[LARTC] Can I add the permanent ip address on an interface ?
Hello , I used Vmware 4.0 to setup a virtual linux network . I added a newvirtual PC and therefore I need to add a NIC on old virtualPC . I setup the ip address of this NIC by using the command : ip addr add 192/ 24 dev eth1 but when I restart the computer the ip address of this NICwas notsaved . And the tc script I usedwas not save when I turn off my computer, too . Could you tell me howcanI setup the permanent ip address and permanent tc (qdisc , filter, class) on theinterfaces ? Thanks you very much , Ngo Hoang Giang Do you Yahoo!? Yahoo! Mail - You care about security. So do we.
[LARTC] tc and iptables trouble
Hi all I have a trouble configuring the qdiscs, when I indicate the "perturb 10" option to tc, i gives me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10RTNETLINK answers: Invalid argument if I don't put the "perturb 10" option, it works. another question is about iptables, when I indicate the " --set-mark" option: iptables -t mangle -A egress -s 10.0.0.124 -j MARK --set-mark 1323 iptables: Invalid argument whichwill be the problem? I'm using Debian testing, with kernel 2.6.9 compiled with netfilter patches, iptables 1.2.11, iproute2 2.6.9-1, and I have these modules loaded: Module Size Used byebt_mark_m 1096 -ebt_mark 1096 -ebtables 17768 -ipt_mark 1128 -sch_wrr 11176 -sch_teql 4168 -sch_dsmark 5224 -cls_route 4936 -ipt_tcpmss 1640 -cls_tcindex 5256 -cls_u32 5772 -sch_ingress 2604 -ipt_TCPMSS 3208 -iptable_filter 1864 -ipt_MARK 1512 -cls_fw 3208 -iptable_mangle 1832 -ppp_async 7816 -crc_ccitt 1512 -ip_gre 8672 -sch_esfq 4936 -sch_netem 4808 -ipt_connlimit 2248 -ipt_connmark 1160 -sch_gred 5704 -sch_red 3368 -sch_hfsc 16360 -sch_cbq 13864 -sch_prio 3528 -sch_tbf 4168 -iptable_nat 20264 -ip_conntrack 37076 -ip_tables 13440 -ppp_mppe_mppc 13384 -ppp_generic 17788 -slhc 6312 -sch_sfq 4168 -sch_htb 20488 -rtc 8640 -8139too 16936 -mii 3464 -crc32 3688 - Thank you for your time, and sorry my BAD english !!!
Re: [LARTC] tc and iptables trouble
On Wed, 2004-11-24 at 15:15 +0100, Llus Gili wrote: Hi all I have a trouble configuring the qdiscs, when I indicate the perturb 10 option to tc, i gives me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10 RTNETLINK answers: Invalid argument if I don't put the perturb 10 option, it works. perturb 10 it's used by default!!! nice parent class 5:1323 :o another question is about iptables, when I indicate the --set-mark option: iptables -t mangle -A egress -s 10.0.0.124 -j MARK --set-mark 1323 iptables: Invalid argument When you --set-mark 1323, iptables try to transform it in HEX... give it a lower value, like 132! 1323 in HEX = 52B and I think that it doesn't know how to use 52B as a mark... which will be the problem? I'm using Debian testing, with kernel 2.6.9 compiled with netfilter patches, iptables 1.2.11, iproute2 2.6.9-1, and I have these modules loaded: Module Size Used by ebt_mark_m 1096 - ebt_mark1096 - ebtables 17768 - ipt_mark1128 - sch_wrr11176 - sch_teql4168 - sch_dsmark 5224 - cls_route 4936 - ipt_tcpmss 1640 - cls_tcindex 5256 - cls_u32 5772 - sch_ingress 2604 - ipt_TCPMSS 3208 - iptable_filter 1864 - ipt_MARK1512 - cls_fw 3208 - iptable_mangle 1832 - ppp_async 7816 - crc_ccitt 1512 - ip_gre 8672 - sch_esfq4936 - sch_netem 4808 - ipt_connlimit 2248 - ipt_connmark1160 - sch_gred5704 - sch_red 3368 - sch_hfsc 16360 - sch_cbq13864 - sch_prio3528 - sch_tbf 4168 - iptable_nat20264 - ip_conntrack 37076 - ip_tables 13440 - ppp_mppe_mppc 13384 - ppp_generic17788 - slhc6312 - sch_sfq 4168 - sch_htb20488 - rtc 8640 - 8139too16936 - mii 3464 - crc32 3688 - Thank you for your time, and sorry my BAD english !!! -- Claudiu Gafton [EMAIL PROTECTED] Alvatec Data SRL ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tc and iptables trouble
On Wed, 2004-11-24 at 16:59 +0200, Claudiu Gafton wrote: On Wed, 2004-11-24 at 15:15 +0100, Llus Gili wrote: Hi all I have a trouble configuring the qdiscs, when I indicate the perturb 10 option to tc, i gives me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10 RTNETLINK answers: Invalid argument if I don't put the perturb 10 option, it works. perturb 10 it's used by default!!! nice parent class 5:1323 :o another question is about iptables, when I indicate the --set-mark option: iptables -t mangle -A egress -s 10.0.0.124 -j MARK --set-mark 1323 iptables: Invalid argument When you --set-mark 1323, iptables try to transform it in HEX... give it a lower value, like 132! 1323 in HEX = 52B and I think that it doesn't know how to use 52B as a mark... Oh sorry, it works ! I put in PREROUTING a MARK 1323 and it was transformed OK into 0x52b ! I think that the problem it's the egress append! Please be more specific! which will be the problem? I'm using Debian testing, with kernel 2.6.9 compiled with netfilter patches, iptables 1.2.11, iproute2 2.6.9-1, and I have these modules loaded: Module Size Used by ebt_mark_m 1096 - ebt_mark1096 - ebtables 17768 - ipt_mark1128 - sch_wrr11176 - sch_teql4168 - sch_dsmark 5224 - cls_route 4936 - ipt_tcpmss 1640 - cls_tcindex 5256 - cls_u32 5772 - sch_ingress 2604 - ipt_TCPMSS 3208 - iptable_filter 1864 - ipt_MARK1512 - cls_fw 3208 - iptable_mangle 1832 - ppp_async 7816 - crc_ccitt 1512 - ip_gre 8672 - sch_esfq4936 - sch_netem 4808 - ipt_connlimit 2248 - ipt_connmark1160 - sch_gred5704 - sch_red 3368 - sch_hfsc 16360 - sch_cbq13864 - sch_prio3528 - sch_tbf 4168 - iptable_nat20264 - ip_conntrack 37076 - ip_tables 13440 - ppp_mppe_mppc 13384 - ppp_generic17788 - slhc6312 - sch_sfq 4168 - sch_htb20488 - rtc 8640 - 8139too16936 - mii 3464 - crc32 3688 - Thank you for your time, and sorry my BAD english !!! -- Claudiu Gafton [EMAIL PROTECTED] Alvatec Data SRL ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tc and iptables trouble
Llus Gili schrieb: Hi all I have a trouble configuring the qdiscs, when I indicate the perturb 10 option to tc, i gives me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10 RTNETLINK answers: Invalid argument if I don't put the perturb 10 option, it works. another question is about iptables, when I indicate the --set-mark option: iptables -t mangle -A egress -s 10.0.0.124 -j MARK --set-mark 1323 iptables: Invalid argument Egress is a Chain, in this case a user defined chain. It doesnt stand for the egress used with qdiscs. If you didnt use a command like this iptables -N egress, there isnt a chain like egress. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] how to speedup downloads
Here is my current approach, which doesnt perform well on downloads, when e.g. many p2p clients are running. How to improve? Thomas traffic.sh Description: Bourne shell script
Re: [LARTC] how to speedup downloads
Sorry for the mime encoding. This attachment should work. Thomas#!/bin/sh UP=192 DOWN=2048 UNIT=kbit TC=/sbin/tc IPT=/sbin/iptables MARK=$IPT -t mangle -A POSTROUTING -o ppp0 C_ADD=$TC class add dev ppp0 if [ ! $1 ]; then PROC=50; else PROC=$1; fi $TC qdisc del dev ppp0 root 2 /dev/null /dev/null $TC qdisc del dev ppp0 ingress 2/dev/null /dev/null $IPT -t mangle -F $MARK -p tcp--tcp-flags ALL SYN -m multiport --dports 25,80 -j MARK --set-mark 111 $MARK -p tcp--tcp-flags ALL ACK,PSH -m multiport --dports 25,80 -j MARK --set-mark 111 $MARK -p tcp--tcp-flags ALL ACK,FIN -m multiport --dports 25,80 -j MARK --set-mark 111 $MARK -p tcp-m state --state ESTABLISHED,RELATED -m multiport --dports 25,80 -j MARK --set-mark 121 $MARK -p tcp--tcp-flags ALL SYN -m tos --tos 0x00 --dport 22 -j MARK --set-mark 111 $MARK -p tcp--tcp-flags ALL ACK,PSH -m tos --tos 0x00 --dport 22 -j MARK --set-mark 111 $MARK -p tcp--tcp-flags ALL ACK,FIN -m tos --tos 0x00 --dport 22 -j MARK --set-mark 111 $MARK -p tcp--tcp-flags ALL SYN -m tos --tos 0x00 --dport 22 -j MARK --set-mark 111 $MARK -p tcp--tcp-flags ALL ACK,PSH -m tos --tos 0x00 --dport 22 -j MARK --set-mark 111 $MARK -p tcp--tcp-flags ALL ACK,FIN -m tos --tos 0x00 --dport 22 -j MARK --set-mark 111 $MARK -p tcp-m state --state ESTABLISHED,RELATED -m tos --tos 0x10 --dport 22 -j MARK --set-mark 122 $MARK -p tcp-m state --state ESTABLISHED,RELATED -m tos --tos 0x08 --dport 22 -j MARK --set-mark 122 $MARK -p tcp--dport 53 -j MARK --set-mark 112 #dns $MARK -p udp--dport 53 -j MARK --set-mark 112 #dns $MARK -p icmp --icmp-type echo-request-j MARK --set-mark 113 #Ping $MARK -p icmp --icmp-type echo-reply -j MARK --set-mark 113 #Pong $MARK -p tcp-m tcp -m multiport --dports 20,21,993,9160,6667,8360,8363,8390 -j MARK --set-mark 131 # low prio ports $MARK -m mark --mark=0x00/0xff -j MARK --set-mark 141 # everything else $TC qdisc add dev ppp0 root handle 1: htb default 141 $C_ADD parent 1: classid 1:1 htb quantum 1490 rate ${UP}$UNIT $C_ADD parent 1:1 classid 1:11 htb quantum 1490 rate $[${UP}*20/100]$UNIT ceil $[${UP}*99/100]$UNIT prio 1 $C_ADD parent 1:11 classid 1:111 htb quantum 1490 rate 18$UNIT ceil ${UP}$UNIT prio 1 $C_ADD parent 1:11 classid 1:112 htb quantum 1490 rate 18$UNIT ceil ${UP}$UNIT prio 2 $C_ADD parent 1:11 classid 1:113 htb quantum 1490 rate 2$UNIT ceil $[${UP}*10/100]$UNIT prio 3 $C_ADD parent 1:1 classid 1:12 htb quantum 1490 rate $[${UP}*55/100]$UNIT ceil $[${UP}*99/100]$UNIT prio 2 $C_ADD parent 1:12 classid 1:121 htb quantum 1490 rate 52$UNIT ceil ${UP}$UNIT prio 1 $C_ADD parent 1:12 classid 1:122 htb quantum 1490 rate 52$UNIT ceil ${UP}$UNIT prio 2 $C_ADD parent 1:1 classid 1:13 htb quantum 1490 rate $[${UP}*20/100]$UNIT ceil $[${UP}*99/100]$UNIT prio 3 $C_ADD parent 1:13 classid 1:131 htb quantum 1490 rate 38$UNIT ceil $[${UP}*99/100]$UNIT prio 1 $C_ADD parent 1:1 classid 1:14 htb quantum 1490 rate $[${UP}*5/100]$UNIT ceil $[${UP}*$PROC/100]$UNIT prio 5 $C_ADD parent 1:14 classid 1:141 htb quantum 1490 rate 9$UNIT ceil $[${UP}*$PROC/100]$UNIT prio 1 #Die tc filter suchen nach den markierungen die iptables in den packets hinterlassen hat und #leitet den Traffic in verschiedene Klassen $TC filter add dev ppp0 parent 1:0 prio 1 protocol ip handle 111 fw flowid 1:111 $TC filter add dev ppp0 parent 1:0 prio 1 protocol ip handle 112 fw flowid 1:112 $TC filter add dev ppp0 parent 1:0 prio 1 protocol ip handle 113 fw flowid 1:113 $TC filter add dev ppp0 parent 1:0 prio 2 protocol ip handle 121 fw flowid 1:121 $TC filter add dev ppp0 parent 1:0 prio 2 protocol ip handle 122 fw flowid 1:122 $TC filter add dev ppp0 parent 1:0 prio 3 protocol ip handle 131 fw flowid 1:131 $TC filter add dev ppp0 parent 1:0 prio 4 protocol ip handle 141 fw flowid 1:141 #SFQ fuer Bulktraffic $TC qdisc add dev ppp0 parent 1:141 handle 141: sfq perturb 1 #TBF fuer bursty Leaf-Klassen (Bursts fuellen die Modem-queue und zerstoeren die interaktivitaet) $TC qdisc add dev ppp0 parent 1:111 handle 111: tbf rate $[${UP}*99/100]$UNIT burst 7k latency 1ms $TC qdisc add dev ppp0 parent 1:112 handle 112: tbf rate $[${UP}*99/100]$UNIT burst 1492 latency 1ms $TC qdisc add dev ppp0 parent 1:121 handle 121: tbf rate $[${UP}*95/100]$UNIT burst 4k latency 20ms #Ingress: $TC qdisc add dev ppp0 handle : ingress $TC filter add dev ppp0 parent : protocol ip prio 1 u32 \ match ip src 0.0.0.0/0 police rate $[${DOWN}*96/100]$UNIT burst 7k drop flowid :1
Re: [LARTC] SEPARATING VOIP AND SURFING
Well, as I promised, here I am again :-) I have not got ESFQ yet, but what I think really helped was shorting bandwidth capacity to its 88%. But here I have a new problem again: there are certain moments when I am really running out of bandwidth. The scenario now is as follows: I am using my linux box as a router; forwarding packages from on subnet to another. But, since I have only one interface (eth0) for this purpose, both incoming and outgoing traffic passes for this interface. So, I though it was correct to duplicate bandwidth capacity (512kbit * 88% = 450kbit * 2 = 900kbit), considering that I have 512kbit for uplink and 512 for downlink. So, I am now considering a rate/ceil of 900kbit for eth0 on my script. Everything appeared to be OK, But, since I did this change, there are certain moments that I run out of downlink bandwidth, so, I think the script is trying to take more thank the total 512 of downlink I have. So, my question would be, how to 'divide' or 'recognize' incoming and outgoing traffic, and to treat it as different channels?? I was thinking about using a IMQ device for incoming traffic, but this apperas to be a 'little bit' more complicated that what I expected. So, may it be a way to do this without installing IMQ ?? Very thanks in advance. Best regards. Ricardo. --- Andy Furniss [EMAIL PROTECTED] escribió: Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a mix of traffic ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving prio 0 to interactive classes, and prio 1 to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make sure interactive has large burst and bulk none. Rather than mess with r2q I set quantum to my MTU for HTB and SFQ. HTB can be tweaked to be more accurate - but you may not need to bother. I also set a rate for my interactive larger than I ever expect to be used, this is probably unneccesary, but then I count game traffic a top prio - and I was using upto 20K bytes/sec incoming while on a 64 player enemy territory server recently. Sorry for the annoyances, very thanks in advance. That's OK - It would help to know what the users do and how many are active at once etc. Andy. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] HTB Script
Hi everybody! I wrote nice script, but I need some help Script is working almost well. My question is: Can I minimalize PING time more than this script can? (nowadays is 70-150ms with large load of link) My first problem is - unreal big PING on router, and almost excellent (nowadays is 70-150ms) PING on computers in network. My users don't complain, but I noticed that the pages is becoming load quickly and when it's almost done.. the transfer is going down!! And second symptom is: when I open pages PING grows to 800ms, and quickly go down. It's almost imperceptible, but it happens. What's wrong? All packets is going to correct pipes. What should I do more? I suspect, that time of change of speed (HTB's reaction time) many queues is long. How can I improve this? Script is very nice, but I need some professional help and advices. Everything You can check when script is working: ./htb0.5.3en stat IP (example: ./htb0.5.3en stat 192.168.0.2) ./htb0.5.3en stat lan ./htb0.5.3en stats My network's statistics: http://stats.opat.hopto.org/ http://stats.zabierzow.net/ I attached my script. IMQ with imq_nat.diff patch is required (or AB option in kernels 2.6), patched iptables(IMQ patch) is required, iproute is required and bc is required. I tested this script on 2.6.9 kernel and iproute from .deb package. And second less important problem... How Can I mark squid's MISS packets? Is Debian's Squid Package patched to change TOS? http://stats.zabierzow.net/squid.php :d Someone will help? #!/bin/bash # # rc.htb 0.5.3, (C)Lenthir 2oo4, GNU GPL # 2004-11-01 9:30 VER=0.5.3 DAT=2004-11-01 9:30 MAX=3330 ### #Configuration: ext_dwl=2000 #speed of link(s)(kbit/s) - download ext_upl=220#speed of link(s)(kbit/s) - upload int=192.168.0.2 192.168.0.3 192.168.0.4 192.168.1.2 #internal addresses IP ext=80.53.64.3 #external addresses IP with or without external router IP srv_ext=80.53.64.3 #external router IP(machine where you exec this script) lan_int=192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 #subnetworks(pool of addresses) int_dwl[0]=85; int_upl[0]=85 #subnetworks speed(download; upload) in order such how it is above int_dwl[1]=2; int_upl[1]=2 int_dwl[2]=80; int_upl[2]=80 TC=`which iptables`#path to tc MODPROBE=`which modprobe` #path to modprobe IP=`which ip` #path to ip IPTABLES=`which iptables` #path to iptables firewall=/etc/init.d/rc.iptables restart #how is firewall(iptables) restart? #u_r2q=10 #r2q (optional) u_quantum=1500 #quantum (optional todo, at present required) porty_tcp=20 21 22 23 25 53 80 110 143 220 443 993 995 27015 #tcp preference ports porty_udp=53 #udp preference ports pping=1# 0 - ping throw in preference queue 1 - ping throw in not preference queue #End ### stop() { $TC qdisc del root dev imq0 2 /dev/null $TC qdisc del root dev imq1 2 /dev/null $IP link set imq0 down $IP link set imq1 down } start() { stop #It checks is router adress in ext. ipki=$ext $int for srvip in $srv_ext do if [[ `echo $ipki | grep $srvip` != $ipki ]]; then ext=$ext $srvip fi done ile_int=`echo ${int}|awk '{print NF}'` ile_ext=`echo ${ext}|awk '{print NF}'` ile=$(echo $ile_int + $ile_ext | bc) if [[ $ile -ge $MAX ]] then echo Too many computers! exit 1 fi # download tmp=$(echo $ext_dwl%$ile | bc) min=$(echo $ext_dwl/$ile | bc) pri_min=$(echo $min/2+$min%2 | bc) sec_min=$(echo $min/2 | bc) max=$ext_dwl echo Quantity of computers: $ile echo %===% echo Setting download queue. echo Minimum download: $min kbit/s echo Maximum download: $max kbit/s echo Queue: -preference: $pri_min kbit/s -not preference: $sec_min kbit/s echo Free: $tmp kbit/s echo if [[ u_r2q== ]]; then $TC qdisc add dev imq0 root handle 1:0 htb else $TC qdisc add dev imq0 root handle 1:0 htb r2q $u_r2q fi $TC class add dev imq0 parent 1:0 classid 1:1 htb rate ${ext_dwl}kbit ceil ${ext_dwl}kbit j=2 for usr in $ext do $TC class add dev imq0 parent 1:1 classid 1:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum $TC class add dev imq0 parent 1:$j classid 1:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit quantum $u_quantum $TC class add dev imq0 parent 1:$j classid 1:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit quantum $u_quantum $TC qdisc add dev imq0 parent 1:$(($j+1)) sfq $TC qdisc add dev imq0 parent 1:$(($j+2)) sfq
Re: [LARTC] SEPARATING VOIP AND SURFING
Dear Chris: Thanks for your sugestion. But my situation is really more complicated than that. What I am really doing is this: I have 2 cisco routers, a 1601, that gives me connection to Internet, and ahother, a 827, that gives me a connection to my other (remote) subnet. My linux box is in the middle of both ciscos. So, the ciscos, and my linux box have an IP address each, this IPs belong to the same subnet. What the linux box does is to receive the traffic from the cisco 1600, shape and filter this traffic, and forward the packages destined to the remote subnet, to the cisco 827. So, an additional ethernet card wouldn't be so much aid, would it ?? Very thanks. Ricardo. --- Chris Bennett [EMAIL PROTECTED] escribió: I struggled with this sort of thing for a while. Then I realized it was easier to just buy another ethernet card for $10. I suggest you do that. - Original Message - From: Ricardo Soria [EMAIL PROTECTED] To: Andy Furniss [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 1:08 PM Subject: Re: [LARTC] SEPARATING VOIP AND SURFING Well, as I promised, here I am again :-) I have not got ESFQ yet, but what I think really helped was shorting bandwidth capacity to its 88%. But here I have a new problem again: there are certain moments when I am really running out of bandwidth. The scenario now is as follows: I am using my linux box as a router; forwarding packages from on subnet to another. But, since I have only one interface (eth0) for this purpose, both incoming and outgoing traffic passes for this interface. So, I though it was correct to duplicate bandwidth capacity (512kbit * 88% = 450kbit * 2 = 900kbit), considering that I have 512kbit for uplink and 512 for downlink. So, I am now considering a rate/ceil of 900kbit for eth0 on my script. Everything appeared to be OK, But, since I did this change, there are certain moments that I run out of downlink bandwidth, so, I think the script is trying to take more thank the total 512 of downlink I have. So, my question would be, how to 'divide' or 'recognize' incoming and outgoing traffic, and to treat it as different channels?? I was thinking about using a IMQ device for incoming traffic, but this apperas to be a 'little bit' more complicated that what I expected. So, may it be a way to do this without installing IMQ ?? Very thanks in advance. Best regards. Ricardo. --- Andy Furniss [EMAIL PROTECTED] escribió: Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a mix of traffic ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving prio 0 to interactive classes, and prio 1 to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make sure interactive has large burst and bulk none. Rather than mess with r2q I set quantum to my MTU for HTB and SFQ. HTB can be tweaked to be more accurate - but you may not need to bother. I also set a rate for my interactive larger than I ever expect to be used, this is probably unneccesary, but then I count game traffic a top prio - and I was using upto 20K bytes/sec incoming while on a 64 player enemy territory server recently. Sorry for the annoyances, very thanks in advance.
Re: [LARTC] Can I add the permanent ip address on an interface ?
On Wednesday 24 November 2004 11:08, ngo giang wrote: Hello , I used Vmware 4.0 to setup a virtual linux network . I added a new virtual PC and therefore I need to add a NIC on old virtual PC . I setup the ip address of this NIC by using the command : ip addr add 192/ 24 dev eth1 but when I restart the computer the ip address of this NIC was not saved . And the tc script I used was not save when I turn off my computer , too . Could you tell me how can I setup the permanent ip address and permanent tc (qdisc , filter , class) on the interfaces ? No, because this depends on the distribution you use. Plz consult the documentation of your distribution to get the info you need. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
i know this will sound a bit flippant - it's not meant to be. why not get rid of the cisco routers - i haven't found a need for them yet. my networks work much better without them ;) rick Ricardo Soria wrote: Dear Chris: Thanks for your sugestion. But my situation is really more complicated than that. What I am really doing is this: I have 2 cisco routers, a 1601, that gives me connection to Internet, and ahother, a 827, that gives me a connection to my other (remote) subnet. My linux box is in the middle of both ciscos. So, the ciscos, and my linux box have an IP address each, this IPs belong to the same subnet. What the linux box does is to receive the traffic from the cisco 1600, shape and filter this traffic, and forward the packages destined to the remote subnet, to the cisco 827. So, an additional ethernet card wouldn't be so much aid, would it ?? Very thanks. Ricardo. --- Chris Bennett [EMAIL PROTECTED] escribió: I struggled with this sort of thing for a while. Then I realized it was easier to just buy another ethernet card for $10. I suggest you do that. - Original Message - From: Ricardo Soria [EMAIL PROTECTED] To: Andy Furniss [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 1:08 PM Subject: Re: [LARTC] SEPARATING VOIP AND SURFING Well, as I promised, here I am again :-) I have not got ESFQ yet, but what I think really helped was shorting bandwidth capacity to its 88%. But here I have a new problem again: there are certain moments when I am really running out of bandwidth. The scenario now is as follows: I am using my linux box as a router; forwarding packages from on subnet to another. But, since I have only one interface (eth0) for this purpose, both incoming and outgoing traffic passes for this interface. So, I though it was correct to duplicate bandwidth capacity (512kbit * 88% = 450kbit * 2 = 900kbit), considering that I have 512kbit for uplink and 512 for downlink. So, I am now considering a rate/ceil of 900kbit for eth0 on my script. Everything appeared to be OK, But, since I did this change, there are certain moments that I run out of downlink bandwidth, so, I think the script is trying to take more thank the total 512 of downlink I have. So, my question would be, how to 'divide' or 'recognize' incoming and outgoing traffic, and to treat it as different channels?? I was thinking about using a IMQ device for incoming traffic, but this apperas to be a 'little bit' more complicated that what I expected. So, may it be a way to do this without installing IMQ ?? Very thanks in advance. Best regards. Ricardo. --- Andy Furniss [EMAIL PROTECTED] escribió: Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a mix of traffic ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving prio 0 to interactive classes, and prio 1 to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make