[LARTC] HTB_Multiple_Interface_Query
Hi Stef, I want to use HTB for shaping outgoing traffic. I have 2 interfaces with eth0 as my WAN and eth1 as LAN. I want to use HTB at eth0 as well as at eth1 for outgoing traffic control. Iam using 2.4.18 kernel, I would like to confirm following things:- 1. What patch/tar I have to use to have HTB support. 2. Applying HTB on eth0(wan) and eth1(lan) for outgoing traffic control, will it work fine ..?. My understanding by outgoing traffic for eth0(wan interface) is traffic going out to Internet and for eth1(lan interface) is traffic going out to LAN m/c's. Regards -Raghuveer -- ** This email is confidential and is intended for the original recipient(s) only. If you have erroneously received this mail, please delete it immediately and notify the sender. Unauthorized copying, disclosure or distribution of the material in this mail is prohibited. Views expressed in this mail are those of the individual sender and do not bind Gsec1 Limited. or its subsidiary, unless the sender has done so expressly with due authority of Gsec1.** ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: Traffic Shaping not working with CBQ
Thanks Stef, Let me incorporate and test with your valuable suggestions. I will get back to you soon. Regards -Raghu Stef Coene wrote: On Thursday 30 October 2003 11:29, Raghuveer K wrote: Hi Stef/Martin, Iam resending this mail for the third time, I request you to please respond ASAP. You mail ended twice in my "to read" folder. Iam stucked as my traffic control is not working, I just tried first with incoming traffic shaping, below is the test setup and rules applied. Your valuable suggestion will surely help me and make it right. Traffic Control is not taking place after applying the below rules. Here follows the test setup:- 1. The linux m/c 's eth0(100Mbits, WAN) is connected to 128 Kbits ADSL and eth1 to the LAN. 2. I tried doing traffic control for incoming(at eth1). 3. In LAN, I connected 3 m/c's(all linux). 4. The ISP rate taken is 97% of 128Kbits. 5. Bandwidth Monitoring is done by using IPTraf on each LAN m/c's. Here are the rules Iam applying to control incoming traffic at LAN interface(eth1) for LAN users. Here actual Isp rate = 128Kbit, rate taken = 97% of 128Kbit, eth1 ip is 192.168.5.1 /* root qdisc */ tc qdisc add dev eth1 root handle 1: cbq bandwidth 100Mbit avpkt 1000 cell 8 /* Parent Class */ tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 124Kbit weight 12Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 bounded /* Whether should I place the below filter for Parent class..??? tc filter add dev eth1 parent 1:0 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:1 */ You can also add the other filters to the root qdisc 1:0. /* Child Classes */ /* 1st LAN user<192.168.5.2> = 37Kbit */ tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 37Kbit weight 3Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.2 classid 1:2 /* 2nd LAN user<192.168.5.3> = 24Kbit */ tc class add dev eth1 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 24Kbit weight 2Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.3 classid 1:3 /* 3rd LAN user<192.168.5.4> = 12Kbit */ tc class add dev eth1 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate 12Kbit weight 1Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.4 classid 1:4 /* Default : Rest/Other traffic = 51Kbit*/ tc class add dev eth1 parent 1:1 classid 1:5 cbq bandwidth 100Mbit rate 51Kbit weight 5Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:5 I have few observations and queries, as follows:-- 1.In my test setup the ISP rate is fluctuating in the range of 21Kbits to 131 Kbits for 128Kbits ADSL. 2. I have not added any filter for the parent class. Is it required...? What happens if I add...? Add all your filters to the root qdisc and put the traffic in the destination class. Like : tc filter add dev eth1 parent 1:0 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:5 3. Is "iptraf " tool OK for monitoring the distribution of bandwidth on each LAN m/c. Yes. 4. In case, if I shape outgoing traffic on eth0 interface, whether shall I take outgoing and incoming ISP rate's in 30:70 ratio, i.e 30% if 128Kbits for outgoing Qdisc(eth0) and 70% for incoming Qdisc(eth1). As 128 Kbits rate being asyncronous(ADSL). What's the speed of your connection? 128kbits for download, but how much for uploads? Can you pls guide me where am I going wrong..? Do I continue using CBQ or try instead HTB rules. If you can, go for htb. Much less confusing options. Als, check out with tc -s -d class show dev eth1 if the filters are working and each class is processing packets. Stef -- ** This email is confidential and is intended for the original recipient(s) only. If you have erroneously received this mail, please delete it immediately and notify the sender. Unauthorized copying, disclosure or distribution of the material in this mail is prohibited. Views expressed in this mail are those of the individual sender and do not bind Gsec1 Limited. or its subsidiary, unless the sender has done so expressly with due authority of Gsec1.** ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Traffic Shaping not working with CBQ
Hi Stef/Martin, Iam resending this mail for the third time, I request you to please respond ASAP. Iam stucked as my traffic control is not working, I just tried first with incoming traffic shaping, below is the test setup and rules applied. Your valuable suggestion will surely help me and make it right. Traffic Control is not taking place after applying the below rules. Here follows the test setup:- 1. The linux m/c 's eth0(100Mbits, WAN) is connected to 128 Kbits ADSL and eth1 to the LAN. 2. I tried doing traffic control for incoming(at eth1). 3. In LAN, I connected 3 m/c's(all linux). 4. The ISP rate taken is 97% of 128Kbits. 5. Bandwidth Monitoring is done by using IPTraf on each LAN m/c's. Here are the rules Iam applying to control incoming traffic at LAN interface(eth1) for LAN users. Here actual Isp rate = 128Kbit, rate taken = 97% of 128Kbit, eth1 ip is 192.168.5.1 /* root qdisc */ tc qdisc add dev eth1 root handle 1: cbq bandwidth 100Mbit avpkt 1000 cell 8 /* Parent Class */ tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 124Kbit weight 12Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 bounded /* Whether should I place the below filter for Parent class..??? tc filter add dev eth1 parent 1:0 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:1 */ /* Child Classes */ /* 1st LAN user<192.168.5.2> = 37Kbit */ tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 37Kbit weight 3Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.2 classid 1:2 /* 2nd LAN user<192.168.5.3> = 24Kbit */ tc class add dev eth1 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 24Kbit weight 2Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.3 classid 1:3 /* 3rd LAN user<192.168.5.4> = 12Kbit */ tc class add dev eth1 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate 12Kbit weight 1Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.4 classid 1:4 /* Default : Rest/Other traffic = 51Kbit*/ tc class add dev eth1 parent 1:1 classid 1:5 cbq bandwidth 100Mbit rate 51Kbit weight 5Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:5 I have few observations and queries, as follows:-- 1.In my test setup the ISP rate is fluctuating in the range of 21Kbits to 131 Kbits for 128Kbits ADSL. 2. I have not added any filter for the parent class. Is it required...? What happens if I add...? 3. Is "iptraf " tool OK for monitoring the distribution of bandwidth on each LAN m/c. 4. In case, if I shape outgoing traffic on eth0 interface, whether shall I take outgoing and incoming ISP rate's in 30:70 ratio, i.e 30% if 128Kbits for outgoing Qdisc(eth0) and 70% for incoming Qdisc(eth1). As 128 Kbits rate being asyncronous(ADSL). Can you pls guide me where am I going wrong..? Do I continue using CBQ or try instead HTB rules. Regards -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Please check my CBQ Rules.
Hi Stef, Iam stucked as my traffic control is not working, I just tried first with incoming traffic shaping, below is the test setup and rules applied. Your valuable suggestion will surely help me and make it right. Traffic Control is not taking place after applying the below rules. Here follows the test setup:- 1. The linux m/c 's eth0(100Mbits, WAN) is connected to 128 Kbits ADSL and eth1 to the LAN. 2. I tried doing traffic control for incoming(at eth1). 3. In LAN, I connected 3 m/c's(all linux). 4. The ISP rate taken is 97% of 128Kbits. 5. Bandwidth Monitoring is done by using IPTraf on each LAN m/c's. Here are the rules Iam applying to control incoming traffic at LAN interface(eth1) for LAN users. Here actual Isp rate = 128Kbit, rate taken = 97% of 128Kbit, eth1 ip is 192.168.5.1 /* root qdisc */ tc qdisc add dev eth1 root handle 1: cbq bandwidth 100Mbit avpkt 1000 cell 8 /* Parent Class */ tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 124Kbit weight 12Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 bounded /* Whether should I place the below filter for Parent class..??? tc filter add dev eth1 parent 1:0 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:1 */ /* Child Classes */ /* 1st LAN user<192.168.5.2> = 37Kbit */ tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 37Kbit weight 3Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.2 classid 1:2 /* 2nd LAN user<192.168.5.3> = 24Kbit */ tc class add dev eth1 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 24Kbit weight 2Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.3 classid 1:3 /* 3rd LAN user<192.168.5.4> = 12Kbit */ tc class add dev eth1 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate 12Kbit weight 1Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 192.168.5.4 classid 1:4 /* Default : Rest/Other traffic = 51Kbit*/ tc class add dev eth1 parent 1:1 classid 1:5 cbq bandwidth 100Mbit rate 51Kbit weight 5Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth1 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:5 I have few observations and queries, as follows:-- 1.In my test setup the ISP rate is fluctuating in the range of 21Kbits to 131 Kbits for 128Kbits ADSL. 2. I have not added any filter for the parent class. Is it required...? What happens if I add...? 3. Is "iptraf " tool OK for monitoring the distribution of bandwidth on each LAN m/c. 4. In case, if I shape outgoing traffic on eth0 interface, whether shall I take outgoing and incoming ISP rate's in 30:70 ratio, i.e 30% if 128Kbits for outgoing Qdisc(eth0) and 70% for incoming Qdisc(eth1). As 128 Kbits rate being asyncronous(ADSL). Can you pls guide me where amI going wrong..? Regards -Raghu Raghuveer K wrote: Stef Coene wrote: On Tuesday 23 September 2003 07:56, Raghuveer wrote: Here are the rules Iam applying to control outgoing traffic at WAN(eth0) interface for public hosted services. Here actual Isp rate = 512Kbit, rate taken = 97% of 512Kbit, eth0 ip is 192.168.1.2 tc qdisc add dev eth0 root handle 1: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 497Kbit weight 49Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 bounded /* Hosted http server bandwidth = 64Kbit */ tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 192.168.1.2 match ip sport 80 0x classid 1:2 /* Hosted ftp server bandwidth = 64Kbit */ tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 192.168.1.2 match ip sport 21 0x classid 1:3 /* Default : Rest/Other traffic */ tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate 369Kbit weight 40Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 /* Here I want replace the below rule with a simple rule based only on port i.e by using some default port other than 80, 21 as sport, which according to your last mail is not possible, hence pls check whether the below rule will do for remaining traffic */ tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:4 Pls let me know whether the above rules are framed correctly or can be done in a better way. I can't do it better then you did :) Stef, Traffic Control is not taking place a
[LARTC] Need Suggestion on CBQ Rules.
Stef Coene wrote: On Tuesday 23 September 2003 07:56, Raghuveer wrote: Here are the rules Iam applying to control outgoing traffic at WAN(eth0) interface for public hosted services. Here actual Isp rate = 512Kbit, rate taken = 97% of 512Kbit, eth0 ip is 192.168.1.2 tc qdisc add dev eth0 root handle 1: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 497Kbit weight 49Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 bounded /* Hosted http server bandwidth = 64Kbit */ tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 192.168.1.2 match ip sport 80 0x classid 1:2 /* Hosted ftp server bandwidth = 64Kbit */ tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 192.168.1.2 match ip sport 21 0x classid 1:3 /* Default : Rest/Other traffic */ tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate 369Kbit weight 40Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 /* Here I want replace the below rule with a simple rule based only on port i.e by using some default port other than 80, 21 as sport, which according to your last mail is not possible, hence pls check whether the below rule will do for remaining traffic */ tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:4 Pls let me know whether the above rules are framed correctly or can be done in a better way. I can't do it better then you did :) Stef, Traffic Control is not taking place after applying the above rules. Here follows the test setup:- 1. The linux m/c 's eth0(100Mbits, WAN) is connected to 128 Kbits ADSL and eth1 to the LAN. 2. I tried doing traffic control for incoming(at eth1) and outgoing(at eth0) traffic using CBQ(above rules). 3. In LAN, I connected 3 m/c's(all linux). 4. The ISP rate taken is 97% of 128Kbits. 5. Bandwidth Monitoring is done by using IPTraf on each LAN m/c's. I have few observations and queries, as follows:-- 1. Here the ISP rate is fluctuating in the range of 21Kbits to 131 Kbits for 128Kbits ADSL. 2. I have not added any filter for the parent class. Is it required...? What happens if I add...? 3. Is "iptraf " tool OK for monitoring the distribution of bandwidth on each LAN m/c. 4. Whether shall I take outgoing and incoming ISP rate's in 30:70 ratio, i.e 30% if 128Kbits for outgoing Qdisc(eth0) and 70% for incoming Qdisc(eth1). As 128 Kbits rate being asyncronous(ADSL). Can you pls guide me where amI going wrong..? Regards -Raghu Stef -- ** This email is confidential and is intended for the original recipient(s) only. If you have erroneously received this mail, please delete it immediately and notify the sender. Unauthorized copying, disclosure or distribution of the material in this mail is prohibited. Views expressed in this mail are those of the individual sender and do not bind Gsec1 Limited. or its subsidiary, unless the sender has done so expressly with due authority of Gsec1.** ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Linux router configuration??
Ryan Johnson wrote: Could you send me the output of route -n? Your two network cards should not be in the same network, if they are, it is not a rotuer. The whole purpose of a router is a gateway for clients on a network to get to another network that they (clients) do not know how to reach. Ryan Anyway thanks Ryan, I just wanted to confirm from you, whether we can have two NIC's in a m/c connected to a same network. Output of route -n is :- Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 192.168.1.2 0.0.0.0 UG 0 00 eth0 what I was expecting was:- Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 192.168.1.2 0.0.0.0 UG 0 00 eth0 Regards -Raghu Ryan Johnson wrote: I am going to assume you want the most basic router, just two interfaces. 1.) Make sure both network cards have been detected. ifconfig eth0 ifconfig eth1 Can I have both the network cards in the same n/w...? Becoz If I try to use both NIC's with the same n/w, running <$ route -n> we can see either eth1 or eth0 repeated twice. Pls let me know where is the problem..? Regards -Raghu 2.) Set up each interface on its own network, make sure the interface has been activated, you can use ifconfig for this. 3.) issue the command echo 1 > /proc/sys/net/ipv4/ip_forward to enable ip fowarding, w/o this the kernel will not send packets between interfaces 4.) set the clients behind the router to point to the internal ip of your router Any changes made to the system will have to be initialized during the boot process. Of course if you have ip addresses that you would like to nat/masq behind the router, you will have to use iptables. You really should be more specific on your needs. Good luck. Good morning at all, thanks for previous help, but I have another ask. I have a few experience of Linux world's, and I need to configure a Linux PC as router, what are the steps? What do I do? Thanks. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- ** This email is confidential and is intended for the original recipient(s) only. If you have erroneously received this mail, please delete it immediately and notify the sender. Unauthorized copying, disclosure or distribution of the material in this mail is prohibited. Views expressed in this mail are those of the individual sender and do not bind Gsec1 Limited. or its subsidiary, unless the sender has done so expressly with due authority of Gsec1.** ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Linux router configuration??
Ryan Johnson wrote: I am going to assume you want the most basic router, just two interfaces. 1.) Make sure both network cards have been detected. ifconfig eth0 ifconfig eth1 Can I have both the network cards in the same n/w...? Becoz If I try to use both NIC's with the same n/w, running <$ route -n> we can see either eth1 or eth0 repeated twice. Pls let me know where is the problem..? Regards -Raghu 2.) Set up each interface on its own network, make sure the interface has been activated, you can use ifconfig for this. 3.) issue the command echo 1 > /proc/sys/net/ipv4/ip_forward to enable ip fowarding, w/o this the kernel will not send packets between interfaces 4.) set the clients behind the router to point to the internal ip of your router Any changes made to the system will have to be initialized during the boot process. Of course if you have ip addresses that you would like to nat/masq behind the router, you will have to use iptables. You really should be more specific on your needs. Good luck. Good morning at all, thanks for previous help, but I have another ask. I have a few experience of Linux world's, and I need to configure a Linux PC as router, what are the steps? What do I do? Thanks. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] kernel change and htb
Stef Coene wrote: On Monday 22 September 2003 12:20, Raghuveer wrote: Stef Coene wrote: On Tuesday 16 September 2003 15:22, Cezar Atanasiu wrote: Hello, I have a short and maybe stopid question for some : Will the way htb behaves change if I switch from 2.4.20 to 2.4.22 and if yes, how ? [ I mean, I know that 2.4.22 includes some patches for htb, not included in 2.4.20]. Most of the updates are for bugs. And if you really care, you can copy the file sch_htb.c from 2.4.20 to 2.4.22. Where can I get this file sch_htb.c and all other htb related files...? Can I attach htb patch to 2.4.18 kernel...? The sch_htb.c file can be found in the kernel source. Stef, Is the htb patch available for 2.4.18 kernel...? Regards -Raghu Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Sequence and Default port
Hi Stef, Stef Coene wrote: On Monday 22 September 2003 13:25, Raghuveer wrote: Hi All, I have following queries :-- 1. For indicating any default IP we are placing 0/0 as src or dst in the tc script, similarly what can I use for default port?. This is the scenario when rules are framed based on ports. For example, For a firewall with eth0(WAN), eth1(LAN) and eth2(DMZ), Iam doing CBQ outgoing (egress) traffic shaping at eth0 interface for public hosted servers located at eth2(DMZ) based on ports(80 for http etc). Now I want to frame a rule for remaining traffic (default) allocating remaining bandwidth(total rate is 512Kbits, 256 Kbits provided to the hosted servers, rest 256KBits is for other traffic). My rules for identifying the hosted servers is based entirely on src port. Hence what rule should I frame for all other traffic coming from eth1(LAN). There is no such thing as default port. But I don't understand why you need this. I think it can be done with the dst/src parameter. Here are the rules Iam applying to control outgoing traffic at WAN(eth0) interface for public hosted services. Here actual Isp rate = 512Kbit, rate taken = 97% of 512Kbit, eth0 ip is 192.168.1.2 tc qdisc add dev eth0 root handle 1: cbq bandwidth 100Mbit avpkt 1000 cell 8 tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 497Kbit weight 49Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 bounded /* Hosted http server bandwidth = 64Kbit */ tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 192.168.1.2 match ip sport 80 0x classid 1:2 /* Hosted ftp server bandwidth = 64Kbit */ tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 192.168.1.2 match ip sport 21 0x classid 1:3 /* Default : Rest/Other traffic */ tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate 369Kbit weight 40Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000 /* Here I want replace the below rule with a simple rule based only on port i.e by using some default port other than 80, 21 as sport, which according to your last mail is not possible, hence pls check whether the below rule will do for remaining traffic */ tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src 0/0 match ip dst 0/0 classid 1:4 Pls let me know whether the above rules are framed correctly or can be done in a better way. 2. Is the rule sequence play any role, like if there is any conflict between the rules then the last rule will be given preference. what happens exactly if there is any conflict...? The first rule that's a match wil be followed. Order is based on prio and the order they are entered. Thanks for this confirmation. Regards -Raghu Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Sequence and Default port
Hi All, I have following queries :-- 1. For indicating any default IP we are placing 0/0 as src or dst in the tc script, similarly what can I use for default port?. This is the scenario when rules are framed based on ports. For example, For a firewall with eth0(WAN), eth1(LAN) and eth2(DMZ), Iam doing CBQ outgoing (egress) traffic shaping at eth0 interface for public hosted servers located at eth2(DMZ) based on ports(80 for http etc). Now I want to frame a rule for remaining traffic (default) allocating remaining bandwidth(total rate is 512Kbits, 256 Kbits provided to the hosted servers, rest 256KBits is for other traffic). My rules for identifying the hosted servers is based entirely on src port. Hence what rule should I frame for all other traffic coming from eth1(LAN). 2. Is the rule sequence play any role, like if there is any conflict between the rules then the last rule will be given preference. what happens exactly if there is any conflict...? Any suggestions and reply is very much helpful. Regards -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] kernel change and htb
Stef Coene wrote: On Tuesday 16 September 2003 15:22, Cezar Atanasiu wrote: Hello, I have a short and maybe stopid question for some : Will the way htb behaves change if I switch from 2.4.20 to 2.4.22 and if yes, how ? [ I mean, I know that 2.4.22 includes some patches for htb, not included in 2.4.20]. Most of the updates are for bugs. And if you really care, you can copy the file sch_htb.c from 2.4.20 to 2.4.22. Where can I get this file sch_htb.c and all other htb related files...? Can I attach htb patch to 2.4.18 kernel...? Regards -Raghu Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Default Port
Hi All, For default IP traffic we are placing 0/0, similarly whether anyone has idea about default port?. This is the scenario when rules are framed based on ports. -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Iptables-setmark option
Hi Stef, I would like to clarify how to use iptable setmark option with CBQ egress shaping. For example, If my WAN interface is eth0, LAN interface is eth1 and DMZ is eth2. I would like to do egress shaping using CBQ at eth0 for hosted servers placed either in DMZ or LAN. If my hosted http server local IP is 192.168.1.12 with port 80. What rules should I frame to make it happen, my eth0 interface bandwidth is 100Mbits and rate is 512Kbits. I would like to restrict outgoing bandwidth for my hosted http server to 128Kbits and left bandwidth(512Kbits - 128Kbits) for others(default). An example with similar scenario will definately help. Regards -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] beginner question about imq
Szálka Tamás wrote: Hi! I have to make a firewall which guarantees bandwidth to several clients (both upstream and downstream should be limitied). It has three interfaces, eth0 facing to the internet, eth1 to local network with several ip addresses (different subnets) and eth2 to dmz (webserver). Egress traffic is ok, I set up the tc rules to eth0 and the upstream limiting is fine. But I have to manage bandwidth of downloading too. While eth0 has one public ip address, the firewall does masquerading to the local subnets (with local ip ranges). So should I set up an imq device on eth1 with iptables mangle through the prerouting chain to do traffic shaping to the subnets? In this case the packets arrive to eth1 already masqueraded (am I right?) and I can limit the ingress traffic of local adresses. Or should I use the imq on eth0? Doesn't it bothers egress shaping? I'm confused a little bit... :-s Can you help me? Thanks Tom I feel imq+HTB on eth0 is an ideal solution for ur requirement. Regards -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] CBQ.init
Stef Coene wrote: >>Thank you for your advice. >>I have checked link quality before I applied CBQ and after I applied CBQ. >>And ... I have checked switch, cable, etc. >>I confirmed they are 100 Mbps full duplex. >> >> >It's not becaused they are configured as 100Mbps full duplex that you are able >to get 100Mbps. What's the speed you get when there is no cbq rulte? > > 100Mbps probably is the device bandwidth, what is the rate..? As suggested by Stef before, its always better to have rate = 95% of the rate. Its better to check tbf buffer too. Regards -Raghu > > >>But ... as a result,I could limit bandwidth only 6.95Mbps. >>Do you know how to limit bandwidth more than 10 Mbps ? >>If you know , please tell me how to limit bandwidth more than 10 Mbps. >>Won't you please tell me, everyone ? >> >> >Can you check resources when you check the speed (cpu, disk, memory, switch)? >And how do you check the speed? > >Stef > > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] cbq_default
Stef Coene wrote: On Monday 01 September 2003 10:59, Raghuveer wrote: Hi Martin, After shaping certain ip's and services, I would like to place the rest ip's and services as default i.e can utilize only remaining bandwidth. I know in HTB default can be defined. Can I get an idea that how can I proceed in case of CBQ. Few example may definately help. You can use the u32 filter and 0/0 for the src (or dst) parameter. fine Stef, this is doing... Regards -Raghu Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] cbq_default
Hi Martin, After shaping certain ip's and services, I would like to place the rest ip's and services as default i.e can utilize only remaining bandwidth. I know in HTB default can be defined. Can I get an idea that how can I proceed in case of CBQ. Few example may definately help. Regards -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] CBQ_bandwidth
Stef Coene wrote: On Friday 22 August 2003 07:17, Raghuveer wrote: Stef Coene wrote: On Thursday 21 August 2003 06:58, Raghuveer wrote: Thanks alot Stef, Its very clear to me now. If I have ADSL with different incoming and outgoing rates. For egress shaping at WAN(eth0) interface, Whether should I use outgoing rates or combined rates (incomming + outgoing). Will it make any big difference if I use combined rates in an asymmetric link like cabel modem, ADSL etc. At eth0, you should take outgoing rates. And this can be assymetric from incoming rates. Why not ? I didn't knew your incoming and outgoing rates so I just took 512kbit for incoming and outgoing. How can I get the incomming and outgoing rates seperately ...? What do you mean? How to configure htb or how to get these numbers from you ISP? Actually I wanted to know whether is there any way to get the incoming and outgoing rates using some tool. Regards -Raghu Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] CBQ_bandwidth
Stef Coene wrote: On Thursday 21 August 2003 06:58, Raghuveer wrote: Thanks alot Stef, Its very clear to me now. If I have ADSL with different incoming and outgoing rates. For egress shaping at WAN(eth0) interface, Whether should I use outgoing rates or combined rates (incomming + outgoing). Will it make any big difference if I use combined rates in an asymmetric link like cabel modem, ADSL etc. At eth0, you should take outgoing rates. And this can be assymetric from incoming rates. Why not ? I didn't knew your incoming and outgoing rates so I just took 512kbit for incoming and outgoing. How can I get the incomming and outgoing rates seperately ...? Regards -Raghu Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Please check the follow script for diffserv
Martin A. Brown wrote: Raghuveer, : I would like to re-confirm the last few days discussion. Good summary. : 1. For shaping the incomming and outgoing traffic at eth0 I can use : IMQ + HTB/CBQ with NAT(--set-mark option). : 2. Another way I can shape the incomming and outgoing traffic is : : incomming traffic at eth1 interface with CBQ/HTB and outgoing : traffic at eth0 with CBQ/HTB with NAT(--set-mark option). Yes and yes. : 3. For CBQ I can use the interface bandwidth(using ethtool or : mii-diag) and 'interesting' DSL/ISP speeds for the classes. Yes, to reiterate Stef's posting of earlier today. CBQ "bandwidth" (parameter) must be the speed of the real device. 10Base-T card? Use 10mbit. 100Base-T card? Use 100mbit. CBQ "rate" (parameter) is the desired rate. This is the bandwidth "speed" knob. Traffic you transmit will be shaped to this rate. : 4. HTB qdiscs don't need to know any speeds. Sort of. If you mean that HTB qdiscs need no knowledge of the real device speed, that is accurate. HTB uses tokens (replenished at rate) to determine the rate at which packets will be dequeued. It seems to me that you have accurately understood and restated the discussion. Best of luck, Thanks Martin. -Martin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] CBQ_bandwidth
Stef Coene wrote: On Wednesday 20 August 2003 14:58, Raghuveer wrote: What is confusing me is, there is a bandwidth provided by ISP (512Kbits) and one ethernet capacity(100Mbits), so which one can we call as real link bandwidth. What is NIC bandwidthis it ethernet bandwidth or ISP bandwidth? Lan--->eth1---eth0-->Internet Now at eth0 I have ethernet device bandwidth as 100Mbits and my ISP provides 512Kbits bandwidth. so if I want to do egress traffic control at both eth0 and eth1, what bandwidth I should consider...? My eth1 ethernet device bandwidth is 100Mbits. What bout this : for all cbq commands : bandwidth 100mbit eth0 cbq qdisc cbq class rate = 512kbit, bounded cbq class 1, rate < 512kbit cbq class ..., rate < 512kbit cbq class x, rate < 512kbit So all traffic from class 1 ... x togehter is bounded to 512kbit. eth1 cbq qdisc cbq class rate = 100mbit, bounded cbq class 1, rate 512kbit bounded cbq class 10, rate < 512kbit cbq class ..., rate < 512kbit cbq class x, rate < 512kbit cbq class 2, rate 99,5Mbit cbq class 20, rate < 99,5Mbit cbq class ..., rate < 99,5Mbit cbq class x, rate < 99,5Mbit Class 1 is for all traffic from internet -> LAN Class 2 is for all traffic from shaper -> LAN And if you really want to be sure it's working, you should take 500kbit. So YOU are the bottleneck and in control of the link and not the modem. Thanks alot Stef, Its very clear to me now. If I have ADSL with different incoming and outgoing rates. For egress shaping at WAN(eth0) interface, Whether should I use outgoing rates or combined rates (incomming + outgoing). Will it make any big difference if I use combined rates in an asymmetric link like cabel modem, ADSL etc. Regards -Raghu Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] CBQ_bandwidth
Stef Coene wrote: On Wednesday 20 August 2003 12:50, Raghuveer wrote: Hi Stef, Reffering to page < http://www.docum.org/stef.coene/qos/faq/cache/7.html > I found a para as follows, " CBQ is not always as accurate as it should be. See docum.org on the test page for some tests with bounded classes. The algorithm used by cbq is very "link sensitive". It calculates the link idle time and for that it needs the real link bandwidth, average packet size and some other parameters. But there calculations are not always accurate. So it's possible that you will get inaccurate results if you use CBQ to limit the traffic in a class. " Here Iam slightly confused with real link bandwidth, Can I understand that while creating CBQ we need interface bandwidth (ethtool, mii-diag) and and while assigning the classes real link bandwidth is required. An example will definately help me. Can you pls suggest a way to find real link bandwidth? As ethtool and mii-diag will only get the interface bandwidth. The bandwidth parameter is the real link bandwidth like ethtook or mii-diag will show you. If you want to limit all traffic to the link bandwidth, you have to create a class that's bounded and with rate = link bandwidth. You can create non-bounded sub classes but the bandwidth will be limit by the bounded class to the link bandwidth. What is confusing me is, there is a bandwidth provided by ISP (512Kbits) and one ethernet capacity(100Mbits), so which one can we call as real link bandwidth. What is NIC bandwidthis it ethernet bandwidth or ISP bandwidth? Lan--->eth1---eth0-->Internet Now at eth0 I have ethernet device bandwidth as 100Mbits and my ISP provides 512Kbits bandwidth. so if I want to do egress traffic control at both eth0 and eth1, what bandwidth I should consider...? My eth1 ethernet device bandwidth is 100Mbits. Regards -Raghu Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] CBQ_bandwidth
Hi Stef, Reffering to page < http://www.docum.org/stef.coene/qos/faq/cache/7.html > I found a para as follows, " CBQ is not always as accurate as it should be. See docum.org on the test page for some tests with bounded classes. The algorithm used by cbq is very "link sensitive". It calculates the link idle time and for that it needs the real link bandwidth, average packet size and some other parameters. But there calculations are not always accurate. So it's possible that you will get inaccurate results if you use CBQ to limit the traffic in a class. " Here Iam slightly confused with real link bandwidth, Can I understand that while creating CBQ we need interface bandwidth (ethtool, mii-diag) and and while assigning the classes real link bandwidth is required. An example will definately help me. Can you pls suggest a way to find real link bandwidth? As ethtool and mii-diag will only get the interface bandwidth. Regards -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Please check the follow script for diffserv
Thanks Damion, I would like to re-confirm the last few days discussion. -- Private | eth1 eth0 |---Internet ipaddresses || -- Linux firewall 1. For shaping the incomming and outgoing traffic at eth0 I can use IMQ + HTB/CBQ with NAT(--set-mark option). 2. Another way I can shape the incomming and outgoing traffic is : incomming traffic at eth1 interface with CBQ/HTB and outgoing traffic at eth0 with CBQ/HTB with NAT(--set-mark option). 3. For CBQ I can use the interface bandwidth(using ethtool or mii-diag) and 'interesting' DSL/ISP speeds for the classes. 4. HTB qdiscs don't need to know any speeds. Any suggestions and help is invaluably appreciated. Regards -Raghu Damion de Soto wrote: Steffen Moser and Raghuveer wrote: SM> If I then want to shape the traffic I send to the "ppp0" interface, SM> which bandwidth would be used for setting up a CBQ? SM> SM> I suppose that here the "virtual" (e.g. limited by the ISP) bandwidth SM> of my "ppp0" connection (e.g. 128 kbit/s) is the interesting one, not SM> the bandwidth of my "eth0" (10 Mbit/s), because the CBQ is attached SM> to the "ppp0" device and has nothing to do with the underlaying "eth0". SM> SM> Is this assumption correct? no. SM> SM> TIA, SM> Steffen R> R> Can you please tell me for HTB and CBQ what bandwidth should I use whether R> interface bandwidth or real/actual bandwidth? R> Regards R> -Raghu as it says in the HOW-TO, the cbq device uses the ethernet speed (bandwidth) for idle time calculations. so when you create a cbq qdisc, it needs to know either 10mbit or 100mbit. you then use the 'interesting' DSL/ISP speeds for the classes. htb qdiscs don't need to know any speeds. regards. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Please check the follow script for diffserv
Damion de Soto wrote: Raghuveer wrote: I feel it gets the interface bandwidth. yes, it does. you need the interface bandwidth for the cbq qdisc: http://lartc.org/howto/lartc.qdisc.classful.html#AEN935 How can I get the actual/real interface bandwidth, for ex: bandwidth provided by my ISP is 512kbits. You can't really. unless you've got a internal DSL card, or want to write a script/program to do a test downloads and uploads to try and find the max speeds. So this Iam calling it as actual/real interface bandwidth. In tc whether we have to provide interface bandwidth or real/actual bandwidth? it depends where you're using it. different qdiscs/classes use different things. Can you please tell me for HTB and CBQ what bandwidth should I use whether interface bandwidth or real/actual bandwidth? Regards -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] How to limit a dev bandwidth.
Hi Martin, Thanks for such a clear explanation. Now if I take scenario where I use IMQ with HTB for shaping outgoing and incomming traffic both, will it be as follows...? Outgoing:-- LAN interface->NATwith <--set-mark>option(wan)->IMQ+HTB(wan)-->Internet Incomming:-- Internet->NAT(wan)--->IMQ+HTB(wan)--->LAN Interface Just for my knowledge, can I use CBQ instead of HTB for the same scenario? Regards -Raghu Martin A. Brown wrote: Madhuri, : > So, shape your "upload" traffic on wan0 (ACKs, maybe the packets with a : > TCP source port of 25 from your internal mailserver). : : Here one could use plain htb qdisc (without imq) to shape the outgoing : (upload) traffic. Absolutely correct. Traffic bound for the Internet (on wan0) can be shaped using an HTB qdisc containing an HTB class. (Remember the shaping only happens in a leaf HTB qdisc.) : > Shape the "download" traffic on eth0. Here you have the opportunity of : > deliberately delaying the traffic before it reaches the client in the : > private network. : Now for shaping "download" ( means effectively incoming) traffic on : eth0 one would need to use IMQ. Not true. [ see below for more clarification ] : Because it is not really possible to schedule the incoming traffic : without simulating it as being transmitted from IMQ device. I really have no idea what you are trying to say here. Scheduling is a function of the queuing discipline (e.g., SFQ, FIFO, ESFQ, WRR, RED and, taken as a whole CBQ and HTB qdiscs). The reason for IMQ is to allow shaping to occur on a single box for incoming traffic destined to a local IP. : It will not be possible to use just plain htb qdisc without ImQ to : shape incoming traffic, is that correct? It is possible to use a plain HTB qdisc with an HTB class to shape traffic transmitted to the internal network. [ Ignoring IMQ for a minute ] This rule still holds: "You can only shape what you transmit." Your firewall will transmit outbound traffic on wan0 (Internet-facing interface). Because the traffic is transmitted on this interface, you can add an HTB qdisc with an HTB class and perform shaping on the outbound traffic. Your firewall will transmit inbound traffic on eth0 (private-facing interface). Because the traffic is transmitted on this interface you can add an HTB qdisc with an HTB class and perform shaping on the inbound traffic. If you take care to distinguish between traffic which is locally generated traffic on your firewall (it would pass the INPUT and OUTPUT netfilter chains in the filter table) and traffic which is passing through your firewall, you'll see that your firewall has the opportunity to transmit "download" data to your internal network on the inside interface. Here is your opportunity to use an HTB class to perform shaping! : Also, even with IMQ you cannot face situations such as flooding. If : that happens with incoming traffic then the imq is useless. Is that : correct? I'm not sure what you mean here. : What would be other ways(other than imq) to shape incoming traffic on : eth0? Did I answer this question above, or is this a different question? : (I am planning to take a look at tcng) Traffic Control Next Generation is an excellent and uniform abstraction layer (language) for describing traffic control structures. Keep in mind that you still need to understand the structures, elements and rules of linux traffic control. The tcng tool doesn't free you from the rules--it frees you from the pile of hexadecimal numbers and arcane syntax. What tcng allows is a less arcane and less confusing way to describe traffic control. -Martin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Please check the follow script for diffserv
Martin A. Brown wrote: Raghuveer, : How can I get the real NIC bandwidth for a particular interface through : a script or code?? You can use mii-tool. For a brief introduction to mii-tool, see: http://linux-ip.net/html/tools-mii-tool.html I feel it gets the interface bandwidth. How can I get the actual/real interface bandwidth, for ex: bandwidth provided by my ISP is 512kbits. So this Iam calling it as actual/real interface bandwidth. In tc whether we have to provide interface bandwidth or real/actual bandwidth? -Raghu -Martin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Ingress mode
Hi, I would like to know whether can we do bandwidth management(traffic control) for incomming traffic to firewall. For ex;- If my firewall WAN interface IP is 203.145.1.2 and any data from internet comming to 203.145.1.2 whether can be controlled...? If my total bandwidth= 512kb and I want to allocate 100kb to a LAN m/c with IP 192.168.1.2 for http traffic, how will I do it..? -Raghu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Ingress mode
Thanks Martin for valuable links, Iam going through it. I want to apply traffic control rules for the incomming traffic to my firewall, which is what we call it as Ingress mode, am I right? Just to confirm, suppose my firewall WAN interface is eth0 with IP 66.218.71.198 and LAN interface is eth1 with IP 192.168.1.2. So any traffic from Internet>WAN is where I want to do traffic control for my LAN IP's. Hence amI right in saying that in ingress mode traffic control will be happening at eth0 interface(or ppp0 interface, WAN with ppp0 enabled). I saw in the link documents that, for ingress we are using imq0, so how this will fit into my scenario...?. I understood that in ingress mode we have to drop the packets instead of queueing it like in egress mode, so is it going to have any effects other than latency...? -Raghu Martin A. Brown wrote: Raghuveer, : I would like to know whether can we do bandwidth management(traffic : control) for incomming traffic to firewall. For ex;- If my firewall WAN : interface IP is 203.145.1.2 and any data from internet comming to : 203.145.1.2 whether can be controlled...? If my total bandwidth= 512kb : and I want to allocate 100kb to a LAN m/c with IP 192.168.1.2 for http : traffic, how will I do it..? If your linux host is not the source or sink for any of the traffic, you can shape the inbound traffic on the inside interface of your bandwidth management box. If, however, the directly connected box is the source or sink for traffic, you'll need to look at other options. I would suggest considering IMQ. (Search the archives.) http://www.google.com/search?q=site%3Amailman.ds9a.nl+IMQ http://www.google.com/search?q=site%3Amailman.ds9a.nl+IMQ+ingress You can also use an ingress qdisc and a policer. (Search the archives.) http://www.google.com/search?q=site%3Amailman.ds9a.nl+ingress+policer And there's a recent posting on this topic: http://mailman.ds9a.nl/pipermail/lartc/2003q3/009572.html -Martin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] How to limit a dev bandwidth.
Hi Stef, You have mentioned in " http://www.docum.org/stef.coene/qos/docs/BB/BB.html"; that "It's very important to understand that you can only shape outgoing traffic". So is it not possible to shape the incomming traffic at all...? I already got some useful links and suggestion from Martin for ingress mode. Can you pls suggest how to do incomming traffic control, if the incomming traffic hitting the firewall at WAN interface eth0 with LAN interface at eth1. I would like to do traffic control based on LAN IP's and protocols like HTTP, FTP, SMTP, POP etc, for incomming traffic only. Meanwhile Iam going through the links send by Martin. Regards -Raghu Stef Coene wrote: >On Friday 08 August 2003 08:59, anzp wrote: > > >>The device is 100M. >>How to limit it to 1M? >> >> >lartc.org >docum.org > >Stef > > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Please check the follow script for diffserv
Stef Coene wrote: On Thursday 07 August 2003 14:42, Steffen Moser wrote: Here, you should specify the physical bandwidth of your underlaying device (eth0), i.e. 100Mbit. You can't slow down the device at this position. The bandwidth parameter is used in the internal calculations of cbq and it must be the real NIC bandwidth. It has nothing to do with the bandwidth you want to manage on your link. So bandwidth paramter is 10 or 100 mbit. How can I get the real NIC bandwidth for a particular interface through a script or code?? Altough you set a maximum rate of 500Kbit for the BE class, this class borrowed additional bandwidth, of course, not from your EF class (which is isolated), but from the parent qdisc, which offers 100Mbit (because the underlaying device offers that much). Be warned, isolated can break the cbq setup. I did some tests with cbq classes and as long as you don't specify the isolated parameter eveything was fine. So, I've added one more class to your script - so my resulting script is: I have 1 remark : the weight parameter. Take weight = rate / 10. Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bandwith sharing in NAT environment.
Rajesh wrote: Hi I wish to implement Bandwith sharing in a NAT environment. The question is whether I can classify input packets on the basis of ip-addresses (private LAN addresses)? These packets finally need to be NATed before going on to Internet. Would the tc filters see the private addresses and put it in the appropriate classes or would the tc filters see only the NATed address and the filter would fail in putting the packets in the appropriate classes? The n/w diag would be somewhat like this private address LAN ips -->iptables(NAT)-->Internet. private address LAN ips -->tc(netlink)->iptables(NAT)-->Internet I feel this is how it is...so dnat will be after tc in LAN to WAN and snat will be before tc in WAN to LAN. -Raghu Can I mark packets using iptables matching source ip-address? What address will tc filter see when the private addresses are masqueraded ? Any help is most welcome. Cheers, Rajesh ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
