Hi all, Currently, I am experimenting with the example script afcbq and i have some problem here. Any helps is greatly appreciated. Here are part of my scripts (i didn''t show the setup for AF class 2,3 and 4, but they are similar to setup of class 1): # --- General setup --- tc qdisc add dev eth1 handle 1:0 root dsmark indices 64 set_tc_index tc filter add dev eth1 parent 1:0 protocol ip prio 1 tcindex mask 0xfc shift 2 pass_on tc qdisc add dev eth1 parent 1:0 handle 2:0 cbq bandwidth 10Mbit cell 8 avpkt 1000 mpu 64 tc filter add dev eth1 parent 2:0 protocol ip prio 1 tcindex mask 0xf0 shift 4 pass_on # --- AF Class 1 specific setup--- tc class add dev eth1 parent 2:0 classid 2:1 cbq bandwidth 10Mbit rate 2Mbit avpkt 1000 prio 1 bounded allot 1514 weight 1 maxburst 21 tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 1 tcindex classid 2:1 tc qdisc add dev eth1 parent 2:1 gred setup DPs 3 default 2 # --- AF Class 1 DP 1--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 10 tcindex classid 1:111 tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 1 \ probability 0.02 prio 2 # --- AF Class 1 DP 2--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 12 tcindex classid 1:112 tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 2 \ probability 0.04 prio 3 # --- AF Class 1 DP 3--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 14 tcindex classid 1:113 tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 3 \ probability 0.06 prio 4 #------BE Queue setup------ tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 0 tcindex mask 0 classid 1:1 tc class add dev eth1 parent 2:0 classid 2:5 cbq bandwidth 100Mbit rate 2Mbit avpkt 1000 prio 8 bounded allot 1514 weight 1 maxburst 21 tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 0 tcindex classid 2:5 tc qdisc add dev eth1 parent 2:5 red limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit probability 0.4 ########################## Here are part of what i get when i "tc -s qdisc": qdisc red 8005: dev eth1 limit 60Kb min 15Kb max 45Kb Sent 0 bytes 0 pkts (dropped 0, overlimits 0) marked 0 early 0qdisc gred 8001: dev eth1 DP:1 (prio 8) Average Queue 0b Measured Queue 0b Packet drops: 0 (forced 0 early 0) Packet totals: 0 (bytes 0) ewma 3 Plog 21 Scell_log 9 DP:2 (prio 8) Average Queue 0b Measured Queue 0b Packet drops: 0 (forced 0 early 0) Packet totals: 0 (bytes 0) ewma 3 Plog 20 Scell_log 9 DP:3 (prio 8) Average Queue 0b Measured Queue 0b Packet drops: 0 (forced 0 early 0) Packet totals: 0 (bytes 0) ewma 3 Plog 19 Scell_log 9 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc cbq 2: dev eth1 rate 10Mbit (bounded,isolated) prio no-transmit Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 624 undertime 0 qdisc dsmark 1: dev eth1 indices 0x0040 set_tc_index Sent 0 bytes 0 pkts (dropped 0, overlimits 0) pdrop 0 other 0 ##################### my question is why is the prio shown is always 8, although i set them to prio 2,3,4 respectively? And i suspect because of this, i actually get better performance for BE (in terms of lower delay). Also, i would like to clarify some requirement for af as proosed in RFC. In "Appendix: Example services" of RFC 2597, it said that AF1x should have "greater probability for timely forwarding by having lighter load". Therefore, i send lighter traffic to class 1, than class 2 and 3. But still i get lower delay for class BE, and no observable difference in delay for class 1, 2 and 3 (maybe it is the prio 8 problem as described above). What do you guys think about the delay for AF as proposed in RFC? Should AF class 1 has the smallest delay compared to class 2,3 4 and BE? Last question, what do we do with excess AF traffic? Do we drop it or downgrade it to BE? If you have read to this part, i must thank you for your patience. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Hi all, I am trying out the example script afcbq. I tried to set different prio to the 3 DPs, but it always shows the default value(which is 8). Can anyone who has experimented with AF before point out where is my mistake?? Thanks. # --- General setup --- tc qdisc add dev eth1 handle 1:0 root dsmark indices 64 set_tc_index tc filter add dev eth1 parent 1:0 protocol ip prio 1 tcindex mask 0xfc shift 2 pass_on tc qdisc add dev eth1 parent 1:0 handle 2:0 cbq bandwidth 100Mbit cell 8 avpkt 1000 mpu 64 tc filter add dev eth1 parent 2:0 protocol ip prio 1 tcindex mask 0xf0 shift 4 pass_on # --- AF Class 1 specific setup--- tc class add dev eth1 parent 2:0 classid 2:1 cbq bandwidth 100Mbit rate 