LARTC - Jul 2004 - Simply IMQ

I''ve followed this list for quite a long time and have even posted a
couple
of times. I used the early versions of IMQ from Devik (I think that was his
name), and it worked well. I only ever got the chance to implement it in my
test environment. I now need to implement it in my production environment.
My Linux core router has nine interfaces and has a 27 megabit connection to
the internet. It is quite busy much of the time. It runs Fedora Core 1 now
but will most likely be upgraded to Fedora Core 2 in the next month or so.

Now with all that said, here is my question. I see that maintenance of IMQ
has been passed on a couple of times. I see some people say that IMQ is not
stable and should not be put into a production environment. My use of IMQ a
year ago invovled only egress qdiscs using HTB and SFQ because the egress
qdiscs were much more powerful and better than the ingress qdisc. The only
problem that I ever had with IMQ was using the iptables target with both
PREROUTING and POSTROUTING. I see Roy has posted that IMQ essentially
crashes when doing egress shaping. Is this correct? I''ve always
understood
egress as outbound shaping/filtering and ingress as inbound
shaping/filtering. I say that because I saw in an earlier post by Roy that
he changed his terminology to INPUT,OUTPUT, and FORWARD. Was he not using
the terms egress and ingress correctly? I see that the current
''big'' problem
is touching locally generated traffic. What I need to know is which version
of IMQ is most stable for kernel 2.6? Or even kernel2.4? Is it
Devera''s?
McHardy''s? Correa''s? or Roy''s? Or should I just leave
it alone? My apologies
if I got names wrong.

This is probably a long email just to ask that question, but I can''t
seem to
find an answer from the list archives. I downloaded the whole 46 mb archive
and essentially read 90% of the posts related to IMQ. I''m just trying
to get
a good understanding of what''s happening with/to IMQ.

Thank you in advance for any advice.

Walt Wyndroski

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Probably I was the last one who changed imq code.
so here is are the facts:
Basicaly all imq versions are usefull under aproriate condition, whis is do
not touch localy generated traffic.
ingress nad egress terms are not correct for imq, because it is iptables
module, not nic.
Just my version hooks on different iptables hooks, and simply ignores all
local generated traffic. It cant be crashed with incorrect rules.
basicaly only advantage of my version is nore clean way to hook on iptables,
code is same for 2.4 and 2.6 kernels, and no need to patch, stability should
be same on both kernels.
Now it is hard to say why imq crash, because crashes occur in various places
not related to this module, it seems like memory leak, but does not like imq
can have such bug. I suppose there is somethisng wrong with iptables or tcp
code itself, since imq does big mess with packets by droping and reordering
then alot.

Anyway imq does not work as I expected, basicaly all forward shaping is
quite hard, I was trying to make tcp traffic predictor because else it is
too late.
It must be sart enough to work I need to adjust predictor delay, and packets
size. what makes it quite hard to implement.



----- Original Message ----- 
From: "Walt Wyndroski" <wdwrn@friendlycity.net>
To: <lartc@mailman.ds9a.nl>
Sent: Tuesday, July 06, 2004 4:48 PM
Subject: [LARTC] Simply IMQ

> I''ve followed this list for quite a long time and have even
> posted a couple
> of times. I used the early versions of IMQ from Devik (I think that was
his
> name), and it worked well. I only ever got the chance to implement it in
my
> test environment. I now need to implement it in my production environment.
> My Linux core router has nine interfaces and has a 27 megabit connection
to
> the internet. It is quite busy much of the time. It runs Fedora Core 1 now
> but will most likely be upgraded to Fedora Core 2 in the next month or so.
>
> Now with all that said, here is my question. I see that maintenance of IMQ
> has been passed on a couple of times. I see some people say that IMQ is
not
> stable and should not be put into a production environment. My use of IMQ
a
> year ago invovled only egress qdiscs using HTB and SFQ because the egress
> qdiscs were much more powerful and better than the ingress qdisc. The only
> problem that I ever had with IMQ was using the iptables target with both
> PREROUTING and POSTROUTING. I see Roy has posted that IMQ essentially
> crashes when doing egress shaping. Is this correct? I''ve always
understood
> egress as outbound shaping/filtering and ingress as inbound
> shaping/filtering. I say that because I saw in an earlier post by Roy that
> he changed his terminology to INPUT,OUTPUT, and FORWARD. Was he not using
> the terms egress and ingress correctly? I see that the current
''big''
problem
> is touching locally generated traffic. What I need to know is which
version
> of IMQ is most stable for kernel 2.6? Or even kernel2.4? Is it
Devera''s?
> McHardy''s? Correa''s? or Roy''s? Or should I just
leave it alone? My
apologies
> if I got names wrong.
>
> This is probably a long email just to ask that question, but I
can''t seem
to
> find an answer from the list archives. I downloaded the whole 46 mb
archive
> and essentially read 90% of the posts related to IMQ. I''m just
trying to
get
> a good understanding of what''s happening with/to IMQ.
>
> Thank you in advance for any advice.
>
> Walt Wyndroski
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

So you are saying that I do not need to patch my kernel? I do not understand
that statement. I had to recompile my kernel with the imq patch as well as
iptables before IMQ would work for me. The way I have always understood IMQ
is that it is a virtual network device, a virtual network card if you will.
Therefore it seems to me that egress would apply since iptables is only
being used to redirect traffic through the virtual IMQ device. IPROUTE2/TC
would then shape traffic leaving the virutal IMQ device (egress traffic).
This is how I understand IMQ. If I am wrong, please set me straight.

From what you are saying, either IMQ is completely unstable or iptables
and/or the tcp/ip stack is unstable. Not that I am a guru on the internals
of iptables or the Linux tcp/ip stack, but I think iptables and the Linux
tcp/ip stack is most likely stable. To be fair, I must admit that I have not
had a full opportunity to test out your version of IMQ either, only the
prior versions.

Who''s version of IMQ resides on www.linuximq.org ?

Walt Wyndroski


----- Original Message ----- 
From: "Roy" <roy@xxx.lt>
To: "Walt Wyndroski" <wdwrn@friendlycity.net>;
<lartc@mailman.ds9a.nl>
Sent: Tuesday, July 06, 2004 10:34 AM
Subject: Re: [LARTC] Simply IMQ

> Probably I was the last one who changed imq code.
> so here is are the facts:
> Basicaly all imq versions are usefull under aproriate condition, whis is
do
> not touch localy generated traffic.
> ingress nad egress terms are not correct for imq, because it is iptables
> module, not nic.
> Just my version hooks on different iptables hooks, and simply ignores all
> local generated traffic. It cant be crashed with incorrect rules.
> basicaly only advantage of my version is nore clean way to hook on
iptables,
> code is same for 2.4 and 2.6 kernels, and no need to patch, stability
should
> be same on both kernels.
> Now it is hard to say why imq crash, because crashes occur in various
places
> not related to this module, it seems like memory leak, but does not like
imq
> can have such bug. I suppose there is somethisng wrong with iptables or
tcp
> code itself, since imq does big mess with packets by droping and
reordering
> then alot.
>
> Anyway imq does not work as I expected, basicaly all forward shaping is
> quite hard, I was trying to make tcp traffic predictor because else it is
> too late.
> It must be sart enough to work I need to adjust predictor delay, and
packets
> size. what makes it quite hard to implement.
>
>
>
> ----- Original Message ----- 
> From: "Walt Wyndroski" <wdwrn@friendlycity.net>
> To: <lartc@mailman.ds9a.nl>
> Sent: Tuesday, July 06, 2004 4:48 PM
> Subject: [LARTC] Simply IMQ
>
>
> > I''ve followed this list for quite a long time and have even
> > posted a couple
> > of times. I used the early versions of IMQ from Devik (I think that
was
> his
> > name), and it worked well. I only ever got the chance to implement it
in
> my
> > test environment. I now need to implement it in my production
environment.
> > My Linux core router has nine interfaces and has a 27 megabit
connection
> to
> > the internet. It is quite busy much of the time. It runs Fedora Core 1
now
> > but will most likely be upgraded to Fedora Core 2 in the next month or
so.
> >
> > Now with all that said, here is my question. I see that maintenance of
IMQ
> > has been passed on a couple of times. I see some people say that IMQ
is
> not
> > stable and should not be put into a production environment. My use of
IMQ
> a
> > year ago invovled only egress qdiscs using HTB and SFQ because the
egress
> > qdiscs were much more powerful and better than the ingress qdisc. The
only
> > problem that I ever had with IMQ was using the iptables target with
both
> > PREROUTING and POSTROUTING. I see Roy has posted that IMQ essentially
> > crashes when doing egress shaping. Is this correct? I''ve
always
understood
> > egress as outbound shaping/filtering and ingress as inbound
> > shaping/filtering. I say that because I saw in an earlier post by Roy
that
> > he changed his terminology to INPUT,OUTPUT, and FORWARD. Was he not
using
> > the terms egress and ingress correctly? I see that the current
''big''
> problem
> > is touching locally generated traffic. What I need to know is which
> version
> > of IMQ is most stable for kernel 2.6? Or even kernel2.4? Is it
Devera''s?
> > McHardy''s? Correa''s? or Roy''s? Or should I
just leave it alone? My
> apologies
> > if I got names wrong.
> >
> > This is probably a long email just to ask that question, but I
can''t
seem
> to
> > find an answer from the list archives. I downloaded the whole 46 mb
> archive
> > and essentially read 90% of the posts related to IMQ. I''m
just trying to
> get
> > a good understanding of what''s happening with/to IMQ.
> >
> > Thank you in advance for any advice.
> >
> > Walt Wyndroski
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi Walt, I''m the "Correa" from your list. In fact
www.linuximq.net is a
project from a group of people, not just me, who are working on: 
Devera->McHardy IMQ''s code that was unmantained and now is alive
again.

We can tell you that there is a lot of people in our mailling list who 
reports using IMQ in production, including myself, with great stability. 
My server is up for more then 160 days with around 100 PPPoE users on it 
all the time. I run it on other shapping servers as well.

We''ve eing working on IMQ last months and now there are stable versions
for 2.4 and 2.6 kernels (up to 2.6.7), and one beta version being 
tested. In your scenario you better get the stable versions:

Patch for Linux-2.6.1 up to 2.6.7 - 
http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff

Patch for Linux-2.4.24 / 2.4.25 / 2.4.26 - 
http://www.linuximq.net/patchs/linux-2.4.26-imq.diff

Patch for iptables up to 1.2.11 - 
http://www.linuximq.net/patchs/iptables-1.2.9-imq1.diff

I don''t know if someone used IMQ in a 27Mbps link but it is worth 
trying. I would like to invite you to visit our site at www.linuximq.net 
and join our low traffic mailling list.

If you ever decide to give our beta patch a try, it has some corrections 
and implementations as follows:

- Correction of ipv6 support "+"s issue (Hasso Tepper)
- Correction of imq_init_devs() issue that resulted in
kernel OOPS unloading IMQ as module (Norbert Buchmuller)
- Addition of functionality to choose number of IMQ devices
during kernel config (Andre Correa)
- Addition of functionality to choose how IMQ hooks on
PRE and POSTROUTING (after or before NAT) (Andre Correa)
- Cosmetic corrections (Norbert Buchmuller) (Andre Correa)


Please let us know if we can help you somehow.

Good Luck!

Andre



Walt Wyndroski wrote:
> I''ve followed this list for quite a long time and have even posted
a couple
> of times. I used the early versions of IMQ from Devik (I think that was his
> name), and it worked well. I only ever got the chance to implement it in my
> test environment. I now need to implement it in my production environment.
> My Linux core router has nine interfaces and has a 27 megabit connection to
> the internet. It is quite busy much of the time. It runs Fedora Core 1 now
> but will most likely be upgraded to Fedora Core 2 in the next month or so.
> 
> Now with all that said, here is my question. I see that maintenance of IMQ
> has been passed on a couple of times. I see some people say that IMQ is not
> stable and should not be put into a production environment. My use of IMQ a
> year ago invovled only egress qdiscs using HTB and SFQ because the egress
> qdiscs were much more powerful and better than the ingress qdisc. The only
> problem that I ever had with IMQ was using the iptables target with both
> PREROUTING and POSTROUTING. I see Roy has posted that IMQ essentially
> crashes when doing egress shaping. Is this correct? I''ve always
understood
> egress as outbound shaping/filtering and ingress as inbound
> shaping/filtering. I say that because I saw in an earlier post by Roy that
> he changed his terminology to INPUT,OUTPUT, and FORWARD. Was he not using
> the terms egress and ingress correctly? I see that the current
''big'' problem
> is touching locally generated traffic. What I need to know is which version
> of IMQ is most stable for kernel 2.6? Or even kernel2.4? Is it
Devera''s?
> McHardy''s? Correa''s? or Roy''s? Or should I just
leave it alone? My apologies
> if I got names wrong.
> 
> This is probably a long email just to ask that question, but I
can''t seem to
> find an answer from the list archives. I downloaded the whole 46 mb archive
> and essentially read 90% of the posts related to IMQ. I''m just
trying to get
> a good understanding of what''s happening with/to IMQ.
> 
> Thank you in advance for any advice.
> 
> Walt Wyndroski
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Walt, www.linuximq.net version is the evolution from
Devik->McHardy''s
IMQ. Roy started a project where he developed his own implementation of 
IMQ like functionality. I can''t tell you more about his version because
I never had a chance to give it a try.

