src 64.202.224.8
>>> 192.168.1.0/24 dev eth3 proto kernel scope link src 192.168.1.8
>>> 169.254.0.0/16 dev eth3 scope link
>>>
>>
>> The one above must be deleted, many redhat-like distros attach
>> 169.254.0.0/16.
>>
>>> All t
ll as the last three
> subnets. I'll have to see where the 169.254.0.0/16 is coming from?
>
> mc
>
>
>
>
> Alexandru Dragoi wrote:
>> Marco C. Coelho wrote:
>>
>>> This box is doing a lot. It terminates 1000 PPPoE connections,
>>> provid
em, I was only talking about
directly connected networks:
# ip route |grep link
>
> My public IP space is a /20 within that space, not the whole Class A.
> I have not found which box is announcing this within my network yet.
>
>
>
>
>
> Jeff Welling wrote:
>>
>&g
Marco C. Coelho wrote:
> I've got a linux router pushing 600-1000 pppoe connections through
> it. I'm getting a screen error "Neighbor Table Overflow" after this
> box has been up for between 1 week and 1 month. When this is
> happening, routing slows to a crawl if at all. Then dies. I've added
Terry Baume wrote:
I'm trying to setup traffic shaping on my linux gateway/router.
The system has 3 interfaces:
eth0 - My LAN - with IP address 192.168.0.254
eth1 - The ethernet connection to which my ADSL modem is connected.
This has a 10.25.x.x IP, more on this later. The ADSL link has an
up
VladSun wrote:
> Alexandru Dragoi написа:
>> u32 hash filters is the key, as somebody pointed. You can also tune your
>> iptables setup, like this
>>
>> #192.168.1.0/24
>> iptables -t mangle -N 192-168-1-0-24
>> iptables -t mangle -A FORWARD -s 192.168.
u32 hash filters is the key, as somebody pointed. You can also tune your
iptables setup, like this
#192.168.1.0/24
iptables -t mangle -N 192-168-1-0-24
iptables -t mangle -A FORWARD -s 192.168.1.0/24 -j 192-168-1-0-24
iptables -t mangle -N 192-168-1-0-25
iptables -t mangle -N 192-168-1-128-25
ipta
Andrew Beverley wrote:
Just a question, the rate values use for configure a class, are they a
IP rate or a Ethernet rate ?
Do you mean is the rate per IP address or for the whole of the
interface? If so, then the rate is the total for that interface.
___
Salatiel Filho wrote:
> Hi guys , i am starting to "play" with qos in linux. Well , i am
> trying to setup an ingress filter but i do not know why it is not
> working.
>
> tc add qdisc dev eth0 ingress
> tc filter add dev eth0 parent : protocol ip prio 1 handle 1 fw
> police rate 160kbit burst
Alexandru Dragoi wrote:
> ArcosCom Linux User wrote:
>
>> The log says:
>>
>> Dec 30 00:52:27 cura kernel: dst cache overflow
>> Dec 30 00:52:27 cura kernel: MASQUERADE: No route: Rusty's brain broke!
>> Dec 30 00:52:27 cura kernel: dst cache overf
ArcosCom Linux User wrote:
> The log says:
>
> Dec 30 00:52:27 cura kernel: dst cache overflow
> Dec 30 00:52:27 cura kernel: MASQUERADE: No route: Rusty's brain broke!
> Dec 30 00:52:27 cura kernel: dst cache overflow
> Dec 30 00:52:28 cura kernel: zlan0: received tcn bpdu on port 1(eth0)
> Dec 30
Hello,
I wonder if there is a way to have a divisor bigger than 256 when
creating hash tables with u32. It would really be great.
Thanks
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Martin A. Brown wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings Andrew McGill,
: I want to use the netmask 255.255.255.255 to insulate (not quite
: isolate) machines on a shared subnet from each other. This works
: just fine on win XP, but Linux iproute will not acccept the
GolemMTM wrote:
Hello
I have question, currently using linux box as router. It only route packets.
Currently there is 80k packets/sec and this cause 90% CPU usage on
Intel Celeron 3ghz CPU.
Did multiprocessor system like 2x XEON DP 3.4ghz will divide CPU
usage between 2 CPU and will allow double
Dashamir Hoxha wrote:
Using VLANs, you can separate the networks on the link level instead.
This is the same (in software) as using 2 different LAN ports (in
hardware).
Thanks for the suggestion. I am trying it, and it seems very easy to
be used.
However the problem is that it is not working
tch ip dst
172.26.$i.$q flowid 1:$clsid
done
done
2006/9/20, Alexandru Dragoi <[EMAIL PROTECTED]>:
? ? wrote:
> Hello!
> yes, I no about 65000 rules and just add third interface to server. )
> what about
> tc filter add dev imq0 parent 1: prio 5 u32 ht 800:: mat
should be 0x7f00 how do you calculate it?
2006/9/20, Alexandru Dragoi <[EMAIL PROTECTED]>:
? ? wrote:
> Hello
> I have 2 class-B networks (172.22.0.0/16 and 172.23.0.0/16, over 130k
> of ip's) and need to setup
> traffic tbf shapers with 64kb/s for each ip
Instead of
tc class add dev imq0 parent 1: classid 1:$clsid htb rate 128kbit
Use
tc class add dev imq0 parent 1:f000 classid 1:$clsid htb rate 128kbit
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
? ? wrote:
Hello
I have 2 class-B networks (172.22.0.0/16 and 172.23.0.0/16, over 130k
of ip's) and need to setup
traffic tbf shapers with 64kb/s for each ip from 172.22.0.0/16 and
128kb/s for each ip from 172.23.0.0/16
just read lartc and don't understand how to use u32 for decreasing
nu
et dependent, and I have not yet tested it on the
>firewalls.
>
>But as I understand from this:
>http://vger.kernel.org/~davem/cgi-bin/blog.cgi/2006/09/14#netconf2006_day2
>it might not even be an advantage, since the current shaping code would just
>make the cpu's step on ea
Hello,
Here is the situation. There is a machine with 3 intel gigabit card, 2
of them on PCI-X and in bridge, the 3rd is used only for management
access. The machine is a dual Xeon 2.8GHz with HT. With 2.6.8 kernel
from debian (testing) and htb with u32 on, i usually get about 30-40%
software inte
d3xcrIpt wrote:
Help me ...
I try use the tc filter, but seems he doesn't work, I already
reconfigured my kernel ( 2.4.32 ) with all options related a QOS
enabled ( like modules ) and nothing happens. I get the tc tool from
HTB source package, well this is my set :
eth0 is my inte
Patrick McHardy wrote:
>Alexandru Dragoi wrote:
>
>
>
>>I think i'd like more docs in english about hfsc.
>>
>>
>
>Me too. I don't have time to write one myself (and I'm not good at
>this), but I can assist if anyone wants to do it.
&
Andrew Beverley wrote:
>Whenever I add or remove a DNAT rule such as:
>
>iptables -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.1
>
>there is sometimes a delay before the correct nat'ing is done. Can anyone tell
>me why this is? Is it something to do with caching of routing ta
I'm not sure if you have to use different prio for filters (With fw
this is a must). Depends on your setup.
With htb, everything is attached with parent as root qdisc.
On Fri, 18 Feb 2005 18:27:26 +0530, Padam J Singh
<[EMAIL PROTECTED]> wrote:
> Hi!
>
>
> I have the following setup using i
You can try with IMQ, which probably is not wanted for a production
server. You can also mark the pachets which have some DSCP bits, then
use u32 with the mark match (Probably Catalin's implementation), i
think it is even in some latest 2.6 kernels, also don't forget to use
a new iproute2 :)
On W
http://metropolitana.loginet.ro/ and reat that stuff, or
you can try to diferentiate metro/interfor for download asking your
ISP if they set a specific DSCP for it. For upload limitting, i add
routes for all metropolitan ips (or bgp does it automatically), and
the default route has a special realm
I had something similar too, lok here
http://mailman.ds9a.nl/pipermail/lartc/2004q4/01.html
On Sun, 6 Feb 2005 12:13:30 +, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> hello to all
> i'm trying to set a filter but doesn't want to work.
> i've set ut the qdiscs and the classes like this
I think you can just make aliases for all 8 ips (Yes i said 8)
ifconfig eth0:0 100.0.43.152 netmask 255.255.255.255 up
ifconfig eth0:1 100.0.43.153 netmask 255.255.255.255 up
ifconfig eth0:2 100.0.43.154 netmask 255.255.255.255 up
...
ifconfig eth0:7 100.0.43.159 netmask 255.255.255.255 up
On F
Hello,
I need to do the following:
make a htb qdisc with its class of 70mbit
then add some classes, one of 10mbit, another of 10mbit, one of 5mbit
and the rest in last class (with also child classes).
The 5mbit class is a quaranteed one, and it is marked with a special
dscp. I will add an HFSC q
I didn't look much on your script (my brain is not that good
compiler), but looking at yoour default classes and what is happening
with you, i think the filters are not working on you, and evetything
go to default classes. If so, removing the default classes will make
everything work at maximum spe
Try this
iptables -t mangle -N local
iptablts -t mangle -A INPUT -i $INET_IFACE -j local
iptables -t mangle -A OUTPUT -o $INET_IFACE -j local
iptables -t mangle -A local -p tcp -m layer7 --l7proto http -j DROP
I only think it may work, i say this because local packets are passing
INPUT and OUTPU
I'm intersted too in a program that take an entire qos struncture tree
and filters and put them instantly in kernel, like iptables, i wonder
if there is such project
On Wed, 19 Jan 2005 12:27:40 +0200 (EET), Catalin(ux aka Dino) BOIE
<[EMAIL PROTECTED]> wrote:
> On Wed, 19 Jan 2005, Liviu Faciu w
Hello list,
I am now using hfsc for QOS. I have something like this:
tc qdisc add dev ethx root handle 1: hfsc default 9
tc class add dev ethx parent 1: classid 1:1 hfsc ls m2 70mbit ul m2 70mbit
tc class add dev ethx parent 1:1 classid 1:9 hfsc ls m2 7mbit
#DNS stuff follows
tc class ad
Hello Everyone,
I have this weird problem. I have 2.6.10-rc2-mm3 kernel with u32
compiled as module. I have the cls_u32 module loaded. I have
different binaryes of tc, the one from iproute packaged from debian
sarge, the Kaber's one from trash.net, and also from another computer
where u
You can send the marked packets with 1 in a chain, and marked packets
with 2 in other chain, and then re-mark them based on
source/destination ips, and you will use only fw filters. What Cata
said looks damn intersting (I'll check that later). You may also sniff
the traffic with tcpdump and see if
Hello list,
I'm having problems with HTB on a machine. I noticed that after a
while the machine seems off-line after i start the htb script. After
some debugging i realised the problem stays in the arp packets send by
the machine, which are delayed or dropped. Because of that i had to
remove the d
I have more than 600 classes, 4 classes per each client (down/up for
both metro/extern). I can't be sure if my problem got solved because i
switched to fw or because the htb trees got a little changed, i can
only say it works like a charm, for about 30mbit parent class,
mipclasses, 1700 routes writ
Well, similar things happened on a machine with 2.4.26, with about 300
classes (for 150 users with different cir/mir for metro/extern). I
remade the classes and i applyed fw filters instead of u32, and now it
works very well on 2.4.26.
On Thu, 28 Oct 2004 15:22:42 +0200, Dumitrache Ionut <[EMAIL
On Thu, 28 Oct 2004 18:33:14 +0700, Key <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have some question about HTB :
>
> 1. I read that HTB priority is only 8 level, from 0 to 7. So if i want to
> give different priority
> to more than 8 class, what should i do?
>
> 2. What happen if i have class eth0-
Hello everyone,
I use the scripts from docum.org to manage the bandwith sharing and
traffic graphs. For every user i happen to use about 4 classes. The
/qos/rrds is a symlink to a directory which is in an ext3 fs. The
problem is that i now have over 32 000 files there (about 600
classes)
iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW
-m limit --limit 50/s --limit-burst 100 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j DROP
with udps things are a bit simmilar, except you dont need the --syn
On Mon, 25 Oct 2004 17:45:1
" so i can distinguish non p2p for other purpose later. Is it
possible better ? (i bet it does).
On Thu, 30 Sep 2004 15:00:39 +0200, Andreas Klauer
<[EMAIL PROTECTED]> wrote:
> Am Thursday 30 September 2004 14:42 schrieb George Alexandru Dragoi:
> > Such traffic will be matched aga
(I even may may use IPMARK) which is not
CPU destroyer and wont generate bad latency. I know i should post that
to netfilter mailing list, I am still waiting for opinions.
On Wed, 29 Sep 2004 16:42:06 +0200, Andreas Klauer
<[EMAIL PROTECTED]> wrote:
> George Alexandru Dragoi wrote:
>
Hello everyone,
I want an opinion from people who tryed different matching modules to
match diferent types of traffic, especially p2p ones.
I would like to hear which scales better as CPU usage and latency :
ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use
one of them to bloc
Try docum.org , there are some scripts, GUI.
Also the htb homepage is also good for using htb and lartc.org/howto/
- Original Message -
From: arya sby <[EMAIL PROTECTED]>
Date: Tue, 31 Aug 2004 18:55:13 -0700 (PDT)
Subject: [LARTC] linux newbie
To: [EMAIL PROTECTED]
hi all,
i am newbie
WTF is "hash" or "hash table" ? are you looking into:
ip rule help
?
On Thu, 12 Aug 2004 00:53:40 -0500, Paul C. Diem <[EMAIL PROTECTED]> wrote:
> We currently use iptables, matching packets based on IP address and marking
> them with an ID. Multiple IP addresses can be marked with the same ID. W
tc qdisc del dev ethx root
tc qdisc add dev ethx root handle 1: htb
tc class add dev ethx parent 1: classid 1:1 htb rate 30kbps
tc filter add dev ethx parent 1: prio 0 protocol ip handle 1 fw flowid 1:1
On Tue, 27 Jul 2004 20:07:37 -0400, nix4me <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am trying t
s
On Thu, 22 Jul 2004 21:05:43 -0700, Jens <[EMAIL PROTECTED]> wrote:
> On Thursday 22 July 2004 17:33, George Alexandru Dragoi wrote:
>
> > Try also following thigs:
> > install ROUTE extension from POM
>
> Could you explain this one please ? I don't know
MASQUERADE
Anyway, somehow it should work when the routes were made by iproute2
On Thu, 22 Jul 2004 17:08:14 -0700, Jens <[EMAIL PROTECTED]> wrote:
> On Thursday 22 July 2004 16:50, George Alexandru Dragoi wrote:
> > Hehe, maybe it is this:
> > iptables -t nat -A POSTROUTING
ce the routing rules which depend on the
> marking follow that.
>
> The flushing is something that got me before but which I am watching like a
> hawk now :)
>
> Jens
>
>
>
> On Thursday 22 July 2004 02:59, George Alexandru Dragoi wrote:
> > Is the 192.168.1.2
Hehe, maybe it is this:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
On Thu, 22 Jul 2004 16:16:21 -0700, Jens <[EMAIL PROTECTED]> wrote:
> On Thursday 22 July 2004 14:17, George Alexandru Dragoi wrote:
> > A good think would be to give a full description to your ne
OT: Dudes, why i have to reedit To field and delete CC field, gmail
see this as spam
Now, make sure you compiled the kernel with htb, latest stable kernel
is 2.4.26 or 2.6.7
On Thu, 22 Jul 2004 19:58:40 +0200, Antonin Karasek
<[EMAIL PROTECTED]> wrote:
> Hi,
> I'm trying to make run a simple sha
ce the routing rules which depend on the
> marking follow that.
>
> The flushing is something that got me before but which I am watching like a
> hawk now :)
>
> Jens
>
>
>
> On Thursday 22 July 2004 02:59, George Alexandru Dragoi wrote:
> > Is the 192.168.1.2
Is the 192.168.1.2 an ip on the router? If yes, you'll have to mark in
OUTPUT, not PREROUTING, also, after you set up the rules and routes,
did you an
ip route flush cache
?
I hope these works
On Wed, 21 Jul 2004 20:02:32 -0700, Jens <[EMAIL PROTECTED]> wrote:
> I have a particular problem that h
I think it depence of the PCI interface
On Mon, 19 Jul 2004 13:45:41 -0500, Nathan Littlepage
<[EMAIL PROTECTED]> wrote:
> Anyone know, or where I might find, how many packets per second can be
> sustained with the new 2.6 kernel and various processors?
>
> ___
56 matches
Mail list logo
