[LARTC] bandwidth lang

[Eddie]

Hi all
Well the thing is I need to learn bandwidth management,fast.
Well I've read a few stuff but the thing is,as I understand,there is
lots of ways and languages to use,cbq,htb ens.What is the best and you
now of a howto just for that specific one?
Thanks
Eddie

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] tc troubles with pfifo_fast qdisc on 2.4.23 kernel

[Andrey Grebenkov]

   Hi!

I was updated kernel from 2.4.22 to 2.4.23 
and now tc tools can't correctly determine default (pfifo_fast) qdisc on interface:

# tc/tc qdisc ls dev ppp0
qdisc pfifo_fast 0: [Unknown qdisc, optlen=20]

but, if I assign f.e. cbq qdisc for some device all show correctly:

# tc/tc qdisc ls dev ppp1
qdisc tbf 8009: rate 32Kbit burst 10Kb lat 1.5s
qdisc cbq 66: rate 10Mbit (bounded,isolated) prio no-transmit

what can I do to fix this?

-- 
Andrey Grebenkov (ANDY-UANIC)   ISP Lucky Net
Network engineerKiev, Ukraine
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Aliases and Multipath

[Jose Luis Domingo Lopez]

On Thursday, 04 December 2003, at 11:06:58 -0400,
Guillermo Gomez wrote:

 Does anyone know if i can use ethernet aliases like eth0:1 in advanced
 routing like multipath routing in order to avoid to have nxEthernet
 interfaces in my Linux box.
 
I think it is always better to think in ip terms instead of in
ifconfig terms with respect to multiple IP addresses assigned to the
same network interface.

I don't know exactly for ifconfig, but the syntax for ip address
states clearly what seems to be happening behind the scenes:
# ip address add 172.16.1.1/24 broad + dev eth1
# ip address add 172.16.2.1/24 broad + dev eth1
# ip address add 172.16.3.1/24 broad + dev eth1

So what you are doing is assigning several IP to the same physical
interface, and you deal just with IP, anything else.
# ip address show dev eth1
2: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:05:1c:09:f2:14 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.12/24 brd 192.168.1.255 scope global eth0
inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0
inet 172.16.2.1/24 brd 172.16.2.255 scope global eth0
inet 172.16.3.1/24 brd 172.16.3.255 scope global eth0

Greetings.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test10-mm1)
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] mangle

[Eddie]

Hi all
I have a linux gateway box,eth1 internet and eth0 lan
Now I made my qdisk for eth1 but now I want to mark them with iptables.
The thing it I dont now wht to use,-A FORWARD or PREROUTING?
Please can someone help
thanks

eddie

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] mangle

[Mike]

I mark everything on my internal interface.  I have classes for incoming
websurfing traffic which I use HTB to control the traffic.  This is done
on my internal NIC.

I also have classes on my external interface which controls my outgoing
traffic such as web (port 80) and smtp (port 25).  This is done on my
external NIC.

Mike Fetherston

 -Original Message-
 From: Eddie [mailto:[EMAIL PROTECTED]
 Sent: Monday, December 08, 2003 10:02 AM
 To: Mike
 Subject: RE: [LARTC] mangle
 
 So you put all rules on your internal interface?
 
 On Mon, 2003-12-08 at 16:43, Mike wrote:
  *This message was transferred with a trial version of
CommuniGate(tm)
 Pro*
  In my case eth1 is my internal NIC.  I'm giving certain groups of
IP's
  certain amounts of bandwidth.  If you're trying to give full
bandwidth
  to ssh traffic, you could mark on destination port 22 and assign
that
  mark to a flowid with full bandwidth.  I believe you would still use
the
  PREROUTING table to mark with.
 
  Why do you want to give SSH traffic full bandwidth?
 
  Mike Fetherston
 
   -Original Message-
   From: Eddie [mailto:[EMAIL PROTECTED]
   Sent: Monday, December 08, 2003 9:53 AM
   To: Mike
   Subject: RE: [LARTC] mangle
  
   ok that is how I have,if eth1 is external,this will shape traffic
for
   all the lan people,right.
   BUT what do I do to give me full bandwidth when I ssh remotely to
work
   on the box.Will I use OUTPUT??
   Thanks,it helped allot:-)realy
  
  
   On Mon, 2003-12-08 at 16:31, Mike wrote:
*This message was transferred with a trial version of
  CommuniGate(tm)
   Pro*
I've been using PREROUTING to mark packets and it's been working
  very
well.
   
iptables -t mangle -I PREROUTING -i eth1 -s $IP --j MARK
--set-mark
  3
   
and if you're using HTB, this command:
   
tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 3 fw
  flowid
1:13
   
will act on those marked packets.  It's the 'handle 3' which
uses
  the
--set-mark 3.
   
Mike Fetherston
   
 -Original Message-
 From: Eddie [mailto:[EMAIL PROTECTED]
 Sent: Monday, December 08, 2003 8:40 AM
 To: lartc
 Subject: [LARTC] mangle

 Hi all
 I have a linux gateway box,eth1 internet and eth0 lan
 Now I made my qdisk for eth1 but now I want to mark them with
iptables.
 The thing it I dont now wht to use,-A FORWARD or PREROUTING?
 Please can someone help
 thanks

 eddie

 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
  http://lartc.org/
 

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] mangle

[Jose Luis Domingo Lopez]

On Monday, 08 December 2003, at 15:39:48 +0200,
Eddie wrote:

 I have a linux gateway box,eth1 internet and eth0 lan
 Now I made my qdisk for eth1 but now I want to mark them with iptables.
 The thing it I dont now wht to use,-A FORWARD or PREROUTING?
 
Check for the Kernel Packet Traveling Diagram at:
http://www.docum.org/stef.coene/qos/kptd/

You will see very clearly the path of packets traversing your Linux box,
and will be able to know the exact place where to mark traffic.

Greetings.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test10-mm1)
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Aliases and Multipath

[Guillermo Gomez]

Got it, thanks Damion

It was so easy to think in using directly ethx:y in iptables :(

Anyway,my point is that i need to do SNAT in a three ISP environment
with multipath routing to balance the outgoing traffic.

So far i decided to go with separate Ethernet cards so i will go back to
the aliasing thing later.

Now i will do NAT with iptables in separate cards in POSTROUTING chain
(after routing decision has taken).

By the way, what's the behaviour of multipath routing if one of the
providers goes down ? Should i take care manually to take it out from
the multipath ?

Guillermo

On Sun, 2003-12-07 at 20:37, Damion de Soto wrote:
 Hi Guillermo,
 
  iptables just does not likes eth0:1 neither eth0:2, is this the right
  behaviour of iptables or what? i read something about NAT in advance
  routing engine but never used before and i'm little confuse on how it
  works. Will it crash with iptables NAT engine?
 As far as I know, the ethX:X terminology is just for ifconfig usage.
 Inside the kernel, eth0:1 is exactly the same as eth0.
 So for iptables rules, you just use the eth0:1 IP address with eth0.
 this is the same way the 'ip' tool works too.
 
 
 Regards,
 Damion.
 

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Multi Routes problem

[hare ram]

Hi all

i have 2 offices with the distance of 2KM

i have fiber connected to other office
total 3 links

otehr side office connection
-

so i have installed in linux box 4 ethernet cards

3 fiber links are connected to 3 ports of linux box

one is connected to other side of the LAN

main office connection
---

all 3 fiber links are connected to Switch


now i made the  the linux box in bridge mode

when i try to access from lan, iam able to see the traffic is going only one
interface
how do i make the traffic to go other interface and load balance to

or

make one of the interface is main, and rest to back up links

once the main link go down, it should automatically shift to other standby
links



any suugestions

hare

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] mangle

[Ronnie Garcia]

 On Monday, 08 December 2003, at 15:39:48 +0200,
 Eddie wrote:

  I have a linux gateway box,eth1 internet and eth0 lan
  Now I made my qdisk for eth1 but now I want to mark them with iptables.
  The thing it I dont now wht to use,-A FORWARD or PREROUTING?
 
 Check for the Kernel Packet Traveling Diagram at:
 http://www.docum.org/stef.coene/qos/kptd/

Please note that this diagram is not valid for iptables.

When using iptables, packets that are traversing the linux box (forwarded
trafic) do not go thru the INPUT and OUTPUT chains.

You'll find an iptable packet traversal diagram at :
http://www.knowplace.org/netfilter/packet_traversal.gif

Rgds,
Ronnie.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] mangle

[Martin A. Brown]

Whoa!!  Back up the truck!

 :  Check for the Kernel Packet Traveling Diagram at:
 :  http://www.docum.org/stef.coene/qos/kptd/
 :
 : Please note that this diagram is not valid for iptables.

I think I disagree.

 : When using iptables, packets that are traversing the linux box
 : (forwarded trafic) do not go thru the INPUT and OUTPUT chains.

The KPTD hosted on docum.org certainly does accurately reflect the
traversal of iptables.  Please send corrections if you find something
wrong with the KPTD.  This was a collective effort by Leonardo Balliache,
Stef Coene, and some others on this very list.

It doesn't depict the relationship between iptables and bridging, but that
is a well-known exception to this diagram.

 : You'll find an iptable packet traversal diagram at :
 : http://www.knowplace.org/netfilter/packet_traversal.gif

This is a fine picture, too, though, Ron.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] bandwidth lang

[Martin A. Brown]

Eddie,

 : Well the thing is I need to learn bandwidth management,fast.
 : Well I've read a few stuff but the thing is,as I understand,there is
 : lots of ways and languages to use,cbq,htb ens.What is the best and you
 : now of a howto just for that specific one?

This gives some references:

  http://www.docum.org/stef.coene/qos/faq/cache/46.html

I'd recommend learning tcng and using HTB...here's a slightly more
hands-on document I have written:

  http://tldp.org/HOWTO/Traffic-Control-tcng-HTB-HOWTO/

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] policy routing problem

[Serdar KYL]

Hello..

I Use mandrake 9.1 with a custom kernel. Policy routing etc. all routing
options selected while compile the kernel (2.4.22)..

System is a PC and contain 4 ethernet. 

eth0, a local subnet. 192.168.0.1
eth1, a ADSL modem. pppoe run this interface and ppp0 already up.
Interface numbered as 10.0.0.1 for access modem, and ppp0 masqueraded
for outgoing connections (with $IPT -A POST.. -o ppp0 -j MASQUERADE)

eth2, connect a FR line with a router and address
195.174.43.34 eth3, connect a DMZ with 212.174.154.128/25

Other hand, we use a /28 block for local subnet. eth2 masquerade packets
from local lan to using iptables ... DNAT. 

ADSL line newly connected, 2048/512 kbps.

Only FR line router defined as default gw. 

This system currently working fine, but don't use ADSL..

I want this reason:

All http request use ADSL line.

OR

Only a machine from DMZ (its a proxy server) use this ADSL line..

I read HOWTO and other sources, and test this commands:

echo 200 http /etc/iproute2/rttables (!?)

ip rule add fwmark 10001 table http
ip route add default via 81.215.8.1 table http
ip route flush cache
iptables -t mangle -A PREROUTING -p tcp --dport 80 \
  -j MARK --set-mark 10001

For this state, policy routing don't any effect. ppp0 TX/RX Values same
always.

I try this rule. 

ip rule add from 212.174.154.219 table http

Wow... This machine can't reach internet for this reason :(( No
routing.. 

I try, cut-edit-paste HOWTO lines. Create table john etc.. But same
result :(( 

I'm confused. You can help me ?

Excuse me for poor english :(

Thanks.. 
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] TCng (wrr || esfq) ?

[Artras lajus]

Anyone have acomplished this? tcc just gives syntax error :(
--
pagarbiai,
Artras lajus
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] mangle

[Jose Luis Domingo Lopez]

On Monday, 08 December 2003, at 17:18:52 +0100,
Ronnie Garcia wrote:

 Please note that this diagram is not valid for iptables.
 
I think you did not interpret the diagram correctly. For iptables you
will have to focus just on the BLUE boxes with the CAPITAL names, and
forget about the lowercase ones, that are for ipchains.

And each packet entering the box will follow just one path, and this
path is determined after the routing stage: any packet going through the
box (neither generated nor destined to it) will go the path on the
right, though the FORWARD chain of iptables. From then on the travel
is simple to follow.

Hope it helps.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test10-mm1)
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] mangle

[Ronnie Garcia]

 On Monday, 08 December 2003, at 17:18:52 +0100,
 Ronnie Garcia wrote:

  Please note that this diagram is not valid for iptables.
 
 I think you did not interpret the diagram correctly. For iptables you
 will have to focus just on the BLUE boxes with the CAPITAL names, and
 forget about the lowercase ones, that are for ipchains.

My bad, thats right.
The diagram is a bit confusing like this, what about drawing two different
diagrams, since ipchains and netfilter behave quite differently ?

I can send diff's if needed =)

Rgds,
Ronnie.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

AW: [LARTC] mangle

[Jan Gerritsen]

Hi,

i have two question about the diagram.

 The KPTD hosted on docum.org certainly does accurately reflect the
 traversal of iptables.  Please send corrections if you find something
 wrong with the KPTD.  This was a collective effort by Leonardo Balliache,
 Stef Coene, and some others on this very list.

first: what does PDBB stand for? is this the point where the RPDB is asked?

second: isn't there a hook between the OUTPUT and the POSTROUTING chain,
to handle the routing for packets generated by local processes?
Descriped in Figure 3.3.2 from 
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH03.web.html

thx,
Jan Gerritsen
ÀE0¦j)bž   b²ßË
™¨¥™©Ý³Ö§–m§ÿæj)fjwlõ©åþf¢–f§þX¬¶)ߣùZ®×9dΆÛiÿùZ®×(®

RE: [LARTC] tc troubles with pfifo_fast qdisc on 2.4.23 kernel

[arek]

Hi!

 I was updated kernel from 2.4.22 to 2.4.23
 and now tc tools can't correctly determine default (pfifo_fast)
 qdisc on interface:

 # tc/tc qdisc ls dev ppp0
 qdisc pfifo_fast 0: [Unknown qdisc, optlen=20]

 but, if I assign f.e. cbq qdisc for some device all show correctly:

 # tc/tc qdisc ls dev ppp1
 qdisc tbf 8009: rate 32Kbit burst 10Kb lat 1.5s
 qdisc cbq 66: rate 10Mbit (bounded,isolated) prio no-transmit

 what can I do to fix this?

Propably you should patch your TC binary with newer, that properly
understand your kernel.

I have the similar problem when i used ESFQ queue, and then i used some
other tc utility for showing queues.



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Difficulties trying to control VOIP traffic with TC - HTB

[Ricardo Soria]

Hi all:

I hope someone can help me with this little
problem...

I'm using a linux script to sub-divide my bandwidth
(64kbit) into:  40kbit for VOIP, and the remaining
24kbit for http.  So, the commands I'm using are:



#!/bin/bash

# This script shapes downloading stuff

# Initial qdisc
tc qdisc add dev eth1 root handle 1: htb default 20
r2q 2

# Classes definition
tc class add dev eth1 parent 1: classid 1:1 htb rate \
64kbit ceil 64kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb \
rate 40kbit ceil 40kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:20 htb \
rate 24kbit ceil 24kbit prio 1

# Filters

# This is filter for VOIP
tc filter add dev eth1 protocol ip parent 1:0 prio 1 \
u32 match ip dst 1.2.3.4 flowid 1:10

# Remaining traffic is supossed to go to default 20
class

# Script end



I reached this script after a lot of investigation and
tryings.  So, the bandwidth distribution seems to be
ok.  But here my problem:  Every time a person is
using VOIP, and another person starts surfing the
Internet (from a different IP, of course) at the same
time, the sound quality of the VOIP decreases notably.
 I have priorized VOIP traffic, as it can be seen on
prio 0.  I even used IPTABLES statements to set
Minimize-Delay to packets coming from VOIP ip address.
 But every effort seems to be unuseful:  Every time
someone opens web browser, VOIP sound quality goes
down...

So, could someone tell me what's wrong about my
script??  I know it is possible to get what I'm trying
with htb, anyway...

Very thanks to everybody.

Cheers.

Ricardo Soria.

_
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/