LARTC - Apr 2003 - LARTC / Multipath routing: Thanks & feedbacks :)

Hello,

A while ago I bothered some people in this list regarding issues with
multipath routing and advanced routing in general. The main goal was to
setup a complex networks where all servers would be available through
both link. Each server was public, and thus had 2 public IP addresses.
This setup included VPN setup with fail-over, firewalls with gateway as
routing key & alternatives routes setup, NAT for internal private
networks, DMZs available over both links,etc... The whole thing was
about setting up full redundancy for every server. 

There was a lot of problems building the whole thing up, but in the end,
everything worked perfectly. I mean it.

I currently have more than 30 Linux servers reachable through 2
dedicated lines, over 2 ISP, using 2 public distinct netblocks. Each
server is linux-based, and does outgoing load-balancing in equalize
mode. Incoming traffic load-balancing is done using standard round-robin
DNS. Everything got filtered by firewalls. I have VPN fail-over setup
using alternatives routes & dead gateway detection.

For all of these, I would like to thanks you. 
Thank you for giving this wonderful toolkit to the Internet Community.
Thank you for your time answering our questions, and finally for you
help & assistance. I wouldn''t have been able to build the whole
thing up
without you. Thank you also, for keeping my users off my back. :)

I never doubted Linux was the best OS in the world. But now, I have a
proof.

I would especially like to thanks Julian Anastasov (your patches works
just perfectly !), Arthur van Leeuwen and Dawid Kuroczko.

Thanks again.
Yours,
Vincent Jaussaud.

-- 
########################################################
 Kelkoo Security Manager / Networks & Systems Architect 
 	    JID: portsentry@jabber.kelkoo.net 	        
 Office: +(33)04 7629 7163 / Mobile: +(33)06 806 409 62 
########################################################
Kelkoo.com --- GNU/Linux Powered.
-- 
Vincent Jaussaud
Kelkoo.com Security Manager 
email: tatooin@kelkoo.com

"The UNIX philosophy is to design small tools that do one thing, and do
it well."

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello, I have a problem, I want to configure the htb qdisc, my 
configuration scripts loke like:

tc qdisc add dev eth0 root handle 1: htb

tc class add dev eth0 parent 1: classid 1:1 htb rate 6mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 5mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 3mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit burst 15k

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 80 
0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 25 
0xffff flowid 1:20

When I execute my script I get:

RTNETLINK answers: Invalid argument
Error: Qdisc "htb" is classless.
Error: Qdisc "htb" is classless.
Error: Qdisc "htb" is classless.
Error: Qdisc "htb" is classless.
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument

What is wrong?.

Thanks in advance.

Ana.

One thing you could do is: make a tutorial showing problems and
solutions you''ve found in implementing such a system and put it in the
ML.

Thanks
Nuno Fernandes



On Mon, 2003-04-28 at 12:40, Vincent Jaussaud wrote:
> Hello,
> 
> A while ago I bothered some people in this list regarding issues with
> multipath routing and advanced routing in general. The main goal was to
> setup a complex networks where all servers would be available through
> both link. Each server was public, and thus had 2 public IP addresses.
> This setup included VPN setup with fail-over, firewalls with gateway as
> routing key & alternatives routes setup, NAT for internal private
> networks, DMZs available over both links,etc... The whole thing was
> about setting up full redundancy for every server. 
> 
> There was a lot of problems building the whole thing up, but in the end,
> everything worked perfectly. I mean it.
> 
> I currently have more than 30 Linux servers reachable through 2
> dedicated lines, over 2 ISP, using 2 public distinct netblocks. Each
> server is linux-based, and does outgoing load-balancing in equalize
> mode. Incoming traffic load-balancing is done using standard round-robin
> DNS. Everything got filtered by firewalls. I have VPN fail-over setup
> using alternatives routes & dead gateway detection.
> 
> For all of these, I would like to thanks you. 
> Thank you for giving this wonderful toolkit to the Internet Community.
> Thank you for your time answering our questions, and finally for you
> help & assistance. I wouldn''t have been able to build the
whole thing up
> without you. Thank you also, for keeping my users off my back. :)
> 
> I never doubted Linux was the best OS in the world. But now, I have a
> proof.
> 
> I would especially like to thanks Julian Anastasov (your patches works
> just perfectly !), Arthur van Leeuwen and Dawid Kuroczko.
> 
> Thanks again.
> Yours,
> Vincent Jaussaud.
> 
> -- 
> ########################################################
>  Kelkoo Security Manager / Networks & Systems Architect 
>  	    JID: portsentry@jabber.kelkoo.net 	        
>  Office: +(33)04 7629 7163 / Mobile: +(33)06 806 409 62 
> ########################################################
> Kelkoo.com --- GNU/Linux Powered.
-- 
Nuno Miguel Pais Fernandes <npf@eurotux.com>

On Monday 28 April 2003 15:51, Ana Carolina Alonso
wrote:
> Hello, I have a problem, I want to configure the htb qdisc, my
> configuration scripts loke like:
>
> tc qdisc add dev eth0 root handle 1: htb
>
> tc class add dev eth0 parent 1: classid 1:1 htb rate 6mbit burst 15k
> tc class add dev eth0 parent 1:1 classid 1:10 htb rate 5mbit burst 15k
> tc class add dev eth0 parent 1:1 classid 1:20 htb rate 3mbit burst 15k
> tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit burst 15k
>
> tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
> tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
>
> tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 80
> 0xffff flowid 1:10
> tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 25
> 0xffff flowid 1:20
>
> When I execute my script I get:
>
> RTNETLINK answers: Invalid argument
> Error: Qdisc "htb" is classless.
> Error: Qdisc "htb" is classless.
> Error: Qdisc "htb" is classless.
> Error: Qdisc "htb" is classless.
> RTNETLINK answers: No such file or directory
> RTNETLINK answers: No such file or directory
> RTNETLINK answers: No such file or directory
> RTNETLINK answers: Invalid argument
> RTNETLINK answers: Invalid argument
>
> What is wrong?.
Do you have htb support in the kernel and a tc binary with htb support ?

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Mon, 2003-04-28 at 16:51, Nuno Miguel Pais Fernandes
wrote:
> One thing you could do is: make a tutorial showing problems and
> solutions you''ve found in implementing such a system and put it in
the
> ML.
I will. I''ll post an url to the list once it''s done. (Might
takes some
times, though.)

Regards,
Vincent.
> 
> Thanks
> Nuno Fernandes
> 
> 
> 
> On Mon, 2003-04-28 at 12:40, Vincent Jaussaud wrote:
> > Hello,
> > 
> > A while ago I bothered some people in this list regarding issues with
> > multipath routing and advanced routing in general. The main goal was
to
> > setup a complex networks where all servers would be available through
> > both link. Each server was public, and thus had 2 public IP addresses.
> > This setup included VPN setup with fail-over, firewalls with gateway
as
> > routing key & alternatives routes setup, NAT for internal private
> > networks, DMZs available over both links,etc... The whole thing was
> > about setting up full redundancy for every server. 
> > 
> > There was a lot of problems building the whole thing up, but in the
end,
> > everything worked perfectly. I mean it.
> > 
> > I currently have more than 30 Linux servers reachable through 2
> > dedicated lines, over 2 ISP, using 2 public distinct netblocks. Each
> > server is linux-based, and does outgoing load-balancing in equalize
> > mode. Incoming traffic load-balancing is done using standard
round-robin
> > DNS. Everything got filtered by firewalls. I have VPN fail-over setup
> > using alternatives routes & dead gateway detection.
> > 
> > For all of these, I would like to thanks you. 
> > Thank you for giving this wonderful toolkit to the Internet Community.
> > Thank you for your time answering our questions, and finally for you
> > help & assistance. I wouldn''t have been able to build the
whole thing up
> > without you. Thank you also, for keeping my users off my back. :)
> > 
> > I never doubted Linux was the best OS in the world. But now, I have a
> > proof.
> > 
> > I would especially like to thanks Julian Anastasov (your patches works
> > just perfectly !), Arthur van Leeuwen and Dawid Kuroczko.
> > 
> > Thanks again.
> > Yours,
> > Vincent Jaussaud.
> > 
> > -- 
> > ########################################################
> >  Kelkoo Security Manager / Networks & Systems Architect 
> >  	    JID: portsentry@jabber.kelkoo.net 	        
> >  Office: +(33)04 7629 7163 / Mobile: +(33)06 806 409 62 
> > ########################################################
> > Kelkoo.com --- GNU/Linux Powered.
-- 
Vincent Jaussaud
Kelkoo.com Security Manager 
email: tatooin@kelkoo.com

"The UNIX philosophy is to design small tools that do one thing, and do
it well."

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/