[LARTC] (no subject)
HiI set-up a gre tunnel between two linux boxes.A short diagram is like thislan1 - router1 - router2 - lan2The tunnel works fine, i can ping from lan1 to lan2 but the problem is the speed between lan1 and lan2 is lower than it supposed to beIf i log in to router1 and transfer something from router2 or lan2 it is working at maximum speed, 1024kbits/s. The problem is if i log in to a computer in lan1 and try to transfer something either from router2 or lan2 is working very poor, with 256kbits or worse.I also tried to add that line in iptables with --clamp-mss... same no luck I ran out of ideas and this is driving me crazy. PLease help!
[LARTC] PRIO + filter problem
PROBLEM: My filtering rules don't seem to be working in the latest incarnation of my shaping script. I've changed from using multiple HTB classes to just one and a PRIO qdisc, and now my filters don't seem to have any effect. OVERVIEW: What I used to have is pretty much the same as the htb wondershaper script (with some tweaks), which worked fine, but I noticed that my latency for interactive traffic would fluctuate between 50ms and 250ms. After reading around, it seems this is probably due to the restriction in accuracy of the timers used for shaping combined with low throughput connections (adsl, 128kbit up, I think it has something to do with the Bursting of the HTB classes)? Anyway, because of this I decided to just go with a plain PRIO qdisc wrapped in a HTB for its rate limiting (will this help with the above mentioned latency problem btw?). My packets seem to be traversing the tree alright, but they don't seem to be filtered to the correct leafs so they aren't being prioritised at all. MY SCRIPT: This is the shaping part of my script, I'll annotate the lines, my understating is still a bit hazy, so I have probably done something wrong. *** DEV=ppp0 UPLINK=80 # Install a HTB qdisc in the root, then add a class under the qdisc to rate shape # tc qdisc add dev $DEV root handle 1: htb default 1 tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit # Under the HTB CLASS, add the prio qdisc, which will create 6 prio classes # tc qdisc add dev $DEV parent 1:1 handle 10: prio bands 6 # add sfq qdiscs under each of the PRIO CLASSES # tc qdisc add dev $DEV parent 10:1 handle 100: sfq perturb 10 tc qdisc add dev $DEV parent 10:2 handle 200: sfq perturb 10 tc qdisc add dev $DEV parent 10:3 handle 300: sfq perturb 10 tc qdisc add dev $DEV parent 10:4 handle 400: sfq perturb 10 tc qdisc add dev $DEV parent 10:5 handle 500: sfq perturb 10 tc qdisc add dev $DEV parent 10:6 handle 600: sfq perturb 10 # Filter the packets marked, put them into the PRIO CLASSES # tc filter add dev $DEV parent 1: protocol ip prio 1 handle 1 fw flowid 10:1 tc filter add dev $DEV parent 1: protocol ip prio 2 handle 2 fw flowid 10:2 tc filter add dev $DEV parent 1: protocol ip prio 3 handle 3 fw flowid 10:3 tc filter add dev $DEV parent 1: protocol ip prio 4 handle 4 fw flowid 10:4 tc filter add dev $DEV parent 1: protocol ip prio 5 handle 5 fw flowid 10:5 tc filter add dev $DEV parent 1: protocol ip prio 6 handle 6 fw flowid 10:6 ** That's the shaping bit. I know my packets are being marked (the last version of the script (with HTB) worked, and I didn't change my iptables lines at all. ATM, all traffic is being sent to the prio class 10:2 (handle 200: ), even my ping packets, which I have marked as 1. I'm guessing there's something wrong with that flowid part, but I'm not sure. PS: Btw I have read the lartc howto (about 10 times by now), and searched the mailing list, couldn't find a solution. Great work with the howto, but there are some concepts in it that even now I'm not sure about, for example: what the difference between handle and classid is, when to use them, when to use flowid vs classid. Also, numbering conventions for classes/qdiscs, like if you have a class numbered 10 with parent 1 (so 1:10), can you have a class further down called 10 (or even 1) as well? Some examples and counter examples might help clarify them. But yeah, all in all it's a nice in depth read. Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] question re ip rules logic
Hello everyone, Please excuse these basic questions but I am new to Linux and I am getting desperate for answers. We are running redhat linux and after many hours of investigation I am unable to get a certain ip rule and ip route command combination to work. These are the software versions installed. [EMAIL PROTECTED] linux-2.4.21-15.EL]# uname -a Linux c1b04a01 2.4.21-15.ELsmp #1 SMP Thu Apr 22 00:18:24 EDT 2004 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] linux-2.4.21-15.EL]# ip -Ver ip utility, iproute2-ss010824 [EMAIL PROTECTED] linux-2.4.21-15.EL]# We have an ibm bladecenter with dual gige adapters on each blade. We hope to be able to route external internet web client packets coming into an interface to go back out on the same interface. The packets must go out the same interface they came in on as we have two nortel layer 2-7 switches (eth1 on each blade is connected to one of these switches, the eth0 interface is connected to the other switch). There are virtual load balancing ips (vips) in each switch which nat to the blade interface. We are trying to implement an active - active switch setup using vrrp for failover. The interfaces are set up as: (eth0 is address 10.10.10.104, eth1 is address 10.10.11.104). At first we thought we could use the same subnet for each interface but after initial testing we decided to simplify the situation by using different subnets. [EMAIL PROTECTED] root]# ip addr 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 4: eth0: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0d:60:4e:33:d2 brd ff:ff:ff:ff:ff:ff inet 10.10.10.104/24 brd 10.10.10.255 scope global eth0 5: eth1: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0d:60:4e:33:d3 brd ff:ff:ff:ff:ff:ff inet 10.10.11.104/24 brd 10.10.11.255 scope global eth1 [EMAIL PROTECTED] root]# When we try these commands: ip rule add iif eth0 prio 100 table 100 ip route add default via 10.10.10.1 dev eth0 table 100 ip rule add iif eth1 prio 200 table 200 ip route add default via 10.10.11.2 dev eth1 table 200 no packets are sent out of the interfaces. When we try the commands: ip rule add default prio 100 table 20 ip route add default via 10.10.11.2 dev eth1 table 20 we see incoming packets on eth0 and eth1 being answered on eth1 so we at least know that the ip rule and ip route commands are working. When we try the commands: ip rule add from 10.10.12.3 prio 100 table 20 ip route add default via 10.10.11.2 dev eth1 table 20 we do not see traffic from 10.10.12.3 being answered on eth1, we also tried 10.10.12.0/24 and still no pings from 10.10.12.3 were answered. Any ideas why this rule fails? We tried with ip_forward set to zero and one (no difference), and we are familiar with the use of the ip route flush cache command when removing and adding routes. Are we interpreting the documentation correctly for the ip rule regarding the iif option? Can all source packets be routed out the same interface with these commands? Is there an easy solution for this using ip rule and ip route? If not, can we achieve this functionality using the firewall commands which mark a packet? Any advice would be much appreciated. Also once we get this working we will document a solution as I believe there will be other sites trying to do the same thing. We may be one of the first sites with dual internal switches in a bladecenter. Thank you. Tony Hempinstall. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] esfq hash type
Hi I have a small lan (10.0.0.0/8) behind my linux box. I use MASQUERADE to allow users connects to internet. I set up an esfq qdisc for outgoing traffic. And there is a little question. Does source hash type in esfq recognize NATed local ip's? -- Pozdrawiam Marcin mailto:[EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Two Adsl connections following lartc.rpdb.multiple-links.html instructions....
I have two adsl lines on my linux firewall box and i want to do some load balance between them...itried a lot of different things, but it isn´t working...Following the instructions of http://lartc.org/howto/lartc.rpdb.multiple-links.htmli used the configuration above. using "iptraf" I can see some few packetsusing theppp1 connection, but almost all the packets use ppp0 connection. I´m doing something wrong? I´m forgetting something? Maybe my kernel doesn´t support multipath? how can i check it? I use Mandrake 10 (kernel 2.6) 2 adsl connections with 600 KB down and 300 KB up (ppp0 and ppp1) Tks in advance! ip route add 200.138.225.0/24 dev ppp0 src 200.215.125.195 table 10ip route add default via 200.138.225.254 table 10ip route add 201.3.196.0/24 dev ppp1 src 201.3.232.205 table 11ip route add default via 201.3.196.254 table 11 ip route add 200.138.225.0/24 dev ppp0 src 200.215.125.195ip route add 201.3.196.0/24 dev ppp1 src 201.3.219.25 ip route add default via 200.138.225.254 ip rule add from 200.215.125.195 table 10ip rule add from 201.3.232.205 table 11 ip route add default scope global nexthop via 200.138.225.254 dev ppp0 weight 1 nexthop via 201.3.196.254 dev ppp1 weight 1
Re: [LARTC] question re ip rules logic
Tony, [ snip ] : We hope to be able to route external internet web client packets : coming into an interface to go back out on the same interface. : The packets must go out the same interface they came in on [ snip ] : The interfaces are set up as: (eth0 is address 10.10.10.104, eth1 : is address 10.10.11.104). At first we thought we could use the : same subnet for each interface but after initial testing we : decided to simplify the situation by using different subnets. Since they are separate switches, you shouldn't have any problem with ARP flux if you want to use IPs inside the same subnet. But, simplifying the situation is probably a good idea. When dealing with complex situations such as the above, you may find that you wish to suppress some ARP replies. I have written a brief introduction to the issues involved with some links to other sources of docs [0]. Note, that only gets you around the (here possibly tricky, but probably not relevant) ARP concern. Skipping on to the fun stuff : 4: eth0: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 1000 : link/ether 00:0d:60:4e:33:d2 brd ff:ff:ff:ff:ff:ff : inet 10.10.10.104/24 brd 10.10.10.255 scope global eth0 : 5: eth1: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 1000 : link/ether 00:0d:60:4e:33:d3 brd ff:ff:ff:ff:ff:ff : inet 10.10.11.104/24 brd 10.10.11.255 scope global eth1 OK! : When we try these commands: : ip rule add iif eth0 prio 100 table 100 : ip route add default via 10.10.10.1 dev eth0 table 100 What this says to the kernel is (roughly): - if the packet to be routed has arrived inbound on eth0, then look up the route in route table 100 I'm guessing that this box is not a router, and therefore anything inbound on eth0 should be packets bound for a local destination. If that's the case, then this rule will never be traversed because rule 0, of the highest priority, will cause the kernel to use the 'local' routing table to be consulted, and the inbound packets will be routed to local destinations. So, the above two commands effectively do nothing. : ip rule add iif eth1 prio 200 table 200 : ip route add default via 10.10.11.2 dev eth1 table 200 : no packets are sent out of the interfaces. Same thing as above. [ snip ] : ip rule add from 10.10.12.3 prio 100 table 20 : ip route add default via 10.10.11.2 dev eth1 table 20 : we do not see traffic from 10.10.12.3 being answered on eth1, we also tried : 10.10.12.0/24 : and still no pings from 10.10.12.3 were answered. Any ideas why this rule : fails? Perhaps you have checked 'ip route show cache 10.10.12.3' to see where the packets were going? (Maybe out eth0? Maybe the only routes in the upstream to 10.10.12.3 are through eth1? Maybe the switch does its own reverse path filtering?) And speaking of rp_filter, have you checked the rp_filter sysctl on this box? [1] Also, : We tried with ip_forward set to zero and one (no difference), and : we are familiar with the use of the ip route flush cache : command when removing and adding routes. But, you don't really wish to use ip_forward. It seems that you are running servers on these blades. You don't need/want them to be routers, do you? : Are we interpreting the documentation correctly for the ip rule : regarding the iif option? I don't think so. I think you are confusing TCP state with routing. Routing is a stateless affair. Indeed, Linux does have a route cache, and that means that a router will 'remember' a recently used route, but this is rather different from real statefulness in routing. It seems what you really wish is for the Linux box to keep track of flows and intelligently handle them. Fortunately, you don't really need this, given your description. You only need a way to convince packets addressed from a particular IP on your box to leave via a particular interface. Try this instead: echo 200 out_eth0 /etc/iproute2/rt_tables ip rule add from 10.10.10.104 table out_eth0 ip route add default via 10.10.10.1 table out_eth0 echo 201 out_eth1 /etc/iproute2/rt_tables ip rule add from 10.10.11.104 table out_eth1 ip route add default via 10.10.11.1 table out_eth1 I can't say that that my choice of routing table names are sensible, but they should give you the general idea. The table parameter takes a number or a name. If a name is supplied, the name is looked up in /etc/iproute2/rt_tables. : Can all source packets be routed out the same interface with : these commands? I don't really understand what this question asks. : Is there an easy solution for this using ip rule and ip route? While I wouldn't quite say easy, the should give you a start. To understand a bit better about Linux routing, I'd recommend Alexey Kuznetsov's iproute2 manual [2] and my own introduction [3]. Good luck! -Martin [0] http://linux-ip.net/html/ether-arp.html#ether-arp-flux [1]
Re: [LARTC] ALTQ - Bandwidth Manager
Hi, We have ported the FreeBSD ALTQ to QNX (Bandwidth Manager). For the time being only the Class Based Queueing (CBQ) Discipline is using. It's working fine. Thanks to all those who directly or indirectly motivated me, thaks a lot to Brian. Thanks Regards Prajith. - Original Message - From: Brian Nox [EMAIL PROTECTED] To: Prajith [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, April 30, 2004 12:30 PM Subject: Re: [LARTC] ALTQ - Bandwidth Manager I decided to do this project. So still people can help me by providing some valuable documents or URL. Try with: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO[go to chap 19] http://www.kerneltraffic.org/kernel-traffic/index.html http://tcng.sourceforge.net/ Good luck Prajith. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] can this work?
Hi. I'm newie using LARTC. I have some pc's and one 512/192kbits conection. I do not want that one PC uses all the bandwidth available. I made this script to limit, but I need that the applications (web browsing, messenger with cam and audo , p2p, etc) in pc's continue acceding normally Internet. Would work this script? what type of qdisc could be added to htb in order to reduce the delay of the applications like messenger? Thank you very much Leandro /bin/sh # # Set the following values to somewhat less than your actual download # and uplink speed. In kilobytes BAJADA=50 SUBIDA=10 MINABUSE=5 MAXABUSE=15 TARGETA0=eth0 A1=192.168.0.3 A2=192.168.0.4 A3=192.168.0.5 A4=192.168.0.6 A5=192.168.0.7 A6=192.168.0.8 A7=192.168.0.9 A8=192.168.0.10 B1=192.168.0.11 B2=192.168.0.12 B3=192.168.0.13 B4=192.168.0.14 B5=192.168.0.15 B6=192.168.0.16 J1=192.168.0.100 J2=192.168.0.101 J3=192.168.0.103 J4=192.168.0.105 J5=192.168.0.104 J6=192.168.0.102 JEJE=192.168.0.2 # clean existing down- and uplink qdiscs, hide errors tc qdisc del dev $TARGETA0 root 2 /dev/null /dev/null # tc qdisc del dev $TARGETA0 ingress 2 /dev/null /dev/null tc qdisc add dev $TARGETA0 root handle 1: htb default 30 r2q 1 tc class add dev $TARGETA0 parent 1: classid 1:1 htb rate 50kbps ceil 50kbps tc class add dev $TARGETA0 parent 1:1 classid 1:10 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:11 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:12 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:13 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:14 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:15 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:16 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:17 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:18 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:19 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:20 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:21 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:22 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:23 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:24 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:25 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:26 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:27 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:28 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:29 htb rate ${MINABUSE}kbps ceil ${MAXABUSE}kbps tc class add dev $TARGETA0 parent 1:1 classid 1:30 htb rate 2kbps ceil 5kbps tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${A1} flowid 1:10 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${A2} flowid 1:11 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${A3} flowid 1:12 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${A4} flowid 1:13 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${A5} flowid 1:14 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${A6} flowid 1:15 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${A7} flowid 1:16 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${A8} flowid 1:17 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${B1} flowid 1:18 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${B2} flowid 1:19 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${B3} flowid 1:20 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${B4} flowid 1:21 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${B5} flowid 1:22 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${B6} flowid 1:23 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${J1} flowid 1:24 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${J2} flowid 1:25 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32 match ip dst ${J3} flowid 1:26 tc filter add dev $TARGETA0 protocol ip parent 1:0 prio 1 u32