2Mbit avpkt 1000 prio 1 bounded allot 1514 weight 1 maxburst 21 tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 1 tcindex classid 2:1 tc qdisc add dev eth1 parent 2:1 gred setup DPs 3 default 2 # --- AF Class 1 DP 1--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 10 tcindex classid 1:111 tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 1 probability 0.02 prio 2 # --- AF Class 1 DP 2--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 12 tcindex classid 1:112 tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 2 probability 0.04 prio 3 # --- AF Class 1 DP 3--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 14 tcindex classid 1:113 tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 3 probability 0.06 prio 4 # --- AF Class 2 specific setup--- tc class add dev eth1 parent 2:0 classid 2:2 cbq bandwidth 100Mbit rate 2Mbit avpkt 1000 prio 2 bounded allot 1514 weight 1 maxburst 21 tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 2 tcindex classid 2:2 tc qdisc add dev eth1 parent 2:2 gred setup DPs 3 default 2 # --- AF Class 2 DP 1--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 18 tcindex classid 1:121 tc qdisc change dev eth1 parent 2:2 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 1 probability 0.02 prio 2 # --- AF Class 2 DP 2--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 20 tcindex classid 1:122 tc qdisc change dev eth1 parent 2:2 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 2 probability 0.04 prio 3 # --- AF Class 2 DP 3--- tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 22 tcindex classid 1:123 tc qdisc change dev eth1 parent 2:2 gred limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit DP 3 probability 0.06 prio 4 #------BE Queue setup------ tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 0 tcindex mask 0 classid 1:1 tc class add dev eth1 parent 2:0 classid 2:5 cbq bandwidth 100Mbit rate 2Mbit avpkt 1000 prio 8 bounded allot 1514 weight 1 maxburst 21 tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 0 tcindex classid 2:5 tc qdisc add dev eth1 parent 2:5 red limit 60KB min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit probability 0.4 _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Sorry, I want to do your test but something wrong!!!!!! tc qdisc add dev eth1 handle 1:0 root dsmark indices 64 set_tc_index [root@altqtest linux-2.4]# tc qdisc add dev eth1 handle 1:0 root dsmark indices 64 set_tc_index Unknown qdisc "dsmark", hence option "indices" is unparsable My kernel is 2.4.2 and iproute is 2.2.4-10 I have checked my kernel, and it support field marker. <M> Diffserv field marker Please give me some advice... thx...> # --- General setup --- > tc qdisc add dev eth1 handle 1:0 root dsmark indices 64 set_tc_index > tc filter add dev eth1 parent 1:0 protocol ip prio 1 tcindex mask 0xfcshift> 2 pass_on > tc qdisc add dev eth1 parent 1:0 handle 2:0 cbq bandwidth 10Mbit cell 8 > avpkt 1000 mpu 64 > tc filter add dev eth1 parent 2:0 protocol ip prio 1 tcindex mask 0xf0shift> 4 pass_on > > # --- AF Class 1 specific setup--- > tc class add dev eth1 parent 2:0 classid 2:1 cbq bandwidth 10Mbit rate2Mbit> avpkt 1000 prio 1 bounded allot 1514 weight 1 maxburst 21 > tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 1 tcindex > classid 2:1 > tc qdisc add dev eth1 parent 2:1 gred setup DPs 3 default 2 > > # --- AF Class 1 DP 1--- > tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 10 tcindex > classid 1:111 > tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KBburst> 20 avpkt 1000 bandwidth 10Mbit DP 1 \ > probability 0.02 prio 2 > > # --- AF Class 1 DP 2--- > tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 12 tcindex > classid 1:112 > tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KBburst> 20 avpkt 1000 bandwidth 10Mbit DP 2 \ > probability 0.04 prio 3 > > # --- AF Class 1 DP 3--- > tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 14 tcindex > classid 1:113 > tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KBburst> 20 avpkt 1000 bandwidth 10Mbit DP 3 \ > probability 0.06 prio 4 > > #------BE Queue setup------ > tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 0 tcindex mask0> classid 1:1 > tc class add dev eth1 parent 2:0 classid 2:5 cbq bandwidth 100Mbit rate > 2Mbit avpkt 1000 prio 8 bounded allot 1514 weight 1 maxburst 21 > tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 0 tcindex > classid 2:5 > tc qdisc add dev eth1 parent 2:5 red limit 60KB min 15KB max 45KB burst 20 > avpkt 1000 bandwidth 10Mbit probability 0.4 > > ########################## > Here are part of what i get when i "tc -s qdisc": > qdisc red 8005: dev eth1 limit 60Kb min 15Kb max 45Kb > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > marked 0 early 0qdisc gred 8001: dev eth1 > DP:1 (prio 8) Average Queue 0b Measured Queue 0b > Packet drops: 0 (forced 0 early 0) > Packet totals: 0 (bytes 0) ewma 3 Plog 21 Scell_log 9 > DP:2 (prio 8) Average Queue 0b Measured Queue 0b > Packet drops: 0 (forced 0 early 0) > Packet totals: 0 (bytes 0) ewma 3 Plog 20 Scell_log 9 > DP:3 (prio 8) Average Queue 0b Measured Queue 0b > Packet drops: 0 (forced 0 early 0) > Packet totals: 0 (bytes 0) ewma 3 Plog 19 Scell_log 9 > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc cbq 2: dev eth1 rate 10Mbit (bounded,isolated) prio no-transmit > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 624 undertime 0 > > qdisc dsmark 1: dev eth1 indices 0x0040 set_tc_index > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > pdrop 0 other 0 > > ##################### > > my question is why is the prio shown is always 8, although i set them to > prio 2,3,4 respectively? And i suspect because of this, i actually get > better performance for BE (in terms of lower delay). > > Also, i would like to clarify some requirement for af as proosed in RFC.In> "Appendix: Example services" of RFC 2597, it said that AF1x should have > "greater probability for timely forwarding by having lighter load". > Therefore, i send lighter traffic to class 1, than class 2 and 3. Butstill> i get lower delay for class BE, and no observable difference in delay for > class 1, 2 and 3 (maybe it is the prio 8 problem as described above). > > What do you guys think about the delay for AF as proposed in RFC? ShouldAF> class 1 has the smallest delay compared to class 2,3 4 and BE? > > Last question, what do we do with excess AF traffic? Do we drop it or > downgrade it to BE? > > If you have read to this part, i must thank you for your patience. > > > > > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:http://ds9a.nl/2.4Routing/>
Hi uergen, In the iproute2 distro there is a file named "Config" with the following options in it: TC_CONFIG_DIFFSERV=n TC_CONFIG_ATM=n Set the TC_CONFIG_DIFFSERV to y then compile tc again. Should work then. Cheers, Rodrigo On Mon, May 14, 2001 at 02:43:41PM +0800, Juergen wrote:> Sorry, I want to do your test but something wrong!!!!!! > tc qdisc add dev eth1 handle 1:0 root dsmark indices 64 set_tc_index > > > [root@altqtest linux-2.4]# tc qdisc add dev eth1 handle 1:0 root dsmark > indices 64 set_tc_index > Unknown qdisc "dsmark", hence option "indices" is unparsable > > My kernel is 2.4.2 and iproute is 2.2.4-10 > I have checked my kernel, and it support field marker. > <M> Diffserv field marker > > Please give me some advice... > thx... > > > # --- General setup --- > > tc qdisc add dev eth1 handle 1:0 root dsmark indices 64 set_tc_index > > tc filter add dev eth1 parent 1:0 protocol ip prio 1 tcindex mask 0xfc > shift > > 2 pass_on > > tc qdisc add dev eth1 parent 1:0 handle 2:0 cbq bandwidth 10Mbit cell 8 > > avpkt 1000 mpu 64 > > tc filter add dev eth1 parent 2:0 protocol ip prio 1 tcindex mask 0xf0 > shift > > 4 pass_on > > > > # --- AF Class 1 specific setup--- > > tc class add dev eth1 parent 2:0 classid 2:1 cbq bandwidth 10Mbit rate > 2Mbit > > avpkt 1000 prio 1 bounded allot 1514 weight 1 maxburst 21 > > tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 1 tcindex > > classid 2:1 > > tc qdisc add dev eth1 parent 2:1 gred setup DPs 3 default 2 > > > > # --- AF Class 1 DP 1--- > > tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 10 tcindex > > classid 1:111 > > tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB > burst > > 20 avpkt 1000 bandwidth 10Mbit DP 1 \ > > probability 0.02 prio 2 > > > > # --- AF Class 1 DP 2--- > > tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 12 tcindex > > classid 1:112 > > tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB > burst > > 20 avpkt 1000 bandwidth 10Mbit DP 2 \ > > probability 0.04 prio 3 > > > > # --- AF Class 1 DP 3--- > > tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 14 tcindex > > classid 1:113 > > tc qdisc change dev eth1 parent 2:1 gred limit 60KB min 15KB max 45KB > burst > > 20 avpkt 1000 bandwidth 10Mbit DP 3 \ > > probability 0.06 prio 4 > > > > #------BE Queue setup------ > > tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 0 tcindex mask > 0 > > classid 1:1 > > tc class add dev eth1 parent 2:0 classid 2:5 cbq bandwidth 100Mbit rate > > 2Mbit avpkt 1000 prio 8 bounded allot 1514 weight 1 maxburst 21 > > tc filter add dev eth1 parent 2:0 protocol ip prio 1 handle 0 tcindex > > classid 2:5 > > tc qdisc add dev eth1 parent 2:5 red limit 60KB min 15KB max 45KB burst 20 > > avpkt 1000 bandwidth 10Mbit probability 0.4 > > > > ########################## > > Here are part of what i get when i "tc -s qdisc": > > qdisc red 8005: dev eth1 limit 60Kb min 15Kb max 45Kb > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > marked 0 early 0qdisc gred 8001: dev eth1 > > DP:1 (prio 8) Average Queue 0b Measured Queue 0b > > Packet drops: 0 (forced 0 early 0) > > Packet totals: 0 (bytes 0) ewma 3 Plog 21 Scell_log 9 > > DP:2 (prio 8) Average Queue 0b Measured Queue 0b > > Packet drops: 0 (forced 0 early 0) > > Packet totals: 0 (bytes 0) ewma 3 Plog 20 Scell_log 9 > > DP:3 (prio 8) Average Queue 0b Measured Queue 0b > > Packet drops: 0 (forced 0 early 0) > > Packet totals: 0 (bytes 0) ewma 3 Plog 19 Scell_log 9 > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > > > qdisc cbq 2: dev eth1 rate 10Mbit (bounded,isolated) prio no-transmit > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > borrowed 0 overactions 0 avgidle 624 undertime 0 > > > > qdisc dsmark 1: dev eth1 indices 0x0040 set_tc_index > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > pdrop 0 other 0 > > > > ##################### > > > > my question is why is the prio shown is always 8, although i set them to > > prio 2,3,4 respectively? And i suspect because of this, i actually get > > better performance for BE (in terms of lower delay). > > > > Also, i would like to clarify some requirement for af as proosed in RFC. > In > > "Appendix: Example services" of RFC 2597, it said that AF1x should have > > "greater probability for timely forwarding by having lighter load". > > Therefore, i send lighter traffic to class 1, than class 2 and 3. But > still > > i get lower delay for class BE, and no observable difference in delay for > > class 1, 2 and 3 (maybe it is the prio 8 problem as described above). > > > > What do you guys think about the delay for AF as proposed in RFC? Should > AF > > class 1 has the smallest delay compared to class 2,3 4 and BE? > > > > Last question, what do we do with excess AF traffic? Do we drop it or > > downgrade it to BE? > > > > If you have read to this part, i must thank you for your patience. > > > > > > > > > > _________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://ds9a.nl/2.4Routing/ > > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
Hello all.
I''ve tried to set up ipac 1.10 on my Linux router/firewall (Debian)
which also performes
traffic control via CBQ.
What I want is to create graphs of bandwidth consumption from Internet hosts to
internal
hosts. I don''t want to specify protocols, instead I want to count any
kind of traffic. But
I want to exclude some hosts from the sum (those on the internal LAN) because
there''s an
ethernet link with them and I want to count only traffic which comes from the
Internet
link (64Kbps Frame Relay).
The network topology is as shown:
Cisco router (F/R)
|
|
+-- mail server }
| } public subnet
+-- www server }
|
| (eth0)
linux router
(eth4) / \ (eth3)
/ \
internal LANs } private subnet
Firstly I tried to count incoming traffic on eth0 (rule: from ! public, to all),
it worked
well for overall traffic but when I tried to specify destination internal
hosts/subnets no
traffic was shown. I realized this happened due to IP masquerading, which is
performed on
the Linux router AFTER ip accounting.
So the next thing was to perform ip accounting on internal interfaces (eth3
& eth4). Since
there''s traffic between internal subnets through the linux router, I
want also to exclude
these from addresses. So now rules are: from ! public internal, to hostA hostB
etc.)
The real rule is as follows:
Incoming Testing|out|eth3|all|! 192.168.0.0/16 62.81.192.64/28|192.168.101.162
ipacset -D gives me the following:
/sbin/ipchains --append ipac_out -i eth3 -p all -s ! 192.168.0.0/16 -d
192.168.101.162
/sbin/ipchains --append ipac_out -i eth3 -p all -s ! 62.81.192.64/28 -d
192.168.101.162
62.81.192.64/28 is the public subnet. The fact is that after some testing ipac
is counting
internal traffic. I did a ftp transfer from 192.168.101.3 (the linux router) to
192.168.101.162 and it was shown in the graphs (424Kbps, 16Mbytes total,
impossible to be
Internet traffic on only two minutes with a 64Kbps link). This computer was not
doing any
other kind of traffic at this time.
