Re: [LARTC] Transfer rate above the desired (tc+htb)
Alvaro Motta wrote: Hi folks. Hola. I started to play with tc+htb last week, and I must confess that this thing is really driving me nuts. If you started last week, you have a lng way to go :-) All we want to do is control bw, with no borrowing. In order to get the feeling on this subject, I have setup the following test bed. ---A---B---C--- On B: eth0 connecting A and eth1 connecting C. The script. tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 50 tc class add dev eth0 parent 1: classid 1:1 htb rate 32kbit ceil 32kbit tc filter add dev eth0 protocol ip parent 1:0 prio 100 u32 match ip src 10.4.0.0/16 match ip dst 0.0.0.0/0 classid 1:1 If I try to transfer a 1M file from C to A: [EMAIL PROTECTED] tmp]# wget 192.168.0.23/1M --09:22:32-- http://192.168.0.23/1M => `1M.8' Connecting to 192.168.0.23:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1,024,000 [text/plain] 100%[=>] 1,024,000183.12K/sETA 00:00 09:22:38 (182.88 KB/s) - `1M' saved [1,024,000/1,024,000] Wasn't it supposed to be around the 32KB/s? Around 32 kilobits/s. Besides this, the rate calculation includes not only the ip packet effective payload, but all the packet size, and I guess that wget's speed calculation only includes the payload. The tc manpage have a section on "Units". If I play with the numbers (rate=ceil) I get the following results: 128k ==> 404.78 KB/s 64k ==> 337.9 KB/s 16k ==> 68.86 KB/s 8k ==> 31.12 KB/s 1k ==> 3.77 KB/s I even tried to set the rate to 1kbps in root, but also led to pretty much the same results. With no qdisc, the rate will go close to 1000 KB/s B machine: 2.6.11-1.1369_FC4 iproute-2.6.11-1 TC HTB version 3.3 I have no clue on what I am doing wrong. Could anyone browse the above script and give me hint? Thanks in advance, AL ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB Rate and Prio
Kirk Reiser wrote: I don't quite understand this problem with bit torrent. When I start bittorrent with it's max_upload_rate to a value less than my total up link bandwidth it doesn't get in the way of anything at all as far as I can tell. Kirk Not all network administrators have your luck. :-) The problem is when you can't control the workstations, and the users can use this kind of network-unfriendly software (that try to "steal" the other software or users bandwidth) I believe that it is important in a network the user's perception of "the network speed", basically in all the interactive traffic. I dont know the existence of a framework to model the user perception, which will allow to take measures of this kind of parameters. I'm not talking about delays, jitter, etc, but about the user's perception, and how the user's perception can be enhanced. Regards, Francisco. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] P2P shaping, won't work
Mensaje citado por Edgar <[EMAIL PROTECTED]>: > Hello, its me again, I won't stop sending emails to this list, until I solve > > this problem, I've tried several apps to create the right htb rules (even > made them my self), but I always get the same results, traffic gets shaped, > but I can't use my bandwidth, and this is weird, because I should be able to, > > also I keep seeing download being limited too, and that shouldn't be > happening, I don't think I'm the only one with this problem out there, so I > will post here once again my configuration, to match p2p traffic and to shape > > it: > > ### ### > iptables -t mangle -F > iptables -t mangle -X > iptables -t mangle -N lay7PRE > iptables -t mangle -N lay7POST > iptables -t mangle -N ipp2pPRE > iptables -t mangle -N ipp2pPOST > > ### PREROUTING RULES ### > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark > iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT > iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3 > iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3 > iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK > --save-mark > iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1 > iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2 > iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark > > ### POSTROUTING RULES ### > iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY > --set-class 1:30 > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY > --set-class 1:20 > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY > --set-class 1:10 > > ### ### > iptables -t mangle -A PREROUTING -j lay7PRE > iptables -t mangle -A POSTROUTING -j lay7POST > iptables -t mangle -A PREROUTING -j ipp2pPRE > iptables -t mangle -A POSTROUTING -j ipp2pPOST > > TC RULES > tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0 > tc qdisc add dev eth1 handle 2:0 parent 1:0 htb > tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps > tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps > prio 0 > tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq > tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps > prio 1 > tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq > tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps > prio 2 > tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq > tc class add dev eth1 parent 2:1 classid 2:5 htb rate 1bps ceil 1bps > > burst 0 cburst 0 prio 3 quantum 1500 > tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq > tc class add dev eth1 parent 2:1 classid 2:6 htb rate 1bps ceil 22000bps > > prio 1 > tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq > tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift > 0 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex > classid > 2:6 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex > classid > 2:4 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex > classid > 2:5 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex > classid > 2:3 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex > classid > 2:2 > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > 0 match u16 0x0 0xffc0 at 2 classid 1:5 > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > 0 match u8 0x10 0x10 at 33 classid 1:4 > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > 0 classid 1:5 > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 > at > 0 classid 1:5 > > well, this rules are generated with tcng (tcc actually), and I see traffic > going to the p2p rule (being 2:5), but still I'm not able to browse the web! > > nor chat nor anything, someone adviced me to create an interactive class and > > then leave the unmatched traffic go to a default class (and here'll go p2p > traffic too), but then I'm running a squid server at home, and thus I don't > know what port to specify to do this, anyway, I've tried already with normal > > http traffic, with layer7, I see the traffic going to the iptables chain, but > > yet it'll still won't work, p2p traffic keeps eating all my bandwidth, its > ignoring all the priorities I have in my tc rules (being the 2:5 class the > one with the lowest priority), I really need to get this working, and I know > > there's some ppl that has lots of more experience that me, and I'm sure you > can help me. Thank you can != want != will You may have a problem with the rate units - bps != bit -, but i dont know the type or rate of your internet link. Post a detailed ascii diagram of your network. Which is the transfer rate of the internet link? IPP2P w
Re: [LARTC] Routing Mail traffic problem !
