[LARTC] Difficulties trying to control VOIP traffic with TC - HTB
Hi all: I hope someone can help me with this "little" problem... I'm using a linux script to sub-divide my bandwidth (64kbit) into: 40kbit for VOIP, and the remaining 24kbit for http. So, the commands I'm using are: #!/bin/bash # This script shapes "downloading" stuff # Initial qdisc tc qdisc add dev eth1 root handle 1: htb default 20 r2q 2 # Classes definition tc class add dev eth1 parent 1: classid 1:1 htb rate \ 64kbit ceil 64kbit tc class add dev eth1 parent 1:1 classid 1:10 htb \ rate 40kbit ceil 40kbit prio 0 tc class add dev eth1 parent 1:1 classid 1:20 htb \ rate 24kbit ceil 24kbit prio 1 # Filters # This is filter for VOIP tc filter add dev eth1 protocol ip parent 1:0 prio 1 \ u32 match ip dst 1.2.3.4 flowid 1:10 # Remaining traffic is supossed to go to default 20 class # Script end I reached this script after a lot of investigation and tryings. So, the bandwidth distribution seems to be ok. But here my problem: Every time a person is using VOIP, and another person starts surfing the Internet (from a different IP, of course) at the same time, the sound quality of the VOIP decreases notably. I have priorized VOIP traffic, as it can be seen on "prio 0". I even used IPTABLES statements to set Minimize-Delay to packets coming from VOIP ip address. But every effort seems to be unuseful: Every time someone opens web browser, VOIP sound quality goes down... So, could someone tell me what's wrong about my script?? I know it is possible to get what I'm trying with htb, anyway... Very thanks to everybody. Cheers. Ricardo Soria. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] tc troubles with pfifo_fast qdisc on 2.4.23 kernel
> >Hi! > > I was updated kernel from 2.4.22 to 2.4.23 > and now tc tools can't correctly determine default (pfifo_fast) > qdisc on interface: > > # tc/tc qdisc ls dev ppp0 > qdisc pfifo_fast 0: [Unknown qdisc, optlen=20] > > but, if I assign f.e. cbq qdisc for some device all show correctly: > > # tc/tc qdisc ls dev ppp1 > qdisc tbf 8009: rate 32Kbit burst 10Kb lat 1.5s > qdisc cbq 66: rate 10Mbit (bounded,isolated) prio no-transmit > > what can I do to fix this? Propably you should patch your TC binary with newer, that properly understand your kernel. I have the similar problem when i used ESFQ queue, and then i used some other tc utility for showing queues. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
AW: [LARTC] mangle
Hi, i have two question about the diagram. > The KPTD hosted on docum.org certainly does accurately reflect the > traversal of iptables. Please send corrections if you find something > wrong with the KPTD. This was a collective effort by Leonardo Balliache, > Stef Coene, and some others on this very list. first: what does PDBB stand for? is this the point where the RPDB is asked? second: isn't there a hook between the OUTPUT and the POSTROUTING chain, to handle the routing for packets generated by local processes? Descriped in Figure 3.3.2 from http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH03.web.html thx, Jan Gerritsen ÀE0¦j)b b²ß˨¥©Ý³Ö§m§ÿæj)fjwlõ©åþf¢f§þX¬¶)ߣùZ®×9dÎÛiÿùZ®×(®
RE: [LARTC] mangle
> On Monday, 08 December 2003, at 17:18:52 +0100, > Ronnie Garcia wrote: > > > Please note that this diagram is not valid for iptables. > > > I think you did not interpret the diagram correctly. For "iptables" you > will have to focus just on the BLUE boxes with the CAPITAL names, and > forget about the lowercase ones, that are for "ipchains". My bad, thats right. The diagram is a bit confusing like this, what about drawing two different diagrams, since ipchains and netfilter behave quite differently ? I can send diff's if needed =) Rgds, Ronnie. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] mangle
On Monday, 08 December 2003, at 17:18:52 +0100, Ronnie Garcia wrote: > Please note that this diagram is not valid for iptables. > I think you did not interpret the diagram correctly. For "iptables" you will have to focus just on the BLUE boxes with the CAPITAL names, and forget about the lowercase ones, that are for "ipchains". And each packet entering the box will follow just one path, and this path is determined after the routing stage: any packet going through the box (neither generated nor destined to it) will go the path on the right, though the FORWARD chain of "iptables". From then on the travel is simple to follow. Hope it helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test10-mm1) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCng && (wrr || esfq) ?
Anyone have acomplished this? tcc just gives syntax error :( -- pagarbiai, ArtÅras Ålajus ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] policy routing problem
Hello.. I Use mandrake 9.1 with a custom kernel. Policy routing etc. all routing options selected while compile the kernel (2.4.22).. System is a PC and contain 4 ethernet. eth0, a local subnet. 192.168.0.1 eth1, a ADSL modem. pppoe run this interface and ppp0 already up. Interface numbered as 10.0.0.1 for access modem, and ppp0 masqueraded for outgoing connections (with $IPT -A POST.. -o ppp0 -j MASQUERADE) eth2, connect a FR line with a router and address 195.174.43.34 eth3, connect a DMZ with 212.174.154.128/25 Other hand, we use a /28 block for local subnet. eth2 masquerade packets from local lan to using iptables ... DNAT. ADSL line newly connected, 2048/512 kbps. Only FR line router defined as default gw. This system currently working fine, but don't use ADSL.. I want this reason: All http request use ADSL line. OR Only a machine from DMZ (its a proxy server) use this ADSL line.. I read HOWTO and other sources, and test this commands: echo 200 http >>/etc/iproute2/rttables (!?) ip rule add fwmark 10001 table http ip route add default via 81.215.8.1 table http ip route flush cache iptables -t mangle -A PREROUTING -p tcp --dport 80 \ -j MARK --set-mark 10001 For this state, policy routing don't any effect. ppp0 TX/RX Values same always. I try this rule. ip rule add from 212.174.154.219 table http Wow... This machine can't reach internet for this reason :(( No routing.. I try, cut-edit-paste HOWTO lines. Create table john etc.. But same result :(( I'm confused. You can help me ? Excuse me for poor english :( Thanks.. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] bandwidth lang
Eddie, : Well the thing is I need to learn bandwidth management,fast. : Well I've read a few stuff but the thing is,as I understand,there is : lots of ways and "languages" to use,cbq,htb ens.What is the best and you : now of a howto just for that specific one? This gives some references: http://www.docum.org/stef.coene/qos/faq/cache/46.html I'd recommend learning tcng and using HTB...here's a slightly more hands-on document I have written: http://tldp.org/HOWTO/Traffic-Control-tcng-HTB-HOWTO/ -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] mangle
Whoa!! Back up the truck! : > Check for the Kernel Packet Traveling Diagram at: : > http://www.docum.org/stef.coene/qos/kptd/ : : Please note that this diagram is not valid for iptables. I think I disagree. : When using iptables, packets that are "traversing" the linux box : (forwarded trafic) do not go thru the INPUT and OUTPUT chains. The KPTD hosted on docum.org certainly does accurately reflect the traversal of iptables. Please send corrections if you find something wrong with the KPTD. This was a collective effort by Leonardo Balliache, Stef Coene, and some others on this very list. It doesn't depict the relationship between iptables and bridging, but that is a well-known exception to this diagram. : You'll find an iptable packet traversal diagram at : : http://www.knowplace.org/netfilter/packet_traversal.gif This is a fine picture, too, though, Ron. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] mangle
> On Monday, 08 December 2003, at 15:39:48 +0200, > Eddie wrote: > > > I have a linux gateway box,eth1 internet and eth0 lan > > Now I made my qdisk for eth1 but now I want to mark them with iptables. > > The thing it I dont now wht to use,-A FORWARD or PREROUTING? > > > Check for the Kernel Packet Traveling Diagram at: > http://www.docum.org/stef.coene/qos/kptd/ Please note that this diagram is not valid for iptables. When using iptables, packets that are "traversing" the linux box (forwarded trafic) do not go thru the INPUT and OUTPUT chains. You'll find an iptable packet traversal diagram at : http://www.knowplace.org/netfilter/packet_traversal.gif Rgds, Ronnie. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Multi Routes problem
