Re: [LARTC] Bandwidth throttling/limiting for all traffic
Thanks for the feedback Jason, Jason Boxman wrote: On Wednesday 17 November 2004 22:29, Darryl Cording wrote: I am trying to build a Linux router that simply throttles everything down to certain bandwidths. That is, no priority queuing ...etc, just slow all traffic down to the specified rates, which are 64,128,256,512 kbit. We want to setup the bandwidth on the router, then pump a known load from an application through the router and see how that behaves over various link speeds. (we are in a lab environment) Using the htb qdisc with ceil equal to rate ought to accomplish this. I thought the same thing, so far so good. Using kernel 2.6.5-1.358 I simply used these commands from Stef's version of tc from docum.org, module sch_htb is loaded. tc qdisc add dev eth0 root handle 10: htb tc class add dev eth0 parent 10: classid 10:1 htb rate 64kbit ceil 64kit You need to classify your traffic. tc qdisc add dev eth0 root handle 10: htb default 10 tc class add dev eth0 parent 10: classid 10:1 htb rate 64kbit ceil 64kit If you add the default parameter, htb will put any unclassified into classid 10:1. That makes sense. I thought that would do the job, but my testing from uploading files via ftp to another box, show nothing gets shaped. Right, because it wasn't classified. Ok, so I have to classify my traffic before this will route them throu the qdisc. Are you taking about classifying via iptables?? I thought that was optional, more for filtering ...etc. regards darryl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bandwidth throttling/limiting for all traffic
On Wednesday 17 November 2004 22:29, Darryl Cording wrote: > Hi, > > I am trying to build a Linux router that simply throttles everything > down to certain bandwidths. That is, no priority queuing ...etc, just > slow all traffic down to the specified rates, which are 64,128,256,512 > kbit. We want to setup the bandwidth on the router, then pump a known > load from an application through the router and see how that behaves > over various link speeds. (we are in a lab environment) Using the htb qdisc with ceil equal to rate ought to accomplish this. > Using kernel 2.6.5-1.358 I simply used these commands from Stef's > version of tc from docum.org, module sch_htb is loaded. > > tc qdisc add dev eth0 root handle 10: htb > tc class add dev eth0 parent 10: classid 10:1 htb rate 64kbit ceil 64kit You need to classify your traffic. tc qdisc add dev eth0 root handle 10: htb default 10 tc class add dev eth0 parent 10: classid 10:1 htb rate 64kbit ceil 64kit If you add the default parameter, htb will put any unclassified into classid 10:1. > I thought that would do the job, but my testing from uploading files via > ftp to another box, show nothing gets shaped. Right, because it wasn't classified. -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Bandwidth throttling/limiting for all traffic
Hi, I have a rather simple problem I have to solve, well I thought it would be simple, I've run into a problem. I think I must be missing something fundamental. I am trying to build a Linux router that simply throttles everything down to certain bandwidths. That is, no priority queuing ...etc, just slow all traffic down to the specified rates, which are 64,128,256,512 kbit. We want to setup the bandwidth on the router, then pump a known load from an application through the router and see how that behaves over various link speeds. (we are in a lab environment) Using kernel 2.6.5-1.358 I simply used these commands from Stef's version of tc from docum.org, module sch_htb is loaded. tc qdisc add dev eth0 root handle 10: htb tc class add dev eth0 parent 10: classid 10:1 htb rate 64kbit ceil 64kit I thought that would do the job, but my testing from uploading files via ftp to another box, show nothing gets shaped. I think I've missed something here and need a clue. Alternatively can anyone suggest any programs that are designed for doing this type of work. Thanks Darryl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
Andy Furniss wrote: Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency & what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. not all that important. we have 400ms ping time to one site, but the voip is acceptable because it doesn't synchronise. if packet loss is a problem, turn off any compression. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a "mix of traffic" ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving "prio 0" to interactive classes, and "prio 1" to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make sure interactive has large burst and bulk none. Rather than mess with r2q I set quantum to my MTU for HTB and SFQ. HTB can be tweaked to be more accurate - but you may not need to bother. I also set a rate for my interactive larger than I ever expect to be used, this is probably unneccesary, but then I count game traffic a top prio - and I was using upto 20K bytes/sec incoming while on a 64 player enemy territory server recently. Sorry for the annoyances, very thanks in advance. That's OK - It would help to know what the users do and how many are active at once etc. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ begin:vcard fn:Rick Marshall n:Marshall;Rick email;internet:[EMAIL PROTECTED] tel;cell:+61 411 287 530 x-mozilla-html:TRUE version:2.1 end:vcard
Re: [LARTC] SEPARATING VOIP AND SURFING
Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency & what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a "mix of traffic" ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving "prio 0" to interactive classes, and "prio 1" to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make sure interactive has large burst and bulk none. Rather than mess with r2q I set quantum to my MTU for HTB and SFQ. HTB can be tweaked to be more accurate - but you may not need to bother. I also set a rate for my interactive larger than I ever expect to be used, this is probably unneccesary, but then I count game traffic a top prio - and I was using upto 20K bytes/sec incoming while on a 64 player enemy territory server recently. Sorry for the annoyances, very thanks in advance. That's OK - It would help to know what the users do and how many are active at once etc. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Dynamic traffic shaping or ATM like classes
tiago schreiner wrote: Is it possible to dynamically do bandwidh reservation? That is, I want to limit the traffic to 50% for upload and download, but if there aren't onbound traffic, who is doing a download will get 100% of bandwidh and if there aren't inbound traffic, who is doing a upload will get 100%, but if there are both inbound and outbount traffic, each one get limited to 50%. So you want to shape for a half duplex link ? Andy. I think this is similar to ATM classes _with a twist_. I could put download ATM traffic in VBR(Variable Bit Rate), and put upload in ABR (Available Bit Rate). If there aren't VBR traffic, ABR could use the full bandwidth. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] is this scenario possible ???
Drink Linux wrote: hello . i have no problem shaping incoming traffic from WAN how do i shape outgoing traffic to WAN depending on the speed limit of each subnet ex: 10.10.6.0 --> 512kbps (DOWNLOAD / UPLOAD) 10.10.5.0 --> 256kbps (DOWNLOAD / UPLOAD) do i have to used forward handle, and used iptables -s 10.10.6.0/24 -d WAN -j MARK --set-mark 101 and used iptables -s 10.10.5.0/24 -d WAN -j MARK --set-mark 102 what do i really have to use? prerouting or postrouting. do i really need to use imq device on this one ? i can't seem to get it work . thanks for anyone can help... It depends on your exact setup - what interfaces do you have to where? Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
> Jason Boxman wrote: > > On Monday 15 November 2004 20:06, Ricardo Soria > wrote: > > > > > >>Dear Andy: > >> > >>Very thanks for your answer. However, I need a > little > >>bit more extended explanation. > >> > >>First, you say that I should "back off more from > link > >>speed - total ceils to about 80% and share that > >>between interactive and bulk". So, do you mean > that > >>if I have a total 512Kbit link, and 2 child > classes, I > >>should not divide the whole 512kbit between the 2 > >>classes, but, I should only divide 410kbit between > >>them, and share the remaining 102kbit between > them?? > >>Or do you mean I should only consider 410kbit as > the > >>whole link capacity?? > > > > > > I think he meant to treat your link as if it were > only 410kbit. With some > > testing you can verify just how close to 100% of > your advertised capacity you > > can get, but 80% is often a good place to start. > > Yes that's what I meant. For uplink it's to allow > for link overheads and > with dsl you should be careful about tweaking as it > may be OK at 90% in > a test with bulk traffic - all MTU size packets, but > if there are lots > of small packets the overhead miscalculations may > mean well over limits > at 90%. You can fix this, but not perfectly, with a > patch Ed Wildgoose > sent to this list. > > Incoming traffic is different - your queue is at the > wrong end of the > link. You have to set a lower limit just to have a > queue at all. > 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? > > > > > > >>Second, you say that I should not use SFQ as a > >>sub-qdisc, because of the lenght of the queue, > being > >>it ESFQ (new for me) a better choice. But later, > you > >>say I should use SFQ for bulk traffic (I think you > >>refer surfing as "bulk", and voip as > "interactive"). > >>So, should I use SFQ for bulk classes and ESFQ for > >>interactive classes ?? Or, should I use ESFQ for > all > >>leaf classes?? Or, should I use ESFQ for bulk > classes > >>and default (pfifo, I think) for interactive > classes?? > > What I meant was you could either change the sfq > queue length or use > esfq, which lets you choose length (and more). > > In practise you setup HTB so that your interactive > traffic - doesn't > queue - yes you can attach what ever you like to > it's class - and (e)sfq > would be OK, but if packets actually get queued in > it you marking has > failed and bulk got in or you really have run out of > bandwidth. > 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? > The point I made was that you shouldn't really send > a mix of traffic to > SFQ which will still cause long delays at low > bitrates and your users > have potentially low rates (depends on what they > do). > 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a "mix of traffic" ?? > I would do a bit more work to priorotise dns/empty > acks/small tcp etc. > as well as VOIP, then give them a class with plenty > of rate spare and > make bulk borrow. This would mean that each user > would notice a bit less > the fact they have hardly any bandwidth (if that's > the case). > 4. If you still have a copy of my script, you can see I am giving "prio 0" to interactive classes, and "prio 1" to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? > Choosing a queue length should really be related to > link speed - but you > can't do this if you have lots of queues whose rate > are variable. What > to choose depends on typical and I suppose worst > case traffic situation > for your LAN. > > Alternatly if you were prepared to patch and use > esfq you could use it > to roughly share traffic by IP address - which is > nice to save you > marking and because you are able to set the queue > length for the link. > You do though, loose fairness per connection which > may not affect you - > again it depends on usage P2P. bittorrent etc. > > > > > > > > I am curious about this myself. I placed a > default sfq qdisc with the 128 > > queue default on a p2p class that had a rate of > 144kbit and it routinely > > spiked to about 150kbit several times a second. > If I use pfifo with a queue > > length of 10 I find my utilization for that class > at around 146kbit instead. > > Is it the queue length causing this behavior?
Re: [LARTC] clone MAC address
Hi Frank, I forgot to copy the list earlier so this will be a dup for you (sorry)... Anyway, in your message you say "contradicting to Chris..." in reference to me saying that only the IP and MAC of the NAT router would be visible to the ISP. I'd like to fill in my knowledge gap here.. can you please send a link (or explain) how the ISP could get the MAC of a device behind the NAT router? I know that an ISP could theoretically detect that the router is a NAT via OS finger printing and such, but I was not aware that the MACs of the machines behind the NAT router could be determined in any way. Please explain. Thanks, Chris - Original Message - From: "Frank Gruellich" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 16, 2004 5:00 PM Subject: Re: [LARTC] clone MAC address Hello, * Nicolas Patik <[EMAIL PROTECTED]> 16. Nov 04: No, I'm not talking about natting ... I'm talking about hidding my computers from my ISP. Tell me, what's the difference. Can you give some technical description for this 'hiding' you are talking about? .. or are you telling me that the problem with my linux box is about bad firewall rules? No. 'Firewall rules' are a matter of layer 3, MACs and their so called cloning belong to layer 2. Right now with my linux box doing NAT they can find that I have others computers connected. Contradicting to Chris they can. But trust me, they won't. Finding hosts behind a NAT router is very difficult and involves the collection of huge amounts of traffic.[1] After all, it will not work for any OSs. What exactly is your problem? For this clone-MAC-feature search the manpage of ifconfig for 'hardware address'. It's not supported by all NIC drivers, but for most. Do you change your routers from time to time? DHCP servers cache MACs and may not offer a second IP number if had another interface connected some time ago. They should flush the cache after some days. If they don't call them and feign a story about a new NIC you bought recently. HTH, regards, Frank. ===footnotes=== [1] Ascending TCP sequence numbers, not changed by NAT, you know? -- Sigmentation fault ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] clone MAC address
