Here is the evidence for my conclusions, quoted from our Bugzilla database.
--- Additional Comment #11 From Patrick Turley 2004-09-16 19:43
Our configuration uses the ip command to attach IP addresses to an
interface. Using these methods, it experience a severe limit on the
total number of
I just realized that I hadn't actually asked a question when I posted
this before. Let me try again...
I am trying to configure a Linux box with all possible VLANs (4094 of
them), and a subnet on each VLAN. Creating the VLANs isn't a problem.
But, when I try to use "ip addr add ..." commands to
I am trying to configure a Linux box with all possible VLANs (4094 of
them), and a subnet on each VLAN. Creating the VLANs isn't a problem.
But, when I try to use "ip addr add ..." commands to assign an IP
address to each VLAN interface, I get to do about 280 of them before all
the interfaces o
Peter Rabbitson wrote:
This is more of a NF question but it is tightly related to LARTC as well. In the following example:
-t mangle -A PREROUTING -i eth0 -j MARK 0x1
-t mangle -A INPUT -i eth0 -j MARK 0x2
Since MARK is a non-terminatring target, what would be the resulting mark on a packet c
My Linux system is acting as a NAT'ing firewall, and I have some rules
for doing port forwarding/translation.
I was thinking about this the other day and I realized that there are
other parts of the system that consume ports. Specifically, NAT and
ephemeral port allocation.
It occurs to me tha
d, it does not cost that much
cpu load will be more noticeable bottleneck for your system in any way.
as about memeory i suppose it takes about 50-100bytes each rule and up to
100 kbytes each queue like sfq.
- Original Message -
From: "Patrick Turley" <[EMAIL PROTECTED]>
Our system has potentially a few thousand firewall rules and HTB
classes. I need to find out the amount of memory these things consume:
- iptables firewall rules
- HTB classes
If anyone has any easy links to this information, that would be great.
Failing that, a pointer to a good place t
1a) Is it possible/recommended to ACCEPT/DROP/REJECT in mangle FORWARD?
Yes, it's possible. It's generally regarded as good firewall hygiene to
only "transform" packets in the mangle table and make ACCEPT/DROP/REJECT
decisions in the filter table - but there are definitely exceptions.
1b) Is it
If my understanding of the Routing Policy Database (RPBD) is correct,
then there are 16K rules and 128 tables to be shared among those rules.
Is there a way to frob the 128 table limit short of editing the code? Is
there a configuration parameter that I can change and then re-compile?
Or is the
I am seeing a lot of messages like this on my console and in
/var/log/messages:
Feb 9 19:27:55 rnsa kernel: htb: class 20001 isn't work conserving ?!
The class it's referring to is the only subclass of an HTB qdisc. Can
anyone tell me why HTB would complain in this way? If I understand
corr
I found the following at:
http://lartc.org/howto/lartc.netfilter.html
IMPORTANT: We received a report that MASQ and SNAT at least collide with
marking packets. Rusty Russell explains it in this posting. Turn off the
reverse path filter to make it work properly.
The "posting" link refers to
I have a fairly sophisticated bandwidth control tree. I am using filters
to allocate traffic to various HTB buckets according to packet marks.
Nothing about that is terribly hard.
The problem is that my user population is dynamic. Users appear and
disappear over time. Also, the priority to whic
I ran into this problem as well. Here's something quoted from our bug
database that came from the research I did:
---
This message comes from the root qdisc when we attach a class to it. It
examines the data rate of the subordinate class and computes the
"quantum" for that class.
A "quantum"
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
This is, of course, very valuable feedback. Unfortunately, given the
responses I've had so far, I see that I didn't make it clear what I'm really
looking for.
I believe that my colleague's test methodology is flawed. I believe that you
cannot generate reliable bandwidth measurements by ftp'ing fil
This is, of course, very valuable feedback. Unfortunately, given the
responses I've had so far, I see that I didn't make it clear what I'm really
looking for.
I believe that my colleague's test methodology is flawed. I believe that you
cannot generate reliable bandwidth measurements by ftp'ing fil
This is, of course, very valuable feedback. Unfortunately, given the
responses I've had so far, I see that I didn't make it clear what I'm really
looking for.
I believe that my colleague's test methodology is flawed. I believe that you
cannot generate reliable bandwidth measurements by ftp'ing fil
I have measured the performance of HTB with iperf and found it to be very
close to expected (i.e., within 5%). I have a colleague who is measuring the
performance by ftp'ing large files and recording the time required to make
the transfer. He is seeing an average throughput that is nearly 10% away
> > I still can't find anything about "filter
> > policers" anywhere. I didn't find any description of a command line that
> > even suggested such a thing was possible. Can you please point me to
> > some more info about this, if any exists?
> There also some limited example scripts in the iproute2
rect way to say "kilobits per second" to HTB is to say "Kbit".
On Wed, 2003-08-06 at 16:26, Patrick Turley wrote:
> Oops - I just discovered Stef's FAQ search capability and found the
> answer for myself. For those who are interested:
>
> http://qos.dyndns.org:3389/c
I can't find any documentation on the paramaters for the ingress qdisc.
Can someone help me?
I have a number of filters feeding into my ingress qdisc, all of which
are rate limited, but I want to place a limit on the aggregate flow as
well. I don't want to monitor the sum of the flow rates - I wan
I have a number of classes with HTB qdiscs feeding into a root HTB
qdisc. Whenever I set the rate on any of the subordinate qdiscs to 78
kpbs or less, I get the following message:
HTB : quantum of class is small. Consider r2q change.
I have no clue what this means or how I might fix it. Can anyo
On Fri, 2003-08-08 at 00:51, Stef Coene wrote:
> On Friday 08 August 2003 00:20, Patrick Turley wrote:
> > (This is a re-statement of a question I asked earlier)
> >
> > I have a number of HTB classes feeding into a root HTB qdisc. Whenever I
> > set the rate on any of
First of all, thank you Martin - this is fabulously helpful.
On Wed, 2003-08-06 at 20:18, Martin A. Brown wrote:
> Hello all,
>
> I played a bit with the ingress qdisc after seeing Patrick and Stef
> talking about it and came up with a few notes and a few questions.
>
> ...
>
> About filtering
Oops - I just discovered Stef's FAQ search capability and found the
answer for myself. For those who are interested:
http://qos.dyndns.org:3389/cgi-bin/fom?&file=31
On Wed, 2003-08-06 at 16:14, Patrick Turley wrote:
> I have a number of classes with HTB qdiscs feeding into a root
On Wed, 2003-08-06 at 20:37, Martin A. Brown wrote:
> : 2) Since the filters themselves are, as you say, stateless, then it
> :sounds like a "policer" is a separate object that's being created at
> :the same time as the filter. Is there any other way to create a
> :"policer" object,
(This is a re-statement of a question I asked earlier)
I have a number of HTB classes feeding into a root HTB qdisc. Whenever I
set the rate on any of the subordinate classes to 78 kpbs or less, I get
the following message:
HTB : quantum of class is small. Consider r2q change.
I've done some
edHat 7.3 yet - in fact, this may force us to RedHat
9.0 (not a bad thing, really).
On Tue, 2003-08-05 at 16:15, Stef Coene wrote:
> On Tuesday 05 August 2003 22:59, Patrick Turley wrote:
> > I can't find any documentation on the paramaters for the ingress qdisc.
> > Can someone
I'm having difficulty finding any on-line documentation about HTB that
is both complete and authoritative. I have two questions:
1) Is there any such documentation?
2) If there isn't, then I presume I will need to read the code. Can you
give me pointers to where I can get the source?
_
29 matches
Mail list logo
