[LARTC] Route cache
Hi, I have a P4 @ 3Ghz router running Debian. It shapes traffic ( about 500-600 classes ), about 1000 iptables rules, and it does BGP too, so i get about 1300+ routes in the routing table. The problem is the load is too high on this system. I found a solution to my problem, turning off the route cache, but i dont know how to implement it, I was wondering if anyone found a way to disable the route caching system inside the kernel, to improve router performance in high traffic conditions. Thanks ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Forwarding connections/packets across interfaces
Martin A. Brown wrote: Did you pay your semi-annual chicken-sacrificing bill? If not, I may not be able to help you. That bill is paid, but my ticket on the clue train isn't... Hour after I wrote that, I realized there's not return path for packets. At least to that source address. Have a potential solution working using SNAT. Thanks for indulging me. -Alan -- Alan Sparks, UNIX/Linux Systems Integration and Administration <[EMAIL PROTECTED]> ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Forwarding connections/packets across interfaces
Greetings Alan, : I have a mail server (and a test program as well) that binds to : an address on eth1, and tries to connect to an address on eth0's : network. Connections just time out. I've tested connections : where I did not bind to a specific interface and I can make the : connection. : : I've set ip_forward=1, and rp_filter=0 on all interfaces, and : still cannot get a connection from eth1's address to something : off of eth0's networks. Firewalls are disabled on the host. WellI don't think you should need to remove rp_filter unless you are performing policy routing in addition to the simple routing configuration you describe. : Is there additional voodoo that needs to be set to allow traffic : to cross from one interface to the other? Did you pay your semi-annual chicken-sacrificing bill? If not, I may not be able to help you. OK, seriously, I have just tested exactly this sort of connection on a similarly configured network. It works exactly as you want it to. I'm guessing that you have some packet filter somewhere which is interfering. How would you be able to tell? First, watch traffic to see if it is ever leaving your router, and watch on your mailserver to see that traffic is arriving: router# tcpdump -nn -i eth0 host $MAILSERVER_IP mailserver# tcpdump -nn -i eth0 host $ROUTER_IP_0 or host $ROUTER_IP_1 Now, make those connections from your router (with your TCP testing tool of choice): router# socat - TCP4:$MAILSERVER_IP:$SERVICE,bind=$eth0_IP router# nc -vvs $eth1_IP $MAILSERVER_IP $SERVICE If you don't see any traffic leaving your router, is it possible that you have a strange POSTROUTING rule which does not refer to output interface? Good luck, -Martin -- Martin A. Brown http://linux-ip.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Forwarding connections/packets across interfaces
Have a inter-interface routing issue, hoping someone can either throw a clue or point me where I can get one. This is on a CentOS 3 system. Have interfaces eth0 and eth1. eth0 is connected to internal network, eth1 to separate distinct network. The default route on the box is set to the roter address on the eth1 network. I have static routes defined to send local network traffic to eth0 and eth0's router. I have a mail server (and a test program as well) that binds to an address on eth1, and tries to connect to an address on eth0's network. Connections just time out. I've tested connections where I did not bind to a specific interface and I can make the connection. I've set ip_forward=1, and rp_filter=0 on all interfaces, and still cannot get a connection from eth1's address to something off of eth0's networks. Firewalls are disabled on the host. Is there additional voodoo that needs to be set to allow traffic to cross from one interface to the other? Thanks in advance for any advice or pointers. I hope I've made the problem clear enough... -Alan -- Alan Sparks, UNIX/Linux Systems Integration and Administration <[EMAIL PROTECTED]> ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb overrate with 2.6.16
On Mon, 2006-04-17 at 21:32 +0200, Patrick McHardy wrote: > Andy Furniss wrote: > >> Well, as much as google tells me TSO has been in the kernel and enabled > >> since 2.5.33 and e1000 was the first driver to support it. The FC4 > >> 2.6.16 kernel doesn't have any tso related patches as can be > >> seen here http://cvs.fedora.redhat.com/viewcvs/rpms/kernel/FC-4/ > >> > >> Since my immediate problem was solved with the mtu param I plan on > >> forgetting about htb and traffic control in general for the time > >> being :) Thanks again. > > > > > > One more thing I just thought - sfq sets its quantum from the dev mtu. Riiight. I should have tried without the sfq earlier. Without it this works as expected without explicit mtu setting for the htb class. And no giants. # tc qdisc add dev eth0 root handle 1: htb # tc class add dev eth0 parent 1: classid 1:2 htb rate 2Mbit # tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 50 fw flowid 1:2 > One more possibility: current kernels support UDP fragmentation offload > (UFO), which has similar effects as TSO. The in-tree e1000 driver > doesn't support it, but maybe the fedora one does. No mention of ufo or e1000 in any of the patches that can be found in the url above. > Changes in the fragmentation behaviour of conntrack in 2.6.16 could also > be responsible (if you're using it). Can you please post your NAT and > marking rules, routing rules etc? Here are the "interesting" rules where the packets in question pass. Have no rules other than the ones in the mangle table mangle OUTPUT -m owner --uid-owner shaped -j userchain userchain -m length --length 512:65535 -j MARK --set-mark 0x32 -> the fw filter ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] W(RED) curve implementation in Linux DiffServ
Hi! I have a Traffic Control/QoS question about the W(RED - Random Early Detection/Discard) curve implementation in the Traffic Control environment. Is this the right curve for RED - has it been tried to be implemented in the Traffic Control environment?: An Analytical RED Function Design Guaranteeing Stable System Behavior: http://www.ist-mobydick.org/publications/aqm_iscc2003.pdf Citat: "... The resulting function is non-linear and can be described by a polynomial expression. The advantage of this function lies not only in avoiding heavy oscillations but also in avoiding link under-utilization at low loads. The applicability of the derived function is independent of the load range, no parameters are to be adjusted. Compared to the original linear drop function applicability is extended by far. For implementation the shape of the derived function can be approximated with a normalized power function of the queue size. Our example with realistic system parameters gives an approximation function of the cubic of the queue size. The effort to implement the approximated cubic function is not much higher compared to the linear function..." - RED is mentioned here in the previous 2.4 kernel: http://www.linuxguruz.com/iptables/howto/2.4routing-14.html Quote: "... In order to cope with transient congestion on links, backbone routers will often implement large queues. Unfortunately, while these queues are good for throughput, they can substantially increase latency and cause TCP connections to behave very bursty during congestion. ... RED statistically drops packets from flows before it reaches its hard limit. This causes a congested backbone link to slow more gracefully, and prevents retransmit synchronisation. This also helps TCP find its 'fair' speed faster by allowing some packets to get dropped sooner keeping queue sizes low and latency under control. The probability of a packet being dropped from a particular connection is proportional to its bandwidth usage rather than the number of packets it transmits. ..." thanks, Glenn Moeller-Holst ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb overrate with 2.6.16
Andy Furniss wrote: >> Well, as much as google tells me TSO has been in the kernel and enabled >> since 2.5.33 and e1000 was the first driver to support it. The FC4 >> 2.6.16 kernel doesn't have any tso related patches as can be >> seen here http://cvs.fedora.redhat.com/viewcvs/rpms/kernel/FC-4/ >> >> Since my immediate problem was solved with the mtu param I plan on >> forgetting about htb and traffic control in general for the time >> being :) Thanks again. > > > One more thing I just thought - sfq sets its quantum from the dev mtu. One more possibility: current kernels support UDP fragmentation offload (UFO), which has similar effects as TSO. The in-tree e1000 driver doesn't support it, but maybe the fedora one does. Changes in the fragmentation behaviour of conntrack in 2.6.16 could also be responsible (if you're using it). Can you please post your NAT and marking rules, routing rules etc? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb overrate with 2.6.16
Yanko Kaneti wrote: On Sun, 2006-04-16 at 19:40 +0100, Andy Furniss wrote: Yanko Kaneti wrote: On Sun, 2006-04-16 at 03:03 +0100, Andy Furniss wrote: Yanko Kaneti wrote: Setting mtu 16500 for the class fixed it. But I wonder where did these giants come from in the first place? The mtu of the interface is and was 1500. Or so ifconfig and ip link tell me. Or this is some other mtu we are talking about... Hmm I didn't expect that - maybe there is some problem with the nic drivers not obeying kernel - is there any tso offload etc. at work here ? Yes and its on by default. The interface mtu still says 1500. I've tried deleting and attaching the qdisc+class (without explicit large mtu) with both tso on (ethtool -K eth0 tso on) and tso off , it doesnt seem to matter - giants appear in both cases. With large mtu for the class no giants with both tso on and off. I think you need to ask fedora or intel driver maintainer about this. AIUI tso is not in vanilla kernels and the patches are quite invasive. Well, as much as google tells me TSO has been in the kernel and enabled since 2.5.33 and e1000 was the first driver to support it. The FC4 2.6.16 kernel doesn't have any tso related patches as can be seen here http://cvs.fedora.redhat.com/viewcvs/rpms/kernel/FC-4/ Since my immediate problem was solved with the mtu param I plan on forgetting about htb and traffic control in general for the time being :) Thanks again. One more thing I just thought - sfq sets its quantum from the dev mtu. While I always thought that the "must be >=mtu" comment in the source was a bit OTT, it still "should" be >= mtu for the drr to be 0(1) for cpu work. You can set it explicitly by adding quantum=X on the sfq line. For ethernet X is mtu + 14. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links
So, I will try to explain how all the parts get together but in any doubt, just ask me: The main script is check_links_balanced.pl and it runs on the crontab in my case each minute or 2 minutes. In the beginning of the script there are some setups: $OPNET_CONF="/usr/local/scripts/opnet.conf"; We have a service the we call OpNet, that's why the OPNET thing, so, this is where the configurations for the links are, I will attach my configuration so you can base yours, very simple. $RCFIREWALL="/etc/rc.d/rc.firewall"; Where your firewall script is, the main script need to check if the firewall is ok and change it if a link goes DOWN ou UP. # hosts file $HOSTS_FILE="/usr/local/scripts/hosts.txt"; The lists of hosts, can be IPs ou names. # logfile $LOGFILE="/var/log/check_links_balanced.log"; Well, the log ifle to see how things are going # mininal % os hosts that must be UP to consider a link UP $CRITICAL=30; So, you have to create an entry for each link and the /etc/iproute2/rt_tables using LINK1 , LINK2 and so on for the table name for each link that you have. This is important, because everything in connected to the link number, like, LINK1, the firewall mark 1 will send packets to the LINK1, will use the configurations of the rc.LINK1, will set the wshaper.LINK1 script and so on. Ok, so you will have a /etc/rc.d/rc.LINKx and /etc/rc.d/wshaper.LINKx for each link, these rc.LINKx will set the routing table LINKx properly and put the link UP, whether its a ethernet or ADSL with a PPP interface. For PPP interfaces, we will have some extra configurations in /etc/ppp, like /etc/ppp/ip-up that will have to set some routes when the ADSL goes UP, based on th interface, it will set default route for the table LINKx and set up rules, removing old rules if the IP is dynamic and setting the new one for the new IP interface. In /etc/ppp/peers you must create one configuraion for each PPP interface you have and each one gets an fixed name, using unit x, so I know the PPP0 will always be the same ADSL, otherwise linux will choose the number of the PPP interface dynamicly, and everything would be lost. I also have one configuration for each PPPOE interface. The only thing that I can not do yet is work widh DHCP interfaces, I have still to see show dhclient can be used to to the same thing a I do with the PPP interfaces. The firewall has to have the following in mangle: # here, one for each link wiht a MARK, in this case # LINK1 - eth1 - is a cable with fixed IP. and LINK2 is and ADSL $iptables -A OUTPUT -t mangle -o eth1 -j MARK --set-mark 1 $iptables -A OUTPUT -t mangle -o ppp0 -j MARK --set-mark 2 # CONNMARK PREROUTING # pakets with state invalid can not be used with CONNMARK $iptables -t mangle -A PREROUTING -j MARK --set-mark 10 -m state --state INVALID $iptables -t mangle -A PREROUTING -j RETURN -m state --state INVALID # if the paket belongs to an already known an "tagged" connection # then copy conmark -> mark and go ahead with routing $iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark $iptables -t mangle -A PREROUTING -j RETURN -m mark ! --mark 0 # if it is a "untagged" connection and coming from an outside inteface # then save this as connmark and copy connmark -> mark $iptables -t mangle -A PREROUTING -j CONNMARK --set-mark 1 -i eth1 $iptables -t mangle -A PREROUTING -j CONNMARK --set-mark 2 -i ppp0 $iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark # CONNMARK POSTROUTING $iptables -A POSTROUTING -t mangle -m mark ! --mark 0 -j RETURN $iptables -A POSTROUTING -t mangle -j MARK --set-mark 1 -m state --state NEW -o eth1 $iptables -A POSTROUTING -t mangle -j MARK --set-mark 2 -m state --state NEW -o ppp0 $iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark -m state --state NEW This will balanced the internet access and you can set some connections to go a specific link # Secure sites always via the same link, to keep integrity $iptables -A PREROUTING -p tcp -t mangle -s 192.168.0.0/16 --dport 5000 -j MARK --set-mark 1 So here LAN access to port TCP 5000 will always get out via LINK1, when LINK1 is DOWN, the main scripts will comment this line OUT and run rc.firewall, so this packets will the go though the other links. See if you have tree links, you culd do that $iptables -A PREROUTING -p tcp -t mangle -s 192.168.0.0/16 --dport 5000 -j MARK --set-mark 3 $iptables -A PREROUTING -p tcp -t mangle -s 192.168.0.0/16 --dport 5000 -j MARK --set-mark 2 I will mark the same packts three time, CPU waste, but the packet would via LINK2, if LINK2 goes down, they would go via LINK3, if LINK3 and LINK2 goes down, the lines get commented, the packets go via the remaing link or links. In the end of the scripts you have to have the NAT part # NAT eth1 IP=`/usr/local/scripts/get_ip_interface.pl eth1` $iptables -A POSTROUTING -t nat -m mark --mark 1 -j SNAT --to-source $IP # NAT ppp0 IP=`/usr/local/scripts/get_ip_i
RE: [LARTC] Problems in Dead Gateway Detection / Failover- MultipleISP Links
Hi, I've some similar: I croned a perl script that every 2 minutes check via ICMP some referential host ( for each "default route"). If some route is down , I take off it from "default routes table". But I think that make it by TCP connect at 80 port is better. bests. andres -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Alessandro Ren Enviado el: Lunes, 17 de Abril de 2006 12:17 p.m. Para: [EMAIL PROTECTED] CC: lartc@mailman.ds9a.nl Asunto: Re: [LARTC] Problems in Dead Gateway Detection / Failover- MultipleISP Links I bind to the interface IP and connect to 20 different sites or more, the sites are listed in a text file, using the TCP connect in perl. Off course, the ip rule tables the the marks in the firewall must be set correcly so you know that the connections are going through the right interface. I can share de script, it's a litle complex in its structus, as it depends on some external scripts, but I will try the share and problably get more and better ideas to do the fail over / multi path routing. I will prepare and sent a email with it shortly. []s. Shashikant Mundlik wrote: Hi Ren, Thanks for your help. But how do you check that you reach less than 20 of your sites. (do you mean 20 websites?). Will you able to share the script? That will be great help. Thanks and regards, Shashikant Mundlik System Administrator UBICS, Pune Phone: 91 20 2729 1004 x 138 Mobile : 91 9372 044015 www.ubics.com The UB Group DISCLAIMER AND PRIVILEGE NOTICE: This e-mail message contains confidential, copyright, proprietary and legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient must note and understand that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of UBICS, Inc. From: Alessandro Ren [mailto:[EMAIL PROTECTED] Sent: Monday, April 17, 2006 7:31 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; lartc@mailman.ds9a.nl Subject: Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links I have a script that connects to 20 diferent sites on the port 80 coming from each link interface a have on my linux router. If I reach less than 20% of my sites, I assume the link is down and do all the routing and firewall adjustments to make the traffic goes to other routes, removing the problematic link out, setting ip rules, routes in tables and the main multipath default route and commenting in the firewall the MARKs the would go via the link thats down and it also sets QoS and tries to bring the link that is down back UP. Althought I've tested with only 3 links, it supports any number of them. It's works very nice so far. []s. Shashikant Mundlik wrote: Hi There, I am also trying to do the same for my network. I have two links from different ISPs and I want to configure a failover and load balancing Linux router. I am facing same problem here, that how to detect link failure and let Linux box switch the gateway. I know it works when the first gateway is physically down and not reachable. But what to do if my link is up but there is problem at nexthop level and its not routing packets to destination. Please tell me if this can be overcome by setting multipath routing. Another way I can think of doing this is to use a script which will check if the default route is alive every 15 mins and if not it will make changes in routing table and route the packets through different link. I don't know if this is the best way to do this. If any one know how to do this better please share. If you guys thinks this can work, lets help each other to write such scrip. I am new to LARTC and just now started learning it to solve my network problems. Please help me to achieve this. Thanks in advance. Regards, Shashikant Mundlik Pune, India. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- __ Alessandro Ren OpServices Luciana de Abreu, 471 - Sala 403 Porto Alegre, RS - CEP 90570-060 ( phone 55(51)3061-3588 4fax 55(51)3061-3588 Q mobile 55(51)8151-8212 : email [EMAIL PROTECTED] __ -- __ Alessandro Ren OpServices Luciana de Abreu, 471 - Sala 403 Porto Alegre, RS - CEP 90570-060 ( phone 55(51)3061-3588 4fax 55(51)3061-3588 Q mobile 55(51)8151-8212 : email [EMAIL PROTECTED] __ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mai
[LARTC] Sip Traffic
Hi. there is a way to MARK udp VOIP (SIP) traffic, in order to put in a highest prio class ? Traffic flow seems start on udp 5060 port, but next both server and client seems jump to a random(?) port. I can't use CONNMARK because is udp traffic. I only see a pattern for L7 patch in order to SIP traffic identification , but I run 2.4 kernel series . When you patch 2.4 kernel with L7 patch, later, Connmark (patch o matic ) can't apply. (conflicts) thank you. -- Andres ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links
Thanks a lot Ren! That will be a great help. Thanks, Shashikant Mundlik From: Alessandro Ren [mailto:[EMAIL PROTECTED] Sent: Monday, April 17, 2006 8:47 PMTo: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; lartc@mailman.ds9a.nlSubject: Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links I bind to the interface IP and connect to 20 different sites or more, the sites are listed in a text file, using the TCP connect in perl. Off course, the ip rule tables the the marks in the firewall must be set correcly so you know that the connections are going through the right interface. I can share de script, it's a litle complex in its structus, as it depends on some external scripts, but I will try the share and problably get more and better ideas to do the fail over / multi path routing. I will prepare and sent a email with it shortly. []s.Shashikant Mundlik wrote: Hi Ren, Thanks for your help. But how do you check that you reach less than 20 of your sites. (do you mean 20 websites?). Will you able to share the script? That will be great help. Thanks and regards, Shashikant Mundlik System Administrator UBICS, PunePhone: 91 20 2729 1004 x 138 Mobile : 91 9372 044015 www.ubics.com The UB Group DISCLAIMER AND PRIVILEGE NOTICE:This e-mail message contains confidential, copyright, proprietary and legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient must note and understand that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of UBICS, Inc. From: Alessandro Ren [mailto:[EMAIL PROTECTED]] Sent: Monday, April 17, 2006 7:31 PMTo: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; lartc@mailman.ds9a.nlSubject: Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links I have a script that connects to 20 diferent sites on the port 80 coming from each link interface a have on my linux router. If I reach less than 20% of my sites, I assume the link is down and do all the routing and firewall adjustments to make the traffic goes to other routes, removing the problematic link out, setting ip rules, routes in tables and the main multipath default route and commenting in the firewall the MARKs the would go via the link thats down and it also sets QoS and tries to bring the link that is down back UP. Althought I've tested with only 3 links, it supports any number of them. It's works very nice so far. []s.Shashikant Mundlik wrote: Hi There, I am also trying to do the same for my network. I have two links from different ISPs and I want to configure a failover and load balancing Linux router. I am facing same problem here, that how to detect link failure and let Linux box switch the gateway. I know it works when the first gateway is physically down and not reachable. But what to do if my link is up but there is problem at nexthop level and its not routing packets to destination. Please tell me if this can be overcome by setting multipath routing. Another way I can think of doing this is to use a script which will check if the default route is alive every 15 mins and if not it will make changes in routing table and route the packets through different link. I don't know if this is the best way to do this. If any one know how to do this better please share. If you guys thinks this can work, lets help each other to write such scrip. I am new to LARTC and just now started learning it to solve my network problems. Please help me to achieve this. Thanks in advance. Regards, Shashikant Mundlik Pune, India. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- __ Alessandro Ren OpServicesLuciana de Abreu, 471 - Sala 403Porto Alegre, RS - CEP 90570-060 ( phone 55(51)3061-35884fax 55(51)3061-3588 Q mobile 55(51)8151-8212: email [EMAIL PROTECTED]__ -- __ Alessandro Ren OpServicesLuciana de Abreu, 471 - Sala 403Porto Alegre, RS - CEP 90570-060 ( phone 5
Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links
I bind to the interface IP and connect to 20 different sites or more, the sites are listed in a text file, using the TCP connect in perl. Off course, the ip rule tables the the marks in the firewall must be set correcly so you know that the connections are going through the right interface. I can share de script, it's a litle complex in its structus, as it depends on some external scripts, but I will try the share and problably get more and better ideas to do the fail over / multi path routing. I will prepare and sent a email with it shortly. []s. Shashikant Mundlik wrote: Hi Ren, Thanks for your help. But how do you check that you reach less than 20 of your sites. (do you mean 20 websites?). Will you able to share the script? That will be great help. Thanks and regards, Shashikant Mundlik System Administrator UBICS, Pune Phone: 91 20 2729 1004 x 138 Mobile : 91 9372 044015 www.ubics.com The UB Group DISCLAIMER AND PRIVILEGE NOTICE: This e-mail message contains confidential, copyright, proprietary and legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient must note and understand that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of UBICS, Inc. From: Alessandro Ren [mailto:[EMAIL PROTECTED]] Sent: Monday, April 17, 2006 7:31 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; lartc@mailman.ds9a.nl Subject: Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links I have a script that connects to 20 diferent sites on the port 80 coming from each link interface a have on my linux router. If I reach less than 20% of my sites, I assume the link is down and do all the routing and firewall adjustments to make the traffic goes to other routes, removing the problematic link out, setting ip rules, routes in tables and the main multipath default route and commenting in the firewall the MARKs the would go via the link thats down and it also sets QoS and tries to bring the link that is down back UP. Althought I've tested with only 3 links, it supports any number of them. It's works very nice so far. []s. Shashikant Mundlik wrote: Hi There, I am also trying to do the same for my network. I have two links from different ISPs and I want to configure a failover and load balancing Linux router. I am facing same problem here, that how to detect link failure and let Linux box switch the gateway. I know it works when the first gateway is physically down and not reachable. But what to do if my link is up but there is problem at nexthop level and its not routing packets to destination. Please tell me if this can be overcome by setting multipath routing. Another way I can think of doing this is to use a script which will check if the default route is alive every 15 mins and if not it will make changes in routing table and route the packets through different link. I don't know if this is the best way to do this. If any one know how to do this better please share. If you guys thinks this can work, lets help each other to write such scrip. I am new to LARTC and just now started learning it to solve my network problems. Please help me to achieve this. Thanks in advance. Regards, Shashikant Mundlik Pune, India. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- __ Alessandro Ren OpServices Luciana de Abreu, 471 - Sala 403 Porto Alegre, RS - CEP 90570-060 ( phone 55(51)3061-3588 4fax 55(51)3061-3588 Q mobile 55(51)8151-8212 : email [EMAIL PROTECTED] __ -- OpSign __ Alessandro Ren OpServices Luciana de Abreu, 471 - Sala 403 Porto Alegre, RS - CEP 90570-060 ( phone 55(51)3061-3588 4fax 55(51)3061-3588 Q mobile 55(51)8151-8212 : email [EMAIL PROTECTED] __ ___ LARTC mailing list
RE: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links
Hi Ren, Thanks for your help. But how do you check that you reach less than 20 of your sites. (do you mean 20 websites?). Will you able to share the script? That will be great help. Thanks and regards, Shashikant Mundlik System Administrator UBICS, PunePhone: 91 20 2729 1004 x 138 Mobile : 91 9372 044015 www.ubics.com The UB Group DISCLAIMER AND PRIVILEGE NOTICE:This e-mail message contains confidential, copyright, proprietary and legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient must note and understand that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of UBICS, Inc. From: Alessandro Ren [mailto:[EMAIL PROTECTED] Sent: Monday, April 17, 2006 7:31 PMTo: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; lartc@mailman.ds9a.nlSubject: Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links I have a script that connects to 20 diferent sites on the port 80 coming from each link interface a have on my linux router. If I reach less than 20% of my sites, I assume the link is down and do all the routing and firewall adjustments to make the traffic goes to other routes, removing the problematic link out, setting ip rules, routes in tables and the main multipath default route and commenting in the firewall the MARKs the would go via the link thats down and it also sets QoS and tries to bring the link that is down back UP. Althought I've tested with only 3 links, it supports any number of them. It's works very nice so far. []s.Shashikant Mundlik wrote: Hi There, I am also trying to do the same for my network. I have two links from different ISPs and I want to configure a failover and load balancing Linux router. I am facing same problem here, that how to detect link failure and let Linux box switch the gateway. I know it works when the first gateway is physically down and not reachable. But what to do if my link is up but there is problem at nexthop level and its not routing packets to destination. Please tell me if this can be overcome by setting multipath routing. Another way I can think of doing this is to use a script which will check if the default route is alive every 15 mins and if not it will make changes in routing table and route the packets through different link. I don't know if this is the best way to do this. If any one know how to do this better please share. If you guys thinks this can work, lets help each other to write such scrip. I am new to LARTC and just now started learning it to solve my network problems. Please help me to achieve this. Thanks in advance. Regards, Shashikant Mundlik Pune, India. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- __ Alessandro Ren OpServicesLuciana de Abreu, 471 - Sala 403Porto Alegre, RS - CEP 90570-060 ( phone 55(51)3061-35884fax 55(51)3061-3588 Q mobile 55(51)8151-8212: email [EMAIL PROTECTED]__ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links
I have a script that connects to 20 diferent sites on the port 80 coming from each link interface a have on my linux router. If I reach less than 20% of my sites, I assume the link is down and do all the routing and firewall adjustments to make the traffic goes to other routes, removing the problematic link out, setting ip rules, routes in tables and the main multipath default route and commenting in the firewall the MARKs the would go via the link thats down and it also sets QoS and tries to bring the link that is down back UP. Althought I've tested with only 3 links, it supports any number of them. It's works very nice so far. []s. Shashikant Mundlik wrote: Hi There, I am also trying to do the same for my network. I have two links from different ISPs and I want to configure a failover and load balancing Linux router. I am facing same problem here, that how to detect link failure and let Linux box switch the gateway. I know it works when the first gateway is physically down and not reachable. But what to do if my link is up but there is problem at nexthop level and its not routing packets to destination. Please tell me if this can be overcome by setting multipath routing. Another way I can think of doing this is to use a script which will check if the default route is alive every 15 mins and if not it will make changes in routing table and route the packets through different link. I don't know if this is the best way to do this. If any one know how to do this better please share. If you guys thinks this can work, lets help each other to write such scrip. I am new to LARTC and just now started learning it to solve my network problems. Please help me to achieve this. Thanks in advance. Regards, Shashikant Mundlik Pune, India. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- OpSign __ Alessandro Ren OpServices Luciana de Abreu, 471 - Sala 403 Porto Alegre, RS - CEP 90570-060 ( phone 55(51)3061-3588 4fax 55(51)3061-3588 Q mobile 55(51)8151-8212 : email [EMAIL PROTECTED] __ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB How To ??
Dear All, I wanna to implement of bandwith shapingin my office using HTB, any body suggest about the case ? Below the acl ip range i want to limit : 1. staf (10.0.0.1 - 3) --> limit to 10kbyte/s 2. lab (10.0.0.4 - 6) --> limit to 5kbyte/s 3. bos (10.0.0.7 - 9) --> limit to 20kbyte/s 4. admin (10.0.0.10 - 12) --> no limit thanks all 4 ur advise -- Warm Regards, Cahyo P. KLAS (Kelompok Linux Arek Suroboyo) Hi-Tech Mall Jl. Kusuma Bangsa Surabaya, Jawa Timur ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re:[LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links
Hi There, I am also trying to do the same for my network. I have two links from different ISPs and I want to configure a failover and load balancing Linux router. I am facing same problem here, that how to detect link failure and let Linux box switch the gateway. I know it works when the first gateway is physically down and not reachable. But what to do if my link is up but there is problem at nexthop level and its not routing packets to destination. Please tell me if this can be overcome by setting multipath routing. Another way I can think of doing this is to use a script which will check if the default route is alive every 15 mins and if not it will make changes in routing table and route the packets through different link. I don't know if this is the best way to do this. If any one know how to do this better please share. If you guys thinks this can work, lets help each other to write such scrip. I am new to LARTC and just now started learning it to solve my network problems. Please help me to achieve this. Thanks in advance. Regards, Shashikant Mundlik Pune, India. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
