linux and the IP layer. For reference, you will find Alexey Kuznetsov'z iproute2 command reference (ip-cref) the most valuable resource: - http://linux-ip.net/gl/ip-cref/ which also comes with the iproute2 package Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] source routing question
Hi, I have the following situation to handle: a linux box is a firewall and router of my internal network (192.168.1.0/24). This firewall is connected to the net through two network cards that connect to two different gateways. A picture of the situation is the following: ++/ || | +-+ Provider 1 +--- __ | || / ___/ \_ +--+---+ ++| _/\__ | if1 | / / \ | | | | Local network -+ Linux router | | Internet \_ __/| | | \__ __/ | if2 | \ \___/ +--+---+ ++| | || \ +-+ Provider 2 +--- || | ++\ In the intranet (that is NATED) i have two services, web and a specific service connected to a private protocol. Lets say that some client connects from the net to my web server comming from one of the providers. The package is then redirected to the server in the intranet by the linux box. So how do I make sure ( i am using iproute and iptables) that the answer by the server( web) when it reaches the linux box gets sent through the same provider the request came from? I can make it work for requests that stop at the firewall, but not for the ones that go into the intranet. If I mark the packages (using the mangle table) that are redirected to the web server does it happen that the mark comes back together with the answer from the web so that I could send them through the right gateway? Thanks in advance for your atention, Aldrovando Luís Azeredo - This mail sent through IMP: http://horde.org/imp/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Routing problem
Well, I don't think its the cisco's problem. I think there is something wrong with my linux routing config , here it is: /proc/sys/net/ipv4 icmp_echo_ignore_all:0 icmp_echo_ignore_broadcasts:0 icmp_ignore_bogus_error_responses:0 icmp_ratelimit:100 icmp_ratemask:6168 igmp_max_memberships:20 inet_peer_gc_maxtime:120 inet_peer_gc_mintime:10 inet_peer_maxttl:600 inet_peer_minttl:120 inet_peer_threshold:65664 ip_autoconfig:0 ip_conntrack_max:32656 ip_default_ttl:64 ip_dynaddr:0 ip_forward:1 ipfrag_high_thresh:262144 ipfrag_low_thresh:196608 ipfrag_time:30 ip_local_port_range:32768 61000 ip_nonlocal_bind:0 ip_no_pmtu_disc:0 tcp_abort_on_overflow:0 tcp_adv_win_scale:2 tcp_app_win:31 tcp_dsack:1 tcp_ecn:0 tcp_fack:1 tcp_fin_timeout:60 tcp_frto:0 tcp_keepalive_intvl:75 tcp_keepalive_probes:9 tcp_keepalive_time:7200 tcp_max_orphans:16384 tcp_max_syn_backlog:1024 tcp_max_tw_buckets:18 tcp_mem:97280 97792 98304 tcp_orphan_retries:0 tcp_reordering:3 tcp_retrans_collapse:1 tcp_retries1:3 tcp_retries2:15 tcp_rfc1337:0 tcp_rmem:4096 87380 174760 tcp_sack:1 tcp_stdurg:0 tcp_synack_retries:5 tcp_syncookies:0 tcp_syn_retries:5 tcp_timestamps:1 tcp_tw_recycle:0 tcp_tw_reuse:0 tcp_window_scaling:1 tcp_wmem:4096 16384 131072 /proc/sys/net/ipv4/conf/ethX accept_redirects:1 accept_source_route:1 arp_filter:0 bootp_relay:0 forwarding:1 log_martians:0 mc_forwarding:0 medium_id:0 proxy_arp:0 rp_filter:1 secure_redirects:1 send_redirects:1 shared_media:1 tag:0 -Original Message- From: Ani <[EMAIL PROTECTED]> To: gaston <[EMAIL PROTECTED]> Date: Sat, 6 Sep 2003 03:07:14 -0700 (PDT) Subject: Re: [LARTC] Routing problem > if u r able to reach from ur client machine to cisco router ( but not > outside ) then its the cisco configuration u need to check... send the > cisco config and we can get back to u. > > gaston <[EMAIL PROTECTED]> wrote: > Internet > | > | > | > | | > | Cisco 2600 | | | > IP: 208.53.98.254 > |___| > | > | > | > | > | > | > |_ > | | > | Switch 1 | > |___| > > | > | > | > | > | > ETH0 ---> IP:208.53.98.198 Net 208.53.98.0/25 > | > | | > | Linux | > |___| > | > ETH1 --> IP:208.53.164.254 Net 208.53.164.0/24 > | > | > |_ > | | > | Switch 2 | -- Clients > > |___| > > Red Hat Linux 9 > Kernel: 2.4.20-8 > I used the traditional routing config (without iproute2) > > > Routing table: > > 208.53.98.128 0.0.0.0 255.255.255.128 U 0 eth0 > 208.53.164.0 0.0.0.0 255.255.255.0 U 0 eth1 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 eth1 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 lo > 0.0.0.0 208.53.98.254 0.0.0.0 UG 0 eth0 > > > Cisco 2600 config: > > ip route 208.53.164.0 255.255.255.0 208.53.98.198 > > > Problem: > > This configuration didn't work. From the clients network (208.53.164.0) > I > could only reach the Cisco router but was unable to reach Internet. > > The only quick solution was to connect Switch 1 with Switch 2. > > > Any ideas why this didn't work? > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > - > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] SQUID zero penalty for HIT trraffic patch
Hi, I was reviewing the patch Patrick McHardy has contributed to squid QoS features (http://trash.net/~kaber/squid-qos/), and decided to do something similar which could classify client side traffic based on whether SQUID's response is a cache HIT or a cache MISS. I think I got it working. I made a quick home page for this patch, so anyone interested in trying it can learn more here: http://www.it-academy.bg/zph/ The patch is currently working flawlessly for me and i hope it will evolve in the near future (as it is extremely barebone by now). ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] source-based-routing
Hi all, I need information on source-based-routing in detail. Please help in getting this to me as soon as possible. vadiraj cs deeprootlinux ltd bangalore ___ Medicine meets Marketing; Dr. Swati Weds Jayaram. Rediff Matchmaker strikes another interesting match !! Visit http://rediff.com/matchmaker?2 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/