Re: [LARTC] egress bandwidth not limited / limitedextremely inaccurately
Cheers Andy, That clarifies;-) Regards, -nik Andy Furniss wrote: Nikolay Kichukov wrote: Hello Andy, How do one create such a filter to catch arp/other link layer traffic? Can you give us one such example? A quick test on ingress #tc qdisc add dev eth0 ingress Classify all ip traffic #tc filter add dev eth0 parent : prio 1 protocol ip u32 match u32 0 0 flowid :1 All arp #tc filter add dev eth0 parent : prio 2 protocol arp u32 match u32 0 0 flowid :2 Anything else #tc filter add dev eth0 parent : prio 3 protocol all u32 match u32 0 0 flowid :3 Look at the counters #tc -s filter ls dev eth0 parent : Delete everything ingress on eth0 #tc qdisc del dev eth0 ingress You can use ethertype protocol numbers in place of arp/ip. Use the prio to make sure the catch alls are last in the filters you use - prio 1 is the highest for filters. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [l7-filter-developers] [LARTC] Use l7-filter on router performing NAT?
POSTROUTING chain of which table? NAT should not affect things, as long as - as you say - both directions are going through the box. It sounds like you are not sure if it's working. Use connmark target too to save the mark in the conntrack and look in /proc/net/ip_conntrack Also use iptables -vn ... -L to see that l7 count go up as more packets for matched conntracks go by. Sam * John Philips wrote, On 17/01/07 16:37: Hey guys, Here's an easy one. Is it possible to use the l7-filter extension on a box that performs NAT? The HOWTO says the filter only works 100% of the time if it can see both sides of the connection. I tried putting the l7 MARK rules in the POSTROUTING chain on a box that does NAT and it does successfully mark some packets. I'm not 100% sure if it's working, or if it should work this way. I've searched the mailing list archives and Google but haven't found an answer. Thanks! Never miss an email again! Yahoo! Toolbar alerts you the instant new Mail arrives. http://tools.search.yahoo.com/toolbar/features/mail/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ L7-filter-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/l7-filter-developers ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] 2.6.17 kernels and equalize patch
Hi Everybody in the list I have a situation like this --(IP1) linux |eth0.40-- | router | | | box| (IP2)|--|Client Router ( Destiantion Net DNET) |eth0.41-- | |/27 subnet -- I just want to balance the load of bandwidth per packet based between the two vlan interfaces to Client Destination network What i have done is : // bash#/sbin/ip route add equalize $DNET scope global nexthop via $IP1 dev eth0.40 weight 1 nexthop via $IP2 dev eth0.41 weight 1 / bash#ip route show $DNET $DNET equalize nexthop via $IP1 dev eth0.40 weight 1 nexthop via $IP2 dev eth0.41 weight 1 But the traffic towards the $DNET does not seem equalized at all It goes out allways to the same interface Is this a problem of route caching or the equalize patch needs to be applied to 2.6.17 kernel , or then I am missing something ??? Thanks a lot Hysen Hoxha Albtelco Albania ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] 2.6.17 kernels and equalize patch
On Friday 19 January 2007 08:13, hhoxha wrote: Hi Everybody in the list I have a situation like this --(IP1) linux |eth0.40-- | router || | box| (IP2)|--|Client Router ( Destiantion Net DNET) |eth0.41-- | |/27 subnet -- I just want to balance the load of bandwidth per packet based between the two vlan interfaces to Client Destination network What i have done is : // bash#/sbin/ip route add equalize $DNET scope global nexthop via $IP1 dev eth0.40 weight 1 nexthop via $IP2 dev eth0.41 weight 1 / bash#ip route show $DNET $DNET equalize nexthop via $IP1 dev eth0.40 weight 1 nexthop via $IP2 dev eth0.41 weight 1 But the traffic towards the $DNET does not seem equalized at all It goes out allways to the same interface Is this a problem of route caching or the equalize patch needs to be applied to 2.6.17 kernel , or then I am missing something ??? Equalize is a patch for 2.4, it never get's mainline, and there is no 2.6 version AFAIK.The iproute option is there, but without the patch does nothing. -- Luciano ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] 2.6.17 kernels and equalize patch
On Fri, 19 Jan 2007 12:37:54 -0300, Luciano Ruete wrote Equalize is a patch for 2.4, it never get's mainline, and there is no 2.6 version AFAIK.The iproute option is there, but without the patch does nothing. Interesting. I used vanilla 2.4 and didn't need equalize patch. Are you sure equalize patch is needed for 2.4? -- Luciano Bests, Tomasz Chilinski. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DGD patch not detecting dead gateway
On 1/19/07, Tom Lobato [EMAIL PROTECTED] wrote: Hello all! I applied http://www.ssi.bg/~ja/routes-2.6.8-10.diff patch to kernel 2.6.8.1 and it works fine, or almost fine. It does the load balancing well, but when one link is dropped it continues to try it. At the end of http://www.ssi.bg/~ja/nano.txt it is said to ping gateway 1 and gateway 2, for the kernel to know if that route is working, but since my linux is connected to the links through 1 dedicated link and one adsl modem, I tryied to: 1) remove ethernet cable from linux nic: the patch worked well, began to send traffic only to the yet working, link. 2) remove telephone line from adsl modem (or external ethernet cable from the dedic. link switch): the patch didn't work, continued trying to send traffic to the dropped link. So, I think its happening because linux, since it can ping the switch (or adsl modem) thinks that link is good. Did you have this problem? Some hint? Thank you! My experience has been mixed. The patch worked very well in many cases but in some it worked only if the first hop gateway was down and not any of the subsequent hops. So as you mentioned its happening since it can ping the switch / modem, it thinks the link is good. You can make a script which will keep on running in the background and check it the links are up or not and if any of the links is down, it can change the default route and provide a failover. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB? (NEWBIE)
Hi to all I am studying HTB on LARTC how to. I realize a simple configuration on router: tc qdisc add dev eth0 root handle 1: htb default 30 tc class add dev eth0 parent 1: classid 1:1 htb rate 3mbit burst 15k tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2mbit burst 15k tc class add dev eth0 parent 1:1 classid 1:20 htb rate 1mbit burst 15k tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 80 0x flowid 1:10 After this configuration I make a ssh connection between client and server. How the guide say I expect to see on router (with command tc -s qdisc ls dev eth0) that unclassified traffic, like ssh, get rounded to 20: but it doesn't happen. The count of ssh traffic packet result only on root qdisc. Why? A second question if i want to limited rate of all my router which configuration can i realize? Thanks -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Problemi di Liquidità? Con Logos Finanziaria 30.000 in 24 ore a dipendenti e lavoratori autonomi con rimborsi fino a 120 mesi, clicca qui Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2911d=20070120 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB? (NEWBIE)
You should propably try: tc qdisc add dev eth0 root handle 1: htb default 20 and not 30 cause your default class is 20 no? On 1/20/07, Simone84bo [EMAIL PROTECTED] wrote: Hi to all I am studying HTB on LARTC how to. I realize a simple configuration on router: tc qdisc add dev eth0 root handle 1: htb default 30 tc class add dev eth0 parent 1: classid 1:1 htb rate 3mbit burst 15k tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2mbit burst 15k tc class add dev eth0 parent 1:1 classid 1:20 htb rate 1mbit burst 15k tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 80 0x flowid 1:10 After this configuration I make a ssh connection between client and server. How the guide say I expect to see on router (with command tc -s qdisc ls dev eth0) that unclassified traffic, like ssh, get rounded to 20: but it doesn't happen. The count of ssh traffic packet result only on root qdisc. Why? A second question if i want to limited rate of all my router which configuration can i realize? Thanks -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Problemi di Liquidità? Con Logos Finanziaria 30.000 € in 24 ore a dipendenti e lavoratori autonomi con rimborsi fino a 120 mesi, clicca qui Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2911d=20070120 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Jordi Segués Daina --- Andorra GSM: (+376) 35 35 68 France GSM: (+33) (0)6 81 88 35 55 [EMAIL PROTECTED] / MSN: [EMAIL PROTECTED] AIM: superjordix Skype: callto://superjordix --- http://www.JordiX.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DGD patch not detecting dead gateway
On 01/19/07 12:45, Manish Kathuria wrote: My experience has been mixed. The patch worked very well in many cases but in some it worked only if the first hop gateway was down and not any of the subsequent hops. So as you mentioned its happening since it can ping the switch / modem, it thinks the link is good. You can make a script which will keep on running in the background and check it the links are up or not and if any of the links is down, it can change the default route and provide a failover. I have been tasked with writing such a script. In my scenario, I'm taking it a bit further though. I am planing on having my script test the actual service that I'm trying to connect to. I.e. connect to port 80 and request a page. I'm having to go this route because I've had sporadic MTU issues in one of our (primary) paths. The provider is suppose to be repairing the problem, however I need a solution before that can happen. I am planing on writing a small daemon, probably in Perl, that will run the tests. What I don't have a good way to do is alter the routing tables, short of shelling out and running ip directly. I would like to know if any one knows of any other way to alter the routing tables / rules short of calling a shell command. Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc