hello,
you can use the following script,
IP=/sbin/ip
${IP} route add default via ${STATICGW1} dev ${STATICIF1} src ${STATICIP1}
proto static table 200
${IP} route append prohibit default table 200 metric 1 proto static
${IP} route add default via ${STATICGW2} dev ${STATICIF2} src ${STATICIP2}
proto static table 200
${IP} rule add prio 200 from all lookup 200
this will first lookup the first line, i.e. gateway-1 and if it is failed,
it will try for gateway-2,
it would be good if you apply julian''s routing patch fromm the
following
location,
http://www.ssi.bg/~ja/#routes-2.4
for more info. you can refer this document too,
http://www.ssi.bg/~ja/nano.txt
regards,
Tushar Thakker
----------------------------------------------------------------
Success usually comes to those who are too busy to be looking for it
----------------------------------------------------------------
----- Original Message -----
From: <lartc-request@mailman.ds9a.nl>
To: <lartc@mailman.ds9a.nl>
Sent: Thursday, January 29, 2004 2:55 AM
Subject: LARTC digest, Vol 1 #1563 - 9 msgs
> Send LARTC mailing list submissions to
> lartc@mailman.ds9a.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.ds9a.nl/mailman/listinfo/lartc
> or, via email, send a message with subject or body ''help''
to
> lartc-request@mailman.ds9a.nl
>
> You can reach the person managing the list at
> lartc-admin@mailman.ds9a.nl
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of LARTC digest..."
>
>
> Today''s Topics:
>
> 1. Re: tncg and bandwidth limiting (Martin A. Brown)
> 2. IProute and Traffic Control of PPC (David Bierce)
> 3. Re: Shaping Device Aliases (Martin A. Brown)
> 4. Re: IMQ Stability (Alexander Trotsai)
> 5. Problems with multipath routing.
(=?iso-8859-15?q?Ra=FAl=20Alexis=20Betancort=20Santana?=)> 6. small netwok traffic shaping (Adrian Coman)
> 7. Re: small netwok traffic shaping (Michael Renzmann)
> 8. Burst Rate? (Scott Baker)
> 9. Question(s) for the programming gurus (Michael Renzmann)
>
> --__--__--
>
> Message: 1
> Date: Wed, 28 Jan 2004 00:18:24 -0600 (CST)
> From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
> To: Scott Baker <bakers@web-ster.com>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] tncg and bandwidth limiting
>
> Scott,
>
> : Basically ignore that last message.
>
> Earlier message ignored.
>
> : I''m trying to do some very simple rate-shaping on an interface.
I want
> : to limit my 100baseT interface to 7 megs both ingress and egress of the
> : interface.
>
> You''ll notice that Rubens suggested you use a TBF. This would be
> perfectly adequate solution for your transmitted traffic. Note that an
> HTB class and a TBF qdisc are essentially performing the same function.
> Shaping!
>
> Note there is a difference in the traffic control structures created by
> your tcng configuration. Your egress section will actually be two HTB
> classes inside an HTB qdisc attached to the INTERFACE in question. In
> your situation, you do not need both classes (created as siblings), since
> you are classifying everything into class $all.
>
> : I''m curious if some of the other experts out there
wouldn''t have a
> : "better" way to do what I''m doing. I''d like
to do HTB ingress as well,
> : but it complains that the the ingress qdisc doesn''t allow
inside
> : classes or something like that. I think this will work for me, I just
> : want to make sure this is the best way to do things.
>
> This is a limitation of traffic control under Linux. You can only shape
> what you transmit [ see IMQ if you want to know how to break this rule ].
> So, unless you are going to use IMQ, you''ll not be able to shape
your
> local input traffic (if you are a router, you should be able to slow down
> conversations by "artificially" delaying the packets on the
internal
> interface).
>
> However, you don''t need to care that you are not shaping on your
inbound
> traffic. You can police the traffic. For the difference between shaping
> and policing, try here [0].
>
> [ snip ]
>
> : htb () {
> : class ( rate 100Mbps, ceil 100Mbps ) ; /* remove this */
> : $all = class ( rate 7Mbps, ceil 7Mbps ) ;
> : }
>
> : ingress {
> : $p = bucket(rate 7Mbps, burst 100kB, mpu 200B);
> : class (1) if (conform $p && count $p) || drop;
> : }
>
> After you run your tcng config file through tcc ("tcc < $FILE |
less"),
> you should see (lines broken for readability) the following for the
> ingress traffic control. I left INTERFACE in the config file--obviously
> you have #defined it someplace else.
>
> tc qdisc add dev INTERFACE ingress
> tc filter add dev INTERFACE parent ffff:0 protocol all prio 1 \
> u32 match u32 0x0 0x0 at 0 classid ffff:1 \
> police index 2 rate 875000bps burst 102400 mpu 200 action drop/pass
> ^^^^^^
>
> Note that the policer will (somewhat harshly) accommodate your desires to
> limit the traffic accepted inbound on an interface.
>
> Best of luck,
>
> -Martin
>
> [0] http://tldp.org/HOWTO/Traffic-Control-HOWTO/elements.html#e-shaping
> http://tldp.org/HOWTO/Traffic-Control-HOWTO/elements.html#e-policing
>
> --
> Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
>
>
> --__--__--
>
> Message: 2
> To: LARTC@mailman.ds9a.nl
> From: David Bierce <operations@cynicbytrade.com>
> Date: Wed, 28 Jan 2004 00:46:19 -0600
> Subject: [LARTC] IProute and Traffic Control of PPC
>
> Has any one ever done it? We are in the planning stages and the
> majority of the hardware we have available is PPC, what are some
> thoughts?
>
>
> --__--__--
>
> Message: 3
> Date: Wed, 28 Jan 2004 00:54:39 -0600 (CST)
> From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
> To: Gordan Bobic <lartc@bobich.net>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] Shaping Device Aliases
>
> Gordan,
>
> I''ve noticed that you are trying to use aliased IP addresses and
traffic
> control together, and you are a bit frustrated that tc doesn''t
handle
> aliased interface names.
>
> : > > I understand that device aliases (e.g. eth2:3) are not
shapeable.
> : > > Does anybody know if this functionality is planned in the
future?
> : >
> : > None of the new(er) networking tools recognise device aliases,
> : > because on all recent linux releases, aliases don''t exist.
> : > the ethX:X notation is a legacy notation used only by the ifconfig
> : > program. everything else just sees a ethX with more than one IP
> : > address.
> : >
> : > So you just run your shaping rules on the real interfaces, and
> : > restrict it''s operation with IP address filtering.
> :
> : Yes, I am aware of that. However, that makes shaping multiple
> : independent "streams" going through one interface much more
difficult.
>
> I don''t understand why this becomes much more difficult--it just
becomes a
> little more difficult, depending on the number of IP addresses you have
> active on a given interface. If you can handle multiple addresses on an
> interface, then shaping traffic on these (known) addresses
shouldn''t be
> much more difficult than managing each address.
>
> : The only other thing I can think of is setting up a dummy network
> : device and giving it the IP addresses on all the non-primary subnets
> : (e.g. multiple DSL lines), and setting up the arp and routing to make
> : the packet actually go via the primary interface.
>
> This sounds like a very confused idea. I''m not sure it''s
worth the
> hassle--as I hope I can convince you below.
>
> [ more stuff snipped ]
>
> : Has anybody got any thoughts on this?
>
> I have some thoughts, which I hope can help you understand why you will be
> able to use the traffic control tools to accomplish your filtering. For
> posterity, I''ll reiterate some of what has come before.
>
> IP aliases don''t exist. This is a convention for ifconfig.
"ip addr
> show" will display all IP addresses active on a given interface.
>
> Traffic control is the last thing performed before turning the packet over
> to the device driver and hardware. Similarly, it is the first thing
> called on receipt of a packet. See diagrams KPTD [0] and ebtables packet
> flow [1].
>
> In this case, you can use any number of techniques to identify the packets
> with tc tools based on their IP addresses--the convenience of the aliased
> interface naming is simply an obstruction of the real path the packet
> takes.
>
> : If this would work, maybe it should be documented in the advanced
> : routing howto, as I can see how there might be a lot of people out
> : there who would find it useful.
>
> Let me suggest a possibility, if we assume a nested configuration.
Let''s
> say you have IP0 and IP1 active on interface eth3 and you want to make
> sure that bandwidth is split 75/25 between these two and you want them to
> share bandwidth. Classic bandwidth-sharing situation....in the tcng
> config below, you''d need to #define IP0 and IP1, but then
you''d have a
> simple configuration. If you needed to further subdivide traffic within
> each of the IP0 and IP1 classes, you''d have an easy way to do so.
>
> dev eth0 {
> egress {
> class ( <$ip0> ) if ip_src == IP0 ;
> class ( <$ip1> ) if ip_src == IP1 ;
> htb () {
> class ( rate 1544kbps, ceil 1544kbps ) { /* T1 speed */
> $ip0 = class ( rate 1024kbps, ceil 1544kbps ) ;
> $ip1 = class ( rate 384kbps, ceil 1544kbps ) ;
> }
> }
> }
> }
>
> Alternately, you may wish to simulate virtual circuits with each of the IP
> addresses on a machine. In this case, you could use separate root
> classes attached to the HTB qdisc, or another class. You can prevent the
> two classes from competing with each other by setting the rate and ceil to
> the same value. Here''s a very simple permutation of the above.
>
> dev eth0 {
> egress {
> class ( <$ip0> ) if ip_src == IP0 ;
> class ( <$ip1> ) if ip_src == IP1 ;
> htb () {
> class ( rate 1544kbps, ceil 1544kbps ) { /* T1 speed */
> $ip0 = class ( rate 1024kbps, ceil 1024kbps ) ;
> $ip1 = class ( rate 384kbps, ceil 384kbps ) ;
> }
> }
> }
> }
>
>
> Best of luck, Gordan!
>
> -Martin
>
> [0] http://www.docum.org/stef.coene/qos/kptd/
> [1] http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
>
> --
> Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
>
>
> --__--__--
>
> Message: 4
> Date: Wed, 28 Jan 2004 10:25:00 +0200
> From: Alexander Trotsai <mage@adamant.net>
> To: "Michael S. Kazmier" <mkazmier@sofast.net>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] IMQ Stability
>
> On Fri, Jan 23, 2004 at 10:29:13AM -0700, Michael S. Kazmier wrote:
> MSK>Hello all,
>
> MSK>I have been doing a lot of archive searching over the last week
reading> MSK>posts on IMQ and it''s apparent stability / instability. I
have seen a
> MSK>number of posts about it not being maintained as well. Can anyone
talk to> MSK>me about IMQ''s stability in a heavy throughput environment
(20 Mbps)
and> MSK>what was causing IMQ to fail if you know.
>
> I use it and it''s work OK for me
> Traffic at some router up to 30-40 Mbit
>
> IMQ has one trouble
> Don''t assing address to imq interface becase kernel crash it
> you do this.
>
> --
> Best regard, Aleksander Trotsai aka MAGE-RIPE aka MAGE-UANIC
> My PGP key at ftp://blackhole.adamant.ua/pgp/trotsai.key[.asc]
> Big trouble - ..disk or the processor is on fire.
>
> --__--__--
>
> Message: 5
> From:
=?iso-8859-15?q?Ra=FAl=20Alexis=20Betancort=20Santana?<rabs@dimension-virtual.com>
> Organization: =?iso-8859-15?q?Dimensi=F3n=20Virtual?= S.L.
> To: lartc@mailman.ds9a.nl
> Date: Wed, 28 Jan 2004 10:01:56 +0000
> Subject: [LARTC] Problems with multipath routing.
>
> Hi all, I have setup two multipath route tables on my system for doing
> failover routing, What I want it''s that if GW at route1 of the MP
is dead,
> traffic goes by route2, for doing that I have created the multipath routes
as> follows:
>
> ip route add table mail.traffic proto static nexthop via ${GW1} dev eth1
> weight 1 nexthop via ${GW2} dev eth1 weight 250
>
> But it does not run as I espected, I want that most (all if posible) the
> traffic goes by GW1, and if it is down (DgD patches are applied) traffic
must> goes by GW2, the kernel it''s not taking into account the weight
parameter
or> maybe I''m doing it wrong.
>
> Any hit will be apreciated ...
>
> Best regards
>
> --__--__--
>
> Message: 6
> Date: Wed, 28 Jan 2004 16:03:33 +0200
> From: Adrian Coman <adi@nobugconsulting.ro>
> Organization: NoBug Consulting
> To: lartc@mailman.ds9a.nl
> Subject: [LARTC] small netwok traffic shaping
>
> Hi,
>
> First of all I must say that I''m a newbie in the network
adimistration
domain.>
> I have the following situation: a network composed of ~10 computers which
are connected to> the internet through a gateway. The connection speed is 128kbps for the
addresses outside> my country, and 10mbps for the addresses in my country.
>
> I would like to set-up a traffic shaper on the router machine with the
following features:>
> - if all the users are browsing/downloading in the same time, the
bandwidth must be> equally shared
> - if the users are using file sharing software, their bandwidth for such
applications must> be limited to maximum 10kbps if noone else is requesting bandwidth for
normal http> transfers, else the bandwidth must be 0 for such applications.
> - i want also that some computers from the network to get priviledged
access, with no> restrictions
>
> If possible i wold also like that:
> - the users who are using network scanning software to have their
bandwidth cut to 0 for a> period
>
> The router has 2 NIC''s eth0 and eth1. eth0 is connected to the
outside
world and eth1 to> the internal network.
>
> Can you help me with examples? What solutions do you advise me to
implement?>
> I know I can read the manuals (as most of my friends say), but
it''s very
difficult for me> to get it right form the first time.
>
>
>
> Thanks,
> Adrian
>
>
>
> --__--__--
>
> Message: 7
> Date: Wed, 28 Jan 2004 15:55:36 +0100
> From: Michael Renzmann <mrenzmann@otaku42.de>
> To: Adrian Coman <adi@nobugconsulting.ro>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] small netwok traffic shaping
>
> Buna ziua, Adrian :)
>
> Adrian Coman wrote:
> > - if the users are using file sharing software, their bandwidth for
such
> > applications must be limited to maximum 10kbps if noone else is
> > requesting bandwidth for normal http transfers, else the bandwidth
must
> > be 0 for such applications.
>
> There are two things that might be interesting for your work:
>
> 1. http://l7-filter.sf.net
> That''s a facility for either the QoS framework or iptables that
enables
> to distinct between several application layer (iso layer 7, hence the
> name) protocols such as http and ftp. You could use that to apply
> special marks to packets which then help you to classify the packets.
>
> 2. http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html
> That''s an extenstion to iptables which allows to mark connections
that
> belong to common peer-to-peer applications (which would be helpful to
> apply the above quoted rule).
>
> Unfortunately I can''t give you any more pointers, as I''m
myself new to
> the whole QoS-stuff. But I hope this will help you a little.
>
> La revedere.
> Mike
>
>
> --__--__--
>
> Message: 8
> Date: Wed, 28 Jan 2004 16:03:45 -0800
> To: lartc@mailman.ds9a.nl
> From: Scott Baker <bakers@web-ster.com>
> Subject: [LARTC] Burst Rate?
>
> If I''m using the following to very simply police my incoming
bandwidth:
>
> ingress {
> $p = bucket(rate 7Mbps, burst 1000kB, mpu 200B);
> class (1) if (conform $p && count $p) || drop;
> }
>
> How should i be calculate the burst rate? Cisco has their own special
> algorithm for calculating the correct burst rate, is there a similar
method> I should be using to calculate burst on a linux box? Also are there any
> improvement in the 2.6.x kernel with regards to traffic shaping?
>
> Scott
>
>
> Scott Baker - Network Engineer - RHCE
> bakers @ web-ster . com - 503.266.8253
>
>
> --__--__--
>
> Message: 9
> Date: Thu, 29 Jan 2004 01:06:29 +0100
> From: Michael Renzmann <mrenzmann@otaku42.de>
> To: "lartc@mailman.ds9a.nl" <lartc@mailman.ds9a.nl>
> Subject: [LARTC] Question(s) for the programming gurus
>
> Hi all.
>
> I''m quite new to the concepts of the "traffic control"
framework, and
> I''ve got a programming-related question. Hopefully someone has the
answer...>
> Is it possible, either for the device driver itself or for a userspace
> program, to get information about how many packets are currently queued
> for a given network interface?
>
> Let''s describe it a little more in detail:
>
> I have a network interface eth0 in my linux box. Now I apply traffic
> shaping to that interface, for example the outgoing traffic is shaped
> down to 1 MBit/s. There is an application that creates packets which are
> meant to be sent out via eth0, and the application creates its packets
> with a much higher rate than 1 MBit/s. This would result in the shaper
> enqueuing packets for eth0 and, sooner or later, in dropping some of the
> packets if the queue is full.
>
> So I want to slow down the rate at which the application creates its
> packets. The easiest way would be to take a look at the "traffic
> control" queues for eth0 and check their current state. When the queue
> is filled up to a specified level, the application should stop creation
> of new packets until the queue has been emptied. (*)
>
> So, is there any way for my application to check the state of the
> eth0-queues? Or is this possible for the driver of eth0 (as I''m in
> control of this driver, I could implement a way to pass the needed
> information down to the application if necessary)?
>
> Next question: if I understood the concepts of the "traffic
control"
> system correctly, one could add several queues to a single device. Is
> there any way to simply get the total amount of packets that are waiting
> in all attached queues? Or would I need to check each queue and sum up
> the values?
>
> And last question: what kind of information can I get about the
> currently enqueued packets? Just the amount of packets that are
> enqueued, or only the amount of enqueued bytes, or both?
>
> I''d appreciate any kind of help very much. Pointers to existing
> documentation welcome - I didn''t find the answers in the docs I
found,
> but maybe I just didn''t search well enough (or in the wrong
places)?
>
> Thanks in advance.
>
> Bye, Mike
>
> (*) In other words: I want to have the effects of slowing down the
> traffic generation of my application without having to care about the
> actual implementation of the traffic shaping. In my special case this
> makes sense and would save me a lot of work.
>
>
>
> --__--__--
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc
>
>
> End of LARTC Digest
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/