RE: [LARTC] Unequal Multipath Routing?
Luciano Ruete wrote: On Wednesday 28 June 2006 12:01, Andrew Lyon wrote: That's probably an equalize bug, that does not take in account 'weight' for packet balance. Equalize is unmaintained software AFAIK. Perhaps not so much a bug as a lack of functionality.. Back to my original question then, is there anything in 2.6 or a patch for 2.4 that could be used to do that? (4:3 ratio split of outgoing packets over two interfaces/gateways). Why you need the balance in a packet basis? If you use a vanilla kernel and simple multipath, then the radio 4:3 should work ok. Simple.. we use apps that need more bandwidth than a single line can provide. Andy /*JOSEDV001TAG/* ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Unequal Multipath Routing?
Torsten Luettgert wrote: On Mi, 2006-06-28 at 16:35 +0100, Andrew Lyon wrote: Back to my original question then, is there anything in 2.6 or a patch for 2.4 that could be used to do that? (4:3 ratio split of outgoing packets over two interfaces/gateways). If you aren't afraid of patching compiling kernels, there is one solution. It's a bit ugly, but works (we sell bundled DSL lines using this method). bundled dsl is exactly what this is. The basic idea is to use the iptables ROUTE target to make exemptions from the default gw. It works like this: First make a kernel with the netfilter random and ROUTE targets (can be obtained from patch-o-matic-ng, but they are removed from the current HEAD - you'd have to check out an older revision, or I could send you my copies which work with 2.6.16 and 2.6.17). I will get our box upgraded to a 2.6 kernel and give it a try, there is one feature in 2.4 that we need at the moment but I think I found a 2.6 solution for that a few days ago. Then, point the default route to the bigger pipe, and add an iptables rule like this: iptables -t mangle -A POSTROUTING -o (interface of default route) \ -m random --average 43 \ -j ROUTE --gw (ip of other gateway) Makes sense. I only tried this with different interfaces for different upstreams, but thinking about it, it should also work if they are on the same interface. 43% is about 3/7, so about 3/7 of your packets would use the slower line. Next thing to worry about would be the downstream :) Our isp does the downstream already (its 50/50 but our lines are same speed download), we have a /30 on each line (one ip for router, one for gateway linux box), and a /28 which is routed down both lines, and ipv6 too, our isp is very innovative, they built their own l2pp router which does all this and more AA www.aaisp.net.uk Some remarks: - If you can make the downstream work the same way, you have true packet-based bundling, so single connections will also experience the full bandwidth. Depending on how the downstream is configured, different things can happen (only one line used, downstream bundled per-connection, downstream is 50/50 instead 43/57). - if the lines have different latencies, packets can arrive in different order, so e.g. VoIP won't be pleasure - connecting to the modems from your box will need some more rules (packets would also be sent to the modem you're not talking to) - I'm not 100% sure the random match options are right, I used the nth match for lines of equal sizes (so it's round-robin), not random. One could also use a cascade of nth matches to make it round-robin 4:3 (abababa abababa ...) I've already run into the out of order packets problem, pptpd supports this but it seems to be a little buggy at reassembling packets, basically it doesn't work so I had to move our vpn onto the /30 ips which are not bonded, I used round robin dns to load balance our vpn clients across both lines, crude but better than nothing! Thanks for your help Andy /*JOSEDV001TAG/* ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] snort inline and imq
I want to use snort inline for ips and imq for bandwidth shaping When i have inserted imq module ip_queue module insertion giving errorIs it possible to use both at the same time -- Failure seldom stops you. What stops you is the fear of failure. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Can i attach another qdisc under classes or root qdisc?
