Re: [LARTC] routing between two isp
Have a look at this: http://linux-ip.net/html/adv-multi-internet.html [EMAIL PROTECTED] wrote: I have three ethernet card and two of them connected to diffrent ISP and has diffrent gateways. And one ethernet card is connected to local lan. I have installed iptables and configured the firwall to work as nat gateway for the users. Now I want to route only mail traffic to the perticular ISP and which I am not able to do it. I have done iproute configuration what ever lartc said. But still I am able to access internet only through one ISP. can someone tell me how can I load blance between two ISPs connected to single machine. Thanks Imthiyaz mail2web - Check your email from the web at http://mail2web.com/ . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Two outbound internet links, using one network interface
Pio Mendez wrote: PREROUTING chain is not traversed by local traffic, but OUTPUT chain does. I think that OUTPUT is traversed after routing decision is taken, so it is still the same problem. Alexandru Dragoi wrote: You need a switch with 802.1q vlan support (cisco for example). The network card need to be pluged in a switch port in trunk mode, and the providers each in its access switch port in specified vlan (like 2). Since I don't have a switch like that, then I guess I should go back to the first solution, adding two IP-s to the same network interface. The problem of localhost traffic not being categorized, still exists, but this is not so important, since the box is going to serve like a router. So, the solution, up to now looks like this: -8-- ip link set eth0 up ip address flush eth0 ip address add $IP1 dev eth0 ip address add $IP2 dev eth0 route add to default via $GATEWAY1 ip route flush table 2 ip route show table main | grep -Ev ^default \ | while read ROUTE ; do ip route add table 2 $ROUTE ; done ip route add table 2 default via $GATEWAY2 ip rule del fwmark 2 table 2 2/dev/null ip rule add fwmark 2 table 2 PORT_LIST=22 53 for PORT in $PORT_LIST do iptables -t mangle -A PREROUTING -m tcp -p tcp -dport $PORT -j MARK --set-mark 0x2 done iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT --to-source $IP2 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $IP1 8- Thanks to Radu Oprisan for the SNAT rules suggestion, because in general they are better than -j MASQUERADE. What remains to be done now is: 1 - What are the (security) problems related to this solution (two IPs in one interface) and how to avoid them. 2 - How to do backup connection, i.e. when one of the lines goes down, the other one is used automaticly. One way may be to use ping, in order to discover when a gateway is down, and then to switch to the other. Has anybody any idea on these topics? Thanks. Dashamir ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Two outbound internet links, using one network interface
Pio Mendez wrote: Pio Mendez wrote: PREROUTING chain is not traversed by local traffic, but OUTPUT chain does. I think that OUTPUT is traversed after routing decision is taken, so it is still the same problem. I'm using OUTPUT chain in production environment to balance squid box traffic between 2 ISP, so I'm sure that you can reroute output packets using mangle OUTPUT chain. After traversing mangle and nat OUTPUT chains there is another routing process. Please check this diagram: http://www.imagestream.com/~josh/PacketFlow.png http://www.imagestream.com/%7Ejosh/PacketFlow.png Pio Mendez is right. I have just tested it and it works. Now the script becomes something like this: -8-- ip link set eth0 up ip address flush eth0 ip address add $IP1 dev eth0 ip address add $IP2 dev eth0 route add to default via $GATEWAY1 ip route flush table 2 ip route show table main | grep -Ev ^default \ | while read ROUTE ; do ip route add table 2 $ROUTE ; done ip route add table 2 default via $GATEWAY2 ip rule del fwmark 2 table 2 2/dev/null ip rule add fwmark 2 table 2 iptables -t mangle -N MARK-RULES iptables -t mangle -A PREROUTING -j MARK-RULES iptables -t mangle -A OUTPUT -j MARK-RULES PORT_LIST=22 53 for PORT in $PORT_LIST do iptables -t mangle -A MARK-RULES -m tcp -p tcp -dport $PORT -j MARK --set-mark 0x2 done iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT --to-source $IP2 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $IP1 8- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Cant get transparent proxy to route out new ISP.