Is too easy: ifdown [interface] ifconfig [interface] hw ether [MAC address wanted] ifup [interface] example: ifdown eth1 ifconfig eth1 hw ether 01:24:03:28:13:FF ifup eth1 Thanks to all, --Nicolas On Wed, 17 Nov 2004 14:39:05 -, Abdul Hakeem <[EMAIL PROTECTED]> wrote: > Pls let me know when you get it. > > > Cheers, > AH > > -Original Message- > From: Nicolas Patik [mailto:[EMAIL PROTECTED] > Sent: 17 November 2004 14:37 > To: [EMAIL PROTECTED] > Subject: Re: [LARTC] clone MAC address > > haha, ok > > Not yet, I was researching with my questions, when I implement it (next > week) I'll tell you how to do it. > > -Nicolas > > On Wed, 17 Nov 2004 14:00:23 -, Abdul Hakeem <[EMAIL PROTECTED]> > wrote: > > Hello Nicolas, > > I just wanted to know if you have the answers on how to clone a mac > > address on an ethernet card. Cheers, > > AH > > > > > > > > -Original Message- > > From: Nicolas Patik [mailto:[EMAIL PROTECTED] > > Sent: 17 November 2004 13:55 > > To: Abdul Hakeem > > Subject: Re: [LARTC] clone MAC address > > > > Excuse my bad english knowledge, what do you mean with "kindly spare > > it"? > > > > My first guess is you didn't like "wow, that's good Francisco", > > because it don't add anything usefull to the thread. > > > > But on the other hand it was my way of saying "thanks for your help". > > Is that inappropiate? > > > > Or maybe I didn't understand your mail. > > > > -Nicolas > > > > On Wed, 17 Nov 2004 10:51:07 -, Abdul Hakeem > > <[EMAIL PROTECTED]> > > wrote: > > > Hello, > > > Did you ever get a reply to your question ? > > > If yes, kindly spare it. > > > Cheers, > > > Abdul Hakeem > > > > > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > > On Behalf Of Nicolas Patik > > > Sent: 16 November 2004 02:01 > > > To: [EMAIL PROTECTED] > > > Subject: [LARTC] clone MAC address > > > > > > Hi, > > > > > > I have a mini router that have this feature, "clone MAC address" > > > > > > My ISP doesn't allow me to connect more than one computer. But, with > > > the "clone MAC address" of the mini router, I can connect up to 5 > > > computers, and my ISP can't notice that. > > > > > > What do I need to do this "clonning" with my linux box? > > > > > > Thanks, > > > > > > Nico > > > ___ > > > > > > > > > LARTC mailing list / [EMAIL PROTECTED] > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > > > http://lartc.org/ > > > > > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Help with prioritizing internet Cafe Terminals
On Wednesday 17 November 2004 11:41, Craig Main wrote: > All Cafe terminals have priority to the internet over the office > machines. Each cafe terminal must not be able to have all the > bandwidth if other cafe terminals are online. If all cafe terminals > are online at once, the bandwidth must be shared evenly amongst them. > All Office Terminals must have the lease priority. > > I hope this makes sense. > > I anyone in a position to help me here? My Fair NAT script [1] comes very close to that. It can share available bandwidth evenly among your machines; however, it can't give your cafe a higher priority than your office. A workaround for that might be to put all office machines together in a group, so all of them together would get the same priority and bandwidth as a single cafe terminal. If the script isn't suitable for your network, it may serve as an example. At least the documentation or the class graphics should give you some idea how to create your own shaping setup. HTH Andreas [1] http://www.metamorpher.de/fairnat/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Help with prioritizing internet Cafe Terminals
Hi All, I am new to tc so please forgive me. I have read as much documentation as I can get my hands on, but I still have problems with getting the rules right. Here is my scenario: Internet Cafe/Office 4 Internet Cafe Terminals 3 Office Terminals Leased Line connectivity at 64Kbps. What I would like to have: All Cafe terminals have priority to the internet over the office machines. Each cafe terminal must not be able to have all the bandwidth if other cafe terminals are online. If all cafe terminals are online at once, the bandwidth must be shared evenly amongst them. All Office Terminals must have the lease priority. I hope this makes sense. I anyone in a position to help me here? TIA Craig ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
