Re: [LARTC] General Traffic Control Question
Jon wrote: On Tue, June 7, 2005 18:24, Cal Spadoni said: Here's my situation: [Snip] Is there a way to use iptables to force answers for data going out a given ppp link to be returned using the same link? Thanks in advance for your help!! - Cal [EMAIL PROTECTED] Perhaps ip_connmark is what your looking for. -- Regards, Jon Nah, the issue is sending out data from all 4 ppp interfaces with the same source ip, obviously the data is all going to be sent back to that one ip. The other end of the connections is sending down only 1 of the 4 ppp interfaces. If all 4 ppp interfaces truly do have the same ip, then nothing can be done locally, it has to be done on the other end of the 4 ppp interfaces. However, if each of the 4 ppp interfaces does have a different ip, you could use some nat and load balancing, there's a rther helpful faq here http://lartc.org/howto/lartc.rpdb.multiple-links.html Using that method, the source ip will be cycled between the 4 for new connections, attempting to keep them load balanced. - Jody ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] General Traffic Control Question
On Tue, June 7, 2005 18:24, Cal Spadoni said: > Here's my situation: > > I've got an Intel machine running a 2.6.9 linux kernel and this box has > 4 modems attached to it via a usb to serial port expander. In order to > force data down each of the modems, some pretty simple rules are used > and they are as follows: > > iptables -t mangle -A OUTPUT -p tcp --dport $PORT1 -j MARK --set-mark 1 > iptables -t mangle -A OUTPUT -p tcp --dport $PORT2 -j MARK --set-mark 2 > iptables -t mangle -A OUTPUT -p tcp --dport $PORT3 -j MARK --set-mark 3 > iptables -t mangle -A OUTPUT -p tcp --dport $PORT4 -j MARK --set-mark 4 > > ip rule add fwmark 1 table isp1 > ip rule add fwmark 2 table isp2 > ip rule add fwmark 3 table isp3 > ip rule add fwmark 4 table isp4 > > ip route add default via $GWIPADDR dev ppp0 table isp1 > ip route add default via $GWIPADDR dev ppp1 table isp2 > ip route add default via $GWIPADDR dev ppp2 table isp3 > ip route add default via $GWIPADDR dev ppp3 table isp4 > > $PORT1 thru $PORT4 are unique and $GWIPADDR is the same for all 4 ppp > links. > > Using these rules, data going out of my Intel box is shaped nicely based > on looking at the transmit columns in /proc/net/dev. > > On the receive side, all of the traffic is coming down the only kernel > default route, which is ppp0, and this is the problem. > > Is there a way to use iptables to force answers for data going out a > given ppp link to be returned using the same link? > > Thanks in advance for your help!! > > - Cal > > [EMAIL PROTECTED] > Perhaps ip_connmark is what your looking for. -- Regards, Jon ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] General Traffic Control Question
Here's my situation: I've got an Intel machine running a 2.6.9 linux kernel and this box has 4 modems attached to it via a usb to serial port expander. In order to force data down each of the modems, some pretty simple rules are used and they are as follows: iptables -t mangle -A OUTPUT -p tcp --dport $PORT1 -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -p tcp --dport $PORT2 -j MARK --set-mark 2 iptables -t mangle -A OUTPUT -p tcp --dport $PORT3 -j MARK --set-mark 3 iptables -t mangle -A OUTPUT -p tcp --dport $PORT4 -j MARK --set-mark 4 ip rule add fwmark 1 table isp1 ip rule add fwmark 2 table isp2 ip rule add fwmark 3 table isp3 ip rule add fwmark 4 table isp4 ip route add default via $GWIPADDR dev ppp0 table isp1 ip route add default via $GWIPADDR dev ppp1 table isp2 ip route add default via $GWIPADDR dev ppp2 table isp3 ip route add default via $GWIPADDR dev ppp3 table isp4 $PORT1 thru $PORT4 are unique and $GWIPADDR is the same for all 4 ppp links. Using these rules, data going out of my Intel box is shaped nicely based on looking at the transmit columns in /proc/net/dev. On the receive side, all of the traffic is coming down the only kernel default route, which is ppp0, and this is the problem. Is there a way to use iptables to force answers for data going out a given ppp link to be returned using the same link? Thanks in advance for your help!! - Cal [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] [CBQ problem]
Hello, guys! I have router that shape traffic with cbq+sfq and everything was working fine until today when I put two more files one for upload and one for download, and I get high latency about 20-30ms the usage of CPU0 is about 100%. if I remove these two files then everything is back to normal. With these two files I have more than files one for upload and one for download. There is no difference between these two files and other files I think that the problem is with number of rules. Is there any limits for sfq and can I increase them? router hardware configuration: dual p4 xeon 2.4Ghz ; 1GB/ram ; two nics e1000/64bit running kernel is 2.4.27 traffic that pass through router is about 300mbps 40-50kpkt/sec Any help, suggestions or comments on that will be appreciated. Regards, E.A. -- SELLINET Internet Services Provider - http://www.sellinet.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] [ANNOUNCE] iproute2-ss050607
Small update to iproute2, I have been waiting to get a CVS conversion completed and working on other things so changes are small. http://developer.osdl.org/dev/iproute2/download/iproute2-ss050607.tar.gz Stephen Hemminger * Fix 'ip link' map to handle case where device gets autoloaded by using if_nametoindex as fallback * Device indices are unsigned not int. Masahide NAKAMURA * [ip] show timestamp when using '-t' option. * [ip] remove duplicated code for expired message of xfrm. * [ip] add "deleteall" command for xfrm; "flush" uses kernel's flush interface and "deleteall" uses legacy iproute2's flush feature like getting-and-deleting-for-each. This is the first export from the CVS repo, so let me know if there are any quirks. If you have something you want to see in the next release and it isn't there please resend. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: [PATCH] Support module autoloading in iproute2
Okay, I added the same effective hook but using if_nametoindex() and without the vanity comment. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wrr question
On Tue, 7 Jun 2005 23:33:20 +0200 Kenneth Kalmer <[EMAIL PROTECTED]> wrote: >Anycase, I just thought that WRR might offer a smoother experience for >the users, but I'll stick with my HTB setup for now since it's working >beautifully. If anybody has an alternative suggestion, please shout. In case you pay by the amount of transferred data, WRR is probably not the right choice. Yours sincerely, Peter ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wrr question
Jonathan I've got a full HTB setup currently, and I'm just looking at other options for greener pastures. The thing at the moment is that we offer internet to students, and South African bandwidth is probably the most expensive in the world... We want to limit things to stop abusive behaviour even before it begins... My main concern is that since we do overschedule the available bandwidth, I need everyone's bandwidth to degrade equally, depending on the amount of users. Currently I basically set my rules like this: rate = total rate / num of users ceil = total rate / 8 I'm just worried about the equal degrading of everyones links.. Anycase, I just thought that WRR might offer a smoother experience for the users, but I'll stick with my HTB setup for now since it's working beautifully. If anybody has an alternative suggestion, please shout. Thanks for the reply though. On 6/7/05, Jonathan Day <[EMAIL PROTECTED]> wrote: > Hi, > > For something like this, where you're wanting to do > bandwidth capping, you're probably better off with > something like CBQ, which supports limits. > > It sounds like you want soft limits of 4% (a fair > slice, when 25 users are present) and hard limits of > 25%. > > Another option would be to use WRR and then use > pattern-matching in Netfilter to set the hard limit. > > Part of the problem is that there are a very large > number of "Quality of Service" protocols, of which > Linux supports some, but that there is no really clear > cheat-sheet on what to use when, what works well with > what, and what capabilities each QoS method has. > > Jonathan > > --- Kenneth Kalmer <[EMAIL PROTECTED]> wrote: > > > Guys > > > > All the recent discussions recently, and the > > knowledge of a 2.6 port, > > of WRR has made me very keen on trying it. I had a > > look at the docs > > and examples know but my mind is not in a very > > receptive state. > > > > Take this simple example. > > > > Incoming internet connection of 1mbps. Shared > > between up to 25 users > > simultaneously. > > > > I know that WRR can fairly distribute the traffic > > amongst the > > currently connected clients at any specific time. > > I'd like to know how > > can I restrict any client from getting more than > > 256kbps (or 25%) of > > the total link speed, even when they are the only > > users. > > > > Kind regards > > > > -- > > > > Kenneth Kalmer > > [EMAIL PROTECTED] > > http://opensourcery.blogspot.com > > ___ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- Kenneth Kalmer [EMAIL PROTECTED] http://opensourcery.blogspot.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wrr question
