-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of lartc-request@mailman.ds9a.nl
Sent: Saturday, June 30, 2001 6:01 PM
To: lartc@mailman.ds9a.nl
Subject: LARTC digest, Vol 1 #249 - 7 msgs
Send LARTC mailing list submissions to
lartc@mailman.ds9a.nl
To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.ds9a.nl/mailman/listinfo/lartc
or, via email, send a message with subject or body 'help' to
lartc-request@mailman.ds9a.nl
You can reach the person managing the list at
lartc-admin@mailman.ds9a.nl
When replying, please edit your Subject line so it is more specific
than "Re: Contents of LARTC digest..."
Today's Topics:
1. CBQ (Luiz C. Spies)
2. Re: CBQ (Wingtung.Leung)
3. Re: RTNETLINK Problems <ip route> don't work as expected. (I
think) (Theo Cabrerizo Diem)
4. u32 nexthdr problem (Don Cohen)
5. PRIOMAP, SPLIT, DEFMAP usage info + PRIO, TBF and other bugs (ness)
6. simple router (Jeremiah Savage)
7. Re: simple router (Jing Shen)
--__--__--
Message: 1
From: "Luiz C. Spies" <luiz@ucic.net>
Organization: UCIC - You See I See
To: lartc@mailman.ds9a.nl
Date: Fri, 29 Jun 2001 09:40:17 -0400
Subject: [LARTC] CBQ
Hi everyone, i use CBQ to limit my bandwidth and works, but sometimes when
the traffic is very hard, the CBQ generates delay, 2000 MS 3500MS and my
clients, don't have internet, because de delay is very hight this problem
have a solution, i try use redhat 7.1 with kernel 2.4.5 iptables nat and all
features i need to router firewall, and masquerade, the kernel works good the
squid to, but de CBQ not, i learn a little of CBQ and my CBQ are using TBF
module, i think is this module generate a delay if someone know the answer of
my problem, send to me the solution or the cause of delays....
Thank's
Luiz
--__--__--
Message: 2
Date: Fri, 29 Jun 2001 15:51:32 +0200 (MET DST)
From: "Wingtung.Leung" <s965817@uia.ua.ac.be>
To: Linux Advanced Router & Traffic Control <lartc@mailman.ds9a.nl>
Subject: Re: [LARTC] CBQ
On Fri, 29 Jun 2001, Luiz C. Spies wrote:
> Hi everyone, i use CBQ to limit my bandwidth and works, but sometimes when
> the traffic is very hard, the CBQ generates delay, 2000 MS 3500MS and my
> clients, don't have internet, because de delay is very hight this
problem
> have a solution, i try use redhat 7.1 with kernel 2.4.5 iptables nat and
all
> features i need to router firewall, and masquerade, the kernel works good
the
> squid to, but de CBQ not, i learn a little of CBQ and my CBQ are using TBF
> module, i think is this module generate a delay if someone know the answer
of
> my problem, send to me the solution or the cause of delays....
I think the high delay is normal because of your limit. What is your rate
limit? If your clients would try to push 10Mbit, but the limit is set to
100Kbit, you can expect to have the delay increased extremely.
Please try to explain your setup in more detail and tell what you really
want to achieve.
--
fingerprint = A3C4 DE50 712D 4FA8 C564 4D96 5E06 C9CC ECFA 19C5
--__--__--
Message: 3
Date: Fri, 29 Jun 2001 16:23:30 -0300
From: Theo Cabrerizo Diem <diem.netlink@uol.com.br>
To: Ramin Alidousti <ramin@UU.NET>
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] RTNETLINK Problems <ip route> don't work as
expected. (I think)
Yes, I can ping 10.1.0.1.
I tried from another box, <one connected to my corporate net> and
without using any default route, I can add a route to 10.1.0.1 using my
firewall as gateway (and my firewall with a route configured too), but I
can't use it as gateway to my default route ... :o/
<reply me at theoc@spread.com.br>
Theo.
Ramin Alidousti wrote:
>Do you have a route (no default) to that destination? It should work
>if you do.
>
>Ramin
>
>On Thu, Jun 28, 2001 at 05:52:33PM -0300, Theo Cabrerizo Diem wrote:
>
>>Hi,
>>
>>I have one firewall with 3 ethernet cards, 2 internet links, one cisco
>>2920 and one problem in RTNETLINK ;o)
>>
>>Let me explain my network :
>>
>>| *** Internet Link 1 *** *** Internet Link
>>2 ***
>> 10.1.0.1| Serial Serial |
10.2.0.1
>>|||| +--------------+ +------------+
>>
>> | |
>>|| +------------+
>> 10.1.0.2| CISCO | 10.2.0.2
>> +------+-----+
>> 192.168.1.1 / 192.168.2.1
>> |
>> eth2 192.168.1.2/ 192.168.2.1
>> +------------+
>> FIREWALL
>> +-+--------+-+
>> 10.20.0.0 eth0| |eth1 10.30.0.0
>> | |
>> MY DMZ NET MY CORPORATE NET
>>
>>I used reserved IPs for security reasons .. <sorry :o( >
>>What I'm trying to do:
>>I don't want to use my cisco default route, because I will do some
>>filtering, based on source address, at my firewall to choose wich link
>>to use, so I must add (at my firewall) a default route using my ISP 1
>>end <10.1.0.1> at one routing table, and other default route using
my
>>ISP 2 end <10.2.0.1> at another routing table, and do trafic
control
>>using iptables/iproute <as described in Advanced Routing how-to>.
>>
>>the problem is ... RTNETLINK says Unreachable Network when I try to add
>>a route, using a gateway wich isn't directly connected to my
firewall
>>:o( this is the line I'm trying to use :
>><I know I'm not writing on a specific routing table to do traffic
control>
>>
>>ip route add default via 10.1.0.1|
>>RTNETLINK answers: Network is unreachable
>>
>>So .. I've tried
>>ip route add default via 10.1.0.1 nexthop via 192.168.1.1
>>RTNETLINK answers: Invalid argument
>>
>>Can anyone help me ? If someone need more info, ask me ... <please
>>reply me at theoc@spread.com.br but I will check this list every day ;o)
>
>>
>>[]'s
>>
--__--__--
Message: 4
Date: Fri, 29 Jun 2001 15:00:53 -0700 (PDT)
From: don-lartc@isis.compsvcs.com (Don Cohen)
To: lartc@mailman.ds9a.nl
Subject: [LARTC] u32 nexthdr problem
I'm having trouble with nexthdr.
tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \
match ip protocol 0x6 0xff match u8 0x02 0x12 at nexthdr+13 flowid 10:3
fails to match my test packets whereas
tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \
match ip protocol 0x6 0xff match u8 0x02 0x12 at 33 flowid 10:3
does match them.
Of course, the second one is really wrong since it means something
totally different if your packet contains any IP options (which my
test packets do not, of course).
Does anyone either see what I'm doing wrong?
Anyone else experience the same problems?
Anyone know how to fix them?
--__--__--
Message: 5
From: "ness" <ness@inbox.lv>
To: <lartc@mailman.ds9a.nl>
Date: Sat, 30 Jun 2001 04:45:31 +0300
Subject: [LARTC] PRIOMAP, SPLIT, DEFMAP usage info + PRIO, TBF and other bugs
This is a multi-part message in MIME format.
------=_NextPart_000_000B_01C1011F.7E0734E0
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
this message was originally send to stafke@iname.com
http://users.belgacom.net/staf/
Currently I'm trying to install all this QoS stuff on my bridge and I have A
LOT of problems,
so I very glad to find someone interested in helping others to solve this not
trivial problem.
I decided to share that I have found so far with you :)
NOTE: DON'T consider all this correct, it's all just my thoughts. So
don't hit me if I'm wrong.
From you TODO list:
1. Unclassified traffic - traffic to which none of the filters has been applyed,
so by default it
will fall to root class. You can use Defmap to assign all this unclassified
traffic to other
class. For example setting Defmap to 0xFFFF will assign all unclassified by
other means
traffic to this class. Split also must be specified else defmap will not
work.
Here is some words from Alex:
"defmaps are intended to make fallback classification
when a packet does not match to any stronger classifier
or no classifiers are configured.
Algorithm is very simple: protocol layer assigns a logical priority
numbered of 0 to 15 to any packet. For forwarded packets it is derived
from tos, for locally originated ones it is controlled by SO_PRIORITY
socket option (or derived from tos too).=20
If a class is ready to serve some logical priority,
it has corresponding bit in its defmap.
If packet matches to any classifier, this priority
is ignored. When it does not, cbq searches for class
which is ready to serve corresponding priority level.
That's almost all. Note that, to make cbq working properly,
you should sweep at least all priorities 0..7, otherwise
unclassified packets will fallback to root class,
which is not intended to transmit anything at all.
For IPv4 mapping tos -> priority is established in route.c
by array ip_tos2prio[]. It is not changable from user level for now
and complies to canonical ietf rules. You may change it to
diffserv, if you want.
About "split". Normally, split is root.
You may set split to a node in hierarchy and use some simple
and fast classifier, which understands only limited set of keys
(sort of route), to point to this node.
In this case, only classes with split=3D=3Dthis node,
will be matched. It means, that sk->priority and tos
may live in peace with multiagency link sharing
with zero classification cost. Seems, it is
the best my invention for last year 8)"
Ok. So far so good. I still not sleeping :)
2. About this Priomap. This all about this early mentioned "logical
priority",
if we have for example Priomap 0 0 0 0 0 1 1 1 1 1 2 2 2 2 2 2
then all traffic with any of the 5 high bits set in this "logical
priority" will be
assigned to band 0, if any of the 5 bits set in the middle then this packet
will be assigned to band 1 and so forth.
Oh, one more notice:
AS FAR I UNDERSTAND PRIO NOT WORKING AT ALL, OR AT LEAST
NOT WORKING AS IT MUST WORK.
First of all it not implement class manipulation functions, so if you just
try
to list PRIO classes (tc class ls dev eth0) this will give you segmentation
fault :(. The more the better. I far as I understand PRIO qdisc creates
classes
"on fly", so I tryed to filter some packets to this classed. After
2 weaks of
experements I understand that it don't prioritize packets AT ALL.
(I'll be glad
to hear that I'm wrong...)
OK some more bugs....
TBF. If you defined this one as described in README it will not work :(
At least it's not working on my setup.
tc qdisc add dev eth1 parent 1:2 tbf rate 64Kbit buffer 5Kb/8 limit 10Kb
You'll get latency set to something near 5000s :(
So, to work correctly you must define NOT LIMIT but LATENCY (1000 =3D 1.2
ms),
or define BURST and use it with LIMIT, BTW you can't use Kb in burst you
must
use kB :(
I think this is enough. I'm very interested in you latency testing. How
you manage=20
to do some latency changing with CBQ. AFAIK CBQ not intended to
PRIORITIZE=20
traffic it only Fair Destribute it in case of congestion.
Hope for you understanding. And excuse my english. I'm russian too ;)
=20
Plz share you experience with the comunity!
Alex where is fixed version? And where is HPFQ support? Where? Aaaa? Gde?
--
Ness
ness@inbox.lv
------=_NextPart_000_000B_01C1011F.7E0734E0
Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html;
charset=3Dkoi8-r">
<META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>this message was originally send to
<A=20
href=3D"mailto:stafke@iname.com">stafke@iname.com</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://users.belgacom.net/staf/">http://users.belgacom.net/staf/</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>
<DIV><FONT face=3DArial size=3D2>Currently I'm trying to install
all this QoS stuff=20
on my bridge and I have A LOT of problems,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>so I very glad to find someone
interested in=20
helping others to solve this not trivial problem.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I decided to share that I
have found so=20
far with you :)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>NOTE: DON'T consider all this
correct, it's all=20
just my thoughts. So don't hit me if I'm wrong.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>From you TODO
list:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>1. Unclassified traffic - traffic
to which none of=20
the filters has been applyed, so by default it</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> will
fall to root class. You can=20
use Defmap to assign all this unclassified traffic to
other</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>
class. For example setting=20
Defmap to 0xFFFF will assign all unclassified by other
means</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>
traffic to this class. Split=20
also must be specified else defmap will not work.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> Here
is some words from=20
Alex:</FONT></DIV><FONT face=3DArial size=3D2>
<DIV><BR>"defmaps are intended to make fallback
classification<BR>when a packet=20
does not match to any stronger classifier<BR>or no classifiers are=20
configured.</DIV>
<DIV><BR>Algorithm is very simple: protocol layer assigns a
logical=20
priority<BR>numbered of 0 to 15 to any packet. For forwarded packets it
is=20
derived<BR>from tos, for locally originated ones it is controlled by=20
SO_PRIORITY<BR>socket option (or derived from tos too). </DIV>
<DIV><BR>If a class is ready to serve some logical
priority,<BR>it has=20
corresponding bit in its defmap.</DIV>
<DIV><BR>If packet matches to any classifier, this
priority<BR>is ignored. When=20
it does not, cbq searches for class<BR>which is ready to serve
corresponding=20
priority level.<BR>That's almost all. Note that, to make cbq
working=20
properly,<BR>you should sweep at least all priorities 0..7,=20
otherwise<BR>unclassified packets will fallback to root
class,<BR>which is not=20
intended to transmit anything at all.</DIV>
<DIV><BR>For IPv4 mapping tos -> priority is established in
route.c<BR>by=20
array ip_tos2prio[]. It is not changable from user level for now<BR>and
complies=20
to canonical ietf rules. You may change it to<BR>diffserv, if you
want.</DIV>
<DIV><BR>About "split". Normally, split is
root.</DIV>
<DIV><BR>You may set split to a node in hierarchy and use some
simple<BR>and=20
fast classifier, which understands only limited set of keys<BR>(sort of
route),=20
to point to this node.<BR>In this case, only classes with
split=3D=3Dthis=20
node,<BR>will be matched. It means, that sk->priority and
tos<BR>may live in=20
peace with multiagency link sharing<BR>with zero classification cost.
Seems, it=20
is<BR>the best my invention for last year 8)"</DIV>
<DIV> </DIV>
<DIV>Ok. So far so good. I still not sleeping :)</DIV>
<DIV> </DIV>
<DIV>2. About this Priomap. This all about this early mentioned
"logical
priority",</DIV>
<DIV> if we have for example Priomap 0 0 0 0
0 1 1 1 1 1=20
2 2 2 2 2 2</DIV>
<DIV> then all traffic with any of the 5
high bits set in=20
this "logical priority" will be</DIV>
<DIV> assigned to band 0, if any of the 5
bits set in the=20
middle then this packet</DIV>
<DIV> will be assigned to band 1 and so
forth.</DIV>
<DIV> </DIV>
<DIV>Oh, one more notice:</DIV>
<DIV> AS FAR I UNDERSTAND PRIO NOT WORKING
AT ALL, OR AT=20
LEAST</DIV>
<DIV> NOT WORKING AS IT MUST
WORK.</DIV>
<DIV> First of all it not implement
class manipulation=20
functions, so if you just try</DIV>
<DIV> to list PRIO classes (tc class ls dev
eth0) this will=20
give you segmentation</DIV>
<DIV> fault :(. The more the better. I far
as I understand=20
PRIO qdisc creates classes</DIV>
<DIV> "on fly", so I tryed to
filter some packets to this=20
classed. After 2 weaks of</DIV>
<DIV> experements I understand that it
don't prioritize=20
packets AT ALL. (I'll be glad</DIV>
<DIV> to hear that I'm
wrong...)</DIV>
<DIV> </DIV>
<DIV> OK some more bugs....</DIV>
<DIV> </DIV>
<DIV> TBF. If you defined this one as
described in README it=20
will not work :(</DIV>
<DIV> At least it's not working on my
setup.</DIV>
<DIV> </DIV>
<DIV> tc qdisc add dev eth1 parent 1:2 tbf
rate 64Kbit buffer=20
5Kb/8 limit 10Kb</DIV>
<DIV> </DIV>
<DIV> You'll get latency set to
something near 5000s :(</DIV>
<DIV> So, to work correctly you must define
NOT LIMIT but=20
LATENCY (1000 =3D 1.2 ms),</DIV>
<DIV> or define BURST and use it with LIMIT,
BTW you can't use=20
Kb in burst you must</DIV>
<DIV> use kB :(</DIV>
<DIV> </DIV>
<DIV> I think this is enough. I'm very
interested in you=20
latency testing. How you manage </DIV>
<DIV> to do some latency changing with CBQ.
