date:20070704

RE: [LARTC] Load Balancing , MSN and SSL

2007-07-04 Thread Salim S I

http://mailman.ds9a.nl/pipermail/lartc/2007q2/020779.html
 
http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html
 
Two different approaches. 
 
-Original Message-
From: Saulo Silva [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 05, 2007 11:58 AM
To: Salim S I
Subject: Re: [LARTC] Load Balancing , MSN and SSL
 
I already tried with that with no success . 
Could you explain that better  ? 
2007/7/4, Salim S I <[EMAIL PROTECTED]>: 
Refer to the archives.
Use connmark.
 
-Original Message-
From: [EMAIL PROTECTED] [mailto:
  [EMAIL PROTECTED]
On Behalf Of Saulo Silva
Sent: Thursday, July 05, 2007 9:01 AM
To: LARTC@mailman.ds9a.nl
Subject: [LARTC] Load Balancing , MSN and SSL
 
HI All , 

I am running a FC6 box with two internet links with load balance . Every
thing is working fine expect the MSN connection that failed and
reconnect every time and SSL connections .  I would link to know if with
the nona howto I could fix that . 

I have been tried with no success to redirect that connection only to
one link but its look like do not work . Here my configuration : 

#!/bin/bash 
#
# Script Baseado em
http://lartc.org/howto/lartc.rpdb.multiple-links.html
# 
#
#


IF0=eth1

function interface_interna() {
VALOR_IP=0
while [ $VALOR_IP -lt 254 ] ; do
   if [ $VALOR_IP -ne 33 ] ; then 
P0_NET=192.168.${VALOR_IP}.0
IP0=192.168.${VALOR_IP}.1 
ip route add $P0_NET dev $IF0 src $IP0 table T1
ip route add $P0_NET dev $IF0 src $IP0 table T2 
   fi
   VALOR_IP=$(expr $VALOR_IP + 1)
done 
ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2
ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2
table T1
ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2
table T2
}



IP1=xxx.xxx.xxx.18
IF1=eth0
P1_NET=xxx.xxx.xxx.16/30
P1=xxx.xxx.xxx.17 


IP2=192.168.254.250
IF2=eth2
P2_NET=192.168.254.248/29
P2=192.168.254.254



ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1 
ip route add $P2_NET dev $IF2 src $IP2

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2

ip route add $P0_NET dev $IF0 table T1
ip route add $P1_NET dev $IF1 table T1
ip route add $P2_NET dev $IF2 table T1 
ip route add 127.0.0.0/8 dev lo   table T1

ip route add $P0_NET dev $IF0 table T2
ip route add $P1_NET dev $IF1 table T2
ip route add $P2_NET dev $IF2 table T2 
ip route add 127.0.0.0/8 dev lo   table T2

interface_interna 

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1

#ROTAS DE BACKUP 

ip route add default via $P2 dev $IF2 metric 1 table T1 
ip route add default via $P1 dev $IF1 metric 1 table T2

#ROTAS DE SERVICOS 

ip rule add fwmark 2 table 21 prio 20   
ip rule add fwmark 3 table 22 prio 20

ip route add default via $P1 dev $IF1 table 21
ip route add default via $P2 dev $IF2 table 22

ip route flush cache

Here the iptables mangles rules : 

# MSN Services # 
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto
msnmessenger -j MARK  --set-mark 2 
iptables -t mangle -A PREROUTING -i eth1 -p udp -m layer7 --l7proto
msnmessenger -j MARK  --set-mark 2 
### SSL Services ### 
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto ssl
-j MARK  --set-mark 2

I add the rules from DNS and FTP too . 

But it's not seems to work . 

Any help will be appreciated . 

Saulo Silva



 
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] Load Balancing , MSN and SSL

2007-07-04 Thread Salim S I

Refer to the archives.
Use connmark.
 
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Saulo Silva
Sent: Thursday, July 05, 2007 9:01 AM
To: LARTC@mailman.ds9a.nl
Subject: [LARTC] Load Balancing , MSN and SSL
 
HI All , 

I am running a FC6 box with two internet links with load balance . Every
thing is working fine expect the MSN connection that failed and
reconnect every time and SSL connections .  I would link to know if with
the nona howto I could fix that . 

I have been tried with no success to redirect that connection only to
one link but its look like do not work . Here my configuration : 

#!/bin/bash 
#
# Script Baseado em
http://lartc.org/howto/lartc.rpdb.multiple-links.html
# 
#
#


IF0=eth1

function interface_interna() {
VALOR_IP=0
while [ $VALOR_IP -lt 254 ] ; do
   if [ $VALOR_IP -ne 33 ] ; then 
P0_NET=192.168.${VALOR_IP}.0
IP0=192.168.${VALOR_IP}.1 
ip route add $P0_NET dev $IF0 src $IP0 table T1
ip route add $P0_NET dev $IF0 src $IP0 table T2 
   fi
   VALOR_IP=$(expr $VALOR_IP + 1)
done 
ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2
ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2
table T1
ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2
table T2
}



IP1=xxx.xxx.xxx.18
IF1=eth0
P1_NET=xxx.xxx.xxx.16/30
P1=xxx.xxx.xxx.17 


IP2=192.168.254.250
IF2=eth2
P2_NET=192.168.254.248/29
P2=192.168.254.254



ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1 
ip route add $P2_NET dev $IF2 src $IP2

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2

ip route add $P0_NET dev $IF0 table T1
ip route add $P1_NET dev $IF1 table T1
ip route add $P2_NET dev $IF2 table T1 
ip route add 127.0.0.0/8 dev lo   table T1

ip route add $P0_NET dev $IF0 table T2
ip route add $P1_NET dev $IF1 table T2
ip route add $P2_NET dev $IF2 table T2 
ip route add 127.0.0.0/8 dev lo   table T2

interface_interna 

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1

#ROTAS DE BACKUP 

ip route add default via $P2 dev $IF2 metric 1 table T1 
ip route add default via $P1 dev $IF1 metric 1 table T2

#ROTAS DE SERVICOS 

ip rule add fwmark 2 table 21 prio 20   
ip rule add fwmark 3 table 22 prio 20

ip route add default via $P1 dev $IF1 table 21
ip route add default via $P2 dev $IF2 table 22

ip route flush cache

Here the iptables mangles rules : 

# MSN Services # 
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto
msnmessenger -j MARK  --set-mark 2 
iptables -t mangle -A PREROUTING -i eth1 -p udp -m layer7 --l7proto
msnmessenger -j MARK  --set-mark 2 
### SSL Services ### 
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto ssl
-j MARK  --set-mark 2

I add the rules from DNS and FTP too . 

But it's not seems to work . 

Any help will be appreciated . 

Saulo Silva




___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] Load Balancing , MSN and SSL

2007-07-04 Thread Saulo Silva


HI All ,

I am running a FC6 box with two internet links with load balance . Every
thing is working fine expect the MSN connection that failed and reconnect
every time and SSL connections .  I would link to know if with the nona
howto I could fix that .

I have been tried with no success to redirect that connection only to one
link but its look like do not work . Here my configuration :

#!/bin/bash
#
# Script Baseado em http://lartc.org/howto/lartc.rpdb.multiple-links.html
#
#
#


IF0=eth1

function interface_interna() {
   VALOR_IP=0
   while [ $VALOR_IP -lt 254 ] ; do
  if [ $VALOR_IP -ne 33 ] ; then
   P0_NET=192.168.${VALOR_IP}.0
   IP0=192.168.${VALOR_IP}.1
   ip route add $P0_NET dev $IF0 src $IP0 table T1
   ip route add $P0_NET dev $IF0 src $IP0 table T2
  fi
  VALOR_IP=$(expr $VALOR_IP + 1)
   done
   ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2
   ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2table T1
   ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2table T2
}



IP1=xxx.xxx.xxx.18
IF1=eth0
P1_NET=xxx.xxx.xxx.16/30
P1=xxx.xxx.xxx.17


IP2=192.168.254.250
IF2=eth2
P2_NET=192.168.254.248/29
P2=192.168.254.254



ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2

ip route add $P0_NET dev $IF0 table T1
ip route add $P1_NET dev $IF1 table T1
ip route add $P2_NET dev $IF2 table T1
ip route add 127.0.0.0/8 dev lo   table T1

ip route add $P0_NET dev $IF0 table T2
ip route add $P1_NET dev $IF1 table T2
ip route add $P2_NET dev $IF2 table T2
ip route add 127.0.0.0/8 dev lo   table T2

interface_interna

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1

#ROTAS DE BACKUP

ip route add default via $P2 dev $IF2 metric 1 table T1
ip route add default via $P1 dev $IF1 metric 1 table T2

#ROTAS DE SERVICOS

ip rule add fwmark 2 table 21 prio 20
ip rule add fwmark 3 table 22 prio 20

ip route add default via $P1 dev $IF1 table 21
ip route add default via $P2 dev $IF2 table 22

ip route flush cache

Here the iptables mangles rules :

# MSN Services #
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto
msnmessenger -j MARK  --set-mark 2
iptables -t mangle -A PREROUTING -i eth1 -p udp -m layer7 --l7proto
msnmessenger -j MARK  --set-mark 2
### SSL Services ###
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto ssl -j
MARK  --set-mark 2

I add the rules from DNS and FTP too .

But it's not seems to work .

Any help will be appreciated .

Saulo Silva
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] infinite amount of data for HTB burst

2007-07-04 Thread ERSEK Laszlo

(Sorry for following up on myself.)

On Wed, 4 Jul 2007 16:28:20 +0200, ERSEK Laszlo wrote
> 
> Short version: is there a way to specify infinite burst for HTB?
> (Infinite amount of data to use the "ceil" rate.)
> [...]
> I got the impression from
> 
> http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
> 
> that I wouldn't need "burst" at all. However, without "burst",
> borrowing didn't work.

I unfortunately overlooked the part

"A root class, like other classes under an htb qdisc allows its children to
borrow from each other, but one root class cannot borrow from another. [...]
we have to create an extra class to serve as the root and put the classes that
will carry the real data under that."

In the end, the task was solvable with a single HTB qdisc (no PRIO needed).

Sorry again for the noise.

lacos

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] infinite amount of data for HTB burst

2007-07-04 Thread ERSEK Laszlo

Dear all,

I'd like to ask for help with HTB configuration (after
having read some manual pages, FAQs and forum posts).

Short version: is there a way to specify infinite burst for HTB?
(Infinite amount of data to use the "ceil" rate.)

Long version:

I have the following small topology:


  cable modem (uplink to ISB)
   |
   
   |
   WLAN router
  /   \
 
/   \
 laptop   desktop

- ethernet: 100mbit/s (I suppose)
- WiFI:  56mbit/s nominal,  in reality  very bad,  many and
grave stalls, cca. 500kbyte/s achievable on average. I
consider this an "unkown" link capacity.
- upstream bandwidth my ISP provides: 256kbit/s

The desktop (GNU/Linux, debian sarge) is where the traffic
shaping occurs. (Laptop-to-inet traffic is negligible, and
neither the WLAN router nor the XP laptop has traffic
shaping capabilities, AFAIK.)

This is what I'd like to do:

(1) desktop-to-inet traffic should be favored over
desktop-to-laptop traffic (since the former has much lower
throughput (256kbit/s vs. cca. 500kbyte/s) and higher
latency)

(2) on the desktop, a special restricted technical user
(call it "p2p") runs p2p software. The desktop-to-inet
traffic should be split into two parallel flows, "p2p" and
"!p2p". The entire desktop-to-inet traffic should be
constrained to 240kbit/s. If the two flows don't compete for
this 240kbit/s (their combined upload stays below
240kbit/s), then each can use whatever it feels like (for
example, "p2p" uses 220kbit/s, "!p2p" uses 10kbit/s). If
they do compete, then "p2p" should be constrained to
140kbit/s, and "!p2p" should be constrained to 100kbit/s.

