[LARTC] burst according to time limit???
I was wondering if there is a queue with which I could have a regular rate limit at some kbits (say 256kbits) for my ethernet stations, but allow burstable sessions with a multiple limit (512 kbits) for a specific time (say 3 minutes). Of course, this is the same with having bursts of some Megabit buckets (measuring bits and not time), but for such big bursts i think it isn't what i need...
Re: [LARTC] Wondershaper - question
Matthias Lendholt wrote: Those are port lists, not the line speed. They should be more like NOPRIOPORTDST="53 21 22" or similar. Check the docs for more help on it. Hi, I have a question conercing wondershaper. I'm using the Clarkconnect linux distribution for my linux router and I tried to use wondershaper. On start up of wshaper, there are no errors or any other problems but I'm not sure if it's running correctly. Only one qdisc / one class is used and when I start an uplink ftp transfer, my ping time is growing up to 1700ms - I don't think that there is anything shaped oder scheduled. In the wshaper file I set the up- and downlink values and for the p2p I set this: # low priority source ports NOPRIOPORTSRC=4662 # low priority destination ports NOPRIOPORTDST=4662 -- http://www.ivanhawkes.com | ICQ: 173-392-038 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Wondershaper - question
Hi, I have a question conercing wondershaper. I'm using the Clarkconnect linux distribution for my linux router and I tried to use wondershaper. On start up of wshaper, there are no errors or any other problems but I'm not sure if it's running correctly. Only one qdisc / one class is used and when I start an uplink ftp transfer, my ping time is growing up to 1700ms - I don't think that there is anything shaped oder scheduled. In the wshaper file I set the up- and downlink values and for the p2p I set this: # low priority source ports NOPRIOPORTSRC=4662 # low priority destination ports NOPRIOPORTDST=4662 Then i start it: [EMAIL PROTECTED] bin]# wshaper start [EMAIL PROTECTED] bin]# One or two minutes later (with p2p traffic and some pings) i got this: [EMAIL PROTECTED] bin]# wshaper status qdisc ingress : Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 30: quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 20: quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 10: quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit Sent 1116535 bytes 6148 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 624 undertime 0 class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit Sent 1117031 bytes 6154 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 624 undertime 0 class cbq 1:10 parent 1:1 leaf 10: rate 120Kbit prio 1 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 624 undertime 0 class cbq 1:1 parent 1: rate 120Kbit (bounded,isolated) prio 5 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 624 undertime 0 class cbq 1:20 parent 1:1 leaf 20: rate 108Kbit prio 2 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 624 undertime 0 class cbq 1:30 parent 1:1 leaf 30: rate 96Kbit prio 2 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 624 undertime 0 [EMAIL PROTECTED] bin]# As you can see, just qdisc 1: is used. The same behavior after hours of running wshaper; only this one qdisc is used. Has anyone an idea why this happens? Thanks, Matthias Lendholt (Berlin, Germany) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] shaping
Not the answer you're looking for, but why not just specify your total bandwidth being much larger than your interface actually is and then subdividing into your groups? Mike. > -Original Message- > From: Abraham van der Merwe [mailto:[EMAIL PROTECTED] > Sent: Monday, May 31, 2004 8:58 AM > To: Linux Advanced Routing & Traffic Control > Subject: [LARTC] shaping > > Hi! > > Is there any way to do just plain vanilla TBF (Token Buck Filter) type > shaping on a group of ips/networks, not an entire interface. > > Currently the only way I know how to shape in Linux is to use HTB or CBQ, > but both of these need a total rate and then you need to subdivide that > into classes. That is not what I want. All I want is Cisco generic traffic > shaping style shaping (or similar to how the old shaper module worked), > iow > I don't want to specify how much bandwidth I have, I just want to make > sure > that any particular group never exceeds a given rate. > > -- > > Regards > Abraham > > TODAY the Pond! > TOMORROW the World! > -- Frogs (1972) > > ___ > Abraham vd Merwe - Frogfoot Networks CC > 1st Floor, Albion Springs, 183 Main Road, Newlands > Phone: +27 21 689 3873 Cell: +27 82 565 4451 > Http: http://www.frogfoot.net/ Email: [EMAIL PROTECTED] > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] shaping
Hi! Is there any way to do just plain vanilla TBF (Token Buck Filter) type shaping on a group of ips/networks, not an entire interface. Currently the only way I know how to shape in Linux is to use HTB or CBQ, but both of these need a total rate and then you need to subdivide that into classes. That is not what I want. All I want is Cisco generic traffic shaping style shaping (or similar to how the old shaper module worked), iow I don't want to specify how much bandwidth I have, I just want to make sure that any particular group never exceeds a given rate. -- Regards Abraham TODAY the Pond! TOMORROW the World! -- Frogs (1972) ___ Abraham vd Merwe - Frogfoot Networks CC 1st Floor, Albion Springs, 183 Main Road, Newlands Phone: +27 21 689 3873 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/ Email: [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] dsmark qdisc in tc(iproute2)
hi, i am currently working on a project on "design of diffserv testbed in linux". i am using tc utility of iproute2 for it. The qdisc dsmark used for marking the DS codepoint at the first hop router makes number of classes depending on the indices given in the command. But i am not clear how at the first hop router does scheduling takes place. what i mean is if i have two flows, whose packets have been marked by different DSCP, then how to set the order in which they will leave the interface i.e., how to prioritize them . my code at the first hop router is : tc qdisc add dev eth0 handle 1: root dsmark indices 4 tc class change dev eth0 classid 1:1 dsmark mask 0x0 value 0xb8 tc class change dev eth0 classid 1:2 dsmark mask 0x03 value 0x58 tc class change dev eth0 classid 1:3 dsmark mask 0x0 value 0x0 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip dst 144.16.95.66/32 flowid 1:1 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip dst 10.219.80.1/32 flowid 1:2 tc filter add dev eth0 parent 1: protocol ip prio 2 u32 match ip dst 0/0 flowid 1:3 with this code running, i used ethereal to se the DSCP field. My packets were marked properly but i don't how they were scheduled at the interface.What else should i add to this code so that my packets marked with 0xb8 are prioritized compared to other flows or is there some default priority built with respect to DS field? can someone help me out !! Amita Maheshwari ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] modified wondershaper script causes hardlock in server
Damion de Soto wrote: > Hi Morten, >> but after using this modified script, the server would at random >> intervals cease to function, not answering ping, not showing anything in >> the console. No pertinent log entries were made at the time either. > You mean the console would be locked up and not responding ? > Or did you mean you just couldn't find any network errors/logs on the console ? > > If it's locked up completely without a kernel panic or any other kind of error > logged, I would tend to suspect a hardware problem. complete hardlock I did suspect hardware too, but when I moved the harddrive to another box, the problem followed over.. I did move the two rtl8139 adapters too, and after a couple hardlocks, removed one of them and used the integrated controller instead. That seemed to fix it, but the next day it started locking all over again. If I don't use wondershaper, the system is 100% stable. Cheers, -- Morten smime.p7s Description: S/MIME Cryptographic Signature
[LARTC] bonding problem with arp-monitoring
Hello I have two linux machines connected via 2 dsl lines (bonded) 192.168.0.1-eth0-dsl---2Mbit---dsl-eth0-192.168.0.2 ^-eth1-dsl---2Mbit---dsl-eth1-^ so the final figure is something like this: 192.168.0.1-bond0---4Mbit---bond0-192.168.0.2 I can only use arp monitoring for fail checking - if one dsl line fails - automatically use only the other one. I set up everything correctly (i think), but it doesn't seem to work. When one of the links fails it doesn't detect it at all: # cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v2.6.0 (January 14, 2004) Bonding Mode: load balancing (round-robin) MII Status: up MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth0 