Hi there, I am still having troubles getting ingress policy shaping to work. I run 2.2.16-3 kernel with all QoS options enabled (and in the kernel, not as modules), installed iproute.2.2.4-2 from RPM (running Red Hat here). Shaping in the ''other direction'' is working by the way. I try the following (as found in multiple documents): tc qdisc add dev eth0 handle ffff: ingress The error I get is: RTNETLINK answers: No such file or directory Any help is greatly appreciated, Clemens Sibon
Is it possible to specify a "NOT" in a tc filter src or dst address? In ipchains a simple "!" does it, but that does not seem to work with tc. Thanks.
Hi!, I''m in the process of building a load generator to stress test some networking equipment for my thesis and I''m wondering how Linux would support doing egress traffic shaping with on several hundreds(!) virtual ip''s defined on the machine doing the QoS itself. I have to limit the transmission rate for each virtual ip at, let say, 300Kbit output rate. I currently use CBQ with SFQ queue policy and get good behaviour from the setup but I only use <10 virtual ip''s for now. ( This implies 10 different classes in CBQ process) I would like to know if anyone have experience with this kind of setup or if anyone does know the limits of the CBQ process with Linux kernels. Thanks for your help, Raffaele -- _______________________________________________________________________________ Raffaele Brancaleoni Email : s940195@student.ulg.ac.be Licence en Informatique Université de Liège - Belgium _______________________________________________________________________________
On Fri, Oct 27, 2000 at 11:37:02PM +0200, Clemens Sibon wrote:> I try the following (as found in multiple documents): > tc qdisc add dev eth0 handle ffff: ingress > > The error I get is: > RTNETLINK answers: No such file or directoryThis is a known issue. I try to find the people who wrote the ingress policer. I''ll also put a note in the HOWTO. Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
On Sat, 28 Oct 2000, bert hubert wrote:> On Fri, Oct 27, 2000 at 11:37:02PM +0200, Clemens Sibon wrote: > > > The error I get is: > > RTNETLINK answers: No such file or directory > > This is a known issue. I try to find the people who wrote the ingress > policer. I''ll also put a note in the HOWTO.When I read the help in the kernel-menu, I saw something under Kernel/User netlink socket (CONFIG_NETLINK) about a device that should be made having major mode 36. Could this be the thing missing that generates the above error? I have no idea how to find out if I have the device or how to make it, since the name isn''t mentioned anywhere. I have been looking for a /dev/ingress but that doesn''t exist.. Do I have to upgrade to a 2.4.X kernel to get ingress policer to work without the errors? If that''s the case, I am willing to give it a try (and probably I should convert my ipchains to iptables?) Clemens Sibon
On Sat, Oct 28, 2000 at 03:25:51PM +0200, Clemens Sibon wrote:> When I read the help in the kernel-menu, I saw something under Kernel/User > netlink socket (CONFIG_NETLINK) about a device that should be made having > major mode 36. Could this be the thing missing that generates the above > error?No, that''s not it.> I have been looking for a /dev/ingress but that doesn''t exist..And it shouldn''t - these filters have no corresponding entries in /dev.> Do I have to upgrade to a 2.4.X kernel to get ingress policer to work > without the errors? If that''s the case, I am willing to give it a try > (and probably I should convert my ipchains to iptables?)It doesn''t work in 2.4 either. I''ll post some mail about this problem here shortly. Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
On Sat, Oct 28, 2000 at 10:17:08AM +0200, Raffaele Brancaleoni wrote:> Hi!, > I''m in the process of building a load generator to stress test some networking > equipment for my thesis and I''m wondering how Linux would support doing > egress traffic shaping with on several hundreds(!) virtual ip''s defined on > the machine doing the QoS itself.You should probably ask this on netdev (netdev@oss.sgi.com). However, I''ve seen the code and I know the quality of Jamal and Alexeys work, I would suspect that Linux will not ever be your bottleneck. Lots of places use hashtables to speed up processing. I got mail from a guy who did really incredible things with Linux and shaping, also with hundreds of interfaces. Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
I asked already on netdev. Maybe my description is too obscure? Could you try to answer or help me to make the question clearer? I am adding u32 filters with commands like: tc filter add dev eth0 parent 10:0 protocol ip prio 100 handle 800::2 u32 match ip dst 10.30.40.3 flowid 10:2 ... getting: filter parent 10: protocol ip pref 100 u32 filter parent 10: protocol ip pref 100 u32 fh 800: ht divisor 1 filter parent 10: protocol ip pref 100 u32 fh 800::2 order 2 key ht 800 bkt 0 flowid 10:2 match 0a1e2803/ffffffff at 16 filter parent 10: protocol ip pref 100 u32 fh 800::3 order 3 key ht 800 bkt 0 flowid 10:3 match 0a1e2809/ffffffff at 16 ... and then I can delete them with tc filter del dev eth0 parent 10:0 protocol ip prio 100 handle 800::2 u32 match ip dst 10.30.40.3 flowid 10:2 It looks like the highest handle is 800::7ff (or maybe fff) and there may be only 2048 (4k?) filters with unique handles. They have to be unique to make single filters deletions possible. Is it possible to setup the u32 filters in such a way that 64k or more unique handles would be available? I do not know if a single system would be able to carry such load but maybe it is possible, I hope to be able to test it in the future. A company I work for in principle may need tens of thousands of limits, putting every 2k of limits on a separate machine would be limiting us to much. R. -- W iskier krzesaniu żywem/Materiał to rzecz główna
On Wed, Nov 01, 2000 at 02:28:13AM +0100, Rafal Maszkowski wrote:> I asked already on netdev. Maybe my description is too obscure? Could you try > to answer or help me to make the question clearer?Ask the diffserv list, that''s where jamal and alexey hang out, they may know. Google for the diffserv address (http://www.google.com) Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet