I can recommend this one:
http://www.policyrouting.org/PolicyRoutingBook/
Hello all,
Can anyone recommend a good book which thoroughly explains QoS from a
Linux perspective? Something with TC examples & the like. I've looked
at the following:
http://www.amazon.com/gp/product/1580533418/qid=114
Fermín Galán Márquez skrev:
Hi,
I wonder about the performance of a Linux box used as router (I guest I'm
not the first :). Althought I know it mainly depends on the hardware, I'm
trying to find some references on the topic or comparations with other
routing solutions (FreeBSD box used as router
im yet to download it, kind of looks like the program i used before.
i works as a network administrator and need this in my work, not do
anything else.
thank you.
On Fri, Nov 21, 2003 at 10:15:54PM +0200, Ivo Vachkov wrote:
> Tomas Bonnedahl wrote:
> >hello, as the subject tell
hello, as the subject tells you, im looking for a sniffer that shows the application
data
in real time, ie; you can follow a irc query or an icq session.
i have had this program but i "lost" it, and cannot remember the name of it, anyone?
-tomas
anyone here configured a network to use two upstream providers? if yes, did you
use ECMP or routing protocols (EGP/IGP)? how did you solve load balancing
with equal cost and failover?
-tomas
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a
On Thu, Jun 26, 2003 at 09:50:45AM -0600, Aaron Dewell wrote:
> On Thu, 26 Jun 2003, Tomas Bonnedahl wrote:
> > i dont have any addresses nor do i own an AS, i know there are private ASNs to
> > use but this seems like a more complicated solution than a mere multipath default
>
, at least connection tracking on the core to make the multipath
route per
flow and not per packet.
any insight of this?
-tomas bonnedahl
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
great if someone could address these problems, i really would like to know. ;)
(im sure im missing something really fundamentally(?) here and i'll get flamed.. but i
take the risk)
best regards,
tomas bonnedahl
___
LARTC mailing list / [EMAIL PROT
iptraf could perhaps solve your problems, i donno the url to it but you should find it
via google.
-tomas
On Fri, Mar 14, 2003 at 04:48:26AM -0800, Ming-Ching Tiew wrote:
>
> Given a running router/firewall machine, there may be
> many 'routing connections' going on at same time.
> I am stucke
martin, you are truly the greatest network hacker around.
i works like a charm, i removed the two rules that said "from , use table
'main'",
and used the one you provided.
thank you so much!
best regards,
tomas bonnedahl
On Thu, Mar 13, 2003 at 11:27:37AM +0100, Tomas B
On Wed, Mar 12, 2003 at 10:15:21PM -0600, Martin A. Brown wrote:
> Hi Tomas,
hello again.
> I hope you didn't sit there waiting for this answer!
this time no. ;)
> : things i like to clarify:
> : 1. rules 31000 and 31100 is just so that one address on a defined network can
> reach an
> :
> :
> : what will match is the rule "from all use 'main'". but 'main' doesnt
> : hold this route.
> :
> : though this does not explain the arp packets being sent between the router and
> router x.
> :
> :
> : argh, can someone please e
ween the router and router
x.
argh, can someone please explain this to me?
regards,
tomas bonnedahl
On Wed, Mar 12, 2003 at 05:55:27PM +0100, Tomas Bonnedahl wrote:
> hello list subscribers, i may have been too cocky in my previous posts regarding this
> policy routing problem of mine.
outer x answers with a arp reply
(this is where nothing happends)
9. router _should_ compose a packet and send it to router x
ip route flush cache is not a problem.
any insight on this would be helpful. thank you for your time and for reading this far.
best regards,
tomas bonnedahl
On Tue, Mar 1
that looks like the first two but uses
the to parameter unstead of the from. (they'll just say "packets that is going
to x, use table 'all'").
-tomas bonnedahl
On Tue, Mar 11, 2003 at 05:32:51PM +0100, Tomas Bonnedahl wrote:
> i have some additional information regar
er solution?
indeed, i did not think of this when implementing policy routing since i was
only concerned with networks and not the router itself.
i hope this will help someone struggeling with policy routing.
best regards,
tomas bonnedahl
On Thu, Mar 06, 2003 at 04:31:42PM +0100, Tomas Bonneda
thing just has to be wrong. feel free to englighten me.
please flame.
best regards,
tomas bonnedahl
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
hello again martin, i sat down and kind of figured it out, all i have
to do now is to write some flashy bash script like you did ;)
this is what i got:
routing tables
main: all routes
prohibit: prohibit 0/0
rules
from defined1 -> 192.168.1/24 lookup main
hello again martin.
the setup i have in mind is not very exciting really. ;(
what i have is an internal router that transports data from ten different defined
networks and of course "internet traffic". one of these defined
networks is our lan 192.168.1/24.
the utopia that im trying to reach is
hello martin, thank you for your quick reply.
(the default routing table is empty for me, but is listed in /etc/iproute2/rt_tables)
i want to use "as much" rules as i can, meaning that the main table will only have one
route to my network that come from networks
not defined in the rules.
now, a
when you are using full policy routing (multiple tables and rules for every network),
is one supposed to wipe all the tables clean with
"ip route flush table all"
or use
"ip route flush table main"
and still be sure that the policy routing works as it's supposed to?
indeed, i dont know what
as you can see in the topic there is a problem with iproute2. 'ip rule show' returns
RTNETLINK answers: Invalid argument
Dump terminated
while 'ip route show' for example returns the right output, what can possible be the
problem here?
the kernel is 2.4.18 and im not really sure with the vers
ruary 2003 18:11, Tomas Bonnedahl wrote:
> > hm, the only way i see how to really get a hold on downloads is egress
> > filtering on the isp side.
> Even that's too late. The isp has no control on the data that people is
> sending to you.
>
> > ingress filtering her
hm, the only way i see how to really get a hold on downloads is egress filtering on
the isp side.
ingress filtering here is just waste of time? partly because, what stef also said, the
data is already reveived, so i can get the same
effect with egress filtering on the internal interface of the f
sitaution?
thanks,
tomas
On Thu, Feb 06, 2003 at 05:23:27PM +0100, Stef Coene wrote:
> On Wednesday 05 February 2003 22:28, Tomas Bonnedahl wrote:
> > well, if tcp throttles down at the point where packets are dropped is of
> > course good, but still, when a download is peaking at the
IMQ logical network device,
> which allows the use of HTB for both ingress and egress filtering. I
> plan on moving to this type of setup as soon as I have a maintenance
> window long enough to drop the firewalls and bring them up to date with
> the new tools / patches necessary.
>
well, if tcp throttles down at the point where packets are dropped is of course good,
but still, when a download is peaking at the maximum speed
minus a couple kbits, the delay is terrible, that's what i want to change. any idea?
regards,
tomas bonnedahl
On Wed, Feb 05, 2003 at 10:13
t/ssh to a certain host,
should i contact my isp and ask them to set some
egress qos going to our network on the cisco router that is at their place? btw,
anyone know how good the qos is on cisco 2600?
thanks for you time, best regards
tomas bonnedahl
___
networks, i want them in a special table and
use that table in conjunction with ip rule.
a clue anyone?
regards,
tomas bonnedahl
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
additinal info regarding this issue, the character i wanted to show here did not
encode as i wanted it to, so, well, look \377 up and
see what it looks like or perhaps you dont need that since that perticular character
doesnt matter that much ;)
-tomas
___
be something
else?
greatful for enlightenment,
tomas bonnedahl
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
ure of the iproute2 suit to know when router's are not alive
although they dont rely on dynamic routing?
regards,
tomas bonnedahl
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
hello again and thanks for replying.
the prohibit rule is supposed to be in that particular table that im creating for
hosts whose src address is network A?
i was also thinking of blackholeing as default. would this work?
ip route add networkB dev eth1 table X
ip route add networkA via networkB-
,
tomas bonnedahl
On Thu, Nov 28, 2002 at 04:30:47PM -0600, Martin A. Brown wrote:
> Tomas,
>
> Perhaps you want a summary of how the kernel makes a routing decision?
>
> See my description of the route selection process:
>
> http://plorf.net/linux-ip/html/routing-selection.
how the ip utility uses the main
table together with antoher table. if i didnt use
policy routing, just "regular", this would not work, but perhaps if not finding a
route to network B, it checks the main table?
please enlighten me.
regards,
tomas
with getting a
new version (1.99) of freeswan to work correct.
i have compiled freeswan into the kernel, but the err msgs i get when trying to start
it claims that my kernel do not have KLIPS and
cant locate the modules 'ipsec'.
if you have _any_ idea, please tell me.
thanks
tomas bon
since this list includes control of traffic, i was wondering if there is anyone that
uses MRTG and knows how to set the bandwidth
static? it dynamicly changes accroding to the traffic, but i want to set it at a
specified bandwidth (bits/sec or bytes/sec).
anyone?
thanks,
tomas bonnedahl
How to compile this.
>
> 1. Look at start of Makefile and set correct values for:
> KERNEL_INCLUDE should point to correct linux kernel include directory.
>
> blah blah blah
>
> greets!
>
>
> On Thu, 2002-11-21 at 10:47, Stef Coene wrote:
> > On
hello, is it necessary to recompile iproute2 when you add a new kernel, and hence move
the link /usr/src/linux to point on a different
kernel?
thanks
tomas bonnedahl
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo
is problem on the fw, i would feel "better" if
the packets just were not sent, or perhaps that the ipsec software crashed, but this..
wtf?
tomas bonnedahl
network administrator
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/m
i forgot to attach the script to my previous message, im sorry for the inconvenience.
- tomas bonnedahlSkicka snabbmeddelanden till dina vänner online med MSN Messenger: Klicka här
tc qdisc del root dev eth1
tc qdisc add dev eth1 root handle 1:0 htb default 222
tc class add dev eth1 parent
i forgot to attach the script to my previous message, im sorry for the inconvenience.
- tomas bonnedahlMed MSN Foto kan du enkelt dela med dig av dina fotografier och beställa kopior: Klicka här
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.
hello.
our setup looks like this:
we want to shape the egress traffic with htb and in the leaf, sfq. the problem is that all traffic goes to the default class/qdisc. i removed the default parameter in the root qdisc and instead addad another class that becomes the default class, but still all traff
43 matches
Mail list logo
