[LARTC] How to config ip in 2nd lan card in Linux pc and config ip masq?

[Md.Ahsanul Haque Chowdhury]

Dear  Sir,

I have install 2 lan card (Micronet Lan Card) in Linux pc, in 1st lan card I 
will use public ip ( 203.x.x.x) and 2nd lan card I will use private ip 
(192.168.1.1). But after install the Linux 7.2 in  /etc/sysconfig/network-
scripts/  only showing   ifcfg-eth0  no interface is showing like ifcfg-eth1.

My questions are  how to enable or config 2nd lan card and config ip in 2nd lan 
card.?
& how to config ip masq to route to get Internet in local workstations.?

Pls help me to solve these problem.


Thanks & Best regards. 
__
Md. Ahsanul Haque Chowdhury.
E-mail:[EMAIL PROTECTED] , [EMAIL PROTECTED]
Web:http://www.neksus.com
Web:http://www.link3.net
Date:2003-12-06.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] track tunnel connections

[Darryl Miles]

[EMAIL PROTECTED] wrote:

I have this:

publicIP(server)-netA--internet(netC)--netB--172.26.3.0/24

I have tunnel between netA and netB. The tunnel is
for manage some network devices what are using
private IP from network 172.26.3.0/24.
Now if I ping from publicIP (it could be server
with nagios). Echo request
packet is routed through tunnel and reaches 172.26.3.1(device)
but echo reply is routed via default route on netB gateway
and NATed out to internet.
Question: Could I somehow discover that echo request traveled
by tunnel so reply should take same way?
 

What tunneling technology are you using (IPIP, GRE, VPN 
(ESP/AH/PPTP/...) ) ?  

Normally you'd configure the tunnel endpoint routers at both sites to 
have recipriocal routing entries for each others subnet.  Also configure 
on the endpoint hosts a black hole routing entry with a higher metric 
than the tunnel, so that "Network Unreachables" are correctly returned 
in the event the tunnel is not configured / down.  This is also one 
measure you can use to stop tunneled data from accidentally escaping 
onto the Internet.

But your subnets need to be correctly configured around the endpoint 
router so no discovery of the route is necessary by the hosts on the subnet.

So I ask: Does your network topology really need to be able to discover 
tunnel(s) ?   Routing protocols exist for this very application, but 
they generally are to allow two routers to discover each others routes, 
not for hosts to discover routes.  Its not clear if the issue of route 
discovery is really your problem or just the subnets aren't configured 
correctly ?

Darryl

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] tc -s class problem (with cbq only)

[arek]

 > I have changed kernel to 2.2.22 and have a problem:
 >
 > #tc -s class ls dev eth3
 > and
 > #tc show class dev eth3
 > and
 > #tc -s -d class ls dev eth3
 >
 > shows me NOTHING when i use CBQ queues on interface !!!

 I found where is a problem,,, It occurs only when i use only in one or more
class a TBF queue discipline.

 Even when i use the sample from LARTC.org script.

 Instead of : (the actual CBQ script)
 ##tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
 i use a tbf queue:
 #tc qdisc add dev $DEV parent 1:20 handle 30: tbf rate 20kbit
 buffer 1600 limit 3000


 and after that
 tc -s class ls dev $DEV shows NOTHING !!!

 if I use a SFQ queue, tc -s class ls dev $DEV works OK.

 I'm not doing some stupid mistake on that...

 A.Binder

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!

[Greg Freeman]

 Thanks Patrick,
But I am not sure if it is possible to apply it to the embedded Linux . 


-Original Message-
From: Patrick McHardy [mailto:[EMAIL PROTECTED] 
Sent: Thursday, December 04, 2003 5:42 PM
To: Greg Freeman
Subject: Re: [LARTC] $100 USD to the first person that can provide the
rules/scripts that will solve the QOS latency & bandwidth allocation
issue 

See trash.net/~kabet/hfsc for a packet scheduler which allows delay and
bandwidth decoupling.
Maybe that helps.

Regards,
Patrick

Greg Freeman wrote:

> To stress the urgency and importance of my questions,  I am willing to

> pay $100 to the first person that can provide me with the scripts/ 
> rules that will work in my SnapGear firewalls that will solve the 
> problems I am having.
>  
> Please see the following post:
>  
>  
> Linux QOS and  prioritization of real-time data (RTP/VoIP)
>  
> Thank you!




___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Split bandwidth equally per IP

[Mihai Vlad]

Hello Martin, 

I have recently read your howto from:
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Traffi
c-Control-HOWTO.html

I quote: 

"Of the many types of contention for network bandwidth, this is one of the
easier types of contention to address in general. By using the SFQ qdisc,
traffic in a particular queue can be separated into flows, each of which
will be serviced fairly (inside that queue). Well-behaved applications (and
users) will find that using SFQ and ESFQ are sufficient for most sharing
needs. 

The Achilles heel of these fair queuing algorithms is a misbehaving user or
application which opens many connections simultaneously (e.g., eMule,
eDonkey, Kazaa). By creating a large number of individual flows, the
application can dominate slots in the fair queuing algorithm. Restated, the
fair queuing algorithm has no idea that a single application is generating
the majority of the flows, and cannot penalize the user. Other methods are
called for."







Can you post a real script using esfq, that splits the bandwidth equally per
IP? 

The documentation on esfq is scarce and I have no idea where to start from.

Thanks again for your time.








-Original Message-
From: Martin A. Brown [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 05, 2003 7:03 PM
To: Mihai Vlad
Cc: [EMAIL PROTECTED]
Subject: RE: [LARTC] Split bandwidth equally per IP

Achtung!  There is already an esfq qdisc [0] which does this!  This patch
may be a good one, but since esfq already exists, perhaps you could try
that instead.

-Martin

 [0] http://www.ssi.bg/~alex/esfq/index.html

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] track tunnel connections

[petrch]

hello,

I have this:

publicIP(server)-netA--internet(netC)--netB--172.26.3.0/24

I have tunnel between netA and netB. The tunnel is
for manage some network devices what are using
private IP from network 172.26.3.0/24.
Now if I ping from publicIP (it could be server
with nagios). Echo request
packet is routed through tunnel and reaches 172.26.3.1(device)
but echo reply is routed via default route on netB gateway
and NATed out to internet.

Question: Could I somehow discover that echo request traveled
by tunnel so reply should take same way?

Petr Chloupek
[EMAIL PROTECTED]
All work and no play makes Jack a dull boy.
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS d s:--- a- C++(+++)$ UL+++$>$ P++$ L+++$>$ E-@ [EMAIL PROTECTED] N+
o? K w++> O- M-@ V? PS+ [EMAIL PROTECTED] Y+() PGP+@ t(+) 5? !X@ R(++)>-@ tv-- b++@
DI+ D+ G+ e+ h r+++ y
--END GEEK CODE BLOCK--

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imprecision in bandwidth measurement

[Patrick McHardy]

Tilman Giese (Global View) wrote:
Hi,

I am experiencing a curious phenomenon. I limited the bandwidth for a 
specific client to 750KBit. It works well despite of the fact that the 
client always gets a little bit more bandwidth (around 770KBit to 
780KBit). I used different bandwidth and traffic measurement tools like 
ntop, nettimer or ipac. All show the same, a little bit more bandwidth 
than allowed. The factor by which the specified bandwidth is increased 
seems to be proportional to the specified bandwidth. But where is the 
problem. Is it only a different way of traffic measurement or is this a 
bug? Maybe, does it depend on some command arguments to create the classes?


tc uses 1024 instead of 1000 as factor for kbit (1024^2 for mbit). 
Usually when talking about network equipment kbit means 1000bit/s
and mbit means 100bit/s. In your case, 750*24bit/s = 18000bit/s off.
The iproute-rates patch at trash.net/~kaber/hfsc is meant to fix this.

Best regards,
Patrick
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imprecision in bandwidth measurement

[Stef Coene]

On Friday 05 December 2003 18:23, Tilman Giese (Global View) wrote:
> Stef Coene wrote:
> >Can you post us your tc commands ?
>
> # tc qdisc add dev eth0 root handle 1: cbq bandwidth 10MBit allot 1514
> cell 8 avpkt 1000 mpu 64
> # tc filter add dev eth0 parent 1:0 prio 5 protocol ip u32
>
> # tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10MBit rate
> 10MBit allot 1514 cell 8 weight 1MBit prio 5 maxburst 20 avpkt 1000 bounded
> # tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 750KBit
> rate 750KBit avpkt 1000 cell 8 prio 5 allot 1514 weight 75KBit maxburst
> 21 bounded
> # tc class add dev eth0 parent 1:2 classid 1:3 cbq bandwidth 750KBit
> rate 50KBit avpkt 1000 cell 8 prio 5 allot 1514 weight 5KBit maxburst 21
>
> # tc filter add dev eth0 parent 1: prio 5 u32 match ip src
> 192.168.0.33/32 flowid 1:3
I don't see any error in your scripts.  I did some tests myself and this is 
the result :
http://docum.org/stef.coene/qos/tests/cbq/bounded/bounded.html
I had the same result.  The bandwidth you get is a bit more then the 
configured rate.

Stef

-- 
[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.openprojects.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Split bandwidth equally per IP

[jzeeff]

Good point, what has to be done to make this part of the standard linux
kernel distribution?


> 
> Achtung!  There is already an esfq qdisc [0] which does this!  This patch
> may be a good one, but since esfq already exists, perhaps you could try
> that instead.
> 
> -Martin
> 
>  [0] http://www.ssi.bg/~alex/esfq/index.html

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imprecision in bandwidth measurement

[Tilman Giese (Global View)]

Stef Coene wrote:

Can you post us your tc commands ?
 

# tc qdisc add dev eth0 root handle 1: cbq bandwidth 10MBit allot 1514 
cell 8 avpkt 1000 mpu 64
# tc filter add dev eth0 parent 1:0 prio 5 protocol ip u32

# tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10MBit rate 
10MBit allot 1514 cell 8 weight 1MBit prio 5 maxburst 20 avpkt 1000 bounded
# tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 750KBit 
rate 750KBit avpkt 1000 cell 8 prio 5 allot 1514 weight 75KBit maxburst 
21 bounded
# tc class add dev eth0 parent 1:2 classid 1:3 cbq bandwidth 750KBit 
rate 50KBit avpkt 1000 cell 8 prio 5 allot 1514 weight 5KBit maxburst 21

# tc filter add dev eth0 parent 1: prio 5 u32 match ip src 
192.168.0.33/32 flowid 1:3

Tilman



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imprecision in bandwidth measurement

[Stef Coene]

On Friday 05 December 2003 17:51, Tilman Giese (Global View) wrote:
> Hi,
>
> I am experiencing a curious phenomenon. I limited the bandwidth for a
> specific client to 750KBit. It works well despite of the fact that the
> client always gets a little bit more bandwidth (around 770KBit to
> 780KBit). I used different bandwidth and traffic measurement tools like
> ntop, nettimer or ipac. All show the same, a little bit more bandwidth
> than allowed. The factor by which the specified bandwidth is increased
> seems to be proportional to the specified bandwidth. But where is the
> problem. Is it only a different way of traffic measurement or is this a
> bug? Maybe, does it depend on some command arguments to create the classes?
Can you post us your tc commands ?

Stef

-- 
[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
 http://www.docum.org/
 #lartc @ irc.openprojects.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Split bandwidth equally per IP

[Martin A. Brown]

Hello,

 : In fact letting HTB calculate itself the burst parameter, and
 : hard-coding the quantum parameter for each leaf class (as Stef
 : suggested), made the traffic shaping much more accurate than it was
 : before. (especially the quantum settings > 1500).

That Stef guy!  Always making good suggestions.

 : I will make the changes in sch_sfq.c and keeep you all informed with
 : the results.

Achtung!  There is already an esfq qdisc [0] which does this!  This patch
may be a good one, but since esfq already exists, perhaps you could try
that instead.

-Martin

 [0] http://www.ssi.bg/~alex/esfq/index.html

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] imprecision in bandwidth measurement

[Tilman Giese (Global View)]

Hi,

I am experiencing a curious phenomenon. I limited the bandwidth for a 
specific client to 750KBit. It works well despite of the fact that the 
client always gets a little bit more bandwidth (around 770KBit to 
780KBit). I used different bandwidth and traffic measurement tools like 
ntop, nettimer or ipac. All show the same, a little bit more bandwidth 
than allowed. The factor by which the specified bandwidth is increased 
seems to be proportional to the specified bandwidth. But where is the 
problem. Is it only a different way of traffic measurement or is this a 
bug? Maybe, does it depend on some command arguments to create the classes?

Tilman

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Split bandwidth equally per IP

[Mihai Vlad]

Thanks very much for this reply.

In fact letting HTB calculate itself the burst parameter, and hard-coding
the quantum parameter for each leaf class (as Stef suggested), made the
traffic shaping much more accurate than it was before. (especially the
quantum settings > 1500).

I will make the changes in sch_sfq.c and keeep you all informed with the
results.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 05, 2003 5:19 PM
To: Stef Coene
Cc: Mihai Vlad; [EMAIL PROTECTED]
Subject: Re: [LARTC] Split bandwidth equally per IP


Here are my untested (but simple) changes to SFQ to make it share 
outgoing bandwidth "fairly" per ip address (roughly, per local user) instead
of
being susceptible to being tricked by users with many connections.  Don't
use
this on the wrong side of a NAT box where there is only one source ip
address 
in use.

In net/sched/sch_sfq.c:

Change:

h = iph->daddr;
h2 = iph->saddr^iph->protocol;
if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
(iph->protocol == IPPROTO_TCP ||
 iph->protocol == IPPROTO_UDP ||
 iph->protocol == IPPROTO_ESP))
h2 ^= *(((u32*)iph) + iph->ihl);
break;

To:
h = h2 = iph->saddr;
break;




___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Split bandwidth equally per IP

[jzeeff]

Here are my untested (but simple) changes to SFQ to make it "fair" on a per
ip basis.  I believe that this is actually what most people want - equal
bandwidth among a number of users without being tricked by users using many
connections.


In net/sched/sch_sfq.c:

h = iph->daddr;
h2 = iph->saddr^iph->protocol;
if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
(iph->protocol == IPPROTO_TCP ||
 iph->protocol == IPPROTO_UDP ||
 iph->protocol == IPPROTO_ESP))
h2 ^= *(((u32*)iph) + iph->ihl);
break;

change to:

h = iph->daddr;
h2 = iph->saddr^iph->protocol;
if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
(iph->protocol == IPPROTO_TCP ||
 iph->protocol == IPPROTO_UDP ||
 iph->protocol == IPPROTO_ESP))
h2 ^= *(((u32*)iph) + iph->ihl);
break;

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] RE: Linux QOS help

[Greg Freeman]

 

-Original Message-
From: Teemu Korpela [mailto:[EMAIL PROTECTED] 
Sent: Thursday, December 04, 2003 9:17 PM
To: Greg Freeman
Subject: RE: Linux QOS help

On Thu, 4 Dec 2003 08:47:27 -0900, Greg Freeman wrote
> Looking at the support report on the firewall (list all sorts of
> stuff) I saw this..
> 
> ifconfig -a
> eth0  Link encap:Ethernet  HWaddr 00:D0:CF:01:A6:52  
>   inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:20061386 errors:206047 dropped:5857547
> overruns:138637 frame:0
>   TX packets:8390751 errors:0 dropped:0 overruns:1 carrier:0
>   collisions:0 txqueuelen:100 
>   Interrupt:5
> 
> Note the number of errors on this Lan interface,  these are read
errors?
> Is it common to have this many of dropped and overrun packets on a LAN

> side?

It's not common. I just checked one linux router with half-duplex and
another with full-duplex ethernet connection and error counters were
zero (except half-duplex interface which had small amount of collisions,
but that's normal). Both routers have been running several months now.

Maybe your problems is this and not QOS-troubles? The amount of errors
and dropped frames is way too high compared to amount of received frames
and there is packet loss. One reason for this might be excessive CPU
load when you are using ipsec and transferring bulk data like files
across the link. 
CPU time shortage causes dropping of ethernet frames when receiving.
What hardware are you using in corp side firewall?

-- 
Teemu

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Split bandwidth equally per IP

[jzeeff]

Here are my untested (but simple) changes to SFQ to make it share 
outgoing bandwidth "fairly" per ip address (roughly, per local user) instead of
being susceptible to being tricked by users with many connections.  Don't use
this on the wrong side of a NAT box where there is only one source ip address 
in use.

In net/sched/sch_sfq.c:

Change:

h = iph->daddr;
h2 = iph->saddr^iph->protocol;
if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
(iph->protocol == IPPROTO_TCP ||
 iph->protocol == IPPROTO_UDP ||
 iph->protocol == IPPROTO_ESP))
h2 ^= *(((u32*)iph) + iph->ihl);
break;

To:
h = h2 = iph->saddr;
break;


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] tc -s class problem (with cbq only)

[arek]

I have changed kernel to 2.2.22 and have a problem:

#tc -s class ls dev eth3
and
#tc show class dev eth3
and
#tc -s -d class ls dev eth3

shows me NOTHING when i use CBQ queues on interface !!!

i can olny watch queues (QDISC) with:
#tc -s qdisc ls dev eth3
(this is working OK, as earlier)

I tried many of tc bin's (from devik, compiled, old , etc) - nothing help.

the tc -s class ls dev eth0 works fine, when i used HTB queues.

How to solve that problem ?

this is trace of problem:
open("/proc/net/psched", O_RDONLY)  = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(3, "000c8000 000f4240 000f4240 0"..., 4096) = 36
close(3)= 0
munmap(0x40014000, 4096)= 0
socket(PF_NETLINK, SOCK_RAW, 0) = 3
bind(3, {sin_family=AF_NETLINK, {sa_family=16,
sa_data="[EMAIL PROTECTED]"}, 12) = 0
getsockname(3, {sin_family=AF_NETLINK, {sa_family=16,
sa_data="q\3375<[EMAIL PROTECTED]"}, [12]) = 0
time(NULL)  = 1070634212
sendto(3, "\24\0\0\0\22\0\1\3\345\224\320?\0\0\0\0\0006\1@", 20, 0,
{sin_family=AF_NETLINK, {sa_family=16,
sa_data="\0\0\0\0\0\0\0\0\0\0\24\0\0\0"}, 12) = 20
recvmsg(3, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16,
sa_data="\21\300\0\0\0\0\0\0\0\0\264\0\0\0"},
msg_iov(1)=[{"\264\0\0\0\20\0\2\0\345\224\320?5
recvmsg(3, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16,
sa_data="\301\367\0\0\0\0\0\0\0\0\24\0\0\0"},
msg_iov(1)=[{"\24\0\0\0\3\0\2\0\345\224\320?5<\
sendmsg(3, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16,
sa_data="\0\0\0\0\0\0\0\0\0\0$\0\0\0"},
msg_iov(2)=[{"$\0\0\0*\0\1\3\346\224\320?\0\0\0\0", 1
recvmsg(3, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16,
sa_data="\301\367\0\0\0\0\0\0\0\0\24\0\0\0"},
msg_iov(1)=[{"\24\0\0\0\3\0\2\0\346\224\320?5<\
_exit(0)= ?
Why does it exit's here ?? if i'm sure that there are queues/classes on that
interface:
here i past them :
# tc -s qdisc ls dev eth3 |head -n 10
qdisc tbf 84e3: rate 160Kbit burst 300Kb peakrate 10Mbit minburst 1600b lat
189.2ms
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

 qdisc tbf 84e2: rate 640Kbit burst 300Kb peakrate 10Mbit minburst 1600b lat
189.2ms
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

 qdisc tbf 84e1: rate 150Kbit burst 300Kb peakrate 10Mbit minburst 1600b lat
189.2ms
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

 qdisc tbf 84e0: rate 600Kbit burst 300Kb peakrate 10Mbit minburst 1600b lat
189.2ms



PLEASE HELP ME !


A.Binder

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Aliases and Multipath

[Guillermo Gomez]

Thanks guys for such quick response :) coool

Well let me go deeper now with my routing issuess.

My desirable topology is:

LAN  Linux Box  eth0-- dsl router (dhcp)
eth0:1  -- Frame Router ISP1 (fixed ip range)
eth0:2  -- Frame Router ISP2 (fixed ip range)

Then i would config:

eth0according dhcp server aa.aa.aa.aa
eth0:1  xx.xx.xx.xx
eth0:2  yy.yy.yy.yy

The idea is to balance the outgoing traffic through the three ISPs. One
little trouble is dhcp renewal (it always tries to set the default
gateway, anyone knows how to avoid that? i could find out from
dhcp-client-leases and then configure myself at the right place at the
right moment).

According to the FAQ i need to guarantee first that any request from
eth0 IPADDR goes to the right gateway and so on with eth0:1 and eth0:2
(that's reasonable).

After that i would do the multipath config. The question goes now with
the NAT stuff, how can i do the SNAT after balancing the traffic with
the multipath routing? I can't do:

iptables -t nat -A POSTROUTING -o eth0   -j SNAT aa.aa.aa.aa
iptables -t nat -A POSTROUTING -o eth0:1 -j SNAT xx.xx.xx.xx
iptables -t nat -A POSTROUTING -o eth0:2 -j SNAT yy.yy.yy.yy

iptables just does not likes eth0:1 neither eth0:2, is this the right
behaviour of iptables or what? i read something about NAT in advance
routing engine but never used before and i'm little confuse on how it
works. Will it crash with iptables NAT engine?

Just to finish to build the router i need to do DNAT for my internal
servers but that's trivial with iptables but anyway it would be great to
know how to do it with a single tool (don't need to do firewalling in
this machine so far, just routing and stateless nat, our should it be
statefull? h need to think about).

Heeey, does anyone knows if someone has translated the LARTC-FAQs to
Spanish? I could do that :) I would like to contribute...

Kind regards

Guillermo

-- 
Guillermo Gomez <[EMAIL PROTECTED]>
neotech

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: AW: [LARTC] How to route and queue, based on iptables marked packets, at the same time?

[Robert Kurjata]

Witaj Jan,

W Twoim liście datowanym 5 grudnia 2003 (11:23:25) można przeczytać:

JG> Hi,

>> Yes, you can. You can do marking in output and it will make a
>> difference in routing. Just use the -mangle- tables.

>> Checked and verified. I use it.

JG> Can I mark the packets in the POSTROUTING table again to influence the queuing?

JG> thx,
JG> Jan Gerritsen
JG> 
˙˙˙Ë™¨ĄŠx%ŠË,SůšŠYšź÷lőŻç–m§˙˙™¨Ą™©˙vĎZţy™¨Ą™©˙–+-ŠwčţV«µÁÎY3˙†Űi˙˙ĺj»\ţŠŕ

As I already said Yes.

-- 
Pozdrowienia,
 Robertmailto:[EMAIL PROTECTED]
,S
f˘–)ŕ–+-ü°L)šŠYšťŰ=jya¶Úţf˘–f§vĎZž_ćj)fjĺŠËbťú?•Şíps–Lčm¶ź˙•ŞírŠŕ

[LARTC] Linux, RFC2697 and RFC2698

[Stéphane]

Hi,

Do you know if Linux supports the RFC2697 et RFC2698 ?

Thanks,

Steph

__
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

AW: [LARTC] How to route and queue, based on iptables marked packets, at the same time?

[Jan Gerritsen]

Hi,

> Yes, you can. You can do marking in output and it will make a
> difference in routing. Just use the -mangle- tables.

> Checked and verified. I use it.

Can I mark the packets in the POSTROUTING table again to influence the queuing?

thx,
Jan Gerritsen
ŔE0¦j)bž   b˛ßË
™¨Ą™©ÝłÖ§–m§˙ćj)fjwlő©ĺţf˘–f§ţX¬¶)ߣůZ®×9dΆŰi˙ůZ®×(®

Re: [LARTC] forwarding in tcng

[Johan Cimen]

On Fri, 5 Dec 2003, Martin A. Brown wrote:

Hi Martin.

> Johan,
>  : I have read the tcng reference manual and cannot find information about
>  : forwarding. Is it possible to farward packets from ingress to egress
>  : without sending them upwards in layers?
>  :
>  : NIC>ingress>forward->egress>
>
> The reason you find no information about forwarding in the tcng manual, is
> that forwarding doesn't happen in the traffic control layer of the Linux
> IP stack.

I realised this after I had done some research on forwarding on the
Internet. :)  Thanks!!

> As far as I know, there's no way to prevent a packet from being
> passed up to the kernel bridge or routing code.  So, since you are
> probably using this machine as a router, you'll want to take a look at the
> KPTD at Stef's site [0].

Actually Im going to build a testplatform, where Im using a Wireless LAN,
BSS-topology with a central station (AP) to controll downlink. Dependent
on link quality, the AP is going to give access to the radio interface.
Stations are using a network card driver that includes the link quality
into the ttl_field. The ttl_field was availabla :)
At ingress I want to filter packets that are giving information about the
link quality. Value 0x81 is indicating that information about the link
quality is available.

>
> Makes sense.
>
>  : dev eth1 {
>  :$P = bucket(rate 1Mbps, burst 2kB, mpu 64B);
>  :ingress {
>  :class (<>)
>  :if ((ip_ttl & 0x81) == 0x81) &&
>  :(conform $p && count $P);
>
> Did you really mean to "confirm $p && count $P"?  I'd think that was meant
> to be "conform $P && count $P".

It was ment to be "conform $P && count $P".

>  :egress {
>  :class (<$high>) if (((ip_ttl & 0x1E) >> 1) <= 0x0F) &&
>  :(((ip_ttl & 0x1E) >> 1) >= 0x0C);
>
> Neat bit math (here and above).  I'm going to stick this one in my bag of
> tricks.

Thanks :)

>
> [ snip ]
>
>  : If forwarding is not possible can I use hash table with tcindex to store
>  : information at ingress, and use this information at egress?
>
> I'm not completely certain what your intent is with this hash table, but I
> think the answer to your general question is yes.  One of the points of
> tcindex is that you don't need to run through the same sets of tests on
> ingress and egress; tcindex is designed to be reusable packet metadata
> during a packet's lifetime on a given host.  You may find that Leonardo
> Balliache's DiffServ pages can help you with the Linux DiffServ
> architecture, in particular, tcindex [1].

I need a table with information of available stations and their link
quality for tests, where I am going to generate packets from AP to
stations with good quality. I think I have to use tcindex.

>
> If this is not helpful, try the LARTC HOWTO [2] on DSMARK (and tcindex),
> and then try a few of Werner's papers [3].
>
> Failing all of that, you might try asking this list again, or checking out
> the (fairly inactive) Linux-DiffServ mailing list [4].
>
> -Martin
>
>  [0] http://www.docum.org/stef.coene/qos/kptd/
>  [1] http://opalsoft.net/qos/DS.htm
>  http://opalsoft.net/qos/DS-210.htm
>  [2] http://lartc.org/howto/lartc.adv-qdisc.dsmark.html
>  [3] http://www.almesberger.net/cv/papers.html
>  http://www.almesberger.net/cv/papers/dsid-01.ps.gz

They have done a great job.

>  [4] http://diffserv.sourceforge.net/#list
>

Thank you Martin for this information.

/Johan Cimen
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/