MII Status: up Link Failure Count: 0 Permanent HW addr: 00:80:1e:13:41:03 Slave Interface: eth1 MII Status: up Link Failure Count: 0 Permanent HW addr: 00:80:1e:13:39:05 both machines are running 2.4.26 kernel the configuration for both is the same (only the IPs are different): modules.conf: alias bond0 bonding options bond0 mode=0 arp_interval=1000 arp_ip_target=192.168.0.2 miimon=0 startup script: /sbin/modprobe bond0 /sbin/ip link set eth0 up multicast off /sbin/ip link set eth1 up multicast off /sbin/ip link set bond0 up multicast off /sbin/ip addr add 192.168.0.1/30 brd + dev bond0 /sbin/ifenslave bond0 eth0 eth1 Is this a bug, or I am doing something wrong? -- Anton Glinkov network administrator ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Odd question about load balancing
I am sorry about my previous email, it was a bit off a mess... Let me explain my self, I have my dsl routers working doing nat, and I want to set them up as a bridge but doing load balancing. My public ip addresses are : XXX.XXX.XXX.1 for dsl 1 and the same ending in .2 for dsl 2 Since I have to put the ip public address on the linux Ethernet cards, and they both have the same netmask address, will loadbalancing work? I red somewhere they have to be in different subnets in order to work Am I right? Can I set them as bridge mode? -Mensaje original- De: Damion de Soto [mailto:[EMAIL PROTECTED] Enviado el: lunes, 31 de mayo de 2004 2:34 Para: GoMi CC: [EMAIL PROTECTED] Asunto: Re: [LARTC] Odd question about load balancing Hello GoMi, > Hello there, i have a very special case about load balancing... ---snip > And I have the next problem: > Both routers will have the same IP ADDRESS, and hence they will both be on > the same network. I didn't really understand what you were writing about there but don't you just want to put your DSL routers into some type of 'bridging' mode, and then configure the IP addresses on your linux router ? (you may have to run PPPoE or something on the linux interfaces). > When y set up my load balancing a year ago, I red somewhere both connections > have to be under different networks, is that right? > Will load balancing know which interface has to use for each connection?? Unless your ISP(s) is doing incredibly tricky things with routing, you can't have 2 devices on the Internet with the same real IP address. > Can I set up my dsl routers the way I want them to work?? > Has any body done that??? I still don't really understand what's different between your setup and all the other people who have 2 DSL connections to the internet. Regards, -- ~~~ Damion de Soto - Software Engineer email: [EMAIL PROTECTED] SnapGear - A CyberGuard Company ---ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliancesweb: http://www.snapgear.com ~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] skip other iptables marking if packet is already marked
> > I have many iptables setmark commands, but as soon > as there is one match, I would like to skip all the rest. > How to do this. -- cut -- > Wonder if it will work ? > My next question is should I use -j ACCEPT or -j RETURN ? -j RETURN iptables -t mangle -A -j MARK --set-mark iptables -t mangle -A -j RETURN iptables -t mangle -A -j MARK --set-mark iptables -t mangle -A -j RETURN iptables -t mangle -A -j MARK --set-mark iptables -t mangle -A -j RETURN you must enter two lines with the same rule for each mark. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] skip other iptables marking if packet is already marked
I have many iptables setmark commands, but as soon as there is one match, I would like to skip all the rest. How to do this. ---not-working-not-mark-zero-is-not-accepted- iptables -t mangle -A PREROUTING . -j MARK --set-mark . iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING . -j MARK --set-mark . iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING . -j MARK --set-mark . end--- Since it is not working, I change it to :- Assuming I have AND-ed all the mark together to obtain the MASK, iptables -t mangle -A PREROUTING . -j MARK --set-mark . iptables -t mangle -A PREROUTING -m MARK ! --mark MASK/MARK -j ACCEPT iptables -t mangle -A PREROUTING . -j MARK --set-mark . iptables -t mangle -A PREROUTING -m MARK ! --mark MASK/MARK -j ACCEPT iptables -t mangle -A PREROUTING . -j MARK --set-mark . Wonder if it will work ? My next question is should I use -j ACCEPT or -j RETURN ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/