[LARTC] Help with PRIO qdisc and filters
Title: Message Hi, Sorry to bother you all. I have a typical problem sharing DSL upstream bandwidth with users. I have 3 types of traffic high-priority, medium-priority and low priority. My upstream rate is 960kbits. Traffic (any priority) can vary in bandwidth from 0 to 960kbits. I have a test setup where I can pump 600kbit of high priority sustained and I have 400kbit of low priority traffic sustained. I expect after the 600kbit high-priority traffic, the remaining 360kbit should be allocated to the medium and low priority. Since I do not have medium-priority everything should go to low-priority traffic. However, I do not see that behavior with the following tc script I have --- Begin Script - # delete any existing qdiscs tc qdisc del dev ppp0 root # setup PRIO qdisc with 3 bands tc qdisc add dev ppp0 root handle 1: prio band 3 priomap 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 # filter traffic for high priority based on TOS field tc filter add dev ppp0 parent 1:0 prio 1 protocol ip u32 match ip tos 0x28 0xff flowid 1:1 tc filter add dev ppp0 parent 1:0 prio 1 protocol ip u32 match ip tos 0x48 0xff flowid 1:2 tc filter add dev ppp0 parent 1:0 prio 1 protocol ip u32 match ip tos 0x58 0xff flowid 1:3 # use ebtables to set the TOS field. First flush the rules ebtables -t broute -F ebtables -t broute -I BROUTING 1 -j ftos --set-ftos 0x28 -p IPv4 --ip-src 192.168.1.151/32 ebtables -t broute -I BROUTING 2 -j ftos --set-ftos 0x48 -p IPv4 --ip-src 192.168.1.152/32 ebtables -t broute -I BROUTING 3 -j ftos --set-ftos 0x58 -p IPv4 --ip-src 192.168.1.153/32 --- End Script -- What I see is the high priority traffic is leaving at 600kbits as I measure it on my test equipment. However, I do not see any low-priority or medium-priority traffic coming out of the box. I would appreciate if you folks can please give me a hint as to what is happening and also any possible solutions. I need hard PRIO but the unused bandwidth should be shared by the other traffic. I am using Linux kernel 2.6.8.1 and iproute2 (iproute2-2.6.8-ss040730.tar.gz). Regards, Pavan Kumar ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Multipath Routing in same subnet - Please take a look
Christian Schmid wrote: nexthop via 80.237.244.1 dev eth1 weight 100 nexthop via 80.237.244.33 dev eth1 weight 100 I have read postings on the net but all of them are using huge scripts because they are on different networks. My problem seems to be a much easier problem but I just cant get this to work. :( Saw this on netdev, solution disable IP_ROUTE_MULTIPATH_CACHED http://news.gmane.org/find-root.php?group=gmane.linux.network&article=25774 Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Starting from scratch w/ multiple uplinks
On Mon, May 09, 2005 at 04:06:12PM -0400, Brian J. Murrell wrote:
> On Mon, 2005-05-09 at 20:11 +0200, Markus Schulz wrote:
> > Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
> > > Hi guys;
> > >
> > [...]
> > > Here's what I want to know:
> > > 1. Does an updated guide exist for multiple providers?
> >
> > Look at this howto: http://www.ssi.bg/~ja/nano.txt
>
> Indeed, and herein contains the patched needed to a kernel for it to
> route packets with a given NATted source address out the right
> interface. Not sure which patch(es) exactly in there do it if not all
> of them are really needed for just that functionality.
I haven't pacthed mine and it seems to work, using a debian 2.6.11-3
source package.
What i have done is setup a set of files in
/var/run/multigw{,.dev,.gw,.ip,.speed}, this are feed from scripts in
/etc/ppp/ip-{up.d,down.d}/adsl - this populates the files with valid
numbers when the line goes up or deletes the control file when going
down. This scripts also run my multigw.sh which setups routes and ip
rules as well - also setups up the SNAT rules are well, I have attached
the script
>
> I sure wish this patch would get rolled into the main kernel. I hate
> having to maintain umpteen kernels for different tasks.
>
> b.
>
> ___
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
multidgw.sh
Description: Bourne shell script
signature.asc
Description: Digital signature
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] packet shaping bridge
Jason Bath wrote: Thanks! Adding the filter to the root was the trick. From the various documentation I was reading I had the impression that the filter needed to be added to the sub-classes - 1:1 and so forth. I presume that's only appropriate when you have leaves below 1:1. Anyhow, the trick now is figuring out how I want to configure things with two of these bridges in mind. The topology would look like this: Switch-bridge/filter-WAN router--Remote WAN router-bridge-remote switch Now with 1.5Mbit/s with the potential for 2mbit/s I was thinking of limiting each bridge at 1Mbit/s. I didn't want to limit at 750kbit/s because if you're doing a big file transfer, you're going to suffer and besides, the ratio of download to upload is in favour of the download The streaming audio devices are set up for 128kbit/s MPEG-layer3. So we're looking at dedicating a minimum of 150kbit/s which can double or more if I'm having congestion problems. Now here's an interesting idea. Let me know if it's possible or not. Is it possible for me to create a bridge between the two linux boxes so it physically looks like eth0 eth1 --WAN-- eth1 eth0 but virtually you are going eth0 --- eth0 The reason I ask this is so I can create an awareness between the two bridges as to how much traffic is actually going through the pipe so I may optimize it to its fullest. I suppose that it could be done via snmp or spanning-tree? I don't know if that will work - if you can shape on both ends just do egress shaping on the WAN facing interfaces. You'll need to back off a bit to allow for link overheads, but it will be alot nicer than doing it all from one end. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB rate miscalculation
Marcus Felipe Pereira wrote: Hi, I've migrated my tc configuration from CBQ to HTB. One problem appeared. Htb seems to miscalculate the bandwidth for classes with greater rates. For rates below 2Mbit there is almost no difference between the configured and the measured rate. For large ones the problem starts. My root class has 10Mbit rate and when the interface has heavy trafic the measured bandwidth coudn't get more then 8.5Mbit. "# tc -s class show " shows that the root class has about the 10Mbit, but the link stats shows mutch less. The solution was to put the htb ceil on about 12Mbit. Then I can get to the 10Mbit. When using CBQ I didn't have this problem. Is there any parameter that I can change to correct the rate calculation? Any one has similar problem? What counters are you using to measure? Does it do the same if you test with a single tcp stream and a very simple setup like - tc qdisc add dev eth0 root handle 1:0 htb tc class add dev eth0 parent 1:0 classid 1:1 htb rate 10mbit tc filter add dev eth0 parent 1:0 protocol ip u32 match u32 0 0 flowid 1:1 Andy. I've done more tests, in fact there is a difference in the measure. The rate measured by htb class, iptraf and iptables show very similar numbers. The rate measured using SNMP ifInOctets and ifOutOctets (snmpget, ddrtool and mrtg) show rates about 20% less than htb. Why this difference? Not sure - I can get netperf, htb counters and polling ifconfig counters every second to agree and show correct rate with the simple case above. I don't have snmpget to test. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] how to guarantee 1/numflows bandwidth to each flow dynamically
I am looking for a simple way to guarantee to each flow going through my traffic control point 1/numflows of bandwidth. I thought using SFQ would do this effectively but it appears to be quite unfair: a very high speed download that fills the pipe easily starves smaller flows to the point where it becomes unusable (especially if they are at all interactive) Because numflows is dynamic, I'm not sure how I would have the bandwidth allocated to each flow change dynamically and automatically as flows are added and removed. Anyone have an idea how to implement this? Thanks. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Starting from scratch w/ multiple uplinks
On Mon, 2005-05-09 at 20:11 +0200, Markus Schulz wrote: > Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero: > > Hi guys; > > > [...] > > Here's what I want to know: > > 1. Does an updated guide exist for multiple providers? > > Look at this howto: http://www.ssi.bg/~ja/nano.txt Indeed, and herein contains the patched needed to a kernel for it to route packets with a given NATted source address out the right interface. Not sure which patch(es) exactly in there do it if not all of them are really needed for just that functionality. I sure wish this patch would get rolled into the main kernel. I hate having to maintain umpteen kernels for different tasks. b. signature.asc Description: This is a digitally signed message part ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Starting from scratch w/ multiple uplinks
Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero: > Hi guys; > [...] > Here's what I want to know: > 1. Does an updated guide exist for multiple providers? Look at this howto: http://www.ssi.bg/~ja/nano.txt i've build based onto this howto a load balanced linux (kernel 2.6.11.8) system with two adsl 3mbit/512kbit devices and it works fine. -- Markus Schulz ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Starting from scratch w/ multiple uplinks
On Mon, 2005-05-09 at 16:05 +0200, Rafael A Barrero wrote: > Hi guys; > > I'm sure you are all bored of hearing the same story over and over... > but here it comes again. :) Yep, tomorrow I'm getting another ADSL > line installed and I wanted my linux router to handle both providers > (new and old). I have my linux router (fedora core 2) setup to do NAT > for my current line, but I know I'll need to change my configuration > to accommodate the second line. I inquired about this a while ago and the final word seemed to be that in order for you to use two uplinks, both NATting the internal outbound-originated traffic (i.e. clients behind the gateway going to Internet based services) and both accepting inbound-originated traffic (i.e. running services behind the NAT for Internet users to use), one needs to patch the kernel. I could not seem to get the traffic leaving the gateway to go via the uplink that was relevant for it's NATted source. All traffic wanted to leave by only one interface even though it was NATted for the other. Of course the upstream dropped the packets because the source address violated their egress filters. b. signature.asc Description: This is a digitally signed message part ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Routing by interface as opposed to ip address?
netfilter.org is a alias for iptables.org :-) I haven't tested it becouse I was using an other way which I forgot to mention. You can MARK packets using iptables as comming from an interface and later route by this MARK using normal routing technics. Its all described in lartc.org and took me half a day to get it working without knowing anything :-) On 5/9/05, Joe Devich <[EMAIL PROTECTED]> wrote: OK, thanks. Researching your answer also turned me on the netfilter.org website, which I didn't know about. Have you used/tested the ROUTE patch? Regards, Joe -Original Message-From: Krystian Antoni [mailto: [EMAIL PROTECTED]] Sent: Sunday, May 08, 2005 12:52 PMTo: Joe DevichSubject: Re: [LARTC] Routing by interface as opposed to ip address? there is a iptables target module named ROUTE. it can help u On 5/6/05, Joe Devich < [EMAIL PROTECTED]> wrote: Hello all,Does anyone know of a methodology to build a route based on the inboundand outbound interfaces as opposed to ip addresses? We are essentially trying to forward packets from one interface to another without looking at the ip address. Bridging (brctl, br2684ctl) will not work in thiscase as the interfaces use different layer 2 encapsulation (e.g., atm0<=>eth0, or ppp0<=>eth0).We could build a rule to match the incoming interface, then point to a routing table with a default route set to the outbound interface. Theproblem, with this approach is the limit of 255 routing tables in iproute2. Presumably, it would consume 2 routing tables for each"connection" (one forward, one reverse). We need more than 126 "connections" per box.Some commercial routers allow policy routing using only the interfaces with ACL's, but it's not clear how this could be implemented in linux.We use debian (2.4 kernel) distro with iproute2, iptables, etc. Any suggestions would be most welcome.Cheers,Joe Devich ___LARTC mailing listLARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Miłego DniaKrystian Antoni -- Miłego DniaKrystian Antoni ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Starting from scratch w/ multiple uplinks
On Lun 9 mai 2005 17:14, Rafael A Barrero a écrit :
> Hey;
>
> I guess I should have included that aspect : what I want to achieve.
>
> I'd ideally like to use the new (faster line) as the default line for
> traffic, but be able to use the old line just as often depending on
> usage of the new line. However, it wouldn't matter if traffic routed
> randomly either. If one of the two lines is down, obviously use the
> one that is up.
Iproute allows you to route packets according to their iptable's MARK
field... you can randomly mark packets from new connections (with the
appropriate ratio for each link), and route on this criterion.
You should have a script in /etc/ppp/if{up,down}.d/ that changes the
routes if one link goes {up,down}.
>
> I just want to get the most out of both lines at the same time. My
> internal network has two services (http, imap) that need require port-
> forwarding from the router. Other than that the internal network is
> used for surfing the web, ssh, ftp, irc, p2p cients.
>
Your services can listen on both interfaces, no problem with that... you
can have load balancing on those links with multiple DNS records (though
that's not a "good thing" (tm).
Use the iptables MARK to use both at the same time, and the appropriate
iproute setup.
> What about my questions regarding updated documentation for iproute2
> (setting this all up)?
I think the contents of LARTC are enough material for you (and of course,
man iproute, man iptables).
For the record, I've never actually done this kind of setup, I'm just
thinking of what should be done to achieve those things. Somebody correct
me if this is just nonsense.
Regards,
Sylvain
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Starting from scratch w/ multiple uplinks
Am Montag, 9. Mai 2005 17:14 schrieb Rafael A Barrero: > Hey; > > I guess I should have included that aspect : what I want to achieve. > > I'd ideally like to use the new (faster line) as the default line for > traffic, but be able to use the old line just as often depending on > usage of the new line. However, it wouldn't matter if traffic routed > randomly either. If one of the two lines is down, obviously use the > one that is up. > > I just want to get the most out of both lines at the same time. My > internal network has two services (http, imap) that need require > port- forwarding from the router. Other than that the internal > network is used for surfing the web, ssh, ftp, irc, p2p cients. > > What about my questions regarding updated documentation for iproute2 > (setting this all up)? > > Thanks, > > -- > Rafael Barrero > [EMAIL PROTECTED] Ciao Rafael! Come stai? First, port-based routing is pretty straightforward: 1) use a default route 2) add firewall marks to packages you want to route differently 3) add another routing table with the other dsl router as default gateway 4) use the fw mark to "sort" packages in the other table, with the effect that they are routed via the other gateway. (see the lartc howto) that's all for that, we are using that and it works fine. Second, controlling and switching the line is a little trickier: As far as I know, - linux-ha can't do the trick natively (PLEASE CORRECT ME! I STILL HOPE!) - no software package exists for that purpose Therefore a shell skript is required In a issue of the german linux magazine was a skript which seems to be quit good for a similar purpose (two vpn tunnels via two dsl lines), and should be easily changed for that purpose. Perhaps we should try together to make a skript-based deamon (init.d) which is configurable and does the testing and switching. Third: Load balancing, Limiting and Priorizing is done with tc or tcng. tc's syntax is really tough (my opinion), tcng is better, but i haven't found the time for it. Alora, ciao. > > On May 9, 2005, at 4:30 PM, Sylvain BERTRAND wrote: > > On Lun 9 mai 2005 16:05, Rafael A Barrero a écrit : > >> Hi guys; > >> > >> I'm sure you are all bored of hearing the same story over and > >> over... but here it comes again. :) Yep, tomorrow I'm getting > >> another ADSL line installed and I wanted my linux router to handle > >> both providers (new and old). I have my linux router (fedora core > >> 2) setup to do NAT for my current line, but I know I'll need to > >> change my configuration to accommodate the second line. > >> > >> I have no problem with 'RTFM', but since I've started doing my > >> homework, I've realized that things have changed and I guess this > >> is the place to get the latest updates since most all sites out > >> there still refer to old 2.2/2.4 kernels, workflow and tools. > >> > >> Ideally I'm looking for a guide I can follow to setup an linux > >> router that will handle 2 uplinks and will do some minimal > >> load-balancing (to start). Maybe a guide is too much, so if you > >> have pointers, those are appreciated equally. > >> > >> Here's what I have to start: > >> > >> 1. Fedora Core 2 server with 3 ethernet cards > >> 2. Documentation from: http://lartc.org/howto/ > >> > >> What I know I need to do: > >> > >> 1. Need to recompile my kernel with all the advanced router > >> modules 2. Follow steps in documentation (above) on iproute2 > >> 3. Configure iptables > >> > >> Here's my network topology: > >> |--| > >> | > >> | INET 1 |<> > >> > >> Internet > >> > >> +--+---|| > >> +-+ | > >> (eth0) | |--| > >> > >> | | | Linux > >> > >> Router| > >> > >> | Local network | > >> | > >> | | <-> | > >> > >> (eth2) | > >> > >> | 192.168.0.x | | > >> > >> (192.168.0.1)| > >> > >> |(eth1) | > >> || > >> > >> +-+ > >> +--+--| INET2 | > >> > >> | | <--- > >>> > >>> Internet > >>> > >> || > >> > >> Here's what I want to know: > >> 1. Does an updated guide exist for multiple providers? > >> 2. Kernel: > >> - What kernel modules do I need to install? > >> - Do I need to patch my kernel? > >> - Do I need to supply any configuration parameters for these > >> kernel modules? > >> - Is my documentation up-to-date? If not, what's the diff and > >> where can I get the latest? I heard I shouldn't use this > >> documentation... 4. A
Re: [LARTC] Starting from scratch w/ multiple uplinks
Hey; I guess I should have included that aspect : what I want to achieve. I'd ideally like to use the new (faster line) as the default line for traffic, but be able to use the old line just as often depending on usage of the new line. However, it wouldn't matter if traffic routed randomly either. If one of the two lines is down, obviously use the one that is up. I just want to get the most out of both lines at the same time. My internal network has two services (http, imap) that need require port- forwarding from the router. Other than that the internal network is used for surfing the web, ssh, ftp, irc, p2p cients. What about my questions regarding updated documentation for iproute2 (setting this all up)? Thanks, -- Rafael Barrero [EMAIL PROTECTED] On May 9, 2005, at 4:30 PM, Sylvain BERTRAND wrote: On Lun 9 mai 2005 16:05, Rafael A Barrero a écrit : Hi guys; I'm sure you are all bored of hearing the same story over and over... but here it comes again. :) Yep, tomorrow I'm getting another ADSL line installed and I wanted my linux router to handle both providers (new and old). I have my linux router (fedora core 2) setup to do NAT for my current line, but I know I'll need to change my configuration to accommodate the second line. I have no problem with 'RTFM', but since I've started doing my homework, I've realized that things have changed and I guess this is the place to get the latest updates since most all sites out there still refer to old 2.2/2.4 kernels, workflow and tools. Ideally I'm looking for a guide I can follow to setup an linux router that will handle 2 uplinks and will do some minimal load-balancing (to start). Maybe a guide is too much, so if you have pointers, those are appreciated equally. Here's what I have to start: 1. Fedora Core 2 server with 3 ethernet cards 2. Documentation from: http://lartc.org/howto/ What I know I need to do: 1. Need to recompile my kernel with all the advanced router modules 2. Follow steps in documentation (above) on iproute2 3. Configure iptables Here's my network topology: |--| | INET 1 |<> Internet +--+---|| +-+ | (eth0) | |--| | | | Linux Router| | Local network | | | | | <-> | (eth2) | | 192.168.0.x | | (192.168.0.1)| | | |(eth1) | || +-+ +--+--| INET2 | | |<--- Internet || Here's what I want to know: 1. Does an updated guide exist for multiple providers? 2. Kernel: - What kernel modules do I need to install? - Do I need to patch my kernel? - Do I need to supply any configuration parameters for these kernel modules? - Is my documentation up-to-date? If not, what's the diff and where can I get the latest? I heard I shouldn't use this documentation... 4. Anyone have sample scripts for iptables (NAT) for this type of setup? 5. How do I configure QoS? What's Wonder Shaper? 6. Am i missing anything? As long as I'm pointed in the right direction, with good documentation, I think I can make it. Of course, I'll probably need a little help, so thanks in advance! Cheers, -- Rafael Barrero [EMAIL PROTECTED] Hi Rafael, From my point of view, you don't need to enable advanced routing options in the kernel. You may want to enable QoS though, and use iproute. The kernel setup is not the hard part. The hard part is routing the traffic on one link or the other, according to your needs. Have you already asked your self what you want to do with those links? Load balancing? Some services on one interface and the others on the second? First, try to be sure you know what you wan't to do. Then, think about a way to split the traffic between interfaces. Regards, Sylvain ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] individual connections
Is it possible (one way or another) to guarantee or to limit bandwidth of 1 session? E.g.: RDP: 750kbit rate, 1Mbit ceil default: 250kbit rate, 1Mbit ceil max bw per RDP connection: 100kbit guaranteed bw per RDP session: 20kbit R. -- ___ It's so simple to be wise. Just think of something stupid to say and say the opposite. +--+ | Richard Lucassen, Utrecht| | Public key and email address:| | http://www.lucassen.org/mail-pubkey.html | +--+ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Starting from scratch w/ multiple uplinks
On Lun 9 mai 2005 16:05, Rafael A Barrero a écrit : > Hi guys; > > I'm sure you are all bored of hearing the same story over and over... > but here it comes again. :) Yep, tomorrow I'm getting another ADSL > line installed and I wanted my linux router to handle both providers > (new and old). I have my linux router (fedora core 2) setup to do NAT > for my current line, but I know I'll need to change my configuration > to accommodate the second line. > > I have no problem with 'RTFM', but since I've started doing my > homework, I've realized that things have changed and I guess this is > the place to get the latest updates since most all sites out there > still refer to old 2.2/2.4 kernels, workflow and tools. > > Ideally I'm looking for a guide I can follow to setup an linux router > that will handle 2 uplinks and will do some minimal load-balancing > (to start). Maybe a guide is too much, so if you have pointers, those > are appreciated equally. > > Here's what I have to start: > > 1. Fedora Core 2 server with 3 ethernet cards > 2. Documentation from: http://lartc.org/howto/ > > What I know I need to do: > > 1. Need to recompile my kernel with all the advanced router modules > 2. Follow steps in documentation (above) on iproute2 > 3. Configure iptables > > Here's my network topology: > > |--| > > | INET 1 |<> > Internet > > +--+---|| > +-+ | > (eth0) | |--| > | | | Linux > Router| > | Local network | > | | > | | <-> | > (eth2) | > | 192.168.0.x | | (192.168.0.1)| > | | > |(eth1) | || > +-+ > +--+--| INET2 | > > | |<--- > > Internet > > || > > > Here's what I want to know: > 1. Does an updated guide exist for multiple providers? > 2. Kernel: > - What kernel modules do I need to install? > - Do I need to patch my kernel? > - Do I need to supply any configuration parameters for these kernel > modules? > - Is my documentation up-to-date? If not, what's the diff and where > can I get the latest? I heard I shouldn't use this documentation... > 4. Anyone have sample scripts for iptables (NAT) for this type of setup? > 5. How do I configure QoS? What's Wonder Shaper? > 6. Am i missing anything? > > As long as I'm pointed in the right direction, with good > documentation, I think I can make it. Of course, I'll probably need a > little help, so thanks in advance! > > Cheers, > > -- > Rafael Barrero > [EMAIL PROTECTED] > Hi Rafael, >From my point of view, you don't need to enable advanced routing options in the kernel. You may want to enable QoS though, and use iproute. The kernel setup is not the hard part. The hard part is routing the traffic on one link or the other, according to your needs. Have you already asked your self what you want to do with those links? Load balancing? Some services on one interface and the others on the second? First, try to be sure you know what you wan't to do. Then, think about a way to split the traffic between interfaces. Regards, Sylvain ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Starting from scratch w/ multiple uplinks
Hi guys; I'm sure you are all bored of hearing the same story over and over... but here it comes again. :) Yep, tomorrow I'm getting another ADSL line installed and I wanted my linux router to handle both providers (new and old). I have my linux router (fedora core 2) setup to do NAT for my current line, but I know I'll need to change my configuration to accommodate the second line. I have no problem with 'RTFM', but since I've started doing my homework, I've realized that things have changed and I guess this is the place to get the latest updates since most all sites out there still refer to old 2.2/2.4 kernels, workflow and tools. Ideally I'm looking for a guide I can follow to setup an linux router that will handle 2 uplinks and will do some minimal load-balancing (to start). Maybe a guide is too much, so if you have pointers, those are appreciated equally. Here's what I have to start: 1. Fedora Core 2 server with 3 ethernet cards 2. Documentation from: http://lartc.org/howto/ What I know I need to do: 1. Need to recompile my kernel with all the advanced router modules 2. Follow steps in documentation (above) on iproute2 3. Configure iptables Here's my network topology: |--| | INET 1 |<> Internet +--+---|| +-+ | (eth0) | |--| | | | Linux Router| | Local network | | | | | <-> | (eth2) | | 192.168.0.x | | (192.168.0.1)| | | |(eth1) | || +-+ +--+--| INET2 | | |<--- > Internet || Here's what I want to know: 1. Does an updated guide exist for multiple providers? 2. Kernel: - What kernel modules do I need to install? - Do I need to patch my kernel? - Do I need to supply any configuration parameters for these kernel modules? - Is my documentation up-to-date? If not, what's the diff and where can I get the latest? I heard I shouldn't use this documentation... 4. Anyone have sample scripts for iptables (NAT) for this type of setup? 5. How do I configure QoS? What's Wonder Shaper? 6. Am i missing anything? As long as I'm pointed in the right direction, with good documentation, I think I can make it. Of course, I'll probably need a little help, so thanks in advance! Cheers, -- Rafael Barrero [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wondershaper tweaking
