RE: [LARTC] Adding qdiscs crashes kernel??
Please always report bugs to [EMAIL PROTECTED] Not entirely sure it's a bug yet. Which qdisc add crashes it? Please post the full oops. I don't get an oops. Just a completely unresponsive system. It's not terribly consistent. It's always one of these: tc qdisc add dev eth2 parent 1:1 handle 2: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc qdisc add dev eth3 parent 1:1 handle 2: cbq bandwidth 100Mbit avpkt 1000 cell 8 But there's no telling which. Leigh. From: Patrick McHardy [mailto:[EMAIL PROTECTED] Sent: Wed 5/12/2007 7:07 PM To: Leigh Sharpe Cc: lartc@mailman.ds9a.nl; Linux Netdev List Subject: Re: [LARTC] Adding qdiscs crashes kernel?? Please always report bugs to [EMAIL PROTECTED] Leigh Sharpe wrote: Oh, kernel version 2.6.23, since I forgot to mention it. Leigh. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leigh Sharpe Sent: Wednesday, 5 December 2007 3:37 PM To: lartc@mailman.ds9a.nl Subject: [LARTC] Adding qdiscs crashes kernel?? Hi all, I'm having some problems setting up qdiscs on a bridge.The config looks a little like this: ifconfig ifb0 up# Bring up the IFB for this bridge. tc qdisc add dev eth2 ingress tc qdisc add dev eth3 ingress tc qdisc add dev ifb0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 # Raw qdiscs on each bridge port tc qdisc add dev eth2 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc qdisc add dev eth3 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc filter add dev eth2 parent 1: protocol 0x8100 prio 5 u32 match u16 3000 0x0fff at 0 flowid 1:1 action ipt -j MARK --or-mark 0x0100 # mark packets for VLAN 3000. tc filter add dev eth3 parent 1: protocol 0x8100 prio 5 u32 match u16 3000 0x0fff at 0 flowid 1:1 action ipt -j MARK --or-mark 0x0100 # mark packets for VLAN 3000. tc class add dev eth2 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 2000Kbit weight 200Kbit prio 1 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated # 2000 Kbit rate limit on entry point. tc class add dev eth3 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 2000Kbit weight 200Kbit prio 1 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated # 2000 Kbit rate limit on entry point. tc qdisc add dev eth2 parent 1:1 handle 2: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc qdisc add dev eth3 parent 1:1 handle 2: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc class add dev eth2 parent 2:0 classid 2:1 cbq bandwidth 100Mbit rate 2000Kbit weight 200Kbit prio 2 allot 1514 cell 8 maxburst 20 avpkt 1000 sharing tc filter add dev eth2 parent 2:0 protocol 0x8100 prio 2 u32 match u16 3000 0x0fff at 0 flowid 2:1 action ipt -j MARK --or-mark 0x0010 tc qdisc add dev eth2 parent 2:1 handle 3: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc filter add dev eth2 parent 3:0 protocol 0x8100 prio 4 u32 match u32 0 0 flowid 3:3 # Traffic class 3 - catchall. Don't MARK further. (There's lot's more, mostly a repeat of the above with different criteria.) When I first boot the box, and apply the traffic shaping before any traffic flows, all is fine. However, if I apply this same config whilst the bridge is passing lots of traffic, it completely crashes the box. Everything freezes, I don't even get a kernel panic message on the console. Nothing responds and the only way to recover is by a power-cycle. If I take the link down on the ethernet port (with ip link set ethx down), apply the configs, and then bring it back up again, all is OK. Obviously, though, this isn't really acceptable. It always crashes immediately after a 'tc qdisc add...' line, but not always in the same place. Are there any known issues with adding qdiscs whilst traffic is being queued on it? I've also tried it using HTB instead of CBQ, and I get the same results. Anybody got any other ideas as to what might be going on? Which qdisc add crashes it? Please post the full oops. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Adding qdiscs crashes kernel??
Hi all, I'm having some problems setting up qdiscs on a bridge.The config looks a little like this: ifconfig ifb0 up# Bring up the IFB for this bridge. tc qdisc add dev eth2 ingress tc qdisc add dev eth3 ingress tc qdisc add dev ifb0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 # Raw qdiscs on each bridge port tc qdisc add dev eth2 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc qdisc add dev eth3 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc filter add dev eth2 parent 1: protocol 0x8100 prio 5 u32 match u16 3000 0x0fff at 0 flowid 1:1 action ipt -j MARK --or-mark 0x0100 # mark packets for VLAN 3000. tc filter add dev eth3 parent 1: protocol 0x8100 prio 5 u32 match u16 3000 0x0fff at 0 flowid 1:1 action ipt -j MARK --or-mark 0x0100 # mark packets for VLAN 3000. tc class add dev eth2 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 2000Kbit weight 200Kbit prio 1 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated # 2000 Kbit rate limit on entry point. tc class add dev eth3 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 2000Kbit weight 200Kbit prio 1 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated # 2000 Kbit rate limit on entry point. tc qdisc add dev eth2 parent 1:1 handle 2: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc qdisc add dev eth3 parent 1:1 handle 2: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc class add dev eth2 parent 2:0 classid 2:1 cbq bandwidth 100Mbit rate 2000Kbit weight 200Kbit prio 2 allot 1514 cell 8 maxburst 20 avpkt 1000 sharing tc filter add dev eth2 parent 2:0 protocol 0x8100 prio 2 u32 match u16 3000 0x0fff at 0 flowid 2:1 action ipt -j MARK --or-mark 0x0010 tc qdisc add dev eth2 parent 2:1 handle 3: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc filter add dev eth2 parent 3:0 protocol 0x8100 prio 4 u32 match u32 0 0 flowid 3:3 # Traffic class 3 - catchall. Don't MARK further. (There's lot's more, mostly a repeat of the above with different criteria.) When I first boot the box, and apply the traffic shaping before any traffic flows, all is fine. However, if I apply this same config whilst the bridge is passing lots of traffic, it completely crashes the box. Everything freezes, I don't even get a kernel panic message on the console. Nothing responds and the only way to recover is by a power-cycle. If I take the link down on the ethernet port (with ip link set ethx down), apply the configs, and then bring it back up again, all is OK. Obviously, though, this isn't really acceptable. It always crashes immediately after a 'tc qdisc add...' line, but not always in the same place. Are there any known issues with adding qdiscs whilst traffic is being queued on it? I've also tried it using HTB instead of CBQ, and I get the same results. Anybody got any other ideas as to what might be going on? Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] blocked::mailto:[EMAIL PROTECTED] web www.pacificwireless.com.au blocked::http://www.pacificwireless.com.au/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Prioritizing VOIP traffic without sacrificing throughput
Can you post your configs? Essentially, in order to keep the latency as low as possible, you need to make sure that you never exceed the bandwidth of the upstream link. Whilst doing this, you are able to ensure that your VOIP performance is good. If you are not throttling your bandwidth, then just re-prioritising your VOIP traffic will not help. As soon as you do a large download, your link gets saturated and the latency goes up. Once that happens, even if your router is re-prioritising the VOIP traffic, it is still latent, which means that your phone performance will suffer. By setting the upload and download speeds lower than the line speed, you ensure that the line does not get latent, and then your re-prioritising is effective. Most people seem to be of the opinion that around 80% or so of the line speed is a good rule of thumb. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefanie Tellex Sent: Friday, 7 September 2007 11:49 PM To: lartc@mailman.ds9a.nl Subject: [LARTC] Prioritizing VOIP traffic without sacrificing throughput Hi, I would like to prioritize VOIP traffic when we use the phone, but other times not do traffic shaping at all. Right now I have my openwrt router set up with htb to do shaping. In order to get it to work well I had to set my upload and download speeds much lower than my line speed. With these settings, I get good VOIP reception even while surfing the net and doing a long download. However, even when I'm not using the phone, a long download is more than twice as slow than it is with shaping turned off. Is there some way to configure it to only do shaping when it detects VOIP packets, and otherwise not limit traffic? Thanks, Stefanie ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Cbq and max latency
Hi All, Is there any way to set the maximum latency on a cbq when it is overloaded? Or, for that matter, to query it? For example, I want to know how long (in seconds) a packet will stay in the queue before it is dropped, and I want to be able to adjust this figure. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Maximum number of tc handles?
Hi all, Can anybody tell me what the maximum number of handles are that I can use when setting up qdiscs and classes in tc? Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] invoking ebtables with tc
Hi all, Is it possible to invoke an ebtables target from tc? Ie we can use the 'action ipt' to invoke an IPTables target, but I was wanting to use an ebtables target instead. Is this possible? Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
TC Protocols was RE: [LARTC] RE: IFB setup was no subject
Try protocol 8021q or whatever its number is - Thanks Andy, this did the trick. And now for the next question. 802.1q is protocol number 0x8100. Therefore my filter lines look like this: Tc filter add dev eth3 parent : protocol 0x8100 prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0 What is the u32 matching on? Is it matching on IP headers, or is it matching on the protocol specified, ie the VLAN header? For my particular application, I need to decide which IFB to redirect to based on combinations of both VLAN ID and IP src/dst addresses. Can I specify matches for the VLAN ID here? If so, I would presume that I can then use an Iptables mark to filter on, with that mark based on IP address? (ebtables can't match the IP address of a tagged packet, unfortunately.) Otherwise, I'm going to have to mark the packets with a VLAN ID using ebtables and then another mark from Iptables based on src/dst IP address. What a sodding nightmare. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 29, 2007 12:33 PM To: Leigh Sharpe Cc: lartc Subject: Re: [LARTC] RE: IFB setup was no subject Leigh Sharpe wrote: Seems that the example I gave actually works, but not the way I'm using it. I am bridging VLAN tagged packets, Try protocol 8021q or whatever its number is - if there are other protocol filters you will need a different prio or you will get an error. but for some reason they are not being subjected to the rate limit. If I pass normal, untagged packets through this setup, it behaves as expected. However, once I put tagged packets through the bridge, it fails to shape traffic. I don't want to have to use VLAN sub-interfaces, because the VLAN code strips the 802.1q tag from packets before they can be examined, which causes me problems in other areas. Are these wireless customers? I've never shaped wireless - do you get alot of extra loss from link layer, what's the bandwidth, single duplex or is it round robin type? I wonder if htb tweaked/untweaked/hfsc/policers could be better than cbq - you may be able to get things better for link latyer, tcpdumps will show you how bursty things are for users. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] RE: IFB setup was no subject
Subject changed as the no subject thread I see is quite long and diverse :-) Yeah, sorry about that. Minor brain fade. Seems that the example I gave actually works, but not the way I'm using it. I am bridging VLAN tagged packets, but for some reason they are not being subjected to the rate limit. If I pass normal, untagged packets through this setup, it behaves as expected. However, once I put tagged packets through the bridge, it fails to shape traffic. I don't want to have to use VLAN sub-interfaces, because the VLAN code strips the 802.1q tag from packets before they can be examined, which causes me problems in other areas. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: Andy Furniss [mailto:[EMAIL PROTECTED] Sent: Thursday, March 29, 2007 2:59 AM To: Leigh Sharpe Cc: lartc Subject: Re: IFB setup was no subject Leigh Sharpe wrote: Hi all, I'm having a hell of a time getting my IFB to work. I know I've done this before, so I'm missing something stupid. Can anybody tell me what it might be? Configs as follows: #!/bin/sh modprobe ifb numifbs=1000 modprobe act_mirred modprobe 8021q brctl addbr br0 brctl setfd br0 0 brctl stp br0 off brctl addif br0 eth1 brctl addif br0 eth2 ifconfig eth1 up ifconfig eth2 up ifconfig br0 up tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc qdisc add dev eth2 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 ifconfig ifb0 up tc qdisc add dev ifb0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc class add dev ifb0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 100Kbit weight 10Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated tc qdisc add dev eth1 ingress tc qdisc add dev eth2 ingress tc filter add dev eth1 parent : protocol ip prio 10 u32 match u32 0 0 action mirred egress redirect dev ifb0 tc filter add dev eth2 parent : protocol ip prio 10 u32 match u32 0 0 action mirred egress redirect dev ifb0 tc filter add dev ifb0 parent 1:0 protocol ip prio 1 u32 match u32 0 0 flowid 1:1 -- By my reckoning, this should redirect all packets passing through eth2 and eth1 through the IFB, and put a rate limit on the IFB of 100Kbits/sec. What have I missed? Subject changed as the no subject thread I see is quite long and diverse :-) It will only get ingress ethertype ip traffic on eth 1/2 (I don't know whether bridging complicates it - still havent fixed my own bridge yet) You need two more ... action mirred egress redirect ... to get egress eth1/2 traffic aswell. You need something classfull on the roots for it to work - you have CBQ already if you didn't prio would have done. If you have a qdisc on the real interface and redirect egress traffic to ifb then you can't classify again, though classification done before the redirect will be reinstated after the packets come back from ifb. Generally - I never used CBQ so don't know it's limitations/behavior. Accepting this may just be a test, but if you did it like this for real ie. sending in/out traffic to one slow buffer it will make for a truly horrible user experience - you should at least seperate the directions into seperate classes and make the classes share the bandwidth. I wonder if using policers and shared meters would be a nicer alternative - not that I have any examples to hand. If the nics are gig/ you use xen turn off * segmentation offload with ethtool -k Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] RE: IFB setup was no subject
Try protocol 8021q or whatever its number is - if there are other protocol filters you will need a different prio or you will get an error. I'll try that. I hav just seem some older stuff on the VLAN mailing list which might do what I want. I'm still investigating. Are these wireless customers? Nup. Well, not directly. This is going on our backbone, so I'm not taking traffic straight off the wireless. Ultimately, it will be delivered to a customer over a wireless link, but there's lots of ethernet between the QOS box and the wireless. By the way, wireless != 802.11, there's plenty of other flavours which all taste just like ethernet. I wonder if htb tweaked/untweaked/hfsc/policers could be better than cbq At this point I'm not locked into any particular discipline, but cbq looked like it would do what I wanted. I'll look a little further into the other possibilities. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: Andy Furniss [mailto:[EMAIL PROTECTED] Sent: Thursday, March 29, 2007 12:33 PM To: Leigh Sharpe Cc: lartc Subject: Re: [LARTC] RE: IFB setup was no subject Leigh Sharpe wrote: Seems that the example I gave actually works, but not the way I'm using it. I am bridging VLAN tagged packets, Try protocol 8021q or whatever its number is - if there are other protocol filters you will need a different prio or you will get an error. but for some reason they are not being subjected to the rate limit. If I pass normal, untagged packets through this setup, it behaves as expected. However, once I put tagged packets through the bridge, it fails to shape traffic. I don't want to have to use VLAN sub-interfaces, because the VLAN code strips the 802.1q tag from packets before they can be examined, which causes me problems in other areas. Are these wireless customers? I've never shaped wireless - do you get alot of extra loss from link layer, what's the bandwidth, single duplex or is it round robin type? I wonder if htb tweaked/untweaked/hfsc/policers could be better than cbq - you may be able to get things better for link latyer, tcpdumps will show you how bursty things are for users. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] (no subject)
Hi all, I'm having a hell of a time getting my IFB to work. I know I've done this before, so I'm missing something stupid. Can anybody tell me what it might be? Configs as follows: #!/bin/sh modprobe ifb numifbs=1000 modprobe act_mirred modprobe 8021q brctl addbr br0 brctl setfd br0 0 brctl stp br0 off brctl addif br0 eth1 brctl addif br0 eth2 ifconfig eth1 up ifconfig eth2 up ifconfig br0 up tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc qdisc add dev eth2 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 ifconfig ifb0 up tc qdisc add dev ifb0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 tc class add dev ifb0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 100Kbit weight 10Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated tc qdisc add dev eth1 ingress tc qdisc add dev eth2 ingress tc filter add dev eth1 parent : protocol ip prio 10 u32 match u32 0 0 action mirred egress redirect dev ifb0 tc filter add dev eth2 parent : protocol ip prio 10 u32 match u32 0 0 action mirred egress redirect dev ifb0 tc filter add dev ifb0 parent 1:0 protocol ip prio 1 u32 match u32 0 0 flowid 1:1 -- By my reckoning, this should redirect all packets passing through eth2 and eth1 through the IFB, and put a rate limit on the IFB of 100Kbits/sec. What have I missed? Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] U32 VLAN Header match
Hi all, Is is possible to configure the u32 classifier to match on VLAN ID? Or any other bits in the 802.1 header for that matter? If so, can anybody tell me how? Or where to find out how? Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tc act ipt errors
Hi all, I'm having a hell of a time getting tc and IFBs to co-operate. I've copied the following from http://linux-net.osdl.org/index.php/IFB: -- export TC=/sbin/tc $TC qdisc add dev ifb0 root handle 1: prio $TC qdisc add dev ifb0 parent 1:1 handle 10: sfq $TC qdisc add dev ifb0 parent 1:2 handle 20: tbf rate 20kbit buffer 1600 limit 3000 $TC qdisc add dev ifb0 parent 1:3 handle 30: sfq $TC filter add dev ifb0 protocol ip pref 1 parent 1: handle 1 fw classid 1:1 $TC filter add dev ifb0 protocol ip pref 2 parent 1: handle 2 fw classid 1:2 ifconfig ifb0 up $TC qdisc add dev eth0 ingress # redirect all IP packets arriving in eth0 to ifb0 # use mark 1 -- puts them onto class 1:1 $TC filter add dev eth0 parent : protocol ip prio 10 u32 \ match u32 0 0 flowid 1:1 \ action ipt -j MARK --set-mark 1 \ action mirred egress redirect dev ifb0 -- Gives me an error: Tablename: mangle hook: NF_IP_PRE_ROUTING target: MARK set 0x1 index 0 Action 4 device ifb0 ifindex 10 RTNETLINK answers: No such file or directory We have an error talking to the kernel Any ideas why? I have act_mirred loaded, and I have act_ipt loaded. What gives? Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] blocked::mailto:[EMAIL PROTECTED] web www.pacificwireless.com.au blocked::http://www.pacificwireless.com.au/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] linux-2.4.22 + bridge + traffic control by MAC.
Here: http://ebtables.sourceforge.net/examples/example5.html Is exactly what you want to do. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: Henry Bin [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 08, 2006 8:26 PM To: [EMAIL PROTECTED] Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] linux-2.4.22 + bridge + traffic control by MAC. On 11/7/06, ðÏËÏÔÉÌÅÎËÏ ëÏÓÔÉË [EMAIL PROTECTED] wrote: ÷ ÷ÔÏ, 07/11/2006 × 14:25 +0800, Henry Bin ÐÉÛÅÔ: Dear all, I am working on a linux box (2.4.22 kernel) which is used as a bridge. And I want to add traffic control rules on it by client's MAC. Does anyone has such experience on how to do that? Thank you very much!! bridge-utils iptables ebtables Oh, could you please give me a example about how to do that? What's I want is to limit the bandwidth for specified MAC. For example, I just want to give 3Mbps bandwidth to the PC which has MAC address--00:40:33:44:23:44. Thanks a lot! -- ðÏËÏÔÉÌÅÎËÏ ëÏÓÔÉË [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] changing 802.1p priority
Hi All, Is it possible to mangle the 802.1p priority bit on a packet as it gets bridged? I can't find anything in either the iptables or ebtables docs to tell me how it's done. Regards, Leigh Leigh SharpeNetwork Systems EngineerPacific WirelessPh +61 3 9584 8966Mob 0408 009 502email [EMAIL PROTECTED]web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] tc is giving an error: RTNETLINK answers: File exists
This is usually because you are attempting to create a class ID or a Qdisc ID
which already exists.
Check what value $HANDLE is on each iteration, perhaps using an echo on each
pass to display it. I think you'll find it is trying to use the same value
twice.
Regards,
Leigh
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
email [EMAIL PROTECTED]
web www.pacificwireless.com.au
-Original Message-
From: fourcentsshy [mailto:[EMAIL PROTECTED]
Sent: Friday, September 15, 2006 8:15 AM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] tc is giving an error: RTNETLINK answers: File exists
Hello,
I'm using tc to limit the bandwidth of our wireless customers. I have a
working script, but I'm not happy with it. I'm trying to write a more
sophisticated script, but when I run it, it give me this error:
RTNETLINK answers: File exists
I have no idea what this error means or how to fix it. Here is a portion
of the script (the whole script shapes several interfaces):
IDEV='eth5'
TC='/sbin/tc'
IPS='/etc/sysconfig/shaper/shape.ips'
# high priority destination ports - I'll fill these in later (when this
# thing works)
HIGHPORT=
# low priority destination ports
LOWPORT=
$TC qdisc add dev $IDEV root handle 1: cbq bandwidth 1600Kbit cell 8\
avpkt 1000 mpu 64
$TC class add dev $IDEV parent 1: classid 1:1 est 1sec 8sec cbq\
bandwidth 1600Kbit rate 1500kbit allot 1514 maxburst 20 avpkt 1000\
prio 0 bounded isolated
cat $IPS | sed -e 's/#.*$//; s/^ *$//;' | while read IP RATE STATUS; do
if [ x$IP == x ]; then
continue
fi
# I use the last byte of the customer's IP's for the handle, which range
# from 76 to 135 ATM.
HANDLE=${IP##*.}
# I get the error from the next line. Because it fails to create the
# qdisc all the rest fail too.
$TC qdisc add dev $IDEV parent 1:1 handle 1:$HANDLE cbq\
bandwidth 1600Kbit cell 8 avpkt 1000 mpu 64
$TC class add dev $IDEV parent 1:$HANDLE classid $HANDLE:\
est 1sec 8sec cbq bandwidth 1600Kbit rate ${RATE}kbit allot 1514\
maxburst 20 avpkt 1000 prio 1 bounded isolated
$TC class add dev $IDEV parent $HANDLE: classid $HANDLE:1\
est 1sec 8sec cbq bandwidth 1600Kbit rate ${RATE}kbit allot 1514\
maxburst 20 avpkt 1000 prio 2
$TC class add dev $IDEV parent $HANDLE: classid $HANDLE:2 est 1sec\
8sec cbq bandwidth 1600Kbit rate $[9*$RATE/10]kbit allot 1514\
maxburst 20 avpkt 1000 prio 3
$TC class add dev $IDEV parent $HANDLE: classid $HANDLE:3 est 1sec\
8sec cbq bandwidth 1600Kbit rate $[8*$RATE/10]kbit allot 1514\
maxburst 20 avpkt 1000 prio 4
$TC qdisc add dev $IDEV parent $HANDLE:1 sfq quantum 1514b\
perturb 15
$TC qdisc add dev $IDEV parent $HANDLE:2 sfq quantum 1514b\
perturb 15
$TC qdisc add dev $IDEV parent $HANDLE:3 sfq quantum 1514b\
perturb 15
$TC filter add dev $IDEV parent 1: protocol ip prio 16\
u32 match ip src $IP flowid $HANDLE:
$TC filter add dev $IDEV parent $HANDLE: protocol ip prio 10\
u32 match ip tos 0x10 0xff flowid $HANDLE:1
$TC filter add dev $IDEV parent $HANDLE: protocol ip prio 11\
u32 match ip protocol 1 0xff flowid $HANDLE:1
$TC filter add dev $IDEV parent $HANDLE: protocol ip prio 12\
u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16\
0x 0xffc0 at 2 flowid $HANDLE:1
for a in $HIGHPORT; do
$TC filter add dev $IDEV parent 1:0 protocol ip prio 14\
u32 match ip dport $a 0x flowid $HANDLE:1
done
for a in $LOWPORT; do
$TC filter add dev $IDEV parent 1:0 protocol ip prio 16\
u32 match ip dport $a 0x flowid $HANDLE:3
done
$TC filter add dev $IDEV parent 1:0 protocol ip prio 15\
u32 match ip dst 0.0.0.0/0 flowid $HANDLE:2
done
There are bound to other problems with this script, but until I can get
past the current one, I'm dead in the water. TIA
William Murphy
Network Administrator
Velocity Technologies, Inc.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Rate limits whithin rate limits
Hi all, I'm sure I'm soing something wrong here. I am trying to set up a rate limit inside another rate limit. eg. I have a 512K rate limit on a particular VLAN. I am using an IFB so that packets passing through the bridge are counted at each port.(ie the throughput is limited to 512K, not just the traffic in one direction.) This part works OK, but I also want to limit a particular IP to much less than that, say 100K. Therefore, overall the VLAN can pass no more thatn 512K, and the particular host cannot exceed 100K of that 512K. Using the config below, I'm able to limit the VLAN to 512K and the nominated host to 100K, but the total (ie nominated host + all other traffic) adds up to 612 K. The child classes are limiting approriately, but not respecting the parent class. Anybody care to shed some light on what I might be doing wrong? Config as follows: #!/bin/sh# Load kernel modules modprobe ifb numifbs=1000modprobe act_mirred # set up raw queuing discipline on ports.tc qdisc add dev eth0.10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8tc qdisc add dev eth1.10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8# bring up IFBifconfig ifb10 up# Add queuing disciplines to IFB# Raw qdisc first.tc qdisc add dev ifb10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8# Now add the rate limittc class add dev ifb10 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated # Now re-direct all ingress packets to the IFBtc qdisc add dev eth0.10 ingresstc qdisc add dev eth1.10 ingresstc filter add dev eth0.10 parent : protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb10tc filter add dev eth1.10 parent : protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb10 # Now add a 100K rate limit for packets to or from 172.16.1.117, plus another 512K rate limit for the entire VLAN.# Add an unlimited class for un-matched data.tc class add dev ifb10 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated # Add the new class, limited to 100Ktc class add dev ifb10 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 256Kbit weight 10KBit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated # Now add the filters to direct traffic to each of the above classes. tc filter add dev ifb10 parent 1:0 protocol ip prio 1 u32 match ip src 172.16.1.117/32 flowid 1:3tc filter add dev ifb10 parent 1:0 protocol ip prio 1 u32 match ip dst 172.16.1.117/32 flowid 1:3tc filter add dev ifb10 parent 1:0 protocol ip prio 2 u32 match u32 0 0 flowid 1:2 Class 1:3 is a 100K rate limit. 1:2 is a 512K rate limit, for otherwise unmatched traffic. 1:2 and 1:3 are both children of 1:1, which is an overall 512K limit. Should this not set an upper limit for all traffic through ifb10? Regards, Leigh Leigh SharpeNetwork Systems EngineerPacific WirelessPh +61 3 9584 8966Mob 0408 009 502email [EMAIL PROTECTED]web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Routing question
I'll try that on-list this time.. An iptables rule in the FORWARD chain to DROP all packets to/from that network? Using the FORWARD chain should allow access from the server's IP address, but not allowing any forwarded traffic. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 06, 2006 5:08 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] Routing question I've always had to either have routing on, or off on a system. For the first time this week I have a system on the internet but with one connection to a private network to manage a piece of network gear. The situation is where I have a server on a 802.1q trunk with 4 VLAN interfaces on the internet and needs standard routing across the interfaces, eth0.3, eth0.7, eth0.10, and eth0.11 all with public address space and has standard routing. I just turned up eth0.2 on a private network (192.168.x.x) that I need to prevent any traffic from the public interfaces from reaching. After dipping into the iprouting documentation, it's only confused me more. I assume this is accomplished with a rule but sofar I have only been able to completely shut off access to the private network entirely including the server's access to that subnet. Could someone point me to an example of how this can be done? Thank you! John Fulton Anchorage, AK ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] multiple IFBs
Hi all, Further to my previous questions, I need lots of IFBs on this thing. I have configured IFB as a module, and issuing a modprobe ifb loads it, but only gives me 2 IFBs (ifb0 and ifb1). How can I get more? I'm probably looking at needing about 20 on this project. Regards, Leigh Leigh SharpeNetwork Systems EngineerPacific WirelessPh +61 3 9584 8966Mob 0408 009 502email [EMAIL PROTECTED]web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TC not recognising mirred argument
Hi All, I'm trying to do some traffic shaping with IFB.I have installed Ubuntu 6.0.6 and upgraded to the 2.6.17.7 kernel. I have an ifb0 device. However, I think I may have the wrong version of TC installed, because it doesn't like the 'mirred' argument. What version of iproute should I be using, and how can I upgrade it? apt-get update iproute doesn't seem to help. (tc is a part of the iproute package, isn't it?) Regards, Leigh Leigh SharpeNetwork Systems EngineerPacific WirelessPh +61 3 9584 8966Mob 0408 009 502email [EMAIL PROTECTED]web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Applying the same class to multiple interfaces
Hi All, I'm trying to do some traffic shaping on an ethernet bridge. Currently, I have the following setup working: ifconfig eth0 downbrctl addbr br0brctl addif br0 eth0brctl addif br0 eth1brctl stp br0 offifconfig eth0 0.0.0.0 upifconfig eth1 0.0.0.0 upifconfig br0 up This creates a bridge consisting of eth0 and eth1. So far so good. I now want to use tc to shape traffic through this bridge. By applying the following, I am able to limit the given MAC address to 128K in each direction: tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 mpu 64tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 mpu 64tc class add dev eth0 parent 1:0 classid 1:1 cbq rate 128Kbit allot 1514 prio 1 avpkt 1000 boundedtc class add dev eth1 parent 1:0 classid 1:1 cbq rate 128Kbit allot 1514 prio 1 avpkt 1000 boundedtc filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:1tc filter add dev eth1 parent 1:0 protocol ip handle 1 fw flowid 1:1 ebtables -A FORWARD -s 00:10:A4:EC:65:E8 -j mark --set-mark 1 --mark-target ACCEPTebtables -A FORWARD -d 00:10:A4:EC:65:E8 -j mark --set-mark 1 --mark-target ACCEPT This works OK, but it isn't quite what I want. I want to limit the traffic to 128K total. ie, 128K in one direction or the other, or 64K in each direction simultaneously, or 100K in one direction and 28K in the other, etc... I can't see anything in the tc docs which indicates that I can apply the same class and filter to multiple interfaces at once. I'd be happy enough with applying the same rate limit to a single interface, but measuring both ingress and egress traffic to come up with the lmit. Ultimately, of course, I'll be using different criteria to mark the packets. Regards, Leigh Leigh SharpeNetwork Systems EngineerPacific WirelessPh +61 3 9584 8966Mob 0408 009 502email [EMAIL PROTECTED]web www.pacificwireless.com.au ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