You can do that by inserting this into your squid.conf configuration file:tcp_outgoing_address IPNote, that the IP you put there is the IP assigned by the ISP you want to route the proxy traffic through. You should also have : ip rule from IP table DSL_ISP_TABLE_NAMEto route packets from that IP by looking up this table:ip r a default via XX.XX.XX.XX table DSL_ISP_TABLE_NAMEwhere you specify the default gateway provided by your second ISP. Hope this will help you,Andrei Sandu.On 10/3/06, Brent Clark [EMAIL PROTECTED] wrote: Hi allCould someone please me with my current setup.I just got another DSL line and I have my routingand marking the packets etc so that I can decided the fate as to which ISP I would like to route my traffic out of etc.I managed to get squid to be used as a trasparent proxy, but im forced to use the default gw of the machine and for the likes of my I cant figure out tosend traffic out the new ISP. So my question / request for help is, Would anyone please advise me as to how I can choose what ISP I can route my transparent proxy.I was thinking that maybe it is a POSTROUTING marking that I need to do, and the the routing tables will take care of the rest. Kinds Regards and thank you in advance.Brent Clark___LARTC mailing listLARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Ethernet packet loss - frame errors
Hi all, I have the following problem. A Linux box configured as a bridge. One interface connects to the router via a crossover cable, the other connects to a switch via the cable that used to go to the router. Now I get the following: [EMAIL PROTECTED] net]# ifconfig eth3 eth3 Link encap:Ethernet HWaddr 00:03:2D:07:61:5D UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:1969134 errors:0 dropped:0 overruns:0 frame:176459 TX packets:2186662 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:492595115 (469.7 Mb) TX bytes:579725462 (552.8 Mb) Interrupt:17 eth3 is the interface that connects to the switch. As you can see, 1 in 10 rx packets are framing errors. What are possible causes for this? The cable is a constant, so is not likely to cause problems, so what else can possibly cause such a high number of frame errors? Any help appreciated. Thanks, Justin ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Ethernet packet loss - frame errors
Possibly the length of the cable ?On 10/13/06, Justin Schoeman [EMAIL PROTECTED] wrote: Hi all,I have the following problem. A Linux box configured as a bridge. Oneinterface connects to the router via a crossover cable, the other connects to a switch via the cable that used to go to the router.Now I get the following:[EMAIL PROTECTED] net]# ifconfig eth3eth3Link encap:EthernetHWaddr 00:03:2D:07:61:5D UP BROADCAST MULTICASTMTU:1500Metric:1 RX packets:1969134 errors:0 dropped:0 overruns:0 frame:176459 TX packets:2186662 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:492595115 ( 469.7 Mb)TX bytes:579725462 (552.8 Mb) Interrupt:17eth3 is the interface that connects to the switch.As you can see, 1 in10 rx packets are framing errors.What are possible causes for this? The cable is a constant, so is not likely to cause problems, so what else can possibly cause such a highnumber of frame errors?Any help appreciated.Thanks,Justin___LARTC mailing list LARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Non-classful per source capping
Hello, I've been looking for a kernel implementation of simple bandwidth cappingthat will allow simple per (source) IP based bandwidth capping without the overheads associated with something like classful HTB. I have been unable to find anything exising that does this. In principle I'd like thecode to dynamically setup a bucket/hash per source IP, monitor and cap an absolute ceiling. I have no need for sharing or guarantees of assured rates, just the simple cap per source. Can anyone please point me to any existing implementation or point me to some code that I can refactor to do what I need if you know of any. Thanks, Andrew. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] load balancing
http://www.linuxquestions.org/linux/answers/Networking/Spanning_Multiple_DSLs-- Thank youIndunil Jayasooriya ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Ethernet packet loss - frame errors
Andrei Sandu wrote: Possibly the length of the cable ? It is a 5m cable. It is also the 'common' cable - it is unplugged from the router and plugged into the bridge (the other side stays in the switch). -justin On 10/13/06, *Justin Schoeman* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi all, I have the following problem. A Linux box configured as a bridge. One interface connects to the router via a crossover cable, the other connects to a switch via the cable that used to go to the router. Now I get the following: [EMAIL PROTECTED] net]# ifconfig eth3 eth3 Link encap:Ethernet HWaddr 00:03:2D:07:61:5D UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:1969134 errors:0 dropped:0 overruns:0 frame:176459 TX packets:2186662 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:492595115 ( 469.7 Mb) TX bytes:579725462 (552.8 Mb) Interrupt:17 eth3 is the interface that connects to the switch. As you can see, 1 in 10 rx packets are framing errors. What are possible causes for this? The cable is a constant, so is not likely to cause problems, so what else can possibly cause such a high number of frame errors? Any help appreciated. Thanks, Justin ___ LARTC mailing list LARTC@mailman.ds9a.nl mailto:LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] load balancing
try this echo 11 line1 /etc/iproute2/rt_tablesecho 12 line2 /etc/iproute2/rt_tablesip route add 1.2.3.0/29 dev eth0 src 1.2.3.6 table line1ip route add default via 1.2.3.5 table line1ip route add 192.168.6.0/24 dev eth1 src 192.168.6.4 table line2ip route add default via 192.168.6.254 table line2ip rule add from1.2.3.6 table line1ip rule add from 192.168.6.4 table line2ip route add default scope global nexthop via 1.2.3.5 dev eth0 weight 1 nexthop via 192.168.6.254 dev eth1 weight 1pls change ips accordingly. and add these to rc.local file-- Thank youIndunil Jayasooriya ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HFSC question??
1. HFSC have 4 curve such sc, rc, ls, uland 1.1 In leaf class can specify rc for guarantee service (bandwidth and delay) and If want to sharing fairness exceess service, we must specify ls and ul curve too (ls curve with paramater m2 specify at lease sharing bandwidth in that class will receive and ul curve mean maximum bandwidth in that class will receive) so i'm doubt .. about if i specify sc curve in leaf class too, what 's it mean?? rc, ls, ul + sc - what's it mean? rc + sc - what's it mean? In interior class can't specify rc curve but we can specify ls curve for doing link-sharing criterion and can sharing fairness excess service too. but so if i specify sc curve in leaf class too, what 's it mean?? like how different if i specify "ls, ul andsc" and "ls, ul"??? In root class, what is it mean if i specify sc - what's it mean? ls+ul- what's it mean? 1.2 so can i conclude ls, ul, rc are subset 's sc curve. and in each curve we can calculate banwidth and delay bound .? because all 4 curve have same parameter such m1 ,d , m2 2.i read a lot of HFSC paper about paramter (m1,d,m2) some paper tell me ... d is interval time (first will sending with m1 rate but after interval d parameter, it will change rate to m2) but some paper tell me .. d is delay bound in that class (first will sending with m1 rate but when after exceed delay bound, it will change rate to m2) what 's it true?? 2.1 if d are interval time so how HFSC calculate delay? 2.2 Is it true? - "delay bound calculation from service curve" 3. this is my big problem with HFSC thoery ... in HFSC has 2 criterion such real time and link-sharing criterion so when packet coming in traffic control linux box hfsc will checking eligible time in each packege If eligible time t (i'm don't understand how eligble working or how it classify eligible package or not?) or it's package that dangerouse for exceed deadline time so it manage package with "real time criterion" and choosing package with lowest deadline time for dequeue but if it's not, it will manage with "link sharing criterion" and choosing package with lowest vertual time (this is a big don't unstand why choose lowest vertual time? because it's mean class with have lowest will choose to dequeue and what about another class that vertual time are now low?? how it can manage??? and i don't understand why must choose lowest not max vertual time? Is it relative with fairness excess service all class? 4. my lab... i found bandwidth allocation by HFSC comparation with HTB ... found At first time that class starting up, HFSC will receive banwidth nearly upperlimit rate nomatter in that time have a lot class active (it's like can send with burst rate in HTB) so comparation with HTB, At first time that class starting up, HTB receive bandwidth not peak like burst but it use interval time for increase bandwidth until start with rate and then with ceil. 5. i read a lot of HTB 's tc command case, with try to test burst situation , i don't know why burst parameter their specify not much like 12kbit (but rate and ceil rate are so different from 12kbit such 200kbit so i will follow them,, but after plot graph i don't see burst characteristic at first time class active ... Is i'm wrong to use burst paramter value 12 kbit it's too small? are 5. from my lab ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB has 2 bucket?
in HTB use 2 bucket for manage 2 rate??? first bucket - keep token for sending with rate second bucket - keep ctoken for sending with ceil rate Is it true?? may be i'm misunderstand about token/bucket thoery___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB has 2 bucket?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetinsg Thossapron, : in HTB use 2 bucket for manage 2 rate??? first bucket - keep : token for sending with rate second bucket - keep ctoken for : sending with ceil rate Is it true?? may be i'm misunderstand : about token/bucket thoery Yes, there are two different buckets used. One bucket is for tokens, another bucket is for ctokens. Brief picture of association of parameters: rate: burst, tokens ceil: cburst, ctokens See the upper right corner of this diagram [0]. In particular, I should warn you that the SFQ qdisc in this diagram is the one which is granted the dequeue opportunity, so although packets mostly flow from left to right in this diagram, the SFQ is displayed to the left of the HTB rate/ceil buckets, even though logically this is reversed. Good luck, - -Martin [0] http://linux-ip.net/traffic-control/htb-class.png - -- Martin A. Brown http://linux-ip.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/) iD8DBQFFL4zmHEoZD1iZ+YcRAm1mAJ42tQy4cRL88JnuwR2/YR3zrRoTOACfbLtu ccrh3V/7eBzDlpRvWTgOtZs= =RqAV -END PGP SIGNATURE- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Ethernet packet loss - frame errors
On Fri, 13 Oct 2006 10:26:14 +0200 Justin Schoeman [EMAIL PROTECTED] wrote: Hi all, I have the following problem. A Linux box configured as a bridge. One interface connects to the router via a crossover cable, the other connects to a switch via the cable that used to go to the router. Now I get the following: [EMAIL PROTECTED] net]# ifconfig eth3 eth3 Link encap:Ethernet HWaddr 00:03:2D:07:61:5D UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:1969134 errors:0 dropped:0 overruns:0 frame:176459 TX packets:2186662 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:492595115 (469.7 Mb) TX bytes:579725462 (552.8 Mb) Interrupt:17 eth3 is the interface that connects to the switch. As you can see, 1 in 10 rx packets are framing errors. What are possible causes for this? The cable is a constant, so is not likely to cause problems, so what else can possibly cause such a high number of frame errors? Any help appreciated. Thanks, Justin What speed and driver? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc