Re: [LARTC] how to match TTL?
Hi! Hi! I can't find anywhere correct syntax how to match TTL. All of I found refuse to work :( tc filter add dev eth1 parent 1:0 prio 10 u32 match u8 64 0xff at 8 flowid 1:11 This works. Can you confirm with a tcpdump that the ttl is the one you expect? All I need is to match TTL=64 and TTL=128, of course with iproute :) Any ideas? Kaspars Advertisement: Atrodiet savu celojumu seit! http://travel.inbox.lv --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] how to remove rules
hi I have trying to remove the extra rules from my routing tables, however with no luck Also I want to know these duplicate entries have an effect on packets going routed? I have this overwhelming rules lists from my predessor who added the ip rule add fwmark entries in firewall script, and on each run of firewall script its creates an extra entry in routing table. Now what I want to get rid of an extras from all fwmark 0x2 lookup squid.out leaving only one that what's I needs. here is the output of ip rule ls 0: from all lookup local 32742: from all fwmark 0x2 lookup squid.out 32743: from all fwmark 0x2 lookup squid.out 32744: from all fwmark 0x2 lookup squid.out 32745: from all fwmark 0x2 lookup squid.out 32746: from all fwmark 0x2 lookup squid.out 32747: from all fwmark 0x2 lookup squid.out 32748: from all fwmark 0x2 lookup squid.out 32749: from all fwmark 0x2 lookup squid.out 32750: from all fwmark 0x2 lookup squid.out 32751: from all fwmark 0x2 lookup squid.out 32752: from all fwmark 0x2 lookup squid.out 32753: from all fwmark 0x2 lookup squid.out 32754: from all fwmark 0x2 lookup squid.out 32755: from all fwmark 0x2 lookup squid.out 32756: from all fwmark 0x2 lookup squid.out 32757: from all fwmark 0x2 lookup squid.out 32758: from all fwmark 0x2 lookup squid.out 32759: from all fwmark 0x2 lookup squid.out 32760: from all fwmark 0x2 lookup squid.out 32761: from all fwmark 0x2 lookup squid.out 32762: from all fwmark 0x2 lookup squid.out 32763: from all fwmark 0x2 lookup squid.out 32764: from all fwmark 0x2 lookup squid.out 32765: from all fwmark 0x2 lookup squid.out 32766: from all lookup main 32767: from all lookup 253 regards -- (after bouncing head on desk for days trying to get mine working, I'll make your life a little easier) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] how much bandwidth to dedicate?
Nicolas Patik wrote: I want to provide internet to home users with 256 Kbps and I have a 3 Mbps dedicated internet connection. Do you think It's ok to split the 3 Mbps in 480 users? It depends what they are used to or can get. It will only take 12/480 users downloading to fill the link - 24 to half the speed for everyone. 40:1 contention doesn't sound that bad - I am on a product sold as 50:1 - but I see NO contention - at all. The figure of 50:1 is made up, in the UK it seems they can't get away with running the exchange link at any more than 15:1 on a 10meg VC (512k home customers). ISPs may further contend - link from teleco to ISP and ISP and to internet routes. I haven't got a clue how many people I share the teleco to ISP link with, but I am on one of their four 622meg lines - and contention is alot nicer on fat pipes. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Strange error!?
Cow wrote: I was using this setup and it worked fine untill i executed up2date in Redhat and updated a lot of the packages in linux. Unknown qdisc htb, hence option default is unparsable Maybe it updated the tc binary to one that doesn't know about HTB. Try posting to a redhat list. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Increase connection tracking time??
Daniel Bartlett wrote: Hi, I have setup a Linux box similar to the load balanced method in the LARTC guide(conns: LAN,DMZ,ISP1,ISP2). When running clients like Jabber/MSN it seems like the route gets lost in the table after a while. What can I change to increase the tracking time in the tables?? Not sure if they apply with load balancing , but there are some settings in /proc/sys/net/ipv4/route/ the gc are garbage collection - you'll have to google for detail. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] fw mark and policers on 2.6 not working ?
I just noticed that policers don't seem to work with marks in 2.6 . Can anyone get - iptables -A PREROUTING -t mangle -p tcp -j MARK --set-mark 1 tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 1 handle 1 fw police rate 100kbit burst 10k drop flowid :1 To work on a 2.6 - it's OK on 2.4.26, version of tc used makes no difference. The catch all policer as in wondershaper is OK on 2.6. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] SEPARATING VOIP AND SURFING
Dear friends: Very thanks for all your help. I have made many changes to my scrip this days, fixing up some problems and mistakes I found. It seems now I have a very acceptable VoIP quality, and everything is working notably better. I am actually using 450kbit of the total 512 available. Next step I will take is to investigate about ESQF, so, I can implement it to my script. I will be annoying by here later ;-) Thanks. Ricardo. --- Rick Marshall [EMAIL PROTECTED] escribió: Andy Furniss wrote: Ricardo Soria wrote: 1. So, starting at 80% of total 512kbit bandwidth (410kbit), there would be a waste of 102kbit. Is this completely necessary?? I think this is to ensure I have the queue on my side, and the queue is not on the side of the ISP. But, I fell tempted to think that 102kbit is too much for this purpose, considering that I really have 512kbit all time. What would you finally recommend ?? It depends how much you care about latency what the people on your LAN do/use. I don't know what's acceptable latency and jitter for VOIP. not all that important. we have 400ms ping time to one site, but the voip is acceptable because it doesn't synchronise. if packet loss is a problem, turn off any compression. 2. Could you please tell me a secure and trustworthy way to know if I am having queued packets under this class?? Again how much you have to do depends on the usage of your network. You can explicitly mark each type of interavtive you want to priorotise. If you have 20 hackers using P2P 24/7 then life is going to be harder - if they just browse and email It's probably not worth trying too hard. 3. I am creating 2 different htb classes, one for interactive, and another for bulk, and also, 2 different sfq inferior classes, one for each service. What else can I do to avoid sending a mix of traffic ?? If you have one queue for bulk it would need to be esfq if you want per IP fairness. If you'd rather not patch then your origional queue for each user is OK - but you should change SFQ's queue length. 4. If you still have a copy of my script, you can see I am giving prio 0 to interactive classes, and prio 1 to bulk classes. I also tested giving prio 0 and prio 1 at filters setup (and also, prio 1 to everybody, I am not so sure what worked better). What else can I do to emphasize interactive traffic priority?? The prio is most important, other things I do are - make sure interactive has large burst and bulk none. Rather than mess with r2q I set quantum to my MTU for HTB and SFQ. HTB can be tweaked to be more accurate - but you may not need to bother. I also set a rate for my interactive larger than I ever expect to be used, this is probably unneccesary, but then I count game traffic a top prio - and I was using upto 20K bytes/sec incoming while on a 64 player enemy territory server recently. Sorry for the annoyances, very thanks in advance. That's OK - It would help to know what the users do and how many are active at once etc. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ begin:vcard fn:Rick Marshall n:Marshall;Rick email;internet:[EMAIL PROTECTED] tel;cell:+61 411 287 530 x-mozilla-html:TRUE version:2.1 end:vcard _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] ip rule to remove
hi thanks for your reply heh Example: ip del rule pref 32742 is syntically wrong :) and when i tried ip rule del 32742 it gives me error # ip rule del 32742 Error: argument 32742 is wrong: Failed to parse rule type so how to get get of these extra rules? 0: from all lookup local 32742: from all fwmark 0x2 lookup squid.out 32743: from all fwmark 0x2 lookup squid.out 32744: from all fwmark 0x2 lookup squid.out 32745: from all fwmark 0x2 lookup squid.out 32746: from all fwmark 0x2 lookup squid.out 32747: from all fwmark 0x2 lookup squid.out 32748: from all fwmark 0x2 lookup squid.out 32749: from all fwmark 0x2 lookup squid.out 32750: from all fwmark 0x2 lookup squid.out 32751: from all fwmark 0x2 lookup squid.out 32752: from all fwmark 0x2 lookup squid.out 32753: from all fwmark 0x2 lookup squid.out 32754: from all fwmark 0x2 lookup squid.out 32755: from all fwmark 0x2 lookup squid.out 32756: from all fwmark 0x2 lookup squid.out 32757: from all fwmark 0x2 lookup squid.out 32758: from all fwmark 0x2 lookup squid.out 32759: from all fwmark 0x2 lookup squid.out 32760: from all fwmark 0x2 lookup squid.out -- (after bouncing head on desk for days trying to get mine working, I'll make your life a little easier) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ip rule to remove
Hi there Askar, : and when i tried ip rule del 32742 it gives me error : so how to get get of these extra rules? Try: ip rule del prio 32742 from all fwmark 0x2 lookup squid.out -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] how to remove rules
I've had the same problem. I sorta wish there was an ip rule flush command that would leave only the default rules. Anyway, what I do to prevent my rules from getting out of hand is every time I add a rule, I first delete the very same rule. This prevents the duplicates, at least. So every place in my script that I might have: IP RULE ADD some rule I place before it: IP RULE DEL some rule Works for me. - Original Message - From: Askar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 4:57 AM Subject: [LARTC] how to remove rules hi I have trying to remove the extra rules from my routing tables, however with no luck Also I want to know these duplicate entries have an effect on packets going routed? I have this overwhelming rules lists from my predessor who added the ip rule add fwmark entries in firewall script, and on each run of firewall script its creates an extra entry in routing table. Now what I want to get rid of an extras from all fwmark 0x2 lookup squid.out leaving only one that what's I needs. here is the output of ip rule ls 0: from all lookup local 32742: from all fwmark 0x2 lookup squid.out 32743: from all fwmark 0x2 lookup squid.out 32744: from all fwmark 0x2 lookup squid.out 32745: from all fwmark 0x2 lookup squid.out 32746: from all fwmark 0x2 lookup squid.out 32747: from all fwmark 0x2 lookup squid.out 32748: from all fwmark 0x2 lookup squid.out 32749: from all fwmark 0x2 lookup squid.out 32750: from all fwmark 0x2 lookup squid.out 32751: from all fwmark 0x2 lookup squid.out 32752: from all fwmark 0x2 lookup squid.out 32753: from all fwmark 0x2 lookup squid.out 32754: from all fwmark 0x2 lookup squid.out 32755: from all fwmark 0x2 lookup squid.out 32756: from all fwmark 0x2 lookup squid.out 32757: from all fwmark 0x2 lookup squid.out 32758: from all fwmark 0x2 lookup squid.out 32759: from all fwmark 0x2 lookup squid.out 32760: from all fwmark 0x2 lookup squid.out 32761: from all fwmark 0x2 lookup squid.out 32762: from all fwmark 0x2 lookup squid.out 32763: from all fwmark 0x2 lookup squid.out 32764: from all fwmark 0x2 lookup squid.out 32765: from all fwmark 0x2 lookup squid.out 32766: from all lookup main 32767: from all lookup 253 regards -- (after bouncing head on desk for days trying to get mine working, I'll make your life a little easier) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] burst question
On Monday 22 November 2004 00:17, richard lucassen wrote: On Thu, 18 Nov 2004 22:50:17 +0100 Stef Coene [EMAIL PROTECTED] wrote: [..] Q4: I want this class to be able to allow 400Kbit burst during 3 seconds. What value should I give to the burst parameter? Is this 400/160*1803=4507b? 400kbit * 3s = 1200kbit. You can try this, but htb burst is not made for this. It is made for burst of a few k. So a burst of 20k means the next 20kbit waiting in the queue will be sent in one burst before switching to another queue. This also means that this block of 20kbit is sent full speed over the line and it is not limited by any ceiling or whatsoever. Right or wrong? Wrong. There are 2 bursts: a burst for the rate and a cburst for the ceil. So if you have a burst, it's still checked against the ceil. Check out http://www.docum.org/docum.org/tests/htb/burst/ for some tests. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] how to remove rules
Hello all!
: I've had the same problem. I sorta wish there was an ip rule flush
: command that would leave only the default rules.
I have a function called flush which flushes all tables and all rules
other than the main routing table. Here's the rule flush portion. It
won't win any points for elegance, but it should get the job done:
ip rule show | grep -Ev '^(0|32766|32767):' \
| while read PRIO RULE; do
ip rule del prio ${PRIO%%:*} $( echo $RULE | sed 's|all|0/0|' )
done
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: burst question
On Tue, 23 Nov 2004 19:56:31 +0100 Stef Coene [EMAIL PROTECTED] wrote: So a burst of 20k means the next 20kbit waiting in the queue will be sent in one burst before switching to another queue. This also means that this block of 20kbit is sent full speed over the line and it is not limited by any ceiling or whatsoever. Right or wrong? Wrong. There are 2 bursts: a burst for the rate and a cburst for the ceil. So if you have a burst, it's still checked against the ceil. Check out http://www.docum.org/docum.org/tests/htb/burst/ for some tests. Ok, of course it is checked against the ceiling over a longer period, but what I try to understand is the value that is given to the burst variable. What you show on your (very good) website is what happens during a longer time (seconds). I try to understand why in practice this burst value is for example 20k and not 500k (which is easier to understand btw ;-) Two very simplified queues, same rate, same ceiling, MTU 1500, queue1: burst 1500, queue2: burst 6000, each x represents a packet of 1500 bytes. As far as I understand it the packets are sent out this way (at maximum hardware speed): time || \/ Q1 - Q1 can use its burst value and sends 4 packets Q2 x Q1 x - burst is discharged, Q1 sends 1 packet at a time Q2 x Q1 x Q2 x - Q1 stops sending packets, burst can recharge Q2 x Q2 x Q2 x - burst of Q1 is now fully charged Q1 - Q1 can use its burst value and sends 4 packets Q2 x Q1 x It is a very simplified (and maybe wrong) example, but I want to make clear for myself why this burst is for example 20k and not 500k, as in test2 on http://www.docum.org/docum.org/tests/htb/burst/ I can only explain this issue this way. From Devik's doc: http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm # Networking hardware can only send one packet at a time and only at a hardware dependent rate. Link sharing software can only use this ability to approximate the effects of multiple links running at different (lower) speeds. Therefore the rate and ceil are not really instantaneous measures but averages over the time that it takes to send many packets. What really happens is that the traffic from one class is sent a few packets at a time at the maximum speed and then other classes are served for a while. The burst and cburst parameters control the amount of data that can be sent at the maximum (hardware) speed without trying to serve another class. # The last sentence makes this clear IMHO. But I can be terribly wrong of course, so please correct me if I'm still wrong... R. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] how to remove rules
Cool, thanks. I've never been too good at complex scripting myself (I
have a mental block of seeing all complex scripting as inelegant and
sub-optimal by nature, so I understand your comment about inelegance), but
I see exactly what you're doing, and it seems about as elegant as possible
with a script. Very nice. That goes right into my routing script.
Chris
- Original Message -
From: Martin A. Brown [EMAIL PROTECTED]
To: Chris Bennett [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, November 23, 2004 1:30 PM
Subject: Re: [LARTC] how to remove rules
Hello all!
: I've had the same problem. I sorta wish there was an ip rule flush
: command that would leave only the default rules.
I have a function called flush which flushes all tables and all rules
other than the main routing table. Here's the rule flush portion. It
won't win any points for elegance, but it should get the job done:
ip rule show | grep -Ev '^(0|32766|32767):' \
| while read PRIO RULE; do
ip rule del prio ${PRIO%%:*} $( echo $RULE | sed 's|all|0/0|' )
done
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] outbound shaping
Well it appears i have no clue what im doing. I thought i had the below script working to shape outbound ftp traffichowever, it is shaping inbound traffic too. I have NO clue why. Please comment if anyone has any ideas why this doesnt work. I want to shape only outbound ftp traffic and not inbound or lan traffic. #!/bin/bash #shaping passive and active outbound ftp traffic on an internal computer without affecting inbound and lan speed # mark the outbound passive ftp packets on ports 5-51000 iptables -t mangle -D OUTPUT -o eth0 -j MYSHAPER-OUT 2 /dev/null /dev/null iptables -t mangle -F MYSHAPER-OUT 2 /dev/null /dev/null iptables -t mangle -X MYSHAPER-OUT 2 /dev/null /dev/null iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I OUTPUT -o eth0 -j MYSHAPER-OUT iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65436 -j MARK --set-mark 20 iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 5:51000 -j MARK --set-mark 20 iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26 # clear it tc qdisc del dev eth0 root #add the root qdisk tc qdisc add dev eth0 root handle 1: htb default 26 #add main rate limit class tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit #add leaf classes tc class add dev eth0 parent 1:1 classid 1:20 htb rate 40kbps tc class add dev eth0 parent 1:1 classid 1:26 htb rate 100mbit #filter traffic into classes tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ip rule to remove
heya Martin Thanks for the reply its just for archieve to confirm that i'm done with it. I used the following command to get rid of extra entries in routing database #ip rule del fwmark 2 table squid.out regards -Askar On Tue, 23 Nov 2004 11:03:58 -0600 (CST), Martin A. Brown [EMAIL PROTECTED] wrote: Hi there Askar, : and when i tried ip rule del 32742 it gives me error : so how to get get of these extra rules? Try: ip rule del prio 32742 from all fwmark 0x2 lookup squid.out -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- (after bouncing head on desk for days trying to get mine working, I'll make your life a little easier) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] alot of traffic over pppoe ?
hi I was wondering is pppoe scalable enought to support Gbps speeds or at least tens of hundred of Mbps ? From the docs I read it seems that after user is auth over pppoe the client traffic still passes over ppp-channel from pppoe-client --- pppoe-server --- Internet Instead of pppoe-client --- Internet m'I correct with this assumption ? From this I conclude that maximum traffic is the amout the server will be able to handle, but not so dependable from the Layer2-network capabilities.. So is there something I'm missing here ? tia ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