Hi, For something like this, where you're wanting to do bandwidth capping, you're probably better off with something like CBQ, which supports limits. It sounds like you want soft limits of 4% (a fair slice, when 25 users are present) and hard limits of 25%. Another option would be to use WRR and then use pattern-matching in Netfilter to set the hard limit. Part of the problem is that there are a very large number of "Quality of Service" protocols, of which Linux supports some, but that there is no really clear cheat-sheet on what to use when, what works well with what, and what capabilities each QoS method has. Jonathan --- Kenneth Kalmer <[EMAIL PROTECTED]> wrote: > Guys > > All the recent discussions recently, and the > knowledge of a 2.6 port, > of WRR has made me very keen on trying it. I had a > look at the docs > and examples know but my mind is not in a very > receptive state. > > Take this simple example. > > Incoming internet connection of 1mbps. Shared > between up to 25 users > simultaneously. > > I know that WRR can fairly distribute the traffic > amongst the > currently connected clients at any specific time. > I'd like to know how > can I restrict any client from getting more than > 256kbps (or 25%) of > the total link speed, even when they are the only > users. > > Kind regards > > -- > > Kenneth Kalmer > [EMAIL PROTECTED] > http://opensourcery.blogspot.com > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wrr question
On Tue, 7 Jun 2005 21:35:03 +0200 Kenneth Kalmer <[EMAIL PROTECTED]> wrote: >Guys hi >I know that WRR can fairly distribute the traffic amongst the >currently connected clients at any specific time. I'd like to know how >can I restrict any client from getting more than 256kbps (or 25%) of >the total link speed, even when they are the only users. You can't, at least not easily. However, unless you have specific reasons to do so, it doesn't matter. >Kind regards Yours sincerely, Peter ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] wrr question
Guys All the recent discussions recently, and the knowledge of a 2.6 port, of WRR has made me very keen on trying it. I had a look at the docs and examples know but my mind is not in a very receptive state. Take this simple example. Incoming internet connection of 1mbps. Shared between up to 25 users simultaneously. I know that WRR can fairly distribute the traffic amongst the currently connected clients at any specific time. I'd like to know how can I restrict any client from getting more than 256kbps (or 25%) of the total link speed, even when they are the only users. Kind regards -- Kenneth Kalmer [EMAIL PROTECTED] http://opensourcery.blogspot.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HOW TO REDUCE INTERNET TRAFFIC ONLY
I guess you are using NAT to get your clients out to the internet, so on ppp0 you wan't see any internal address anymore. You can give IMQ in BB mode a try. In this mode IMQ gets the outgoing packets before they have passed the Postrouting chain (where the NAT happens). Then you can match on internal IPs. Hope this helps. Cheers, Andreas s.az wrote: Hi, How i reduce the traffic of a computer to internet only. Not my lan I did try with this, but it's useless: tc qdisc add dev ppp0 root handle 1: htb tc class add dev ppp0 parent 1: classid 1:1 htb rate 128kbit burst 6k tc filter add dev ppp0 parent 1: protocol ip u32 match ip dst 192.168.0.2 flowid 1:1 Can u give me a hand ? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HOW TO REDUCE INTERNET TRAFFIC ONLY
Hi, How i reduce the traffic of a computer to internet only. Not my lan I did try with this, but it's useless: tc qdisc add dev ppp0 root handle 1: htb tc class add dev ppp0 parent 1: classid 1:1 htb rate 128kbit burst 6k tc filter add dev ppp0 parent 1: protocol ip u32 match ip dst 192.168.0.2 flowid 1:1 Can u give me a hand ? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Shaping of local transparent proxy services.
Hello. My situation looks like: localnet 10.2.1.0/24 | 10.2.1.1 eth0 (100Mbit) gateway ppp0 (DSL 1MBit/256kbit) | internet On gateway I have some transparent proxy services. I would like to shape traffic incoming from internet and guarantee some bandwidth for non proxy services. When I shape traffic I shape proxy services too. What I can do? With regards Xperience -- Znajdz swoja milosc na wiosne... >>> http://link.interia.pl/f187a ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc