Re: [LARTC] FW: Some queueing disciplines that I wrote.
I have an objection too: VoIP (Voice over IP), video and audio streaming are elephants. They are big flows, yet people don't like movies played as picture slideshows and interrupted audio or phone calls. End of objection. Trying to build a solution: Making the hipothesis. I think intrractive traffic shoud be defined and recognized not by it's packet size nor by duration of the connection nor by ports it comes or goes. We do not have a computerized definition of interactive traffic, so we cannot separate it from bulk traffic. We know that interractive traffic = traffic that should have such priority that the user can interract with the network without being annoyed by network latency. Bulk traffic = traffic that the user don't care if is delayed for a few seconds, but has to take place and finnish in resonable time. The conclusions: 1. Now that the definitions are given, how can we sepparate the two, living no chance for programmers to cheat the algorithm? Or maybe we can trust them and ask them for help and set for interractive applications' traffic some bits that the routers can recognize and build some queues accordingly. 2. How many classes do we need and what applications could be into each of them? Waiting for some ideas... __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] [ANNOUNCE] iproute2 (051007)
Hi! --- Stephen Hemminger [EMAIL PROTECTED] wrote: Fix one serious bug (in libnetlink), and a couple of other minor patches. http://developer.osdl.org/dev/iproute2/download/iproute2-051007.tar.gz Stephen Hemminger Reenable ip mroute Mike Frysinger Handle pfifo_fast that has no qopt without segfaulting This means it can be used as a leaf qdisc? When i tried to use it like that it seg faulted. That made me stay with sfq. Mads Martin Joergensen Trivial netem ccopts Jerome Borsboom Fix regression in ip addr (libnetlink) handling -- Stephen Hemminger [EMAIL PROTECTED] OSDL http://developer.osdl.org/~shemminger ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc Thank you for your post! __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] (yet another) HTB question(s)
4) related to 3), I've tried to use a syntax like this: tc clas add dev $ETH parent 1:0 classid 1:1 htb rate $RATE ceil $CEIL, where CEIL RATE , but the max speed I achieved was the RATE speed. try to add 2-level root class: tc qdisc add dev $ETH root handle 1: htb default FF tc class add dev $ETH parent 1: classid 1:1 htb rate $MAXRATE ceil $MAXRATE tc class add dev $ETH parent 1:1 classid 1:2 htb rate $MINRATE ceil $MAXRATE tc class add ... [your child classes] I don't know if it'll work but worth trying. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB and Prio
I am not that among the siblings, the excess bandwidth is shared on basis of priority ie . 1:3 will get a higher share than 1:4. The quantum of borrowed bandwidth is proportional with the rate you specified for each class. The prio control is for controlling who gets the excess bandwith first (if exists). Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] pfifo_fast as leaf qdisc for htb classes
Thank you Andy! I did't find why I could't use the fw match in ingress. Now it works. Now I ran into another problem: When I try to add a pfifo_fast leaf qdisc dor htb classes it seg.-faults. Is pfifo_fast a special qdisc? I can succesfully add other type of qdiscs. I found that a similar problem was reported in february on a MIPS architecture. [EMAIL PROTECTED]:/usr/src# tc qdisc add dev eth0 root handle 1: htb default 10 [EMAIL PROTECTED]:/usr/src# tc class add dev eth0 parent 1: classid 1:1 htb rate 100Mbit ceil 100Mbit burst 50k cburst 150k [EMAIL PROTECTED]:/usr/src# tc class del dev eth0 parent 1: classid 1:1 htb rate 100Mbit ceil 100Mbit burst 50k cburst 150k [EMAIL PROTECTED]:/usr/src# tc class add dev eth0 parent 1: classid 1:1 htb rate 90Mbit ceil 100Mbit burst 50k cburst 150k [EMAIL PROTECTED]:/usr/src# tc class add dev eth0 parent 1: classid 1:10 htb rate 10Mbit ceil 100Mbit burst 50k cburst 150k [EMAIL PROTECTED]:/usr/src# tc qdisc add dev eth0 parent 1:1 handle 2: pfifo_fast Segmentation fault [EMAIL PROTECTED]:/usr/src# uname -a Linux zefir 2.6.12.4 #1 Sun Aug 7 18:17:31 EEST 2005 i686 unknown unknown GNU/Linux [EMAIL PROTECTED]:/usr/src# tc qdisc add dev eth0 parent 1:1 handle 2: sfq perturb 10 [EMAIL PROTECTED]:/usr/src# I think htb and pfifo_fast assures a better QOS than htb sfq because I can priorize interactivity. Thank you in advance for any sugestions. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Too slow computer?
Hello! I've put some questions on this list some weeks ago and I've got good answers. Thank you! Now I've finished my (beautyful) script and I ran it on my router... About my script: It routes packages based on their destination on the Internet. I have about 1650 preffered destination networks listed in some file. The script read this file and marks every package for those networks with the mark value of 1. Then, I've built the classes: 1:0 is the HTB qdisc; 1:1 is for unmarked packets and 1:2 is for marked packets. 1:FF is the default class, and has as parent the 1:0 qdisc. 1:1 is divided in 1:10 for two LAN networks 192.168.101.0/24 and 10.0.0.0/24 attached to eth1 and eth2 respectivly. eth0 is attached to my ISP. 1:11 is a class for two IPs sharing the same bandwidth. 1:12 is a class for one IP. When I shape the traffic for eth0, eth1 and eth2 the console is unuseable (is too slow). I think that marking and matching those packets takes all the available CPU cycles (the kernel has the biggest priority over the CPU). Another thing that's going on here: I test the router with only one station attached to eth1 and eth2 alternativly. I should have a speed of (at least) 10Mbit with the networks listed in my network list and I have a maximum of 3.2Mbit (class 1:2). In the 1:1 class I have maximum speed allowed. Another question: How can I build the mark value? I need to mark the packets based on two criteria. My theoretic solution was to assign bit #1 to be set if the packet matches the first criteria and bits #2 #3 should indicate 4 situations (00,01,10 and 11). Is there any way to set a packet's mark bits additively in two places of my script? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Too slow computer?
Thanck you for your help! I noticed the ipset tools and I tried to use the CONNMARK but I don't know how to verify if bitwise manipulation works. The IP list is random and the router is an Athlon at 1200 MHz with 64 MB of SDRAM and a PIO mode 4 harddisk. After marking for destination, the packets are marked for priorization. I tried to use the dsmark and some ingress policing but I've faild to understand how they work. Also I'm in a hurry and I try to use what I know for now. Since I have to shape for two speeds, now I've discovered the --limit filter in iptables and I try to match packets based on their speeds. Each connected client has its own class on dev eth1. There are 38 clients now. On eth2 I shape based on connection ports. Audio/video, chat and interactive traffic (and connection control packets) have higher priority. Here are my script and configuration files (is best viewd unwraped with kwrite): #!/bin/bash ### firewall.sh ### # firewall # TODO: make a README for admin-users, how to add #clients with public and privat IPs from dhcpd and metropolitan addresses #use ipset for address and port grouping #boost speeds, ports forward, etc. # http://gentoo-wiki.com/HOWTO_Packet_Shaping # http://lartc.org/howto # http://linuxgazette.net/103/odonovan.html # http://www.netfilter.org/documentation/ # http://www.knowplace.org/shaper/ # http://linux-ip.net/articles/Traffic-Control-HOWTO/ # http://howtos.linux.com/howtos/Traffic-Control-HOWTO/intro.shtml # http://andthatsjazz.org:8/lartc/ # programs ip=/usr/sbin/ip ipt=/usr/sbin/iptables ipt_s=/usr/sbin/iptables-save ipt_r=/usr/sbin/iptables-restore ips=/usr/sbin/ipset tc=/usr/sbin/tc # interfaces EXT1=eth0 EXT1IP=first external IP GW1=our gateway's IP NetP1=our ISP's local network # 64 public space addresses PUB1Min=first usable public IP PUB1Max=last usable public IP #EXT2= #EXT1IP= #GW2= #NetP2= INT1=eth1 INT1IP=192.168.101.1 INT1Mask=255.255.255.0 INT1Bcast=public space broadcast address (not in ISP's LAN) INT1Net=192.168.101.255 INT2=eth2 INT2IP=10.0.0.1 INT2Mask=255.255.255.0 INT2Bcast=10.0.0.255 INT2Net=10.0.0.0 # markers MARK_NET=0x0 # packets for Internet MARK_MAN=0x1 # packets for Metropolitan # interfaces' aliasses NETWORK=81.196.157;DEV=eth0 ip address add 172.22.3.112 dev eth0 for IP in $( cat ~adminus/etc/ip_internet/ext1_aliases.conf | grep -v \# ); do $ip addr del $NETWORK.$IP/32 dev $DEV 2/dev/null /dev/null done for IP in $( cat ~adminus/etc/ip_internet/ext1_aliases.conf | grep -v \# ); do $ip addr add $NETWORK.$IP/26 brd $NETWORK.255 dev $DEV done echo 2. Proxy ARP # proxy ARP echo 1 /proc/sys/net/ipv4/conf/$EXT1/proxy_arp #echo 1 /proc/sys/net/ipv4/conf/$EXT2/proxy_arp echo 1 /proc/sys/net/ipv4/conf/$INT1/proxy_arp #echo 1 /proc/sys/net/ipv4/conf/$INT1/proxy_arp for IP in $( cat ~adminus/etc/ip_local/pub_ips_on_int1.conf | grep -v \# ); do $ip route del $IP dev $INT1 2/dev/null /dev/null $ip route add $IP dev $INT1 done for IP in $( cat ~adminus/etc/ip_local/priv_ips_on_int1.conf | grep -v \# ); do $ip route del $IP dev $INT2 2/dev/null /dev/null $ip route add $IP dev $INT2 done $ipt -t raw-F $ipt -t nat-F $ipt -t mangle -F $ipt -t filter -F ### ### ### ### raw ### ### ### ### ### ### ### ### nat ### ### ### ### ### PREROUTING ### #$ipt -t nat -A PREROUTING -i $INT1 -p tcp --dport 80 -j REDIRECT --to-port 3128 echo forward ports (5 ports/IP) NETWORK=192.168.101;NETID1=21;NETID2=22;NETID3=23;NETID4=24;NETID5=25; # 20 = NETID = 65 for IP in $( cat ~adminus/etc/portfwd.conf | grep -v \# ); do $ipt -t nat -A PREROUTING -d $EXT1IP -p tcp -m tcp --dport $NETID1$IP -j DNAT --to-destination $NETWORK.$IP:$NETID1$IP $ipt -t nat -A PREROUTING -d $EXT1IP -p tcp -m tcp --dport $NETID2$IP -j DNAT --to-destination $NETWORK.$IP:$NETID2$IP $ipt -t nat -A PREROUTING -d $EXT1IP -p tcp -m tcp --dport $NETID3$IP -j DNAT --to-destination $NETWORK.$IP:$NETID3$IP $ipt -t nat -A PREROUTING -d $EXT1IP -p tcp -m tcp --dport $NETID4$IP -j DNAT --to-destination $NETWORK.$IP:$NETID4$IP $ipt -t nat -A PREROUTING -d $EXT1IP -p tcp -m tcp --dport $NETID5$IP -j DNAT --to-destination $NETWORK.$IP:$NETID5$IP done ### POSTROUTING ### echo nat POSTROUTING #$ipt -t nat -A POSTROUTING -s $INT2Net/$INT2Mask -j MASQUERADE --to-ports 2:3 $ipt -t nat -A POSTROUTING -s $INT1Net/$INT1Mask -o $EXT1 -j SNAT --to-source $PUB1Min-$PUB1Max $ipt -t nat -A POSTROUTING -s $INT2Net/$INT2Mask -o $EXT1 -j SNAT --to-source $PUB1Min-$PUB1Max $ipt -t nat -A POSTROUTING -s 10.0.0.100 -j SNAT --to-source 81.196.157.200 $ipt -t nat -A POSTROUTING -s 10.0.0.99 -j SNAT --to-source 81.196.157.200 ### ### ### ### ### mangle ### ### ### ### ### echo mangle ### PREROUTING ### # mark for QOS cat ~adminus/bin/marks | $ipt_r ~adminus/bin/mac.sh ### ### ### ### ### qdiscs ### ### ### ### ### # building traffic classes and
Re: [LARTC] How to set a host with public IP within a private network?
i forgot something: on router: route add -host 81.196.157.254 dev eth1 __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] How can I use different flows comming from ingress qdisc?
$tc filter add dev $eth parent : \ protocol ip prio 1 \ u32 match ip sport 1863 0x \ police rate 124kbit burst 1k drop \ flowid :1 Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Bandwidth shaping and ISP's network peerings
Hello all! I have a small LAN at home and when someone starts to download (only one), interractive traffic (www, chat and online games) is impossible with standard kernel queues setup... So I started to shape. My ISP gives me a 512 kbits link to the Internet and a 100 Mbits link to some of the other big ISPs in my country. If I set the rate of the parent htb qdisc at 512 kbits, I will never use the MAN bandwidth from my network. If I set the rate of the parent htb qdisc at 100 Mbits, i cannot shape interractive traffic. Further, I would like to allocate for every station in the LAN a quantum of my Internet speed with ceiling but in MAN I want to have the full hardware speed if only one machine is connected, with any ceil. Any ideas would be VERY appreciated! I can't imagine any good setup to meet these constraints. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
