Re: [LARTC] Re: Not understanding network setup!!
Eliot, Wireless and Server Administrator, Great Lakes Internet wrote: -Original Message- From: Jarek Poplawski [mailto:[EMAIL PROTECTED] Sent: Friday, June 02, 2006 9:57 AM To: Eliot, Wireless and Server Administrator, Great Lakes Internet Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Re: Not understanding network setup!! ... Maybe we are thinking about something else but I don't think: If you were using a /30, then ... .5, and .9 would be the first available addresses in their respective subnets is all correct. 10.0.0.0/30: 10.0.0.0 - NETWORK ADDRESS 10.0.0.1 - HOST 10.0.0.2 - HOST 10.0.0.3 - BROADCAST ADDRESS First available address is .1 10.0.0.4/30: 10.0.0.4 - NETWORK ADDRESS 10.0.0.5 - HOST 10.0.0.6 - HOST 10.0.0.7 - BROADCAST ADDRESS First available address is .5 10.0.0.8/30: 10.0.0.8 - NETWORK ADDRESS 10.0.0.9 - HOST 10.0.0.10 - HOST 10.0.0.11 - BROADCAST ADDRESS First available address is .9 Thus: The .1, .5, and .9 would be the first available addresses in their respective subnets. Is a true statement. How are you interpreting this? OH! Now I understand! I'm sorry for bothering you and many thanks for this clare explaining. Jarek P. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Not understanding network setup!!
Understood..many thx for all the help.. By the way, do you know if there's a way to distinguish between the ACK packet sent during the connection establishment phase of a TCP connection and subsequent ACK packets sent during the data transfer phase. I now that the ACK number sent during the connection establishment will be equal to the 'sequence number for the SYN in the SYN/ACK packet' + 1 Is there a way to distinguish between this 3rd packet and any other ACK packet during data transfer w/o having to keep track of sequence numbers? Are there other characteristics or options that are set in the former and not in the latter? Basically I want to capture the three packets sent during the connection establishment phase of TCP. How can I do that? Warm regards, Visham ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Not understanding network setup!!
Dear Eliot, thx for the explanations..i'll try the transparent firewall setup and tell you how it goes. However, I would like to know how you would have set routing for a topology like the one below using bonding, where S1, S2 and S3 are servers (Layer 3 devices), and not firewalls. __ _ | | | | | eth1|---|eth0 S1 | | | |_| PC_A--| | | |_ |eth0 PC_B eth2|---|eth0 S2 | | | |_| | | | |_ | eth3|---|eth0 S3 | |__| |_| Warm regards, Visham ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Not understanding network setup!!
Dear Eliot, Many thx for all the efforts you're making to help me out..I've been battling with this for over two weeks now :( I had a few questions to ask you: 1) Does bonding support per-packet loadbalancing like teql does? 2) Is it compulsory to assign eth1 eth2 ip addresses in teql setups like in the howto or can simply use them w/o ip addrs as in the bonding setup example you gave? 3) In the setup you propose with the transparent firewall, I don't think it'll work because since different networks are involved, only a router can forward packets between different networks. The bridge can only perform packet switching on one network. It can actually extend a particular network but it cannot join two different networks. That, I believe, is the work of a router. Please correct if you feel I'm wrong. 4) Do you believe it is possible to implement teql for the topology I'm working on, i.e using firewalls with ip addrs? I tried it many times but no success. The main problem was that I didn't know to what network to have the teql0 device on PC_B PC_C point to? In the example in the LARTC HOWTO, the teql0 on Router A pointed to the teql0 device on the Router B. However, in the topology I'm trying to set up, I didn't know to which device to point to because of the intermediate networks that we have (for FW1 FW2). Do you think I should use a multipath route on PC_B PC_C, some thing like this: ip route add default scope global nexthop via 192.168.10.11 dev eth1 weight 1 nexthop via 192.168.40.11 dev eth2 weight 1 I tried it but no success. The teql0 device won't balanve traffic between the devices..don't know if I made a mistake in the formulation of the command!! Can you suggest me anything..I have enough PCs to test things that you might suggest me. Warm regards, Visham ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: Bi-directional packet classification with ACK prioritization
Eliot, Wireless and Server Administrator, Great Lakes Internet wrote: This problem will be true for generally classified traffic and P2P traffic. I would use tc filters in one direction if I could possibly distinguish P2P traffic from other types of traffic with them. You can match mark with u32 rather than fw - you then get to use masks and can and it with other matches - like MAC. You can also and/or marks with netfilter. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] netbios over slow-speed link. need advice
Hello, I have set up a VPN link using IPsec with OpenSwan between two Linux boxes, and I am using this tunnel to communicate a bunch of w9x/2k client with a w2k file server. The thing is that, the WAN link where the tunnel is set, has a bandwidth of 128kbps, and the browsing of the file server, and the opening of a file like for example, a word document, takes a lot of time. This times of file opening seem to vary very often. They go from 1,5 minutes to 15 minutes. I haven't seeing the 15 minutes open file time, but the users had told me that it happens from time to time. I wonder, maybe one of you guys, had find your selves in a similar situation and can give some advice. I am not sure, if the netbios communications with this file server are working right, and I would like to know, if it is possible, how to tune the scenario to get it to work properly or at lease, how to view the state of this communications. Any ideas will be most welcome. TIA! BR, Matias. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] How to explode tc rules maked by HTB.init?
Hi to all, i'm using htb.init for configuring my shaper. Now i want to know if it possible to show how htb.init make and use TC, anyone has tried it? Many thanks. -- Stefano Mainardi Presidente Associazione ILDN - Italian Linux Distro Network Mobile: 349/3917212 Skype: mainardistefano IM (ICQ): 250-292-408 Blog: http://www.mainardistefano.org ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] How to explde HTB.INIT tc commands?
Hi to all, i'm using htb.init for configuring my shaper. Now i want to know if it possible to show how htb.init make and use TC, anyone has tried it? Many thanks.-- Stefano MainardiPresidente Associazione ILDN - Italian Linux Distro NetworkMobile: 349/3917212Skype: mainardistefanoIM (ICQ): 250-292-408Blog: http://www.mainardistefano.org ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Not understanding network setup!!
Visham, : By the way, do you know if there's a way to distinguish between : the ACK packet sent during the connection establishment phase of : a TCP connection and subsequent ACK packets sent during the data : transfer phase. : : I now that the ACK number sent during the connection : establishment will be equal to the 'sequence number for the SYN : in the SYN/ACK packet' + 1 : : Is there a way to distinguish between this 3rd packet and any : other ACK packet during data transfer w/o having to keep track of : sequence numbers? Are there other characteristics or options that : are set in the former and not in the latter? : : Basically I want to capture the three packets sent during the : connection establishment phase of TCP. How can I do that? How many times (or how quickly) do you need to do this? I have a somewhat simple-minded solution for you, but it doesn't scale, and may not actually solve you problem(s). If you have anything more than a few connections on which you wish to snoop (to see that they have successfully completed the handshake) my solution will not work for you. I have used this to capture the first three packets exchanged on a particular TCP connection: tcpdump -nni $INTERFACE -c 3 host $TARGET and port $DPORT and \ '( tcp[tcpflags] tcp-syn = tcp-syn or tcp[tcpflags] tcp-ack = tcp-ack )' If you are looking at inbound traffic to one of your servers, that can be a bit trickier. You could, however tcpdump the entire stream line-bufferered and write a filter (sed/perl) that prints out only lines showing SYN flag and lines containing 'ack 1 win'. 10:16:11.232505 IP xx.yy.zz.44.7284 aa.bb.cc.130.25: S 2114067570:2114067570(0) win 5840 mss 1460,sackOK,timestamp 906238871 0,nop,wscale 2 10:16:11.257184 IP aa.bb.cc.130.25 xx.yy.zz.44.7284: S 1756590593:1756590593(0) ack 2114067571 win 5792 mss 1380,sackOK,timestamp 3428194314 906238871,nop,wscale 2 10:16:11.257242 IP xx.yy.zz.44.7284 aa.bb.cc.130.25: . ack 1 win 1460 nop,nop,timestamp 906238896 3428194314 Good luck, -Martin -- Martin A. Brown http://linux-ip.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: For leaf classes is best PFIFO or SFQ?
2006/6/2, Jarek Poplawski [EMAIL PROTECTED]: Stefano Mainardi wrote: Hi to all, i'm following this guide (http://www.opalsoft.net/qos/DS-28.htm), is very detailed, but i'm a bit confused about queuing disciplinse of leaf classes. In this guide the author uses PFIFO (see the scheme that i attached at message) in this way: # tc class add dev eth0 parent 1:21 handle 210: pfifo lmit 10 rather that way:# tc qdisc add dev eth0 parent 1:21 handle 210: pfifo limit 10therefore??? I do not understand ...-- Stefano MainardiPresidente Associazione ILDN - Italian Linux Distro Network Mobile: 349/3917212Skype: mainardistefanoIM (ICQ): 250-292-408Blog: http://www.mainardistefano.org ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] sangoma cards in linux
Hi There, we only have a /29 internet routable network from our ISP and a Cisco 1601 router with serial interface doing all the routing. I was thinking of replacing that cisco with a linux box with a sangoma card, also using quagga with ospf on for my internel networks has anyone have expierence with this? thanks Sew ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] sangoma cards in linux
Hello there, : we only have a /29 internet routable network from our ISP and a : Cisco 1601 router with serial interface doing all the routing. : : I was thinking of replacing that cisco with a linux box with a : sangoma card, also using quagga with ospf on for my internel : networks I can't speak directly to quagga and ospf, but I can provide an encomium for the Sangoma cards. I have used the Sangoma cards (since 2000 or so, starting with the S508/FT1) and found them to be extraordinarily reliable. Their technical support is also very good. I have seen these cards used in Australia and the U.S. and recommend them wholeheartedly. Good luck, -Martin -- Martin A. Brown http://linux-ip.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How to explde HTB.INIT tc commands?
Stefano Mainardi wrote: Hi to all, [...] You already sent that mail three times in less than 30 hours. Please stop. Somebody will answer if he/she knows. Regards, Carl-Daniel ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ + NAT
Hello, I have eth0 - internet eth1..4 - local networks on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE I want to balance out/in load for eth1..4 and localhost (mainly squid). Nat makes impossible to do it on eth0, so I installed IMQ. I need to get to on imq0 unnnated in/out traffic that I could make priorities for protocols and networks. Do somthing like this: prate=1Mbit localhost: rate=500kbit, ceil=prate vnc: rate=100kbit, ceil=prate web: rate=100kbit, ceilp=prate mail: rate=100kbit, ceil=prate eth1: rate=400kbit, ceil=prate ftp: rate=10kbit, ceil=prate eth2..4: rate=100kbit, ceil=prate (eth2...eth4 would split the same 100kbit) rdp: rate=90kbit, ceil=prate .. This load balance would be applyed for outgoing and incoming internet traffic. Where and how in iptables would be correct to -j IMQ ? Thank you! ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: For leaf classes is best PFIFO or SFQ?
Dnia piątek, 2 czerwca 2006 13:09, Stefano Mainardi napisał(a): 2006/6/2, Jarek Poplawski [EMAIL PROTECTED]: Stefano Mainardi wrote: Hi to all, i'm following this guide (http://www.opalsoft.net/qos/DS-28.htm), is very detailed, but i'm a bit confused about queuing disciplinse of leaf classes. In this guide the author uses PFIFO (see the scheme that i attached at message) in this way: # tc class add dev eth0 parent 1:21 handle 210: pfifo lmit 10 ^ rather that way: # tc qdisc add dev eth0 parent 1:21 handle 210: pfifo limit 10 ^ therefore??? I do not understand ... Well, pfifo is a discipline at the end of class, not the class. I'm using sfq for every customer (the are limited to 256/384/512kbit), so they will be able to use the Internet even when using p2p programs. -- | pozdrawiam / greetings | powered by Trustix, Gentoo and FreeBSD | | Kajetan Staszkiewicz | jabber,email,www: vegeta()tuxpowered net | |Vegeta | IMQ devnames: http://www.tuxpowered.net | `^--' pgpzQUKn34R6R.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Not understanding network setup!!
Hi Martin, How many times (or how quickly) do you need to do this? I have a somewhat simple-minded solution for you, but it doesn't scale, and may not actually solve you problem(s). I actually need this for as long as the machine communicates with other PCs. If you are looking at inbound traffic to one of your servers, that can be a bit trickier. I have to capture those three packets for each and every TCP stream that is initiated. Also, I'm looking only for outbound communication, i.e emanating from the PC on which I'm trying to catch the packets. So the ACK packet will be generated on the PC itself. But the problem how do I capture that particular ACK packet and not the other ACK packets during data transfer phase, w/o keeping track of IP address/port no. pairs. Warm regards, Visham ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Not understanding network setup!!
Visham, : I have to capture those three packets for each and every TCP : stream that is initiated. Also, I'm looking only for outbound : communication, i.e emanating from the PC on which I'm trying to : catch the packets. So the ACK packet will be generated on the PC : itself. But the problem how do I capture that particular ACK : packet and not the other ACK packets during data transfer phase, : w/o keeping track of IP address/port no. pairs. It sounds like argus [0] may provide a better solution to your problem. You will get much more information than you'd get with tcpdump, but you'll get at least what you describe. -Martin [0] http://www.qosient.com/argus/ -- Martin A. Brown http://linux-ip.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc