Re: [LARTC] tc and HTB
El Monday 14 August 2006 18:17, Sim escribió: > > INET-eth0-Router-eth1-LAN > > > > in eth0 egress htb qdisc(you shape uplink here) > > in eth1 egress htb qdisc(you shape downlink here) > > > > this feets perfectly if it is the LAN traffic the one you whant to shape. > > If it is the traffic from the server itself you will need an ingress > > policy in eth0. > > Hi Luciano! Can you help me for use only one interface for upload/download? > > Is it possible shape traffic with " ingress policy " ? > > I haven't found documents for this policy. This is LARTC mailing list and the first document to attend before posting a FAQ is to read the LARTC HOWTO. All from LARTC: http://lartc.org/howto/lartc.adv-qdisc.ingress.html http://lartc.org/howto/lartc.adv-filter.policing.html with examples like: http://lartc.org/howto/lartc.cookbook.synflood-protect.html Alternative you can use imq: http://lartc.org/howto/lartc.imq.html RTFM! (sorry can't avoid that :-P) -- Luciano ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc and HTB
INET-eth0-Router-eth1-LAN in eth0 egress htb qdisc(you shape uplink here) in eth1 egress htb qdisc(you shape downlink here) this feets perfectly if it is the LAN traffic the one you whant to shape. If it is the traffic from the server itself you will need an ingress policy in eth0. Hi Luciano! Can you help me for use only one interface for upload/download? Is it possible shape traffic with " ingress policy " ? I haven't found documents for this policy. Thanks! Sim ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc and HTB
On Monday 14 August 2006 17:21, Andrés Ghigliazza wrote: > Hi, > > I have a Debian that is connected to Internet in eth0, and to a LAN in > eth1. I wanted to control traffic with HTB, dividing it depending on > what kind of traffic is (Mail, Application Server and others). > > Would it be good to use HTB qdisc in eth0 egress to control outgoing > traffic and HTB qdisc in eth1 egress to control incoming traffic? Or > the only way to control incoming traffic is with eth0 ingress? INET-eth0-Router-eth1-LAN in eth0 egress htb qdisc(you shape uplink here) in eth1 egress htb qdisc(you shape downlink here) this feets perfectly if it is the LAN traffic the one you whant to shape. If it is the traffic from the server itself you will need an ingress policy in eth0. -- Luciano ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tc and HTB
Hi, I have a Debian that is connected to Internet in eth0, and to a LAN in eth1. I wanted to control traffic with HTB, dividing it depending on what kind of traffic is (Mail, Application Server and others). Would it be good to use HTB qdisc in eth0 egress to control outgoing traffic and HTB qdisc in eth1 egress to control incoming traffic? Or the only way to control incoming traffic is with eth0 ingress? Thanks very much, tizo ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
On Monday 14 August 2006 12:42, Jacques Rompen wrote: > Ok ive been trying to get this to work for about half a year now. Ive > searched all over the internet for a solution for > my problem. Ive found some solutions, but they only led me to yet more > problems. > > What we want to do is the following: > I live in a student complex with 7 other people. Every room has its own > internet connection from the same ISP. > Ip, gateway, subnet are asigned through dhcp on mac-adres basis. Every > internet connection is capped at 20mbit > up/down. > We want to get all computers on an internal network. So we need some sort > of router that accepts all 8 internet > connections and routes it out over a gbit nic -> switch -> internal network > So we have a computer with 10 nics and "hopefully" enough internal > bandwith. one simple solution is in this post[1] (read all the thread if you whant a context). Bassically it uses iptables CONNMARK to remembre to which iface(and certanly wich src ip) each connection flow belongs. You will have to use same gw in all ifaces, maybe the ip route "onlink" ption(command line) make your script simpler. No need to use julian patch and certanly DO NOT USE CONFIG_IP_ROUTE_MULTIPATH_CACHED in your kernel config. Feel free to post any doubts. Greets. [1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html -- -- Luciano ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
Ok ive been trying to get this to work for about half a year now. Ive searched all over the internet for a solution for my problem. Ive found some solutions, but they only led me to yet more problems. What we want to do is the following: I live in a student complex with 7 other people. Every room has its own internet connection from the same ISP. Ip, gateway, subnet are asigned through dhcp on mac-adres basis. Every internet connection is capped at 20mbit up/down. We want to get all computers on an internal network. So we need some sort of router that accepts all 8 internet connections and routes it out over a gbit nic -> switch -> internal network So we have a computer with 10 nics and "hopefully" enough internal bandwith. Attempt 1 I read that FreeBSD was the choice for network/router/servers. So after alot of problems installing FreeBSD i found out that FreeBSD doesnt support multiple gateway routing to start with. Attempt 2 Ive tried the nano guide http://www.ssi.bg/~ja/nano.txt with the julian patches on FC5 2.6 kernel. The problem there was that it only used 1 external nic. I think because all external connections had the same gateway. It didnt handle the routing like it supposed to do. Attempt 3: Ive tried to follow the following guide http://www.leglug.org/node/Load%20Balancing%20Across%20Multiple%20Links I first tried to use this script in a 2.6 kernel (no julian patch, ip_route_multipath_cache enabled) It could not find any match for the "-m random --average 50 " function. So after trying al kinds of things and searching the net a lot, i found out that 2.6 kernel doesnt support this random match?? Anyway, so ive installed Slackware 10.2 on the box with a 2.4.32 kernel. Ofcourse with multipath routing enabled in the kernel. Again it couldnt: load match 'random: /usr/lib/iptables/libipt_random.so' As far as i know it should be available in iptables 1.3.3 that comes with slackware 10.2. I know that trunking/bonding the 8 nics with the swicht in the complex would be the ideal solution, but first of all the isp won't do this, and seccond im not even sure if the switch supports this (if i could even get acces to it) Some help would be greatly apreciated. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] luca buratti is out of office
Sarò assente dall'ufficio a partire dal 14/08/2006 e non tornerò fino al 28/08/2006. Risponderò al messaggio al mio ritorno. Trend Scan Mail: this message is virus free. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: HTB and BOND Interface
Hi! Is it HTB fully compatible with BOND interface? I have this setup (mode= fault tolerance) : BOND0 -> ETH0 + ETH1 BOND1 -> ETH2 + ETH3 ( http://www.kernel.org/pub/linux/kernel/people/marcelo/linux-2.4/Documentation/networking/bonding.txt ) HTB work very well with Class over BOND0. If I add Class for BOND1 it generate balance errors. Also with HTB.init (http://sourceforge.net/projects/htbinit) I have the some problem bond0 (upload) bond0-10 bond0-10:15 bond0-10:20 bond0-10:20:25 bond1-10 (download) bond1-10:15 bond1-10:20 bond1-10:20:25 ( File bond0* and bond1* are identical ) Thanks for eventual answers! Can I create something about " tc qdisc add dev $DEV handle : ingress " for use only BOND0 interface ? Here my actual script: /sbin/tc qdisc del dev bond0 root /sbin/tc qdisc add dev bond0 root handle 1 htb default 15 r2q 100 /sbin/tc class add dev bond0 parent 1: classid 1:10 htb rate 7.6Mbit burst 15k /sbin/tc class add dev bond0 parent 1:10 classid 1:15 htb rate 100Kbit ceil 1Mbit burst 15k /sbin/tc qdisc add dev bond0 parent 1:15 handle 15 sfq perturb 10 /sbin/tc class add dev bond0 parent 1:10 classid 1:20 htb rate 1.5Mbit ceil 6Mbit burst 15k /sbin/tc qdisc add dev bond0 parent 1:20 handle 20 sfq perturb 10 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.0/24 classid 1:20 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.3.0/24 classid 1:20 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.6.0/24 classid 1:20 /sbin/tc class add dev bond0 parent 1:10 classid 1:30 htb rate 1.5Mbit ceil 6Mbit burst 15k /sbin/tc qdisc add dev bond0 parent 1:30 handle 30 sfq perturb 10 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.4.0/24 classid 1:30 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.5.0/24 classid 1:30 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip dst 192.168.7.0/24 classid 1:30 /sbin/tc class add dev bond0 parent 1:10 classid 1:38 htb rate 2Mbit ceil 3Mbit burst 15k /sbin/tc qdisc add dev bond0 parent 1:38 handle 38 sfq perturb 10 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.8.0/24 classid 1:38 /sbin/tc class add dev bond0 parent 1:10 classid 1:39 htb rate 1Mbit ceil 4Mbit burst 15k /sbin/tc qdisc add dev bond0 parent 1:39 handle 39 sfq perturb 10 /sbin/tc class add dev bond0 parent 1:39 classid 1:3956 htb rate 256Kbit ceil 1Mbit burst 15k /sbin/tc qdisc add dev bond0 parent 1:3956 handle 3956 sfq perturb 10 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.9.15/32 classid 1:3956 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.9.35/32 classid 1:3956 /sbin/tc class add dev bond0 parent 1:39 classid 1:3999 htb rate 768Kbit ceil 4Mbit burst 15k /sbin/tc qdisc add dev bond0 parent 1:3999 handle 3999 sfq perturb 10 /sbin/tc filter add dev bond0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.9.0/24 classid 1:3999 Thanks! ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] enable p2p to some host (ipp2p)
Hi I using ipp2p to block p2p traffic. How to enable to use p2p to me host in my net ? I using this setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP This setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -d ! mynet -j DROP iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -s ! mynet -j DROP not works roberto -- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] trying to prioritize voip traffick
Hi Take a look to this link: http://www.krisk.org/astlinux/misc/astshape roberto 2006/8/12, John covici <[EMAIL PROTECTED]>: I am using a server with asterisk and I am trying to prioritize voip traffick -- I am a newbie at this traffic shaping, so please bear with me. I used the script below and what happens is thatall traffic in the bulk class stops after a couple of minutes. Also, should I include the ports for rtp in the filter statements with the ports 5061 and 4569? Note I have a fairly big pipe -- supposed to be able to do the full 100mb out. Here is the script. #!/bin/sh # VARIABLES ## # # e=eth0 # interface t1=70Mbit # size of your WAN - remember you can't max this or you'll experience latency. 75-80% of max is a good place to start. el=100Mbit # size of eth0 w=7.5Mbit # weighting of your WAN (10% of t1) sizeCitrix=5Mbit sizeVoIP=55Mbit sizeBulk=10Mbit weightCitrix=0.5Mbit weightVoIP=5.5Mbit weightBulk=1Mbit # # # # # Delete any old rules # set -v set -x tc qdisc del root dev $e ## each class is able to take more bandwidth as it is available, but must ## surrender it as the higher priorities (2, 3, then 4) need it. ## The lower the priority number, the more priority it gets. Thus when ## there is extra bandwidth available, the lower number classes get it as ## they need it. # root qdisc / qdisc = queueing discipline # tc qdisc add dev $e root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8||exit 1 tc class add dev $e parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate $t1 weight $w prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded||exit 1 # child qdiscs (like child nodes on a tree) # tc class add dev $e parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate $sizeCitrix weight $weightCitrix prio 8 allot 1514 cell 8 maxburst 20 avpkt 300 isolated||exit 1 tc qdisc add dev $e parent 1:3 handle 30: sfq perturb 20||exit 1 tc class add dev $e parent 1:1 classid 1:5 cbq bandwidth 100Mbit rate $sizeVoIP weight $weightVoIP prio 8 allot 1514 cell 8 maxburst 20 avpkt 204 bounded ||exit 1 tc class add dev $e parent 1:1 classid 1:9 cbq bandwidth 100Mbit rate $sizeBulk weight $weightBulk prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000||exit 1 tc qdisc add dev $e parent 1:9 handle 90: sfq perturb 20||exit 1 # ### Citrix ## # # # SSH # tc filter add dev $e protocol ip parent 1:0 prio 1 u32 match ip sport 22 0x flowid 1:3||exit 1 tc filter add dev $e protocol ip parent 1:0 prio 1 u32 match ip dport 22 0x flowid 1:3||exit 1 # ### VoIP # # # IAX # this is the old format - IAX2 should be what's really seen going #on tc filter add dev $e protocol ip parent 1:0 prio 1 u32 match ip sport 5061 0x flowid 1:5||exit 1 tc filter add dev $e protocol ip parent 1:0 prio 1 u32 match ip dport 5061 0x flowid 1:5||exit 1 # IAX2 # tc filter add dev $e protocol ip parent 1:0 prio 1 u32 match ip sport 4569 0x flowid 1:5||exit 1 tc filter add dev $e protocol ip parent 1:0 prio 1 u32 match ip dport 4569 0x flowid 1:5||exit 1 # # Bulk / Default # # tc filter add dev $e protocol ip parent 1:0 prio 3 u32 match ip src 0.0.0.0/0 flowid 1:9||exit 1 tc filter add dev $e protocol ip parent 1:0 prio 3 u32 match ip dst 0.0.0.0/0 flowid 1:9||exit 1 Any assistance would be appreciated. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc