[LARTC] Deleting a tc filter rule
Hi, I am very new to tc. I added a filter using the following command: tc filter add dev eth0 V parent 20:0 protocol ip prio 1 handle ::128 u32 match ip tos 0x44 0xfc flowid 20:1 To check if the filter rule was indeed added, I run tc filter show dev eth0 parent 20: This gave me the following output: filter protocol ip pref 1 u32 filter protocol ip pref 1 u32 fh 800: ht divisor 1 filter protocol ip pref 1 u32 fh 800::128 order 296 key ht 800 bkt 0 flowid 20:1 match 0044/00fc at 0 I tried deleting the filter rule that I added using: tc filter del dev eth0 pref 1 protocol ip handle 800::160 This gave me the following message: Must specify filter type when using handle I modified the delete command, as follows: tc filter del dev eth0 pref 1 protocol ip handle 800::160 u32 This gave the following error message: RTNETLINK answers: Invalid argument I am pretty much stumped. Can anyone tell me how I can delete a tc filter rule? Thanks, Rick smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] How do you delete a filter?
Hi, I am very new to tc. I added a filter using the following command: tc filter add dev eth0 V parent 20:0 protocol ip prio 1 handle ::128 u32 match ip tos 0x44 0xfc flowid 20:1 To check if the filter rule was indeed added, I run tc filter show dev eth0 parent 20: This gave me the following output: filter protocol ip pref 1 u32 filter protocol ip pref 1 u32 fh 800: ht divisor 1 filter protocol ip pref 1 u32 fh 800::128 order 296 key ht 800 bkt 0 flowid 20:1 match 0044/00fc at 0 I tried deleting the filter rule that I added using: tc filter del dev eth0 pref 1 protocol ip handle 800::160 This gave me the following message: Must specify filter type when using handle I modified the delete command, as follows: tc filter del dev eth0 pref 1 protocol ip handle 800::160 u32 This gave the following error message: RTNETLINK answers: Invalid argument I am pretty much stumped. Can anyone tell me how I can delete a filter? Thanks, Rick smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: LARTC Digest, Vol 20, Issue 7
Message: 1 Date: Fri, 06 Oct 2006 00:06:08 -0400 From: Kevin White [EMAIL PROTECTED] Subject: [LARTC] Two upstream gateways, only use one unless it fails? To: lartc@mailman.ds9a.nl Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed I'm looking at setting up a system with two upstream Internet routers, the second to be used only if the first fails. There's a lot of information on using Julian's patches (the nano document), and I'm still digesting all of it. It looks pretty slick, and I think it will work...but I don't see if I can actually set up multipath and have the kernel not use the second interface unless it has to. It looks like I can only set weight and set up a percentage rule. Am I missing something? Can I say here are two routes, always use route one unless you can't? Thanks, Kevin Hi Kevin You can use multipath with different weights see below taken from lartc.org... ### cute## 4.2.2. Load balancing The second question is how to balance traffic going out over the two providers. This is actually not hard if you already have set up split access as above. Instead of choosing one of the two providers as your default route, you now set up the default route to be a multipath route. In the default kernel this will balance routes over the two providers. It is done as follows (once more building on the example in the section on split-access): ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \ nexthop via $P2 dev $IF2 weight 1 This will balance the routes over both providers. The weight parameters can be tweaked to favor one provider over the other. cute## Then you can do something like this: ip route add default scope global nexthop via $P1 dev $IF1 weight 100 \ nexthop via $P2 dev $IF2 weight 1 ^^ best regards -- Paulo Ricardo Bruck - consultor Contato Global Solutions - http://www.contato.com.br fone 011 5031-4932 011 5034-1732 cel 011 9235-4327 signature.asc Description: Esta é uma parte de mensagem assinada digitalmente ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: Prioritize ACK packets
Hi: Look here: http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/ Hope this helps. Regards. Ricardo Soria. __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.espanol.yahoo.com/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Several basic doubts
I have a connection cablemodem (down 1024kbit up 256 kbit) that spreads Internet to a LAN of 4 PC. Router-firewall is one 486 DX4 100 96 MB RAM that runs a Debian Sarge (kernel 2,4,25), that does NOT serve norsquid, nor samba, nor smtp, etc single dorouting-firewalling. I am something confused by opinions and "presumed" manual and howto that I have read and have confused I more... Then I ask to them you: I must do shaping with the NIC that connect with ISP (etho)... or with the NIC of the LAN (eth1)... Because I have seen opinions on both possibilities, but I have tested the two and second did not give me good results. In the case of using the NICto Internet (eth0) I must set like CEIL the bandwidth of downstream (1024kbit) or upstream (256kbit)... And in such case I must set the 75 percent approximately of the bandwidth to avoid to saturate the band? Another question is if it agrees -upon my case-using priorities for the classes... Thanks in advance Ricardo ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Please: judge this script
I copied and tried to adapt to my necessities the excellent script of Pedro Larroy, but I am inexperienced in QoS and I have doubts. I havecablemodem to Internet 1024kbit down and 256kbit up,througheth0. The LAN haseth1 and NAT. I formed the band so that shaping goes by theeth1 (of the LAN) with bandwidth maximum CEIL=768. But I observe that the trafficsometimes acceleratesand other momentsstops. Please, you they could say to me what is bad of script that I pastebelow??? (iptables mangle mark ports 54xxx is for emule) Thanks for its patience. --paste script- CEIL=768 #Primero borrar todas las bandas que pudiera haber tc qdisc del dev eth1 root #Se crea la banda principal root 1, cuyos paquetes por defecto van a la banda 1 tc qdisc add dev eth1 root handle 1: htb default 15 tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 270kbit ceil 270kbit prio 0 tc class add dev eth1 parent 1:1 classid 1:11 htb rate 270kbit ceil ${CEIL}kbit prio 1 tc class add dev eth1 parent 1:1 classid 1:12 htb rate 68kbit ceil ${CEIL}kbit prio 2 tc class add dev eth1 parent 1:1 classid 1:13 htb rate 68kbit ceil ${CEIL}kbit prio 2 tc class add dev eth1 parent 1:1 classid 1:14 htb rate 34kbit ceil ${CEIL}kbit prio 3 tc class add dev eth1 parent 1:1 classid 1:15 htb rate 100kbit ceil ${CEIL}kbit prio 1 #Se asocia la cola sfq con la banda hija tc qdisc add dev eth1 parent 1:11 handle 110: sfq perturb 10 tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10 tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10 tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10 tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10 #Se asocian las marcas que hubiera en iptables mangle con las bandas respectivas tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:10 tc filter add dev eth1 protocol ip parent 1:0 prio 2 handle 2 fw classid 1:11 tc filter add dev eth1 protocol ip parent 1:0 prio 3 handle 3 fw classid 1:12 tc filter add dev eth1 protocol ip parent 1:0 prio 4 handle 4 fw classid 1:13 tc filter add dev eth1 protocol ip parent 1:0 prio 5 handle 5 fw classid 1:14 tc filter add dev eth1 protocol ip parent 1:0 prio 6 handle 6 fw classid 1:15 #Se dan las reglas iptables para marcar lo que nos interesa $IPTABLES -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1 $IPTABLES -t mangle -A PREROUTING -p icmp -j RETURN $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 0x1 $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 0x5 $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN $IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 0x6 $IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN #Esto prioriza paquetes del puerto seteado $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j MARK --set-mark 0x2$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j RETURN #Esto prioriza paquetes al comienzo de conexiones tcp con SYN flag $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN #Cierra reglas de la tabla prerouting mangle $IPTABLES -t mangle -A PREROUTING -j MARK --set-mark 0x6 #Todo lo mismo que lo anterior, pero en OUTPUT, para trafico generado localmente $IPTABLES -t mangle -A OUTPUT -p
Re: [LARTC] Please: judge this script
- Original Message - From: Andreas Klauer [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Sent: Wednesday, July 06, 2005 12:38 PM Subject: Re: [LARTC] Please: judge this script class altogether have a guaranteed rate of 810kbit, whereas the parent only has 768kbit. Oh Yes... thanks for your judgment so detailed... that went an error, when increasing one of the values I forgot to reduce it to the other class. After this correction the rate raised vertiginously. Of 4kbit of download in emule, now is 30 to 35 kb! In addition the load of www pages and pop3 works much more fast. Another problem could probably be that you are using a lot of SFQ qdiscs. If every single one of them can queue 128 packets, it might be too much. I reduced the SFQ queue length to 16 on my system for that reason. I also had a lot of weird thing happening due to the prio parameter of HTB. I think it's best not to use it in the beginning and only start experimenting with that parameter when you really need it. You think that it would be necessary to make these changes now? Are you shaping upload traffic at all? You don't really have much influence on download traffic (all HTB can do is drop packets). A shaping setup without upload shaping makes hardly any sense. In this case what would have to add I to script? I imagine that I would have to apply all the same rules, equal these, but with the CEIL value upload (256 kbit) and pointing at the NIC eth0 (to ISP)... This is well? And the rules of iptables would be equal? That is: - t mangle PREROUTING pointing to the ports of destination (dport instead of sport)? Also, in your setup you limit eth1 to 768kbit in total. That's fine as long as there is no LAN traffic on that machine. However, that's hardly ever the case - as soon as you SSH on your machine, or use some kind of proxy (DNS caching, squid, ...), this LAN traffic will have to use the same classes as your internet download traffic, thus interfering with download speeds. Is a router Debian (kernel to 2,4,25) that only does NAT and firewall with iptables (its runs in a 486 DX4100 with 96MB RAM and two HD of 1GB each one... ;-). Not squid, not samba, not bind... Nothing except router of Inet and NAT. What would have to do? Best regards Ricardo ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Please: Judge this script
I copied and tried to adapt to my necessities the excellent script of Pedro Larroy, but I am inexperienced in QoS and I have doubts. I havecablemodem to Internet 1024kbit down and 256kbit up,througheth0. The LAN haseth1 and NAT. I formed the band so that shaping goes by theeth1 (of the LAN) with bandwidth maximum CEIL=768. But I observe that the trafficsometimes acceleratesand other momentsstops. Please, you they could say to me what is bad of script that I pastebelow??? Thanks for its patience. --paste script- CEIL=768 #Primero borrar todas las bandas que pudiera haber tc qdisc del dev eth1 root #Se crea la banda principal root 1, cuyos paquetes por defecto van a la banda 1 tc qdisc add dev eth1 root handle 1: htb default 15 tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 270kbit ceil 270kbit prio 0 tc class add dev eth1 parent 1:1 classid 1:11 htb rate 270kbit ceil ${CEIL}kbit prio 1 tc class add dev eth1 parent 1:1 classid 1:12 htb rate 68kbit ceil ${CEIL}kbit prio 2 tc class add dev eth1 parent 1:1 classid 1:13 htb rate 68kbit ceil ${CEIL}kbit prio 2 tc class add dev eth1 parent 1:1 classid 1:14 htb rate 34kbit ceil ${CEIL}kbit prio 3 tc class add dev eth1 parent 1:1 classid 1:15 htb rate 100kbit ceil ${CEIL}kbit prio 1 #Se asocia la cola sfq con la banda hija tc qdisc add dev eth1 parent 1:11 handle 110: sfq perturb 10 tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10 tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10 tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10 tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10 #Se asocian las marcas que hubiera en iptables mangle con las bandas respectivas tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:10 tc filter add dev eth1 protocol ip parent 1:0 prio 2 handle 2 fw classid 1:11 tc filter add dev eth1 protocol ip parent 1:0 prio 3 handle 3 fw classid 1:12 tc filter add dev eth1 protocol ip parent 1:0 prio 4 handle 4 fw classid 1:13 tc filter add dev eth1 protocol ip parent 1:0 prio 5 handle 5 fw classid 1:14 tc filter add dev eth1 protocol ip parent 1:0 prio 6 handle 6 fw classid 1:15 #Se dan las reglas iptables para marcar lo que nos interesa $IPTABLES -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1 $IPTABLES -t mangle -A PREROUTING -p icmp -j RETURN $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 0x1 $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 0x5 $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN $IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 0x6 $IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN #Esto prioriza paquetes del puerto seteado $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j MARK --set-mark 0x2$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j RETURN #Esto prioriza paquetes al comienzo de conexiones tcp con SYN flag $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN #Cierra reglas de la tabla prerouting mangle $IPTABLES -t mangle -A PREROUTING -j MARK --set-mark 0x6 #Todo lo mismo que lo anterior, pero en OUTPUT, para trafico generado localmente $IPTABLES -t mangle -A OUTPUT -p icmp -j MARK --set-mark 0x1 $IPTABLES -t mangle
[LARTC] Help on deleting RSVP6 filter
Greetings. I'm having some trouble deleting an rsvp6 filter that I create using the following command: #tc filter add dev eth1 parent 1: protocol ip rsvp6 ipproto tcp session 2020::1/22 sender 2020::2/22 flowid 1:11 The filter is created sucessfully: # tc filter list dev eth1 filter parent 1: protocol ip pref 49152 rsvp6 filter parent 1: protocol ip pref 49152 rsvp6 fh 0x00010207 flowid 1:11 session 2020::1/22 ipproto tcp sender 2020::2/22 And is associated with the following class: # tc class list dev eth1 class htb 1:1 root prio 0 rate 1000bit ceil 1Kbit burst 15Kb cburst 2848b - class htb 1:11 root prio 0 rate 12500Kbit ceil 12500Kbit burst 49996b cburst 3159b - Now, i cannot delete the filter: # tc filter del dev eth1 parent 1: protocol ip rsvp6 ipproto tcp session 2020::1/22 sender 2020::2/22 flowid 1:11 RTNETLINK answers: No such file or directory We have an error talking to the kernel And I can't delete the class too: # tc class del dev eth1 parent 1:0 classid 1:11 htb rate 12500kbit burst 5 RTNETLINK answers: Device or resource busy Can someone please help me? Thanks :) Ricardo (Portugal) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] QoS and CLASSIFY
Hi Guys After googling a little I couldn't find the correct answer.. When I use : tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.11 flowid 1:30 , I can shape traffic to 1:30.( works like a charm) Now instead tc filter I would like to use CLASSIFY as below: iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.5 -j CLASSIFY --set-class 1:30 but when I comment tc filter and include iptables -t mangle..CLASSIFY nothing works. Where Am I wrong?? Scenario: #!/bin/bash # #128Kbps 192.168.0.1 # - eth1 firewall eth0 # internet-adsl-+squid---4 desktops # - +QoS 192.168.0.5 # 450Kbps .11 # .12 # .20 # modprobe sch_htb sch_prio sch_sfq cls_u32 tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1:0 htb tc class add dev eth0 parent 1:0 classid 1:1 htb rate 450kbit ceil 450kbit tc class add dev eth0 parent 1:1 classid 1:30 htb rate 80kbit ceil 400kbit tc class add dev eth0 parent 1:1 classid 1:40 htb rate 80kbit ceil 400kbit tc class add dev eth0 parent 1:1 classid 1:50 htb rate 80kbit ceil 400kbit tc class add dev eth0 parent 1:1 classid 1:60 htb rate 80kbit ceil 400kbit tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10 tc qdisc add dev eth0 parent 1:40 handle 40: sfq perturb 10 tc qdisc add dev eth0 parent 1:50 handle 50: sfq perturb 10 tc qdisc add dev eth0 parent 1:60 handle 60: sfq perturb 10 thanks in advanced -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] RSVP Filter
Greetings. I am trying to use ISI RSVP to make some layer3 reservations. My problem is that RSVP refuses to configure the queues with an RNETLINK answers: invalid argument error. Even if I try to setup the filter with tc command, I get the same error. I already tried to load all the modules necessary, rsvp and rsvp6 included, but I still got the same error. Can someone help me? Is the rsvp or rsvp6 filters working on 2.6.X kernel versions? Thanks in advance, Ricardo Duarte INESC Porto, Potugal ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] newbie downloading not working
Hi guys Finally , after reading a lot of docs from larc/opalsoft/etc, I decided to start learning some QoS First of all I'm trying to shape only download from a iptables+squid+qos machine for 4 machines at LAN ( eth0) Can anyone help me , cause it is not working properly.. - #!/bin/bash #128Kbps 192.168.0.1 # - eth1 firewall eth0 # internet-adsl-+squid---4 desktops # - +QoS 192.168.0.5 # 450Kbps .11 # .12 # .20 # echo -e calling modules\n modprobe sch_htb sch_prio sch_sfq cls_u32 echo -e limiting download\n echo -e deleting qdisc \n tc qdisc del dev eth0 root echo -e adding HTB and SFP/PFIFO as leaves\n tc qdisc add dev eth0 root handle 1:0 htb tc class add dev eth0 parent 1:0 classid 1:1 htb rate 400kbit ceil 400kbit tc class add dev eth0 parent 1:1 classid 1:20 htb rate 300kbit ceil 400kbit tc class add dev eth0 parent 1:1 classid 1:30 htb rate 10kbit ceil 400kbit tc class add dev eth0 parent 1:1 classid 1:40 htb rate 10kbit ceil 400kbit tc class add dev eth0 parent 1:1 classid 1:50 htb rate 10kbit ceil 400kbit tc class add dev eth0 parent 1:1 classid 1:60 htb rate 10kbit ceil 400kbit tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10 tc qdisc add dev eth0 parent 1:40 handle 40: sfq perturb 10 tc qdisc add dev eth0 parent 1:50 handle 50: sfq perturb 10 tc qdisc add dev eth0 parent 1:60 handle 60: sfq perturb 10 tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.1 flowid 1:20 tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.11 flowid 1:30 tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.12 flowid 1:40 tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.20 flowid 1:50 tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.5 flowid 1:60 thx in advanced -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] question about correct way of shapping
Hi Guys After reading http://lartc.org/lartc.html#LARTC.QDISC http://www.docum.org/docum.org/ http://tldp.org/HOWTO/Traffic-Control-HOWTO/ http://www.opalsoft.net/qos/DS-21.htm and a wonderful figure from: http://www.opalsoft.net/qos/ds-lb-214.gif I have a newbie question. Suposse next figure: --- up 128K internet - dsl -eth1 -Linux Qos- eth0 -- LAN --- down 450k If I want shape traffic to my LAN ( sharing equally download for all users) I have to insert a rule like this tc qdisc add dev eth0 root handle 1:0 htb tc class add dev eth0 parent 1:0 classid 1:1 htb rate 400kbit and other rules and If I want shape traffic to Internet ( not allowing a single user to destroy upload) I have to insert a rule like this: tc qdisc add dev eth1 root handle 1:0 htb tc class add dev eth1 parent 1:0 classid 1:1 htb rate 100kbit and ...other rules Is it correct?? or it is better to use IMQ or dummy to shape in both directions ?? thanks in advanced -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] question about correct way of shapping
Em Qui, 2005-04-07 às 10:22 -0700, Corey Hickey escreveu: Paulo Ricardo Bruck wrote: --- up 128K internet - dsl -eth1 -Linux Qos- eth0 -- LAN --- down 450k If I want shape traffic to my LAN ( sharing equally download for all users) I have to insert a rule like this tc qdisc add dev eth0 root handle 1:0 htb tc class add dev eth0 parent 1:0 classid 1:1 htb rate 400kbit and other rules and If I want shape traffic to Internet ( not allowing a single user to destroy upload) I have to insert a rule like this: tc qdisc add dev eth1 root handle 1:0 htb tc class add dev eth1 parent 1:0 classid 1:1 htb rate 100kbit and ...other rules Is it correct?? Yes. That's the way to do it. Don't forget to add some filters (tc filter add ...) to send traffic into those queues. Yes I'll not forget 8) thanks for quickly answer Corey Just another question related w/ shapping at some documents it's describe the use of IMQ and some other the use of dummy device. What's the best method ? From what I've read we use dummy to shape both lan and wan using dummy device. It's correct? If it's correct why does we use dummy insted shape at LAn and Wan Interfaces ? I intend use TC + iptables + debian sarge, but I'm not sure about using dummy device thanks in advance -Corey -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] ABOUT THE ULTIMATE TRAFFIC CONDITIONER
Dear friends: I was analizing the HTB script at The ultimate traffic conditioner, at the Cookbook, at Lartc. I have a very basic question: First, it is defined the root htb qdisc, as expected; then, it is defined the main (parent) htb class, with the total uplink as rate, also as expected; then, they are defined 2 child clases: first of them has also the total uplink as rate (!) and second, has the 90% of the total uplink as rate (!). So, sum of child classes equals to 190% of the total uplink (and parent) rate. Why is this done that way?? I understand it goes against basic (htb) shaping rules, and also, it seems ilogical. Wouldn't it be better to define rates, for example, 90% for bulk traffic and 10% for interactive traffic, both with 100% ceils (or only interactive) ?? I was looking for this answer for a long time, but it seems nobody has asked this before. Sorry if this questions sound stupid or too basic. Thanks a Lot. Ricardo. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] SEPARATING VOIP AND SURFING
--- Andy Furniss [EMAIL PROTECTED] escribió: Andy Furniss wrote: So, my question would be, how to 'divide' or 'recognize' incoming and outgoing traffic, and to treat it as different channels?? I was thinking about using a IMQ device for incoming traffic, but this apperas to be a 'little bit' more complicated that what I expected. So, may it be a way to do this without installing IMQ ?? Yes you will need IMQ. Second thoughts - you may be able to do without IMQ as long as it's just forwarded traffic. Andy. Andy: What I am exactly doing is this: I receive all traffic from the cisco 1600, then, filter/shape/monitor it, then, if this traffic is destined to the remote subnet, it is send to the cisco 827, but, if the traffic is for the local subnet (including both ciscos, and the linux box), it is directly delivered to its destination. All of this is done via eth0, as much outgoing as incoming traffic. So, specially cosidering about the local subnet, do you think I should definitively use IMQ or not?? However, I have also posted in linuximq list, because I cannot find IMQ patch for my linux box (Redhat 7.3, 2.4.18-3 Kernel) Very thanks in advance. Ricardo. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
--- Andy Furniss [EMAIL PROTECTED] escribió: Ricardo Soria wrote: --- Andy Furniss [EMAIL PROTECTED] escribió: Andy Furniss wrote: So, my question would be, how to 'divide' or 'recognize' incoming and outgoing traffic, and to treat it as different channels?? I was thinking about using a IMQ device for incoming traffic, but this apperas to be a 'little bit' more complicated that what I expected. So, may it be a way to do this without installing IMQ ?? Yes you will need IMQ. Second thoughts - you may be able to do without IMQ as long as it's just forwarded traffic. Andy. Andy: What I am exactly doing is this: I receive all traffic from the cisco 1600, then, filter/shape/monitor it, then, if this traffic is destined to the remote subnet, it is send to the cisco 827, but, if the traffic is for the local subnet (including both ciscos, and the linux box), The only thing you would need IMQ for is if you need to shape traffic from the 1600 to a local process on the linux box - so you may - it depends on what else you are running on the shaping box that causes bulk traffic to it. it is directly delivered to its destination. All of this is done via eth0, as much outgoing as incoming traffic. So, specially cosidering about the local subnet, do you think I should definitively use IMQ or not?? If eth0 has as much incoming as outgoing then there is no traffic to local process? There may be traffic for a local (linux box) process, but the most of the traffic will be redirected or passed. Do you want to shape eth0 aswell as the internet link or is it OK for spare bandwidth? I cannot translate/understand perfectly this question, but I do need to shape the internet link. So, returning to the question that originated this discussion, how can I diferentiate/separate incoming and outgoing traffic for the same interface (eth0), without confusing each other, and without using IMQ devices if possible ?? Andy. However, I have also posted in linuximq list, because I cannot find IMQ patch for my linux box (Redhat 7.3, 2.4.18-3 Kernel) Very thanks in advance. Ricardo. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
--- Andy Furniss [EMAIL PROTECTED] escribió: Ricardo Soria wrote: So, returning to the question that originated this discussion, how can I diferentiate/separate incoming and outgoing traffic for the same interface (eth0), without confusing each other, and without using IMQ devices if possible ?? My mails don't seem to be getting to/from LARTC - I assume you got my other reply. I did receive your previous e-mail. Lartc mailing list appears to not be working now. I put to mark on MAC - this only works for src MAC with iptables in prerouting or forward eg. iptables -I PREROUTING -t mangle -m mac --mac-source AA:BB:CC:DD:EE:FF -j MARK --set-mark 123 For dst MAC address you need to use u32 eg. tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u32 0xCCDDEEFF 0x at -12 match u16 0xAABB 0x at -14 flowid 1:1 Very thanks for your suggestion, but... Consider that the traffic that comes from the cisco 1600 is not originated into itself; this router is just passing traffic that comes from Internet (infinite source MAC addresses possible), so, I really couldn't shape traffic by its source MAC address. The same for the cisco 827, except that possible destination MAC addresses are not so much. Traffic that my linux box sends to cisco 827 is not finally for itself, but for any computer in the remote subnet. Andy. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
--- Andy Furniss [EMAIL PROTECTED] escribió: Ricardo Soria wrote: Very thanks for your suggestion, but... Consider that the traffic that comes from the cisco 1600 is not originated into itself; this router is just passing traffic that comes from Internet (infinite source MAC addresses possible) I don't think so - ethernet is link layer , so, I really couldn't shape traffic by its source MAC address. So if you use iptraf lan monitor you can not see the MAC of the ciscos sending and receiving? It seems you are right: I was monitoring using iptraf, and I really could see cisco's MAC addresses as source MACs of all traffic. It is strange for me. Could we say all packages take last node's MAC address as source MAC address ?? The same for the cisco 827, except that possible destination MAC addresses are not so much. Traffic that my linux box sends to cisco 827 is not finally for itself, but for any computer in the remote subnet. Even if the MAC bit doesn't work, I think if you can manage to route the traffic properly, then you should be able to mark/filter it for shaping. Ok, I agree, but finally, if I mark traffic by source MAC address, or by IP, or I don't do it, that would only affect the way I would do filtering (tc filter...), but I cannot really see how this would help separating incoming and outgoing traffic by the same interface. By the way, I saw an example, possibly in lartc archive, where another guy had a similar problem, and he made 2 root classes, with the same bandwidth for both of them, one for outgoing and another for incoming. Do you think this is an acceptable way to try to separete it, and if so, do you think I should create 2 root qdiscs (is this possible??), or just 1 root qdisc and 2 root (child or qdisc) classes ?? Very thanks... Regards. Andy. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
Well, as I promised, here I am again :-) I have not got ESFQ yet, but what I think really helped was shorting bandwidth capacity to its 88%. But here I have a new problem again: there are certain moments when I am really running out of bandwidth. The scenario now is as follows: I am using my linux box as a router; forwarding packages from on subnet to another. But, since I have only one interface (eth0) for this purpose, both incoming and outgoing traffic passes for this interface. So, I though it was correct to duplicate bandwidth capacity (512kbit * 88% = 450kbit * 2 = 900kbit), considering that I have 512kbit for uplink and 512 for downlink. So, I am now considering a rate/ceil of 900kbit for eth0 on my script. Everything appeared to be OK, But, since I did this change, there are certain moments that I run out of downlink bandwidth, so, I think the script is trying to take more thank the total 512 of downlink I have. So, my question would be, how to 'divide' or 'recognize' incoming and outgoing traffic, and to treat it as different channels?? I was thinking about using a IMQ device for incoming traffic, but this apperas to be a 'little bit' more complicated that what I expected. So, may it be a way to do this without installing IMQ ?? Very thanks in advance. Best regards. Ricardo. --- Andy Furniss [EMAIL PROTECTED] escribió: Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a mix of traffic ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving prio 0 to interactive classes, and prio 1 to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make sure interactive has large burst and bulk none. Rather than mess with r2q I set quantum to my MTU for HTB and SFQ. HTB can be tweaked to be more accurate - but you may not need to bother. I also set a rate for my interactive larger than I ever expect to be used, this is probably unneccesary, but then I count game traffic a top prio - and I was using upto 20K bytes/sec incoming while on a 64 player enemy territory server recently. Sorry for the annoyances, very thanks in advance. That's OK - It would help to know what the users do and how many are active at once etc. Andy. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
Dear Chris: Thanks for your sugestion. But my situation is really more complicated than that. What I am really doing is this: I have 2 cisco routers, a 1601, that gives me connection to Internet, and ahother, a 827, that gives me a connection to my other (remote) subnet. My linux box is in the middle of both ciscos. So, the ciscos, and my linux box have an IP address each, this IPs belong to the same subnet. What the linux box does is to receive the traffic from the cisco 1600, shape and filter this traffic, and forward the packages destined to the remote subnet, to the cisco 827. So, an additional ethernet card wouldn't be so much aid, would it ?? Very thanks. Ricardo. --- Chris Bennett [EMAIL PROTECTED] escribió: I struggled with this sort of thing for a while. Then I realized it was easier to just buy another ethernet card for $10. I suggest you do that. - Original Message - From: Ricardo Soria [EMAIL PROTECTED] To: Andy Furniss [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 1:08 PM Subject: Re: [LARTC] SEPARATING VOIP AND SURFING Well, as I promised, here I am again :-) I have not got ESFQ yet, but what I think really helped was shorting bandwidth capacity to its 88%. But here I have a new problem again: there are certain moments when I am really running out of bandwidth. The scenario now is as follows: I am using my linux box as a router; forwarding packages from on subnet to another. But, since I have only one interface (eth0) for this purpose, both incoming and outgoing traffic passes for this interface. So, I though it was correct to duplicate bandwidth capacity (512kbit * 88% = 450kbit * 2 = 900kbit), considering that I have 512kbit for uplink and 512 for downlink. So, I am now considering a rate/ceil of 900kbit for eth0 on my script. Everything appeared to be OK, But, since I did this change, there are certain moments that I run out of downlink bandwidth, so, I think the script is trying to take more thank the total 512 of downlink I have. So, my question would be, how to 'divide' or 'recognize' incoming and outgoing traffic, and to treat it as different channels?? I was thinking about using a IMQ device for incoming traffic, but this apperas to be a 'little bit' more complicated that what I expected. So, may it be a way to do this without installing IMQ ?? Very thanks in advance. Best regards. Ricardo. --- Andy Furniss [EMAIL PROTECTED] escribió: Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a mix of traffic ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving prio 0 to interactive classes, and prio 1 to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make sure interactive has large burst and bulk none. Rather than mess with r2q I set quantum to my MTU for HTB and SFQ. HTB can be tweaked to be more accurate - but you may not need to bother. I also set a rate for my interactive larger than I ever expect to be used, this is probably unneccesary, but then I count game traffic a top prio - and I was using upto 20K bytes/sec incoming while on a 64 player enemy territory server recently. Sorry for the annoyances, very thanks in advance
Re: [LARTC] SEPARATING VOIP AND SURFING
Dear friends: Very thanks for all your help. I have made many changes to my scrip this days, fixing up some problems and mistakes I found. It seems now I have a very acceptable VoIP quality, and everything is working notably better. I am actually using 450kbit of the total 512 available. Next step I will take is to investigate about ESQF, so, I can implement it to my script. I will be annoying by here later ;-) Thanks. Ricardo. --- Rick Marshall [EMAIL PROTECTED] escribió: Andy Furniss wrote: Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. not all that important. we have 400ms ping time to one site, but the voip is acceptable because it doesn't synchronise. if packet loss is a problem, turn off any compression. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a mix of traffic ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving prio 0 to interactive classes, and prio 1 to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make sure interactive has large burst and bulk none. Rather than mess with r2q I set quantum to my MTU for HTB and SFQ. HTB can be tweaked to be more accurate - but you may not need to bother. I also set a rate for my interactive larger than I ever expect to be used, this is probably unneccesary, but then I count game traffic a top prio - and I was using upto 20K bytes/sec incoming while on a 64 player enemy territory server recently. Sorry for the annoyances, very thanks in advance. That's OK - It would help to know what the users do and how many are active at once etc. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ begin:vcard fn:Rick Marshall n:Marshall;Rick email;internet:[EMAIL PROTECTED] tel;cell:+61 411 287 530 x-mozilla-html:TRUE version:2.1 end:vcard _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
Jason Boxman wrote: On Monday 15 November 2004 20:06, Ricardo Soria wrote: snip Dear Andy: Very thanks for your answer. However, I need a little bit more extended explanation. First, you say that I should back off more from link speed - total ceils to about 80% and share that between interactive and bulk. So, do you mean that if I have a total 512Kbit link, and 2 child classes, I should not divide the whole 512kbit between the 2 classes, but, I should only divide 410kbit between them, and share the remaining 102kbit between them?? Or do you mean I should only consider 410kbit as the whole link capacity?? I think he meant to treat your link as if it were only 410kbit. With some testing you can verify just how close to 100% of your advertised capacity you can get, but 80% is often a good place to start. Yes that's what I meant. For uplink it's to allow for link overheads and with dsl you should be careful about tweaking as it may be OK at 90% in a test with bulk traffic - all MTU size packets, but if there are lots of small packets the overhead miscalculations may mean well over limits at 90%. You can fix this, but not perfectly, with a patch Ed Wildgoose sent to this list. Incoming traffic is different - your queue is at the wrong end of the link. You have to set a lower limit just to have a queue at all. 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? Second, you say that I should not use SFQ as a sub-qdisc, because of the lenght of the queue, being it ESFQ (new for me) a better choice. But later, you say I should use SFQ for bulk traffic (I think you refer surfing as bulk, and voip as interactive). So, should I use SFQ for bulk classes and ESFQ for interactive classes ?? Or, should I use ESFQ for all leaf classes?? Or, should I use ESFQ for bulk classes and default (pfifo, I think) for interactive classes?? What I meant was you could either change the sfq queue length or use esfq, which lets you choose length (and more). In practise you setup HTB so that your interactive traffic - doesn't queue - yes you can attach what ever you like to it's class - and (e)sfq would be OK, but if packets actually get queued in it you marking has failed and bulk got in or you really have run out of bandwidth. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? The point I made was that you shouldn't really send a mix of traffic to SFQ which will still cause long delays at low bitrates and your users have potentially low rates (depends on what they do). 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a mix of traffic ?? I would do a bit more work to priorotise dns/empty acks/small tcp etc. as well as VOIP, then give them a class with plenty of rate spare and make bulk borrow. This would mean that each user would notice a bit less the fact they have hardly any bandwidth (if that's the case). 4. If you still have a copy of my script, you can see I am giving prio 0 to interactive classes, and prio 1 to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? Choosing a queue length should really be related to link speed - but you can't do this if you have lots of queues whose rate are variable. What to choose depends on typical and I suppose worst case traffic situation for your LAN. Alternatly if you were prepared to patch and use esfq you could use it to roughly share traffic by IP address - which is nice to save you marking and because you are able to set the queue length for the link. You do though, loose fairness per connection which may not affect you - again it depends on usage P2P. bittorrent etc. I am curious about this myself. I placed a default sfq qdisc with the 128 queue default on a p2p class that had a rate of 144kbit and it routinely spiked to about 150kbit several times a second. If I use pfifo with a queue length of 10 I find my utilization for that class at around 146kbit instead. Is it the queue length causing this behavior? I think these differences are too small to be representative. One packet could add 12kbit to a counter instantaneously and how you measure can decieve. For one really low rate class
[LARTC] SEPARATING VOIP AND SURFING
Dear list: I have a problem I cannot handle yet, and need to solve it as soon as possible. Would be very greatful with anybody who can help me. I have a 512/512 link to internet, that I want to share between several computers. I have eth0, with a public IP address, conected to Internet, and also, eth1, with a private IP address, for network with the surfing computers. I have a main class with the whole 512kbit, then 2 child classes in this way (you can see the complete script at the end): class 1: rate = ceil = 64kbit, prio 0, for VOIP class 2: rate = ceil = 448kbit, for SURFING Class 2 is subdivided again in about 20 classes, for 20 surfing computers, this way: class 3: rate = 18kbit, ceil = 448kbit, prio 1, SURF I have a classical problem (I think). As you can see, first 64kbit are for VOIP, so, it is necesary the best quality, and the minimal delays. 64Kbit is pretty enough for 1 VOIP channel (it is supposed to really use no more than 20kbit). And also, the 64kbit class has the highest priority. Nevertheless, specially when all 20 users are surfing, or some user are browsing weight pages, or when 2 or more users are downloading at the same time, I cannot get VOIP to work properly, because quality becomes very poor. I have made all kind of imaginable test, probes and combinations, trying to test with different burst values for classes, attaching sfq qdiscs to all leaf classes, then only to surfing classes, then only to VOIP classes, and even, gaming with R2Q/Quantums, that would not be necessary, because 64Kbit is very more than enough. So please, does anyone have any idea how to completely separate VOIP and SURFING, making 2 independent channels, without one service affect to other ?? Very thanks in advance. If you are still able to read, after having read all this stuff, here goes my script as is now... Best Regards to everybody. Ricardo. #!/bin/bash tc qdisc add dev eth1 root handle 1: htb default 121 r2q 1 tc qdisc add dev eth0 root handle 1: htb default 20 r2q 5 tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 64kbit ceil 64kbit prio 0 tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 64kbit prio 0 tc class add dev eth1 parent 1:1 classid 1:20 htb rate 448kbit ceil 448kbit prio 1 tc class add dev eth0 parent 1:1 classid 1:20 htb rate 448kbit ceil 448kbit prio 1 # PER MACHINE OR IP CLASSES tc class add dev eth1 parent 1:20 classid 1:90 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:91 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:101 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:102 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:103 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:104 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:105 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:106 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:107 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:108 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:109 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:110 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:111 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:112 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:113 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:114 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:115 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:116 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:117 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:118 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:119 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:120 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:121 htb rate 18kbit ceil 448kbit prio 1 # SFQ QDISCS PER LEAF CLASS # VOIP tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 #SURFING tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth1 parent 1:90 handle 90: sfq perturb 10 tc qdisc add dev eth1 parent 1:91 handle 91: sfq perturb 10 tc qdisc add dev eth1 parent 1:101 handle 101: sfq perturb 10 tc qdisc add dev eth1 parent 1:102 handle 102: sfq perturb 10 tc qdisc add
[LARTC] CBQ + 802.1Q VLAN
I need to shape traffic from some IP onone LAN, butI'm introuble.There isa linux2.4.26 connected to the Internet (eth0) / LAN(eth1) doing NAT.I'm using VLANs in the LAN Interface, that is connected to a 3Com SuperStack II in a 802.1Q tagged port. I want to create a classthat will limit thetraffic at 384Kbit/s. I want to createtwo leaf classes that limit thetraffic at 256Kbit/s for each one. I want to attach twosfq qdiscs so the classes are treated equally. I want toputfilters thatputone IP address for each256 class (supose that are only twocomputers onLAN). When one computer is downloading a file from internet it need to never be more than 256Kbit. When bothcomputersare downloading files at the same time, theyneed tonever be more than 384Kbit together. I want toattach the qdisc on eth1 (and no one on each VLAN ex.eth1.1, eth1.2, eth1.3 ...) so all VLAN traffic will be processed. Theconfig: # root qdisc tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 # root class tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 384Kbit weight 38Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 384Kbit weight 38Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded # leaf class 1 2 tc class add dev eth0 parent 1:1 classid 1:10 cbq bandwidth 100Mbit rate 256Kbit weight 25Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000tc class add dev eth0 parent 1:1 classid 1:20 cbq bandwidth 100Mbit rate 256Kbit weight 25Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 tc class add dev eth1 parent 1:1 classid 1:10 cbq bandwidth 100Mbit rate 256Kbit weight 25Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000tc class add dev eth1 parent 1:1 classid 1:20 cbq bandwidth 100Mbit rate 256Kbit weight 25Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 # sfq tc qdisc add dev eth0 parent 1:10 handle 100: sfqtc qdisc add dev eth0 parent 1:20 handle 200: sfq tc qdisc add dev eth1 parent 1:10 handle 100: sfqtc qdisc add dev eth1 parent 1:20 handle 200: sfq # filters tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ipsrc 10.0.0.2/32 flowid 1:10tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.0.2/32 flowid 1:10 tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ipsrc 10.0.0.3/32 flowid 1:20 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.0.3/32 flowid 1:20 When I start a download from one computer the speed is limited at 256Kbit/s (this is OK) When I start a download from both machines the speed for each oneis 256Kbit/s. They are getting 512Kbit/s together and the 384Kb parent link is not working. Whatis wrong ??? Regards Ricardo STATS: ### eth0: queueing disciplines qdisc sfq 200: quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 100: quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc cbq 1: rate 100Mbit (bounded,isolated) prio no-transmitSent 711595 bytes 7024 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 60 undertime 0 ### eth0: traffic classes class cbq 1: root rate 100Mbit (bounded,isolated) prio no-transmitSent 711595 bytes 7024 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 60 undertime 0class cbq 1:10 parent 1:1 leaf 100: rate 256Kbit prio no-transmitSent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 707804 undertime 0class cbq 1:1 parent 1: rate 384Kbit (bounded) prio no-transmitSent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 471277 undertime 0class cbq 1:20 parent 1:1 leaf 200: rate 256Kbit prio no-transmitSent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 707804 undertime 0 ### eth0: filtering rules filter parent 1: protocol ip pref 1 u32 filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 match 0a02/ at 12filter parent 1: protocol ip pref 1 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 1:20 match 0a03/ at 12 ### eth1: queueing disciplines qdisc sfq 200: quantum 1514b perturb 10sec Sent 4541217 bytes 3268 pkts (dropped 0, overlimits 0) backlog 14p qdisc sfq 100: quantum 1514b perturb 10sec Sent 4341261 bytes 3054 pkts (dropped 0, overlimits 0) backlog 25p qdisc cbq 1: rate 100Mbit (bounded,isolated) prio no-transmitSent 10606524 bytes 9897 pkts (dropped 0, overlimits 11757) backlog 39p borrowed 0 overactions 0 avgidle 60 undertime 0 ### eth1: traffic classes class cbq 1: root rate 100Mbit (bounded,isolated) prio no-transmitSent 10550332 bytes 9859 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 62 undertime
[LARTC] CBQ Problem
Hi. I want to shape traffic from some IPs in my lan, but I'm w/ trouble. I have a linux box connected to the Internet. In the other side of this box is my LAN. I want to create the following scenario: My root qdisc is attached to a 100Mbit/s NIC I want to create a class attached to this qdisc that will limit thetraffic at 384Kbit/s. I want to createtwo leaf classes that limits thetraffic at 256Kbit/s. I want to attach twosfq qdiscs so two classes are treated equally. I want toput one LAN IP for each leaf class. When one IP is downloading a file from internet it will never be more than 256Kbit. When both IPs is downloading files at the same time, they will never be more than 384Kbit. (I think that is something like the webserver + smtp example that is in the howto) My config: tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 384Kbit weight 38Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded tc class add dev eth1 parent 1:1 classid 1:10 cbq bandwidth 100Mbit rate 256Kbit weight 25Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000tc class add dev eth1 parent 1:1 classid 1:20 cbq bandwidth 100Mbit rate 256Kbit weight 25Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 tc qdisc add dev eth1 parent 1:10 handle 100: sfqtc qdisc add dev eth1 parent 1:20 handle 200: sfq tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.0.2/32 flowid 1:10tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst 10.0.0.3/32 flowid 1:20 When I start a download from one machine, the speed is limited at 256Kbit/s (this is OK) When I start a download from both machines, the speed for each machine is limited to 256Kbit/s. They are getting 512Kbit/s together. I want limit this speed at 384Kbit/s, so traffic from each machine will never bemore than192Kbps when both are in use. Why it is not working for me ??? What is the mistake ? Thank You. Ricardo
[LARTC] Modify the TCP Window size
Hi lartc users, When a packet arrived to a network device it was stored on a skb structure and then enqueue on a network stack. One of the tests that I want to do is modify the TCP window size and verify the changes on the bandwidth between two hosts. To do that I need to know how to modify de packet window size and maybe recalculate the checksum value of the TCP packet. All I can do is read the information of the packet stored on the skb structure. Do you have any ideas? I'll need to be enlighted Ricardo _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] New Qdisc - How to
Hello again, The problem is almost solved (I thing) I re-instaled the iproute2..this time with /tc into /iproute2 and modified three files: - Makefile (modify) - tc_qdisc.c (modify) - q_bric.c (new) Once more, the files are based on bfifo schedule I compiled them with gcc and the only things I'd got were a lot of warnings and erros caused by others files. the ggc line was: gcc -c -O2 -fomit-frame-pointer -fno-strict-aliasing -I/usr/src/linux/include -DMODULE -DMODVERSION -D__KERNEL__ -Wall -Wstrict-prototypes -pipe -o file_out.o file_in.c where file_in were tc_qdisc.c and q_bric.c Do you have some idea where I failled? Thanks on advance. RIcardo Leite From: Stephen Hemminger [EMAIL PROTECTED] To: Andreas Klauer [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [LARTC] New Qdisc - How to Date: Fri, 21 May 2004 08:55:08 -0700 On Thu, 20 May 2004 20:08:31 +0200 Andreas Klauer [EMAIL PROTECTED] wrote: Am Thursday 20 May 2004 19:04 schrieb Ricardo Leite: - Put the new qdisc routine sch_ric.c into the directory /usr/src/linux/net/sched/ , - Insert a new line on the file /net/sched/Makefile, - Insert a new line on the file /net/sched/Config.in, - Insert a new line on the file /include/linux/pkt_sched.h, - Insert a new line on the file /net/sched/sch_api.c That's the kernel part. tc qdisc add dev eth0 root bric limit 10 the kernel (or the tc command) couldn't find the the bric qdisc. I haven't read the source, but I assume - seeing how tc needs to be patched in order to support HTB - that you need to add support for your scheduler to the tc program itself too. Actually, the tc program supports adding disciplines w/o recompiling. Haven't tried it, but it looks for a shared library called q_XXX.so (where XXX is the new queue name). The shared object needs to define a struct qdisc_util that defines the new disciplines handles. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] New Qdisc - How to
Hello Lartc's users, This is my first contact. I'm trying to implement a new queue discipline based on bfifo schedule. I search on internet but there are some problem(s) that I don't Know how to solve them and that's why I'm here asking for your help. Well, These were my steps for the implementation: - Put the new qdisc routine sch_ric.c into the directory /usr/src/linux/net/sched/ , - Insert a new line on the file /net/sched/Makefile, - Insert a new line on the file /net/sched/Config.in, - Insert a new line on the file /include/linux/pkt_sched.h, - Insert a new line on the file /net/sched/sch_api.c Then I created a new kernel, which include the new qdisc: - make menuconfig - make dep - make clean - make bzImage - make modules - make modules_install - Change the lilo.conf Reboot when I tried to program my qdisc with the tc command tc qdisc add dev eth0 root bric limit 10 the kernel (or the tc command) couldn't find the the bric qdisc. I think that I shoud change more files, but I don't know which they are. Do you know what am I doing wrong? Cheers! Para os Portistas...Saudações Dragonárias Ricardo Leite _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] New Qdisc - How to
I already saw some messages... And Thanks to all Message from Andreas and completed by DamJan I haven't read the source, but I assume - seeing how tc needs to be patched in order to support HTB - that you need to add support for your scheduler to the tc program itself too. unfortunatelly the TC userspace program needs to be patched also How can I do that? ** Message from X-Arnie you need to change the tc source too my tc source it's on /sbin/tc I think this is the right place for the source, isn't it? ** I saw in the internet an example which someone change the file tc_qdisc.c on /iproute2/tc/ I've got /iproute2 but I can't find /iproute2/tc maybe this is the problem. I don't know how to push tc into iproute2 and into the sbin/tc there isn't the file tc_qdisc.c Hey,Ho! Ramones Let's Go... From: Andreas Klauer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [LARTC] New Qdisc - How to Date: Thu, 20 May 2004 20:08:31 +0200 Am Thursday 20 May 2004 19:04 schrieb Ricardo Leite: - Put the new qdisc routine sch_ric.c into the directory /usr/src/linux/net/sched/ , - Insert a new line on the file /net/sched/Makefile, - Insert a new line on the file /net/sched/Config.in, - Insert a new line on the file /include/linux/pkt_sched.h, - Insert a new line on the file /net/sched/sch_api.c That's the kernel part. tc qdisc add dev eth0 root bric limit 10 the kernel (or the tc command) couldn't find the the bric qdisc. I haven't read the source, but I assume - seeing how tc needs to be patched in order to support HTB - that you need to add support for your scheduler to the tc program itself too. Andreas ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Ingress Problems with IPv6
Hi I'm doing some work with QoS Routing, and I'm using the TC tool. For what I have searched, I can't make the TC work with the Ingress Qdisc and filter the traffic. Do you know, what can be the problem... Best Regards Ricardo Pedro ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] htb+redhat7.3
Hi there: The original kernel included in RedHat 7.3 does *not* include htb support. You have to patch that kernel if you want to use htb. Visit http://luxik.cdi.cz/~devik/qos/htb/ for further instrucctions. Good luck. Ricardo Soria. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Difficulties trying to control VOIP traffic with TC - HTB
Hi all: I hope someone can help me with this little problem... I'm using a linux script to sub-divide my bandwidth (64kbit) into: 40kbit for VOIP, and the remaining 24kbit for http. So, the commands I'm using are: #!/bin/bash # This script shapes downloading stuff # Initial qdisc tc qdisc add dev eth1 root handle 1: htb default 20 r2q 2 # Classes definition tc class add dev eth1 parent 1: classid 1:1 htb rate \ 64kbit ceil 64kbit tc class add dev eth1 parent 1:1 classid 1:10 htb \ rate 40kbit ceil 40kbit prio 0 tc class add dev eth1 parent 1:1 classid 1:20 htb \ rate 24kbit ceil 24kbit prio 1 # Filters # This is filter for VOIP tc filter add dev eth1 protocol ip parent 1:0 prio 1 \ u32 match ip dst 1.2.3.4 flowid 1:10 # Remaining traffic is supossed to go to default 20 class # Script end I reached this script after a lot of investigation and tryings. So, the bandwidth distribution seems to be ok. But here my problem: Every time a person is using VOIP, and another person starts surfing the Internet (from a different IP, of course) at the same time, the sound quality of the VOIP decreases notably. I have priorized VOIP traffic, as it can be seen on prio 0. I even used IPTABLES statements to set Minimize-Delay to packets coming from VOIP ip address. But every effort seems to be unuseful: Every time someone opens web browser, VOIP sound quality goes down... So, could someone tell me what's wrong about my script?? I know it is possible to get what I'm trying with htb, anyway... Very thanks to everybody. Cheers. Ricardo Soria. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Layer 7 support for tcng ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 07 October 2003 21:15, Matthew Strait wrote: The plan is to port l7-filter to Netfilter. Once this is done, Netfilter can put marks on the packets that the pre-existing fw filter can use. This approach requires no changes to tcng (or tc). However, it does complicate shaping, since two steps are needed rather than one (i.e. mark HTTP as 6; limit 6 to 1mbps, rather than limit HTTP to 1mbps). In the long term, I'd like to have full layer7 support in both QoS and Netfilter. This would be perfect. It doesn't really complicate my setup since i already use shorewall as firewall and that has support for marking packets already. Is this anywhere near to being usable ? Will it be 2.6 only ? - -- +-+ |PGP Public Key: http://sys49152.net/pubkey.asc | +-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/g0bjRslfH2ZQjFARAkgzAKCOuq5likCa+mSomisEAmBHw6+xlQCeMcSU UqsaFBqzpqWMw1v2/QWHi0Y= =FWZT -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Layer 7 support for tcng ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep, thats right. Does it exist somewhere ? Will it ever ? Currently i use tcng for my bandwidth shaping and i really didnt want to change to bare tc scripts. - -- +-+ |PGP Public Key: http://sys49152.net/pubkey.asc | +-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/f3HHRslfH2ZQjFARArZFAKDmAOz0u0t2M+Rd8UIAah1FouwzLACdHnVW zALy7xbns/KUZYk+87l8LwI= =JIhc -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: RE: [LARTC] bandwidth limiting incoming data
Message: 11 Subject: RE: [LARTC] bandwidth limiting incoming data From: K S Sreeram [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: 24 Jun 2003 09:18:18 +0530 On Mon, 2003-06-23 at 22:05, S Mohan wrote: Let us say eth0 is connected the Internet and eth1 to the local LAN. Then shaping outgoing traffic on eth1 is equivalent to throttling incoming on eth0. Another alternative is to use the IMQ device. I recommend the first method. Hi all Mohan Could you explain me why do you thinks that's is better to use throttling incoming on eth0 instead of the use of IMQ??? any particular technical explanation??? I'm asking cause i'm newbie and i've been studying LARTC and IPTABLES.( believe , very hard stuff..80)) thanx's in advanced The problem is that I dont have a separate router. I have a single machine (a laptop), which is connected to the internet with a 128kbps connection. I dont know how to do incoming traffic shaping, when only one machine is present, which is typical in home usage scenarios. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of K S Sreeram Sent: Monday, June 23, 2003 6:01 PM To: lartc Subject: Re: [LARTC] bandwidth limiting incoming data On Mon, 2003-06-23 at 05:47, Trevor Warren wrote: Hello Sreram, AFAIK all Traffic Shaping be it Ingress/Egress can be done at your end. This will help majorly on the link at your end by prioritising trafic appropriately. You can't possibly change traffic priorities at your isps end. Maybe my mail wasnt clear, but what i wanted to know is how to shape incoming traffic on my box, and not at the ISP's end, which I cant control. On Mon, 2003-06-23 at 17:38, K S Sreeram wrote: Hi I am connected to the internet thru a 128kbps connection, with a single box. There is no separate router. I have a 'cvs update' going on for a rather large repository. Whenever there is any HTTP traffic(browser/wget/apt-get etc), the CVS traffic seems to come to a halt. So it looks like my ISP is giving higher priority to HTTP traffic. Is there any way I can give higher priority to the CVS traffic? I have read lartc, but all the techniques it talks about (cbq, htb etc) works only for outgoing traffic, not for incoming data. I am not sure if the ingress qdisc is suitable for this problem In freebsd, I could use 'ipfw pipes' to control incoming traffic too.. Is there a similar mechanism that can be done in linux? Regards Thanks in Advance! -- ( -GNU/LINUX, It's all about CHOICE - ) /~\__ [EMAIL PROTECTED] __ /~\ | \) / Pre Sales Consultant - Red Hat \ (/ | |_|_ \9820349221(M) | 22881326(O) / _|_| \___/ -- K S Sreeram Director of Research Tachyon Technologies Pvt. Ltd. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Paulo Ricardo Bruck - consultor Contato Global Solutions tel 011 5646-7977 011 5521-8049 cel 011 9235-4327 R Bourbom, 56 04663-160 São Paulo SP signature.asc Description: PGP signature
Re: [LARTC] Layer-7 =?iso-8859-1?q?Filter
?= Date: Sat, 31 May 2003 17:40:53 +0100 User-Agent: KMail/1.5.9 References: [EMAIL PROTECTED] [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] X-KMail-Link-Message: 443491 X-KMail-Link-Type: reply MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Message-Id: [EMAIL PROTECTED] Status: RO X-Status: Q X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: On Saturday 31 May 2003 16:35, Stef Coene wrote: Hi, Layer 7 filtering was a topic on slashdot ! http://slashdot.org/article.pl?sid=03/05/30/180224mode=threadtid=106tid= 185 After reading some slashdot comments, I downloaded the source. And I have some comments on it. I think these comments also belongs to the faq page of the layer 7 filtering page. First of all, this is not a packet filter, it's a connection filter. So once a connection is classified as http, all following packets beloning to that connection are classified as http. I just wonder if it also works for ftp traffic with seperate command and data connections. Which was exactly what i wanted, but then i opened the page and saw its only for 2.5 kernels. I'm not about to put a 2.5 kernel in my router. I doubt it works for protocols like FTP as it uses regular expressions to identify the protocol much like a virus program. The data connection of FTP might not have any identifying data... A good way of doing that would be a plugin system, in which such plugins could interpret the protocol. Maybe some kind soul will backport it to 2.4 so i can test it :) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] [LONG] Weird problem with HTB using htb.init
On Monday 17 March 2003 17:25, Stef Coene wrote: Mhh. It can be. If you add a sfq qdisc, each connection will create a new entry in the hash key. But I don't know what happens if the hash key is full. If all other connections end up in 1 hash key, it's possible that you get timeouts. Hmmm, i closed emule and started an upload using all my UP bandwidth a download using roughly what emule used. They all fall into the same classes that emule traffic did. I get no timeouts this way. If the number of connections is the problem, is there anyway to prevent this ? Thanks ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] [LONG] Weird problem with HTB using htb.init
On Tuesday 18 March 2003 02:20, S Mohan wrote: Could it be a problem of port mapping? Emule, edonkey and other use free ports and are not specific about which port they use. If they try to use some ports blocked for inward traffic, timeouts are logical. I may be wrong here as I do not know the exact set up. I dont think so, because i experience timeouts with protocols like http,smtp, etc which have standard ports. Emule doesnt timeout or if it does i dont get notified about it. It must be because of the large connection numbers. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] [LONG] Weird problem with HTB using htb.init
On Sunday 16 March 2003 22:13, Stef Coene wrote: You have a sfq qdisc attached to your parent class. That's not possible. You can add the sfq qdisc, but if you add a child class, the sfq qdisc is removed. Hmm, i removed it. Still timeouts, but it wouldnt matter as it would be removed anyway. I looked at your tc stats, and I found it strange that you have negative tokens and ctokens. But I don't think this is causing the http timeouts. If you have these timeouts, is your link havely used? If yes, you can try to prorize ACKS/SYN packets. I've seen it happening when i'm limiting emule traffic to 150kbit/s download 30kbit/s upload and the emule program itself showed it was not above those limits through its graphs. One thing with emule is it creates ALOT of connections. I have alot of downloads on queue and some of those have more than 1500 sources. Could it be that the huge number of connections is confusing some part of Linux QoS ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/