[LARTC] Remove
Title: Message �
RE: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
Thanks Patrick, But I am not sure if it is possible to apply it to the embedded Linux . -Original Message- From: Patrick McHardy [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 5:42 PM To: Greg Freeman Subject: Re: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue See trash.net/~kabet/hfsc for a packet scheduler which allows delay and bandwidth decoupling. Maybe that helps. Regards, Patrick Greg Freeman wrote: > To stress the urgency and importance of my questions, I am willing to > pay $100 to the first person that can provide me with the scripts/ > rules that will work in my SnapGear firewalls that will solve the > problems I am having. > > Please see the following post: > > > Linux QOS and prioritization of real-time data (RTP/VoIP) > > Thank you! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] RE: Linux QOS help
-Original Message- From: Teemu Korpela [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 9:17 PM To: Greg Freeman Subject: RE: Linux QOS help On Thu, 4 Dec 2003 08:47:27 -0900, Greg Freeman wrote > Looking at the support report on the firewall (list all sorts of > stuff) I saw this.. > > ifconfig -a > eth0 Link encap:Ethernet HWaddr 00:D0:CF:01:A6:52 > inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:20061386 errors:206047 dropped:5857547 > overruns:138637 frame:0 > TX packets:8390751 errors:0 dropped:0 overruns:1 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:5 > > Note the number of errors on this Lan interface, these are read errors? > Is it common to have this many of dropped and overrun packets on a LAN > side? It's not common. I just checked one linux router with half-duplex and another with full-duplex ethernet connection and error counters were zero (except half-duplex interface which had small amount of collisions, but that's normal). Both routers have been running several months now. Maybe your problems is this and not QOS-troubles? The amount of errors and dropped frames is way too high compared to amount of received frames and there is packet loss. One reason for this might be excessive CPU load when you are using ipsec and transferring bulk data like files across the link. CPU time shortage causes dropping of ethernet frames when receiving. What hardware are you using in corp side firewall? -- Teemu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
Removed all the isolated, latency result was the same. Tried the new rule(s) on the site1 and again had a latency of 318ms. However, dropped packets increased to the highest I have seen it... 17%. The min latency was 30ms, the max was 881ms -Original Message- From: Stef Coene [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 11:41 AM To: Greg Freeman Subject: Re: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue On Thursday 04 December 2003 21:37, Greg Freeman wrote: > Thanks! Should I remove it from any/all sections that mentions > isolated then? Yes. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
Good guess, 10.0.0.7 is actually the VoIP phone system, which can handle multiple calls. 10.0.1.20-22 are actually IP phones I just pasted your other changes and was about to apply them. I will try it first, then the below and let you know the results. -Original Message- From: Stef Coene [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 11:37 AM To: Greg Freeman Cc: [EMAIL PROTECTED] Subject: Re: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue On Thursday 04 December 2003 21:24, Greg Freeman wrote: > Stef, > The current set of rules I have in it are as follows: > > > tc qdisc add dev ipsec0 root handle 1: htb default 20 tc class add dev > ipsec0 parent 1: classid 1:1 htb rate 600kbit ceil 640kbit burst 2k tc > class add dev ipsec0 parent 1:1 classid 1:10 htb rate 240kbit tc class > add dev ipsec0 parent 1:2 classid 1:20 htb rate 400kbit tc filter add > dev ipsec0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 tc > filter add dev ipsec0 parent 1:0 prio 0 protocol ip handle 20 fw > flowid 1:20 iptables -A PREROUTING -t mangle -p ALL -j MARK --set-mark > 20 iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.20 -j MARK > --set-mark 10 iptables -A PREROUTING -t mangle -p ALL -j MARK > --set-mark 20 iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.21 -j > MARK --set-mark 10 iptables -A PREROUTING -t mangle -p ALL -j MARK > --set-mark 20 iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.22 -j > MARK --set-mark 10 > > > > This still does not solve the latency (or even seem to affect it, but > perhaps this is a better route in trying to solve this issue?) Please > let me know you thoughts, Try this : tc qdisc del dev ipsec0 root tc qdisc add dev ipsec0 root handle 1: htb default 20 tc class add dev ipsec0 parent 1: classid 1:1 htb rate 600kbit ceil 600kbit tc class add dev ipsec0 parent 1:1 classid 1:10 htb rate 240kbit ceil 600kbit tc class add dev ipsec0 parent 1:2 classid 1:20 htb rate 400kbit ceil 500kbit tc filter add dev ipsec0 parent 1:0 prio 0 protocol ip handle 0x10 fw flowid 1:10 tc filter add dev ipsec0 parent 1:0 prio 0 protocol ip handle 0x20 fw flowid 1:20 iptables -F -t mangle iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.20 -j MARK --set-mark 0x10 iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.21 -j MARK --set-mark 0x10 iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.22 -j MARK --set-mark 0x10 10.1.1.20/21/22 are the VoIP systems ? Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
Stef, The current set of rules I have in it are as follows: tc qdisc add dev ipsec0 root handle 1: htb default 20 tc class add dev ipsec0 parent 1: classid 1:1 htb rate 600kbit ceil 640kbit burst 2k tc class add dev ipsec0 parent 1:1 classid 1:10 htb rate 240kbit tc class add dev ipsec0 parent 1:2 classid 1:20 htb rate 400kbit tc filter add dev ipsec0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 tc filter add dev ipsec0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 iptables -A PREROUTING -t mangle -p ALL -j MARK --set-mark 20 iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.20 -j MARK --set-mark 10 iptables -A PREROUTING -t mangle -p ALL -j MARK --set-mark 20 iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.21 -j MARK --set-mark 10 iptables -A PREROUTING -t mangle -p ALL -j MARK --set-mark 20 iptables -A PREROUTING -t mangle -p ALL -d 10.0.1.22 -j MARK --set-mark 10 This still does not solve the latency (or even seem to affect it, but perhaps this is a better route in trying to solve this issue?) Please let me know you thoughts, Thanks Greg -Original Message- From: Stef Coene [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 10:42 AM To: Greg Freeman Subject: Re: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue On Wednesday 03 December 2003 23:36, Greg Freeman wrote: > Thanks Stef, > > If I knew how and what (to specifically state with the htb qdisc > scripts I would try. > > Can I just substitute the word prio for sfq? > > If you could type the rules I should use it would help greatly, and if > it works I would be happy to pay you. Before I help you with the htb rules, do you have a kernel and tc binary with htb support? Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
I tried the following rules and had the same bad latency results for the corp site to remote site. Below are the rules I tried which gave the bad (avg. 350ms) latency: corp rules tc qdisc add dev ipsec0 handle 1: root cbq bandwidth 600kbit avpkt 1000 tc class add dev ipsec0 parent 1: classid 1:1 cbq bandwidth 240kbit avpkt 500 prio 1 rate 240kbit bounded isolated tc filter add dev ipsec0 parent 1:0 protocol ip prio 100 route tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.20 flowid 1:1 tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.21 flowid 1:1 tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.22 flowid 1:1 remote rules-- tc qdisc add dev ipsec0 handle 1: root cbq bandwidth 580kbit avpkt 1000 tc class add dev ipsec0 parent 1: classid 1:1 cbq bandwidth 240kbit avpkt 500 prio 1 rate 240kbit bounded isolated tc filter add dev ipsec0 parent 1:0 protocol ip prio 100 route tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.0.7 flowid 1:1 Any help would be greatly appreciated. Please see the following post: Linux QOS and prioritization of real-time data (RTP/VoIP) From: Greg Freeman Sent: Wednesday, December 03, 2003 9:04 AM To: [EMAIL PROTECTED] Subject: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue Importance: High To stress the urgency and importance of my questions, I am willing to pay $100 to the first person that can provide me with the scripts/ rules that will work in my SnapGear firewalls that will solve the problems I am having. Please see the following post: Linux QOS and prioritization of real-time data (RTP/VoIP) Thank you! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] 2 internal nets, each one with its own provider
I tried the following rules and had the same bad latency results for the corp site to remote site. Below are the rules I tried which gave the bad (avg. 350ms) latency: corp rules tc qdisc add dev ipsec0 handle 1: root cbq bandwidth 600kbit avpkt 1000 tc class add dev ipsec0 parent 1: classid 1:1 cbq bandwidth 240kbit avpkt 500 prio 1 rate 240kbit bounded isolated tc filter add dev ipsec0 parent 1:0 protocol ip prio 100 route tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.20 flowid 1:1 tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.21 flowid 1:1 tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.1.22 flowid 1:1 remote rules-- tc qdisc add dev ipsec0 handle 1: root cbq bandwidth 580kbit avpkt 1000 tc class add dev ipsec0 parent 1: classid 1:1 cbq bandwidth 240kbit avpkt 500 prio 1 rate 240kbit bounded isolated tc filter add dev ipsec0 parent 1:0 protocol ip prio 100 route tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.0.7 flowid 1:1 Any help would be greatly appreciated. -Original Message- From: Cezar Atanasiu [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 7:37 AM To: [EMAIL PROTECTED] Subject: [LARTC] 2 internal nets, each one with its own provider Hi, and good evening, I encountered a quite weird problem yersterday evening, and I wonder if someone can explain the way of it. Anyway, there is goes : I have a client running two separate networks, NET-A (10.0.1.0/24) and NET-B (10.0.2.0/24) and two providers P-A, with gateway 192.168.0.1 and P-B with gateway 192.168.0.2. Now, as for the hardware part of it, there is one linux router hosting 4 ethernet cards on it, each connection having its on ethernet device, something like this : +-+ P-A eth0 | +--+---+ eth2 | if1 | NET-A ---+ | | Linux router | eth3 | | NET-B ---+ if2 | | | +--+---+ eth1 | +-+ P-B Hope you get the idea. As for the configuration, what I did was : setup 2 new routing tables, for P-A, and P-B, added the default gws to those tables, and setup 2 snat rules for the two networks in order to get each of them out on a separate provider. That does not seem to work, and I wonder if anyone has any idea why. Excuse me for the large email, and thankyou for your patience :) Cezar ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Willing to pay the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
Hello, To stress the urgency and importance of my questions, I am willing to pay $100 to the first person that can provide me with the scripts/ rules that will work in my SnapGear firewalls that will solve the problems I am having. Please see the following post: " Linux QOS and prioritization of real-time data (RTP/VoIP) " Thank you! <>
[LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
To stress the urgency and importance of my questions, I am willing to pay $100 to the first person that can provide me with the scripts/ rules that will work in my SnapGear firewalls that will solve the problems I am having. Please see the following post: Linux QOS and prioritization of real-time data (RTP/VoIP) Thank you! <>
[LARTC] Linux QOS and prioritization of real-time data (RTP/VoIP)
The questions I will be asking are: How can I prevent the latency on the VoIP traffic I am experiencing when remote users copy files from the server to their local PC? What rules do I need to Change/add? (I think I have too many rules at this point, and probably not the right ones, since it doesn't seem to help.)Is it related to the sfq queuing? Ie. should I be using another queuing technique such as PQ?(Please keep in mind I know very little Linux) and basically cut and paste :0) Site details: Site 1 (Corp)Firewall (10.0.0.1) running embedded Linux with an Ipsec tunnel to site 2. Internet connection is 640kbps/640kbps. Corporate side has a phone server with a VoIP card at 10.0.0.7. The below rules are being applied, but even with these rules in place I am seeing when data is pulled from the file server (10.0.0.2), to one of the clients at site 2, the latency on the VoIP traffic (measured by sending continuous ICMP packets from the phone server (10.0.0.7) to an IP phone (10.0.1.20) at site 2 -for testing) increases dramtically. With no data being copied from the server (10.0.0.2) to a client at site 2 the average latency is 30ms. When data is being copied from the server, it puts the average latency of the ICMP test packets to about 300ms, with some as high as 600+. Here are the rules on the Corp side:tc qdisc del dev ipsec0 roottc qdisc add dev ipsec0 root handle 1: cbq bandwidth 10Mbit avpkt 1000tc class add dev ipsec0 parent 1: classid 1:1 cbq rate 580kbit allot 1500 prio 2 bounded isolatedtc class add dev ipsec0 parent 1:1 classid 1:10 cbq rate 240kbit allot 1500 avpkt 1000 prio 1 tc class add dev ipsec0 parent 1:1 classid 1:20 cbq rate 400kbit allot 1500 avpkt 1000 prio 10tc qdisc add dev ipsec0 parent 1:10 handle 10: sfq perturb 10tc qdisc add dev ipsec0 parent 1:20 handle 20: sfq perturb 10tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip protocol 6 0xff match ip src 10.0.0.0/24 flowid 1:20tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip protocol 17 0xff match ip src 10.0.0.0/24 flowid 1:20tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff match ip src 10.0.0.0/24 flowid 1:20tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip protocol 6 0xff match ip src 10.0.0.7 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip protocol 17 0xff match ip src 10.0.0.7 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff match ip src 10.0.0.7 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip protocol 17 0xff match ip dst 10.0.1.20 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip protocol 17 0xff match ip dst 10.0.1.21 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip protocol 17 0xff match ip dst 10.0.1.22 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip protocol 6 0xff match ip dst 10.0.1.20 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip protocol 6 0xff match ip dst 10.0.1.21 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip protocol 6 0xff match ip dst 10.0.1.22 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff match ip dst 10.0.1.20 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff match ip dst 10.0.1.21 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff match ip dst 10.0.1.22 flowid 1:10 Site 2 (Remote)Firewall (10.0.1.1) running embedded Linux with an Ipsec tunnel to site 1. Internet connection speed is 640/640kbps. Each firewall has an eth0, and eth1 interface in addition to the Ipsec0 interface. TheIP Phones are at 10.0.1.20-22. The site 2 rules are: tc qdisc del dev ipsec0 roottc qdisc add dev ipsec0 root handle 1: cbq bandwidth 10Mbit avpkt 1000tc class add dev ipsec0 parent 1: classid 1:1 cbq rate 580kbit allot 1500 prio 1 bounded isolatedtc class add dev ipsec0 parent 1:1 classid 1:10 cbq rate 240kbit allot 1500 avpkt 1000 prio 1 tc class add dev ipsec0 parent 1:1 classid 1:20 cbq rate 400kbit allot 1500 avpkt 1000 prio 10tc qdisc add dev ipsec0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev ipsec0 parent 1:20 handle 20: sfq perturb 10tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip protocol 6 0xff match ip src 10.0.1.0/24 flowid 1:20tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip protocol 17 0xff match ip src 10.0.1.0/24 flowid 1:20tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff match ip src 10.0.1.0/24 flowid 1:20tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip protocol 6 0xff match ip src 10.0.1.20 flowid 1:10tc filter add dev ipsec0 parent 1:0 protocol ip prio 1
