Re: [LARTC] Re: LARTC Digest, Vol 34, Issue 12
"m.a.t.e.o" wrote: > ### > for the MAC address: M0M1M2M3M4M5 > > tc filter add dev eth1 parent 1: protocol ip prio 5 u32 > match u16 0x0800 > 0x at -2 match u16 0x4455 0x at -4 match u32 > 0x00112233 0x > at -8 flowid 1:40 > > ### Have you tried "protocol all" rather than "protocol ip"? I tested M0M1M2M3M4M5 (a long time ago) and it did work for eth1 and imq0. I guess that when the interface it was used on "saw" the MAC specified by it then I got a match. It did not work when the machine was too far away (in # hops), probably because then the MAC is no longer "visible". In short, M0M1M2M3M4M5 matched any computer on my internal LAN and the gateway of my ISP but nothing else. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How does one increase the output buffer size?
Quoting Andy Furniss <[EMAIL PROTECTED]>: > gypsy wrote: > > In 2.4 kernels, there was a [bp]fifo that could be implemented with 'tc > > add', but in 2.6 kernels, I find no way to create either of these > > fifos. I am able to increase txqueuelen. > > > > What I desire is a larger number of backlogged packetes before drops > > occur. > > > > How can the output buffer size be increased for HTB? > > [b|p]fifo and sfq and limit parameter work OK for me as children of htb > leaf classes on all the 2.6s I've used. > > Andy. Could you please check your .config file and tell me the name of the line that creates b|pfifo module? "It just ain't there" for me... -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB performance improvement
gypsy wrote: > > > tc qdisc add dev eth0.2 root handle 1: htb > > tc class add dev eth0.2 parent 1: classid 1:1 htb rate 1 ceil > > 1 burst 100 quantum 1600 > > tc class add dev eth0.2 parent 1:1 classid 1:10 htb prio 1 rate > > 7000 ceil 7000 burst 100 quantum 1600 > > tc class add dev eth0.2 parent 1:1 classid 1:11 htb prio 2 rate > > 1000 ceil 1000 burst 100 quantum 1600 > > tc class add dev eth0.2 parent 1:1 classid 1:12 htb prio 3 rate > > 1000 ceil 1000 burst 100 quantum 1600 I just noticed that you're trying to shape "aliases". You can't. You must shape eth0 because you can't shape eth0.2. I'm just repeating what I've heard/read, so do your own research. But I bet you a quarter I'm right :) -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] How does one increase the output buffer size?
In 2.4 kernels, there was a [bp]fifo that could be implemented with 'tc add', but in 2.6 kernels, I find no way to create either of these fifos. I am able to increase txqueuelen. What I desire is a larger number of backlogged packetes before drops occur. How can the output buffer size be increased for HTB? -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB performance improvement
> Koblensky Mingyur wrote: > > Hi all ! > i'm looking at the performance of the HTB algorithm/implementation > because i would like more packets/sec !! > this is the scenario of the performance test: > > i'm using an embedded system with: > SPEED CPU: 399,999 MHz > RAM: 128 MByte > FLASH: 16 MByte > EEPROM: 8Kbyte > PROCESSOR MPC8272 > > 1) with none qos configuration (system conf) i've obtained: TX > 29940 packets/sec RX 29948.98 packets/sec with 2 packets lost > 2) with only system conf + iptables marking support TX/RX > 24950 packets/sec, 8 packets lost > 3) with only system conf + u32 support TX/RX > 29950 packets/sec, 5 packets lost > 4) with only system conf + HTB with iptables mark classifier TX/RX > 13000 packets/sec, 0 packets lost > 5) with only system conf + HTB with u32 classifier TX/RX > 19290 packets/sec, 0 packets lost > > tc qdisc add dev eth0.2 root handle 1: htb > tc class add dev eth0.2 parent 1: classid 1:1 htb rate 1 ceil > 1 burst 100 quantum 1600 > tc class add dev eth0.2 parent 1:1 classid 1:10 htb prio 1 rate > 7000 ceil 7000 burst 100 quantum 1600 > tc class add dev eth0.2 parent 1:1 classid 1:11 htb prio 2 rate > 1000 ceil 1000 burst 100 quantum 1600 > tc class add dev eth0.2 parent 1:1 classid 1:12 htb prio 3 rate > 1000 ceil 1000 burst 100 quantum 1600 First, your quantum is wrong. Think of HTB as a NIC. You are sending packets out via that "NIC", and those packets must be 1600 bytes big before being sent. Since a "normal" packet is up to 1500 bytes, you're making HTB take part of the next packet before it can send. Your burst is also huge enough to swamp the interrupt controller. Consider 16K or 32K instead. Unless you get complaints during the load of the above, do not specify any quantum, or specify the quantum HTB sets for rates that do not complain. The next likely reason for you to be at "half spped" is that HTB is using the wrong clock. Which clock and what speed are kernel version dependent. Part of what I snipped referred to 10/100 ethernet. Normally that will not trigger any, but be sure that when you run a 'tc -s class ls dev $IFE' (where IFE is the correct interface) that "giants" are always zero. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] RE: Sluggish throughput with htb
Andrew Kraslavsky wrote: > > All, > > Follow up to the problem I reported earlier: > > > I have been using the following as a means of rate limiting > > access to the Internet via eth0 (which connects to my cable > > modem) and it was working great with my 2.4.20 kernel: > > > > tc qdisc del dev eth0 root > > tc qdisc add dev eth0 root handle 1: htb default 1 > > tc class add dev eth0 parent 1: classid 1:1 htb rate 486kbit ceil 486kbit > > tc qdisc add dev eth0 parent 1:1 handle 10: sfq perturb 10 > > > > However, after recently updating to kernel version 2.6.15, > > throughput on eth0 has become sluggish and it is only by > > disabling the above that performance is restored. > > > > Also, I see a whole slew of the following messages in my log: > > > > qdisc_restart: Empty queue has non zero length 1 > > I see negative "tokens" and "ctokens" values listed when I do a "show" on the > class of eth0: > > $ tc -s -d class show dev eth0 > > class htb 1:1 root leaf 10: prio 0 quantum 6075 rate 486000bit ceil 486000bit > burst 2206b/8 mpu 0b overhead 0b cburst 2206b/8 mpu 0b overhead 0b level 0 Why is the quantum so large? Is this a gigabit NIC? > Sent 614100 bytes 578 pkts (dropped 0, overlimits 0) > rate 31312bit 3pps backlog 106p This backlog and the 472 borrowed below are what are causing your negatives. > lended: 472 borrowed: 0 giants: 0 > tokens: -33271 ctokens: -33271 > > Are the "tokens" and "ctokens" values ever supposed to be negative? Yes. > If so, what does the negative value mean (e.g. borrowed or lent tokens?). I don't know. Read the HTB docs. If not, is this indicative of a problem that is at all familiar to anyone? > > Thanks, > > - Andrew Kraslavsky My guesses are: 1) The clock used by HTB is too slow. 2) This is a gigabit NIC not correctly set up. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Giants on IMQ0
Why am I getting giants on imq0?
How do I stop that?
==
imq0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:39880312 errors:0 dropped:0 overruns:0 frame:0
TX packets:39878715 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1024
RX bytes:1192463070 (1137.2 Mb) TX bytes:1190162553 (1135.0
Mb)
**
# IMQ: (HERE <-- INTERNET)
modprobe imq numdevs=1
# Since class 1:10 uses the default pfifo_fast, we need to give it
txqueuelen
# packets because pfifo_fast drops incoming packets when the queue fills
up:
ip link set $IMQ up txqueuelen 1024
# Install root HTB, point default traffic to 1:30:
tc qdisc add dev $IMQ root handle 1: htb default 30
# Shape everything at DNLINK speed:
# Root class
tc class add dev $IMQ parent 1: classid 1:1 htb rate ${CEIL}kbit burst
16k cburst 16k
# High priority (interactive) class 1:10
tc class add dev $IMQ parent 1:1 classid 1:10 htb rate
$[Ii*$DNLINK/100]kbit \
ceil ${CEIL}kbit burst 6k cburst 6k quantum 1500 prio 1
# Accelerated class 1:20
tc class add dev $IMQ parent 1:1 classid 1:20 htb rate
$[Ai*$DNLINK/100]kbit \
ceil $[98*$CEIL/100]kbit burst 16k cburst 16k quantum 1500 prio 2
# Bulk & default class 1:30
tc class add dev $IMQ parent 1:1 classid 1:30 htb rate
$[Bi*$DNLINK/100]kbit \
ceil $[96*$CEIL/100]kbit burst 10k cburst 10k quantum 1500 prio 3
**
Received on imq0:
qdisc htb 1: r2q 10 default 30 direct_packets_stat 0
Sent 14075058106 bytes 39878630 pkts (dropped 1597, overlimits 1288386)
qdisc esfq 20: parent 1:20 quantum 1500b perturb 99sec hash: classic
Sent 11154070435 bytes 8184171 pkts (dropped 1555, overlimits 0)
qdisc esfq 30: parent 1:30 quantum 1500b perturb 20sec hash: classic
Sent 2213692505 bytes 29156106 pkts (dropped 42, overlimits 0)
class htb 1:1 root rate 4862Kbit ceil 4862Kbit burst 16Kb cburst 16Kb
Sent 14075060702 bytes 39878630 pkts (dropped 0, overlimits 0)
rate 2840bit 7pps
lended: 1993306 borrowed: 0 giants: 1158
tokens: 36713 ctokens: 36713
class htb 1:10 parent 1:1 prio 1 rate 23bit ceil 4862Kbit burst 6Kb
cburst 6Kb
Sent 707295166 bytes 2538353 pkts (dropped 0, overlimits 0)
rate 352bit
lended: 2276584 borrowed: 261769 giants: 0
tokens: 287865 ctokens: 13714
class htb 1:20 parent 1:1 leaf 20: prio 2 rate 1385Kbit ceil 4764Kbit
burst 16Kb cburst 16Kb
Sent 11154070435 bytes 8184171 pkts (dropped 1555, overlimits 0)
lended: 6568474 borrowed: 1615697 giants: 0
tokens: 128429 ctokens: 37451
class htb 1:30 parent 1:1 leaf 30: prio 3 rate 3001Kbit ceil 4667Kbit
burst 10Kb cburst 10Kb
Sent 2213692505 bytes 29156106 pkts (dropped 42, overlimits 0)
rate 2448bit 6pps
lended: 29040266 borrowed: 115840 giants: 1158
tokens: 37088 ctokens: 23849
==
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Proxy ARP with a Coyote Point equalizer
Greg Scott wrote: > > Here is a puzzle. > > I have a network with several servers. It's a mess. It's a /24 and > pieces and servers are all over the place inside this /24 block, on both > sides of the firewall. For example, the router at 1.2.3.1 is outside > the firewall and many of the servers at 1.2.3.nnn/24 are behind the > firewall. (Obviously, 1.2.3.nnn is a fudged network.) > > eth0 points outward to the Internet. > eth1 points inward to the serers. > > Both eth0 and eth1 have IP Address 1.2.3.2. I setup proxy ARP like > this: > > echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp > echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp > > And I set up appropriate routes to the systems on both sides of the > firewall. > > This all works - all the systems route the way they are supposed to > route. > > Here is the problem. Behind the firewall is a Coyote Point Equalizer at > 1.2.3.10, with a high-volume website behind it spread across several > servers. Every time I put this proxy ARP firewall in place, that nasty > Coyote Point box dies and this breaks the high volume website behind it > and makes lots of people mad. I've never seen a Coyote Point Equalizer > but I have a hunch it might not get along well with a proxy ARP device > in its same network. > > Here are my questions: > > Proxy ARP really means proxy ARP - that firewall answers ARP requests > for anything and everything it sees, for any network. This also has > consequences for new devices that try to be polite when they set IP > Addresses for themselves by ARPing to see if anyone else answers at that > address. Is there a way to limit proxy ARP to a list of IP Addresses? > > Or - should I forget proxy ARP and look at bridging instead? Can I do > bridging and still access the bridged interfaces remotely? > > Thanks > > - Greg Scott > [EMAIL PROTECTED] See http://yesican.chsoft.biz/lartc/proxy-arp.conf and http://yesican.chsoft.biz/lartc/proxy-arp.sh to see if that helps. The LAN interface (eth0) uses the /proc-/proxy_arp setting while the WAN (eth1) interface uses the script. FWIW, those are my working setups. One computer has a WAN connection (eth1) and all other servers inside connect to its eth0. The above script and config file are on that computer. Note that both eth1 and eth0 have the same IP (66.209.101.198) and netmask. This machine has a third interface (eth2) to the LAN, but that is not material here. If the ISP changes things, which they have done a couple of times, I have to ask them to flush their ARP cache manually because their retention is HUGE (~70 minutes), but except for that, I've never had any problems with this setup. I had no success at all trying to use /proc on eth1. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] ip alias + dsl modem
GodSharp wrote: > > Hi Guys, > > Just wondering for some reason when I switched providers(DSL) IP aliasing > stopped working. And, I am not sure what kind of modem this is, the previous > one had some Ethernet ports at the back(it has a bult-in 4 port switch) the > new doesn't have one, only a single Ethernet port and It is directly > connected to my Linux box. > > My provider gave me a /24 subnet and 9 useable IP's. > > # ip a s eth2 > 6: eth2: mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:08:a1:72:c1:f5 brd ff:ff:ff:ff:ff:ff > inet xxx.xxx.xxx.50/24 brd xxx.xxx.xxx.255 scope global eth2 > inet xxx.xxx.xxx.51/24 brd xxx.xxx.xxx.255 scope global secondary eth2 > inet xxx.xxx.xxx.52/24 brd xxx.xxx.xxx.255 scope global secondary eth2 > inet xxx.xxx.xxx.53/24 brd xxx.xxx.xxx.255 scope global secondary eth2 > inet xxx.xxx.xxx.54/24 brd xxx.xxx.xxx.255 scope global secondary eth2 > inet xxx.xxx.xxx.55/24 brd xxx.xxx.xxx.255 scope global secondary eth2 > inet xxx.xxx.xxx.56/24 brd xxx.xxx.xxx.255 scope global secondary eth2 > inet xxx.xxx.xxx.57/24 brd xxx.xxx.xxx.255 scope global secondary eth2 > inet xxx.xxx.xxx.58/24 brd xxx.xxx.xxx.255 scope global secondary eth2 > > -- settings -- > ip link set eth2 up > ip addr flush dev eth2 > ip addr add xxx.xxx.xxx.50/24 brd xxx.xxx.xxx.255 dev eth2 > ip addr add xxx.xxx.xxx.51/24 brd xxx.xxx.xxx.255 dev eth2 > ip addr add xxx.xxx.xxx.52/24 brd xxx.xxx.xxx.255 dev eth2 > ip addr add xxx.xxx.xxx.53/24 brd xxx.xxx.xxx.255 dev eth2 > ip addr add xxx.xxx.xxx.54/24 brd xxx.xxx.xxx.255 dev eth2 > ip addr add xxx.xxx.xxx.55/24 brd xxx.xxx.xxx.255 dev eth2 > ip addr add xxx.xxx.xxx.56/24 brd xxx.xxx.xxx.255 dev eth2 > ip addr add xxx.xxx.xxx.57/24 brd xxx.xxx.xxx.255 dev eth2 > ip addr add xxx.xxx.xxx.58/24 brd xxx.xxx.xxx.255 dev eth2 > ip route add default via xxx.xxx.xxx.1 > --- end settings --- > > /proc/sys/net/ipv4/ip_forward is 1 > /proc/sys/net/ipv4/ip_dynaddr is 1 My brain refuses to engage this evening, but I think you mean rp_filter, not ip_dynaddr. -- buck ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] LARTC Wiki
Mark Krenz wrote: > > I also think that this would be a good idea. Having examples rulesets > and related firewall and QOS stuff. > > On Tue, Jan 23, 2007 at 03:53:23PM GMT, Andrew Beverley [EMAIL PROTECTED] > said the following: > > I'm not aware of one, and I think it's an excellent idea. > > > > There's some great software available for LARTC, and some of the > > documentation is very good, but unfortunately it's all a bit disparate. > > A wiki would be a great start. > > > > I'd be happy to host one and transfer stuff into it unless someone else > > has a better idea/offer? > > > > Andy Beverley > > > > > > On Tue, 2007-01-23 at 12:46 -0300, Marco Aurelio wrote: > > > Hi all, > > > > > > Since the mail list receives a lot of repeated subjects (for example: > > > "i have two adsl lines..."), maybe these specific issues should be > > > treated on the LARTC Guide, or maybe if we had an wiki? > > > > > > Is there a LARTC Wiki? > > > > > > If not, what do you think about creating one? > > > > > > Thanks > > > > > > -- > > > Marco The existing wiki is at http://linux-net.osdl.org -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB_HYSTERESIS
"Flechsenhaar, Jon J" wrote: > > All: > > I have been told that HTB_HYSTERESIS might have some effect on rate > calculations. This file is usually in > /usr/src/linux/net/sched/sch_htb.c. If I change this file I have to > re-compile. I am not quite sure how to do this. > > Can someone list the steps necessary to re-compile or point me to a doc > that explains how to do so. Thanks. > > Jon Flechsenhaar > Boeing WNW Team > Network Services > (714)-762-1231 > 202-E7 cd /usr/src/linux make modules make modules_install ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] mrtg monitoring shaped traffic
Dave, In a post to LARTC on 18 Sep 06 you said "I run MRTG on all outbound traffic". I'm a newbie with respect to mrtg. I have rrdtool and mrtg built on my Linux box but I have no SNMP so "nothing works". Could you please provide basic instructions for implementing mrtg with respect to traffic shaping? What is needed? Net-SNMP? OpenSNMP? If yes, what is SNMP used for and how is it configured to provide information for traffic shaping? Please also provide whatever configuration is appropriate for mrtg. How does one "make the resulting graphs fairly public"? Abuse is not an issue but seeing how much traffic is in which queue is vital. Thanks for any help. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Fwd: Is there a way to divide one link in to two ?
Indunil Jayasooriya wrote: > > Hi, > > I want to know is there a way to divide a link in to two? > > Below is what I need? > > I have a 64 k link. I want to reserve 32 k for mail and 32 k for web . > > That means dividing 64 k link in to two for mail and web. > > Is it possible in Linux? > > Can iproute or iptables haddle this situation ? > > or can any other pkg do it? > > -- > Thank you > Indunil Jayasooriya Yes. I'd use HTB and "filter match" port 80 and port 25. You can't divide exactly half because there will be unshaped ICMP, UDP and ARP, but those don't usually require a lot of bandwidth so just create a default class for those that has a small rate and ceil, then subtract the default rate from your 64 k and allocate the remainder between mail and web. Don't forget that the sum of rates cannot exceed (about) 95 % of 64 k. Also look for "policy routing" because it discusses alternatives. There is lots of good information. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Wondershaper Errors
Gianluca \"acid_burn\" D'Andrea wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi all!
>
> when I activate wondershaper on my dsl connection (pppoa vc mux), i get
> three errors:
>
> # sh -x /usr/sbin/wshaper ppp0
> + /usr/sbin/xmlstarter setenv tc_downlink
> + DOWNLINK=
> + /usr/sbin/xmlstarter setenv tc_uplink
> + UPLINK=
> + [ -z ]
> + cat /proc/avalanche/avsar_modem_stats
> + grep Connection Rate
> + awk {printf("%d", $8)}
> + DOWNLINK=1504
> + [ -z ]
> + cat /proc/avalanche/avsar_modem_stats
> + grep Connection Rate
> + awk {printf("%d", $4)}
> + UPLINK=320
> + DEV=ppp0
> + /usr/sbin/xmlstarter setenv tc_hipriohostsrc
> + HIPRIOHOSTSRC=
> + /usr/sbin/xmlstarter setenv tc_hipriohostdst
> + HIPRIOHOSTDST=
> + /usr/sbin/xmlstarter setenv tc_hiprioportsrc
> + HIPRIOPORTSRC=
> + /usr/sbin/xmlstarter setenv tc_hiprioportdst
> + HIPRIOPORTDST=
> + /usr/sbin/xmlstarter setenv tc_nopriohostsrc
> + NOPRIOHOSTSRC=
> + /usr/sbin/xmlstarter setenv tc_nopriohostdst
> + NOPRIOHOSTDST=
> + /usr/sbin/xmlstarter setenv tc_noprioportsrc
> + NOPRIOPORTSRC=
> + /usr/sbin/xmlstarter setenv tc_noprioportdst
> + NOPRIOPORTDST=
> + [ ppp0 = status ]
> + [ ppp0 = stop ]
> + tc qdisc del dev ppp0 root
> + tc qdisc del dev ppp0 ingress
> + tc qdisc add dev ppp0 root handle 1: htb default 20
> + tc class add dev ppp0 parent 1: classid 1:1 htb rate 320kbit burst 6k
> + tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 320kbit burst
> 6k prio 1+ tc class add dev ppp0 parent 1:1 classid 1:20 htb rate
> 288kbit burst 6k prio 2+ tc class add dev ppp0 parent 1:1 classid 1:30
> htb rate 256kbit burst 6k prio 2+ tc qdisc add dev ppp0 parent 1:10
> handle 10: sfq perturb 10
> RTNETLINK answers: Invalid argument <- 1'st error --
> + tc qdisc add dev ppp0 parent 1:20 handle 20: sfq perturb 10
> RTNETLINK answers: Invalid argument <- 2'nd error --
> + tc qdisc add dev ppp0 parent 1:30 handle 30: sfq perturb 10
> RTNETLINK answers: Invalid argument <- 3'rd error --
It looks like you don't have sfq. Check your kernel config and
/lib/modules/$VERSION/net/sched/sch_sfq.o since sfq is normally built as
a module.
tc needs sfq too.
--
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: htb traffic shaping problem
Bugzilla-Redirect wrote: > > Yes, the output is below: > eth0 Link encap:Ethernet HWaddr 00:11:09:2A:A6:F6 >inet addr:10.0.0.50 Bcast:10.0.0.255 Mask:255.255.255.0 >UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >RX packets:4244867 errors:0 dropped:0 overruns:0 frame:0 >TX packets:1306632 errors:0 dropped:0 overruns:0 carrier:0 >collisions:0 txqueuelen:1000 >RX bytes:3898905509 (3.6 GiB) TX bytes:1756030081 (1.6 GiB) >Interrupt:19 Try a "quantum 1514" then; that is correct for an ethernet device with an MTU of 1500. Perhaps reading the source code will give a clue about MPU and MTU? Frankly, I'd set it to whatever works as long as the rest of the status info looks right and not give a damn that it is huge. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc is giving an error: RTNETLINK answers: File exists
fourcentsshy wrote: > the script so I could examine what was really going on. For this device, > the error takes place on the third command. the command sequence take > place like this: > > /sbin/tc qdisc add dev eth5 root handle 1: cbq bandwidth 1600Kbit\ > cell 8 avpkt 1000 mpu 64 > > /sbin/tc class add dev eth5 parent 1: classid 1:1 est 1sec 8sec cbq\ > bandwidth 1600Kbit rate 1500kbit allot 1514 maxburst 20 avpkt 1000\ > prio 0 bounded isolated > > /sbin/tc qdisc add dev eth5 parent 1:1 handle 1:76 cbq\ > bandwidth 1600Kbit cell 8 avpkt 1000 mpu 64 This says to me "cell", not "ceil". That's a mistake. > RTNETLINK answers: File exists > > Like I said, I start by resetting all the devices on the machine, so > there is no possible way there can be any existing qdisc with a handle > of 1:76 for that device, yet I get the error anyway. The script is setup > as a service to be run at startup, so checking the status after running > the script for that device, I get this: ==--snip--== > error. The script never gets to the statements that creates the filters. > Checking the status of the service would display the filters along with > the qdiscs and classes, but there are none. > > > > > Set prio to the same value (16 or 10 perhaps) for each and every line in > > your `$TC filter' lines. > > If I ever get this script working, I'll do that. ;-) One more thing. You can send your commands to a database (mysql or whatever). Once disallowing duplicate records and again allowing dups. The difference is the Bad Boy. I use HTB not CBQ but I still think the parameter is "ceil" not "cell" and fixing that will help or solve. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc is giving an error: RTNETLINK answers: File exists
fourcentsshy wrote: > Is there a limit to how large the > handle can be? Yes. The handle is in hex, so I _think_ the max is 255. Maybe Stef Coene's web site or a search of this mailing list will give you the RIGHT answer. I hate getting old; I should remember what the max here is. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc is giving an error: RTNETLINK answers: File exists
fourcentsshy wrote:
>
> Hello,
>
> I'm using tc to limit the bandwidth of our wireless customers. I have a
> working script, but I'm not happy with it. I'm trying to write a more
> sophisticated script, but when I run it, it give me this error:
>
> RTNETLINK answers: File exists
>
> I have no idea what this error means or how to fix it.
It means pretty much what it says. There is already a record matching
closely enough that it is duplicated.
> Here is a portion
> of the script (the whole script shapes several interfaces):
>
> IDEV='eth5'
> TC='/sbin/tc'
> IPS='/etc/sysconfig/shaper/shape.ips'
> # high priority destination ports - I'll fill these in later (when this
> # thing works)
> HIGHPORT=
> # low priority destination ports
> LOWPORT=
>
> $TC qdisc add dev $IDEV root handle 1: cbq bandwidth 1600Kbit cell 8\
> avpkt 1000 mpu 64
> $TC class add dev $IDEV parent 1: classid 1:1 est 1sec 8sec cbq\
> bandwidth 1600Kbit rate 1500kbit allot 1514 maxburst 20 avpkt 1000\
> prio 0 bounded isolated
>
> cat $IPS | sed -e 's/#.*$//; s/^ *$//;' | while read IP RATE STATUS; do
> if [ "x$IP" == "x" ]; then
> continue
> fi
>
> # I use the last byte of the customer's IP's for the handle, which range
> # from 76 to 135 ATM.
>
> HANDLE="${IP##*.}"
>
> # I get the error from the next line. Because it fails to create the
> # qdisc all the rest fail too.
>
> $TC qdisc add dev $IDEV parent 1:1 handle 1:$HANDLE cbq\
> bandwidth 1600Kbit cell 8 avpkt 1000 mpu 64
>
> $TC class add dev $IDEV parent 1:$HANDLE classid $HANDLE:\
> est 1sec 8sec cbq bandwidth 1600Kbit rate ${RATE}kbit allot 1514\
> maxburst 20 avpkt 1000 prio 1 bounded isolated
> $TC class add dev $IDEV parent $HANDLE: classid $HANDLE:1\
> est 1sec 8sec cbq bandwidth 1600Kbit rate ${RATE}kbit allot 1514\
> maxburst 20 avpkt 1000 prio 2
> $TC class add dev $IDEV parent $HANDLE: classid $HANDLE:2 est 1sec\
> 8sec cbq bandwidth 1600Kbit rate $[9*$RATE/10]kbit allot 1514\
> maxburst 20 avpkt 1000 prio 3
> $TC class add dev $IDEV parent $HANDLE: classid $HANDLE:3 est 1sec\
> 8sec cbq bandwidth 1600Kbit rate $[8*$RATE/10]kbit allot 1514\
> maxburst 20 avpkt 1000 prio 4
> $TC qdisc add dev $IDEV parent $HANDLE:1 sfq quantum 1514b\
> perturb 15
> $TC qdisc add dev $IDEV parent $HANDLE:2 sfq quantum 1514b\
> perturb 15
> $TC qdisc add dev $IDEV parent $HANDLE:3 sfq quantum 1514b\
> perturb 15
> $TC filter add dev $IDEV parent 1: protocol ip prio 16\
> u32 match ip src $IP flowid $HANDLE:
> $TC filter add dev $IDEV parent $HANDLE: protocol ip prio 10\
> u32 match ip tos 0x10 0xff flowid $HANDLE:1
> $TC filter add dev $IDEV parent $HANDLE: protocol ip prio 11\
> u32 match ip protocol 1 0xff flowid $HANDLE:1
> $TC filter add dev $IDEV parent $HANDLE: protocol ip prio 12\
> u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16\
> 0x 0xffc0 at 2 flowid $HANDLE:1
>
> for a in $HIGHPORT; do
> $TC filter add dev $IDEV parent 1:0 protocol ip prio 14\
> u32 match ip dport $a 0x flowid $HANDLE:1
> done
> for a in $LOWPORT; do
> $TC filter add dev $IDEV parent 1:0 protocol ip prio 16\
> u32 match ip dport $a 0x flowid $HANDLE:3
> done
> $TC filter add dev $IDEV parent 1:0 protocol ip prio 15\
> u32 match ip dst 0.0.0.0/0 flowid $HANDLE:2
> done
>
> There are bound to other problems with this script, but until I can get
> past the current one, I'm dead in the water. TIA
You do not say which line or lines is causing the error so this is a
guess.
Run `tc -s filter show dev $IDEV' sending the output to a file because
there will be a lot of it. I think you will find a ton of "duplicate"
filters.
Set prio to the same value (16 or 10 perhaps) for each and every line in
your `$TC filter' lines.
--
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB and tc filter
> d3xcrIpt wrote: > > Help me ... > > I try use the tc filter, but seems he doesn't work, I already > reconfigured my kernel ( 2.4.32 ) with all options related a QOS > enabled ( like modules ) and nothing happens. I get the tc tool from > HTB source package, well this is my set : > > eth0 is my internal NIC. > > tc qdisc add dev eth0 root handle 1: htb default 12 > > tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbps ceil > 100kbps > tc class add dev eth0 parent 1:1 classid 1:10 htb rate 30kbps ceil > 100kbps > tc class add dev eth0 parent 1:1 classid 1:11 htb rate 10kbps ceil > 100kbps > tc class add dev eth0 parent 1:1 classid 1:12 htb rate 60kbps ceil > 100kbps > > tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src > flowid 1:10 > > tc qdisc add dev eth0 parent handle 20: pfifo limit 5 > tc qdisc add dev eth0 parent handle 30: pfifo limit 5 > tc qdisc add dev eth0 parent handle 40: sfq perturb 10 > > OK. but ... when I look the qdiscs > > tc -s -d qdisc > qdisc htb 1: r2q 10 default 12 direct_packets_stat 411 ver 3.17 > Sent 181174 bytes 1324 pkts (dropped 0, overlimits 0) > > qdisc pfifo 20: parent 1:10 limit 5p > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc pfifo 30: parent 1:11 limit 5p > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc sfq 40: parent 1:12 quantum 1514b limit 128p flows 128/1024 > perturb 10sec > Sent 130091 bytes 866 pkts (dropped 0, overlimits 0) > > All traffic is going to default class ( 1:12 ), I try many filters > with tc tool but nothing happens. > I look the modules with lsmod and "cls_u32.o" and "sch_htb.o" is all > loaded. > > Thanks everyone. "u32 match ip src " Are you sure your IP isn't getting NATted somewhere? You can't match something that is changed! Include a "prio" (non zero) in your filter line. Direct packets are A Bad Thing too. Read Devik's HTB documentation. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: htb traffic shaping problem (Charlie Meyer)
Bugzilla-Redirect wrote: > > Eric, > I've attached the output from the command you requested below. > I'm using kernel 2.6.17.12 and tc version ss060323. I'm have a nforce4 > onboard giggabit controller using the forcedeth driver, if that makes a > difference. > > Charlie, > I'll take a look at the Apache model for throttling, thanks. I was going > for tc because was going to try to add additional shaping to non-apache > traffic once I got it working correctly. > > Thanks, > -Ryan Power > > tc -s -d class show dev eth0 > class htb 1:99 parent 1:1 leaf 99: prio 0 quantum 3000 rate 90Kbit ceil > 1000Mbit burst 451350b/8 mpu 0b overhead 0b cburst 501375b/8 mpu 0b > overhead 0b level 0 > Sent 48695 bytes 398 pkt (dropped 0, overlimits 0 requeues 0) > rate 2704bit 2pps backlog 0b 0p requeues 0 > lended: 398 borrowed: 0 giants: 0 > tokens: 4326 ctokens: 4325 > > class htb 1:1 root rate 1000Mbit ceil 1000Mbit burst 501375b/8 mpu 0b > overhead 0b cburst 501375b/8 mpu 0b overhead 0b level 7 > Sent 32821394 bytes 994 pkt (dropped 0, overlimits 0 requeues 0) > rate 3556Kbit 10pps backlog 0b 0p requeues 0 > lended: 0 borrowed: 0 giants: 1128 > tokens: 4325 ctokens: 4325 > > class htb 1:10 parent 1:1 leaf 10: prio 0 quantum 3000 rate 512000bit ceil > 512000bit burst 1755b/8 mpu 0b overhead 0b cburst 1755b/8 mpu 0b overhead > 0b level 0 > Sent 34256069 bytes 701 pkt (dropped 0, overlimits 0 requeues 0) > rate 3554Kbit 8pps backlog 0b 105p requeues 0 > lended: 596 borrowed: 0 giants: 1128 > tokens: -52724 ctokens: -52724 The giants indicate that your MPU (MTU) is wrong. Set it specifically. Try 1500. Search the archives for "giants" and "MPU" or "MTU". -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HFSC help
doudouyam wrote: > So I read some doc ( http://del.icio.us/tag/hfsc ) but its not very > clear. http://linux-ip.net/tc/hfsc.en/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] retrieving informations from Psched for Qos
David Martin wrote: > > Hi > > I'm working actually on a project about Qos configuration on a linux > computer. > I need to access (read/write) at the informations generated by the "tc" > command. > I think that these informations are in the /proc/net/psched file, but I > only got 4 hexadecimal number in it.. > > Can anyone help me? > > David Have a look here: http://www.coverfire.com/lql/ -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] created new q_disc, inserted module, tc tells me unknown qdisc
George P Nychis wrote:
>
> > George P Nychis wrote:
> >>
> >> Hi,
> >>
> >> I am trying to install a proprietary qdisc made for research, it is not
> >> publically released yet, however its been used several times so i know
> >> it works.
> >>
> >> The files included are: q_xcp.c: static int xcp_parse_opt() static int
> >> xcp_print_opt() static int xcp_print_xstats() struct qdisc_util xcp_util
> >> = { "NULL", "xcp" . };
> >>
> >> sch_xcp.c: static int xcp_enqueue() static int xcp_requeue() static struct
> >> sk_buff * xcp_dequeue() struct Qdisc_ops xcp_qdisc_ops ={
> >> NULL,NULL,"xcp", };
> >>
> >> printk(KERN_INFO "XCP qdisc module loaded.\n"); return
> >> register_qdisc(&xcp_qdisc_ops);
> >>
> >> So, i make everything successfully, it creates q_xcp.so and copies it
> >> to /usr/lib and sch_xcp.o which it copies to /lib/modules/... so then I
> >> "insmod sch_xcp" and i see in dmesg: "XCP qdisc module loaded."
> >>
> >> I then try: "tc qdisc add dev eth0 root xcp capacity 10Mbit limit 500"
> >> and get: "Unknown qdisc "xcp", hence option "capacity" is unparsable"
> >>
> >> So then I read the INSTALL further to find some sort of solution and it
> >> mentions: This again assumes "tc" version is 2.4.7. If your "tc" is a
> >> different version, download the iproute2 source code, and edit Makefile
> >> to point "TC_INCLUDE" to "-I/iproute2/include -I/iproute2/tc"
> >>
> >> So, i did that, and i recompiled the q_xcp.so: lanthanum-ini src-1.0.1 #
> >> make q_xcp.so cc -O2 -fPIC
> >> -I/var/tmp/portage/iproute2-2.6.11.20050310-r1/work/iproute2-2.6.11/inc
> >> lude/
> >> -I/var/tmp/portage/iproute2-2.6.11.20050310-r1/work/iproute2-2.6.11/tc_
> >> include -o q_xcp.o -c q_xcp.c ld -shared -o q_xcp.so q_xcp.o rm -f
> >> q_xcp.o
> >>
> >> But i still get the same error so then my very final last effort
> >> was to move q_xcp.c to my iproute2 source code tc/ directory and added
> >> this to the makefile: TCMODULES += q_xcp.o
> >>
> >> Then I compiled tc, and i check tc to see if the xcp qdisc functions
> >> were loaded: lanthanum-ini tc # nm tc | grep xcp 080531ec t xcp_parse_opt
> >> 080533e0 t xcp_print_opt 08053426 t xcp_print_xstats 08070cc0 D xcp_util
> >>
> >>
> >> And finally: lanthanum-ini tc # ./tc qdisc add dev ath0 root xcp
> >> capacity 54Mbit limit 500 Unknown qdisc "xcp", hence option "capacity"
> >> is unparsable
> >>
> >> I have no clue :( I figured that putting the .so into /usr/lib would
> >> have been enough. Sorry for the long e-mail, I hope someone can help,
> >> and thank you for your time even if you don't know the solution but
> >> read this :)
> >>
> >> - George
> >
> > George,
> >
> > Please show us iproute/include/linux/pkt_sched.h
> >
> > There shouldn't be anything there the author wishes to keep private. --
> > gypsy
> >
> >
>
> They did not include the iproute source code that they used... they only
> included the q_xcp.c to create the q_xcp.so ... therefore my pkt_sched.h i am
> using is from this build: iproute2-2.6.11.20050310-r1
>
> I can certainly post it if you need, just let me know
George,
Then you probably need to revert to an iproute2 source that included
xcp. In pkt_sched.h you need a struct that defines the parameters xcp
can accept:
enum
{
TCA_XCP_PARM1,
TCA_XCP_PARM2,
TCA_XCP_PARM3,
};
and in ~/tc/Makefile you need TCMODULES += q_xcp.o
--
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] strange iptables mangle problem
foxy 202 wrote: > > Hi all, >I manage network with two connections with l00Mbit > In the past when network wasn't so load everything was OK, now > in pick hours load over border server from 1.0 to 1.5 / it isn't so > big / > and for me is very strange why I have increasing of ping timeout > from 0.5- 5ms in normal hour to 50-100 ms in pick hours.. > > server is with good hardware > AMD 64 Dualcore 3800+ > Intel Gigabit Ethernet > 1 GB RAM > Debian sarge 2.6.16 #2 SMP kernel > > I use about 240 mangle rules with iptables to mark download traffic > and to > limit it but when I try to load more rules server increase load and > begin to drop > packages :( > > my question is why when I try to load new 200 mangle rules / only > mangle rules / server increase load average and ping timeout increase > to 50-100 ms > and second is what is better solution for networks with more then > 100Mbit traffic .. > to use iptables mangle rules + u32 or to use more u32 filters and > less mangle rules ? > > Actually I don't have experience with so big traffic and I need any > advice is welcome. > > > Best Regards > Emil Emil, I don't have any real answers but I encountered the same problem you have, except your hardware is a lot better than mine. I'd load 255 rules and the keyboard would become unresponsive and the network was terribly slow. Not just pings, everything. I changed the NIC and that helped. I've forgotten what I replaced it with, but it uses the Tulip driver and it is 100Mbit. I changed iptables source code for connection tracking. TCP conntrack is set to track connections for 5 DAYS! If I recall correctly, I changed that to 20 minutes. That reduced the size of /proc/net/ip_conntrack and that at least made the keyboard OK, but it was still not enough. You should search the mailing list archives for hashing. (I gave up trying to maintain 255 marks.) -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] created new q_disc, inserted module, tc tells me unknown qdisc
George P Nychis wrote:
>
> Hi,
>
> I am trying to install a proprietary qdisc made for research, it is not
> publically released yet, however its been used several times so i know it
> works.
>
> The files included are:
> q_xcp.c:
>static int xcp_parse_opt()
>static int xcp_print_opt()
>static int xcp_print_xstats()
>struct qdisc_util xcp_util = { "NULL", "xcp" . };
>
> sch_xcp.c:
>static int xcp_enqueue()
>static int xcp_requeue()
>static struct sk_buff * xcp_dequeue()
>
>
>struct Qdisc_ops xcp_qdisc_ops ={ NULL,NULL,"xcp", };
>
>printk(KERN_INFO "XCP qdisc module loaded.\n");
>return register_qdisc(&xcp_qdisc_ops);
>
> So, i make everything successfully, it creates q_xcp.so and copies it to
> /usr/lib and sch_xcp.o which it copies to /lib/modules/... so then I "insmod
> sch_xcp" and i see in dmesg:
> "XCP qdisc module loaded."
>
> I then try:
> "tc qdisc add dev eth0 root xcp capacity 10Mbit limit 500" and get:
> "Unknown qdisc "xcp", hence option "capacity" is unparsable"
>
> So then I read the INSTALL further to find some sort of solution and it
> mentions:
> This again assumes "tc" version is 2.4.7. If your "tc" is a different
> version, download the iproute2 source code, and edit Makefile to
> point "TC_INCLUDE" to "-I/iproute2/include -I/iproute2/tc"
>
> So, i did that, and i recompiled the q_xcp.so:
> lanthanum-ini src-1.0.1 # make q_xcp.so
> cc -O2 -fPIC
> -I/var/tmp/portage/iproute2-2.6.11.20050310-r1/work/iproute2-2.6.11/include/
> -I/var/tmp/portage/iproute2-2.6.11.20050310-r1/work/iproute2-2.6.11/tc_include
> -o q_xcp.o -c q_xcp.c
> ld -shared -o q_xcp.so q_xcp.o
> rm -f q_xcp.o
>
> But i still get the same error so then my very final last effort was to
> move q_xcp.c to my iproute2 source code tc/ directory and added this to the
> makefile:
> TCMODULES += q_xcp.o
>
> Then I compiled tc, and i check tc to see if the xcp qdisc functions were
> loaded:
> lanthanum-ini tc # nm tc | grep xcp
> 080531ec t xcp_parse_opt
> 080533e0 t xcp_print_opt
> 08053426 t xcp_print_xstats
> 08070cc0 D xcp_util
>
> And finally:
> lanthanum-ini tc # ./tc qdisc add dev ath0 root xcp capacity 54Mbit limit 500
> Unknown qdisc "xcp", hence option "capacity" is unparsable
>
> I have no clue :( I figured that putting the .so into /usr/lib would have
> been enough. Sorry for the long e-mail, I hope someone can help, and thank
> you for your time even if you don't know the solution but read this :)
>
> - George
George,
Please show us
iproute/include/linux/pkt_sched.h
There shouldn't be anything there the author wishes to keep private.
--
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc patched doesn't work with WFQ
Julien Bisconti wrote: > Hi, > > I was searching for few days in this mailing list but I didn't find how to > solve my tc problem. > Feel free to ask me more details if you think there are relevant. > > I'm using a Gentoo 2.4.32-gentoo-r2 and I'm trying to test a *weighted fair > queuing* (WFQ) > implementation. See http://home.sch.bme.hu/~tusi/wfq/ > > I patched the kernel and loaded the sch_wfq module, I patched iproute2/tc and > compile everything. I think you will find that the patch to iproute2 is too old. The iproute used to create it has a date in year 2000 and iproute2 has changed substantially since then. I suggest you contact the author and request a new patch. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Swap size
[EMAIL PROTECTED] wrote: > > Hi All, > > This is out of the topic question, but I'm hoping that you can help me. If for > example I'm going to install a Fedora 4 64-bit with 8 to 12 Gig of physical > memory, how much swap file of directory do I need to create? > > Thank you very much, > > Wennie Wennie, You seem to think that the amount of physical RAM should have something to do with the amount of swap space. If so, that is wrong. Even with huge, and 8 gigs of RAM is huge, amounts of RAM, you need a dedicated swap partition. Don't believe those who say you don't. The size of the swap partition should be at least 512 megs. The maximum should normally be no more than 2 gigs. I like to spread this out over 4 disks. My setup creates a partition on each of the 4 hard drives in my system and then /etc/fstab has an entry for each partition that says /dev/hd# swapswapdefaults,pri=1 0 0 -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] negative token/ctokens
Andreas Hasenack wrote: > > In this simple htb setup: > # tc -s -d class ls dev eth0 > class htb 1:1 root rate 30bit ceil 30bit burst 1749b/8 mpu 0b overhead > 0b cburst 1749b/8 mpu 0b overhead 0b level 7 > Sent 13171835 bytes 13169 pkt (dropped 0, overlimits 0 requeues 0) > rate 45848bit 10pps backlog 0b 0p requeues 0 > lended: 5272 borrowed: 0 giants: 0 > tokens: -84429 ctokens: -84429 > > class htb 1:2 parent 1:1 prio 0 quantum 1500 rate 8bit ceil 30bit > burst 1639b/8 mpu 0b overhead 0b cburst 1749b/8 mpu 0b overhead 0b level 0 > Sent 12243472 bytes 8787 pkt (dropped 0, overlimits 0 requeues 0) > rate 43264bit 6pps backlog 0b 0p requeues 0 > lended: 3515 borrowed: 5272 giants: 0 > tokens: -181860 ctokens: -86779 > > class htb 1:3 parent 1:1 leaf 30: prio 0 quantum 2750 rate 22bit ceil > 30bit burst 1709b/8 mpu 0b overhead 0b cburst 1749b/8 mpu 0b overhead 0b > level 0 > Sent 928363 bytes 4382 pkt (dropped 0, overlimits 0 requeues 0) > rate 3400bit 4pps backlog 0b 0p requeues 0 > lended: 4382 borrowed: 0 giants: 0 > tokens: 61291 ctokens: 46039 > > What does it mean when the leaf 1:2 class has a negative token/ctoken count? Maybe this will help: http://www.docum.org/docum.org/docs/htb/ -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] ATTN Andreas Klauer: ASCII art + comments, please?
Andreas Klauer wrote: > > On Sun, Mar 05, 2006 at 02:33:17PM -0800, gypsy wrote: > > Since I understand your ASCII art and comments, I would very much > > appreciate it if you would draw what you see and criticize the > > following. Hopefully I'll better understand after that! > > Uh, right. Don't take anything I say for granted, though. Understood. > > tc qdisc add dev imq0 root handle 1: htb default 20 > > > > tc class add dev imq0 parent 1: classid 1:2 htb rate 4522kbit ceil \ > >4760kbit burst 16k cburst 16k quantum 1500 > > > > tc class add dev imq0 parent 1:2 classid 1:1 htb rate 4522kbit ceil \ > >4760kbit burst 16k cburst 16k > > > > tc class add dev imq0 parent 1:1 classid 1:10 htb rate 2487kbit \ > >ceil 4760kbit burst 16k cburst 16k quantum 1500 prio 1 > > > > tc class add dev imq0 parent 1:1 classid 1:20 htb rate 2034kbit \ > >ceil 4341kbit burst 10k cburst 16k quantum 1500 prio 4 > > First, here is what I see: > > 1: HTB root qdisc (default 20) > | > \--- 1:2 HTB root class (4522kbit/4760kbit) > | > \--- 1:1 HTB class (4522kbit/4760kbit) > | > \--- 1:10 HTB leaf class (2487kbit/4760kbit) > \--- 1:20 HTB leaf class (2034kbit/4341kbit) > > Now on to the criticising; the root class has a higher ceil than rate. > However, different rate/ceil makes only sense if there is someone to > borrow bandwidth from, which is not the case here. The root class > acquires bandwidth directly from the QDisc, which has unlimited resources, > as the root class itself is supposed to be the limiting factor. So what > you have here should practically be no different from a 4760kbit class. > > The 1:1 class seems to be useless; it has exactly the same settings > as it's parent, except for quantum, which is not explicitely set. > Furthermore, it does not have any siblings. Does not make sense to > me as such a class will just use exactly the same rate as it's parent. > Compare the statistics of these two classes below. > > > class htb 1:1 parent 1:2 rate 4522Kbit ceil 4760Kbit burst 16Kb cburst > > 16Kb > > Sent 7826237 bytes 27128 pkts (dropped 0, overlimits 0) > > rate 1728bit 4pps > > lended: 1954 borrowed: 0 giants: 0 > > tokens: 39532 ctokens: 37555 > > > > class htb 1:2 root rate 4522Kbit ceil 4760Kbit burst 16Kb cburst 16Kb > > Sent 7826237 bytes 27128 pkts (dropped 0, overlimits 0) > > rate 1728bit 4pps > > lended: 0 borrowed: 0 giants: 0 > > tokens: 39532 ctokens: 37555 > > As for the leaf classes, their rates are fine (add up to the parent > class rate), except that the parent actually can use 4760kbit rate > rather than 4522kbit. Their priorities are questionable; using 1 and 4 > here should not be any different from 1 and 2 or 3 and 6 or 0 and 1. The four is a "leftover", but I want it clear that 1:10 has priority over 1:20. > It's one high- and one low-priority class either way. I would probably > set a priority just for the low priority class, so that it becomes > more obvious what is intended by this setting here. > > That what you wanted? > > Regards > Andreas Klauer Thank you. Yes, that is exactly what I wanted. It was also every bit as understandable as I expected, so THANK YOU again. I thrashed with this because when I set it up with only a 1:1 (where 1:2 is now), NOTHING ever was recorded in the root and no borrowing would occur. The more I thrashed, the more confused I became. With this, I think I can fix it. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] ATTN Andreas Klauer: ASCII art + comments, please?
Andreas, Since I understand your ASCII art and comments, I would very much appreciate it if you would draw what you see and criticize the following. Hopefully I'll better understand after that! TIA, gypsy tc qdisc add dev imq0 root handle 1: htb default 20 tc class add dev imq0 parent 1: classid 1:2 htb rate 4522kbit ceil \ 4760kbit burst 16k cburst 16k quantum 1500 tc class add dev imq0 parent 1:2 classid 1:1 htb rate 4522kbit ceil \ 4760kbit burst 16k cburst 16k tc class add dev imq0 parent 1:1 classid 1:10 htb rate 2487kbit \ ceil 4760kbit burst 16k cburst 16k quantum 1500 prio 1 tc class add dev imq0 parent 1:1 classid 1:20 htb rate 2034kbit \ ceil 4341kbit burst 10k cburst 16k quantum 1500 prio 4 For the curious, here is the status info: Received on imq0: qdisc htb 1: r2q 10 default 20 direct_packets_stat 0 Sent 7826237 bytes 27128 pkts (dropped 0, overlimits 3929) qdisc esfq 20: parent 1:20 quantum 1500b perturb 20sec hash: classic Sent 5634125 bytes 4648 pkts (dropped 0, overlimits 0) class htb 1:1 parent 1:2 rate 4522Kbit ceil 4760Kbit burst 16Kb cburst 16Kb Sent 7826237 bytes 27128 pkts (dropped 0, overlimits 0) rate 1728bit 4pps lended: 1954 borrowed: 0 giants: 0 tokens: 39532 ctokens: 37555 class htb 1:10 parent 1:1 prio 1 rate 2487Kbit ceil 4760Kbit burst 16Kb cburst 16Kb Sent 2192112 bytes 22480 pkts (dropped 0, overlimits 0) rate 1576bit 3pps lended: 22480 borrowed: 0 giants: 0 tokens: 71878 ctokens: 37555 class htb 1:2 root rate 4522Kbit ceil 4760Kbit burst 16Kb cburst 16Kb Sent 7826237 bytes 27128 pkts (dropped 0, overlimits 0) rate 1728bit 4pps lended: 0 borrowed: 0 giants: 0 tokens: 39532 ctokens: 37555 class htb 1:20 parent 1:1 leaf 20: prio 4 rate 2034Kbit ceil 4341Kbit burst 10Kb cburst 16Kb Sent 5634125 bytes 4648 pkts (dropped 0, overlimits 0) rate 184bit lended: 2694 borrowed: 1954 giants: 0 tokens: 54849 ctokens: 41180 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Proxy ARP and UDP
Greg Scott wrote: > > As it turns out, not seeing proxy ARP traffic on the outside interface > has other consequences. I do some traffic shaping and noticed in my > testing that the outbound traffic isn't being shaped. This drove me > crazy until it suddenly dawned on me - tcpdump shows almost no traffic > on the outside interface even though a full H.323 UDP stream is flying > across the Internet to and from my proxy ARP'd device behind my > firewall. I know lots of data is flying across both interfaces because > I can see the results. Yet as far as any software is concerned, almost > nothing is going in or out of my outside interface. > > Is this a normal proxy ARP behavior? Traffic is definitely flying > across both interfaces. Why doesn't any software see traffic in and out > of the outside interface? Should I try a newer kernel than 2.4.27? Greg, Please, if you want answers, provide enough information for us to help. In the absence of any shaping configuration script, it is useless to speculate about why you see nothing being shaped. I will say that UDP is not "protocol ip". Neither is ARP nor ICMP. In the absence of the parameters you are passing to tcpdump, nothing can be said about why you are not seeing the expected traffic on the external IF. Run 'cat /proc/net/ip_conntrack | grep udp' There is nothing wrong with your .27 kernel! I have done something similar to what you seem to be trying to do for years running kernels from 2.4.25 through .32 and never had any problem at all with proxy ARP (except for the mental part ;) -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] why isn't 1:1 getting the traffic? [filter question]
Andreas Hasenack wrote: > > With the below script, whenever I ping 10.0.16.10 (which matches the > only filter I have), traffic still get's sent to the default 1:2 class > instead of 1:1 and I don't know why... Any hints? > > (kernel 2.6.12, iproute2-2.6.15) > > tc qdisc del dev eth0 root > /dev/null 2>&1 > tc qdisc add dev eth0 handle 1: root htb default 2 > tc class add dev eth0 classid 1:1 parent 1: htb rate 100kbps ceil 100kbps > quantum 1500 > tc class add dev eth0 classid 1:2 parent 1: htb rate 90mbit ceil 90mbit > quantum 1500 > tc qdisc add dev eth0 handle 2: parent 1:2 sfq perturb 10 > tc class add dev eth0 classid 1:10 parent 1:1 htb prio 0 rate 30kbps quantum > 1500 > tc qdisc add dev eth0 handle 10: parent 1:10 sfq perturb 10 > tc class add dev eth0 classid 1:11 parent 1:1 htb prio 0 rate 70kbps ceil > 100kbps quantum 1500 > tc qdisc add dev eth0 handle 20: parent 1:11 sfq perturb 10 > tc class add dev eth0 classid 1:12 parent 1:1 htb rate 60kbps ceil 100kbps > quantum 1500 > tc qdisc add dev eth0 handle 30: parent 1:12 sfq perturb 10 > tc filter add dev eth0 parent 1:0 prio 1 protocol ip u32 \ > match ip dst 10.0.16.10/32 \ > flowid 1:1 > > Status after pinging 10.0.16.10 a few times (notice traffic on 1:2, but not > on 1:1): > qdisc htb 1: r2q 10 default 2 direct_packets_stat 0 ver 3.17 > Sent 516 bytes 7 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > qdisc sfq 2: parent 1:2 limit 128p quantum 1514b flows 128/1024 perturb 10sec > Sent 516 bytes 7 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > qdisc sfq 10: parent 1:10 limit 128p quantum 1514b flows 128/1024 perturb > 10sec > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > qdisc sfq 20: parent 1:11 limit 128p quantum 1514b flows 128/1024 perturb > 10sec > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > qdisc sfq 30: parent 1:12 limit 128p quantum 1514b flows 128/1024 perturb > 10sec > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > > class htb 1:11 parent 1:1 leaf 20: prio 0 quantum 1500 rate 56bit ceil > 80bit burst 1669b/8 mpu 0b overhead 0b cburst 1699b/8 mpu 0b overhead 0b > level 0 > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > lended: 0 borrowed: 0 giants: 0 > tokens: 24429 ctokens: 17408 > > class htb 1:1 root rate 80bit ceil 80bit burst 1699b/8 mpu 0b > overhead 0b cburst 1699b/8 mpu 0b overhead 0b level 7 > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > lended: 0 borrowed: 0 giants: 0 > tokens: 17408 ctokens: 17408 > > class htb 1:10 parent 1:1 leaf 10: prio 0 quantum 1500 rate 24bit ceil > 24bit burst 1629b/8 mpu 0b overhead 0b cburst 1629b/8 mpu 0b overhead 0b > level 0 > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > lended: 0 borrowed: 0 giants: 0 > tokens: 55636 ctokens: 55636 > > class htb 1:2 root leaf 2: prio 0 quantum 1500 rate 9Kbit ceil 9Kbit > burst 12836b/8 mpu 0b overhead 0b cburst 12836b/8 mpu 0b overhead 0b level 0 > Sent 516 bytes 7 pkt (dropped 0, overlimits 0 requeues 0) > rate 8bit 0pps backlog 0b 0p requeues 0 > lended: 7 borrowed: 0 giants: 0 > tokens: 1164 ctokens: 1164 > > class htb 1:12 parent 1:1 leaf 30: prio 0 quantum 1500 rate 48bit ceil > 80bit burst 1659b/8 mpu 0b overhead 0b cburst 1699b/8 mpu 0b overhead 0b > level 0 > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > lended: 0 borrowed: 0 giants: 0 > tokens: 28329 ctokens: 17408 Andreas, Your filter looks for protocol ip. Are you POSITIVE your ping uses ip? Try 'protocol all' rather than 'protocol ip'. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Is this possible?
Russell Stuart wrote: > > On Thu, 2006-02-23 at 10:23 +0100, Andreas Klauer wrote: > > On Thu, Feb 23, 2006 at 06:38:09PM +1000, Russell Stuart wrote: > > > For example, lets say we have a 1000kbit link, and two > > > classes sharing that link: > > > > > > - Voip - ie high prio real time, and > > > - Web - background traffic. > > > > Have you measured this link, i.e. when there is no activity > > and you start some Voip sessions, do they get a constant > > downstream of 1000kbit? > > > > It may very well be that you have to measure the real throughput > > and then go a little lower (since you have to be the bottleneck), > > however having to throw 30% of bandwidth away sounds a bit too > > harsh to me. > > The setup I gave was purely hypothetical. 300kbit > headroom sounds way to high to me as well - any > advice others may have on this would be appreciated. > > > Another way of indirect headroom would be to hard limit the Web class, > > i.e. give the Web class a lower ceil than the other classes. This way, > > there is bandwidth that the Web class can't use no matter what, even > > if the link is completely empty. > > That is the right answer - it would achieve what I want. > In hindsight it seems so obvious I don't know why I > didn't think of it myself. > > Thanks for taking the time to answer my query. Two more things. HTTP is a bursty protocol, so you need to think about the burst and cburst parameters you give it. If you want to squash TCP fast start, use a low burst which will backlog and eventually drop the excessive packets. On the other hand, my experience is that a slow started connection never increases its flow rate much even though the spec says it should. And you can get better precision from HTB by setting HYSTERYSIS (did I just misspell that?), thus dequeueing a single packet rather than a pair. I don't recommend that, but you should know about it. On many ATM links it is a godsend. In terms of headroom, I find that 85 % of real capacity always works, so I start with that and push up until something breaks. YMMV. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] 1k: 1000 or 1024?
Andreas Hasenack wrote: > > The docs[1][2] suggest it's 1024, but tc says something else: > > # tc qdisc add dev eth0 root tbf rate 1kbps latency 50ms burst 1500 > > # tc -s qdisc ls dev eth0 > qdisc tbf 8009: rate 8000bit burst 1499b lat 48.8ms > ^^^ > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > > If 1k were 1024, then I would have 8192bit above. > > 1. http://www.docum.org/docum.org/faq/cache/74.html > 2.http://ds9a.nl/2.4Networking/howto/lartc.qdisc.html#LARTC.QDISC.EXPLAIN Those docs are old. tc was changed at the request of several members of this ML. Search the history in May and June of 2004 or read the Changelog in the source code. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Proxy ARP and UDP
Greg Scott wrote: > I have 2 relevant interfaces. eth0 is external, eth1 is internal. My > internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied > up). I have an H.323 videoconference device inside my internal LAN, but > at IP Address 1.2.3.11/27. (IP Address dummied up.) I want to proxy > ARP this device. > > My questions - was proxy ARP broken in the 2.4.27 days? Why doen't > tcpdump show me packets on both interfaces of the firewall? Am I > missing a setup ingredient someplace? Should the default GW on that > H.323 device be .2 (the firewall) or .1 (the Internet router)? Does > mixing NAT and proxy ARP create problems? Should I put the H.323 device > in its own little DMZ? > > Thanks > > - Greg Scott No, not broken; proxy ARP works fine in 2.4.25 - .32. You should have a look at Martin Brown's proxy ARP script http://yesican.chsoft.biz/lartc/proxy-arp.sh and its config file http://yesican.chsoft.biz/lartc/proxy-arp.conf but I bet the problem is rp_filter. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc filter problem
[EMAIL PROTECTED] wrote: > > Hi, > > I'm using a linux 2.4.29 kernel and having trouble getting my filters added. > The > script I'm editing I actually use on a different system currently. Is this a > tc/iproute/kernel type incompatibility? Any ideas how to debug it? > > Thanks, Jeremy > > # create a qdisc on T1 interface > tc qdisc add dev w1g1 root handle 1: htb default 77 > OK > > # create a master class > tc class add dev w1g1 parent 1: classid 1:1 htb rate 1400kbit > OK > > # create a leaf class > tc class add dev w1g1 parent 1:1 classid 1:10 htb rate 175kbit \ > ceil 1400kbit prio 0 > OK > > # create a SFQ qdisc within our subclass > tc qdisc add dev w1g1 parent 1:10 handle 10: sfq perturb 10 > OK > > # filter traffic on iptables mark 10 > tc filter add dev w1g1 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 > Error: RTNETLINK answers: Invalid argument I just ran that script on a 2.4.32 kernel and it does not error. Be sure to destruct before running: tc qdisc del dev w1g1 root I doubt that the above is everything in your script. Because there is a problem with prio 49152 (tc -s filter show dev w1g1), my hunch is that you will find that "prio 0" is the problem. Try E.G. "prio 9" for all your filter lines. (Rhetorical: What device is w1g1?) -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] load balancing and failover
Payal Rathod wrote: > > Hi, > A friend of mine has 2 lines of 512kbps terminated in two Linux boxes. > He now want to remove those 2 boxes and have some device which will > loadbalance the two ISPs and also have a failover arrangement. But he > has agreed to give me a chance to do it on Linux for my own > satisfication. > Is this easy to do with lartc? How do I go about it exactly? I have > very less time to do it since his whole network will be done for that > time and I cannot afford to play for long time. Is it worth trying it > with lartc for academic sake atleast? > Can someone suggest some easy steps? > With warm regards, > -Payal Probably you are in over your head. Have a look at these and decide for yourself: http://linux-ha.org/ http://www.ssi.bg/~ja/ http://www.geocities.com/mctiew/ffw/dual.htm http://muse.linuxmafia.org/netsane/ > p.s. Is lartc.org down? No, it just does not resolve. Check this list from a couple of days ago for the IP but it is dynamic so it may have changed since that posting. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Where do I post patches?
Russell Stuart wrote: > > I have found a few bugs in tc, and have produced patches > for them. Two require changes to tc, one to the kernel. > > Where should I post these patches? > > -- > Regards, > Russell Stuart Send them to Stephen Hemminger: shemminger at osdl.org -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Limited quantity of filters.
Konrad wrote: > > gypsy wrote: > > Konrad, > > > > Specify a prio in each 'filter add' line. The SAME prio for each > > filter. Not specifying any filter won't work, but with a prio you can > > load at least 64K filter lines. Search this mailing list for "please > > document" in July 2004. > Thank You. It's working. I've found this message. I'm sorry, because > I've not used list's archive to find answer :/ > Is it possible to use any search engine (like groups.google.com) to > searching only on this list? google (no "groups.google", just "google.com") "LARTC keywords here" works for me. You could use the ADVANCED search, putting LARTC and mailman.ds9a.nl into the ALL field, but I think you would still get hits from other places also. FWIW, free news server gmane carries LARTC as gmane.linux.network.routing and my newsreader, although the search phrasing syntax is a pain to deal with, returns the relevant articles. news.gmane.org -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Limited quantity of filters.
Konrad wrote:
>
> $TC filter add dev imq0 parent 1:0 prio 5 protocol ip u32
> $TC filter add dev imq0 parent 1:0 prio 5 handle 2: protocol ip u32
> divisor 256
> for ((j=0; j<=7; j++))
> do
> for ((i=0; i<=255; i++))
> do
> q=`printf "%x\n" $i`
> $TC filter add dev imq0 protocol ip parent 1:0 u32 ht 2:$q: match ip
> src 10.0.$j.$i flowid 1:10
> echo "$q 10.0.${j}.$i"
> done
> done
> $TC filter add dev imq0 protocol ip parent 1:0 prio 5 u32 ht 800:: match
> ip src 10.0.0.0/16 hashkey mask 0x00ff at 12 link 2:
> echo "Another filter"
> $TC filter add dev imq0 protocol ip parent 1:0 prio 4 u32 match ip src
> 10.0.0.1 flowid 1:10
> # (1:10 is the example, in reality this filters will send packets to
> different classes)
>
> This short script create filters. This script can create only about 1789
> filters. After that we have this:
Konrad,
Specify a prio in each 'filter add' line. The SAME prio for each
filter. Not specifying any filter won't work, but with a prio you can
load at least 64K filter lines. Search this mailing list for "please
document" in July 2004.
--
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links
Manish Kathuria wrote: --== snip ==-- > However, if there is a problem in the ISP connectivity at any of the > subsequent hops, there is no dead gateway detection and failover also > does not take place. I have tested this on various linux kernels from > 2.4 as well as 2.6 series. > > Somehow I have never faced a similar problem before and things have been > working perfectly. In real life situation here, the first hop gateway is > rarely going to be down so dead gateway detection and failover is going > to be required whenever there is some connectivity problem at any of the > later hops. So that's where dead gateway detection needs to work. > > What could be the reason ? How can this be resolved ? I would appreciate > any pointers or suggestions. > > Thanks, > > Manish Kathuria Manish, Same here (a long time ago. I no longer have multiple ISPs). I don't have any answers for you, but here are a few pointers: Use arping in a script, pinging the farthest hop that arping can reach that is of interest. Whenever arping returns a bad status, run 'ip route flush cache'. Put a nice long sleep in the script and run it all the time. Perhaps in that same script, 'ping -n1 -I' each WAN interface in turn to some destination that must always be up but reachable only by/on that interface. Run 'ip route flush cache' whenever that ping fails. You are just trying to detect the up or down status of the link, so don't flood the connection with arping and ping packets. Using sleep, space those pings apart to something sensible. Although Julian has never confirmed (or denied) this, it was my experience that only the **__FIRST__** nexhop affected the up or down status of the connection. If that succeeded, nothing would flag the connection as dead. If you know C, perhaps you can examine Julian's kernel patch to see if there is any useful information there. In my opinion, Julian should document exactly how DGD works. Perhaps he has and I just can't find it on his web site, but (when I cared), I was not able to find anything useful there. Have you tried to engage Julian in a conversation to resolve this? He posts here occasionally but I do not know if he answers questions about DGD off this list. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Reminder - links
Because these tend to get lost, here are some links that I think everyone should know about: wiki: http://linux-net.osdl.org API: http://www.coverfire.com/lql/ Stef Coene: (Broken? I hope not. This is excellent stuff!) http://www.docum.org/docum.org/ Jason Boxman: http://edseek.com/~jasonb/articles/traffic_shaping/ Dan Singletary: http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/index.html Emmanuel Roger: http://www.prout.be/qos/index.html -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] gypsy, and not only
[EMAIL PROTECTED] wrote: > > hi > i ve seen one of your replies here and i saw that you receomend 2 > modifications in the kernel files in order to improve htb. > first in pkt_sched.h, changing PSCHED_JIFFIES to PSCHED_CPU. > and then, sch_htb.c, changing HYSTERESIS from 1 to 0. > is it that simple? > i mean i just change these here variables and i get better results? > i ve done a search and found the first file in 3 locations. where exactly > do i do these modifications? > tnx Hi, The place to change JIFFIES to CPU is in the kernel source, which for me is /usr/src/linux-2.4.32/include/net/pkt_sched.h This is a MUST DO. The place to change HYSTERESIS is /usr/src/linux-2.4.32/net/sched/sch_htb.c No, it is not quite that simple. You should experiment with HYSTERESIS to see what works best. For ATM, I recommend 0. Use an editor to change the kernel source. Make sure you have a working .config in the source tree (that can be the hard part, but your distro should provide the .config that matches your kernel). Get into the source tree: cd /usr/src/linux (if there is a symlink) or cd /usr/src/linux-2.4.32 rm .version make oldconfig Check .config to be sure it looks like what you want. The syntax of the following is a personal preference: make dep ; make clean ; make bzImage Check to be sure the kernel built properly. make modules ; make modules_install Install your new kernel. Run your boot loader (lilo / grub / ??). modprobe sch_htb lsmod If all is OK, you don't need to reboot. Otherwise fix anything that a reboot won't fix and reboot. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tcf_action_destroy destroying
bend chen wrote:
>
> hi.
>
>
> >gypsy worte:---
> >This is HUGE; you cannot mean 10,000Kbit!??
> ???,my script 1Kbps is mean10Mbps.
> Iproute can not support 10Mbps?
Sure, yes it can handle 10Mbps - and 100Mbps too. But the reason you
are getting the r2q error message is that you set a much smaller rate
for the children.
I stole this from a previous posting to LARTC and have never actually
used it, but try something like this, or search the archives for
messages containing "LAN" and "Klauer" to see from whom it was stolen ;)
DEV=eth1
# 10 kbit ~= 100Mbit.
# Lower this value if your LAN doesn't actually make 100MBit.
LAN_SPEED=10
LAN_SUBNET=192.168.223.0
# install root HTB, point default traffic to 1:20:
$BIN_TC qdisc add dev $DEV root handle 1: htb default 20
# Add fat class.
$BIN_TC class add dev $DEV parent 1: classid 1:2 htb rate
${LAN_SPEED}kbit quantum 1500
# Add local lan child.
$BIN_TC class add dev $DEV parent 1:2 classid 1:3 htb rate
$(($LAN_SPEED-$UPLINK))kbit quantum 1500
$BIN_TC class add dev $DEV parent 1:2 classid 1:1 htb rate ${UPLINK}kbit
burst 6k
# high prio class 1:10:
$BIN_TC class add dev $DEV parent 1:1 classid 1:10 htb rate
${UPLINK}kbit \
burst 6k prio 1
# bulk & default class 1:20
$BIN_TC class add dev $DEV parent 1:1 classid 1:20 htb rate
$[9*$UPLINK/10]kbit \
burst 6k prio 2
$BIN_TC class add dev $DEV parent 1:1 classid 1:30 htb rate
$[8*$UPLINK/10]kbit \
burst 6k prio 2
# attach ingress policer:
$BIN_TC qdisc add dev $DEV handle : ingress
# exclude LAN traffic
$BIN_TC filter add dev $DEV parent : protocol ip prio 1 u32 \
match ip src $LAN_SUBNET/24 \
match ip dst $LAN_SUBNET/24 \
flowid :1
> >bend chen wrote:
> >
> > Hi,lartc
> >
> > I used iproute-060110 with iptables1.3.4 on gentoo 2005r1 kernel
> > 2.6.14-5.
> > I find some error messages in system logfile:
> >
> > HTB: quantum of class 10001 is big. Consider r2q change.
> > HTB: quantum of class 10010 is big. Consider r2q change.
> > tcf_action_init_1: successfull police
> > HTB: quantum of class 20001 is big. Consider r2q change.
> > HTB: quantum of class 20020 is big. Consider r2q change.
> > HTB: quantum of class 10001 is big. Consider r2q change.
> > HTB: quantum of class 10010 is big. Consider r2q change.>
> tcf_action_destroy destroying dcf0ba60 next
> > tcf_action_init_1: successfull police
> > HTB: quantum of class 20001 is big. Consider r2q change.
> > HTB: quantum of class 20020 is big. Consider r2q change.
> >
> > and this is my script:
> >
> > /root/ct/sbin/ct qdisc del dev eth0 root ;
> > /root/ct/sbin/c! t qdisc del dev eth0 ingress ;
> > /root/ct/sbin/ct qdisc add dev eth0 root handle 1: htb default 10
> r2q
> > 1;
> > /root/ct/sbin/ct class add dev eth0 parent 1: classid 1:1 htb rate
> > 1kbps;
> > /root/ct/sbin/ct class add dev eth0 parent 1:1 classid 1:10 htb rate
> > 9990kbps ceil 1kbps;
> > /root/ct/sbin/ct class add dev eth0 parent 1:1 classid 1:11 htb rate
> > 10kbps;
> > /root/ct/sbin/ct qdisc add dev eth0 parent 1:10 handle 13: sfq
> perturb
> > 5;
> > /root/ct/sbin/ct qdisc add dev eth0 parent 1:11 handle 14: sfq
> perturb
> > 5;
> > /root/ct/sbin/ct filter! add dev eth0 parent 1: protocol ip handle 1
> fw
> > classid 1:10;
> > /root/ct/sbin/ct filter add dev eth0 parent 1: protocol ip handle 2
> fw
> > classid 1:11;
> > /root/ct/sbin/ct qdisc del dev eth1 root;
> > /root/ct/sbin/ct qdisc add dev eth1 root handle 2: htb default 20
> r2q
> > 1;
> > /root/ct/sbin/ct class add dev eth1 parent 2: classid 2:1 htb rate
> > 1kbps;
> --
> >This is HUGE; you cannot mean 10,000Kbit!??
> --
> gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] help!!
Nampreet Sarao wrote: > > hi i am doing my final year project on Traffic Shaping .could any one please > guide me how do i actually go about it. > > i mean the first step.i have read the lartc documentation for the same. > what do i do next.please help > thanks in advance I suggest you download a script and install it. You can get some links from here: http://yesican.chsoft.biz/lartc/index.html Look particularly at Jim diGriz, Jason Boxman, Devik and Wonder Shaper. That should provide plenty to get started. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tcf_action_destroy destroying
bend chen wrote: > > Hi,lartc > > I used iproute-060110 with iptables1.3.4 on gentoo 2005r1 kernel > 2.6.14-5. > I find some error messages in system logfile: > > HTB: quantum of class 10001 is big. Consider r2q change. > HTB: quantum of class 10010 is big. Consider r2q change. > tcf_action_init_1: successfull police > HTB: quantum of class 20001 is big. Consider r2q change. > HTB: quantum of class 20020 is big. Consider r2q change. > HTB: quantum of class 10001 is big. Consider r2q change. > HTB: quantum of class 10010 is big. Consider r2q change. > tcf_action_destroy destroying dcf0ba60 next > tcf_action_init_1: successfull police > HTB: quantum of class 20001 is big. Consider r2q change. > HTB: quantum of class 20020 is big. Consider r2q change. > > and this is my script: > > /root/ct/sbin/ct qdisc del dev eth0 root ; > /root/ct/sbin/c! t qdisc del dev eth0 ingress ; > /root/ct/sbin/ct qdisc add dev eth0 root handle 1: htb default 10 r2q > 1; > /root/ct/sbin/ct class add dev eth0 parent 1: classid 1:1 htb rate > 1kbps; > /root/ct/sbin/ct class add dev eth0 parent 1:1 classid 1:10 htb rate > 9990kbps ceil 1kbps; > /root/ct/sbin/ct class add dev eth0 parent 1:1 classid 1:11 htb rate > 10kbps; > /root/ct/sbin/ct qdisc add dev eth0 parent 1:10 handle 13: sfq perturb > 5; > /root/ct/sbin/ct qdisc add dev eth0 parent 1:11 handle 14: sfq perturb > 5; > /root/ct/sbin/ct filter add dev eth0 parent 1: protocol ip handle 1 fw > classid 1:10; > /root/ct/sbin/ct filter add dev eth0 parent 1: protocol ip handle 2 fw > classid 1:11; > /root/ct/sbin/ct qdisc del dev eth1 root; > /root/ct/sbin/ct qdisc add dev eth1 root handle 2: htb default 20 r2q > 1; > /root/ct/sbin/ct class add dev eth1 parent 2: classid 2:1 htb rate > 1kbps; This is HUGE; you cannot mean 10,000Kbit!?? -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Adding HTB support for kernel 2.4.19 SUSE 8.1
Diego Cabrero wrote: > > Hi everybody, > I've got a little problem when adding HTB support to my SUSE 8.1 by > patching its kernel 2.4.19. > > After i patch kernel getting some errors, the HTB kernel option shows up > but when i make modules it finds something wrong with the sch_htb.o module. > > Could somebody give me a hand on this? > > Thanks in advance. > > I get this information when patching (patch -p1 < htb3.6_2.4.17.diff) > ** > patching file net/sched/Config.in > Reversed (or previously applied) patch detected! Assume -R? [n] n > Apply anyway? [n] y NO! Never say YES when patch says "Reverse?". Never say YES when patch says "Apply anyway?" either. > Hunk #1 FAILED at 2. > 1 out of 1 hunk FAILED -- saving rejects to file net/sched/Config.in.rej > patching file net/sched/Makefile > Reversed (or previously applied) patch detected! Assume -R? [n] y > Hunk #1 succeeded at 15 (offset -1 lines). > patching file net/sched/sch_htb.c > patching file include/linux/pkt_sched.h > Reversed (or previously applied) patch detected! Assume -R? [n] y > patching file net/sched/sch_api.c > Hunk #1 FAILED at 1117. > Hunk #2 succeeded at 1205 with fuzz 2. > 1 out of 2 hunks FAILED -- saving rejects to file net/sched/sch_api.c.rej > patching file lib/Makefile > Hunk #1 FAILED at 8. > 1 out of 1 hunk FAILED -- saving rejects to file lib/Makefile.rej > patching file lib/rbtree.c > Reversed (or previously applied) patch detected! Assume -R? [n] y > Hunk #2 succeeded at 126 (offset 1 line). > Hunk #3 succeeded at 292 (offset 1 line). > patching file include/net/pkt_sched.h > Reversed (or previously applied) patch detected! Assume -R? [n] y > Hunk #1 succeeded at 222 (offset 1 line). Whatever just succeeded reversed what was in htb3.6_2.4.17.diff. Go get the kernel source for 2.4.32. Copy your worlking .config into that source and make oldconfig rm .version Edit linux/include/net/pkt_sched.h changing JIFFIES to CPU Compile and install that new kernel. --gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Download and upload independency
> Diego Cabrero wrote: > > All right, so priorizing ACK packets is one of the solutions. Then, do > you use 1:20 class for ACK packets? Please don't post in HTML. My Email reader was full of crap like . I create what I call an interactive class. I have a "T1" radio connection to the internet, so my upload rate is 1500kbit which I strangle to 1350 (90%). The interactive class has a rate of 200kbit, ceil of 1350kbit and prio 1 so it can borrow from all other classes (but it never needs to; I should find out how low rate can go but I haven't had time to do that). I set this up as 1:10 but I don't think the classid really matters (although I'm not sure). The rate, ceil, prio and burst do matter. Quantum is there because that lets me set any rate I want without having htb complain about r2q and because it is correct for ethernet. > Or just by setting the parameters > 'quantum 1514', 'prio #' and 'burst #k' is enough to do it inside > whatever traffic runs through 1:20?. Not if I understand what you are asking. You need a class that has nothing going through it except really important traffic (SSH and ACK for me), so you do not want anything else in it. I do not use esfq on this either. All my other classes use esfq (which is why I maintain it for 2.4 kernels). If I had two classes and I was going to create an interactive one, I'd steal a bit of bandwith from each of the other two, making sure they are set up to lend. It does not take much just for ACK. > In case you assign one whole htb class for ACK packets,if i am not > using priority bands (just ensuring VoIP´s QoS) is it so simple as > asignate them a low bandwidth (1Kb) and higher priority? Almost. Along with low bandwidth you need a big ceiling and the HIGHEST priority so it can borrow when necessary. But since the packets are small, you don't need a big burst. For VoIP, you need to try to keep it's class from lending when there is traffic and you sure don't want (e)sfq because that reorders the packets, which likely will disrupt your conversation. If everything is prio 0 (no prio specified), you can't be sure which class will lend spare bandwidth first. > Thanks a lot. > > -Diego You're welcome if this helps, otherwise you don't need to thank me ;) -- gypsy > gypsy escribió: > > > Diego Cabrero wrote: > > > > > >> Hello everyone: > >> As it is known, when you limit uplink bandwidth it usually gets > >> downlink > >> bandwidth to a lower value. > >> I just want to know what is the optimal configuration for eth1 and > >> imq0 > >> according to some variables of tc(HTB), txqueuelen, mtu, etc. to > >> make > >> these packet flows less independent on an ethernet based network. > >> > >> Thank you in advance. > >> > >> -Diego > >> > >> > > Diego, > > > > Since nobody else answered this, I'll give it a try. > > > > I accelerate all small packets on the egress side because this sends > > the > > ACK packets ASAP. Doing this improves download speed. > > > > I use 'quantum 1514', 'prio #' and 'burst #k' in my 'tc class add' > > lines. E.G.: > > tc class add dev eth1 parent 1:1 classid 1:20 htb rate $RATE ceil \ > > $CEIL burst 16k quantum 1514 prio 2 > > > > Make sure the sum of the rates is <= the parent rate. Some say it > > is > > better to patch htb to deque one packet at a time rather than 2. I > > don't. > > > > Be sure you change your linux kernel source > > vi ~linux/include/net/pkt_sched.h > > so it uses PSCHED_CPU because JIFFIES just does not cut the mustard. > > > > I am just now implementing IMQ. What a pain getting it to compile > > (bad > > linux 2.4 patch)! I can't say yet if this is the right approach, > > but I > > intend to accelerate SSH and put everything else into a default bulk > > class, adding an esfq qdisc: > > ~'parent 1:20 handle 20: esfq limit 64 depth 64 divisor 10 \ > > hash dst perturb 20' > > and then filter SSH by source and dest port 22 into accelerated > > 1:10. I > > want to shape the incoming flows by where the packets come from - > > but I > > might change my mind after I try this :o > > > > I looked at documentation on the DSL sites about tweaking, then at > > Oskar > > Andreasson's tutorial to understand the /proc settings, but I can't > > find > > my notes about what I changed. I did increase buffer sizes, but I > > can't > > recall anything further right now... IIRC, most things were correct > > so > > I did not change much. > > -- > > gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ slows computer to a crawl - SOLVED
gypsy wrote: > > I am attempting to implement IMQ on a 2.4.31 version kernel with > iptables 1.3.3. > > I am following the example at http://www.linuximq.net/usage.html. When > I enter the line > iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev1 > > (eth1 is the external interface), the computer slows to a crawl. OK, > the CPU is only an AMD K6 233 which is not the world's greatest CPU, but > egress shaping is done at acceptable speed. > > Neither top nor free is any help. top says the system is using 35% and > user about 1%, with load averages in the range of 0.2x, 0.2x and 0.1x > and top itself is at the top of the list. free says 3388 free mem and > 780 used swap. > > Even attaching to a non connected device (change eth1 to eth2 in the > above iptables line) creates this condition!?? > > Does anyone have any suggestions as to what might cause this huge > slowdown? How do I troubleshoot this? I'll have to reimplement > policing if I can't make IMQ work. > > Thanks for any assistance. > -- > gypsy The answer is that the wrong IMQ device was specified. I loaded imq with: modprobe imq numdevs=1 That makes the --todev 0 not 1. Moreover, I was in the wrong mangle chain. WRONG: iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1 RIGHT: iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 So much for the documentation at http://www.linuximq.net/usage.html . Thanks to http://wiki.nix.hu/cgi-bin/twiki/view/IMQ/WebHome -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ slows computer to a crawl
I am attempting to implement IMQ on a 2.4.31 version kernel with iptables 1.3.3. I am following the example at http://www.linuximq.net/usage.html. When I enter the line iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev1 (eth1 is the external interface), the computer slows to a crawl. OK, the CPU is only an AMD K6 233 which is not the world's greatest CPU, but egress shaping is done at acceptable speed. Neither top nor free is any help. top says the system is using 35% and user about 1%, with load averages in the range of 0.2x, 0.2x and 0.1x and top itself is at the top of the list. free says 3388 free mem and 780 used swap. Even attaching to a non connected device (change eth1 to eth2 in the above iptables line) creates this condition!?? Does anyone have any suggestions as to what might cause this huge slowdown? How do I troubleshoot this? I'll have to reimplement policing if I can't make IMQ work. Thanks for any assistance. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Download and upload independency
Diego Cabrero wrote: > > Hello everyone: > As it is known, when you limit uplink bandwidth it usually gets downlink > bandwidth to a lower value. > I just want to know what is the optimal configuration for eth1 and imq0 > according to some variables of tc(HTB), txqueuelen, mtu, etc. to make > these packet flows less independent on an ethernet based network. > > Thank you in advance. > > -Diego Diego, Since nobody else answered this, I'll give it a try. I accelerate all small packets on the egress side because this sends the ACK packets ASAP. Doing this improves download speed. I use 'quantum 1514', 'prio #' and 'burst #k' in my 'tc class add' lines. E.G.: tc class add dev eth1 parent 1:1 classid 1:20 htb rate $RATE ceil \ $CEIL burst 16k quantum 1514 prio 2 Make sure the sum of the rates is <= the parent rate. Some say it is better to patch htb to deque one packet at a time rather than 2. I don't. Be sure you change your linux kernel source vi ~linux/include/net/pkt_sched.h so it uses PSCHED_CPU because JIFFIES just does not cut the mustard. I am just now implementing IMQ. What a pain getting it to compile (bad linux 2.4 patch)! I can't say yet if this is the right approach, but I intend to accelerate SSH and put everything else into a default bulk class, adding an esfq qdisc: ~'parent 1:20 handle 20: esfq limit 64 depth 64 divisor 10 \ hash dst perturb 20' and then filter SSH by source and dest port 22 into accelerated 1:10. I want to shape the incoming flows by where the packets come from - but I might change my mind after I try this :o I looked at documentation on the DSL sites about tweaking, then at Oskar Andreasson's tutorial to understand the /proc settings, but I can't find my notes about what I changed. I did increase buffer sizes, but I can't recall anything further right now... IIRC, most things were correct so I did not change much. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] multiple links and nat
seph wrote: > > I was hoping to avoid having to patch things. I'll take a look at > mpath and see what I want to do. > > If it really does need patching than I think the howto should be > updated to reflect that. > > seph Seph, The HOWTO has not been updated in years. Who knows when, if ever, it will be? Robert is correct. -- gypsy > Robert Kurjata <[EMAIL PROTECTED]> writes: > > > Witaj Edmundo, > > > > W Twoim li�cie datowanym 5 stycznia 2006 (17:21:52) mo¿na przeczytaæ: > > > > Please consult: http://www.ssi.bg/~ja/#routes and my example scpript > > mpath2.sh published there. > > > > Without those patches - it just doesn't work :) > > > > > >> The problem (as usual) is the change of route the routing box is doing > >> for connections already stablished. > > > >> Maybe you can try using separate routing tablewith a single internet > >> link for ssh (policy routing). > > > >> On 1/5/06, seph <[EMAIL PROTECTED]> wrote: > >>> Hi, this might be a dumb question, but I'm not finding much > >>> information online. > >>> > >>> I'm trying to setup a 2.6 linux box to run nat across multiple > >>> upstream links as a simple way to aggregate bandwidth. I found the > >>> instructions in lartc section 4.2 > >>> (http://lartc.org/howto/lartc.rpdb.multiple-links.html) fairly clear > >>> and straightforward. I implemented those, and a couple of trivial > >>> iptables commands and tried it. > >>> > >>> Persistent masqueraded connections (like ssh) weren't very happy. The > >>> frequently hung, and I saw the "MASQUERADE: Route sent us somewhere > >>> else." error. googling for that, I see lots of suggestions to use > >>> connmark, but no examples of how connmark and the multiple link stuff > >>> interact. Does anyone have a pointer? > >>> > >>> The rules I'm using are roughly: > >>> > >>> /sbin/ip route add P1_NET dev IF1 src IP1 table 201 > >>> /sbin/ip route add default via P1 table 201 > >>> /sbin/ip route add P1_NET dev IF1 src IP1 > >>> /sbin/ip route add 127.0.0.0/8 dev lo table 201 > >>> /sbin/ip rule add from IP1 table 201 > >>> /sbin/ip route add P2_NET dev IF2 src IP2 table 202 > >>> /sbin/ip route add default via P2 table 202 > >>> /sbin/ip route add P2_NET dev IF2 src IP2 > >>> /sbin/ip route add 127.0.0.0/8 dev lo table 202 > >>> /sbin/ip rule add from IP2 table 202 > >>> > >>> > >>> /sbin/ip route del default > >>> /sbin/ip route add default scope global nexthop via P1 dev IF1 weight 1 > >>> nexthop via P2 dev IF2 weight 4 > >>> /sbin/ip route flush cache > >>> > >>> > >>> /sbin/iptables -t nat -A PREROUTING -s LOCALNET -d P1_NET -j ACCEPT > >>> /sbin/iptables -t nat -A PREROUTING -s LOCALNET -d P2_NET -j ACCEPT > >>> /sbin/iptables -t nat -A POSTROUTING -o IF1 -s LOCALNET -j MASQUERADE > >>> /sbin/iptables -t nat -A POSTROUTING -o IF2 -s LOCALNET -j MASQUERADE > >>> > >>> > >>> thanks > >>> seph > > -- > > Pozdrowienia, > > Robert Kurjata ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] TC in Wireless Environment
Azim Samjani wrote: > > Thank you so much for your reply. Its my mistake - I should have made it a > bit more transparent. But yes, you got me right on that. > > I will try to discuss 2 probable scenarios - > > 1. Ingress - suppose I have a ingress policer, which allows data to enter > system at 2 Mbps. I should be able to set it to 1Mbps or increase to 3Mbps > depending on my wireless network conditions. Wireless links are dynamic and > error rate is high. Hence I want to set the policer to these values, without > losing any packets and without disturbing the queuing discipline. > > 2. Egress - I use a token bucket to shape out going traffic. Similarly, here > also, I should be able to dynamically set the out going rate, without > reloading all the queue parameters. > > I want to control this on multiple interfaces. But initially, it would be > good to try such a thing on only one interface. > > I would like to know, if such a provision is available in TC. > > Thanx. > > Azim. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Kajetan Staszkiewicz > Sent: Tuesday, December 27, 2005 6:55 PM > To: lartc@mailman.ds9a.nl > Subject: Re: [LARTC] TC in Wireless Environment > > Dnia wtorek, 27 grudnia 2005 23:10, Azim Samjani napisa³(a): > > > Hi, > > > > Has anyone used TC in a wireless environment, which is dynamic. I > > understand that the parameters for queuing are static and cannot be > > changed unless the queuing discipline is deleted and reloaded with > > different parameters. > > > > If anyone can share any experience, that would be helpful. > > Hello! > > I'm not sure if I fully understand Your problem but tc is able to change > specified class without destroying all classes and disciplines on network > interface. > > I use perl and php webpanel for setting up speed limits for my clients. > Loading all tc rules for all interfaces (and imqs) after every single change > is very slow, but I am able to change the one I need after changing settings > of one client with `tc class change`, after which I put all the stuff that > normally goes with `tc class add`. You should look at these: http://mrtg.saintjoe.edu/mrtg/ratelimit/ http://www.freenet.org.nz/python/pyshaper/ http://sourceforge.net/projects/rcc http://www.shurdix.org/ I don't know if any of these is exactly what you want because the errors in wireless cause problems for traffic shaping, but you will certainly find lots of ideas and at least some answers. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Advanced Routing and Secondary ip address in eth0
Leonardo Borda wrote: > > Hello, > > I have configured advanced routing with success using three (03) > network adapters ( ETH0, ETH1 and ETH2). > Now I have to configure an addittion range in the same Interface > ETH0 ( another internet ip range address ), so I would like to have TWO > different ranges at the same ETHERNET CARD ( in this case ETH0 ) AND > having advanced routing running it. > I Did the same configurations as I already done it before and it is > not working. When testing through the secondary ip address the packets > get out from the wrong default gateway, however testing from primary > range I am able to route. > > Is it possible to do advanced routing having in the same Interface > TWO different ip range address? > > Somebody had done this somewhere? > > Thanks in advanced > > -- > Atenciosamente, > > Leonardo Borda Leonardo, Have you Yahooed/googled this? IIRC, I came across several pages describing your desired setup while trying to decide how to deal with 3 NICs and two different IPS (therefore separate nets on each NIC). Again IIRC, I rejected these because they were not the correct solution for me. Sorry I can't be more help, but I do think your solution is "out there". -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] throttle incoming traffic
Uwe Ernst wrote: > > Hi, > > i've got traffic shaping up an running perfectly for outgoing > connections. Now i also want to control the incoming traffic rate on > mein linux gentoo box. is there any possibity for doing this without > dropping packages. for example delaying ACKs or something like this. > im running a > patched 2.6.14 kernel with > iproute 20050310-r1 > > any suggestions? > > regards > > Uwe Uwe, Have a look at a program called trickle. Yes, you can slow down ACKs, but it is only partially effective because the other side is going to keep sending a lot of packets even though your ACKs are slow. If you do this, set rate and bursts low. In order to step out of the way when outbound traffic is minimal, be sure this flow can borrow from others, perhaps by setting a high ceil and a numerically low prio. I do just the opposite because I want to maximize download speeds. But nobody is complaining about upload speed either ... I assume you already know about IMQ and don't want it. If you can, another effective way to do this is to put a special Linux box between you and the WWW. You shape outbound traffic on its external facing interface and you shape inbound traffic on its internal facing interface. Increase the buffer in Linux for that incoming traffic so it is as large as you can make it. That is how I do it and it works well enough, though I also police inbound packets. I can afford to police because my inbound is 4,632 and my outbound is 1,500 (measured, not promised); so I police to 4,600 and hardly notice it except that I see a miniscule number of dropped packets (30 of 1664527 = .18 right now). -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc strange behaviour
Alexander Kabanov wrote: > > hi all, > > I'm trying to do the following: > > tc qdisc add dev eth0 root handle 1: htb default 15 > tc class add dev eth0 parent 1:0 classid 1:1 htb rate 1mbit > tc class add dev eth0 parent 1:1 classid 1:15 htb rate 512kbit ceil 1mbit Try parent 1: -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Marking packets by mac addr using tc filter u32 match?
Kristiadi Himawan wrote: > > Hi, i cannot access that page. Could you send it for me :) http://yesican.chsoft.biz/lartc/arp.html http://yesican.chsoft.biz/lartc/mac.html http://yesican.chsoft.biz/lartc/index.html (duron is my local copy) -- gypsy > gypsy wrote: > > >Kristiadi Himawan wrote: > > > > > >>So is there a technique to filter this kind of ARP traffic ? > >> > >>17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 > >>17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 > >>17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 > >>17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 > >> > >>Anyone can help? > >> > >> > > > >This works for me: > >http://duron/lartc/arp.html > > > > > > > >># Example that matches ARP (a big "thank you" to Martin Brown for this!): > >># the ARP protocol is 2 bytes at -2 > >># the "0806" comes from linux/include/linux/if_ether.h > >>tc filter add dev $DEV parent 1: protocol ip prio 5 u32 \ > >> match u16 0x0806 0x at -2 flowid 1:50 > >> > >> > > > >-- > >gypsy > > > > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Marking packets by mac addr using tc filter u32 match?
Kristiadi Himawan wrote: > > So is there a technique to filter this kind of ARP traffic ? > > 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 > 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 > 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 > 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 > > Anyone can help? This works for me: http://duron/lartc/arp.html > # Example that matches ARP (a big "thank you" to Martin Brown for this!): > # the ARP protocol is 2 bytes at -2 > # the "0806" comes from linux/include/linux/if_ether.h > tc filter add dev $DEV parent 1: protocol ip prio 5 u32 \ >match u16 0x0806 0x at -2 flowid 1:50 -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Marking packets by mac addr using tc filter u32 match?
Kristiadi Himawan wrote: > > It's also match to this kind of traffic ? > > 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 > 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 > 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 > 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 No. The 'match u16 0x0800 0x' says to ignore ARP. > Lee Sanders wrote: > > >You haven't done a search on past posts... > > > >the u32 can be used to match any bit in the ip header. Before the ip header, > >there is a frame header. In that frame header you can find the src and dst > >mac address. You can trick the u32 filter in using the frame header if you > >use negative offsets. > > > >Decimal Offset Description > >-14:DST MAC, 6 bytes > >-8: SRC MAC, 6 bytes > >-2: Eth PROTO, 2 bytes, eg. ETH_P_IP > >0: Protocol header (IP Header) > > > >Where is the Eth Proto Code (from linux/include/linux/if_ether.h): > >ETH_P_IP= IP = match u16 0x0800 > >Where your MAC = M0M1M2M3M4M5 > > > >Egress (match Dst MAC): > >... match u16 0x 0x at -2 match u32 0xM2M3M4M5 0x at -12 > >match > >u16 0xM0M1 0x at -14 > > > >Ingress (match Src MAC): > >... match u16 0x 0x at -2 match u16 0xM4M5 0x at -4 match u32 > >0xM0M1M2M3 0x at -8 > > > >The below is simplistic but it works to demonstrate the above. > > > >tc qdisc add dev ppp0 root handle 1:0 htb default 20 > >tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil 128kbit > > > >tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit > >tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil 128kbit > > > >tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 > >tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 > > > ># My Laptop > >tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 > >0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x > >at -8 flowid 1:10 > ># My Desktop > >tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 > >0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x > >at -8 flowid 1:20 > ># change the MAC's of course. > > > >tc -s -d class show dev ppp0 > >tc -s -d qdisc show dev ppp0 > >tc -s -d filter show dev ppp0 > > > >There you have it. > > > >:L > >___ > >LARTC mailing list > >LARTC@mailman.ds9a.nl > >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Marking packets by mac addr using tc filter u32 match?
Juan Pizarro wrote: > > Hi > Is there a way of marking packets by mac address instead of ip or ports > using a "tc filter u32 match"? > I read somewhere that I could use the offset -8 and -14 to grab the mac > addresses but if I use anything lower than -8, for example -9, I get an > error. > I'm modifying the wondershaper script to cap the download speed by mac > address. > > Any sugestions? These work for me. Kernel 2.4.31, iproute2 2.6.10. INGRESS: tc filter add dev eth1 parent 1: protocol ip prio 5 u32 match u16 0x0800 0x at -2 match u16 0x4455 0x at -4 match u32 0x00112233 0x at -8 flowid 1:40 EGRESS: tc filter add dev eth1 parent 1: protocol ip prio 5 u32 match u16 0x0800 0x at -2 match u32 0x22334455 0x at -12 match u16 0x0011 0x at -14 flowid 1:40 -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] inspecting what's going in a class
"Ethy H. Brito" wrote: > > On Mon, 5 Dec 2005 13:04:17 -0200 > "Ethy H. Brito" <[EMAIL PROTECTED]> wrote: > > > > > http://kernel.umbrella.ro/net/sch_log/v0.4/sch_log-0.4.tar.gz > > > > Question to All: I see that the patch applies against iproute2-2.6.11. Does > > the > > "2.6.11" part have anything to do with kernel version??? I.e. > > iproute2-2.6.11 > > has to be used with 2.6 kernel series? > > Come on people! It is not so hard to write the answer, is it? > > Regards > > -- > > Ethy H. Brito /"\ This has been answered before. Is your Google broken? The version of iproute2 has nothing at all to do with the kernel version. MY OPINION: It is unfortunate that Linux kernel 2.6.11 was not 2.5.something as all 2.6 kernels up to .13 were junk and therefore did not belong in the stable branch. It is an even more unfortunate thing that there are no longer development and stable kernel versions. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc qdisc replace failing
Lee Sanders wrote: > > Hi, > > Having issues getting a replace command working correctly. The error reported > is "RTNETLINK answers: Invalid argument" which isn't descriptive or helpful. > > The command i'm running is: > > tc qdisc replace dev ppp0 parent 8001:D handle D: tbf rate 5Kbit burst 5kb > latency 70ms > > The idea being to replace an sfq with handle D and hopefully limit a certain > user in my WRR class. If I delete the qdisc first and add with the below line > it works. > > tc qdisc del dev ppp0 parent 8001:D handle D: > tc qdisc add dev ppp0 parent 8001:D handle D: tbf rate 5Kbit burst 1540 > latency 70ms > > Anyone see what I'm doing wrong ? > > :Lee I believe that replace is still broken so, if I'm correct, the answer is, "replace does not work." -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Open Source Project "Q*Box" Launched
Ron Senykoff wrote: > > Hello all. > > I created a "plug and play" kind of solution for bridge-based QoS > LAN-WAN traffic shaping. Based on the LEAF bering-uClibc branch, I'm > calling it 'QBox' and the project site for now is located at: > > http://content.cs.luc.edu/projects/comp412/q-box The qboxWhitepaper.pdf paragraph 2.1 is chopped off. Neat idea. I intend to try it out. Thanks! -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc rules and DGD patches
Yogesh Hasabnis wrote: > > Hi All, > > I have one query which may be quite silly. My Linux > internet gateway has Dead Gateway Detetction patches > applied to it's kernel. If I am right, the DGD patches > allow us to add static routes which are not destroyed > even if the interface or the link goes down. I want to > know whether, with the DGD patches applied, the > traffic shaping rules defined using tc, added to an > interface remain intact when a link/interface goes > down (and comes up some time later) ? > > Thanks > > Yogesh Yes, they remain intact. In fact, you can create rules for an interface that does not even exist. -- Gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Problem with ip route . VERY SLOW
Franck LEPRETTE wrote: > I remember that I have 3 interfaces and I wonder my self if it's possible > that there are too many interfaces on the computer; or there are > restrictions with iproutes2 etc...? No, there are not too many interfaces. I have run 4 all at once. Three were ethernet (DSL) and 1 ppp (Modem). Yes, there are iproute2 issues. 1) The LARTC HOWTO is wrong. 2) Your routing tables seem to have only 2 entries; you probably need 3. 3) Similar IP addresses can be a problem. 192.168.0.0/24 is too similar to 192.168.100.0/24. Worse, private IPs are a pain. (All that is my opinion, not necessarily fact.) 4) There shouldn't be a default route. Instead, there should be a default route for each external interface such that packets received on one get replied on the same one. This link is apparently dead http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking so read this instead http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html Post your configuration files. Do not just describe them. Give us an explanation of the setup, possibly including some "ASCII art". Here's a link where you will find other's successes: http://yesican.chsoft.biz/lartc/index.html Read EXAMPLES and MULTIPATH and follow the links. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] esfq ? or wrr ?
Corey Hickey wrote:
>
> I still maintain ESFQ; the latest version is at:
> http://fatooh.org/esfq-2.6/
>
> This would be an appropriate time to ask:
> Does anybody have any fixes for or improvements to ESFQ that I don't
> know about? My patch doesn't have anything revolutionary -- I've been
> merely keeping Alexander Clouter's 2.6 port in sync with the upstream
> changes to SFQ.
>
> -Corey
1) I'd like for your code to support kernel version 2.4! It is crazy
that there are two branches of ESFQ.
2) ESFQ should be able to match a firewall mark, dport and sport. All
except CLASSIC should understand NOT ("! sport 22").
3) The documentation should be improved.
--
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Two internet lines and squid problem.
Stanislav Nedelchev wrote: > > I have 2 internet connections and i;m trying to use squid as transparent proxy > but every time squid is using first internet line but i want to use > second internet line . > i have this settings and without squid it's working > i have default route on the first internet connection. > iptables -t nat -I POSTROUTING -o eth2 -p tcp --dport 80 -s > 192.168.0.0/24 -d ! 192.168.0.0/16 -j SNAT --to 217.10.248.135 > /sbin/ip route add default via 217.10.248.135 dev eth2 table natips > /sbin/ip rule add fwmark 66 table natips > > iptables -t mangle -I PREROUTING -i eth1 -p tcp --dport 80 -j MARK > --set-mark 66 > > iptables -t mangle -A FORWARD -i eth1 -p tcp --dport 80 -j MARK --set-mark > 66 > > I try to solve the problem moving squid to onother computer and i add > additional rules like > /sbin/ip route add default via 217.10.248.135 dev eth2 table natips > /sbin/ip route add default via 192.168.0.11 dev eth1 table squid > /sbin/ip route flush cache > /sbin/ip rule add fwmark 67 table squid > /sbin/ip rule add fwmark 66 table natips > > iptables -t mangle -I PREROUTING -i eth1 -p tcp -s 192.168.0.11 > --dport 80 -j MARK --set-mark 66 > iptables -t mangle -I PREROUTING -i eth1 -p tcp -d ! 192.168.0.11 > --dport 80 -j MARK --set-mark 67 > > iptables -t mangle -A FOWARD -i eth1 -s 192.168.0.11 -p tcp --dport > 80 -j MARK --set-mark 66 > iptables -t mangle -A FORWARD -i eth1 -p tcp -s ! 192.168.0.11 > --dport 80 -j MARK --set-mark 67 > iptables -t nat -I POSTROUTING -o eth2 -p tcp --dport 80 -s > 192.168.0.0/24 -d ! 192.168.0.0/16 -j SNAT --to 217.10.248.135 > in this case web traffic is working but pages that uses SSL like gmail.com > is not working > can anybody help me to use squid like transparent proxy with 2 > internet connection and to use second one. > Thank in advance. I don't know anything at all about squid, but I recall a posting here regarding HTB and squid where the poster suggested a patch for squid. You might want to google "lartc squid patch" and see if there is anything that helps. You might also want to google lists.netfilter.org. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Loadbalancing and failover using TC and Iptables
:: L i n u XK i D :: wrote: > > I've read next link: > > -> I'm not sure this is still a good link > -> http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking > > is really neccessary mark pakets on this way ? >From the machine on which the 2 ISPs are connected to two different NICs, no. It will send and receive packets without marking. Where I have a problem is with NATted users; they are tied to one or the other ISP (even though I run 'ip route flush cache') unless I mark. Maybe Julian will give us some hints ? -- gypsy > [... snip ...] > > # iptables -A POSTROUTING -t mangle -j MARK --set-mark 1 \ > -m state --state NEW -o ppp0 > # iptables -A POSTROUTING -t mangle -j MARK --set-mark 2 \ > -m state --state NEW -o ppp1 > # iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark \ > -m state --state NEW > > [... snip ...] > > # iptables -A POSTROUTING -t nat -m mark --mark 1 \ > -j SNAT --to-source 11.1.1.1 > # iptables -A POSTROUTING -t nat -m mark --mark 2 \ > -j SNAT --to-source 22.2.2.2 > > -> hareram wrote: > -> > > -> > Hi all > -> > > -> > iam trying to deploy loadbalance and failover > -> > > -> > My setup description > -> > --Fedora Core 4 > -> > --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 > -> > GNU/Linux > -> > --tc utility, iproute2-ss050314 > -> > --ip utility, iproute2-ss050314 > -> > --iptables v1.3.0 > -> > -> You say nothing about Julian's patch, so I assume you did not patch your > -> kernel. You must do that. > -> http://www.ssi.bg/~ja/ > -> > -> http://www.geocities.com/mctiew/ffw/dual.htm > -> > -> I'm not sure this is still a good link > -> http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking > -> so here is an old copy > -> http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html > -> -- > -> gypsy > -> ___ > -> LARTC mailing list > -> LARTC@mailman.ds9a.nl > -> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Loadbalancing and failover using TC and Iptables
hareram wrote: > > Hi all > > iam trying to deploy loadbalance and failover > > My setup description > --Fedora Core 4 > --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 > GNU/Linux > --tc utility, iproute2-ss050314 > --ip utility, iproute2-ss050314 > --iptables v1.3.0 You say nothing about Julian's patch, so I assume you did not patch your kernel. You must do that. http://www.ssi.bg/~ja/ http://www.geocities.com/mctiew/ffw/dual.htm I'm not sure this is still a good link http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking so here is an old copy http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Transfer rate above the desired (tc+htb)
Alvaro Motta wrote: > > Hi Andy, thanks for your reply. > > I don't see why the src should be the culprit, since the AB segment is > 10.4 network and the BC is 192.168. And IMHO 0.0.0.0/0 > > Also, after modifying the src, the traffic rate was the same as if no > qdisc were attached to the interface. I even played with the > interfaces and the only way to throttle the traffic, is assigning the > qdisc to the eth0 and having the src and dst as in the script I've > sent. > > AL Al, Somebody may have already helped you solve this; I have not read all messages from LARTC yet. If not: Create 3 filters, each with the same (non zero) prio. The first to match 10.4.0.0/16, the second to match 192.168.0.0/24 and the last to match 0.0.0.0/0 - then see where the packets go by running tc -s class ls dev eth0 32kbit = 32,000 bits per second. 32,000 / 8 bits per byte = 4,000 bytes per second = 4Kbytes per second, and the reported flow rate should be close to that for the packets that match the filter. -- gypsy > On 7/20/05, Andy Furniss <[EMAIL PROTECTED]> wrote: > > Alvaro Motta wrote: > > > Hi folks. > > > > > > I started to play with tc+htb last week, and I must confess that this > > > thing is really driving me nuts. > > > > > > All we want to do is control bw, with no borrowing. > > > > > > In order to get the feeling on this subject, I have setup the > > > following test bed. > > > > > > ---A---B---C--- > > > > > > On B: eth0 connecting A and eth1 connecting C. > > > > > > The script. > > > > > > tc qdisc del dev eth0 root > > > tc qdisc add dev eth0 root handle 1: htb default 50 > > > tc class add dev eth0 parent 1: classid 1:1 htb rate 32kbit ceil 32kbit > > > tc filter add dev eth0 protocol ip parent 1:0 prio 100 u32 match ip > > > src 10.4.0.0/16 match ip dst 0.0.0.0/0 classid 1:1 > > > > Should be src 192.168.0.0/24. > > > > Andy. > > > > > > > > > > If I try to transfer a 1M file from C to A: > > > > > > [EMAIL PROTECTED] tmp]# wget 192.168.0.23/1M > > > --09:22:32-- http://192.168.0.23/1M => `1M.8' > > > Connecting to 192.168.0.23:80... connected. > > > HTTP request sent, awaiting response... 200 OK > > > Length: 1,024,000 [text/plain] > > > 100%[=>] 1,024,000183.12K/sETA 00:00 > > > 09:22:38 (182.88 KB/s) - `1M' saved [1,024,000/1,024,000] > > > > > > Wasn't it supposed to be around the 32KB/s? > > > > > > If I play with the numbers (rate=ceil) I get the following results: > > > 128k ==> 404.78 KB/s > > > 64k ==> 337.9 KB/s > > > 16k ==> 68.86 KB/s > > > 8k ==> 31.12 KB/s > > > 1k ==> 3.77 KB/s > > > > > > I even tried to set the rate to 1kbps in root, but also led to pretty > > > much the same results. > > > > > > With no qdisc, the rate will go close to 1000 KB/s > > > > > > B machine: > > > 2.6.11-1.1369_FC4 > > > iproute-2.6.11-1 > > > TC HTB version 3.3 > > > > > > I have no clue on what I am doing wrong. Could anyone browse the above > > > script and give me hint? > > > > > > Thanks in advance, > > > > > > AL > > > ___ > > > LARTC mailing list > > > LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] QOS problem -ng
Dariusz Dwornikowski wrote: > > ok i gave up. can sb point me docs on how design proper qos rules ? about > differences between them and the usage (which for wifi, which for ISPs which > for homenet) > > ill read and do it Start with Jim diGriz in shaping / QoS / Traffic Control at http://yesican.chsoft.biz/lartc Then read Dan Singletary and Emmanuel Roger. That ought to get you going. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Simple traffic shaping
