Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network
Hi, Now I get my chance to look at this approach again. I took a look at your diagram, I have got questions:- (1) For Router A, eth0 is xxx.yyy.zzz.ttt, eth1 192.168.1.1/24. So, which interface holds the IP of 192.168.3.1/30? Same ad Router B... (2) For Router B, eth0 is bbb.ccc.ddd.eee, eth1 192.168.2.1/24. So, which interface holds the IP of 192.168.3.2/30? Please advice. Thank you. Calvin - Original Message - From: "Claudiu Pruna" <[EMAIL PROTECTED]> To: "kaiwen" <[EMAIL PROTECTED]> Sent: Monday, February 16, 2004 4:52 PM Subject: Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network > The point is that I am not sure that tunneling will cross nat, if the > middle router is doing nat for your lan, if it does, than I suggest > using other kind of tunneling, like openvpn which you can find at > http://openvpn.sf.net. What I want to say is that best for you is to > have both ends of the tunnel on routers with routable ip's. So let's > consider this: > > > 192.168.1.1/24 xxx.yyy.zzz.ttt bbb.ccc.ddd.eee > eth1 eth1 > +-+ +--+ eth0 eth0+--+ +-+ > | Lan1|<->| Router A | <> | Router B |<->|LAN 2| > +-+ +--+INTERNET+--+ +-+ > 192.168.2.1/24 >^ ^ >| IPIP Tunnel | >+===+ > 192.168.3.1/30 192.168.3.2/30 > > > On router A: > ip tunnel add mylan local xxx.yyy.zzz.ttt remote bbb.ccc.ddd.eee ttl 255 > ip address add mylan 192.168.3.1 peer 192.168.3.2 dev mylan > ip link set mylan up > ip route add 192.168.2.0/24 via 192.168.3.2 > > > On router B: > ip tunnel add mylan local bbb.ccc.ddd.eee remote xxx.yyy.zzz.ttt ttl 255 > ip address add mylan 192.168.3.2 peer 192.168.3.1 dev mylan > ip link set mylan up > ip route add 192.168.1.0/24 via 192.168.3.1 > > > > The ideea is that the new crated interfaces (tunnel ends) have their ip > address which are used as gateways to reach the other end LAN > > > > If you don't have root access on Router B, than the solution left is > another router (Router C) between Router B and LAN 2. And here you have > two cases: > > 1) If Router C will have routable ip address, than, everithing is as > above, but you do all the mess on Router C instead of Router B. > > 2) If Router C is behind NAT, than you shure do have to check on openvpn > or some other kind of tunneling that works on sockets and which pass > through nat, and considering you use openvpn, on router A use the > "--float" option and don't specify an remote address. > > > That's about it. > > Bye > > > On Fri, 2004-02-13 at 12:27, kaiwen wrote: > > Hi, > > > > Hmmm, I will go on testing with Network Diagram B, hwre ethere is a presence > > of a third router. > > My first try on testing shows failure. I can see activity in Tx, but not Rx. > > > > Question: > > (1) If it is a Tunnel, is setting up proper route between those routers > > important? > > > > Sorry for late reply, was bz with some other stuffs. WIll get back wif any > > new findings :) > > > > Thank you > > Calvin > > > > - Original Message - > > From: "Claudiu Pruna" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Tuesday, February 10, 2004 3:00 PM > > Subject: [LARTC] Testing IP Tunnel (IPIP) on Private Network > > > > > > > The problem is that each router on each end of a tunnel, respectively > > > decapsulating the ip packets received from its tunnel peer end, so if > > > you can configure only one router, there is no one to decapsulate the > > > tunneling information received from router A. A good try for you should > > > be trying a third router as you have mentioned, behind the router you > > > don't have access to > > > > > > Hi,=20 > > > > > > Does IP Tunnel (IPIP) works on Provate Network. > > > > > > I read some howtos, most network which implement IP Tunnel (IPIP) are as = > > > below:- > > > > > > (LAN) Router A - Internet --- Router B (LAN)=20 > > > > > > (1) IP Tunnel is build up from Router A to Router B > > > (2) Host behind Router A can communicate with host behind Router B > > > > > > Looking at this network, I have to configure 2 Routers, both uses = > > > different Gateway to Internet. > > > The problem is, I have access to only one Router. :( > > > > > > > > > > > > Can I simulate IP Tunnel using the following Network? > > > > > > (LAN) Router A - Router C --- Router B (LAN)=20 > > > > > > (1) All routers ar on Private Network > > > (2) Using 3 Routers, I can segment 3 networks > > > (3) IP Tunnel is build from ROuter A to ROuter B > > > > > > Please advice. Let me know if I got Ip Tunnel (using IPIP) concept = > > > wrong.=20 > > > I tried on the sec
[LARTC] tcng version 9j
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9j.tar.gz md5sum d0f0b1b20a6711f447d5321138ab5852 See also http://tcng.sourceforge.net/ This is a maintenance release that mainly synchronizes with current 2.4 kernels. The complete list of changes is below. - Werner --- CHANGES --- Version 9j (26-FEB-2004) - Makefile: targets "tcc" and "tcsim" depend also on "shared" (reported by Mustafa Ogun) - configure is compatible with 2.4.24 and 2.4.25 - scripts/compatibility.sh: added 2.4.23, 2.4.24, and 2.4.25 - minksrc.sh now only extracts kernel source from tarball if the source has not already been extracted - moved progress reporting from "configure" to "minksrc.sh" - "make clean" now also removes temporary files of "configure" -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] port prio ?
Hi ! I have a LAN (100MB switched) with 1 server and 20 clients (all running RH9). I am running VoIP on the LAN together with all other kind of traffic (ssh,nfs...). I would like to prioritize my VoIP traffic (one port) and let all the other traffic take what is left of bandwidth. I have had a look at the mailinglist and looks that HTB on outgoing traffic (server and clients) could do the work. What is the best way to do this (is it HTB?). Would it steal much capacity (CPU/RAM) ? Any pointers / examples ? The server have two interfaces, one connected to the LAN and the other used for remote access. Any problems with more interfaces (the other interface should not be part of any shaping) ? Br Jan Terje ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] HFSC
hmm HFSC ? where can i find more informations and examples about the *linux* HFSC ? http://trash.net/~kaber/hfsc/ does not help here -- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] RE: Anyone using PCI/USB xDSL under Linux?
First, I'm new to Linux and firewalls, and newer still to this mailing list (2nd day receiving it). I am a member on the IPCops.net BBS, and I do see quite a few questions about installing broadband modems. It seems that even thou support for connecting to a DSL modem via USB port is getting better, the same support is not there as it is for an ethernet connection. If you go to www.ipcops.net, and post a question in the SUPPORT FORUMS > Miscellaneous Forums > Linux in General section there may be a couple people that can help with the information, and maybe in the DEV FORUM as well. You may want to try LinuxQuestions.org as well. Mike (a.k.a. AWEV) __ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Wan Simulation / Bw/Latency testing
Hi, i have a question if linux is able to do the same thing that commercial wan simulators do (which cost 7000 $ or more). Basicly i want to use the following setup. Linux Router Machine 192.168.0.1 192.168.1.1 Eth0 192.168.10.1 Eth5 192.168.2.1 Eth1 192.168.100.1 WEB Server. 192.168.3.1 Eth2 192.168.4.1 Eth3 192.168.5.1 Eth4 --- |Incoming Interfaces Ext If |Test Clients | -> | Eth0 256 kbit, 250 ms latEth5 -> 100 mbit net |_| | Eth1 512 kbit, 100 ms latEth5 -> 100 mbit net | Eth2 1 mbit,50 ms latEth5 -> 100 mbit net | Eth3 2 mbit,40 ms latEth5 -> 100 mbit net | Eth4 10 mbit, 10 ms latEth5 -> 100 mbit net Basicly i want to be able from the test client to access a web application on the 100 mbit network but with a latency and bandwidth that simulates different WAN links. So for instance i want to be able from the test client to set default gw, any of the incoming interfaces in the linux machine. Then i want to send a HTTP request from 192.168.0.1 Client to 192.168.100.1 Server, and get the bandwidth restricted and also that the linux box shall add latency on all packets going through. Another "Wish/Feature" is that from the test client, it shall be possible to send the Web Request against any of the incoming interfaces with a PORT specification, for instance 192.168.4.1:8080 and it will be rerouted to192.168.100.1:8080 with the added latency and bandwidth restriction. Am i completely lost here, or is it so that this is possible to do in Linux ?? Best Regards Jonas Persson, Performance Analyst ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: SMP and tc
Andreas Hess wrote: > I wonder if anyone has run tc on an e.g. dual processor system? As > far as I know under linux-2.6 it is possible that two processors > receive and process packets of one NIC. Is this right? And if yes, > does it work fine? Yes, it is working fine. There are several locks in packet processing code that span all processors though, so it's not entirely separate, only mostly so. -- Naked ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SMP and tc
At 23:42 25/02/2004, Andreas Hess wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I wonder if anyone has run tc on an e.g. dual processor system? Yep, I use tc on a PII-233 with two processors running Kernel 2.4.25, with no problems... As far as I know under linux-2.6 it is possible that two processors receive and process packets of one NIC. Is this right? And if yes, does it work fine? ?? Not sure what you mean by does it work fine. Do you mean does it work as well as a single processor machine, or are you expecting some kind of performance increase ? (And if so, how would you measure it anyway) Regards, Simon ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB classes and SFQ qdiscs showing 0 sent bytes
At 00:24 25/02/2004, Animesh Bansriyar wrote: Hi All, I have set up a test script to limit incoming connections to my Network Server like this. Running SuSE Linux Professional 8.2. The snippet from my script is: SNIP # Adding some filters tc filter add dev eth0 protocol ip parent 1:2 prio 1 u32 \ match ip src 192.168.1.1/24 classid 1:2 tc filter add dev eth0 protocol ip parent 1:3 prio 1 u32 \ match ip src 192.168.1.2/24 classid 1:3 tc filter add dev eth0 protocol ip parent 1:4 prio 1 u32 \ match ip src 192.168.1.3/24 classid 1:4 tc filter add dev eth0 protocol ip parent 1:5 prio 1 u32 \ match ip src 192.168.1.4/24 classid 1:5 SNIP Notice the "Sent 0 bytes" for both teh SFQ qdiscs and the HTB classes. I am stuck over here. Please suggest what might be wrong and whether my approach is right. I don't know if this is *all* your problems, but there is a very obvious one here - all four of your ip matches are going to match exactly the SAME thing. (And therefore only one is ever going to match) Why did you put the /24 on the end of the ip address ? That means that you're providing it a netmask, so 192.168.1.1/24 is refering to the entire class C subnet 192.168.1.x. 192.168.1.2/24 also refers to the same class C subnet. If the subnet is a /24 the last octet of the ip address is ignored. If you're really trying to match only on single ip addresses, take off the /24 Regards, Simon ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Neighbour table overflow
At 10:12 25/02/2004, Damjan wrote: > What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > Neighbour table overflow. > NET: 282 messages suppressed. > Neighbour table overflow. ARP table overflow, do you have an interface on your router with a too wide netmask? /16 (255.255.0.0) maybe? Do you have a lot of "(incomplete)" entries in "arp -n"? Check that interface with "tcpdump -i eth? -n arp". Probably some virus or port sniffer tries to scan your network. I've seen neighbour table overflow messages on wireless routers where the wireless interface is not working properly, or is not connected to an access point. It just takes a couple of seconds of trying to ping another machine on a wireless network when you're not connected to the access point successfully and neighbour table overflow will start comming up I never did get to the bottom of what the message means or whether its something to worry about though. (Never see it when the connection is working, so I didn't worry about it) Regards, Simon ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] traffic generator for diffserv test
Hi all, I'm trying to test my diffserv config. I have used iperf but it doesn't have an option to set the rate of generated traffic. Can I do this with ttcp ? Is there a script to generate a continuous traffic with ttcp? Tnx, Gunes __ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] SMP and tc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I wonder if anyone has run tc on an e.g. dual processor system? As far as I know under linux-2.6 it is possible that two processors receive and process packets of one NIC. Is this right? And if yes, does it work fine? Any hint is welcome! Thanks Andreas -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAPHwj68eBr8WIgcgRAiNNAKCXZ8hKf82ABHIpR9kujNsdc7zmMQCePi1A NfsSvu9eXkvFJGf2dZWKbMs= =ZB85 -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Tunnel command
I want to map tcp or udp traffic on a given LSP. How do I have to use the tunnel command ? Do I have to specify the port number ? Can I use other commands to do the same mapping ? Thanks! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