Greetings, : now, i'm learning and try to read a lot of article about tc : command in linux for setting traffic shaper. but i'm doubt about : In the theory about tc command ... In general, we define class : under root qdisc but Is it can be possible If we define : another qdisc under root qdisc, Can i do it? because i have just : read tc command syntax and i found this point ... [ snip mangled tc qdisc help output ] : from above syntax at [handle][root /ingress/ parent CLASSID] : Is parent CLASSID mean we can define qdisc under class so : this is my assumption about that. and Could you advise me about : Is it can do for real If I understand your question correctly, the answer is yes. It is possible to have nested qdiscs. Note that you can nest qdiscs if you are using a classful qdisc [0]. See also my list at the bottom of this message. : //first .. define root qdisc : : tc qdisc add dev eth0 root handle 1: fifo Bzzzt! Sadly, you can't do this. A fifo qdisc is a classless qdisc, meaning that it cannot have any children. (Poor barren thing!) : //second ... define class under root qdisc but algorithm's not same like root qdisc algorithm : : tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbps ceil 100kbps : tc class add dev eth0 parent 1: classid 1:2 hfsc rate 100kbps ceil 100kbps Well, you can't quite mix and match classes without having a parent qdisc of the type you want. An HTB parent qdisc can have any number of children arranged in a tree structure below the parent. Similarly, an HFSC class structure needs to attach to an HFSC qdisc itself. Note, though, you cannot simply change the class name from htb to hfsc and supply the same parameters. HTB uses the rate and ceil parameters, but HFSC uses different parameters (rt, sc and ul). : //later attach qdisc to those classes : : tc qdisc add dev eth0 parent 1:1 classid 10:11 htb rate 100kbps ceil 100kbps : tc qdisc add dev eth0 parent 1:2 classid 10:21 hfsc rate 100kbps ceil 100kbps OK, now, let's pretend that you have a classful qdisc (e.g. HTB) with two classes, 1:1 and 1:2, AND that you have a good reason for adding a nested qdisc to one of these classes. If that were the case, then you could add the qdiscs to the parent classes in the following fashion: # -- create a new qdisc, attached inside an existing class #hierarchy below class 1:1 # $qdisc_add parent 1:1 handle 10:0 htb # # -- add a class to our newly created qdisc, and set the #rate and ceil parameters # $class_add parent 10:0 classid 10:1 htb rate 100kbps ceil 100kbps Note, that you'd still need filters. If I were you, I'd review the documentation for both HTB and HFSC after understanding the entire Linux traffic control model. Here's a crash course, starting at the root qdisc: 1. The qdisc can be - classless (e.g., FIFO, SFQ, ESFQ, TBF, GRED) - classful (e.g., HTB, HFSC, CBQ, PRIO) 2. If the qdisc is classful, keep reading. If the root qdisc is classless, stop here. 3. You may add classes to your classful qdisc. If your qdisc is HTB, you can only add HTB classes. If your qdisc is CBQ, you can only add CBQ classes. If your qdisc is HFSC... 4. Now, you may attach a brand-new classful or classless qdisc to one of your existing classes. Repeat from step 1 for each new qdisc. 5. You may add filters to any of your classes (best starting behaviour is to add them to 1:0) Very complex hierarchies are quite possible, even if not always understandable or advisable. Best of luck, -Martin [0] http://tldp.org/HOWTO/Traffic-Control-HOWTO/classful-qdiscs.html (N.B., this documentation was written without any reference to HFSC, a newer classful qdisc. You may also use HFSC with child qdiscs.) -- Martin A. Brown http://linux-ip.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Matching outgoing ssh traffic if ssh connection initiated from outside
In regards to my earlier post, I believe that my problem is that the filter is not matching ssh traffic properly. Here are the rules that I posted earlier, with the filter being the last one:tc qdisc add dev eth0 root handle 1: htb default 3tc class add dev eth0 parent 1: classid 1:1 htb rate 102400kbps ceil 102400kbpstc class add dev eth0 parent 1:1 classid 1:2 htb rate 102400kbps ceil 102400kbpstc class add dev eth0 parent 1:1 classid 1:3 htb rate 3kbps ceil 3kbpstc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 22 0x flowid 1:2The rules are on Machine A and Machine A is the one running the P2P applications (the traffic control + the P2P downloads are on the same machine). The machine only has a single NIC.After thinking about it, I believe that this will work fine and match ssh but only if the ssh traffic originates from Machine A (Machine A is the one connecting to another machine) but doesn't match if someone is ssh'ing to Machine A (which is what I'm trying to do). Any ideas? Thanks for your help. __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Real time traffic Grapher
hi all :) anyone knows some Real time traffic grapher application ? faster than mrtg , im not looking for web based ones ... -- You will soon forget this. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Real time traffic Grapher
What are you envisioning? All traffic graphing is based on periodic polling. If MRTG's default 5 minutes is too slow for you, increase the polling frequency. On Thu, 29 Jun 2006, Armin ranjbar wrote: hi all :) anyone knows some Real time traffic grapher application ? faster than mrtg , im not looking for web based ones ... -- You will soon forget this. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Real time traffic Grapher
Even though you aren't looking for a web based utility, I would still recommend you to try out ntop (www.ntop.org). It is a fantastic tool that gives info about all aspects of a network interface(s). Charlie Meyer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Armin ranjbar Sent: Thursday, June 29, 2006 4:23 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] Real time traffic Grapher hi all :) anyone knows some Real time traffic grapher application ? faster than mrtg , im not looking for web based ones ... -- You will soon forget this. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Real time traffic Grapher
Hi Armin, how are you? You could use the SOLARWINDS (www.solarwinds.net). This software have a lot of tools also to capture on-line informations (3 seconds of poling, configured), BTY it's not a FREE software. Best regards, Cleber De Conto Pettinelli Pre-Sales Engineer Phone: +55 51 3358 3130 Mobile: +55 51 9256 4879 Skype: cleberpettinelli MSN: [EMAIL PROTECTED] E-mail: [EMAIL PROTECTED] Web: http://www.digitel.com.br DIGITEL S/A INDÚSTRIA ELETRÔNICA Armin ranjbar [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Sent by: cc: [EMAIL PROTECTED]Subject: [LARTC] Real time traffic Grapher man.ds9a.nl 29/06/2006 06:22 hi all :) anyone knows some Real time traffic grapher application ? faster than mrtg , im not looking for web based ones ... -- You will soon forget this. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Real time traffic Grapher
Thank you all , i have found : DarkStat and Ntop as nearly best possible and Opensource tools do to the job , just send this to be in archive . Darkstat homepage : http://dmr.ath.cx/net/darkstat/ ntop homepage : http://www.ntop.org/ ( cute index! ) -- Zounds! I was never so bethumped with words since I first called my brother's father dad. -- William Shakespeare, Kind John ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] FW: 2.6.17.1 compile error with a netfilter module
Does anyone know what this means and how to fix it? I know it looks like a file named lockhelp.h is missing. What can I do to fix it? I tried to put in some POM patches from patch-o-matic-ng-20060624. Could this have been my problem? . . . CC [M] net/ipv4/ipvs/ip_vs_nq.o CC [M] net/ipv4/ipvs/ip_vs_ftp.o scripts/Makefile.build:52: kbuild: net/ipv4/netfilter/Makefile - Usage of export-objs is obsolete in 2.6. Please fix! LD net/ipv4/netfilter/built-in.o CC [M] net/ipv4/netfilter/ip_conntrack_standalone.o In file included from include/linux/netfilter_ipv4/ip_conntrack.h:32, from net/ipv4/netfilter/ip_conntrack_standalone.c:35: include/linux/netfilter_ipv4/ip_conntrack_talk.h:7:43: error: linux/netfilter_ipv4/lockhelp.h: No such file or directory In file included from include/linux/netfilter_ipv4/ip_conntrack.h:32, from net/ipv4/netfilter/ip_conntrack_standalone.c:35: include/linux/netfilter_ipv4/ip_conntrack_talk.h:10: warning: data definition has no type or storage class include/linux/netfilter_ipv4/ip_conntrack_talk.h:10: warning: type defaults to 'int' in declaration of 'DECLARE_LOCK_EXTERN' include/linux/netfilter_ipv4/ip_conntrack_talk.h:10: warning: parameter names (without types) in function declaration make[3]: *** [net/ipv4/netfilter/ip_conntrack_standalone.o] Error 1 make[2]: *** [net/ipv4/netfilter] Error 2 make[1]: *** [net/ipv4] Error 2 make: *** [net] Error 2 You have new mail in /var/spool/mail/root [EMAIL PROTECTED] linux]# [EMAIL PROTECTED] linux]# [ thanks - Greg Scott ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
