Re: [LARTC] Load balancing with failover

[Steen Suder, privat]

Tushar Thakker wrote:
Hi all,
i have network setup with 3 gateways and a large number of intranet nodes,
i want to do automatic load balancing with failover,
i have put following ip rules and routes,
ip rule add prio 222 table 222
ip route add default table 222 proto static \
nexthop via $GWE1 dev $IFE1 \
nexthop via $GWE2 dev $IFE2 \
nexthop via $GWE2 dev $IFE3 \
Now, i also want to do failover,
but the point is that what shall i need to do about deleting the route cache as soon 
as some gateway becomes dead or unavailable,
what the system will do on its own and what we need to do for this,
i need a help,
AFAIK, You'd have to look at Julian's routepatch(es): 
.

Search for "Dead Gateway Detection".

It may not be the entire solution, but a step in the right direction.

--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Fair queueing: SFQ vs TBF

[Steen Suder, privat]

ArtÅras Ålajus wrote:
Hello,

  I have one Q. What is better when using as leaf in one leaf with
several hosts (like subnet) to splice traffic equaly to user number?
Like 2 users = 256/2, 3 = 256/3 and so on. WRR was pretty good for this
job, but it's only for 2.4.21 kernels and mine's 2.4.22.
  So what is better: SFQ or TBF?
I use wrr on 2.4.23 with succes.

--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Problems with ICQ etc. on nano-setup

[Steen Suder, privat]

c0g wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| Can one "bind" traffic from one LAN-user to the same DSL, effective in
| lets say 10 minutes from the initial connection?
| Can some magic with conntrack be put to use?
You should do Equal Cost Multipath (iproute) + MARK target instead of
state-based loadbalancing for problematic protocols/sites.
Create table with default route thru multiple gateways with equalize
option. Then direct problematic traffic to this table (using routing
rules and mark matching)
Could I not just apply this method to all traffic?

Equal Cost Multipath chooses route based on source and destination IP,
so it bounds client to route, no matter how many connections that client
made.
Sounds better, actually.

Can you point in the direction of some practical examples?
Perhaps some specific documentation?
It works for me.

PS: I assume you have separate network interface in your Linux router
for each DSL, so you can do SNAT on each interface. If you have them
connected to one NIC then it not that simple, but may be resolved with
route realms (but not sure for 100%).
This assumption is correct. The box has a separate, physical interface 
for each DSL and I do simple SNAT for each outgoing (DSL) interface as 
it is now.

--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Nano and "stateful" protocols?

[Steen Suder, privat]

On some of nano-setups that I run, the users complain (dont they always? 
;-) about being unable to use https and sometimes http, tyically in 
cases where there is a login (and a corresponding cookie), ICQ and other 
systems that not always keeps the initial connection.

They complain about being "thrown off" and the like.

To me it seems to me that the nano-setup and, thus, the routing is to 
blame in some way.

To resolve the issue in a quick way I can just tie, say, https to a 
given Internetconnection, but I'd rather avoid this because the systems 
are made with a bunch of el-cheapo DSLs and they break down every once 
in a while and I'd like all DSLs to be used equally.

Can these protocols be "helped" in some way while still keeping the 
nano-setup in some form?

--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Problems with ICQ etc. on nano-setup

[Steen Suder, privat]

Ben Efros wrote:
Since you are doing SNAT on all the dsl lines, I'd suggest using the -j SAME
target available for netfilter.
http://netfilter.org/documentation/pomlist/pom-base.html#SAME
As I understand it, SAME cannot be used here since the "loadbalancing" 
in a nano-setup is done by the routing (multiple default gateways) and, 
thus, the traffic is already going out a particular interface when it 
reaches the POSTROUTING chain (where SAME lives).

Also, we have only one public IP on every WAN-if.

If I just could manipulate the routing in the kernel to tie new 
connections from a given LANuser to a specific WANif, at least for a 
brief period of time, I'd think the issue would be solved.



--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Problems with ICQ etc. on nano-setup

[Steen Suder, privat]

I administer a nano-setup on a dorm-network with a couple of hundred 
active users.

The setup uses 2 x 2 2Mb/s DSLs, meaning two DSLs from each of two 
different ISPs.

It works fine except for some minor glitches:

https-sites often kicks users. This was solved by tying outbound https 
to a single DSL. Not the best solution but it works so far that users 
dont kicked from the sites anymore. Now they can put credits on the 
SIM-cards again ;-)

ICQ-logins is a pain as it often takes several attempts (4-8 usually) to 
get connected to ICQ.
I've tested with the latest micq from a host on the LAN and it says 
"Connection refused (111)". The same behaviour goes for all other 
(reported) clients of all kinds on the LAN. On the same time ICQ works 
fine from othe locations.

Now I'm wondering and it is somewhat ICQspecific: when one connects to 
ICQ one gets redirected to another server. Perhaps this redirect causes 
the connection to take another DSL on its way onto the Internet... and 
maybe the new sourceaddress causes the ICQ-server to drop the connection 
attempt due to difference between the initial sourceaddress and the 
"second" sourceaddress.

Now, the simple way to solve this issue is to bind anything even 
remotely related to ICQtraffic to one single DSL, but I'd really like to 
solve this "The Proper Way".

Suggestion:
Can one "bind" traffic from one LAN-user to the same DSL, effective in 
lets say 10 minutes from the initial connection?
Can some magic with conntrack be put to use?

1. How can I find out what is causing this "glitch"?

This would be rather important since it could be the cause of other 
"irregularities" in the operation.

2. How is this solved?



A snippet from the /etc/sysctl.conf:

net.ipv4.route.max_size=32768
net.ipv4.route.gc_min_interval=5
net.ipv4.route.gc_interval=300
It's a 2.4.23-box and it does SNAT on all four DSLs.
It's pretty open from the inside towards the Internet.
--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Problem with htb and fwmark

[Steen Suder, privat]

Steen Suder, privat wrote:
Morten Isaksen wrote:

Hi!

I am trying to prioritize udp traffic to satisfy our gamers.




I can see that the counters in "iptables -t mangle -L -v -n" is 
counting up,
but the counters in "tc -s class ls dev eth0" is not.

I have also tried not to use fwmark but added the rules directly with "tc
filter...", but with same results...
Have I forgotten something, or what is the problem?


I have the exact same problem here; has anyone found the reason and/or a 
fix?

I use 2.4.22 here. I worked with 2.4.20.
By some sort of accident I found the cause for the "problem" (here at 
least):

Make sure that the attached (to the root in case of HTB) filters 
actually filters the packets to the leaves (leafs?) in the (pseudo-)tree.

Then, if filters are correctly designed, no traffic will go to HTB default.

--
Mvh. / Best regards,
Steen Suder <http://www.suder.dk/>
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Problem with htb and fwmark

[Steen Suder, privat]

Morten Isaksen wrote:
Hi!

I am trying to prioritize udp traffic to satisfy our gamers.


The problem is that the all the traffic is going to the default class no
matter what I do.
I can see that the counters in "iptables -t mangle -L -v -n" is counting up,
but the counters in "tc -s class ls dev eth0" is not.
I have also tried not to use fwmark but added the rules directly with "tc
filter...", but with same results...
Have I forgotten something, or what is the problem?
 says:

"All packets are dropped when "default" is set to nonleaf

Yes. Default kwyword must point to leaf or be 0 (so unclassified packets 
go thru directly). If you want to "direct" other packets to non-leaf do 
it by catch all filter with the largest "pref". "

This smells like something related...

--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Problem with htb and fwmark

[Steen Suder, privat]

Morten Isaksen wrote:
Hi!

I am trying to prioritize udp traffic to satisfy our gamers.


I can see that the counters in "iptables -t mangle -L -v -n" is counting up,
but the counters in "tc -s class ls dev eth0" is not.
I have also tried not to use fwmark but added the rules directly with "tc
filter...", but with same results...
Have I forgotten something, or what is the problem?
I have the exact same problem here; has anyone found the reason and/or a 
fix?

I use 2.4.22 here. I worked with 2.4.20.

--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Re: HTB and filters on many levels - Workaround found

[Steen Suder, privat]

Daniel Brahneborg wrote:
I found a little workaround, but I'm not really happy with it.


I then use iptables -j MARK to set a '1' if the traffic comes from
eth1.  If not, it should end up in 1:2, and 1:1 and 1:2 should be able
to borrow from each other.


What I do now is to use ipfilter to set marks on the packets for all six
classes, and then set all filters on 1:0.  A bit more work for iptables,
but it seems to work.  Is it a bug that a fiter can't be added to a class?
It's by design AFAIK.
Packets are enqueued at qdiscs and, thus, it is only meaningful to be 
able to attach filters to qdiscs.

I may be wrong though...

Also, the HTB docs instructs the user to attach filters to the root.

--
Mvh. / Best regards,
Steen Suder 
ICQ UIN 4133803
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Depth-argument for sfq?

[Steen Suder, privat]

I'm not a programmer per se (including C), but...

I'd like to be able to give the define in sch_sfq.c (of, say, 2.4.20), 
SFS_DEPTH other values than 128 as an argument on the tc commandline. It 
could be powers of two up to 2^7 (128) as it seems that 128 is the 
current maximum.

I'm a little anxious to ask the question "How do I do that?" ;-)
Instead I'd like to hear if anyone has done something similar?

--
Mvh. / Best regards,
Steen Suder		
ICQ UIN			4133803

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Sch_teql or multilink def. gw?

[Steen Suder, privat]

I'm to build a "bundlerbox" spanning over two or more DSLlines as 
outlined in the .

The idea is to multiplex a LAN over e.g. four cheap DSLs, SNATing it in 
the action. The DSLs are from different ISPs, but all equal in speed 
(2048/512Kb/s).

Now, it has come to my attention that there exist a tc-module called 
sch_teql.

As I understand it sch_teql + SNAT on each device will functionally be 
the same as the

"ip rule add prio 222 table 222
ip route add default table 222 proto static \
		nexthop via GWE1 dev IFE1 \
		nexthop via GWE2 dev IFE2" -thing from nano.txt.

Which one is the better one in terms of overall performance, usability 
and stability seen from a users perspective?

I know that there has been several questions regarding "cheap 
line"-multiplexing, but I couldn't a definitive answer to my question.

Either that or I havn't really understood what sch_teql does and how it 
could be utilized.

Another, though related question:

The multilink def. gw-example above does gw-selection on a per-session 
basis, as I've understood it.
The keyword "equalize" as in
"ip route add default equalize nexthop via gateway.number.1.ip \
	dev eth0 nexthop via gateway.number.2.ip dev eth1"

chooses routes on per-packet basis.
Can they both be used for my "box"? Why/Why not?

--
Steen Suder

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Bandwidth

[Steen Suder, privat]

Morten Isaksen wrote:

We are running with an 8 Mbit WAN link and are using wrr to shape the
traffic between 800 users. This works fine and all the bandwith are en
use most of the time.


Sorry to break in to the thread like this, but...

1. Is it one single 8/8Mb link?
2. Hows the tc configuration? (Like the example in the wrr-package?)
3. Are there any latency-problems?
4. What measures has been taken to ensure low latency?



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] "Fan-in/fan-out" tc filters?

[Steen Suder, privat]

Stef Coene wrote:

I'd like to do that to make sure that the system overall favours
interactive traffic before "bulk". Games and other latency-dependant
traffic types must perform the best on the cost of ftp-download or similar.

Attaching pfifo_fast, PRIO or triple (low/medium/high priorities) HTB
qdiscs to the root is easy but it seems that it is impossible to attach
/one/ WRR afterwards.


What do you mean with WRR?  Weighted Round Robin?  Or the wrr qdisc?


The qdisc wrr. It has the possibility to set "penalty" through different 
weigths.

If you want to improve latency for certain traffic, you can create 2 htb 
classes.  One with a lower prio parameter to get low latency and an other 
class with all other traffic.
To give each pc on the network the same opportunity to send something, create 
100 sub classes with parent=second class.  To get fairness / pc, you can add 
a sfq to each class.  You can do the same for the low prio class.  If you 
don't care about fairness / pc, you can add 1 esfq qdisc instead of the 100 
sub classes.

I want to make sure that given an assortment of packets containing 
different kinds of traffic, say game and download, the game packets will 
be in front of the download packets when they are dequeued from the 
leafs of the wrr qdisc.

The idea was to have all traffic go through the same wrr qdisc. They 
just had to "reordered" before going to the wrr qdisc. Does that make sense?

Partly derived suggestion:

   DEV
|
-
|  HTB  |  "Bottleneck" - needed
-
|
|
 ---|
/   |
   /|
  / |
     
  |  HS  |   | BULK |  HS = High Speed, low latency
       Bulk = The rest
  | |
    |
  | SFQ  |  |  Maybe a complementary SFQ?
    |
|
|
 ---
 | WRR |   wrr qdisc - needed to give
 ---   instant penalties to heavy
|  downloaders
|
 ---|
/   |\
   /| \
  / |  \
  ---------
  | SFQ || SFQ || SFQ |x 100
  ---------

This solution could very well give better performance for the filtered, 
interactive traffic. I just have to make sure that the volume i HS 
doesn't get to big to keep users happy.

They're so picky ;-)

--
Mvh. / Best regards,
Steen Suder		
ICQ UIN			4133803

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/