[LARTC] traffic shaping a box with vpn tunnels.
Greetings, I've got a server with a bunch of vpn (openvpn) tunnels terminating on it. I'm trying to limit the total bandwidth the tunnels can use to 3mbit. So I applied a rule like this: tc qdisc add dev eth0 root handle 1: htb default 90 tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit burst 15k # Default rule for eth0 tc class add dev eth0 parent 1:1 classid 1:90 htb rate 3mbit ceil 3mbit burst 15k tc qdisc add dev eth0 parent 1:90 handle 90: sfq perturb 10 ~~ All traffic including tunnel traffic enters and leaves eth0. Hence I assumed this would work, even if there is lots of tun virtual interfaces. But I get the following error as soon as I apply this rule. ~~~ Aug 19 13:51:44 gw openvpn[4996]: write UDPv4 []: No buffer space available (code=105) Aug 19 13:51:44 gw openvpn[5012]: write UDPv4 []: No buffer space available (code=105) Aug 19 13:51:44 gw openvpn[5012]: write UDPv4 []: No buffer space available (code=105) Aug 19 13:51:44 gw openvpn[3017]: write UDPv4 []: No buffer space available (code=105) ~~~ Searching archives I see that this usually means I have a crappy network card. I use an Intel onboard nic. Is this the cause of the problem ? Is it a crappy nic to use ? Or is it perhaps a problem between the buffering on the tunnel interfaces and the real interface ? or something ? Should I ignore the error or is it dropping packets ? What can I do to resolve this problem ? tx e. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Two Adsl connections following lartc.rpdb.multiple-links.html instructions....
I think you don't have to add the default route via 200.138.255.254, that's why all the packets go out via ppp0. The rest of the configuration it's fine, - I have two adsl lines on my linux firewall box and i want to do some = load balance between them...i tried a lot of different things, but it = isn=B4t working...Following the instructions of = http://lartc.org/howto/lartc.rpdb.multiple-links.html i used the = configuration above. using iptraf I can see some few packets using the = ppp1 connection, but almost all the packets use ppp0 connection. I=B4m = doing something wrong? I=B4m forgetting something? Maybe my kernel = doesn=B4t support multipath? how can i check it? I use Mandrake 10 (kernel 2.6) 2 adsl connections with 600 KB down and 300 KB up (ppp0 and ppp1)=20 Tks in advance! ip route add 200.138.225.0/24 dev ppp0 src 200.215.125.195 table 10 ip route add default via 200.138.225.254 table 10 ip route add 201.3.196.0/24 dev ppp1 src 201.3.232.205 table 11 ip route add default via 201.3.196.254 table 11 ip route add 200.138.225.0/24 dev ppp0 src 200.215.125.195 ip route add 201.3.196.0/24 dev ppp1 src 201.3.219.25 =20 ip route add default via 200.138.225.254 ip rule add from 200.215.125.195 table 10 ip rule add from 201.3.232.205 table 11 ip route add default scope global nexthop via 200.138.225.254 dev ppp0 = weight 1 nexthop via 201.3.196.254 dev ppp1 weight 1 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tc+mrtg
I can't seem to find tcrrd2.pl on the site. On Fri, 23 Jul 2004 19:45:51 +0200, Stef Coene [EMAIL PROTECTED] wrote: On Tuesday 20 July 2004 07:43, Kristiadi Himawan wrote: I already use external script that fetch iptables mangle table from PREROUTING and POSTROUTING counter. But the traffic isn't really accurate, i found when there's bulk UDP traffic come to the shaper, my mrtg shown that the traffic shown bigger than allocated bandwidth for that class. So the question, it's possible to make script from tc command, that count bandwith acctually passing through the shaper. You can patch snmp so you can get the tc counters and process them in a custom script or use mrtg: http://www.docum.org/docum.org/tc-snmp/ Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IP in IP tunneling [LARTC-HowTo update ?]
I've tried with iproute and it works now ! commands for A: ip tunnel add mode ipip tunl1 local IP_A remote IP_B ip addr add dev net1 local virtual-IP_A remote virtual-IP_B ip link set net1 up Same on B. And then from A i'm able to ping virtual-IP_B. It seems one can not use tunl0 as a tunnel name, is it true ? I think it will be a good thing to add to the section 5.2 of the LARTC HowTo the way to do a tunnel with the 'ip' commands and to specify that new_tunnel.o is only in old kernel. But that's perhaps already in a TODO list... Francois [EMAIL PROTECTED] wrote: here is the config: (i cut the 192.168. part of IP addr) -A-B-C 3.3 5.3 5.4 4.4 4.1 on A: ifconfig tunl0 192.168.3.3 pointopoint 192.168.5.4 route add -net 192.168.4.0 netmask 255.255.255.0 dev tunl0 on B: ifconfig tunl0 192.168.4.4 pointopoint 192.168.5.3 route add -net 192.168.3.0 netmask 255.255.255.0 dev tunl0 From A i can't ping C. Traceroute shows that packets doesn't even reach B. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Help:how to filter PPP LCP packets?
swcims wrote: Hi all, I am using tc htb3.6 on Linux2.4.17,and it works well.I'd like to capture PPP LCP packets and put them into high priority queue.But I don't know how to use u32 ,iptables or other methods to filter this type packet. Would anyone please provide suggstion?Thank you very much! I would have thought that ppp would be before/after any shaping - so if it sends packets they won't queue. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Gamest and QoS
Marcin Sura wrote: Hi I share my bandwith (adsl 512/128) between 12 users. I set up simple qos script for incoming (IMQ) and outgoing traffic using htb in root, 4 classess and esfq qdisc at leafs. If you are NATing then you need to patch/select options for IMQ, so that esfq will work properly with local addresses. Interactive traffic goeas to class1 , http,mail etc. to class2, p2p, ftp to class3, and rest to class4. Classess divide link in proportion 20% (prio 1), 40% (prio 2), 20% (prio 3) ,20% (prio 4) If you really want latency to come first using HTB you need to give class one almost all of the rate and make the rest borrow. This works very well when users surfing internet (www,mail, ssh), but is insufficient when i really need low, stable latency for example for games. Games traffic is in class1. Without QoS, while uploading some files via ftp i have pings (in my favourite game) 1000+. With my qos script my ping lower to 150 - 300, but is very unstable. On just upload you should be able to get between your baseline ping and about 90ms with 128k and MTU 1500. There is a tweak to HTB you can use to help accuracy - Set HTB_HYSTERESIS 0 in net/sched/sch_htb.c If I had 128k up I would mss clamp to say 576 any traffic classes that send alot of data. I would do this for bittorrent anyway as it it hard to shape (ingress) and reducing the packet size helps. Is there any way to configure htb, to have good, __STABLE__ pings ( 40 - 100) while other people exploring the internet. This can be tricky, shaping traffic from the wrong end of the bottleneck is not as easy as upstream. I have 512 down and can stop browsing hurting latency by having a class with ceil half my rate (about 80% of link speed). Using connbytes the first 80KB of new connections go here and it has a short (16 packet) queue - so that packets get dropped and get the new connections out of slowstart before they get too fast. The trouble is that it only works well if there is no other traffic using the bandwidth. If you share and let bulk traffic have any spare then there will be a brief latency rise when people browse big pages. P2P and bittorrent are harder to shape on ingress than real servers and need lower % of bandwidth and clamping to keep the packets small. Is use default htb parameters, maybe i must change some of them? Any suggestions? Set burst on bulk classes low and quantums to MTU / what you clamp to. Unless you are going to try Ed Wildgooses' DSL patch, set ingress and egress to 80% of advertised bandwidth. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Load Balance adsl connections: a complete explanation of my case...
I have a linux server running Mandrake 10, with the kernel configured with CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y options, with 4 ethernet cards: - 2 ethernet used to connect to my lan (eth0=192.168.1.x and eth1=192.168.2.x) - 2 ethernet used to internet connection (2 adsl lines, both with 600/300 kbtis) The two lan are used to share the internet connetion with my friends. We run p2p services on the linux server, so all the heavy traffic is generated directly by the linux server. The main objective here is to load balance the traffic generated by the p2p services running on the server and the lan through the 2 adsl lines, and make the 2 adsl 600/300 kb/sec looks like a 1200/600 kb/sec connection... Here is a diagram of the network (i don´t know if it helps.. but.. here it is): ___ eth0 | |ppp0 ___| Linux Server |__ | (Firewall + P2p | ___| +Traffic control |__ eth1 | +Load Balance) |ppp1 |__| To make the traffic control i mark all packets using iptables, then i put identical cbq rules on each ppp connection. My ideia is that the packets go to the cbq qdiscs only after they was routed to that ppp connection... is that right? If it is, this might work... The load balance is a problem.. i tried to load balance using the commands below: ip rule add from 200.193.25.93 lookup 1 ip route add 192.168.1.0/24 via 192.168.1.1 table 1 ip route add 192.168.2.0/24 via 192.168.2.1 table 1 ip route add 0/0 via 200.138.225.254 table 1 ip rule add from 201.3.232.150 lookup 2 ip route add 192.168.1.0/24 via 192.168.1.1 table 2 ip route add 192.168.2.0/24 via 192.168.2.1 table 2 ip route add 0/0 via 201.3.196.254 table 2 ip route add default equalize nexthop via 200.138.225.254 dev ppp0 nexthop via 201.3.196.254 dev ppp1 But... when i use the above commands the lan can´t communicate with the internet, just the linux server can see the internet... so i need to put one of the ppp connection as a default gateway to make the lan see the internet, using the command: route add default gw 200.138.225.254 then, i get this route table: 200.138.225.254 * 255.255.255.255 UH0 00 ppp0 201.3.196.254 * 255.255.255.255 UH0 00 ppp1 192.168.4.0 * 255.255.255.0 U 0 0 0 eth3 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 00 lo default 201.3.196.254 0.0.0.0 UG0 0 0 ppp1 default 200.138.225.254 0.0.0.0 UG0 0 0 ppp0 But, in this case, the traffic coming from the lan don´t get load balanced... just go through the ppp0 (200.138.225.254), and looks very strange to me to have two default gateway. Even if i keep the first configuration option, without using the route add default gw 200.138.224.254 command, and keeping the lan disconnected (for test purposes) i can see that the traffic generated by the linux server use the 2 adsl lines, but it don´t make a load balance...if i make a traceroute it ALWAYS go through the first NEXTHOP ip configured on the ip route add default equalize nexthop command... Even if i give a ip route list cache and catch a ip that on the cache route list go through the second nexthop ip, the traceroute go through the first nexthop ip... So i don´t understand: why the traceroute don´t use the cached route? I can only imagine that something is wrong in my configuration... And worst: keeping the server running with two default gateways for a long time i can see that NEVER the traffic get more than 80 Kbytes/sec (640 Kbytes)...In a healthy system with correct configuration, running p2p services, with hundreds of simultaneous connections, the speeds should go near the 1000 kbits (125 Kbytes/seg) even if i consider the adsl overhead... Someone have some idea of where is the problem? Why i get a poor load balance that never gets more than 60% of the bandwidth of each adsl? The internet have just a few load balance information... i read almost all the pages google could find and i still can´t figure out what´s the problem.. I´ll appreciate all help u can give me! Tks in advance! Fernando Favero ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/