I think ipacsum does not work well whith parameter ''! 192.168.0.0/16
62.81.192.64/28''
which generates two rules. Maybe second rule overwrites first one. I
don''t find any other
explanation.
My answer is, am I the first one person that has tried something similar until
now? Or is
this a known bug? Are there any workarounds? Am I doing something wrong? Why is
all of
this so frustrating?
Many thanks in advance.
--
José Carlos Ramírez Pérez
mailto:JoseCarlos.Ramirez@isotrol.com
___________________________________________________
ISOTROL S.A.
Avda. de la innovación nº 1, 3ª plta, 41020 Sevilla
Tel.:+34 955 036 800 - Fax:+34 955 036 849 (Spain)
web: http://www.isotrol.com/
--------------721092920B1B38791017843D
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Hello all.
<p>I''ve tried to set up ipac 1.10 on my Linux router/firewall
(Debian)
which also performes traffic control via CBQ.
<p>What I want is to create graphs of bandwidth consumption from Internet
hosts to internal hosts. I don''t want to specify protocols, instead I
want
to count any kind of traffic. But I want to exclude some hosts from the
sum (those on the internal LAN) because there''s an ethernet link with
them
and I want to count only traffic which comes from the Internet link (64Kbps
Frame Relay).
<p>The network topology is as shown:
<p><tt> Cisco router (F/R)</tt>
<br><tt>
|</tt>
<br><tt>
|</tt>
<br><tt>
+-- mail server
}</tt>
<br><tt>
|
} public subnet</tt>
<br><tt>
+-- www server
}</tt>
<br><tt>
|</tt>
<br><tt>
| (eth0)</tt>
<br><tt> linux router</tt>
<br><tt>(eth4) / \ (eth3)</tt>
<br><tt>
/ \</tt>
<br><tt> internal
LANs
} private subnet</tt>
<br>
<p>Firstly I tried to count incoming traffic on eth0 (rule: from ! public,
to all), it worked well for overall traffic but when I tried to specify
destination internal hosts/subnets no traffic was shown. I realized this
happened due to IP masquerading, which is performed on the Linux router
AFTER ip accounting.
<p>So the next thing was to perform ip accounting on internal interfaces
(eth3 & eth4). Since there''s traffic between internal subnets
through
the linux router, I want also to exclude these from addresses. So now rules
are: from ! public internal, to hostA hostB etc.)
<p>The real rule is as follows:
<p>Incoming Testing|out|eth3|all|! 192.168.0.0/16
62.81.192.64/28|192.168.101.162
<p>ipacset -D gives me the following:
<p>/sbin/ipchains --append ipac_out -i eth3 -p all -s ! 192.168.0.0/16
-d 192.168.101.162
<br>/sbin/ipchains --append ipac_out -i eth3 -p all -s ! 62.81.192.64/28
-d 192.168.101.162
<p>62.81.192.64/28 is the public subnet. The fact is that after some
testing
ipac is counting internal traffic. I did a ftp transfer from 192.168.101.3
(the linux router) to 192.168.101.162 and it was shown in the graphs (424Kbps,
16Mbytes total, impossible to be Internet traffic on only two minutes with
a 64Kbps link). This computer was not doing any other kind of traffic at
this time.
<p>I think ipacsum does not work well whith parameter ''!
192.168.0.0/16
62.81.192.64/28'' which generates two rules. Maybe second rule
overwrites
first one. I don''t find any other explanation.
<p>My answer is, am I the first one person that has tried something
similar
until now? Or is this a known bug? Are there any workarounds? Am I doing
something wrong? Why is all of this so frustrating?
<p>Many thanks in advance.
<br>
<pre>--
José Carlos Ramírez Pérez
<A
HREF="mailto:JoseCarlos.Ramirez@isotrol.com">mailto:JoseCarlos.Ramirez@isotrol.com</A>
___________________________________________________
ISOTROL S.A.
Avda. de la innovación nº 1, 3ª plta, 41020 Sevilla
Tel.:+34 955 036 800 - Fax:+34 955 036 849 (Spain)
web: <A
HREF="http://www.isotrol.com/">http://www.isotrol.com/</A></pre>
</html>
--------------721092920B1B38791017843D--