Re: [LARTC] jitter generation

2005-10-22 Thread BUCHMULLER Norbert 
On Fri, 21 Oct 2005 11:57:22 +0200
ciprian niculescu <[EMAIL PROTECTED]> wrote:

> in a project i must degrade the voip/video, i know to do latency (tbf), 
> but i don't know how to create jitter. I want to do it on a 
> router/bridge and not the generating equipment. Any have a idea, or know
> a piece of code that do it?

Hello,

I've never tried, but the "Network emulator" (CONFIG_NET_SCH_NETEM) from
the kernel QoS code does the very same thing (according its configure
help section).

Let us know if (and how:-) it works, please. (I'm very interested.)

norbi

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Differentiating between http downloads and interactive traffic

2005-10-22 Thread BUCHMULLER Norbert 
On Sat, 22 Oct 2005 10:17:56 +0100
"Paul J. Smith" <[EMAIL PROTECTED]> wrote:

> I've been wondering if anyone has thought of a way to differentiate
> between an established http download and interactive http traffic?  I
> would like to give interactive http traffic priority over someone
> downloading large files.  

Hello,

you may give the "connbytes" Netfilter extension a try. With that
extension, you can mark those TCP connections which have transmitted a
certain number of bytes. Then you can use the fwmark QoS filter to
differentiate them. (The drawback is that someone can bypass it with
closing the connection after the limit, and resuming the download with
another connection.)

Currenty connbytes is in the extra section, so you must patch the kernel
(and possibly iptables) to use it.

Alternatively, you can use delay pool feature of the Squid HTTP proxy,
which does almost the same on application level.


norbi
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] VPN through PPP

2005-10-14 Thread BUCHMULLER Norbert 
On Tue, 11 Oct 2005 14:40:10 +0200
Steve Comfort <[EMAIL PROTECTED]> wrote:

Hi,

I can't understand your diagram as well. :-(

Let's suppose you have 2 hosts, host A and host B, each has an outer
("public") and an inner ("local") interface. The outer interfaces have the
IP addresses Apub and Bpub respectively, and the inner networks have the
address spaces Aloc and Bloc, respectively. Also we make use of another
pair of IP addresses, for the tunnel interfaces (10.10.10.1 and
10.10.10.2).

Then the right commands would be:

host A:

ip tunnel add net0 mode gre remote  local 
ip address add 10.10.10.1/32 net0
ip link set net0 up
ip route add  dev net0

host B:

ip tunnel add net0 mode gre remote  local 
ip address add 10.10.10.2/32 net0
ip link set net0 up
ip route add  dev net0

If the tunnel works, you can ping 10.10.10.2 from host A (and 10.10.10.1
from host B), if the routing works also, you can ping the other inner
network from each host.

> I do have a firewall, configured to do NAT on the PPP interface. I have 
> also tried excluding the destination addresses from being NAt'd but this
> didn't make any difference.

Just a quick question: you do not filter out GRE (IP protocol 47) on the
firewall? (NATing GRE is a bad idea as well - it does not work AFAIK.)

And don't forget that the GRE tunnel transmits all the traffic
unencrypted, so only use it on a trusted network. (Not even on that.:-)


norbi
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc