[LARTC] Re: filter performance/optimization questions (Imre Gergely)
Can you also post : mpstat -P ALL 1 20 iostat -x 1 10 and opreport --symbols ?? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] P4 dual core vs AMD64 dual core with HTB
Hi All, Please for some advice. I have Linux router that do traffic control with HTB , routing and traffic counting. currently machine is with P4 2.2GHZ 1GB RAM. I plan to migrate to dual core CPU. I know well P4 dual core but is it anybody has experience with AMD64 dual core / or single core / for traffic control . I use Deban Linux for my router. Can I expect problems with HTB and iproute 2 over ATHLON DUAL CORE/BOX or single box ? I have dual core p4 (64bit compiled) with hfsc configuration for 4500users CPU load on this machine is about 20% Average with 60Mbit/s traffic I also want to know did the AMD (Opteron) will be better for such solution like traffic management :) Currently my problem is that i have too big system load over CPU / 60-80%/ How many users You have ? How many pps on interfaces ? How large is traffic load (data) , what kind of traffic ? Did You use hashing filters for traffic management (filtering) ? Is this machine is doing NAT or any of iptables things ? and packet dropping. at every 15-20sec i have traffic freeze for 1-2sec. when more users are online. What type of interfaces You have ? Did You use NAPI if available ? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] action redirect and dummy interface
Andy Furniss wrote: Paweł Staszewski wrote: Hello i have some problems on 2.6.14 kernel dummy and iproute :) i have server with 2 nics : eth0 inet eth1 lan dummy0 (i want to shape incoming traffic from lan machine on this interface) OK but the script sends both egress and ingress on eth1 to dummy0. Yes i try to send ingress and egress packets from eth1 to dummy my config: tc qdisc del dev dummy0 root tc qdisc add dev dummy0 root handle 1: htb tc class add dev dummy0 parent 1: classid 1:1 htb rate 100kbit ceil 100kbit tc class add dev dummy0 parent 1: classid 1:2 htb rate 100kbit ceil 100kbit tc filter add dev dummy0 protocol ip pref 1 parent 1: handle 1 fw classid 1:1 tc filter add dev dummy0 protocol ip pref 2 parent 1: handle 2 fw classid 1:2 ifconfig dummy0 up tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1: htb tc filter add dev eth1 parent 1:0 protocol ip prio 10 u32 \ match ip dst 0/0 flowid 1:1 \ action ipt -j MARK --set-mark 2 \ action mirred egress redirect dev dummy0 tc qdisc del dev eth1 ingress tc qdisc add dev eth1 ingress tc filter add dev eth1 parent : protocol ip prio 10 u32 \ match ip src 0/0 flowid 1:1 \ action ipt -j MARK --set-mark 1 \ action mirred egress redirect dev dummy0 Apart from adding a modprobe this works for me using the attached dummy.c on 2.6.12. I load dummy on system start. and i have only tx-es on dummy0 interface no rx packets and lan machine cannot comunicate with server and vice-versa any solutions ... i readed this post http://oss.sgi.com/projects/netdev/archive/2004-04/msg00251.html and i have the same config ... but :) That patch didn't go into kernel and was superseeded by another version which I attach - but AFAIK it's still not in kernel yet and jamal is still working on it. Andy. Ok thanks i try your attached patch tommorow and try to do some tests. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] action redirect and dummy interface
Andy Furniss wrote: Paweł Staszewski wrote: That patch didn't go into kernel and was superseeded by another version which I attach - but AFAIK it's still not in kernel yet and jamal is still working on it. Ok thanks i try your attached patch tommorow and try to do some tests. OK - it's not a patch - just replace drivers/net/dummy.c with the uncompressed attachment. Andy. ok i replace 2.6.14 dummy driver with yours and it is working. thanks again ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] action redirect and dummy interface
Hello i have some problems on 2.6.14 kernel dummy and iproute :) i have server with 2 nics : eth0 inet eth1 lan dummy0 (i want to shape incoming traffic from lan machine on this interface) my config: tc qdisc del dev dummy0 root tc qdisc add dev dummy0 root handle 1: htb tc class add dev dummy0 parent 1: classid 1:1 htb rate 100kbit ceil 100kbit tc class add dev dummy0 parent 1: classid 1:2 htb rate 100kbit ceil 100kbit tc filter add dev dummy0 protocol ip pref 1 parent 1: handle 1 fw classid 1:1 tc filter add dev dummy0 protocol ip pref 2 parent 1: handle 2 fw classid 1:2 ifconfig dummy0 up tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1: htb tc filter add dev eth1 parent 1:0 protocol ip prio 10 u32 \ match ip dst 0/0 flowid 1:1 \ action ipt -j MARK --set-mark 2 \ action mirred egress redirect dev dummy0 tc qdisc del dev eth1 ingress tc qdisc add dev eth1 ingress tc filter add dev eth1 parent : protocol ip prio 10 u32 \ match ip src 0/0 flowid 1:1 \ action ipt -j MARK --set-mark 1 \ action mirred egress redirect dev dummy0 and i have only tx-es on dummy0 interface no rx packets and lan machine cannot comunicate with server and vice-versa any solutions ... i readed this post http://oss.sgi.com/projects/netdev/archive/2004-04/msg00251.html and i have the same config ... but :) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] action redirect and dummy interface
Hello i have some problems on 2.6.14 kernel dummy and iproute :) i have server with 2 nics : eth0 inet eth1 lan dummy0 (i want to shape incoming traffic from lan machine on this interface) my config: tc qdisc del dev dummy0 root tc qdisc add dev dummy0 root handle 1: htb tc class add dev dummy0 parent 1: classid 1:1 htb rate 100kbit ceil 100kbit tc class add dev dummy0 parent 1: classid 1:2 htb rate 100kbit ceil 100kbit tc filter add dev dummy0 protocol ip pref 1 parent 1: handle 1 fw classid 1:1 tc filter add dev dummy0 protocol ip pref 2 parent 1: handle 2 fw classid 1:2 ifconfig dummy0 up tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1: htb tc filter add dev eth1 parent 1:0 protocol ip prio 10 u32 \ match ip dst 0/0 flowid 1:1 \ action ipt -j MARK --set-mark 2 \ action mirred egress redirect dev dummy0 tc qdisc del dev eth1 ingress tc qdisc add dev eth1 ingress tc filter add dev eth1 parent : protocol ip prio 10 u32 \ match ip src 0/0 flowid 1:1 \ action ipt -j MARK --set-mark 1 \ action mirred egress redirect dev dummy0 and i have only tx-es on dummy0 interface no rx packets and lan machine cannot comunicate with server and vice-versa any solutions ... i readed this post http://oss.sgi.com/projects/netdev/archive/2004-04/msg00251.html and i have the same config ... but :) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Odp: LARTC Digest, Vol 5, Issue 34
Hello Yes i have separate class for every user, every class have pfifp qdisc. User direction shaping: tc -s -d qdisc show dev eth2 | grep pfifo |wc -l 3959 Internet direction shaping: tc -s -d qdisc show dev vlan0891 | grep pfifo |wc -l 3959 Nat: iptables -L -n -v -t nat | grep SNAT | wc -l 3959 For shaping i use hfsc classifier. Date: Fri, 15 Jul 2005 14:16:33 +0200 From: Peter Surda [EMAIL PROTECTED] Subject: Re: [LARTC] Use of qcdisc+htb To: lartc@mailman.ds9a.nl Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=UTF-8 On Fri, 15 Jul 2005 11:55:34 +0200 Pawe** Staszewski [EMAIL PROTECTED] wrote: Hello Hello I have 40Mbit/s internet uplink Average transfer 25Mbit/s - 3957 users [cut] Well, the question is what kind of TC-setup you have. Do you have a separate HTB class for every user? Yours sincerely, Peter ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
Hello I have 4000 users and i use hfsc for shaping them. Each class has own qdisc(esfq) tc -s -d qdisc show dev vlan0891 | grep qdisc | wc -l 4355 tc -s -d qdisc show dev eth2 | grep qdisc | wc -l 4355 I use hashing filters. System is: P4 3.2GHz (HT enabled) 2GB RAM 2xIntel gigabit (Napi enabled) Machine load is: 12:57:06 up 11:24, 2 users, load average: 0.00, 0.05, 0.06 mpstat -P ALL 1 (output) Linux 2.6.12-rc5-git6 (natjawman) 06/03/05 12:57:24 CPU %user %nice %system %iowait%irq %soft %idle intr/s 12:57:25 all 12.000.00 30.500.000.50 14.50 42.50 4990.00 12:57:25 0 12.000.00 32.000.001.00 13.00 42.00 3390.00 12:57:25 1 12.000.00 29.000.000.00 16.00 42.00 1603.00 12:57:25 CPU %user %nice %system %iowait%irq %soft %idle intr/s 12:57:26 all 11.500.00 30.500.000.50 16.50 41.00 4970.00 12:57:26 0 12.000.00 29.000.000.00 17.00 42.00 3302.00 12:57:26 1 11.000.00 33.000.001.00 16.00 41.00 1666.00 12:57:26 CPU %user %nice %system %iowait%irq %soft %idle intr/s 12:57:27 all 12.940.00 29.850.000.50 14.43 42.29 4998.02 12:57:27 0 12.870.00 30.690.000.99 14.85 40.59 3324.75 12:57:27 1 13.860.00 28.710.000.00 13.86 42.57 1674.26 12:57:27 CPU %user %nice %system %iowait%irq %soft %idle intr/s 12:57:28 all 11.500.00 29.000.000.50 19.00 40.00 4912.87 12:57:28 0 11.880.00 31.680.000.99 15.84 39.60 3304.95 12:57:28 1 10.890.00 25.740.000.00 21.78 40.59 1608.91 Peak bw is 32Mbit/s Average bw 25Mbit/s Machine is doing also SNAT to all clients: iptables -L -n -v -t nat | grep SNAT | wc -l 4465 Some example script which i use for hashing filters is in attachement. Best Regards Pawe Staszewski ART-COM +48327522333 +480609183038 [EMAIL PROTECTED] 06/03/05 8:37 am Send LARTC mailing list submissions to lartc@mailman.ds9a.nl To subscribe or unsubscribe via the World Wide Web, visit http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of LARTC digest... Today's Topics: 1. Re: how to configure linux in production line (/dev/rob0) 2. Re: HTB on loopback gives a bit rate multiplied by 8 (Kiruthika Selvamani) 3. Re: how to configure linux in production line (Taylor, Grant) 4. iproute + xml (Alberto Torres) 5. Re: HTB on loopback gives a bit rate multiplied by 8 (Andy Furniss) 6. How many (htb) tc classes and qdiscs are too many? (Spencer) 7. Re: [PATCH] Support module autoloading in iproute2 (Stephen Hemminger) 8. Re: How many (htb) tc classes and qdiscs are too many? (threaded) 9. Re: iproute + xml ([EMAIL PROTECTED]) 10. Re: How many (htb) tc classes and qdiscs are too many? (Szymon Miotk) -- Message: 1 Date: Thu, 02 Jun 2005 06:34:14 -0500 From: /dev/rob0 [EMAIL PROTECTED] Subject: Re: [LARTC] how to configure linux in production line To: LARTC@mailman.ds9a.nl Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Gonn Star wrote: I am new in linux world,basically I'm using red hat 9 kernel 2.4.20-8. I need to build a trusted gateway. my Whoa! You are starting out with something very old and bug-ridden. You should scrap that and switch to a current release, whatever distro you may choose. Quite a few of those old bugs can bite very hard, including root compromises. Being new, did you know how to update for security? Sure, there's Fedora Legacy which may or may not be supporting the old stuff with updates, but that is intended for people who have long-running stable servers ... not to entice new users to RH 9. linux box will be the gateway for several machine PCs to go to the desired server. there will be several subnets under the linux box, I've already assigned static IPs for the PCs . Now my problem is I only need 2 PCs from each subnets to connect to certain servers, and those 2 PCs can only have transaction(open) to the specified servers, for others it will drop(firewalled). for other PCs, they can't log on to the outside world. should I use only iptable rules or with the help of squid(ACL) as well ? You do not seem to understand that HTTP is just one of many TCP/IP protocols, and yet you want to set up complex networking controls. Anyone who knows more than you do would likely find it a trivial task to get around your controls. please add up
[LARTC] WRR problem and other things
Hello I have problem with wrr and more than 1300 classes when i try to add qdisc like: tc qdisc add dev imq1 parent 1:21 handle 1000: wrr dest ip 1512 0 then i have a message like: RTNETLINK answers: Cannot allocate memory And some other problem: When I do more than 2048 filters I have message like: Classes: tc class add dev imq1 parent 1:1 classid 1:9htb rate 1024kbit ceil 2048kbit .. tc class add dev imq1 parent 1:1 classid 1:10htb rate 1024kbit ceil 2048kbit ... ... ... tc class add dev imq1 parent 1:1 classid 1:2048htb rate 1024kbit ceil 2048kbit tc class add dev imq1 parent 1:1 classid 1:2049htb rate 1024kbit ceil 2048kbit tc class add dev imq1 parent 1:1 classid 1:2050htb rate 1024kbit ceil 2048kbit Filters: tc filter add dev imq1 parent 1:0 protocol ip prio 2 u32 match ip dst1.1.1.1 flowid 1:9 .. tc filter add dev imq1 parent 1:0 protocol ip prio 2 u32 match ip dst1.1.1.1 flowid 1:10 ... ... ... tc filter add dev imq1 parent 1:0 protocol ip prio 2 u32 match ip dst1.1.1.1 flowid 1:2048 RTNETLINK answers: File exist tc filter add dev imq1 parent 1:0 protocol ip prio 2 u32 match ip dst1.1.1.1 flowid 1:2049 RTNETLINK answers: File exist tc filter add dev imq1 parent 1:0 protocol ip prio 2 u32 match ip dst1.1.1.1 flowid 1:2050 RTNETLINK answers: File exist So classes are added corectly but filters not. WHY Please help me Regards Pawe Staszewski
