Re: [LARTC] Shaping Device Aliases
Gordan,
I've noticed that you are trying to use aliased IP addresses and traffic
control together, and you are a bit frustrated that tc doesn't handle
aliased interface names.
: I understand that device aliases (e.g. eth2:3) are not shapeable.
: Does anybody know if this functionality is planned in the future?
:
: None of the new(er) networking tools recognise device aliases,
: because on all recent linux releases, aliases don't exist.
: the ethX:X notation is a legacy notation used only by the ifconfig
: program. everything else just sees a ethX with more than one IP
: address.
:
: So you just run your shaping rules on the real interfaces, and
: restrict it's operation with IP address filtering.
:
: Yes, I am aware of that. However, that makes shaping multiple
: independent streams going through one interface much more difficult.
I don't understand why this becomes much more difficult--it just becomes a
little more difficult, depending on the number of IP addresses you have
active on a given interface. If you can handle multiple addresses on an
interface, then shaping traffic on these (known) addresses shouldn't be
much more difficult than managing each address.
: The only other thing I can think of is setting up a dummy network
: device and giving it the IP addresses on all the non-primary subnets
: (e.g. multiple DSL lines), and setting up the arp and routing to make
: the packet actually go via the primary interface.
This sounds like a very confused idea. I'm not sure it's worth the
hassle--as I hope I can convince you below.
[ more stuff snipped ]
: Has anybody got any thoughts on this?
I have some thoughts, which I hope can help you understand why you will be
able to use the traffic control tools to accomplish your filtering. For
posterity, I'll reiterate some of what has come before.
IP aliases don't exist. This is a convention for ifconfig. ip addr
show will display all IP addresses active on a given interface.
Traffic control is the last thing performed before turning the packet over
to the device driver and hardware. Similarly, it is the first thing
called on receipt of a packet. See diagrams KPTD [0] and ebtables packet
flow [1].
In this case, you can use any number of techniques to identify the packets
with tc tools based on their IP addresses--the convenience of the aliased
interface naming is simply an obstruction of the real path the packet
takes.
: If this would work, maybe it should be documented in the advanced
: routing howto, as I can see how there might be a lot of people out
: there who would find it useful.
Let me suggest a possibility, if we assume a nested configuration. Let's
say you have IP0 and IP1 active on interface eth3 and you want to make
sure that bandwidth is split 75/25 between these two and you want them to
share bandwidth. Classic bandwidth-sharing situationin the tcng
config below, you'd need to #define IP0 and IP1, but then you'd have a
simple configuration. If you needed to further subdivide traffic within
each of the IP0 and IP1 classes, you'd have an easy way to do so.
dev eth0 {
egress {
class ( $ip0 ) if ip_src == IP0 ;
class ( $ip1 ) if ip_src == IP1 ;
htb () {
class ( rate 1544kbps, ceil 1544kbps ) { /* T1 speed */
$ip0 = class ( rate 1024kbps, ceil 1544kbps ) ;
$ip1 = class ( rate 384kbps, ceil 1544kbps ) ;
}
}
}
}
Alternately, you may wish to simulate virtual circuits with each of the IP
addresses on a machine. In this case, you could use separate root
classes attached to the HTB qdisc, or another class. You can prevent the
two classes from competing with each other by setting the rate and ceil to
the same value. Here's a very simple permutation of the above.
dev eth0 {
egress {
class ( $ip0 ) if ip_src == IP0 ;
class ( $ip1 ) if ip_src == IP1 ;
htb () {
class ( rate 1544kbps, ceil 1544kbps ) { /* T1 speed */
$ip0 = class ( rate 1024kbps, ceil 1024kbps ) ;
$ip1 = class ( rate 384kbps, ceil 384kbps ) ;
}
}
}
}
Best of luck, Gordan!
-Martin
[0] http://www.docum.org/stef.coene/qos/kptd/
[1] http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
--
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Stability
On Fri, Jan 23, 2004 at 10:29:13AM -0700, Michael S. Kazmier wrote: MSKHello all, MSKI have been doing a lot of archive searching over the last week reading MSKposts on IMQ and it's apparent stability / instability. I have seen a MSKnumber of posts about it not being maintained as well. Can anyone talk to MSKme about IMQ's stability in a heavy throughput environment (20 Mbps) and MSKwhat was causing IMQ to fail if you know. I use it and it's work OK for me Traffic at some router up to 30-40 Mbit IMQ has one trouble Don't assing address to imq interface becase kernel crash it you do this. -- Best regard, Aleksander Trotsai aka MAGE-RIPE aka MAGE-UANIC My PGP key at ftp://blackhole.adamant.ua/pgp/trotsai.key[.asc] Big trouble - ..disk or the processor is on fire. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] small netwok traffic shaping
Hi, First of all I must say that I'm a newbie in the network adimistration domain. I have the following situation: a network composed of ~10 computers which are connected to the internet through a gateway. The connection speed is 128kbps for the addresses outside my country, and 10mbps for the addresses in my country. I would like to set-up a traffic shaper on the router machine with the following features: - if all the users are browsing/downloading in the same time, the bandwidth must be equally shared - if the users are using file sharing software, their bandwidth for such applications must be limited to maximum 10kbps if noone else is requesting bandwidth for normal http transfers, else the bandwidth must be 0 for such applications. - i want also that some computers from the network to get priviledged access, with no restrictions If possible i wold also like that: - the users who are using network scanning software to have their bandwidth cut to 0 for a period The router has 2 NIC's eth0 and eth1. eth0 is connected to the outside world and eth1 to the internal network. Can you help me with examples? What solutions do you advise me to implement? I know I can read the manuals (as most of my friends say), but it's very difficult for me to get it right form the first time. Thanks, Adrian ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] small netwok traffic shaping
Buna ziua, Adrian :) Adrian Coman wrote: - if the users are using file sharing software, their bandwidth for such applications must be limited to maximum 10kbps if noone else is requesting bandwidth for normal http transfers, else the bandwidth must be 0 for such applications. There are two things that might be interesting for your work: 1. http://l7-filter.sf.net That's a facility for either the QoS framework or iptables that enables to distinct between several application layer (iso layer 7, hence the name) protocols such as http and ftp. You could use that to apply special marks to packets which then help you to classify the packets. 2. http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html That's an extenstion to iptables which allows to mark connections that belong to common peer-to-peer applications (which would be helpful to apply the above quoted rule). Unfortunately I can't give you any more pointers, as I'm myself new to the whole QoS-stuff. But I hope this will help you a little. La revedere. Mike ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Burst Rate?
If I'm using the following to very simply police my incoming bandwidth:
ingress {
$p = bucket(rate 7Mbps, burst 1000kB, mpu 200B);
class (1) if (conform $p count $p) || drop;
}
How should i be calculate the burst rate? Cisco has their own special
algorithm for calculating the correct burst rate, is there a similar method
I should be using to calculate burst on a linux box? Also are there any
improvement in the 2.6.x kernel with regards to traffic shaping?
Scott
Scott Baker - Network Engineer - RHCE
bakers @ web-ster . com - 503.266.8253
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