On Monday 09 May 2005 10:29, Anthony Letchet wrote: > Im still reading the howtos on how to write my own rules but since the > wondershaper script is doing exactly what i want i had hoped that > someone would know the commands to implement this now :) I did such a modification to wondershaper once for somebody on this list. The file is still there: http://www.metamorpher.de/files/wshaper-over-lan.htb And an image of the class tree: http://www.metamorpher.de/files/wshaper-over-lan.png I don't use this myself, and never tested it myself, so there is no guarantee that it will actually work. My basic idea how to solve this was to create one fat class which can use the NIC at full speed, and two child classes, one for internet traffic which limits to internet speed, and one for LAN traffic, which limits to full speed minus internet speed. I use pretty much the same concept in my FairNAT shaping script (which is designed for routers) and it works for me. HTH Andreas ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wondershaper tweaking
Well as near as I can tell you have at least a few options. 1) You could take a look at the shaping how to that I think is somewhere linked off the gentoo.org documentation. That way you could create/modify a script that would handle it. 2) Change your topology so all your equipment is connected to one ethernet card with the other dedicated for internet access. I really recommend this, if its possible since its the easiest way to firewall things. 3) Install a third card for your internet access and do the shaping on that. That is about the simplest. You could try something like ipconfig eth0:1 192.168.55.75 netmask 255.255.255.0 to create a fake interface, but I haven't had much luck shaping on them. Do also note that shaping your download rate is _not_ free. Afaik it drops packets to coerce that rate which gets TCP/IP to slow down. Good luck. On Mon, 2005-05-09 at 09:29 +0100, Anthony Letchet wrote: > Hi all, ive got wondershaper working well with the highest download > while maintaing minimal latency but the problem is this: > > ive got 2 nics in the linux router eth0 and eth1. eth1= internet > interface but this is connected to a router say 10.0.0.190, now off that > router there are other servers, mail server, domino server etc now if i > shape on eth1 ingress and egress using the wondershaper script then i > only get internet speeds to my local servers, when i could be getting > 100mbit :) > > Hope you can see my dilemma, what i want to do basically is within use > some tc commands to say do not shape traffic at all if it is coming to > or going to these ips: 10.0.0.2 10.0.0.3 10.0.0.4 etc > Im still reading the howtos on how to write my own rules but since the > wondershaper script is doing exactly what i want i had hoped that > someone would know the commands to implement this now :) > > > my diagram > > lan clients -> linux router -> eth1 -> 100mbit router/switch -> PPPOa > eth1-> 100mbit/switch -> > server1,2,3 > > Cheers > > Anthony > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > -- Robert Denier ([EMAIL PROTECTED]) PhD Electrical Engineering (May 2005) University of Missouri-Rolla http://www.finiteinfinity.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] wondershaper tweaking
Hi all, ive got wondershaper working well with the highest download while maintaing minimal latency but the problem is this: ive got 2 nics in the linux router eth0 and eth1. eth1= internet interface but this is connected to a router say 10.0.0.190, now off that router there are other servers, mail server, domino server etc now if i shape on eth1 ingress and egress using the wondershaper script then i only get internet speeds to my local servers, when i could be getting 100mbit :) Hope you can see my dilemma, what i want to do basically is within use some tc commands to say do not shape traffic at all if it is coming to or going to these ips: 10.0.0.2 10.0.0.3 10.0.0.4 etc Im still reading the howtos on how to write my own rules but since the wondershaper script is doing exactly what i want i had hoped that someone would know the commands to implement this now :) my diagram lan clients -> linux router -> eth1 -> 100mbit router/switch -> PPPOa eth1-> 100mbit/switch -> server1,2,3 Cheers Anthony ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