Hi all i have 2 offices with the distance of 2KM i have fiber connected to other office total 3 links otehr side office connection - so i have installed in linux box 4 ethernet cards 3 fiber links are connected to 3 ports of linux box one is connected to other side of the LAN main office connection --- all 3 fiber links are connected to Switch now i made the the linux box in bridge mode when i try to access from lan, iam able to see the traffic is going only one interface how do i make the traffic to go other interface and load balance to or make one of the interface is main, and rest to back up links once the main link go down, it should automatically shift to other standby links any suugestions hare ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Aliases and Multipath
Got it, thanks Damion It was so easy to think in using directly ethx:y in iptables :( Anyway,my point is that i need to do SNAT in a three ISP environment with multipath routing to balance the outgoing traffic. So far i decided to go with separate Ethernet cards so i will go back to the aliasing thing later. Now i will do NAT with iptables in separate cards in POSTROUTING chain (after routing decision has taken). By the way, what's the behaviour of multipath routing if one of the providers goes down ? Should i take care manually to take it out from the multipath ? Guillermo On Sun, 2003-12-07 at 20:37, Damion de Soto wrote: > Hi Guillermo, > > > iptables just does not likes eth0:1 neither eth0:2, is this the right > > behaviour of iptables or what? i read something about NAT in advance > > routing engine but never used before and i'm little confuse on how it > > works. Will it crash with iptables NAT engine? > As far as I know, the ethX:X terminology is just for ifconfig usage. > Inside the kernel, eth0:1 is exactly the same as eth0. > So for iptables rules, you just use the eth0:1 IP address with eth0. > this is the same way the 'ip' tool works too. > > > Regards, > Damion. > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] mangle
On Monday, 08 December 2003, at 15:39:48 +0200, Eddie wrote: > I have a linux gateway box,eth1 internet and eth0 lan > Now I made my qdisk for eth1 but now I want to mark them with iptables. > The thing it I dont now wht to use,-A FORWARD or PREROUTING? > Check for the Kernel Packet Traveling Diagram at: http://www.docum.org/stef.coene/qos/kptd/ You will see very clearly the path of packets traversing your Linux box, and will be able to know the exact place where to mark traffic. Greetings. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test10-mm1) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] mangle
I mark everything on my internal interface. I have classes for incoming websurfing traffic which I use HTB to control the traffic. This is done on my internal NIC. I also have classes on my external interface which controls my outgoing traffic such as web (port 80) and smtp (port 25). This is done on my external NIC. Mike Fetherston > -Original Message- > From: Eddie [mailto:[EMAIL PROTECTED] > Sent: Monday, December 08, 2003 10:02 AM > To: Mike > Subject: RE: [LARTC] mangle > > So you put all rules on your internal interface? > > On Mon, 2003-12-08 at 16:43, Mike wrote: > > *This message was transferred with a trial version of CommuniGate(tm) > Pro* > > In my case eth1 is my internal NIC. I'm giving certain groups of IP's > > certain amounts of bandwidth. If you're trying to give full bandwidth > > to ssh traffic, you could mark on destination port 22 and assign that > > mark to a flowid with full bandwidth. I believe you would still use the > > PREROUTING table to mark with. > > > > Why do you want to give SSH traffic full bandwidth? > > > > Mike Fetherston > > > > > -Original Message- > > > From: Eddie [mailto:[EMAIL PROTECTED] > > > Sent: Monday, December 08, 2003 9:53 AM > > > To: Mike > > > Subject: RE: [LARTC] mangle > > > > > > ok that is how I have,if eth1 is external,this will shape traffic for > > > all the lan people,right. > > > BUT what do I do to give me full bandwidth when I ssh remotely to work > > > on the box.Will I use OUTPUT?? > > > Thanks,it helped allot:-)realy > > > > > > > > > On Mon, 2003-12-08 at 16:31, Mike wrote: > > > > *This message was transferred with a trial version of > > CommuniGate(tm) > > > Pro* > > > > I've been using PREROUTING to mark packets and it's been working > > very > > > > well. > > > > > > > > iptables -t mangle -I PREROUTING -i eth1 -s $IP --j MARK --set-mark > > 3 > > > > > > > > and if you're using HTB, this command: > > > > > > > > tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 3 fw > > flowid > > > > 1:13 > > > > > > > > will act on those marked packets. It's the 'handle 3' which uses > > the > > > > --set-mark 3. > > > > > > > > Mike Fetherston > > > > > > > > > -Original Message- > > > > > From: Eddie [mailto:[EMAIL PROTECTED] > > > > > Sent: Monday, December 08, 2003 8:40 AM > > > > > To: lartc > > > > > Subject: [LARTC] mangle > > > > > > > > > > Hi all > > > > > I have a linux gateway box,eth1 internet and eth0 lan > > > > > Now I made my qdisk for eth1 but now I want to mark them with > > > > iptables. > > > > > The thing it I dont now wht to use,-A FORWARD or PREROUTING? > > > > > Please can someone help > > > > > thanks > > > > > > > > > > eddie > > > > > > > > > > ___ > > > > > LARTC mailing list / [EMAIL PROTECTED] > > > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > > http://lartc.org/ > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] mangle
Hi all I have a linux gateway box,eth1 internet and eth0 lan Now I made my qdisk for eth1 but now I want to mark them with iptables. The thing it I dont now wht to use,-A FORWARD or PREROUTING? Please can someone help thanks eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Aliases and Multipath
On Thursday, 04 December 2003, at 11:06:58 -0400, Guillermo Gomez wrote: > Does anyone know if i can use ethernet aliases like eth0:1 in advanced > routing like multipath routing in order to avoid to have nxEthernet > interfaces in my Linux box. > I think it is always better to think "in ip terms" instead of "in ifconfig terms" with respect to multiple IP addresses assigned to the same network interface. I don't know exactly for "ifconfig", but the syntax for "ip address" states clearly what seems to be happening behind the scenes: # ip address add 172.16.1.1/24 broad + dev eth1 # ip address add 172.16.2.1/24 broad + dev eth1 # ip address add 172.16.3.1/24 broad + dev eth1 So what you are doing is assigning several IP to the same physical interface, and you deal just with IP, anything else. # ip address show dev eth1 2: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:05:1c:09:f2:14 brd ff:ff:ff:ff:ff:ff inet 192.168.1.12/24 brd 192.168.1.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0 inet 172.16.2.1/24 brd 172.16.2.255 scope global eth0 inet 172.16.3.1/24 brd 172.16.3.255 scope global eth0 Greetings. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test10-mm1) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tc troubles with pfifo_fast qdisc on 2.4.23 kernel
Hi! I was updated kernel from 2.4.22 to 2.4.23 and now tc tools can't correctly determine default (pfifo_fast) qdisc on interface: # tc/tc qdisc ls dev ppp0 qdisc pfifo_fast 0: [Unknown qdisc, optlen=20] but, if I assign f.e. cbq qdisc for some device all show correctly: # tc/tc qdisc ls dev ppp1 qdisc tbf 8009: rate 32Kbit burst 10Kb lat 1.5s qdisc cbq 66: rate 10Mbit (bounded,isolated) prio no-transmit what can I do to fix this? -- Andrey Grebenkov (ANDY-UANIC) ISP "Lucky Net" Network engineerKiev, Ukraine ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] bandwidth lang
Hi all Well the thing is I need to learn bandwidth management,fast. Well I've read a few stuff but the thing is,as I understand,there is lots of ways and "languages" to use,cbq,htb ens.What is the best and you now of a howto just for that specific one? Thanks Eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/