[LARTC] Multiple connections with dinnamically assigned ips
I´m trying to connect my local network to the internet using 2 ADSL connections, very similar to what is discussed here: http://lartc.org/howto/lartc.rpdb.multiple-links.html but i have some differences: - i will use 2 identical ADSL connections from the same provider with 600 kbits download / 300 kbits upload each - i will have 2 dynamically allocated adresses (from the same range cause its the same provider) - The majority of the bandwidth will be used by p2p programs (mainly emule). So, here is my big question: the p2p traffic will be "load balanced" too, even if is created by just one source inside my local network? If not... its possible to create some rule that can load balance this traffic (e.g. one emule user get nearly the 1200 kbits download for himself)? i was thinking of a "Odd-Couple" configuration (e.g. all the ips ending with 1,3,5,7,9 will go through one connection, and the other use the another connection) but seems very inneffective... someone have a better idea? I readed all the articles and web pages google could give me but i still don´t know exactly which instructions i will use... Someone have a similar case running and can give me some article that talk about this situation? of have some config files or tips to give me? every help is always welcome! Tks in advance Fernando Favero P.S.: Before someone suggest: My ISP don´t wanna help me... they don´t will "merge" the 2 lines to me or something like that...its just me and you guys! :)
Re: [LARTC] multiple connections; update: ACK not being received by client
On Thu, Jun 10, 2004 at 03:35:49PM -0400, David Magda wrote: [...] > __ > ||- ppp0 -- Dynamic IP (PPPoE on eth2) > Internal eth0 | GW | > ||- eth1 -- Static IP -> Static's GW > [...] > Using tcpdump I get the following results. This is listening on > eth1 as I try to SSH to the destination from an internal box (using > lynx to connect to the same destination results in a web page): [...] Examing the output of tcpdump a bit more closely, it seems that the host where the SSH client is trying to connect from never gets the ACK in the TCP setup handshake. It's being sent by the server, it's received on the external interface of the the gateway, but it never makes it to the internal network. The client machine keeps trying to setup a TCP connection, but never receives the ACK. This is the interface (the client keeps trying to setup the TCP connection): tcpdump: listening on eth0 02:26:10.873080 [SSH client].37705 > [SSH server].22: S\ 769441999:769441999(0) win 5840 (DF) [tos 0x10] 02:26:13.866409 [SSH client].37705 > [SSH server].22: S\ 769441999:769441999(0) win 5840 (DF) [tos 0x10] The external interface is getting the ACK (not from the same session, but gets the point accross): 02:26:11.527294 [GW Ext. IP].ssh > [SSH server].49161: P \ 224:336(112) ack 1 win 10944 (DF) [tos 0x10] The ACK for the TCP connection setup is being sent by the server: tcpdump: listening on fxp0 02:26:10.933176 [SSH server NATed].37705 > [SSH server].22: S \ 769441999:769441999(0) win 5840 (DF) [tos 0x10] 02:26:10.933226 [SSH server].22 > [SSH server NATed].37705: S \ 1054657654:1054657654(0) ack 769442000 win 65535 \ (DF) 02:26:13.923678 [SSH server].22 > [SSH server NATed].37705: S \ 1054657654:1054657654(0) ack 769442000 win 65535 \ (DF) 02:26:13.926659 [SSH server NATed].37705 > [SSH server].22: S \ 769441999:769441999(0) win 5840 (DF) [tos 0x10] 02:26:13.926712 [SSH server].22 > [SSH server NATed].37705: S \ 1054657654:1054657654(0) ack 769442000 win 65535 \ (DF) 02:26:19.923038 [SSH server].22 > [SSH server NATed].37705: S \ 1054657654:1054657654(0) ack 769442000 win 65535 \ (DF) I've tried doing an SSH connection to multiple hosts and it's always the same thing. Here are my iptable rules: gw2:~# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere SNAT all -- anywhere anywhere to: Chain OUTPUT (policy ACCEPT) target prot opt source destination gw2:~# iptables -L -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK tcp -- 192.168.108.0/24 anywhere tcp \ dpt:ssh MARK set 0x4 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination IP rule list: gw2:~# ip rule list 0: from all lookup local 32765: from all fwmark4 lookup 4 32766: from all lookup main 32767: from all lookup default Routing tables: gw2:/home/mpathix# ip route show table main dev ppp0 proto kernel scope link src 69.158.104.154 63.250.109.128/29 dev eth1 proto kernel scope link src 192.168.108.0/24 dev eth0 proto kernel scope link src default via dev ppp0 gw2:/home/mpathix# ip route show table 4 dev ppp0 proto kernel scope link src 69.158.104.154 63.250.109.128/29 dev eth1 proto kernel scope link src 192.168.108.0/24 dev eth0 proto kernel scope link src default via dev eth1 So basically packets are getting out, but they're not getting back in. Any suggestions? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] multiple connections
