[LARTC] Re: Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
On 14-08-2006 17:42, Jacques Rompen wrote: ... What we want to do is the following: I live in a student complex with 7 other people. Every room has its own internet connection from the same ISP. Ip, gateway, subnet are asigned through dhcp on mac-adres basis. Every internet connection is capped at 20mbit up/down. We want to get all computers on an internal network. So we need some sort of router that accepts all 8 internet connections and routes it out over a gbit nic - switch - internal network So we have a computer with 10 nics and hopefully enough internal bandwith. Maybe you have some other reasons to make one gateway but to have internal network you only need to set a second address from local range (not colliding with that used by ISP) on each box. But if you really need this together and with multipath, setting CONFIG_IP_ROUTE_MULTIPATH = y and CONFIG_IP_ROUTE_MULTIPATH_CACHED = n (!) should change multipath randomly. Jarek P. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: tc filter
On 10-08-2006 15:38, Jarek Poplawski wrote: ... # tc filter add dev eth0 parent 1: proto ip pref 100 \ u32 match ip dst 192.168.1.222 police drop Should be: # tc filter add dev eth0 parent 1: proto ip pref 100 \ u32 match ip dst 192.168.1.222 flowid 1: police \ conform-exceed drop/drop or: # tc filter add dev eth0 parent 1: proto ip pref 100 \ u32 match ip dst 192.168.1.222 flowid 1: action drop Jarek P. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
On 8/16/06, Jarek Poplawski [EMAIL PROTECTED] wrote: On 14-08-2006 17:42, Jacques Rompen wrote:... What we want to do is the following: I live in a student complex with 7 other people. Every room has its own internet connection from the same ISP. Ip, gateway, subnet are asigned through dhcp on mac-adres basis. Every internet connection is capped at 20mbit up/down. We want to get all computers on an internal network. So we need some sort of router that accepts all 8 internet connections and routes it out over a gbit nic - switch - internal network So we have a computer with 10 nics and hopefully enough internal bandwith. Maybe you have some other reasons to make one gateway but to haveinternal network you only need to set a second address from localrange (not colliding with that used by ISP) on each box.But if you really need this together and with multipath, setting CONFIG_IP_ROUTE_MULTIPATH = y andCONFIG_IP_ROUTE_MULTIPATH_CACHED = n (!) should changemultipath randomly.Jarek P.___ LARTC mailing listLARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc The 2 ips on every box wouldnt work because: Most people here are complete network newbies, we want to connect more then 8 computers (most people have a laptop and pc), we would only have a 20mbit internal network. Im a bit confused. In the 2.4 kernel there issent even an option ip_route_multipath_cached, only ip_route_multipath. Or am i mistaking here? If there issent, then I couldnt have put it to 'Y' so why didnt the random function work? In the 2.6 kernel there is a option ip_route_multipath and ip_route_multipath_cached. But if i dontsay 'Y' to ip_route_multipatch_cached i cant say yes to round_robin, random_match etc. I thought i needed that option random_match set to 'y'. (im not sure if its exactly spelled like that, but i'm talking about the four or five sub options to ip_route_multipath_cached) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
On 8/14/06, Luciano Ruete [EMAIL PROTECTED] wrote: On Monday 14 August 2006 12:42, Jacques Rompen wrote: Ok ive been trying to get this to work for about half a year now. Ive searched all over the internet for a solution for myproblem. Ive found some solutions, but they only led me to yet more problems. What we want to do is the following: I live in a student complex with 7 other people. Every room has its own internet connection from the same ISP. Ip, gateway, subnet are asigned through dhcp on mac-adres basis. Every internet connection is capped at 20mbit up/down. We want to get all computers on an internal network. So we need some sort of router that accepts all 8 internet connections and routes it out over a gbit nic - switch - internal network So we have a computer with 10 nics and hopefully enough internal bandwith.one simple solution is in this post[1] (read all the thread if you whant acontext). Bassically it uses iptables CONNMARK to remembre to which iface(andcertanly wich src ip) each connection flow belongs. You will have to use same gw in all ifaces, maybe the ip route onlinkption(command line) make your script simpler. No need to use julian patch andcertanly DO NOT USE CONFIG_IP_ROUTE_MULTIPATH_CACHED in your kernel config. Feel free to post any doubts.Greets.[1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.htmlLuciano Hi Luciano, Ive tried the above solution but then with juliano's patch instead of conmark. It didnt work then because this part of the script: ip ro add default nexthop via x.x.x.x dev eth1 weight 1 nexthop viay.y.y.y dev eth2ip route add default table provider1 via x.x.x.x dev eth1ip route add default table provider2 via y.y.y.y dev eth2# and most important ip rule add fwmark 0x1 table provider1ip rule add fwmark 0x2 table provider2 somehow looked at the default gateway x.x.x.x or y.y.y.y instead of to the dev ethx Because the gateway adresses were both the same x.x.x.x = y.y.y.y all the outgoing packets were routed out over eth1. Im not totaly sure, but the conmark line's only make sure that packets that go out over some nic get back over the same nic? Or do they infact fix the same gatewayproblem? This is why i tried to get the script from my first post with random match to work. This guy does exactly what i need to do, but somehow i can't get random match to work. You think i should use a 2.6 or a 2.4 kernel? Regards and thanks, Jacques ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
On 16-08-2006 14:50, Jacques Rompen wrote: ... The 2 ips on every box wouldnt work because: Most people here are complete network newbies, we want to connect more then 8 computers (most people have a laptop and pc), we would only have a 20mbit internal network. Im a bit confused. In the 2.4 kernel there issent even an option ip_route_multipath_cached, only ip_route_multipath. Or am i mistaking here? If there issent, then I couldnt have put it to 'Y' so why didnt the random function work? In the 2.6 kernel there is a option ip_route_multipath and ip_route_multipath_cached. But if i dont say 'Y' to ip_route_multipatch_cached i cant say yes to round_robin, random_match etc. I thought i needed that option random_match set to 'y'. (im not sure if its exactly spelled like that, but i'm talking about the four or five sub options to ip_route_multipath_cached) As far as I know multipath cached should work for routing output of a current box but it's not working for router (if something has not changed lately). Multipath without cached should do simple randomization, but maybe for the begining it would be better to assign fixed paths by source ip and save experimenting with multipaths for later. Jarek P. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
On 8/16/06, Jarek Poplawski [EMAIL PROTECTED] wrote: As far as I know multipath cached should work for routing outputof a current box but it's not working for router (if something has not changed lately). Multipath without cached should dosimple randomization, but maybe for the begining it would bebetter to assign fixed paths by source ip and save experimentingwith multipaths for later. Jarek P. Hi Jarek, I will try with only multipath. Ive tried the static routes. But still ive had trouble getting this code to work ip ro add default nexthop via x.x.x.x dev eth1 weight 1 nexthop viay.y.y.y dev eth2ip route add default table provider1 via x.x.x.x dev eth1ip route add default table provider2 via y.y.y.y dev eth2 because x.x.x.x = y.y.y.y in my case. Somehow it doesnt look at the eth device anymore. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] How to bypass traffic control for one IP
Hi all, i have a problem: i have an adsl modem that is connected to internet. I can't manage this modem. Between my PC and the modem i have a linux firewall that make the NAT and the traffic shapping. I have create a script that limit the bandwidth of the "external" interface of the firewall so i can manage my bandwidth for my internet application. The problem is that i need to access the adsl modem at full bandwith (100mbits) from my PC (through the linux firewall). So i need a configuration where all the internet IP are limited by the traffic control and where the IP of the modem is not slowdown by traffic shapping. Who have an idea for such configuration ? Thanks in advance. Yves ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
On Wednesday 16 August 2006 10:11, Jacques Rompen wrote: On 8/14/06, Luciano Ruete [EMAIL PROTECTED] wrote: On Monday 14 August 2006 12:42, Jacques Rompen wrote: Ok ive been trying to get this to work for about half a year now. Ive searched all over the internet for a solution for my problem. Ive found some solutions, but they only led me to yet more problems. What we want to do is the following: I live in a student complex with 7 other people. Every room has its own internet connection from the same ISP. Ip, gateway, subnet are asigned through dhcp on mac-adres basis. Every internet connection is capped at 20mbit up/down. We want to get all computers on an internal network. So we need some sort of router that accepts all 8 internet connections and routes it out over a gbit nic - switch - internal network So we have a computer with 10 nics and hopefully enough internal bandwith. one simple solution is in this post[1] (read all the thread if you whant a context). Bassically it uses iptables CONNMARK to remembre to which iface(and certanly wich src ip) each connection flow belongs. You will have to use same gw in all ifaces, maybe the ip route onlink ption(command line) make your script simpler. No need to use julian patch and certanly DO NOT USE CONFIG_IP_ROUTE_MULTIPATH_CACHED in your kernel config. Feel free to post any doubts. Greets. [1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html -- -- Luciano Hi Luciano, Ive tried the above solution but then with juliano's patch instead of conmark. It didnt work then because this part of the script: ip ro add default nexthop via x.x.x.x dev eth1 weight 1 nexthop via y.y.y.y dev eth2 ip route add default table provider1 via x.x.x.x dev eth1 ip route add default table provider2 via y.y.y.y dev eth2 # and most important ip rule add fwmark 0x1 table provider1 ip rule add fwmark 0x2 table provider2 somehow looked at the default gateway x.x.x.x or y.y.y.y instead of to the dev ethx Because the gateway adresses were both the same x.x.x.x = y.y.y.y all the outgoing packets were routed out over eth1. ok, what if you try with onlink: ip ro add default nexthop via x.x.x.x eth1 onlink nexthop via x.x.x.x eth2 onlink and so on... Im not totaly sure, but the conmark line's only make sure that packets that go out over some nic get back over the same nic? Or do they infact fix the same gatewayproblem? You are rigth, connmark does not solve the same gw problem, connmark is to guarantice that packet that belongs to a session dialog keeps the same src address. There is no need to patch the kernel, and it works perfectly well. This is why i tried to get the script from my first post with random match to work. This guy does exactly what i need to do, but somehow i can't get random match to work. You think i should use a 2.6 or a 2.4 kernel? I heavly recommend you to use a 2.6 CONNMARK enabled kernel, without julian's patchset and without setting CONFIG_IP_ROUTE_MULTIPATH_CACHED (turn it off) in my experience this is the simplest and robust solution. Iptables random module comes with 2.6 stock kernel(at least now i can confirm 2.6.8 and above, but i think all 2.6), if the onlink tip does not work, you can compile a 2.6 kernel with random enabled and try again. You can post the script that you are ussing, it should convine PREROUTING -j MARK rules with ip ru add fw MARK table mytableX. -- Luciano ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Routing packets over multiple links (NICS) all on the same ISP all with same gateway.
On Wednesday 16 August 2006 13:03, Luciano Ruete wrote: On Wednesday 16 August 2006 10:11, Jacques Rompen wrote: On 8/14/06, Luciano Ruete [EMAIL PROTECTED] wrote: On Monday 14 August 2006 12:42, Jacques Rompen wrote: Ok ive been trying to get this to work for about half a year now. Ive searched all over the internet for a solution for my problem. Ive found some solutions, but they only led me to yet more problems. What we want to do is the following: I live in a student complex with 7 other people. Every room has its own internet connection from the same ISP. Ip, gateway, subnet are asigned through dhcp on mac-adres basis. Every internet connection is capped at 20mbit up/down. We want to get all computers on an internal network. So we need some sort of router that accepts all 8 internet connections and routes it out over a gbit nic - switch - internal network So we have a computer with 10 nics and hopefully enough internal bandwith. one simple solution is in this post[1] (read all the thread if you whant a context). Bassically it uses iptables CONNMARK to remembre to which iface(and certanly wich src ip) each connection flow belongs. You will have to use same gw in all ifaces, maybe the ip route onlink ption(command line) make your script simpler. No need to use julian patch and certanly DO NOT USE CONFIG_IP_ROUTE_MULTIPATH_CACHED in your kernel config. Feel free to post any doubts. Greets. [1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html -- -- Luciano Hi Luciano, Ive tried the above solution but then with juliano's patch instead of conmark. It didnt work then because this part of the script: ip ro add default nexthop via x.x.x.x dev eth1 weight 1 nexthop via y.y.y.y dev eth2 ip route add default table provider1 via x.x.x.x dev eth1 ip route add default table provider2 via y.y.y.y dev eth2 # and most important ip rule add fwmark 0x1 table provider1 ip rule add fwmark 0x2 table provider2 somehow looked at the default gateway x.x.x.x or y.y.y.y instead of to the dev ethx Because the gateway adresses were both the same x.x.x.x = y.y.y.y all the outgoing packets were routed out over eth1. ok, what if you try with onlink: ip ro add default nexthop via x.x.x.x eth1 onlink nexthop via x.x.x.x eth2 onlink and so on... and forget to say, to be really shure, del any trace of x.x.x.x dev ethx scope link in ip ro ls. Where x.x.x.x is the gw ip, the onlink will force to drop the packet on the named device even if there is no physical route to that host. -- Luciano ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] New ClowToolKit version availlable
Hello The real-time monitoring tool that can monitor all connexions of all interfaces and the qdisc has been cleaned of a few bugs. Try the new version at http://clowncode.net Regards to all of you. Clowncoder. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
