[LARTC] Parent shaping
Hi It's possible if we try to shape the parent class at the parent ceil although total of the child ceil more than parent. Thanks. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] snmp, cacti and shaping
Hi John, If you still have the script for MRTG you could use it also with few modification for Cacti, and here's the step by step tutorial creating graph from script. http://docs.cacti.net/node/300 Regards, Kris On 5/9/2007, John Baker [EMAIL PROTECTED] wrote: Hi I'm trying to move the tracking of the shaping from MRTG to Cacti. My predecessor, who built all this stuff and was far more advanced than I, had a shell script that collected data by running tc -s qdisc show dev on both eth 0 and 1 and then pushing it out via snmp to another server running MRTG. I'm building a new server with cacti and having trouble with the custom templates. Does anyone have any templates/scripts that would help? Thanks -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] smallest rate
Hi, anyone know the smallest rate for tc, is it possible using 0 bps ? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Marking packets by mac addr using tc filter u32 match?
So is there a technique to filter this kind of ARP traffic ? 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 Anyone can help? Michael Davidson wrote: Hi, Forgive me if I point out the obvious. Remember that ARP isn't an IP protocol it's a peer protocol to IP. In the tc filters shown below the protocol is IP and the negative offset works on a IP packet but I suspect that an ARP packet isn't accessible with this technique. If I ubstitute IP for ARP in the filter statement it isn't accepted. Regards Mike D. Kristiadi Himawan wrote: it's should be 0x0806 0x ? or you have the example how to catch that kind of traffic gypsy wrote: Kristiadi Himawan wrote: It's also match to this kind of traffic ? 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 No. The 'match u16 0x0800 0x' says to ignore ARP. Lee Sanders wrote: You haven't done a search on past posts... the u32 can be used to match any bit in the ip header. Before the ip header, there is a frame header. In that frame header you can find the src and dst mac address. You can trick the u32 filter in using the frame header if you use negative offsets. Decimal Offset Description -14:DST MAC, 6 bytes -8: SRC MAC, 6 bytes -2: Eth PROTO, 2 bytes, eg. ETH_P_IP 0: Protocol header (IP Header) Where is the Eth Proto Code (from linux/include/linux/if_ether.h): ETH_P_IP= IP = match u16 0x0800 Where your MAC = M0M1M2M3M4M5 Egress (match Dst MAC): ... match u16 0x 0x at -2 match u32 0xM2M3M4M5 0x at -12 match u16 0xM0M1 0x at -14 Ingress (match Src MAC): ... match u16 0x 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 The below is simplistic but it works to demonstrate the above. tc qdisc add dev ppp0 root handle 1:0 htb default 20 tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil 128kbit tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 # My Laptop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 flowid 1:10 # My Desktop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 flowid 1:20 # change the MAC's of course. tc -s -d class show dev ppp0 tc -s -d qdisc show dev ppp0 tc -s -d filter show dev ppp0 There you have it. :L ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Marking packets by mac addr using tc filter u32 match?
It's also match to this kind of traffic ? 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 Lee Sanders wrote: You haven't done a search on past posts... the u32 can be used to match any bit in the ip header. Before the ip header, there is a frame header. In that frame header you can find the src and dst mac address. You can trick the u32 filter in using the frame header if you use negative offsets. Decimal Offset Description -14:DST MAC, 6 bytes -8: SRC MAC, 6 bytes -2: Eth PROTO, 2 bytes, eg. ETH_P_IP 0: Protocol header (IP Header) Where is the Eth Proto Code (from linux/include/linux/if_ether.h): ETH_P_IP= IP = match u16 0x0800 Where your MAC = M0M1M2M3M4M5 Egress (match Dst MAC): ... match u16 0x 0x at -2 match u32 0xM2M3M4M5 0x at -12 match u16 0xM0M1 0x at -14 Ingress (match Src MAC): ... match u16 0x 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 The below is simplistic but it works to demonstrate the above. tc qdisc add dev ppp0 root handle 1:0 htb default 20 tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil 128kbit tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 # My Laptop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 flowid 1:10 # My Desktop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 flowid 1:20 # change the MAC's of course. tc -s -d class show dev ppp0 tc -s -d qdisc show dev ppp0 tc -s -d filter show dev ppp0 There you have it. :L ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Marking packets by mac addr using tc filter u32 match?
it's should be 0x0806 0x ? or you have the example how to catch that kind of traffic gypsy wrote: Kristiadi Himawan wrote: It's also match to this kind of traffic ? 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 No. The 'match u16 0x0800 0x' says to ignore ARP. Lee Sanders wrote: You haven't done a search on past posts... the u32 can be used to match any bit in the ip header. Before the ip header, there is a frame header. In that frame header you can find the src and dst mac address. You can trick the u32 filter in using the frame header if you use negative offsets. Decimal Offset Description -14:DST MAC, 6 bytes -8: SRC MAC, 6 bytes -2: Eth PROTO, 2 bytes, eg. ETH_P_IP 0: Protocol header (IP Header) Where is the Eth Proto Code (from linux/include/linux/if_ether.h): ETH_P_IP= IP = match u16 0x0800 Where your MAC = M0M1M2M3M4M5 Egress (match Dst MAC): ... match u16 0x 0x at -2 match u32 0xM2M3M4M5 0x at -12 match u16 0xM0M1 0x at -14 Ingress (match Src MAC): ... match u16 0x 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 The below is simplistic but it works to demonstrate the above. tc qdisc add dev ppp0 root handle 1:0 htb default 20 tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil 128kbit tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 # My Laptop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 flowid 1:10 # My Desktop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 flowid 1:20 # change the MAC's of course. tc -s -d class show dev ppp0 tc -s -d qdisc show dev ppp0 tc -s -d filter show dev ppp0 There you have it. :L ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB.init for zebra BGP
Hi,I have successfully shape bandwidth using htb.init using ip address , butwhen i try to shape zebra BGP using their ip address and BGP port it can'tmatch the class for BGP and always get the default class.Here's my htb.init script in the bridge :#eth0-2:50.bgpRATE=128kbitRULE=192.168.192.163RULE=192.168.199.22RULE=*:179#eth1-2:50.bgpRATE=128kbitRULE=192.168.192.163,RULE=192.168.199.22,RULE=*:179,And here's the tcpdump result for the traffic :09:57:36.875357 192.168.199.22.1843 192.168.192.163.179: P1280098168:1280098187(19) ack 1407875708 win 34752 nop,nop,timestamp58101584 523141495: BGP (KEEPALIVE) (DF) [tos 0x2,ECT]09:57:36.875730 192.168.192.163.179 192.168.199.22.1843: . ack 19 win 5792nop,nop,timestamp 523201215 58101584 (DF)09:57:37.166515 192.168.192.163.179 192.168.199.22.1843: P 1:20(19) ack 19win 5792 nop,nop,timestamp 523201505 58101584: BGP (KEEPALIVE) (DF) [tos0x2,ECT]09:57:37.166543 192.168.199.22.1843 192.168.192.163.179: . ack 20 win34752 nop,nop,timestamp 58101875 523201505 (DF)09:58:36.876202 192.168.199.22.1843 192.168.192.163.179: P 19:38(19) ack20 win 34752 nop,nop,timestamp 58161594 523201505: BGP (KEEPALIVE) (DF)[tos 0x2,ECT]09:58:36.876477 192.168.192.163.179 192.168.199.22.1843: . ack 38 win 5792nop,nop,timestamp 523261218 58161594 (DF)09:58:37.174566 192.168.192.163.179 192.168.199.22.1843: P 20:39(19) ack38 win 5792 nop,nop,timestamp 523261516 58161594: BGP (KEEPALIVE) (DF)[tos 0x2,ECT]09:58:37.174589 192.168.199.22.1843 192.168.192.163.179: . ack 39 win34752 nop,nop,timestamp 58161892 523261516 (DF)09:59:36.877134 192.168.199.22.1843 192.168.192.163.179: P 38:57(19) ack39 win 34752 nop,nop,timestamp 58221604 523261516: BGP (KEEPALIVE) (DF)[tos 0x2,ECT]09:59:36.877456 192.168.192.163.179 192.168.199.22.1843: . ack 57 win 5792nop,nop,timestamp 523321222 58221604 (DF)09:59:37.181463 192.168.192.163.179 192.168.199.22.1843: P 39:58(19) ack57 win 5792 nop,nop,timestamp 523321526 58221604: BGP (KEEPALIVE) (DF)[tos 0x2,ECT]Any idea how to overcome this?
Re: [LARTC] tc+mrtg
I already use external script that fetch iptables mangle table from PREROUTING and POSTROUTING counter. But the traffic isn't really accurate, i found when there's bulk UDP traffic come to the shaper, my mrtg shown that the traffic shown bigger than allocated bandwidth for that class. So the question, it's possible to make script from tc command, that count bandwith acctually passing through the shaper. Regards, Kris - Original Message - From: Rene Gallati [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, July 19, 2004 8:47 PM Subject: Re: [LARTC] tc+mrtg Gideon le Grange wrote: On Mon, 2004-07-19 at 14:20, Roy wrote: MRTG can only show interface load, basicaly it is the graphic representation of what you will see with ifconfig. For more advanced graph you need to use another software than mrtg. MRTG can graph any variable that you can read using SNMP. The problem is getting the tc stats readable using SNMP, that's the trick bit (which as far as I've seen can't be done, but I hope I'm wrong). MRTG doesn't necessarily need SNMP, you can feed it ANY value via a perl script. I've been doing it for ages. You just need to get at the values (peridoic tc -s qdisc show, parse it, feed mrtg) From : http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg-reference.html External Monitoring Scripts If you want to monitor something which does not provide data via snmp you can use some external program to do the data gathering. The external command must return 4 lines of output: Line 1 current state of the first variable, normally 'incoming bytes count' Line 2 current state of the second variable, normally 'outgoing bytes count' Line 3 string (in any human readable format), telling the uptime of the target. Line 4 string, telling the name of the target. Depending on the type of data your script returns you might want to use the 'gauge' or 'absolute' arguments for the Options keyword. Example: Target[ezwf]: `/usr/local/bin/df2mrtg /dev/dsk/c0t2d0s0` Note the use of the backticks (`), not apostrophes (') around the command. If you want to use a backtick in the command name this can be done but you must escape it with a backslash ... If your script does not have any data to return but does not want mrtg to complain about invalid data, it can return 'UNKNOWN' instead of a number. Note though that only rrdtool is realy equipped to handle unknown data well. -- C U - -- - -/\/ René Gallati \/\ - --- -- - ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tc + snmp
I already read the readme and here's the error log : gcc -I../../include -I../../include -I. -I../.. -I. -I./../.. -I./../../snmp lib -I./.. -I.. -DINET6 -O2 -D_REENTRANT -Dlinux -c os_checkfns_local.c -fPIC -DPIC -o .libs/qos_checkfns_local.lo In file included from /usr/include/arpa/nameser.h:552, from /usr/include/resolv.h:65, from qos_checkfns_local.c:33: /usr/include/arpa/nameser_compat.h:88: warning: `MAXLABEL' redefined ../../include/net-snmp/library/parse.h:32: warning: this is the location of the previous definition qos_checkfns_local.c: In function `insert_entry': qos_checkfns_local.c:308: `TCA_HTB_RTAB' undeclared (first use in this function) qos_checkfns_local.c:308: (Each undeclared identifier is reported only once qos_checkfns_local.c:308: for each function it appears in.) qos_checkfns_local.c:308: size of array `tb2' has non-integer type qos_checkfns_local.c:314: dereferencing pointer to incomplete type qos_checkfns_local.c:315: dereferencing pointer to incomplete type qos_checkfns_local.c:316: dereferencing pointer to incomplete type qos_checkfns_local.c:317: dereferencing pointer to incomplete type qos_checkfns_local.c:319: dereferencing pointer to incomplete type qos_checkfns_local.c:319: dereferencing pointer to incomplete type qos_checkfns_local.c:320: dereferencing pointer to incomplete type qos_checkfns_local.c:320: dereferencing pointer to incomplete type qos_checkfns_local.c:323: dereferencing pointer to incomplete type qos_checkfns_local.c:324: dereferencing pointer to incomplete type qos_checkfns_local.c:326: dereferencing pointer to incomplete type qos_checkfns_local.c:334: `TCA_HTB_PARMS' undeclared (first use in this function) qos_checkfns_local.c:337: dereferencing pointer to incomplete type qos_checkfns_local.c:341: dereferencing pointer to incomplete type qos_checkfns_local.c:342: dereferencing pointer to incomplete type qos_checkfns_local.c:343: dereferencing pointer to incomplete type make[3]: *** [qos_checkfns_local.lo] Error 1 Any suggestion ? - Original Message - From: Jason Boxman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 19, 2004 1:58 AM Subject: Re: [LARTC] tc + snmp On Friday 18 June 2004 07:41, [EMAIL PROTECTED] wrote: Hi All, I have try to compile net-snmp with QoS patch from http://x-ray.prokon.cz/data/snmp/ but got error, i have try many times but still got the same result. I have compiled it without any problems. What errors did you receive? Did you follow the installation instructions? Anybody have the net-snmp package or binary, deb or rpm that already support QoS ? I haven't seen any yet. Many thnks Regards, Kris ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Traffic acounting
Hi, Sorry the subject OOT. Anyone know about html based (using mrtg) for traffic report that show per service traffic. Thanx. Regards, Kris ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] 10Mbit on HTB
Oh ok, it's working now. The script is fine. My test tool isn't accurate. Now i have test with iperf and get accurate result. Other question ...:) which ingress qdisc that accurate like htb? Thnx - Original Message - From: Rio Martin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 13, 2003 1:07 PM Subject: Re: [LARTC] 10Mbit on HTB On Monday 13 October 2003 12:16, Catalin BOIE wrote: On Sat, 11 Oct 2003, Kristiadi Himawan wrote: I want to try to shape 20-30Mbps traffic using HTB. It's possible? Anyone already try this? Yes. It's working very good. You may want to use hashes if you have a lot of filters. Thanks. Mine also, Here goes the result: ### eth1: traffic classes class htb 1:10 root leaf 10: prio 0 rate 20Mbit ceil 20Mbit burst 27810b cburst 27810b Sent 290896540 bytes 192377 pkts (dropped 0, overlimits 0) rate 2545587bps 1683pps backlog 4p lended: 192373 borrowed: 0 giants: 0 tokens: -8887 ctokens: -8887 Regards, Rio Martin. -- NOC ITENAS-net www.itenas.ac.id ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] 10Mbit on HTB
I want to try to shape 20-30Mbps traffic using HTB. It's possible? Anyone already try this? Thanks.
[LARTC] 10Mbit on HTB
Below is the script: tc qdisc del dev eth2 roottc qdisc add dev eth2 root handle 1 htb default 10 r2q 100 tc class add dev eth2 parent 1: classid 1:2 htb rate 100Mbit tc class add dev eth2 parent 1:2 classid 1:10 htb rate 20Mbit ceil 20Mbittc filter add dev eth2 parent 1:0 protocol ip prio 100 u32 match ip dst 202.xx.xxx.xx/26 classid 1:10 When i try to shape 20Mbit, there's dropped packet but isee the bandwidth not shaped to 20Mbit. But when shape to 10Mbit, i see the bandwidth down to 13Mbit. Any comment with this? Thanks.
[LARTC] Shape on trunked line
Hi All, Any idea how to shape on trunked line. I have try to both devices (eth0 and eth1) but fail and i assumebecause tag vlan on data frame that makes tc filter always missed. Thnx Kris
Re: [LARTC] Htb on trunked line
Here is my scenario, # create bridge 0 brctl addbr br0 brctl stp br0 off brctl addif br0 eth0 brctl addif br0 eth1 ifconfig eth0 up ifconfig eth1 up ifconfig br0 up #create vlan 106 vconfig add eth0 106 vconfig add eth1 106 #create bridge 106 (vlan 106) brctl addbr br106 brctl addif br106 eth0.106 brctl addif br106 eth1.106 I expect packet with vlan 106 would go to br106 and the others to br0. Am I right? - Original Message - From: Ryan Goldberg [EMAIL PROTECTED] To: Kristiadi Himawan [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, October 06, 2003 5:58 PM Subject: Re: [LARTC] Htb on trunked line On Mon, 2003-10-06 at 01:14, Kristiadi Himawan wrote: So you already succeed on bridging per vlan, could you tell me how to make such kind of configuration I'll see if I can remember to grab the config from work today. But there shouldn't be much do it. For instance our linux box sits between a router and a 2924. We trunk on port 24, and bridge 23 vlans across into ports 1 - 23. The linux box has eth0 and eth1, and interfaces eth0.1, eth1.1 through eth0.23, eth1.23 are configured (vlans), and then we create 23 bridges br1 through br23 and apply shaping to eth0.x and eth1.x. Ryan ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Htb on trunked line
Ya, i already use linux+iproute2+tc.The shaping is fine but not with the filter. I already read a lot of docs but can't found the same case so if you have appropriate document links, i will be glad to read that... :) Yeah...abt cisco i hope they hear that too :)) - Original Message - From: Steve Wright [EMAIL PROTECTED] To: Kristiadi Himawan [EMAIL PROTECTED] Cc: lartc [EMAIL PROTECTED] Sent: Thursday, October 02, 2003 1:55 AM Subject: Re: [LARTC] Htb on trunked line On Thu, 2003-10-02 at 06:41, Kristiadi Himawan wrote: Dear All, I have configuration like this : DVB Modem || ___Link A \ / trunk/ CiscoRouter CiscoSwitch---Link B \___ Link C Now i want to put a linux bandwith manager using htb to controll Link A-C bandwith, but i don't know where to put the linux pc. I ever try to put the linux pc at the trunked line between CiscoRouter and CiscoSwitch but found that all traffic always go to default class not to appropriate class and i think that's because of VLAN 802.1Q data format at that line so the filter always miss. Any suggestion abt this kind of configuration? remove all the cisco equipment and replace with Linux.. 8-) Linux+iproute2+tc will easily do what you ask, and the cisco will not. The answer is that simple. I wish there was a nice GUI config for this, but there is not, and it is very complicated for me to make. I see your earlier question about how to make this in Linux, and I would suggest you replace your VLAN config with a new Linux IPRoute2+tc config. There will be a lot of reading for you to do, however. 8-/ Google for policy routing and read about policy routing theory. I think cisco should be very concerned about the day that Linux IPRoute2+tc has a GUI... Perhaps, after that day cisco will suddenly design routers that will run Linux. 8-)) best regards, Steve ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB in a bridge+trunk
Hi Steff, This is my new configuration + frame diverter patchutils : divert on eth0 enable ip add tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 32kbit ceil 32kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 24kbit ceil 24kbit tc class add dev eth0 parent 1:1 classid 1:20 htb rate 8kbit ceil 8kbit iptables -A OUTPUT -o eth0 -d 202.43.160.227 -t mangle -j MARK --set-mark 1 tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw classid 1:20 And this is the stats of the htb : ### eth0: queueing disciplines qdisc htb 1: r2q 10 default 10 direct_packets_stat 0 Sent 171787 bytes 162 pkts (dropped 0, overlimits 285) backlog 34p ### eth0: traffic classes class htb 1:1 root rate 32Kbit ceil 32Kbit burst 1639b cburst 1639b Sent 135949 bytes 128 pkts (dropped 0, overlimits 0) rate 2092bps 1pps lended: 0 borrowed: 0 giants: 0 tokens: -276799 ctokens: -276799 class htb 1:10 parent 1:1 prio 0 rate 24Kbit ceil 24Kbit burst 1629b cburst 1629b Sent 171787 bytes 162 pkts (dropped 0, overlimits 0) rate 2092bps 1pps backlog 34p lended: 128 borrowed: 0 giants: 0 tokens: -798987 ctokens: -798987 class htb 1:20 parent 1:1 prio 0 rate 8Kbit ceil 8Kbit burst 1609b cburst 1609b Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 1287999 ctokens: 1287999 ### eth0: filtering rules filter parent 1: protocol ip pref 1 fw filter parent 1: protocol ip pref 1 fw handle 0x1 classid 1:20 Iptables list : Chain PREROUTING (policy ACCEPT 6908076 packets, 10181380173 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 6907998 packets, 10181371532 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 32 packets, 2959 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 93395 packets, 17383989 bytes) pkts bytes target prot opt in out source destination 00 MARK all -- * eth00.0.0.0/0 202.43.160.227 MARK set 0x1 Chain POSTROUTING (policy ACCEPT 93427 packets, 17386948 bytes) pkts bytes target prot opt in out source destination Frame diverter status : version: 0.46 status: active ip: yes icmp:no tcp: no udp: no It's still go to default class 1:10. And here's tcpdump result on bridge : 15:24:14.243196 0:4:79:66:3e:6b 0:6:2a:74:3c:8 8100 70: 802.1Q vlan#106 P0 202.43.160.227.39500 202.43.160.6.33556: . ack 5793 win 63712 nop,nop,timestamp 68757962 9371439 (DF) 15:24:14.243239 0:4:79:66:3e:6b 0:6:2a:74:3c:8 8100 102: 802.1Q vlan#106 P0 202.43.160.227 202.43.160.6: icmp: echo reply I think because the link at the bridge was trunked so the traffic encapsulated with .1Q vlan format, and if i use iptraf to see the traffic, it will classify as non-ip and there's no ip addresses shown at iptraf although there's ftp traffic. And here's normal traffic without trunked line: 16:01:20.082961 0:a:e6:f7:68:5f 0:1:3:de:8:16 ip 60: 202.43.160.4.1168 202.43.160.2.ssh: . ack 65168 win 63688 (DF) 16:01:20.083008 0:1:3:de:8:16 0:a:e6:f7:68:5f ip 338: 202.43.160.2.ssh 202.43.160.4.1168: P 65168:65452(284) ack 1 win 7504 (DF) [tos 0x10] So i think traffic in the bridge should treat like in the switch, decapsulated first from .1Q and then processed at htb after that encapsulated again with .1Q vlan format. Any idea how to make this in linux? or there's any suggestion with this condition? - Original Message - From: Stef Coene [EMAIL PROTECTED] To: kristiadi himawan [EMAIL PROTECTED]; lartc [EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 1:10 AM Subject: Re: [LARTC] HTB in a bridge+trunk On Monday 22 September 2003 13:37, kristiadi himawan wrote: Dear All, Sorry if my question here ever asked before by someone else. I have configuration like this : |-trunking--| V eth0 eth1 V router---bridge with htb---switch 202.xx.xx.227 #!/bin/bash tc qdisc del dev eth0 root handle 1: tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 32kbit ceil 32kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 24kbit ceil 24kbit tc class add dev eth0 parent 1:1 classid 1:20 htb rate 8kbit ceil 8kbit tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip dst 202.xx.xx.227 flowid 1:20 I already patch kernel and tc with htb3.6-020525.tgz from htb website. Here is the result when there's traffic to 202.xx.xx.227, it should go to 1:20, but fill class 1:10 (red sign). ### eth0: queueing disciplines qdisc htb 1: r2q 10 default 10 direct_packets_stat 0 Sent 584256 bytes 881 pkts (dropped 0, overlimits 1113) backlog 35p ### eth0: traffic classes class htb 1:1 root rate 32Kbit
[LARTC] HTB in a bridge+trunk
Dear All, Sorry if my question here ever asked before by someone else. I have configuration like this : |-trunking--| V eth0eth1 V router---bridge with htb---switch 202.xx.xx.227 #!/bin/bashtc qdisc del dev eth0 root handle 1:tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 32kbit ceil 32kbittc class add dev eth0 parent 1:1 classid 1:10 htb rate 24kbit ceil 24kbittc class add dev eth0 parent 1:1 classid 1:20 htb rate 8kbit ceil 8kbit tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip dst 202.xx.xx.227 flowid 1:20 Ialreadypatch kernel and tcwith htb3.6-020525.tgz from htb website. Here is the result when there's traffic to 202.xx.xx.227, it should go to 1:20, but fill class 1:10 (red sign). ### eth0: queueing disciplines qdisc htb 1: r2q 10 default 10 direct_packets_stat 0Sent 584256 bytes 881 pkts (dropped 0, overlimits 1113)backlog 35p ### eth0: traffic classes class htb 1:1 root rate 32Kbit ceil 32Kbit burst 1639b cburst 14704bSent 554186 bytes 846 pkts (dropped 0, overlimits 0)rate 3040bps 3ppslended: 0 borrowed: 0 giants: 0tokens: -7997 ctokens: 8145 class htb 1:10 parent 1:1 prio 0 rate 24Kbit ceil 24Kbit burst 1629b cburst 1629bSent 584256 bytes 881 pkts (dropped 0, overlimits 0)rate 3040bps 3pps backlog 35plended: 846 borrowed: 0 giants: 0tokens: -447876 ctokens: -447876 class htb 1:20 parent 1:1 prio 0 rate 8Kbit ceil 8Kbit burst 1609b cburst 1609bSent 0 bytes 0 pkts (dropped 0, overlimits 0)lended: 0 borrowed: 0 giants: 0tokens: 1287999 ctokens: 1287999 ### eth0: filtering rules filter parent 1: protocol ip pref 1 u32filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:20 match ca2ba0e3/ at 16 Why when i put htbon eth0 to filterclass 1:20 theshapingalways goes to default class 1:10 not1:20 class, the same problem occur when i put htb on eth1? Ialready patch the kernel with 3c95x vlan patch too. Any idea why the filter not working properly or i need another patch to get u32 working in bridging+trunking or i must replace u32 filter with fwmark from ebtables? Thnx.
[LARTC] Performance analysis for qos
Hi, i have tried some qdisc from linux kernel, it's interesting to test the performance from each qdisc, i have see the devik analysis page, but don't know what's the scenario and the analysis tools that used. anybody know some scenarios and tools to test and see the performance from cbq tbf sfq htb red ... etc ? Best regards, --Kristiadi Himawan-- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] lartc analysis
I want to see performance all qdisc in lartc howto, beside using mrtg, there is another tool ? so just only see bytes but another parameter. Best regards, --Kristiadi Himawan-- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] failed shaping outgoing traffic
I used cbq in my gateway, eth1 connecting to internet, and eth0 to local network, to poll traffic in/out using ipchains accounting and mrtg. Now i have succeed shaping incoming traffic to my local network with my configuration using cbq on eth0, but when i try to shaping outgoing traffic from my local network i see it didn't workout from my mrtg. RULE=10.111.1.2 (for incoming) RULE=10.111.1.2, (for outgoing) Any body have an idea to solve this ? Best regards, --Kristiadi Himawan-- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] average speed in a class
Any body knows how to make hosts bandwidth in a class got same bandwidth with the other, so no one can dominate the class bandwidth. Best regards, --Kristiadi Himawan-- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] multiple devices
Hi, I use two interfaces (eth0 and eth1) in my gateway and using HTB to shape traffic from my internal network (eth0), so HTB using root dev eth0 to shape the traffic. if I want to change root dev with eth1 (external), what's the differences with the previous setting ... which ones is better ? Best regards, --Kristiadi Himawan-- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] bw console monitoring
|On Mon, 13 May 2002, Stef Coene wrote: | |If you don't have to much ip addresses, you can create for each address a |iptables rule. You can use the byte counters of iptables to calculate the |bandwidth. And you can plot the data directly with rrd or feed them to mrtg. | |Stef | |-- I already do that before and i have tried bwm and iptraf (nice tools with filtering) too, but still can't do bw console monitoring for each ip address that forwarded. May be anyone ever try to dump byte calculated by ipchain or iptables not to rrd or mtrg but to console ? Any suggestions ? Best regards, --Kristiadi Himawan-- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/