"Barbara M." wrote: > > My needs is limiting the outbound traffic of an smtp mail server. > It is connected to a gateway via 100Mbit ethernet. I want limits its > outbound traffic to max 3 Mbit. > > I have read lot of docs and tried various script without great results. > > Any simplest solutions? > > TIA. > Regards, B. HTB: tc qdisc add dev $DEV root handle 1: htb default 20 tc class add dev $DEV parent 1: classid 1:1 htb rate 3000kbit burst 6k tc class add dev $DEV parent 1:1 classid 1:20 htb rate 3000kbit \ burst 6k quantum 1500 prio 1 tc filter add dev $DEV parent 1: protocol ip prio 5 u32 \ match ip sport 25 0x flowid 1:20 TRICKLE: http://monkey.org/~marius/trickle But I doubt the above will suit you because you don't tell us anything else about the traffic on your mail server. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wonder-shaper
chino wrote: > > Hi all, > I need to provide shell hosting for about 40 users, and few > days ago I found the wondershaper script, so Im trying to > know if this script could help me to improve interactive ssh/telnet > connections. > > Wondershaper could help me or its only efective on OUTGOINGS requests? > > Ok, any comment and feedback will be welcome. > Sorry for my bad english and THANKS in advance. What bad English? Wondershaper does not work all that well because the sums of the rates and ceilings exceeds the root rate. You would do better to look at routehat (Which I think I spelled wrong), which uses WRR (Weighted Round Robin). Wondershaper is an excellent learning tool. By shaping OUTGOING, you can improve incoming, but Wondershaper drops the incoming in excess of the given rate so it is self defeating for improving download speed. If I remember right, it also incorrectly handles ACK packets. Read these: http://digriz.org.uk/ http://mrtg.saintjoe.edu/mrtg/ratelimit/pacemaker/ http://www.freenet.org.nz/python/pyshaper/ http://www.shurdix.org/ You can also have a look at: http://yesican.chsoft.biz/lartc -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Problems with iproute2
Jan Andersen wrote: > > I'm using Debian (sarge) > > I do now have 2 ISP, one DSL and one cabel. > > I want to use the DSL as my primary and only use the cabel-modem if the DSL > fails. > > The setup is: > > IP1 -> Router -> NAT_IP1 -> eth0 -> eth2 (LAN) > IP2 -> Cable-Modem -> eth1 -> eth2 (LAN) > > I wrote the following in my /etc/iproute2/rt_tables > > ip rule add from NAT_IP1 lookup 1 > ip route add 10.1.0.0/16 via 10.1.1.1 table 1 > ip route add 0/0 via NAT_IP1 table 1 > > ip rule add from IP2 lookup 2 > ip route add 10.1.0.0/16 via 10.1.1.1 table 2 > ip route add 0/0 via IP2 table 2 > > The problem is identical to http://www.samag.com/documents/s=1824/sam0201h/ > > But if I write "ip rule list" I get the following error: > > Database /etc/iproute2/rt_tables is corrupted at ip rule add from > 192.168.100.254 lookup 1 > > Does anyone know and have a solution to this problem? > > Regards > > Jan Andersen No, I don't have a solution. What is in your /etc/iproute2/rt_tables file? Normally, everything should be commented except 255 local 254 main 253 default 0 unspec Are you sure 'route add' should work when both routes are identical? Where does the 192.168.100.254 come from? Why allow NAT of the internet IPs? OPINION 1: One NAT is plenty, two is begging trouble. OPINION 2: Most of the problems reported here have "example.com" ip addresses, so avoiding NAT is A Good Thing. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] P2P shaping working
Edgar wrote: > > Hello, it's me again, finally p2p traffic is getting shaped, but now I still > have one problem: download seems to be affected when shaping the traffic, ack > packets are in the interactive queue too, as someone adviced me, what fixed > the problem was to change the rates, to match (the sum of all subclasses) the > root class rate, and to give the p2p class a very low rate (1k actually) and > 75% of the bandwidth for the ceiling. Well as I said this is working, but > downloading seems to be affected to, I get pretty low rates (this doesn't > happen when I'm not shaping the traffic, but then I can't do anything else > but bittorrent). Does anyone have a clue on why's this happening? > > Thanks to everyone that help me, I really appreciate it. > > EDGAR MERINO Guess 1: You are not giving the ACK to the downloaded packet priority so it gets delayed. Guess 2: You are dropping incoming packets, causing resends. Guess 3: The outbound queue(s) are full so the ACK can't be sent "NOW, DAMNIT"! Guess 4: You have not tweaked /etc/sysctl.conf and run sysctl, so the internal buffers are too small. Guess 5: Your CPU is overloaded by the queuing. Guess 6: Your IMQ is misconfigured. AFAIC, ACK and window size are the most important issues. You must prioritize the ACKs not associated with file sharing and delay the hell out of those that are associated with file sharing. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Question about TCNG
Edgar wrote: > > Hello, after compiling my tcng rules, I've noticed something weird, the tc > filter rules it returns give a flowid differente than the classes it creates, > for example, you have a class 2:3 and had defined some conditions, (eg. some > ports) to go into that class, but when I compile the .tcc file it returns > something like: > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > 0 match u8 0x10 0x10 at 33 classid 1:2 > > it gives the same classid for all the matches I made (meaning for different > classes) and that class doesn't even exist! can someone explain me this > please? thank you > > EDGAR MERINO Rather than ask the list, why not ask the developer(s)? Better yet, switch to tc. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Frustrating problem with natsemi (DP83815) ethernet devices
Damjan wrote: > > [Sorry if this is off-topic for this list, please advise me if there's a > better place to ask this] > > I have an embeded motherboard with 4 natsemi (DP8315) ethernet chips. > I'm running a 2.6.9 kernel (I've tried 2.6.11 too) and a very minimal > Slackware distribution. > > Now about the problem: > The network interfaces seem to NOT transmit anything when the interface > is autonegotiated at 100Mbit-FD. I've forced the interfaces to > half-duplex with mii-tool still nothing. > > I see, with tcpdump, that packets are comming in (broadcasts and multicasts) > and I see the packets that are supposed to go out of the interface. But > nothing is recevied on the other side. I've tried to put the interfaces > in a switch and with a cross-over cable to another PC. > > I've also tried to mannually fix the MAC <-> IP address with "arp -s", > thinking that maybe ARP is not working, still nothing - I see icmp > requests enter the interface I see icmp replies go out of the interface, > but nothing gets to the other side (PC). > > I've tried all of the interfaces, I've tried enabling and disabling > ACPI. The only modules I'have loaded are uhci-hcd and usbhid (since the > computer doesn't have ps2 ports). 3 of the 4 interfaces don't share an > IRQ with anything (cat /proc/interrupts). > > If I force the interface to 10Mbit (either FD or HD) then everything works. > > Now the stangest thing, I got the motherboard with some kind of > basterized Debian installed on it. I couldn't understand it, so I backuped > it up and installed my mini Slackware. I used the same kernel from the > original distribution which has the ethernet driver compiled in. The > original distribution is not setting any extra parameters in lilo.conf. > And with that distribution hte interfaces work even at 100mbit. > > I just can't find what that distribution does to make the interfaces work > at 100mbit. Its not the kernel, I use the same one. Its not some > parameters to the driver... I don't know what could be the problem. > > So, any ideas??? > > -- > damjan | дамÑан > This is my jabber ID --> [EMAIL PROTECTED] <-- not my mail address!!! What have you tried? What is the working distro _EXACTLY_? "some kind of basterized Debian" is not enough. What does dmesg say about the DP8315? Have you looked at the Debian ifconfig? Is the same cable being used? Same cable path? I found a 10 Mb hub in a customer setup that was hidden behind the next desk where the Bad Boy computer plugged in. The computer thought the connection was 100Mb but it would only work at 10. Sorry, gotta go. Google the distro and DP8315. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc on a PDA
Marius Corici wrote: > > I just want to tell that i was able to recompile the pda's kernel > succesfully for traffic shaping. Another problem appeared, but i > solved it: the cbq command i sent before needs a handle, i don't know > why ... > So in conclusion on a 5550 hp iPAQ with Familiar 0.8.2 distribution > and 2.4.19 ARM patched kernel the shaping works, with the exception of > the efficient and simply to configure HTB qdisc. > > Marius AWESOME! Why no HTB? -- gypsy > On 6/22/05, gypsy <[EMAIL PROTECTED]> wrote: > > Marius Corici wrote: > > > > > > hello, > > > > > > i have a 5500 iPaq with familiar 0.8.2 on it and i don't know how to > > > install a traffic shaper tool on it. > > > I installed iproute2 package i found on familiar site and for that i > > > have the tc and ip commands, but when trying to add a qdisc, as a > > > dummy example, i get the next answer: > > > > > > > tc qdisc add dev wlan0 root cbq bandwidth 100Mbit avpkt 100 > > > RTNETLINK answers: Invalid argument > > > > This suggests no cbq, so you probably need to recompile the kernel. If > > you had to install iproute2 then almost certainly the kernel was not > > built for QoS. > > > > > do i have to install some other packages, recompile the kernel or > > > something else? > > > > > > thans in advance, > > > > > > Marius Corici > > > > Curiosity: What makes you think shaping is needed on a PDA? > > -- > > gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] iproute2 ping question
lartc user wrote: > > Hi List, > Would somebody please explain how to use ip to attach the addresses to > that interface and have it respond to them? I use ProxyARP because it is the only thing that made sense to me. In "iptables speak", the external interface receives all packets destined for my /29 network but it puts into INPUT only those with the IP I assign to the NIC. The rest go to the FORWARD chain and thus on to 4 "internal" machines that have external IPs. Two of those "internal" machines have 2 external IPs. I do that like this: ifconfig eth1 IPAddr1 broadcast BcastIP1 netmask 255.255.255.248 ifconfig eth1:0 IPAddr2 broadcast BcastIP2 netmask 255.255.255.248 ip route add GatewayIP2/32 dev eth1 src IPAddr2 On the machine doing ProxyARP: ip link set eth1 up ip addr flush dev eth1 ip addr add dev eth1 local 1.1.1.2/32 brd 1.1.1.255 ip route add GatewayIP/32 dev eth1 src 1.1.1.2 You can see my scripts at http://yesican.chsoft.biz/lartc and you can get more from ftp://andthatsjazz.org/pub/lartc -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Romania metropolitan
OOPS http://vcalinus.gemenii.ro/quaggarealms.html is what should have been posted by me... This deals with the metropolitan / other issues, I think. I can't read it... -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] I can't read this but perhaps it helps the Romanians
[EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Question regarding HTB
> Vlad LUPESCU wrote: > > Ok, > So I am from Romania where we have this tiny problem. The IP clases > are split in 2: metropolitan and extern (worldwide). We have 2 types > of guaranteed band: metro and extern. Sorry if I sound gruff, but please use the resources. Is your google broken? Are the LARTC mailing list archives not available? This has been "through the mill" in this mailing list at least twice before. Romania has user groups, so check them out too. If you ask nicely, you'll probably get someone else's hard won solution for the asking. Since I had no interest, I paid no attention as to how (or even whether or not) it was solved; IIRC basically it boils down to marking packets and then either forcing them to use a specific interface or using the mark to put traffic into a specific flow for shaping. I believe that one user got a list of metro IPs from his ISP; regardless, your ISP knows what is metro and what is not, so you should be able to use the same method to determine what to mark. http://metropolitana.loginet.ro/ Squid has also been put to some very clever uses; read recent (May 2005) postings to this list to see if there is anything there for you. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Help? Router/Bandwidth throttle needed.
ICI Support wrote: > > The webpage was helpful in some ways, but I think it is a step too advanced > for me at this time. I don't wish to be rude, but if you cannot get what you want from rc.proxyarp then you need to hire someone with the expertise to do this for you. > I guess what I want to know is if the 'plan' I have is sound? It is a sound plan. Actually, I cannot think of any alternate; that's why I did it this way. So I'd call it the ONLY plan. > I want to put a linux box between my cable modem and my lan. It'll go from > the cablemodem into eth0 then from eth1 to the LAN. The only difference between what you describe and rc.proxyarp is that the interfaces are switched. You might like to know that rc.proxyarp runs on an AMD K6 233 CPU with 192Mb RAM, 6Gb (IIRC) HD and 3 NICs; the point is that it does not take a lot of "horsepower". eth0 connects to a 5 port switch, and the 4 computers with external IPs connect to that switch. > I just want to do complete passthrough (with packets intact) if possible > from one side to the other. This machine doesn't have to do NAT or > anything. That's exactly what rc.proxyarp accomplishes. -- gypsy > Then I want to throttle the bandwidth through that box intelligently (I kind > of know how to do that from the Advanced Routing Howto. I've done it on the > other three servers to throttle the bandwidth down). > Once all that is working, I'll deal with using iptables to firewall. > > If this plan is sound, I guess I need to know the vague steps involved to > accomplish the routing. The throttling I can figure out myself. > > -Michael > > > -Original Message- > > From: gypsy [mailto:[EMAIL PROTECTED] > > Sent: Monday, June 20, 2005 10:09 PM > > To: lartc@mailman.ds9a.nl > > Cc: ICI Support > > Subject: Re: [LARTC] Help? Router/Bandwidth throttle needed. > > > > ICI Support wrote: > > > > > > I hope this list is still active. I'm an experienced Linux Sysadmin, > > but I > > > haven't done much in the way of routing. Due to a decision made by my > > > higherups, I need to jam a computer between my ISP and my LAN to do > > > bandwidth throttling. > > > > > > My current setup: > > > > > > 1 Crappy Cable Modem (7Mb/768Kb connection) with a static IP. > > > 4 servers (all have static, routable IPs) - One of which is running > > NAT/DHCP > > > (2 NICs) for 6 workstations (All using DHCP) > > > > > > I have 1 spare routable IP. > > > > > > My current setup has the cable modem plugged directly into my LAN. But > > it > > > ends up this modem doesn't do intelligent traffic/bandwidth management. > > I > > > need a way to throttle and poll usage through the modem such that > > neither > > > uploads nor downloads will ever use the full capacity (and thus dominate > > the > > > router). > > > > > > Currently, the best I can do, is to throttle some of those 4 servers, > > but > > > that doesn't help me with the workstations. So I figured I'd need to > > jam a > > > machine between the modem and the LAN to work as a 'gatekeeper' to > > control > > > the bidirectional traffic (and I could use it for a firewall too). > > > > > > Can someone help me on how I need to set this up? I have a spare box I > > > could easily put two NICs into, if needed, to make it the gatekeeper. > > > > > > - > > > > > > Michael Yacht > > > CTO > > > Ideal Conditions, Inc. > > > 5329 Beeler Street, #2 > > > Pittsburgh, PA 15217 > > > v: 412-325-1375 > > > > Michael, > > > > I have exactly your setup except that I have 2 internet connections and > > (at long last) neither is crappy. > > > > http://yesican.chsoft.biz/lartc > > > > The top part of that describes my setup. Stop when you get to "Now we > > have 2 providers". > > > > Short description: eth0 points to the internal servers which have > > external IPs and I shape the traffic going out on that interface. eth1 > > points to the internet and I shape the traffic going out on that. In > > order to answer for the 4 internal machines, proxyarp is employed. Each > > of the 4 internal machines has a firewall, but these are a LOT quieter > > since I put a firewall on this computer . > > > > You may also want to ftp andthatsjazz.org/pub/lartc > > -- > > gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc on a PDA
Marius Corici wrote: > > hello, > > i have a 5500 iPaq with familiar 0.8.2 on it and i don't know how to > install a traffic shaper tool on it. > I installed iproute2 package i found on familiar site and for that i > have the tc and ip commands, but when trying to add a qdisc, as a > dummy example, i get the next answer: > > > tc qdisc add dev wlan0 root cbq bandwidth 100Mbit avpkt 100 > RTNETLINK answers: Invalid argument This suggests no cbq, so you probably need to recompile the kernel. If you had to install iproute2 then almost certainly the kernel was not built for QoS. > do i have to install some other packages, recompile the kernel or > something else? > > thans in advance, > > Marius Corici Curiosity: What makes you think shaping is needed on a PDA? -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] 3 internet connexions - Problem with my script
> Jeremy SALMON wrote: > > Hi, > > I have a problem with my script. > > I have a debian with a kernel 2.6.8 patched with patch-2.6.8-ja1.diff > of nano.txt site. > > I have 3 internet connections : The following disagrees with the script. Double check your IP addresses. > - eth1 : > - ip : 192.168.8.75 > - gw : 192.168.8.73 > - eth2 : > - ip : 192.168.1.200 > - gw : 192.168.1.2 > - eth3 : > - ip : 192.168.2.200 > - gw : 192.168.2.1 > > and my eth0 for local network (ip : 192.168.212.235) --==snip==-- > ip rule add prio 222 table 222 > ip route add default scope global \ > nexthop via $GWE1 dev $IFE1 weight 1 \ > nexthop via $GWE2 dev $IFE2 weight 4 \ Set the above to 2 and if that does not work well enough then devise a round robin method that favors IFE2 more than 1 to 1 but less than 4. > iptables -t nat -A POSTROUTING -o $IFE3 -s $NWI/$NMI -j MASQUERADE If possible, use SNAT rather than MASQUERADE. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Help? Router/Bandwidth throttle needed.
ICI Support wrote: > > I hope this list is still active. I'm an experienced Linux Sysadmin, but I > haven't done much in the way of routing. Due to a decision made by my > higherups, I need to jam a computer between my ISP and my LAN to do > bandwidth throttling. > > My current setup: > > 1 Crappy Cable Modem (7Mb/768Kb connection) with a static IP. > 4 servers (all have static, routable IPs) - One of which is running NAT/DHCP > (2 NICs) for 6 workstations (All using DHCP) > > I have 1 spare routable IP. > > My current setup has the cable modem plugged directly into my LAN. But it > ends up this modem doesn't do intelligent traffic/bandwidth management. I > need a way to throttle and poll usage through the modem such that neither > uploads nor downloads will ever use the full capacity (and thus dominate the > router). > > Currently, the best I can do, is to throttle some of those 4 servers, but > that doesn't help me with the workstations. So I figured I'd need to jam a > machine between the modem and the LAN to work as a 'gatekeeper' to control > the bidirectional traffic (and I could use it for a firewall too). > > Can someone help me on how I need to set this up? I have a spare box I > could easily put two NICs into, if needed, to make it the gatekeeper. > > - > > Michael Yacht > CTO > Ideal Conditions, Inc. > 5329 Beeler Street, #2 > Pittsburgh, PA 15217 > v: 412-325-1375 Michael, I have exactly your setup except that I have 2 internet connections and (at long last) neither is crappy. http://yesican.chsoft.biz/lartc The top part of that describes my setup. Stop when you get to "Now we have 2 providers". Short description: eth0 points to the internal servers which have external IPs and I shape the traffic going out on that interface. eth1 points to the internet and I shape the traffic going out on that. In order to answer for the 4 internal machines, proxyarp is employed. Each of the 4 internal machines has a firewall, but these are a LOT quieter since I put a firewall on this computer . You may also want to ftp andthatsjazz.org/pub/lartc -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Is it possible to throw all not matched traffic toselected class?
Konrad wrote: > > > What should I do to put all other traffic (not matched by my filters) to > > 3:3? > > OK. I solved the problem. > > I must use default here: tc qdisc add dev eth0 root handle 3:0 htb default 3 > > Is possible to do it using filters? Certainly! You add a filter that directs what you want into the correct flow, then you match everything else with a second filter, directing all that to a different (what is now your default) flow. See the INGRESS portion of the Wonder Shaper if you don't know how to match everything. Use prio to determine the selection order of the filters if necessary. "If necessary" means that filters seldom need different prio values. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Multiple gateways
aristo7514 aristo7514 wrote: > > Dear Edesio; > > Thank you for your help. > > I tried to download the patch and apply it to fedora core 2, but I got > lots of errors. I believe the patch is for kernel 2.4 and my kernel is > 2.6.5. Either, I need to find a distribution that uses kernel 2.4 or > try something else. That is because you downloaded the wrong patch for your kernel. Julian's site has the correct patch, so go find it. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] problem on setting up per user ID based ADSL connection
andrew wong wrote: > When I change to user 'mud1', then: > > mud1#ping 143.89.14.15 > PING 143.89.14.15 (143.89.14.15) 56(84) bytes of data. > 64 bytes from 143.89.14.15: icmp_seq=1 ttl=248 time=23.4 ms > 64 bytes from 143.89.14.15: icmp_seq=2 ttl=248 time=25.5 ms > > However: > mud1#ping www.ust.hk > (no response) > mud1#telnet www.ust.hk 80 > (no response) > mud1#ssh -l solarkid uststu1.ust.hk > (no response) > > Thanks a lot!!~~~ > > Andrew I really shouldn't reply because I don't have an answer for you. I had a similar problem when I set up my multipath routing but I don't recall how I fixed it :< You should know: 1) You MUST install Julian's combined patch for your kernel version: http://www.ssi.bg/~ja/ 2) You should read nano.txt there also. 3) The LARTC HOWTO is wrong. Worse, it is unmaintained so it is not likely to get fixed any time soon. 4) Have a look at http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking 5) I strongly advise that you read Martin Brown's documentation: http://linux-ip.net/ 6) Use the latest iproute2 at http://developer.osdl.org/dev/iproute2/download/iproute2-ss050607.tar.gz 7) Don't use 'ifconfig' or 'route'. Use iproute2's 'ip' instead. 8) Troubleshoot with 'arp -n' and 'ping -I $IFACE' (and maybe tcpdump) starting on the Debian box. My hunch is that your reply packets are getting lost, otherwise you would have said there is an error message when you ping from mud1...? HTH, Gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] problem with ip route and multiple lans
Pawel wrote: > > Hi, I have a little problem to setup iproute in my network > It looks like this: > > - -- >R1 R2 R3 > - -- > | || > | || >--- > ETH1ETH2 ETH3 > > ETH0 ETH4 -> DMZ >-- > | > | > | > -- > Internal Router > -- > > LAN1 LAN2LAN3 > > I've add 3 records to rt_tables file T1, T2 and T3, and wrote scritp: > > ## > > #1ISP > P1_NET1="83.16.76.112" > ETH1="eth1" > IP1="83.16.76.114" > R1="83.16.76.113" > > #2ISP > P2_NET2="80.55.42.32" > ETH2="eth2" > IP2="80.55.42.34" > R2="80.55.42.33" > > #3ISP > P3_NET3=212.160.117.112 > ETH3="eth3" > IP3="212.160.117.114" > R3="212.160.177.113" > > #INTERNAL LAN > P0_NET="192.168.100.0" > ETH0="eth0" > IP0="192.168.100.1 > > #DMZ > P4_NET="10.1.1.0" > ETH4="eth4" > IP4="10.1.1.1" > > ip route add $P1_NET1 dev $ETH1 src $R1 table T1 > ip route add default via $IP1 table T1 > > ip route add $P2_NET2 dev $ETH2 src $R2 table T2 > ip route add default via $IP2 table T2 > > ip route add $P3_NET dev $ETH3 src $R3 table T3 > ip route add default via $R3 table T3 > > ip route add $P1_NET1 dev $ETH1 src $IP1 > ip route add $P2_NET2 dev $ETH2 src $IP2 > ip route add $P3_NET3 dev $ETH3 src $IP3 > > ip rule add from $IP1 table T1 > ip rule add from $IP2 table T2 > ip rule add from $IP3 table T3 > > ip route add default scope global nexthop via $R1 dev $ETH1 weight 1 \ > nexthop via $R2 dev $ETH2 weight 1 \ > nexthop via $R3 dev $ETH3 weight 1 > - > > Using this script i have conection from my NAT to the all ISPs, but not to > LANs. > I know that this script have a lack of routing to my LANs > but i have no idea, how build that routing using iproute. > In present configuration i use route command > /sbin/route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.100.2 dev > eth0 > /sbin/route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.100.2 dev > eth0 > /sbin/route add -net 192.168.30.0 netmask 255.255.255.0 gw 192.168.100.2 dev > eth0 > but this doesnt work with iprote command. > > Thanks for any answer. > > -- > Znajdz swoja milosc na wiosne... >>> http://link.interia.pl/f187a This works for me: ip link set lo up ip addr flush dev lo ip addr add 127.0.0.1/8 brd + dev lo # Can now ping localhost ip link set $IFI up ip addr flush dev $IFI ip addr add dev $IFI local $IPI/32 brd $BRDI # Can now ping any host on the internal interface. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] RTNETLINK answers: File exists
Dariusz Dwornikowski wrote: > > how can i get rid of that ?? > i do del roots before scripting. del ingress? -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] 2-3 uplinks, nat and failover...is it possible?
aristo7514 aristo7514 wrote: > I have a public IP block > 81.8.124.1-81.8.124.63 and 172.17.whatever as well as 172.18.whatever and 81.8.120 :( ... Why do you confuse us with just the one? > Here is the list for my ip addresses. > > eth0 has ip 172.16.55.1/255.255.255.0 > eth0:1 has ip 172.17.56.1/255.255.255.0 > eth0:2 has ip 172.17.57.1/255.255.255.0 > eth0:3 has ip 172.17.58.1/255.255.255.0 > eth0:4 has ip 81.8.124.1/255.255.255.192 I doubt that eth0:# is ever going to work because others have reported failure to this ML under similar circumstances. > eth1 has ip 81.8.120.18/255.255.255.252 > eth3 has ip 172.18.10.30/255.255.255.0 > > One of my internet connection is 81.8.120.18/255.255.255.252 with > gateway of 81.8.120.17 (Public) > > The other one is 172.18.10.30/255.255.255.0 with gateway of > 172.18.10.2 (Behind an ADSL router) Have you read Martin Brown's stuff at http://linux-ip.net/ ? If not, you've missed (what I consider to be) the most understandable documentation on the internet. With Julian's patch, nano.txt and a reading of Martin you should be able to use all the internet connections. Dead Gateway Detection may not work depending on the number of hops to the dead gateway. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
Konrad wrote: > > Szymon Miotk wrote: > > > I have P4 3.0 GHz, 1 GB RAM. > > I have 3500 potential users (top load about 800 users, average 400). I > > have 3 interfaces (2 WAN + 1 LAN), so I have 10500 queues total (3500 on > > each interface). > > The traffic is 24Mbit max, average 20Mbit. > > OK... What's wrong? > > I can only use 4775 filters :/ Konrad, Your script must specify a prio. It cannot be 0 and all filters must be given the same value; I use 'prio 5'. Google "LARTC please document this" for the tail end of the thread from which this comes. It will NEVER get fixed, I think. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Routing for multiple uplinks and SNAT to 2 source IPs
Nelson Castillo wrote: > > Hi, > > I configured a router box to use 2 providers, as described > in the HOWTO. (Apendix 1) > > I want to use both links to reach a single smtp server. As I read > in the kptd and in some old messages of this list, doing a SNAT > in the postrouting chain comes _after_ the routing desision. > So I guess the following lines I'm trying to use are wrong. > (See Apendix 1) > > What can I do to have multiple connection to the same IP to > use both links? You should google "policy based routing Linux" and "port based routing Linux" http://linux-ip.net/html/ch-routing.html http://snafu.freedom.org/linux2.2/docs/advanced-routing/ I know nothing of squid, but previous posts here indicate that it may be useful to you. -- Gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: equal-cost multipath in 2.6.7
Darshan Purohit wrote: > > Sending out this question again. > > On 5/24/05, Darshan Purohit <[EMAIL PROTECTED]> wrote: > > I have question about multipath routing. I am running a 2.6.7 kernel > > (gentoo). > > I have a route with three nexthops on the same interface. I see a > > different nexthop being picked for different destination addresses. > > All is fine. > > > > Now if one of the nexthop goes down (arp entry times out and arp > > request doesnt get a response), does it remove the nexthop from > > contention and only use the remaining two from this point on ? What > > about the flows for which this nexthop was chosen in the recent past. > > Would they move to a different nexthop ? > > > > Can anyone please point me to implementation details about how a > > nexthop is chosen and what is the algorithm used in case of multipath > > routes and how to fine-tune the behaviour. > > > > Thanks. > > Darshan. I suggest you ask Julian Anastasov: http://www.ssi.bg/~ja/ -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Where to get monitor_tc.pl
Peter Kaagman wrote: > > Is there an other place than www.docum.org where one could get > monitor_tc.pl? Docum.org seems to be down. > > Peter Hmm. docum web site is fine for me... ftp://andthatsjazz.org/pub/lartc/monitor_tc.pl -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] What is: "Consider r2q change"
"Oliver Schulze L." wrote: > > Hi, > I'm getting this warning/error in /var/log/messages: > > May 26 18:21:05 mail kernel: HTB: quantum of class 10010 is small. > Consider r2q change. > > Its a big deal? What should I do? > > Many thanks > Oliver > > -- > Oliver Schulze L. > <[EMAIL PROTECTED]> If you are sure you REALLY want the rate that tc is complaining about, you should manually set quantum, probably to 1514 (look at quantum for a rate that does not generate this message for size hints). htb is telling you that the rate is a lot less than the rate of the parent; experience says 31% or less of the parent rate generates this message. tc class add dev eth1 parent 1:1 classid 1:30 htb rate $RATE ceil $CEIL burst 5k quantum 1514 prio 3 -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] compile error while patching iproute2 with esfq
Janis Bistevins wrote: > > Hi! > I'm getting this error while I try to compile iproute2-2.6.11-050330: > > gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -I../include > -DRESOLVE_HOSTNAMES -DCONFIG_GACT -DCONFIG_GACT_PROB -c -o q_esfq.o > q_esfq.c > q_esfq.c: In function `esfq_parse_opt': > q_esfq.c:45: error: structure has no member named `hash_kind' > q_esfq.c:45: error: `TCA_SFQ_HASH_CLASSIC' undeclared (first use in > this function) > q_esfq.c:45: error: (Each undeclared identifier is reported only once > q_esfq.c:45: error: for each function it appears in.) > q_esfq.c:91: error: structure has no member named `hash_kind' > q_esfq.c:94: error: structure has no member named `hash_kind' > q_esfq.c:94: error: `TCA_SFQ_HASH_DST' undeclared (first use in this > function) > q_esfq.c:97: error: structure has no member named `hash_kind' > q_esfq.c:97: error: `TCA_SFQ_HASH_SRC' undeclared (first use in this > function) > q_esfq.c: In function `esfq_print_opt': > q_esfq.c:140: error: structure has no member named `hash_kind' > q_esfq.c:142: error: `TCA_SFQ_HASH_CLASSIC' undeclared (first use in > this function) > q_esfq.c:145: error: `TCA_SFQ_HASH_DST' undeclared (first use in this > function) > q_esfq.c:148: error: `TCA_SFQ_HASH_SRC' undeclared (first use in this > function) > make[1]: *** [q_esfq.o] Error 1 > > Does anybody know what this mean? > > Regards Yeah, I know what it means. Where did you get your esfq patch from? What kernel version? If your kernel is 2.6 then get this patch: http://kem.p.lodz.pl/~peter/qnet/ For a 2.4 kernel, go here: ftp://andthatsjazz.org/pub/lartc/esfq-0.3.tar.gz -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] problem with the "arp" command (using the pub flag)
Antonio Pinizzotto wrote: >___PROBLEM___ > > The problems is that, sometimes, the second line (the one with the P > Flag in the "arp -n" output) desappears for some time and then appears > again... !!? > > Note. > Do you know if it is normal or if it could be a bug in "arp"? > I didn't verify if, when the second line is not present, the host A > continues to answer to ARP Request for 192.168.30.130 on eth0. > In other words I didn't verify if it's just a problem in the output (of > "arp -n" command) and not in the behaviour. > > Antonio You got Trouble, Antonio! I've been running for 2+ months with no "disappearing" PUB arps. arp -n works flawlessly. Wondering: Could it be a bad NIC or cable? -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] ip_conntrack limit --- torrent , DC++ , eMule
foxy 202 wrote: > > I couldn't find any info how to limit IP to open for example over 200 > ip_conntrack connections , not only for single port for with dport > I found connlimit > http://netfilter.org/patch-o-matic/pom-base.html#pom-base-connlimit > > but there is port I cannot limit hole IP > > How can I prevent network from > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > Increasing of ip_conntrack_max cannot be without limits > > Any suggestions are welcome Use your judgement, but I compiled my 2.4 kernel reducing the tcp_timeout_established from 5 days to 2 days in src/linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c which I personally think is still far too long. Any TCP connection that is cca 5 minutes without activity is DEAD AFAIAC. Don't forget the Layer 7 stuff. However, finding something to match becomes ever more difficult. Google may help with conntrack_max limit? -- gypsy > On 5/17/05, gypsy <[EMAIL PROTECTED]> wrote: > > foxy 202 wrote: > > > > > > Hi all, > > > i need advice how can i limit ip_conntrack per IP. > > > clients of network that i support often uses torrent , DC++ , eMule > > > clients and i have lost packages because they open too many ports. > > > > > > i have traffic control limits but this obviously isn't enough > > > > > > Any advance how to prevent server from this kind problems will be welcome. > > > > > > Best regards > > > Emil > > > > The first hit from google on 'netfilter limit per ip' > > returns: > > > > >Try the "dstlimit" match in current versions of netfilter. > > > > > Quoting from the man page: "This module allows you to limit the packet > > > per > > > second (pps) rate on a per destination IP or per destination port base. > > > As > > > opposed to the `limit' match, every destination ip / destination port has > > > it's own limit." > > > > So what's wrong with YOUR google search? > > -- > > Gypsy > > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