Stanislav Nedelchev wrote: Etx1 - First Internet Line - eth0 Ext2 - Second Internet line - eth2 LAN - Local Area Network - eth1 Other traffic - Ext1 ---+---+--- Ext2 ---Web goes Here eth0 | |eth2 +---+---+ | ROUTER| ++--+---+ |eth1 192.168.0.0/24 -+ | 192.168.0.1/24--- - Gateway | 192.168.0.2/24--- - Mail.Mail.org The problem is that i can't check e-mails if server name in e-mail client is mail.mail.org i can check e-mail only if server addrress is 192.168.0.2 It seems like a name resolution problem. Did you checked that mail.mail.org resolves (from the client) to 192.168.0.2 ? Regards, Francisco. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Qos with 2 internet connections problems
Anthony Letchet wrote: Hi all, ive got 2 internet connections set up via the nano howto (which are working great) and we are running NAT. Was looking in to qos mainly to stop large http downloads/ftp downloads from hogging the line so that browsing for other users doesnt slow to a crawl, but if the line is free and no one is doing anything then for it to use the available bandwith. The wondershaper sounded exactly what i wanted, i obviously had to customize this slightly to get my other connection to be shaped as well. my connections are 2 adsl connections running at 512kbit:256kbit, i compiled the kernel with all the tos + iptables stuff (eventually) so that the script ran without any errors, once it had i did a download on each pipe and then tried to ping jolt.co.uk and google.co.uk, jolt.co.uk normally is about 15ms, so i was hoping that it would maybe be 200ms with my new shaping, but it was coming at about 900ms+ google was the same. Browsing other website was also to a crawl (what i was trying to avoid) but i did notice that when traffic came from our mail server through my gateway it was only receiving at about 25k/sec instead of 2mb/sec etc as its on a 100mbit switch. So something was obviously shaping, so i suppose i will now need to look in to specifying some of the hosts which are local to me but are on the outside interfaces and for them not to be shaped.. But still no better off :( Ive been reading various howtos like the adsl bandwith management howto, but these havnt been updated in about 3 years and they mention various techniques which were being tried back then to help with these kind of situations, so what i really want is a howto which shows all these new features? or is this adsl bandwith management still current ? :) I would recommend reading the masters thesis of Jesper Dangaard Brouer at http://www.adsl-optimizer.dk/thesis/ Altough he didnt release software yet (there is some code & patches in the pdf file) which could lead to the best solution, you could estimate the adsl overhead with real knowledge, and not like it says in some scripts (put x kbit less than the link bandwith, or 5% less,...) my network diagram Lan machines -> Linux Router -> Alcatel Router -> ADSL Lan Machine -> linux router -> alcatel router2 -> ADSL Alcatel router -> Linux router Alcatel router -> mail server etc my modified wondershaper script is below: if anyone could point out some errors and or maybe point me to somewhere where i could learn how to do what i want better please let me know. #!/bin/bash -x # Wonder Shaper # please read the README before filling out these values # # Set the following values to somewhat less than your actual download # and uplink speed. In kilobits. Also set the device that is to be shaped. DOWNLINK=512 UPLINK=256 Too much. Because ATM overhead (5/53), 463/231 is the actual maximum bandwith. And you have yet to consider the per packet overhead. Read the thesis I mentioned. DEV=eth1 DEV2=eth2 DOWNLINKlan=512 UPLINKlan=256 DEVlan=eth1 Did you use the DEVlan variable? eth1 is LAN and external at the same time? Have you looked at http://routeskeeper.sourceforge.net/ or http://selab.edu.ms/twiki/bin/view/Networking/RoutesKeeperProject Regards, Francisco. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Weighted packet shaping?
Mensaje citado por "Mark Williams (MWP)" <[EMAIL PROTECTED]>: > > I suppose you should also use tc from new iproute2 that matches your > kernel. > > Ok, where is the correct place to get it from? > I havnt been able to find the official "release site" for iproute2. > http://developer.osdl.org/dev/iproute2/ Regards, Francisco. - La Tienda del Portal esta de fiesta! http://tienda.montevideo.com.uy - ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] htb and iptables marked packets question
Hi. Felipe Ceglia wrote: Hi folks, I have a strange situation. When I add branches to the tree, everything goes to the default class. The error might be obvious, but I cannot find it. I would really appreciate your help. I think it's the expected behaviour. this works, nothing goes to "1:": perhaps all the traffic you generate to test was marked by the iptables rules and then classified by that. btw in this order the rule for 192.168.200.0/24 never matches, because the rule for 192.168.0.0/16 matches always first. # /sbin/iptables -F -t mangle /sbin/tc qdisc del dev eth1 root > /dev/null 2>&1 /sbin/tc qdisc add dev eth1 root handle 1: htb default That's whats the default parameter is for Traffic not classified goes to the default. /sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 100Mbit ceil 100Mbit /sbin/tc class add dev eth1 parent 1:1 classid 1: htb rate 128kbit /sbin/tc class add dev eth1 parent 1:1 classid 1:4 htb rate 100Mbit /sbin/tc class add dev eth1 parent 1:4 classid 1:28 htb rate 510kbit # /sbin/iptables -A POSTROUTING -o eth1 -t mangle -d 192.168.0.0/16 -j MARK --set-mark 4 /sbin/tc filter add dev eth1 protocol ip parent 1:0 prio 3 handle 4 fw flowid 1:4 # /sbin/iptables -A POSTROUTING -o eth1 -t mangle -d 192.168.200.0/24 -j MARK --set-mark 28 /sbin/tc filter add dev eth1 protocol ip parent 1:0 prio 3 handle 28 fw flowid 1:28 # when I add subclasses to "1:28", traffic goes to "1:34" and "1:35", but exceeding traffic goes to "1:" instead of being placed at "1:28": # /sbin/tc qdisc add dev eth1 root handle 1: htb default That's whats the default parameter is for Regards, Francisco. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] failover strategies - failing open vs. failing closed.
Mensaje citado por Kelly Jeglum <[EMAIL PROTECTED]>: > I'd like to setup a box with 2 NICs as a firewall which will also rate > limits outbound traffic. What happens when/if that box hangs or is > rebooted? > > I'd like a solution that when there is a failure, traffic can still go > through the box even though the firewall and rate limiting functions will no > longer be in effect. > Maybe it is more than what you need, but did you know Virtual Router Redundancy Protocol? http://ftp.ietf.org/rfc/rfc2338.txt There are several linux implementations. > I believe that this is "failing closed" but have yet to find an intuitive > definition - "closed" to traffic going through or (the opposite of an "open" > circuit) a "closed" circuit which would allow traffic? > - La Tienda del Portal esta de fiesta! http://tienda.montevideo.com.uy - ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] clone MAC address
Frank Gruellich wrote: * Nicolas Patik <[EMAIL PROTECTED]> 16. Nov 04: No, I'm not talking about natting ... I'm talking about hidding my computers from my ISP. Tell me, what's the difference. Can you give some technical description for this 'hiding' you are talking about? .. or are you telling me that the problem with my linux box is about bad firewall rules? No. 'Firewall rules' are a matter of layer 3, MACs and their so called cloning belong to layer 2. Right now with my linux box doing NAT they can find that I have others computers connected. Contradicting to Chris they can. But trust me, they won't. Finding hosts behind a NAT router is very difficult and involves the collection of huge amounts of traffic.[1] After all, it will not work for any OSs. It's no so dificult, at least in some cases. p0f (passive OS fingerprint) uses a technique (that has some limitations) to detect masqueraded hosts, it have to sniff all the traffic but not collect it. http://lcamtuf.coredump.cx/p0f.shtml Regards, Francisco. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB: Problem with excess bandwidth distribution
Quoting Leslie Patrick Polzer <[EMAIL PROTECTED]>: > Still problems :( > > I upgraded to kernel 2.6.9 now, configured IMQ to hook itself up after > NAT, called it > from prerouting, used u32 (matching works), set the root class to a rate > of 800kBit > (which is 200 less than my link speed) - and the behavior gets even worse :( > > Unfortunately, I cannot shape on the outgoing interfaces either, because > there are two. Have you tried putting another machine as a bridge? (You dont need the IMQ in this case) - Elecciones Nacionales 2004 Consulte en el Portal donde votar http://www.montevideo.com.uy/elecciones2004 - ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tc monitoring
Quoting Andreas Klauer <[EMAIL PROTECTED]>: > Am Thursday 30 September 2004 14:44 schrieb Antonios Chalkiopoulos: > > The only limitation i noticed so far is that it can not properly parse > > the virtual channels of GRED qdisc. GRED is a tricky qdisc as it can > > contain 1..16 RED qdisc as virtual channels. > > Ah, sorry, I've never used GRED before, and I wanted to avoid > QDisc-specific parsing as much as possible. The tc command really isn't > suited for this kind of application. I really wish there was a library > with a decent API that lets you access this data directly. Parsing tc > output is just a bad hack. ;) I know of these projects, but only lql seems to be active. Linux QoS Library (lql) http://www.coverfire.com/lql/ An API for Linux QoS Support http://www.ittc.ukans.edu/~pramodh/courses/linux_qos/mainpage.html TC API Projec http://www-124.ibm.com/developerworks/projects/tcapi -- 0909 2468 La conexion discada a internet del Portal La misma conexion pero MEJOR y MAS BARATA Bajate el discador en http://www.montevideo.com.uy/0909 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