Hello, I have an issue with multiple connections to the Internet. I tried following the steps described in [1] but things are not working properly. I would like the network setup as follows: __ ||- ppp0 -- Dynamic IP (PPPoE on eth2) Internal eth0 | GW | ||- eth1 -- Static IP -> Static's GW >From [1], the steps I did were: a. ip route flush table 4 b. ip route show table main | grep -Ev ^default \ | while read ROUTE ; do ip route add table 4 $ROUTE done c. ip route add table 4 default via d. iptables -t mangle -A PREROUTING -p tcp --dport 22 -s \ /24 -j MARK --set-mark 4 e. iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE f. iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source \ g. ip rule add fwmark 4 table 4 h. ip route flush cache Now if I try to connect to (say) a web server, everything is fine: it goes out the PPPoE connection just fine. When I try to SSH to the machine (the same box as the web query) I never get the password prompt. Using tcpdump I get the following results. This is listening on eth1 as I try to SSH to the destination from an internal box (using lynx to connect to the same destination results in a web page): tcpdump: listening on eth1 07:13:12.614674 .37662 > .ssh: S \ 2808907073:2808907073(0) win 5840 (DF) 07:13:12.649772 .ssh > .37662: S \ 2414052745:2414052745(0) \ ack 2808907074 win 65535 (DF) 07:13:15.609403 .37662 > .ssh: S \ 2808907073:2808907073(0) win 5840 (DF) 07:13:15.643437 .ssh > .37662: S \ 2414052745:2414052745(0) \ ack 2808907074 win 65535 (DF) 07:13:18.634659 .ssh > .37662: S \ 2414052745:2414052745(0) ack \ 2808907074 win 65535 (DF) This is what the destination sees (not the same transaction): tcpdump: listening on fxp0 07:15:59.917179 .37663 > .ssh: S 30 \ 01400670:3001400670(0) win 5840 (DF) 07:15:59.917319 .ssh > .37663: S 65 \ 5604264:655604264(0) ack 3001400671 win 65535 (DF) 07:16:02.911250 .37663 > .ssh: S 30 \ 01400670:3001400670(0) win 5840 (DF) 07:16:02.911369 .ssh > .37663: S 65 \ 5604264:655604264(0) ack 3001400671 win 65535 (DF) 07:16:05.905034 .ssh > .37663: S 65 \ 5604264:655604264(0) ack 3001400671 win 65535 (DF) Also, I don't get a echo response back from the static IP. If I ping the static's GW I get answers, but not the actual static IP. The echo requests are gettng there though: 07:35:41.966769 > : icmp: echo request 07:35:42.977156 > : icmp: echo request 07:35:43.992579 > : icmp: echo request 07:35:44.997944 > : icmp: echo request 07:35:46.003377 > : icmp: echo request No responses come back though. Any suggestions? [1] http://linux-ip.net/html/adv-multi-internet.html -- David Magda , http://www.magda.ca/ Because the innovator has for enemies all those who have done well under the old conditions, and lukewarm defenders in those who may do well under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multiple connections
On Tuesday 02 December 2003 16:42, Mihai Vlad wrote: > I hope I am not that pushy, but I cannot figure this out. > > > If 2 of my clients are downloading from the internet one file each, the > splitting works and one client gets 64kbps and the other 64kbps. > If one of those 2 clients are downloading by means of a Download Manager > (like Flash Get or Download Accelerator) every gets messed up. > The one downloading with multiple connections gets 90-95% of the bandwidth > and the other client gets almost nothing. > > In my opinion if I have 2 clients downloading at the same time, the sum of > all the connections from each other would have to be 64kbbit. > Please tell me what I have to change to make sure that the splitting works > ok. > I am sure for you this is a piece of cake but for me it's a nightmare :) > > This is the script that I use. > > > > $TC qdisc add dev $LAN_IFACE root handle 1: htb default 30 > $TC class add dev $LAN_IFACE parent 1: classid 1:1 htb rate 128kbit ceil > 128kbit burst 80k > > > #default- > $TC class add dev $LAN_IFACE parent 1:1 classid 1:30 htb rate 1kbit ceil > 128kbit burst 80k > $TC qdisc add dev $LAN_IFACE parent 1:30 handle 300: sfq perturb 10 > > > > > #-clients...- > > $TC class add dev $LAN_IFACE parent 1:1 classid 1:11 htb rate 8kbit ceil > 128kbit burst 80k > $FILTER_IP 192.168.0.121 flowid 1:11 > $TC qdisc add dev $LAN_IFACE parent 1:11 handle 110: sfq perturb 10 > > $TC class add dev $LAN_IFACE parent 1:1 classid 1:13 htb rate 8kbit ceil > 96kbit burst 80k > $FILTER_IP 192.168.0.123 flowid 1:13 > $TC qdisc add dev $LAN_IFACE parent 1:13 handle 130: sfq perturb 10 I don't know if it's the cause if your problems, but burst 80k is too high and your rate is too low. Burst is made for small burst of a few k, not 80k. And htb needs a minimal burst before htb can work properly. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Multiple connections
I hope I am not that pushy, but I cannot figure this out. If 2 of my clients are downloading from the internet one file each, the splitting works and one client gets 64kbps and the other 64kbps. If one of those 2 clients are downloading by means of a Download Manager (like Flash Get or Download Accelerator) every gets messed up. The one downloading with multiple connections gets 90-95% of the bandwidth and the other client gets almost nothing. In my opinion if I have 2 clients downloading at the same time, the sum of all the connections from each other would have to be 64kbbit. Please tell me what I have to change to make sure that the splitting works ok. I am sure for you this is a piece of cake but for me it's a nightmare :) This is the script that I use. $TC qdisc add dev $LAN_IFACE root handle 1: htb default 30 $TC class add dev $LAN_IFACE parent 1: classid 1:1 htb rate 128kbit ceil 128kbit burst 80k #default- $TC class add dev $LAN_IFACE parent 1:1 classid 1:30 htb rate 1kbit ceil 128kbit burst 80k $TC qdisc add dev $LAN_IFACE parent 1:30 handle 300: sfq perturb 10 #-clients...- $TC class add dev $LAN_IFACE parent 1:1 classid 1:11 htb rate 8kbit ceil 128kbit burst 80k $FILTER_IP 192.168.0.121 flowid 1:11 $TC qdisc add dev $LAN_IFACE parent 1:11 handle 110: sfq perturb 10 $TC class add dev $LAN_IFACE parent 1:1 classid 1:13 htb rate 8kbit ceil 96kbit burst 80k $FILTER_IP 192.168.0.123 flowid 1:13 $TC qdisc add dev $LAN_IFACE parent 1:13 handle 130: sfq perturb 10 etc... ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multiple connections
try using SFQ.. or some similar wrr,esfq > > I am having a hard time splitting the bandwidth among my friends in my LAN. > > I use HTB and iptables. As far as I see HTB works great when it comes to > limiting the bandwidth (ceil parameter), > > but when it comes to splitting the bandwidth as equal as possible (through > the rate parameter). it is rather useless. > > > > For instance I have a 128kbps Internet connection. I give the same rate to > all my 10 "clients" (somewhere around 12kbps each). > > > > If 2 of my clients are downloading from the internet one file each, the > splitting works. and one client gets 64kbps and the other 64kbps. > > If one of those 2 clients are downloading by means of a Download Manager > (like FlashGet or Download Accelerator) every gets messed up. > > The one downloading with multiple connections gets 90-95% of the bandwidth > and the other client gets almost nothing. > > And of course, most of the time a client will have multiple connections to > the Internet, not only one. ... ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multiple connections
"Chijioke Kalu" <[EMAIL PROTECTED]> wrote: >>I am having a hard time splitting the bandwidth among my friends in my >> LAN. >>I use HTB and iptables. As far as I see HTB works great when it comes to >>limiting the bandwidth (ceil parameter), >>but when it comes to splitting the bandwidth as equal as possible >> (through >>the rate parameter). it is rather useless. > disagree here... she's fantastic >>For instance I have a 128kbps Internet connection. I give the same rate >> to >>all my 10 "clients" (somewhere around 12kbps each). > 12kbps is too high for 10 clients, u shld accomodate burst, am sure ur > probably breaking the ceil parameter I have the same configuration and settings for 10 clients i have down here. Each clients get its proper rate. I agree that sometimes client get rate a little bit higher than the CEIL parameters, but that because SFQ able to burst. As far as i monitored my bandwidth manager, the rate wont get higher than 1 kilobit for each class i defined. Regards, Rio Martin. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multiple connections
sfq generally creates a queue per connection. What you want is a simple modification to allow per source (for outgoing traffic) ip address allocation. The one downloading with multiple connections gets 90-95% of the bandwidth and the other client gets almost nothing. u sure ur using sfq ? And of course, most of the time a client will have multiple connections to the Internet, not only one. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multiple connections
I am having a hard time splitting the bandwidth among my friends in my LAN. I use HTB and iptables. As far as I see HTB works great when it comes to limiting the bandwidth (ceil parameter), but when it comes to splitting the bandwidth as equal as possible (through the rate parameter). it is rather useless. disagree here... she's fantastic For instance I have a 128kbps Internet connection. I give the same rate to all my 10 "clients" (somewhere around 12kbps each). 12kbps is too high for 10 clients, u shld accomodate burst, am sure ur probably breaking the ceil parameter If 2 of my clients are downloading from the internet one file each, the splitting works. and one client gets 64kbps and the other 64kbps. i believe perturb is 10secs If one of those 2 clients are downloading by means of a Download Manager (like FlashGet or Download Accelerator) every gets messed up. there is sth wrong, for example i have 20 systems each having 4kbps and DAP running on one doesnt exceed the 4kbps dedication, if there browsing at the same time, there browsing alone gets slow cause the've used up almost all there allocation The one downloading with multiple connections gets 90-95% of the bandwidth and the other client gets almost nothing. u sure ur using sfq ? And of course, most of the time a client will have multiple connections to the Internet, not only one. Can you tell me if I am the only person using HTB that encountered this problem? Do you have an idea how to fix this? havent had the problem, wont mind taking alook at that script... Thanks in advance, Vlad Mihai K _ From the hottest toys to tips on keeping fit this winter, youll find a range of helpful holiday info here. http://special.msn.com/network/happyholidays.armx ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Multiple connections
Hello again, I am having a hard time splitting the bandwidth among my friends in my LAN. I use HTB and iptables. As far as I see HTB works great when it comes to limiting the bandwidth (ceil parameter), but when it comes to splitting the bandwidth as equal as possible (through the rate parameter)… it is rather useless. For instance I have a 128kbps Internet connection. I give the same rate to all my 10 “clients” (somewhere around 12kbps each). If 2 of my clients are downloading from the internet one file each, the splitting works… and one client gets 64kbps and the other 64kbps. If one of those 2 clients are downloading by means of a Download Manager (like FlashGet or Download Accelerator) every gets messed up. The one downloading with multiple connections gets 90-95% of the bandwidth and the other client gets almost nothing… And of course, most of the time a client will have multiple connections to the Internet, not only one… Can you tell me if I am the only person using HTB that encountered this problem? Do you have an idea how to fix this? Thanks in advance, Vlad Mihai
RE: [LARTC] Multiple connections
Hi: I have an 'advanced-networking' problem. I want to have two interfaces to the internet, apart from the internal one to the LAN. I came across this page: http://www.redhat.com/mirrors/LDP/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html and Julian's patches for the kernel published here: http://www.ssi.bg/~ja/ and the How-to: http://www.ssi.bg/~ja/nano.txt So, I downloaded the patch: routes-2.4.22-9.diff (December 14, 2001), and applied it to my 2.4 kernel... The kernel re-compile part was fine, following the instructions in : http://tldp.org/HOWTO/Kernel-HOWTO/ The issue is when I have to create a new initrd file.. it appears to create a vmlinuz, not a bzImage as the kernel-howto document says. So the new kernel does not boot... Questions: Have anyone done this? I mean, having two connections to the Internet, using RH8.0 or RH 9.0, and having them selecting (balancing) which interface to use to send packets out, and receiving in either seamlessly and with NAT ? I think this functionality should be built in and available, instead of having to patch the kernel? What would you guys recommend? As for the initrd part, any suggestions? Is there an official RedHat "re-build kernel" document? Thanks before-hand, Carlos