AFAIK CBQ not=20
intended to PRIORITIZE </DIV>
<DIV> traffic it only Fair Destribute it in
case of=20
congestion.</DIV>
<DIV> </DIV>
<DIV> Hope for you understanding. And excuse
my english. I'm=20
russian too ;)</DIV>
<DIV> </DIV>
<DIV> Plz share you experience with the
comunity!</DIV>
<DIV> Alex where is fixed version? And where
is HPFQ support?=20
Where? Aaaa? Gde?</DIV>
<DIV> --</DIV>
<DIV> Ness</DIV>
<DIV> <A=20
href=3D"mailto:ness@inbox.lv">ness@inbox.lv</A></FONT></DIV></DIV></BODY></HTML>
------=_NextPart_000_000B_01C1011F.7E0734E0--
--__--__--
Message: 6
Date: Fri, 29 Jun 2001 21:05:16 -0700 (PDT)
From: Jeremiah Savage <jeremiahsavage@yahoo.com>
To: lartc@mailman.ds9a.nl
Subject: [LARTC] simple router
Hello,
I am attempting to construct a (simple?) router based
on Linux 2.4 with iproute2.
I have 3 ethernet cards on the router, with eth0
connected to a host,eth1 connected to a server and
eth2 connected to another computer.
xx.yy.88.101
+--------+
| |
| host |
+---+----+
|
xx.yy.zz.aa |
| |eth0 - xx.yy.88.100
| |
+---------+ | +----------------+
|another | eth2 | |
|computer +---------+ router |
| | | |
+---------+ +-------+--------+
xx.yy.zz.ab |
| eth1 - xx.zz.110.145
|
+---+-----+
| |
| server |xx.zz.110.148
| |
+---------+
I am simply trying to get traffic through eth0 to eth1
so it can get to the server and get back out, but so
far I can't ping the server through the router,
although the router itself is capable of pinging the
server (so the link eth1 is active). And I've verified
that eth0 is also active as the router and the host
can ping each other.
So how do I get the router to pass traffic through to
the server?
I've tried
# ip route add to unicast xx.zz.110.148 dev eth1
RTNETLINK answers: File exists
and yet the host still can't ping the server.
And I've tried making eth0 "promiscuous"
# ifconfig eth0 promisc
but that doesn't help either.
Anyone know the magic incantation that I need?
--
Jeremiah
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
--__--__--
Message: 7
Date: Sat, 30 Jun 2001 14:38:57 +0800
From: Jing Shen <jshen@cad.zju.edu.cn>
Reply-To: jshen@cad.zju.edu.cn
Organization: state key lab of CAD&CG
To: Jeremiah Savage <jeremiahsavage@yahoo.com>
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] simple router
What's the routing table in host and server looks like ?
if there is only one connection on both of them , the routing table in
host only need one entry as : 0.0.0.0/0 -> xx.yy.88.100
and server need : 0.0.0.0/0 ->xx.zz.110.145
You don't need to add host route explicitly in the router becasue
the subnet on network interface is included in routing table by default.
Another indication is "have you enabled iptable on router to block
connection
between
different subnet?"
James Shen
> Hello,
>
> I am attempting to construct a (simple?) router based
> on Linux 2.4 with iproute2.
>
> I have 3 ethernet cards on the router, with eth0
> connected to a host,eth1 connected to a server and
> eth2 connected to another computer.
>
> xx.yy.88.101
> +--------+
> | |
> | host |
> +---+----+
> |
> xx.yy.zz.aa |
> | |eth0 - xx.yy.88.100
> | |
> +---------+ | +----------------+
> |another | eth2 | |
> |computer +---------+ router |
> | | | |
> +---------+ +-------+--------+
> xx.yy.zz.ab |
> | eth1 - xx.zz.110.145
> |
> +---+-----+
> | |
> | server |xx.zz.110.148
> | |
> +---------+
>
> I am simply trying to get traffic through eth0 to eth1
> so it can get to the server and get back out, but so
> far I can't ping the server through the router,
> although the router itself is capable of pinging the
> server (so the link eth1 is active). And I've verified
> that eth0 is also active as the router and the host
> can ping each other.
>
> So how do I get the router to pass traffic through to
> the server?
>
> I've tried
> # ip route add to unicast xx.zz.110.148 dev eth1
> RTNETLINK answers: File exists
>
> and yet the host still can't ping the server.
>
> And I've tried making eth0 "promiscuous"
> # ifconfig eth0 promisc
> but that doesn't help either.
>
> Anyone know the magic incantation that I need?
>
> --
> Jeremiah
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
--__--__--
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc
End of LARTC Digest