Re: [LARTC] Kernel Packet Traveling Diagram
On Mon, 2 Jul 2007, Edouard Thuleau wrote: Thanks, I know the older version of this diagram and this one is quite the same I told below but the problem is the same for the DNAT. I made another test. I change the DSCP value in the PREROUTING table and I put an ingress policing which match this new dscp value but the filter doesn't match nothing (I work on a Linux 2.6.17). With my test, the older version ( http://www.imagestream.com/~josh/PacketFlow.jpghttp://www.imagestream.com/%7Ejosh/PacketFlow.jpg) of the diagram seams more exactly. Don't know where I got this, but for as long as I can remember I've had this at the top of my scrips as a sort of quick ref. :) # ---PRE--[ROUTE]---FWD--POST-- # Conntrack| Mangle ^Mangle # Mangle | Filter |NAT (Src) # NAT (Dst)|| # (QDisc) | [ROUTE] #v| #IN Mangle OUT Conntrack #| Filter^ Mangle #|| NAT (Dst) #v| Filter Regards, Mark. Have you an idea ? 2007/7/2, nano bug [EMAIL PROTECTED]: Hello, I find this one more useful : http://www.imagestream.com/~josh/PacketFlow-new.pnghttp://www.imagestream.com/%7Ejosh/PacketFlow-new.png On 7/2/07, Edouard Thuleau [EMAIL PROTECTED] wrote: Hi, I find this diagram which details the kernel packet traveling : http://www.docum.org/docum.org/kptd/ Is it up to date ? I made some test and I put a DNAT rules in the PREROUTING table of an interface and I attach it a ingress policy, the dst IP wasn't changed. the DNAT it isn't yet make. I've another question (I'm not sure is it the good mailing list), for the fragment packet, I see the ingress policy doesn't work correctly and I'd like to know where in the kernel travel of the packet the fragment are re-assemble ? At the NAT or in the routing ? Thanks, Edouard. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] GRE tunnel
On Wed, 2007-06-27 at 10:29 -0600, Greg Hartung wrote: Finally, a hint of light: The first is a tcpdump while pinging the remote end, 66.1.2.161, and it looks normal: 10:12:10.441842 00:19:b9:dd:ff:d9 ip 100: IP 66.1.1.161 66.1.2.161: icmp 64: echo request seq 1 10:12:10.442344 00:01:e8:0f:ee:f8 ip 100: IP 66.1.2.161 66.1.1.161: icmp 64: echo reply seq 1 This next is a ping of the remote tunnel end, 10.253.253.2 10:12:18.970786 00:19:b9:dd:ff:d9 arp 44: arp who-has 66.1.2.161 tell 66.1.1.161 I am *very* confused by this. Somehow, when I try to send traffic thru the tunnel, it thinks that the remote physical end is directly attached and should ARP for it even tho it is pingable?!?!!? It is definitely not on-net - it is many hops away - but it is reachable via a default route. Hmmm... interrestig. What does ip ro get 66.1.2.161 say? And for 10.253.253.2? Regards, Mark. Routing table before the tunnel is configured: [EMAIL PROTECTED] ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 66.1.1.128 0.0.0.0 255.255.255.192 U 0 0 0 eth0.2 10.1.2.00.0.0.0 255.255.254.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0.2 10.0.0.010.1.2.254 255.0.0.0 UG0 0 0 eth0 0.0.0.0 66.11.51.1290.0.0.0 UG0 0 0 eth0.2 [EMAIL PROTECTED] ~]# And while it's configured: [EMAIL PROTECTED] ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 66.1.1.128 0.0.0.0 255.255.255.192 U 0 0 0 eth0.2 10.253.253.00.0.0.0 255.255.255.0 U 0 0 0 gretun 10.1.2.00.0.0.0 255.255.254.0 U 0 0 0 eth0 10.50.0.0 0.0.0.0 255.255.0.0 U 0 0 0 gretun 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0.2 10.0.0.010.1.2.254 255.0.0.0 UG0 0 0 eth0 0.0.0.0 66.11.51.1290.0.0.0 UG0 0 0 eth0.2 On 6/26/07 5:01 PM, Greg Hartung [EMAIL PROTECTED] wrote: I'm still stuck on this one and could really use some help. I just finished trying it on an FC3 box too to make sure it wasn't CentOS specific issue but there's still no output from tcpdump. I also spent some time looking over Cisco examples to make sure I wasn't misremembering the concepts. No surprises there. Does anyone have any ideas or can someone suggest a more appropriate forum for the question? Thanks!! On 6/21/07 11:52 AM, Greg Hartung [EMAIL PROTECTED] wrote: I am trying to setup GRE between two CentOS 4.5 boxes. I have tried several variations of what's listed below, but none of them work. box1: modprobe ip_gre ip link set gre0 up ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev eth0 ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24 ip link set dev gretun up ip route add 10.2.0.0/16 via 10.253.253.2 box2: modprobe ip_gre ip link set gre0 up ip tunnel add gretun mode gre local 66.1.2.161 remote 66.1.1.161 ttl 20 dev eth0 ip addr add dev gretun 10.253.253.2 peer 10.253.253.1/24 ip link set dev gretun up ip route add 10.1.0.0/16 via 10.253.253.1 tcpdump shows NO rx or tx traffic from either box that isn't ARP or SSH. It's as if it's not even trying to bring the tunnel up. I'm a Cisco guy, so I'm lost with my show commands. The other variations I've tried consist mostly of trying different combinations of on-net (in the same subnet as eth0 and even the same address as eth0) and off-net (various combinations of loopback /24 and /32 addresses in separate 10 space) on the 'ip addr add dev gretun' statements. But the above example is what *should* work on a Cisco, I think. It's been a while. How do I troubleshoot this? This is all I've got so far: [EMAIL PROTECTED]:/home/root $ ip link 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: BROADCAST,MULTICAST,UP mtu 8800 qdisc pfifo_fast qlen 1000 link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff 3: eth0.2: BROADCAST,MULTICAST,UP mtu 8800 qdisc noqueue link/ether 00:19:b9:dd:ff:d9 brd ff:ff:ff:ff:ff:ff 4: gre0: NOARP,UP mtu 1476 qdisc noqueue link/gre 0.0.0.0 brd 0.0.0.0 5: [EMAIL PROTECTED]: POINTOPOINT,NOARP,UP mtu 8776 qdisc noqueue link/gre 66.1.1.161 peer 66.1.2.161 [EMAIL PROTECTED]:/home/root $ ip tun gre0: gre/ip remote any local any ttl inherit nopmtudisc gretun: gre/ip remote 66.1.2.161 local 66.1.1.161 dev eth0 ttl 20 [EMAIL PROTECTED]:/home/root
[LARTC] Re: HTB question, tokens.
On Thu, 2007-06-21 at 23:22 +0200, Christian Benvenuti wrote: Hi Mark, Hi, What exactly are the tokens? I thought each token allowed the sending of one byte, that tokens are stored in a bucket that can hold a max of burst tokens, and that this bucket is filled with tokens at rate. But theory does not seem to explain the tc -s .. output in the examples below. And I can't figure out why or how... Tokens normally represent the number of bytes the token bucket algorithm has accumulated. However, the numbers you see with tokens/ctokens are not expressed in bytes: they are expressed in units of time whose size is an approximation of 1 microsecond (how close a unit of time is to 1 microsecond depends on the kernel config). For example, the value of tokens that you see soon after configuring the HTB qdisc (and supposing no traffic has gone through the qdisc yet) is the number of pseudo microseconds that are necessary to transmit burst bytes at the rate rate configured on the class. Thanks for the explanation. I understand, the tokens as displayed are based on implementation details rather then pure concept/theory. Guess it also explains why the number of tokens can be negative. If a (c)bursts causes a class to exceed it's configured rate it will take some time (that many pseudo microseconds) for the rate to drop back to the configured rate. Right? It may look more complex that what it actually is. Just think of it as the number of (pseudo) microseconds the class can transmit at rate rate without terminating its tokens. The last sentence above should answer your questions in the second part of the email too. Indeed. Thanks, Mark. Regards /Christian [ http://benve.info ] #tc qdisc del dev eth0 root #tc qdisc add dev eth0 root handle 1: htb default 1 #tc class add dev eth0 parent 1:0 classid 1:1 htb rate 2mbit #tc -s -d class show dev eth0 class htb 1:1 root prio 0 quantum 25000 rate 2000Kbit ceil 2000Kbit burst 2599b/8 mpu 0b overhead 0b cburst 2599b/8 mpu 0b overhead 0b level 0 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 10649 ctokens: 10649 #tc qdisc del dev eth0 root #tc qdisc add dev eth0 root handle 1: htb default 1 #tc class add dev eth0 parent 1:0 classid 1:1 htb rate 1mbit #tc -s -d class show dev eth0 class htb 1:1 root prio 0 quantum 12500 rate 1000Kbit ceil 1000Kbit burst 2099b/8 mpu 0b overhead 0b cburst 2099b/8 mpu 0b overhead 0b level 0 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 17203 ctokens: 17203 Why do the amount of tokens go UP if the configured rate (and burst) is lower? (The commands where run from a script so these amounts of tokens available right after the creation of the class.) If I set the rate to 9mbit the amount of tokens is always lower then the burst size. Wouldn't that mean that there are always too few tokens available to actually burst the burst amount of data? Regards, Mark. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Why does this script noet work (bandwidth, tc en u32)
On Tue, 19 Jun 2007, Frank Remetter wrote: Hey, # uplink tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1: htb tc class add dev eth1 parent 1: classid 1:1 htb rate 100mbit tc class add dev eth1 parent 1:1 classid 1:2 htb rate 1mbit ceil 10mbit tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match ip src 172.31.1.1 flowid 1:2 Could you elaborate on this? Which other fifo qdisc that maintains statistics? Any hints on the right syntax? i guess he is talking of e.g. sfq: tc qdisc add dev eth1 parent 1:2 handle 2: sfq perturb 10 Yeah, that's what I meant. But forget I said it. According to the man page pfifo_fast Does not maintain statistics and does not show up in tc qdisc ls. but I just noticed that it does so it doesn't make a difference. Regards, Mark. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Why does this script noet work (bandwidth, tc en u32)
On Tue, 2007-06-19 at 13:47 +0200, Joost Kraaijeveld wrote: Hi, Can anyone point me out where the script below is wrong? Maybee, I'm new to this stuff and having trouble getting some things to work myself. :S All I want is that host 172.31.1.1 can only use 10 megabit. If I run this script on the in-between router nothing happens (the host uses still the full 100 mbit, tested with iperf) , so i assume that something must be wrong #!/bin/sh # LAN1 NIC tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit # my machine tc class add dev eth0 parent 1:1 classid 1:2 htb rate 1mbit ceil 10mbit One thing I find useful (especially when debugging) is to replace the default fifo qdisc on the leaf with one that _does_ maintain statistics - which you can see with 'tc -s qdisc show dev ...'. Makes it a bit easier to see where your traffic is going, and if that matches your expectations/intentions. # filter tc filter add dev eth0 parent 1:1 protocol ip prio 1 u32 match ip dst 172.31.1.1 flowid 1:2 Try attaching the filter to the root qdisc (parent 1:0). What I think might be happening is that the root qdisc had no idea what to do with the packets - there are no filters there, and you did not specify a default class. So it just sends the packets directly to the interface. Or you could try adding default 1 to the root htb qdisc. From there your filter should do the rest. Only I don't know if default can point to a non-leaf class, if you try let me know if it works or not. HTH, Mark. # LAN2 NIC tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1: htb tc class add dev eth1 parent 1: classid 1:1 htb rate 100mbit # my machine tc class add dev eth1 parent 1:1 classid 1:2 htb rate 1mbit ceil 10mbit # filter tc filter add dev eth1 parent 1:1 protocol ip prio 1 u32 match ip src 172.31.1.1 flowid 1:2 TIA ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] LARTC Wiki
I also think that this would be a good idea. Having examples rulesets and related firewall and QOS stuff. On Tue, Jan 23, 2007 at 03:53:23PM GMT, Andrew Beverley [EMAIL PROTECTED] said the following: I'm not aware of one, and I think it's an excellent idea. There's some great software available for LARTC, and some of the documentation is very good, but unfortunately it's all a bit disparate. A wiki would be a great start. I'd be happy to host one and transfer stuff into it unless someone else has a better idea/offer? Andy Beverley On Tue, 2007-01-23 at 12:46 -0300, Marco Aurelio wrote: Hi all, Since the mail list receives a lot of repeated subjects (for example: i have two adsl lines...), maybe these specific issues should be treated on the LARTC Guide, or maybe if we had an wiki? Is there a LARTC Wiki? If not, what do you think about creating one? Thanks -- Marco ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Mark S. Krenz IT Director Suso Technology Services, Inc. http://suso.org/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Session Limiting per host
Someone else asked a similar question a few weeks ago, but he wanted to do some advanced if this then that session limiting.. Has someone here done session limiting per host? My situation is this: I have 2 direcway (Hughes now) satellites that I'm sharing out to some clients. I only get about 50 sessions per sat, so if any one of my clients has limewire or emule open with it's default sessions set to 300, no one can browse, or it's extremely sluggish. I had a Hotbrick doing the dual wan, and it had session limiting per IP address. Now the hotbrick failed on me, and I need something else to limit the sessions. Just a simple limit of say 15 sessions per IP, or 15 new sessions / second per IP. This site http://www.gentoo.org/doc/en/articles/dynamic-iptables-firewalls.xml#doc_chap3 has some very good scripts, one that almost does that, but it's not a through traffic limit. It's a limit directly to itself. Will this work, or what modifications would need to be made to it? I'm not really advanced enough in linux, and have not had the time to really try it. Thanks Mark ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] HTB GUI
You might want to look into MasterShaper. It's a full tc/ip bandwidth shaper. The author of it is Unki. He's done the GUI in php, and uses some perl scripts to run the actual scripts on the system. He's currently working on a newer version, and I think it's supposed to support multiple wans. Regards, Mark From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of alan tan Sent: Thursday, 23 November 2006 10:18 p.m. To: lartc@mailman.ds9a.nl; lartc@mailman.ds9a.nl Subject: [LARTC] HTB GUI Hi, I have many example of HTB GUI . All is already well developed, which discussed in this link. However, can anyone teach me what software to use to build a own web based GUI HTB software in Fedoracore ( Linux based) ? Thanks Regards Alan ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] iproute2-051007 TC static linked Makefile how to
Hi All I'm the newbie in iproute2. For some reason, I have to use static linked instead of dynamic. My kernel is 2.4.18-14 (Redhat 8.0). After patching htb3.6_tc.diff, still comes out Unknown qdisc htb... by tc qdisc add dev eth0 root handle 1: htb default 20 command. Or any examples/web link discuss about iproute2 static linked? Please advise! BR Mark __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] HTB - prio and rate
Jody - Many thanks for taking the time to reply. It's greatly helped my understanding. From: Jody Shumaker [mailto:[EMAIL PROTECTED] Sent: 12 December 2005 19:14To: Mark LidstoneSubject: Re: [LARTC] HTB - prio and rate No, I wrote what I meant. If classes 1:11 and 1:12 are contending for bandwidth the prio values will have no effect as they are the same. I was making the point that they would get equal shares of the spare bandwidth because they have equal rates (the sparebandwidth is shared out with classes that have higher rates getting moreof the bandwidth than classes with lower rates). Ahh, now that I read it again it does read that way. Sorry about misreading it. OK, so the_ratio_ of rate values for child classes is only taken into account when sharing bandwidth with other child classes that have the same prio value? That has been my experience. However, in practice things won't always confirm to these rules exactly. I think that is more of caused by how TCP throttles bandwidth. In general though the priority does have the intended effect. - Jody ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Marking with firewall
Hi all, I've been trying to do the above and read everything I can find on Google on the subject, but something seems to be going wrong. I tried the following sample rules in iptables (initially I just set the first one, but I added more as my desperation escalated): iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 1 iptables -A FORWARD -p icmp -j MARK --set-mark 1 iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 1 With the following in my traffic shaping script: tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 12:0 The problem is that all ICMP traffic is going out of the default queue (classid 15:0) even though the firewall is catching it (checking the packet counts with 'iptables -t mangle -L -nvx' and 'iptables -L -nvx' shows packets were being caught). So, why are the filters not catching the packets? What obvious mistake have I made? :) Many thanks for any help, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Marking with firewall
Heh heh heh - whoops. I've fixed it. I changed the filter rule to: tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:2 And it worked. Sorry for posting such a silly mistake. Many thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Lidstone Sent: 09 December 2005 16:09 To: lartc@mailman.ds9a.nl Subject: [LARTC] Marking with firewall Hi all, I've been trying to do the above and read everything I can find on Google on the subject, but something seems to be going wrong. I tried the following sample rules in iptables (initially I just set the first one, but I added more as my desperation escalated): iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 1 iptables -A FORWARD -p icmp -j MARK --set-mark 1 iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 1 With the following in my traffic shaping script: tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 12:0 The problem is that all ICMP traffic is going out of the default queue (classid 15:0) even though the firewall is catching it (checking the packet counts with 'iptables -t mangle -L -nvx' and 'iptables -L -nvx' shows packets were being caught). So, why are the filters not catching the packets? What obvious mistake have I made? :) Many thanks for any help, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] can the htb applied to http/ftp server not in the router???
Hi Ismail, Try something like: # Setup the root HTB qdisc and it's child class. Traffic defaults to child number 4 (1:4) tc qdisc add dev eth0 root handle 1:0 htb default 4 tc class add dev eth0 parent 1:0 classid 1:1 htb rate 100kbit ceil 100kbit # Create the first queue (HTTP), limited to 30kbit/sec tc class add dev eth0 parent 1:1 classid 1:2 htb rate 30kbit ceil 30kbit tc qdisc add dev eth0 parent 1:2 handle 12:0 pfifo # Create the second queue (FTP), limited to 60kbit/sec tc class add dev eth0 parent 1:1 classid 1:3 htb rate 60kbit ceil 60kbit tc qdisc add dev eth0 parent 1:3 handle 13:0 pfifo # Create the third (default) queue, limited to 10kbit/sec tc class add dev eth0 parent 1:1 classid 1:4 htb rate 10kbit ceil 10kbit tc qdisc add dev eth0 parent 1:4 handle 14:0 pfifo # Create rules at the root to put HTTP and FTP traffic into the # correct queue tc filter add dev eth0 parent 1:0 u32 match tcp sport 80 0x flowid 1:2 tc filter add dev eth0 parent 1:0 u32 match tcp sport 443 0x flowid 1:2 tc filter add dev eth0 parent 1:0 u32 match tcp sport 21 0x flowid 1:3 tc filter add dev eth0 parent 1:0 u32 match tcp sport 20 0x flowid 1:3 If I've done something wrong here, please can someone point it out? I hope this helps, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ismail Fahmi Sent: 07 December 2005 18:50 To: lartc@mailman.ds9a.nl Subject: [LARTC] can the htb applied to http/ftp server not in the router??? can someone help me?? - | server (http ftp) | -- 1.2.3.4 - | | | - 10/100 MB LAN | | | -- | client | - 1.2.3.5 -- i want the client download file from http server with maximum rate is 30 kbps and download from ftp server with max rate is 60 kbps other use 10 kbps (total is 100 kbps), qos is set in the server... i want use htb tools that i have installed (linux kernel 2.4.20-8) i had read htb manual, but when i tried to download from client, the rate always 7mbps ( whereas i put ceil 100kbps at the root class ), i want to ask, can htb/lartc applied in the server not in the router??? if can, please someone post a tc command for a problem above!! thank you regards -fals- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] HTB - prio and rate
Thanks very much for the response Andreas. Ah ha! It's just me not explaining myself very well, then. So, could someone please comment on whether this general rule is correct please? root QDISC(HTB) handle=1:0 | | CLASS(HTB) classid=1:1 ceil=max rate=max | +++++ || || CLASS(HTB) CLASS(HTB) CLASS(HTB) CLASS(HTB) classid=1:11 classid=1:12 classid=1:1(n-1) classid=1:1n prio=1 prio=1 prio=2 prio=2 ceil=max ceil=max ceil=max ceil=max rate=(max/n) rate=(max/n) rate=(max/n) rate=(max/n) So, if (as in this case) there are 4 classes and say the maximum rate was 100kbps, each would receive an equal amount of guaranteed bandwidth (max/n === 100kbps/4 = 25kbps) but if there were spare bandwidth available, classes 1:11 and 1:12 would share the extra equally (because they have identical rate values) but if 1:11 and 1:13 were contending for extra bandwidth (for instance), 1:13 would only receive that which 1:11 didn't use. Obviously I understand that the child classes could have varying rate and ceil values to be tuned for whatever specific use someone wanted to put them to, but this is simply a basic example. Many thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Klauer Sent: 05 December 2005 18:15 To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] HTB - prio and rate On Monday 05 December 2005 10:40, Mark Lidstone wrote: 1) The sum of all HTB classes under a single HTB qdisc should add up to the maximum rate of the qdisc A HTB qdisc does not have a rate; it's the classes that do. And it's not all classes, but just parent-children relationship. The sum of the children class rates should be the parent class rate. Maximum rate doesn't sound right either; just to avoid misunderstandings, we're talking about rate here, not ceil. Think of rate as 'this much bandwidth is guaranteed at all times for this class (and divided between the children)', then you should get it about right. 2) HTB's prio is only used when 'borrowing' bandwidth from other classes under the same HTB qdisc, then classes with a given prio will only be able to borrow bandwidth when classes with a lower prio have nothing waiting classes under the same HTB qdisc is too general. You have to respect parent / child / sibling relationship as well. A class can't just borrow from any other class. For example, if a class has same rate and ceil, it won't borrow anything, simply because it doesn't have to. And if the parent won't borrow, it's children won't borrow from outside classes either, even though they are under the same qdisc. Is this correct? Getting there, I think. Regards, Andreas Klauer ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] HTB - prio and rate
Hi, It's not for a particular use that I was asking, it was just for my understanding. So what I think people are saying is: 1) The sum of all HTB classes under a single HTB qdisc should add up to the maximum rate of the qdisc 2) HTB's prio is only used when 'borrowing' bandwidth from other classes under the same HTB qdisc, then classes with a given prio will only be able to borrow bandwidth when classes with a lower prio have nothing waiting Is this correct? Many thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian J. Murrell Sent: 02 December 2005 20:31 To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] HTB - prio and rate On Fri, 2005-12-02 at 21:25 +0100, Andreas Klauer wrote: Actually, a class is always able to use it's rate at any time. The prio has only an effect when the class is trying to borrow bandwidth from others - then the high prio classes are allowed to take what they need first. I have wondered about something like this too. I want to simply prioritize my upstream bandwidth use, not limit it's use by anything. Just say (for example) that if an SSH packet is somewhere in the outbound direction when it hits the queue it gets put to the front of the queue to minimize the latency of SSH whereas something like bittorrent waits for SSH but otherwise gets full use of the upstream bandwidth. In fact if I were to saturate the upstream with SSH, something like bittorrent should effectively get no bandwidth at all. I think this is what Mark wants to, if I'm understanding him correctly. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB - prio and rate
Hi all, I've not been able to find an explanation of the relationship between prio and rate as they apply to the HTB technique. Hopefully someone on here will be able to help me. As I understand things, when prio values are assigned to an HTB setup, classes with a given prio value will only be serviced when there are no packets waiting in classes with a lower prio value. Now, does this mean that the rate values for classes with different prio values should be considered separate? E.g. imagine the following: root | | Q 1:0 HTB | | C 1:1 HTB rate=100kbit ceil=100kbit / / \ \ ___/ / \ \__ | __/ \__ | | | | | C 1:2 HTB C 1:3 HTB C 1:4 HTB C 1:5 HTB prio=1prio=1 prio=2prio=2 rate=(a) rate=(b)rate=(c) rate=(d) | | | | | | | | Q 12:0 pfifo Q 13:0 pfifoQ 14:0 pfifo Q 15:0 pfifo Should rates (a) and (b) add up to the maximum rate (100kbit in this example), with (c) and (d) adding up to the same, or should the total of (a), (b), (c) and (d) be the maximum rate? I would have thought that seeing as queues 1:2 and 1:3 would always take precedence over queues 1:4 and 1:5 that they would almost be treated separately? I suppose it all depends on whether the rate shares are calculated over all sub-classes, or if separate calculations are done for each priority group under the HTB class. Also, it's very possible I've completely misunderstood something fundamental here. If so, please point it out. Many thanks for any information, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Pfifo_fast Unknown qdisc and asking for basic design advice
Hi Andy, The situation is this: there are a total of four companies represented in our building. We've all been looking at upgrading our Internet connections from ADSL, and as we're all owned by the same parent company it made sense to buy our bandwidth in bulk. As such we're hoping to get a 4Mb/4Mb pipe of some description. One of the drivers for going ahead with this is the fact that one of the companies wants to start using some reasonably funky video conferencing equipment. The four companies are not paying the same amount each for the connection. Each company has agreed to pay an amount that represents their expected usage of the system. To keep things fair, we would like to shape the traffic on the link to reflect the amounts people are paying. Also, the video conferencing equipment (as it will be available to all the companies in the building) will need a guaranteed chunk of bandwidth itself. We've looked at getting our ISP to provide the traffic shaping, but they want to charge a large setup fee and quite a bit of money per quarter to 'maintain' it (to leave the settings alone, in other words). I'm looking at using a spare box we have here as a means of shaping our outgoing traffic as an alternative. The idea is that downstream traffic will still be better off than with a 20:1 contended ADSL. The traffic will be split by IP, so the latest incarnation of the rules I have are: SQ=tc qdisc add dev eth0 SC=tc class add dev eth0 SF=tc filter add dev eth0 tc qdisc del dev eth0 root $SQ root handle 1:0 htb $SC parent 1:0 classid 1:1 htb rate 4mbit $SC parent 1:1 classid 1:2 htb rate ratekbit ceil 4mbit $SC parent 1:1 classid 1:3 htb rate ratekbit ceil 4mbit $SC parent 1:1 classid 1:4 htb rate ratekbit ceil 4mbit $SC parent 1:1 classid 1:5 htb rate ratekbit ceil 4mbit $SC parent 1:1 classid 1:6 htb rate ratekbit ceil 4mbit $SQ parent 1:2 handle 120: pfifo limit 50 $SQ parent 1:3 handle 130: pfifo limit 50 $SQ parent 1:4 handle 140: pfifo limit 50 $SQ parent 1:5 handle 150: pfifo limit 50 $SQ parent 1:6 handle 160: pfifo limit 50 $SF parent 1:0 protocol ip prio 1 u32 match ip src 1.1.1.5/32 flowid 1:6 $SF parent 1:0 protocol ip prio 2 u32 match ip src 1.1.1.1/32 flowid 1:2 $SF parent 1:0 protocol ip prio 3 u32 match ip src 1.1.1.2/32 flowid 1:3 $SF parent 1:0 protocol ip prio 4 u32 match ip src 1.1.1.3/32 flowid 1:4 $SF parent 1:0 protocol ip prio 5 u32 match ip src 1.1.1.4/32 flowid 1:5 It's just a very simple 5-child HTB with pfifo queues. I might split things down more later, but this should get things going. It's just a pity that the ISP want to charge stupid amounts of money for the shaping. Many thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == -Original Message- From: Andy Furniss [mailto:[EMAIL PROTECTED] Sent: 14 November 2005 22:36 To: Mark Lidstone Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Pfifo_fast Unknown qdisc and asking for basic design advice Mark Lidstone wrote: Hi Andy, Many thanks for the reply. Is there a reason why the user is not supposed to use pfifo_fast? I don't think I need a full-on PRIO (surely pfifo_fast is more efficient if it is classless?). Sorry for asking, but I didn't come across this limitation in the documentation. Not sure really. Following your suggestions, I've come up with the following: #!/bin/sh SQ=tc qdisc add dev eth0 SC=tc class add dev eth0 SF=tc filter add dev eth0 tc qdisc del dev eth0 root $SQ root handle 1:0 htb $SC parent 1:0 classid 1:1 htb rate 4096kbit $SC parent 1:1 classid 1:2 htb prio 0 rate 768kbit #Video Conferencing $SC parent 1:1 classid 1:3 htb prio 1 rate 1545kbit #Company 1 $SC parent 1:1 classid 1:4 htb prio 1 rate 832kbit #Company 2 $SC parent 1:1 classid 1:5 htb prio 1 rate 713kbit #Company 3 $SC parent 1:1 classid 1:6 htb prio 1 rate 238kbit #Company 4
RE: [LARTC] Pfifo_fast Unknown qdisc and asking for basic design advice
Hi Stephen, Many thanks for that information. I thought my iproute2 was up to date, but I must have made a mistake somewhere. I'll go and grab it again. I can see your point about prio or (p/b)fifo not being much slower, but this will be running on an oldish Celeron box so I wanted to make things as memory efficient as possible. Again, many thanks for clearing that up. Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == -Original Message- From: Stephen Hemminger [mailto:[EMAIL PROTECTED] Sent: 15 November 2005 19:00 To: Mark Lidstone Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Pfifo_fast Unknown qdisc and asking for basic design advice On Fri, 11 Nov 2005 09:50:03 - Mark Lidstone [EMAIL PROTECTED] wrote: Hi all, I've done a search through the archives but I can't find a cause/solution to this. I'm running a FC4 box with the stock 2.6.12 kernel and a FC2 box with a stock 2.6.9 kernel. I'm obviously using iproute2 and the patched tc. When I clear down the qdiscs with tc qdisc del dev DEV root I get the following in response to tc qdisc: qdisc pfifo_fast 0: dev eth0 [Unknown qdisc, optlen=20] qdisc pfifo_fast 0: dev eth1 [Unknown qdisc, optlen=20] Current versions of iproute2 know about pfifo_fast. Unfortunately I cannot add pfifo_fast as a queue type (I was hoping to use one - see below). Have I missed something? pfifo_fast is only suitable as a baseline with no other qdisc's involved. It can only sit directly on the device (at the bottom). It shouldn't be that much faster than doing it with prio and fifo for most things. The additional overhead of prio and fifo are mostly because they are in separate modules and that adds some memory locality penalty. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Pfifo_fast Unknown qdisc and asking for basic design advice
Hi all, I've done a search through the archives but I can't find a cause/solution to this. I'm running a FC4 box with the stock 2.6.12 kernel and a FC2 box with a stock 2.6.9 kernel. I'm obviously using iproute2 and the patched tc. When I clear down the qdiscs with tc qdisc del dev DEV root I get the following in response to tc qdisc: qdisc pfifo_fast 0: dev eth0 [Unknown qdisc, optlen=20] qdisc pfifo_fast 0: dev eth1 [Unknown qdisc, optlen=20] Unfortunately I cannot add pfifo_fast as a queue type (I was hoping to use one - see below). Have I missed something? Secondly, I was wondering if anyone could look over what I am trying to do and point out any stupid mistakes I've made. I am trying to get the following setup working: root | | PRIO / | \ __/ | \__ | | | 0 | 2 pfifo_fast1sfq HTB__ / | \ \ __/ | \__ \__ | | | | sfq sfq sfq sfq Basically, we have 4 companies that will be sharing bandwidth on a connection (the four sfq's at the bottom) and some video conferencing equipment that needs priority over everything (the pfifo_fast). Have I misunderstood anything vital here? Many thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Pfifo_fast Unknown qdisc and asking for basic design advice
Hi Andy, Many thanks for the reply. Is there a reason why the user is not supposed to use pfifo_fast? I don't think I need a full-on PRIO (surely pfifo_fast is more efficient if it is classless?). Sorry for asking, but I didn't come across this limitation in the documentation. Following your suggestions, I've come up with the following: #!/bin/sh SQ=tc qdisc add dev eth0 SC=tc class add dev eth0 SF=tc filter add dev eth0 tc qdisc del dev eth0 root $SQ root handle 1:0 htb $SC parent 1:0 classid 1:1 htb rate 4096kbit $SC parent 1:1 classid 1:2 htb prio 0 rate 768kbit #Video Conferencing $SC parent 1:1 classid 1:3 htb prio 1 rate 1545kbit #Company 1 $SC parent 1:1 classid 1:4 htb prio 1 rate 832kbit #Company 2 $SC parent 1:1 classid 1:5 htb prio 1 rate 713kbit #Company 3 $SC parent 1:1 classid 1:6 htb prio 1 rate 238kbit #Company 4 $SQ parent 1:2 handle 5:0 prio #Video Conferencing $SQ parent 1:3 handle 6:0 prio #Company 1 $SQ parent 1:4 handle 7:0 prio #Company 2 $SQ parent 1:5 handle 8:0 prio #Company 3 $SQ parent 1:6 handle 9:0 prio #Company 4 $SF parent 1:0 protocol ip prio 0 u32 match ip src 1.2.3.4/32 flowid 5:0 $SF parent 1:0 protocol ip prio 0 u32 match ip src 1.2.3.5/32 flowid 6:0 $SF parent 1:0 protocol ip prio 0 u32 match ip src 1.2.3.6/32 flowid 7:0 $SF parent 1:0 protocol ip prio 0 u32 match ip src 1.2.3.7/32 flowid 8:0 $SF parent 1:0 protocol ip prio 0 u32 match ip src 1.2.3.8/32 flowid 9:0 (I've a horrible feeling there's something obviously and fundamentally wrong with this) What happens with any traffic not from these IPs? Many thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == -Original Message- From: Andy Furniss [mailto:[EMAIL PROTECTED] Sent: 11 November 2005 14:22 To: Mark Lidstone Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Pfifo_fast Unknown qdisc and asking for basic design advice Mark Lidstone wrote: Hi all, I've done a search through the archives but I can't find a cause/solution to this. I'm running a FC4 box with the stock 2.6.12 kernel and a FC2 box with a stock 2.6.9 kernel. I'm obviously using iproute2 and the patched tc. When I clear down the qdiscs with tc qdisc del dev DEV root I get the following in response to tc qdisc: qdisc pfifo_fast 0: dev eth0 [Unknown qdisc, optlen=20] qdisc pfifo_fast 0: dev eth1 [Unknown qdisc, optlen=20] Unfortunately I cannot add pfifo_fast as a queue type (I was hoping to use one - see below). Have I missed something? pfifo_fast is what you get as default on interfaces - it's just like prio but not meant to be used by you - I suppose you could nest prios, but in this case I think what you need is just pfifo or bfifo. Secondly, I was wondering if anyone could look over what I am trying to do and point out any stupid mistakes I've made. I am trying to get the following setup working: root | | PRIO / | \ __/ | \__ | | | 0 | 2 pfifo_fast1sfq HTB__ / | \ \ __/ | \__ \__ | | | | sfq sfq sfq sfq Basically, we have 4 companies that will be sharing bandwidth on a connection (the four sfq's at the bottom) and some video conferencing equipment that needs priority over everything (the pfifo_fast). Have I misunderstood anything vital here? You would be better off having htb as root so you can throttle traffic to below link speed. You can htb's prio parameter to do much the same. Sfq is nice but the perturb causes packet reordering I would think about trying to seperate each
Re: [LARTC] Weighted packet shaping?
Mark Williams (MWP) wrote: Are you sure that FTP is going to class 22 and not default - tc -s qdisc ls dev $INTERFACE or tc -s class ls dev $INTERFACE will show counters. I am. I graph using tc -s qdisc show dev ppp0 with rrdtool. Ahh, I assume you patched and recompiled your 2.6.8.1. I just tried the script below on 2.4.24 and 2.6.8.1 and it works as I expect. I checked rates with iptraf and tc -s class ls dev ppp0. If you use htb's rate counter than be aware it uses a long average 60 sec and I notice that on my 2.6.8.1 setup it says bit where it probably should say bps (= bytes per sec). Does it work for you ? If you want to graph then add some queues. Andy. Ok... Using your script gave the following (from 17:30 onwards): http://www.overclockers.com.au/~mwp/temp/tc-1hour-yours.png Purple is class 23; all other traffic, in this case bittorrent. Blue is class 21; a windows box, in this case an FTP transfer. Shouldnt class 23 still be dropping off further than that? It seems HTB is wanting to share traffic equally among on the classes rather than by priority. You script is pretty much having the same effect as mine :( BTW... this is now with kernel 2.6.10, not that seems to have changed its behaviour. Thanks again! Mark Williams. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Weighted packet shaping?
Mark Williams (MWP) wrote: For now try making a parent with rate and ceil 220kbit. Have 4 child/leaf classes like - (assuming 1 is highest priority) class 1 rate 120 ceil 220 prio 0 class 2 rate 50 ceil 220 prio 1 class 3 rate 25 ceil 220 prio 2 class 4 rate 25 ceil 220 prio 3 There are other tweaks you can try, it depends how much you care about latency. You could also share the windows boxes bandwidth by IP. I don't do it quite like the above - so if it doesn't work, say and I'll think again. snip Try to make it look like I said - back off from 256 ceil, make rates add up to master rate (220), give interactive more rate than it will ever need. Ok, im now trying: class add dev $INTERFACE parent 1: classid 1:1 htb rate 220kbit class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 70kbit ceil 220kbit prio 1 class add dev $INTERFACE parent 1:1 classid 1:21 htb rate 50kbit ceil 220kbit prio 2 class add dev $INTERFACE parent 1:1 classid 1:22 htb rate 25kbit ceil 220kbit prio 3 class add dev $INTERFACE parent 1:1 classid 1:23 htb rate 25kbit ceil 220kbit prio 4 class add dev $INTERFACE parent 1:1 classid 1:24 htb rate 25kbit ceil 220kbit prio 5 class add dev $INTERFACE parent 1:1 classid 1:25 htb rate 25kbit ceil 220kbit prio 8 Its simply not working. Bittorrent is using ~22kb/sec on class 25, leaving the FTP upload (class 22) sitting on only ~3kb/sec. Any ideas? Are you sure that FTP is going to class 22 and not default - tc -s qdisc ls dev $INTERFACE or tc -s class ls dev $INTERFACE will show counters. I am. I graph using tc -s qdisc show dev ppp0 with rrdtool. Thanks, Mark. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] What is wrong here (continued...)?
On Friday 24 December 2004 08:42, Mark Williams (MWP) wrote: On Thursday 23 December 2004 17:52, Mark Williams (MWP) wrote: As you can see class 25 has priority 8, so all other traffic should get preference, which is not happening. It almost seems like all the priorities are reversed... Err... I haven't checked the docs, but I think that's because the priorities are the other way around... Nope, the HTB man page says: prio priority In the round-robin process, classes with the lowest priority field are tried for packets first. Manda- tory. I did actually try reversed priorities after i made the graph, etc though. It just made things worse... so they are in the correct order. If you have classes with different prio's, you have to know what's going on. The class with the lowest prio has the highest priority. This means that that class will get the lowes delay ONLY if this class is not sending more then the configured rate. This also means that this class will get the remaining bandwidth of the parent AFTER the other child classes are served. Ok, so priorities are ignored as soon as used bandwidth of a class goes above the rate setting? If a class goes aboive the rate setting, the class will get a bad (big) delay. If it stays under the rate, it will get a low delay. So prio does 2 things, and in most cases you don't need prio to do what you want to do. Prio is perfect to speed up low rate traffic like ack, telnet, ssh (no scp), ... I see... Ok, ive just tried: class add dev $INTERFACE parent 1: classid 1:1 htb rate 256kbit class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 256kbit ceil 256kbit prio 1 class add dev $INTERFACE parent 1:1 classid 1:25 htb rate 32kbit ceil 128kbit prio 8 Even with this, class 25 still seems to get preference of traffic... it just sticks at 128kbit outbound no matter what class 20 is doing. With what youve said above, i cant see how this is the case? Thanks again, and Merry Christmas to all, Mark. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Weighted packet shaping?
Mark Williams (MWP) wrote: Ok. My Linux (which is connected to the ADLS modem) box runs HTTP, FTP, etc services and also runs bittorrent, edonkey, etc. I have two other PCs (both windows) which connect to the internet via the Linux box (MASQ). Now, i want data like SSH, ICMP, DNS from any source to ppp0 to get top priority. I want the two windows PCs to get 2nd priority. I want services to get 3rd, and the rest (torrents, etc) to get the lowest priority. I have this setup atm using HTB and SFQ. Now this is what happens: I have bittorrent going as fast as possible outbound. I then use my linux box to send FTP data over the same link. Im finding that packet shaping is splitting the outbound bandwidth (256kbit) equally between the two. This is not what im after... want the windows box to take more bandwidth off bittorrent than 50% like it is atm. Does this explain my problem better? Yes, you can do this with htb. You'll need to back off a bit from 256kbit to allow for overheads - this is tweakable with patch Ed posted to the list - you could also shape incoming, but you would need IMQ which involves patching/doing new kernel. For now try making a parent with rate and ceil 220kbit. Have 4 child/leaf classes like - (assuming 1 is highest priority) class 1 rate 120 ceil 220 prio 0 class 2 rate 50 ceil 220 prio 1 class 3 rate 25 ceil 220 prio 2 class 4 rate 25 ceil 220 prio 3 There are other tweaks you can try, it depends how much you care about latency. You could also share the windows boxes bandwidth by IP. I don't do it quite like the above - so if it doesn't work, say and I'll think again. Well im currently using: #root device $TC qdisc add dev $INTERFACE root handle 1: htb default 25 #root class $TC class add dev $INTERFACE parent 1: classid 1:1 htb rate 256kbit #20 - ICMP, DNS, SYN, SSH $TC class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 128kbit ceil 256kbit prio 1 $TC qdisc add dev $INTERFACE parent 1:20 handle 20: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 #21 - HTTP/FTP out $TC class add dev $INTERFACE parent 1:1 classid 1:21 htb rate 128kbit ceil 256kbit prio 2 $TC qdisc add dev $INTERFACE parent 1:21 handle 21: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21 #22 - All cool.comp traffic $TC class add dev $INTERFACE parent 1:1 classid 1:22 htb rate 128kbit ceil 256kbit prio 3 $TC qdisc add dev $INTERFACE parent 1:22 handle 22: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22 #23 - All ian.comp traffic $TC class add dev $INTERFACE parent 1:1 classid 1:23 htb rate 64kbit ceil 256kbit prio 4 $TC qdisc add dev $INTERFACE parent 1:23 handle 23: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23 #24 - HTTP/FTP in $TC class add dev $INTERFACE parent 1:1 classid 1:24 htb rate 64kbit ceil 256kbit prio 5 $TC qdisc add dev $INTERFACE parent 1:24 handle 24: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24 #25 - Everything else $TC class add dev $INTERFACE parent 1:1 classid 1:25 htb rate 20kbit ceil 64kbit prio 8 $TC qdisc add dev $INTERFACE parent 1:25 handle 25: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25 Ill do some more tests and link to a rates graph when done. It should illustrate the problem. Thanks again, Mark. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] What is wrong here (continued...)?
Hi all, Here is a RRD graph ive just made of my packet shaping setup: http://www.overclockers.com.au/~mwp/temp/tc-1hour.png The app creating the P-25 traffic is bittorrent on the Linux box also doing the shaping. P-22 and P-23 is created by FTP transfers. Starts with bittorrent running. At 00:03, an FTP transfer is started on cool.comp (windows box). At 00:09, bittorrent is stopped. At 00:13, an FTP transfer is started on ian.comp (another windows box). At 00:18, bittorrent is restarted. At 00:21, FTP on ian.comp is stopped. At 00:25, FTP on cool.comp is stopped. Now whats happening in the graph is the exact opposite of what i want to happen. P-25 is clearly getting more priority than P-22 and P23. I just cant see how this can be happening with the config below: #root device $TC qdisc add dev $INTERFACE root handle 1: htb default 25 #root class $TC class add dev $INTERFACE parent 1: classid 1:1 htb rate 256kbit #20 - ICMP, DNS, SYN, SSH $TC class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 128kbit ceil 256kbit prio 1 $TC qdisc add dev $INTERFACE parent 1:20 handle 20: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 #21 - HTTP/FTP out $TC class add dev $INTERFACE parent 1:1 classid 1:21 htb rate 128kbit ceil 256kbit prio 2 $TC qdisc add dev $INTERFACE parent 1:21 handle 21: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21 #22 - All cool.comp traffic $TC class add dev $INTERFACE parent 1:1 classid 1:22 htb rate 128kbit ceil 256kbit prio 3 $TC qdisc add dev $INTERFACE parent 1:22 handle 22: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22 #23 - All ian.comp traffic $TC class add dev $INTERFACE parent 1:1 classid 1:23 htb rate 64kbit ceil 256kbit prio 4 $TC qdisc add dev $INTERFACE parent 1:23 handle 23: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23 #24 - HTTP/FTP in $TC class add dev $INTERFACE parent 1:1 classid 1:24 htb rate 64kbit ceil 256kbit prio 5 $TC qdisc add dev $INTERFACE parent 1:24 handle 24: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24 #25 - Everything else $TC class add dev $INTERFACE parent 1:1 classid 1:25 htb rate 15kbit ceil 180kbit prio 8 $TC qdisc add dev $INTERFACE parent 1:25 handle 25: sfq perturb 10 $TC filter add dev $INTERFACE parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25 As you can see class 25 has priority 8, so all other traffic should get preference, which is not happening. It almost seems like all the priorities are reversed... Any ideas? Thanks, Mark Williams. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] What is wrong here (continued...)?
As you can see class 25 has priority 8, so all other traffic should get preference, which is not happening. It almost seems like all the priorities are reversed... Err... I haven't checked the docs, but I think that's because the priorities are the other way around... Nope, the HTB man page says: prio priority In the round-robin process, classes with the lowest priority field are tried for packets first. Manda- tory. I did actually try reversed priorities after i made the graph, etc though. It just made things worse... so they are in the correct order. Mark. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Weighted packet shaping?
Ok. My Linux (which is connected to the ADLS modem) box runs HTTP, FTP, etc services and also runs bittorrent, edonkey, etc. I have two other PCs (both windows) which connect to the internet via the Linux box (MASQ). Now, i want data like SSH, ICMP, DNS from any source to ppp0 to get top priority. I want the two windows PCs to get 2nd priority. I want services to get 3rd, and the rest (torrents, etc) to get the lowest priority. I have this setup atm using HTB and SFQ. Now this is what happens: I have bittorrent going as fast as possible outbound. I then use my linux box to send FTP data over the same link. Im finding that packet shaping is splitting the outbound bandwidth (256kbit) equally between the two. This is not what im after... want the windows box to take more bandwidth off bittorrent than 50% like it is atm. Does this explain my problem better? Thanks! Mark Williams (MWP) wrote: Hi all, Im new to all this, and am still trying to get my head qround some of the concepts of how this all works. Ive read the howto's, man pages etc. Ive setup packet shaping on my router/server box using HTB and SFQ, but its not working the way i would like. Im after shaping that has weights for classes so that a lower priority class will slow down when a higher class wants to flow more data. As far as i can see, HTB wont do this... As Ed says - I think you probably can do it with rate/ceil/prio - detail depends on you set up and exactly what you want to happen/ Ive looked at WRR which i have compiled into my 2.6.8.1 kernel There is a TC options related bug in 2.6.8.1 you'll probably need to update/patch. This fixed it for me. http://www.linuxhq.com/kernel/v2.6/9-rc2/net/sched/sch_api.c Andy. and iproute2, but it seems this really only works with multiple sources (client PCs), rather than the iptables MARK system i want to use so i can organise local and client PC traffic. Does anyone know how i can do what im after? Thanks, Mark Williams. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Weighted packet shaping?
Anyone? Hi all, Im new to all this, and am still trying to get my head qround some of the concepts of how this all works. Ive read the howto's, man pages etc. Ive setup packet shaping on my router/server box using HTB and SFQ, but its not working the way i would like. Im after shaping that has weights for classes so that a lower priority class will slow down when a higher class wants to flow more data. As far as i can see, HTB wont do this... Ive looked at WRR which i have compiled into my 2.6.8.1 kernel and iproute2, but it seems this really only works with multiple sources (client PCs), rather than the iptables MARK system i want to use so i can organise local and client PC traffic. Does anyone know how i can do what im after? Thanks, Mark Williams. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Weighted packet shaping?
Hi all, Im new to all this, and am still trying to get my head qround some of the concepts of how this all works. Ive read the howto's, man pages etc. Ive setup packet shaping on my router/server box using HTB and SFQ, but its not working the way i would like. Im after shaping that has weights for classes so that a lower priority class will slow down when a higher class wants to flow more data. As far as i can see, HTB wont do this... Ive looked at WRR which i have compiled into my 2.6.8.1 kernel and iproute2, but it seems this really only works with multiple sources (client PCs), rather than the iptables MARK system i want to use so i can organise local and client PC traffic. Does anyone know how i can do what im after? Thanks, Mark Williams. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Newbie question
Hi guys! I am newbie in QoS. Trying to solve 1 problem. Which queueing should i use(sfq, pfifo, red, ...), to allow my client to get maximum in single session? -- [EMAIL PROTECTED] NMS-UANIC ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] load balanced adsl lines
Hi Ppl I have 5 adsl lines that after reading quite a bit i managed to get load balanced now abvoiusly it doesnt load balance evenly and this works on what routes are still in the routing cache. my question is my outbound masquerading had to be modified to use snat in iptables instead of just plain masquerading my outbound masquerading now works but my inbound port forwarding doesnt work would this be an iptables problem or a routing issue... i have opened all the relavent ports on each of the interfaces and I am not getting any logged denies the connection just never opens I am running the following debian woody kernel 2.6.6 ip rule list 0: from all lookup local32761: from 165.165.170.110 lookup T532762: from 165.165.187.47 lookup T432763: from 165.165.189.95 lookup T332764: from 165.165.163.95 lookup T232765: from 165.165.179.151 lookup T132766: from all lookup main32767: from all lookup default ip route sh 165.165.160.1 dev ppp1 proto kernel scope link src 165.165.163.95165.165.160.1 dev ppp3 proto kernel scope link src 165.165.187.47165.165.160.1 dev ppp4 proto kernel scope link src 165.165.170.110165.165.160.1 dev ppp0 proto kernel scope link src 165.165.179.151165.165.160.1 dev ppp2 proto kernel scope link src 165.165.189.9510.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1default nexthop via 165.165.160.1 dev ppp0 weight 1 nexthop via 165.165.160.1 dev ppp1 weight 1 nexthop via 165.165.160.1 dev ppp2 weight 1 nexthop via 165.165.160.1 dev ppp3 weight 1 nexthop via 165.165.160.1 dev ppp4 weight 1
[LARTC] limiting ports
Will the following commands limit my ftpserver upload speed on the passive ports? iptables -t mangle -A FORWARD -m tcp -p tcp -s 192.168.1.101 --sport 5:6 -j MARK --set-mark 0x02 tc qdisc add dev eth0 root handle 1: htb default 20 tc class add dev eth0 parent 1:1 classid 1:30 htb rate 340kbit burst 6k prio 2 I want to mark the packets from 192.168.1.101 ports 5-6.and limit the speed to 340kbit. Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] limiting my ftp upload speed
Will the following commands limit my ftpserver upload speed on the passive ports? iptables -t mangle -A FORWARD -m tcp -p tcp -s 192.168.1.101 --sport 5:6 -j MARK --set-mark 0x02 tc qdisc add dev eth0 root handle 1: htb default 20 tc class add dev eth0 parent 1:1 classid 1:30 htb rate 340kbit burst 6k prio 2 I want to mark the packets from 192.168.1.101 ports 5-6.and limit the speed to 340kbit. Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wondershaper + htb limiting ftp sends
This is still not working correctly. Wondershaper + htb by itself limits everything to the speed specified in the config. I only want to limit my ftp upload speed. I tried the suggestion below, but either I am not doing it right or it doesnt work correctly. I only want to limit ports 5-6 since they are my passive ftp port range. Or, ideally, I would like to limit proftpd itself...howeve there doesn't seem to be a way to do that with linux. Windows can but I guess Linux cant. Is there a way to limit just ftp sends and leave everything else alone? Mark mark ryan wrote: If i use the following tc command, where do i set the speed limit for the outbound ftp traffic? Mark On Sun, 2004-02-08 at 02:35, Corey Hickey wrote: mark ryan wrote: Is there a way to apply wondershaper w/ htb to a port range? I have a ftp server on port 65432 and passive ports 5-6. Is there a way to set a range? or do they have to be individually listed? The following doesnt seem to work: # low priority source ports NOPRIOPORTSRC=65432, 5:6 # low priority destination ports NOPRIOPORTDST= Mark I don't know about wondershaper specifically, but you can use iptables. I think this will work: iptables -t mangle -A FORWARD -m tcp -p tcp -s your.ftp.server.ip \ --sport 65432 -j MARK --set-mark 0x02 iptables -t mangle -A FORWARD -m tcp -p tcp -s your.ftp.server.ip \ --sport 5:6 -j MARK --set-mark 0x02 Then, you need to add a tc filter: tc filter add dev your-outgoing-interface parent 1: protocol ip \ prio 1 handle 0x02 fw flowid 1:30 Try it out... -Corey [Sorry, I wasn't paying attention and sent my original reply to the poster instead of the list] The filter I sent ought to direct traffic into wondershaper's bulk class, on line 71, which is: tc class add $DEV parent 1:1 classid 1:30 htb rate $[8*$UPLINK/10]kbit \ burst 6k prio 2 As you can see, the rate is eight tenths the speed of $UPLINK. Since there is no ceiling specified, however, it is allowed to borrow bandwidth up to the speed of its parent, which is $UPLINK. If you want to change the behavior of this class, read how here: http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm -Corey ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wondershaper htb + multiple ports
Is there a way to apply wondershaper w/ htb to a port range? I have a ftp server on port 65432 and passive ports 5-6. Is there a way to set a range? or do they have to be individually listed? The following doesnt seem to work: # low priority source ports NOPRIOPORTSRC=65432, 5:6 # low priority destination ports NOPRIOPORTDST= Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wondershaper
I am using wondershaper with htb to shape my network. I want to limit only outbound ftp traffic (me uploading) from 192.168.1.101. I am using port 21 for ftp with passive ports 50,000-60,000. What else do I need to put in the config to do this? Here is my config. DOWNLINK=3000 UPLINK=340 DEV=eth1 # low priority OUTGOING traffic - you can leave this blank if you want # low priority source netmasks NOPRIOHOSTSRC=192.168.1.101 # low priority destination netmasks NOPRIOHOSTDST= # low priority source ports NOPRIOPORTSRC= # low priority destination ports NOPRIOPORTDST= Thanks, Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wondershaper
Hi, I have wondershaper running on my firewall/router. It has 2 ethernet cards (eth0 and eth1). Eth1 connects to a cablemodem (2mbit down, 384kbit up) and eth0 connects to a switch. I run a ftp server on a machine connected to the swicth. I want to be able to keep my ftp server from affecting my browsing speed. Problem: I don't see any difference with wondershaper running. I have tried all different speeds and both eth0 and eth1 in wondershaper. Am I doing something wrong? I am testing by pinging yahoo.com. Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wondershaper htb
I got wshaper.htb working.however I have 1 question. How can i limit just ftp server traffic? I have ftp server on port 21 with passive ports of 5-6. I currently have wondershaper with htb working on my routerbut im afraid that it is also affecting all of my send trafficnot just the ftp server. I want to be able to limit the ftp server traffic only. Thanks, Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wondershaper
Hi, I just installed wondershapper 1.1a on my ipcop firewall box. I have roadrunner cable with a ftp server setup. My download speed is 2mbit (I get 225 KBytes) and my upload is 384kbit (I send at 43 KBytes). What should the settings in wshaper? I can ping yahoo.com at 90msec with little traffic.and at around 220msec with full upload traffic. Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] wonder shaper problems
That is what i was afraid of. I have no idea how to re-compile the QoS modules into the Xandros kernel. Mark - Original Message - From: Damion de Soto [EMAIL PROTECTED] To: Mark Ryan [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 29, 2004 6:44 PM Subject: Re: [LARTC] wonder shaper problems Hi Mark I went to console and started the wondershaper script...and i get the following error messages. RTNETLINK answers: Invalid Argument many times. Any ideas what is wrong? Take a look at the archives over the last week or so. This generic question has been raised a few times just recently. http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ (basically, you're missing kernel modules/config) -- ~~~ Damion de Soto - Software Engineer email: [EMAIL PROTECTED] SnapGear - A CyberGuard Company ---ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliancesweb: http://www.snapgear.com ~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] distributions
Is there a recent distro of linux that includes the kernel options needed to run wondershaper? I am trying to use Xandros 2.0 Desktop but the qos stuff is not compiled in...and I have been unsuccesful in re-compiling the kernel. I really want to use wondershaper and linux. Im afraid that I still too much of a linux newbie to be able to make my own kernel and have it work. Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wonder shaper problems
I just installed Xandros 2.0 Desktop. I used apt-get to install iproute. I then downloaded wondershaper 1.1a from the website. I edited the script as the readme says. I went to console and started the wondershaper script...and i get the following error messages. RTNETLINK answers: Invalid Argument many times. Any ideas what is wrong? MArk ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] delete files
Does anyone know any software that runs under Linux that does a military wipe, making file unreadable by deleting file then writing all ones and zeros, when deleting files. _ Chat with friends online, try MSN Messenger: http://messenger.msn.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [2nd try] Clarification required for Prio in CBQ dequeing order
Date: Sat, 06 Apr 2002 14:01:33 +0100
To: [EMAIL PROTECTED]
From: Mark Beck [EMAIL PROTECTED]
Subject: Clarification required for Prio in CBQ dequeing order
Hi,
I have been modifying the Wonder shaper to include another queue. My
understanding was packets would be de queued to hardware in the following
order:
cbq1 - sfq10 sfq20 sfq30.
Also we only move onto the next queue when the preceding one is empty.
However is seems to be prio xx number that reflects the order packets are
de queued not to what flowid they belong to.
If I enter the commands below and ping my next hop with lots of traffic
matching sport 10240 0x200.
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
match ip protocol 1 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 24 u32 \
match ip sport 10240 0x200 flowid 1:30
Packets: Sent = 85, Received = 85, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 145ms, Average = 79ms
-
!! Now we change the bottom filter to prio4 in flowid 1:30
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
match ip protocol 1 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 4 u32 \
match ip sport 10240 0x200 flowid 1:30
Packets: Sent = 127, Received = 127, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 129ms, Maximum = 2405ms, Average = 475ms
[root@box root]# tc -s qdisc
qdisc sfq 30: dev ppp0 quantum 1500b perturb 10sec
Sent 6040688 bytes 4199 pkts (dropped 0, overlimits 0)
backlog 34p
qdisc sfq 20: dev ppp0 quantum 1500b perturb 10sec
Sent 75210 bytes 1167 pkts (dropped 0, overlimits 0)
qdisc sfq 10: dev ppp0 quantum 1500b perturb 10sec
Sent 317956 bytes 6133 pkts (dropped 0, overlimits 0)
qdisc cbq 1: dev ppp0 rate 10Mbit (bounded,isolated) prio no-transmit
Sent 6455294 bytes 11521 pkts (dropped 0, overlimits 26113)
backlog 34p
borrowed 0 overactions 0 avgidle 624 undertime 0
Packets are sent to the correct flow but ICMP response is far worse!
-
I know the filters are matching correctly as the right number of packets
go to the correct flow. But could you please confirm if sfq10 should get
de queued before sfq30.
Thanks,
Mark
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
DOWNLINK=800
UPLINK=220
DEV=ppp0
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root2 /dev/null /dev/null
tc qdisc del dev $DEV ingress 2 /dev/null /dev/null
## uplink
# install root CBQ
tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
# main class
tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
allot 1500 prio 5 bounded isolated
# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \
allot 1600 prio 1 avpkt 1000
# bulk and default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[9*$UPLINK/10]kbit \
allot 1600 prio 2 avpkt 1000
# ftp in 1:30: We send this shit last :)
tc class add dev $DEV parent 1:1 classid 1:30 cbq rate $[9*$UPLINK/10]kbit \
allot 1600 prio 3 avpkt 1000
# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
# start filters
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
#tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
# match ip tos 0x10 0xff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
match ip protocol 1 0xff flowid 1:10
# Halflife
tc filter add dev $DEV parent 1:0 protocol ip prio 12 u32 \
match tcp src 27005 0x flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 12 u32 \
match udp src 27005 0x flowid 1:10
# tcp 22 (ssh)
tc filter add