For (1), I chose PRIO, for (2), I chose HTB.

legend: [qdisc], (class)

 [1:0 PRIO, 2 bands]
 / \
/   \
band 0, favoredband 1, back seat
  /   \
 / \
 (1:1 desktop-to-inet) (1:2 desktop-to-laptop)
|   |
[10:0 HTB] [pfifo_fast]
/\
   /  \
100kbit/s   140kbit/s
 /  \
/\
  (10:1 !p2p)  (10:2 p2p)
   |  |
  [pfifo_fast][pfifo_fast]



DEV=eth0
P2P=140
NP2P=100
P2P_UID=...
LAPTOP=192.168.x.x

tc qdisc del dev $DEV root
iptables --table mangle --flush
iptables --table mangle --delete-chain

# Create [1:0 PRIO]
# Default: packets go to (1:1 desktop-to-inet)
tc qdisc add dev $DEV root handle 1:0 prio \
bands 2 priomap 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

# Class (1:1 desktop-to-inet) and class (1:2 desktop-to-laptop)
# get automatically defined by qdisc [1:0 PRIO].

# Direct desktop-to-laptop packets to (1:2 desktop-to-laptop)
tc filter add dev $DEV parent 1:0 protocol ip \
u32 match ip dst $LAPTOP classid 1:2

# Create [10:0 HTB]
# Default: packets go to (10:1 !p2p)
tc qdisc add dev $DEV parent 1:1 handle 10:0 htb \
default 1

# Add HTB classes.
tc class add dev $DEV parent 10:0 classid 10:1 \
htb rate ${NP2P}kbit ceil $((NP2P + P2P))kbit
tc class add dev $DEV parent 10:0 classid 10:2 \
htb rate ${P2P}kbit ceil $((NP2P + P2P))kbit

# Direct packets marked as p2p to (10:2 p2p)
tc filter add dev $DEV parent 10:0 protocol ip \
handle 1 fw classid 10:2

# Mark p2p packets
iptables --table mangle --policy OUTPUT ACCEPT
iptables --table mangle --append OUTPUT --protocol ip \
--match owner --uid-owner $P2P_UID --jump MARK \
--set-mark 1


(I write the above from memory, so there can be typos.)

First, I'm not sure if the script above corresponds to the
graph at all. (Perhaps ICMP is missing, too...)

Second, I started a single TCP upload with the p2p user
to check if borrowing works. It does not, as in the output
of

tc -s -d class show dev $DEV

the "tokens" for class (10:2 p2p) becomes negative and so
the actual rate stays 140kbit/s (instead of 240kbit/s).
After reading the manual page again, I added the "burst 1mb"
parameter to this class, and it worked until 1 megabyte was
uploaded. However, I couldn't specify "burst 2047mb": the
TCP upload went virtually dead, and I saw very ugly values
in the output of

tc -s -d class show dev $DEV

(integer overflows, maybe?).

I got the impression from

http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm

that I wouldn't need "burst" at all. However, without "burst",
borrowing didn't work. With "burst", borrowing works, but only
for a while.

So, can anybody please tell me how to specify an infinite
burst at ceil rate?

Or do I have to look at something else, e.g. CBQ? (The WiFi
link's capacity is practically indeterminate; isn't that a
problem when configuring CBQ?) Since "burst" means the
highest number of tokens available simultaneously in the
bucket, it may not make much sense to wish for inf

[LARTC] ATM qdisc

2007-07-04 Thread Edouard Thuleau


Hi,

Someone know how to use the dqisc atm (sch_atm) ? I can't find some doc
about it.

Thanks,
Edouard.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] Load Balancing , MSN and SSL

RE: [LARTC] Load Balancing , MSN and SSL

[LARTC] Load Balancing , MSN and SSL

Re: [LARTC] infinite amount of data for HTB burst

[LARTC] infinite amount of data for HTB burst

[LARTC] ATM qdisc

6 matches

Site Navigation

Mail list logo

Footer information