The IMQ version from www.linuximq.net that comes from the original IMQ 
implementation really needs patching the kernel and iptables sources.

Andre


Walt Wyndroski wrote:
> So you are saying that I do not need to patch my kernel? I do not
understand
> that statement. I had to recompile my kernel with the imq patch as well as
> iptables before IMQ would work for me. The way I have always understood IMQ
> is that it is a virtual network device, a virtual network card if you will.
> Therefore it seems to me that egress would apply since iptables is only
> being used to redirect traffic through the virtual IMQ device. IPROUTE2/TC
> would then shape traffic leaving the virutal IMQ device (egress traffic).
> This is how I understand IMQ. If I am wrong, please set me straight.
> 
>>From what you are saying, either IMQ is completely unstable or iptables
> and/or the tcp/ip stack is unstable. Not that I am a guru on the internals
> of iptables or the Linux tcp/ip stack, but I think iptables and the Linux
> tcp/ip stack is most likely stable. To be fair, I must admit that I have
not
> had a full opportunity to test out your version of IMQ either, only the
> prior versions.
> 
> Who''s version of IMQ resides on www.linuximq.org ?
> 
> Walt Wyndroski
> 
> 
> ----- Original Message ----- 
> From: "Roy" <roy@xxx.lt>
> To: "Walt Wyndroski" <wdwrn@friendlycity.net>;
<lartc@mailman.ds9a.nl>
> Sent: Tuesday, July 06, 2004 10:34 AM
> Subject: Re: [LARTC] Simply IMQ
> 
> 
> 
>>Probably I was the last one who changed imq code.
>>so here is are the facts:
>>Basicaly all imq versions are usefull under aproriate condition, whis is
> 
> do
> 
>>not touch localy generated traffic.
>>ingress nad egress terms are not correct for imq, because it is iptables
>>module, not nic.
>>Just my version hooks on different iptables hooks, and simply ignores
all
>>local generated traffic. It cant be crashed with incorrect rules.
>>basicaly only advantage of my version is nore clean way to hook on
> 
> iptables,
> 
>>code is same for 2.4 and 2.6 kernels, and no need to patch, stability
> 
> should
> 
>>be same on both kernels.
>>Now it is hard to say why imq crash, because crashes occur in various
> 
> places
> 
>>not related to this module, it seems like memory leak, but does not like
> 
> imq
> 
>>can have such bug. I suppose there is somethisng wrong with iptables or
> 
> tcp
> 
>>code itself, since imq does big mess with packets by droping and
> 
> reordering
> 
>>then alot.
>>
>>Anyway imq does not work as I expected, basicaly all forward shaping is
>>quite hard, I was trying to make tcp traffic predictor because else it
is
>>too late.
>>It must be sart enough to work I need to adjust predictor delay, and
> 
> packets
> 
>>size. what makes it quite hard to implement.
>>
>>
>>
>>----- Original Message ----- 
>>From: "Walt Wyndroski" <wdwrn@friendlycity.net>
>>To: <lartc@mailman.ds9a.nl>
>>Sent: Tuesday, July 06, 2004 4:48 PM
>>Subject: [LARTC] Simply IMQ
>>
>>
>>
>>>I''ve followed this list for quite a long time and have even
>>>posted a couple
>>>of times. I used the early versions of IMQ from Devik (I think that
was
>>
>>his
>>
>>>name), and it worked well. I only ever got the chance to implement
it in
>>
>>my
>>
>>>test environment. I now need to implement it in my production
> 
> environment.
> 
>>>My Linux core router has nine interfaces and has a 27 megabit
connection
>>
>>to
>>
>>>the internet. It is quite busy much of the time. It runs Fedora Core
1
> 
> now
> 
>>>but will most likely be upgraded to Fedora Core 2 in the next month
or
> 
> so.
> 
>>>Now with all that said, here is my question. I see that maintenance
of
> 
> IMQ
> 
>>>has been passed on a couple of times. I see some people say that IMQ
is
>>
>>not
>>
>>>stable and should not be put into a production environment. My use
of
> 
> IMQ
> 
>>a
>>
>>>year ago invovled only egress qdiscs using HTB and SFQ because the
> 
> egress
> 
>>>qdiscs were much more powerful and better than the ingress qdisc.
The
> 
> only
> 
>>>problem that I ever had with IMQ was using the iptables target with
both
>>>PREROUTING and POSTROUTING. I see Roy has posted that IMQ
essentially
>>>crashes when doing egress shaping. Is this correct? I''ve
always
> 
> understood
> 
>>>egress as outbound shaping/filtering and ingress as inbound
>>>shaping/filtering. I say that because I saw in an earlier post by
Roy
> 
> that
> 
>>>he changed his terminology to INPUT,OUTPUT, and FORWARD. Was he not
> 
> using
> 
>>>the terms egress and ingress correctly? I see that the current
''big''
>>
>>problem
>>
>>>is touching locally generated traffic. What I need to know is which
>>
>>version
>>
>>>of IMQ is most stable for kernel 2.6? Or even kernel2.4? Is it
Devera''s?
>>>McHardy''s? Correa''s? or Roy''s? Or should
I just leave it alone? My
>>
>>apologies
>>
>>>if I got names wrong.
>>>
>>>This is probably a long email just to ask that question, but I
can''t
> 
> seem
> 
>>to
>>
>>>find an answer from the list archives. I downloaded the whole 46 mb
>>
>>archive
>>
>>>and essentially read 90% of the posts related to IMQ. I''m
just trying to
>>
>>get
>>
>>>a good understanding of what''s happening with/to IMQ.
>>>
>>>Thank you in advance for any advice.
>>>
>>>Walt Wyndroski
>>>
>>>_______________________________________________
>>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/
>>>
>>
>>_______________________________________________
>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Actually, I do have a question concerning fedora core 2, iptables-1.2.9 and
above, and IMQ. The problem is as follows:

I easily got IMQ compiled into the 2.6.6 kernel on FC2. I''m using
iptables-1.2.9. I could not get iptables-1.2.9 to recompile. I kept getting
errors about using glibc headers instead. I found a patch for iptables
Makefile which fixed that. However, the shared library (libipt_IMQ.so) would
never get created.

Is something wrong with the kernel headers from the Fedora kernel-sourcecode
rpm?

I realize that this is not entirely related to the LARTC list.

Regards,

Walt Wyndroski

----- Original Message ----- 
From: "Andre Correa" <andre.correa@pobox.com>
To: "Walt Wyndroski" <wdwrn@friendlycity.net>
Cc: <lartc@mailman.ds9a.nl>
Sent: Tuesday, July 06, 2004 2:07 PM
Subject: Re: [LARTC] Simply IMQ

>
> Hi Walt, I''m the "Correa" from your list. In fact
www.linuximq.net is a
> project from a group of people, not just me, who are working on:
> Devera->McHardy IMQ''s code that was unmantained and now is
alive again.
>
> We can tell you that there is a lot of people in our mailling list who
> reports using IMQ in production, including myself, with great stability.
> My server is up for more then 160 days with around 100 PPPoE users on it
> all the time. I run it on other shapping servers as well.
>
> We''ve eing working on IMQ last months and now there are stable
versions
> for 2.4 and 2.6 kernels (up to 2.6.7), and one beta version being
> tested. In your scenario you better get the stable versions:
>
> Patch for Linux-2.6.1 up to 2.6.7 -
> http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff
>
> Patch for Linux-2.4.24 / 2.4.25 / 2.4.26 -
> http://www.linuximq.net/patchs/linux-2.4.26-imq.diff
>
> Patch for iptables up to 1.2.11 -
> http://www.linuximq.net/patchs/iptables-1.2.9-imq1.diff
>
> I don''t know if someone used IMQ in a 27Mbps link but it is worth
> trying. I would like to invite you to visit our site at www.linuximq.net
> and join our low traffic mailling list.
>
> If you ever decide to give our beta patch a try, it has some corrections
> and implementations as follows:
>
> - Correction of ipv6 support "+"s issue (Hasso Tepper)
> - Correction of imq_init_devs() issue that resulted in
> kernel OOPS unloading IMQ as module (Norbert Buchmuller)
> - Addition of functionality to choose number of IMQ devices
> during kernel config (Andre Correa)
> - Addition of functionality to choose how IMQ hooks on
> PRE and POSTROUTING (after or before NAT) (Andre Correa)
> - Cosmetic corrections (Norbert Buchmuller) (Andre Correa)
>
>
> Please let us know if we can help you somehow.
>
> Good Luck!
>
> Andre
>
>
>
> Walt Wyndroski wrote:
> > I''ve followed this list for quite a long time and have even
posted a
couple
> > of times. I used the early versions of IMQ from Devik (I think that
was
his
> > name), and it worked well. I only ever got the chance to implement it
in
my
> > test environment. I now need to implement it in my production
environment.
> > My Linux core router has nine interfaces and has a 27 megabit
connection
to
> > the internet. It is quite busy much of the time. It runs Fedora Core 1
now
> > but will most likely be upgraded to Fedora Core 2 in the next month or
so.
> >
> > Now with all that said, here is my question. I see that maintenance of
IMQ
> > has been passed on a couple of times. I see some people say that IMQ
is
not
> > stable and should not be put into a production environment. My use of
IMQ a
> > year ago invovled only egress qdiscs using HTB and SFQ because the
egress
> > qdiscs were much more powerful and better than the ingress qdisc. The
only
> > problem that I ever had with IMQ was using the iptables target with
both
> > PREROUTING and POSTROUTING. I see Roy has posted that IMQ essentially
> > crashes when doing egress shaping. Is this correct? I''ve
always
understood
> > egress as outbound shaping/filtering and ingress as inbound
> > shaping/filtering. I say that because I saw in an earlier post by Roy
that
> > he changed his terminology to INPUT,OUTPUT, and FORWARD. Was he not
using
> > the terms egress and ingress correctly? I see that the current
''big''
problem
> > is touching locally generated traffic. What I need to know is which
version
> > of IMQ is most stable for kernel 2.6? Or even kernel2.4? Is it
Devera''s?
> > McHardy''s? Correa''s? or Roy''s? Or should I
just leave it alone? My
apologies
> > if I got names wrong.
> >
> > This is probably a long email just to ask that question, but I
can''t
seem to
> > find an answer from the list archives. I downloaded the whole 46 mb
archive
> > and essentially read 90% of the posts related to IMQ. I''m
just trying to
get
> > a good understanding of what''s happening with/to IMQ.
> >
> > Thank you in advance for any advice.
> >
> > Walt Wyndroski
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
> >
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Walt, I cannot tell you about Fedora, I''m not a user of it.

I would suggest you ask it on IMQ mailling list. Maybe there is somebody 
using Fedora there who can help. If you find nothing please send me in 
pvt exactly what were your steps and the error messages you got on the way.

Andre


Walt Wyndroski wrote:
> Actually, I do have a question concerning fedora core 2, iptables-1.2.9 and
> above, and IMQ. The problem is as follows:
> 
> I easily got IMQ compiled into the 2.6.6 kernel on FC2. I''m using
> iptables-1.2.9. I could not get iptables-1.2.9 to recompile. I kept getting
> errors about using glibc headers instead. I found a patch for iptables
> Makefile which fixed that. However, the shared library (libipt_IMQ.so)
would
> never get created.
> 
> Is something wrong with the kernel headers from the Fedora
kernel-sourcecode
> rpm?
> 
> I realize that this is not entirely related to the LARTC list.
> 
> Regards,
> 
> Walt Wyndroski
> 
> ----- Original Message ----- 
> From: "Andre Correa" <andre.correa@pobox.com>
> To: "Walt Wyndroski" <wdwrn@friendlycity.net>
> Cc: <lartc@mailman.ds9a.nl>
> Sent: Tuesday, July 06, 2004 2:07 PM
> Subject: Re: [LARTC] Simply IMQ
> 
> 
> 
>>Hi Walt, I''m the "Correa" from your list. In fact
www.linuximq.net is a
>>project from a group of people, not just me, who are working on:
>>Devera->McHardy IMQ''s code that was unmantained and now is
alive again.
>>
>>We can tell you that there is a lot of people in our mailling list who
>>reports using IMQ in production, including myself, with great stability.
>>My server is up for more then 160 days with around 100 PPPoE users on it
>>all the time. I run it on other shapping servers as well.
>>
>>We''ve eing working on IMQ last months and now there are stable
versions
>>for 2.4 and 2.6 kernels (up to 2.6.7), and one beta version being
>>tested. In your scenario you better get the stable versions:
>>
>>Patch for Linux-2.6.1 up to 2.6.7 -
>>http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff
>>
>>Patch for Linux-2.4.24 / 2.4.25 / 2.4.26 -
>>http://www.linuximq.net/patchs/linux-2.4.26-imq.diff
>>
>>Patch for iptables up to 1.2.11 -
>>http://www.linuximq.net/patchs/iptables-1.2.9-imq1.diff
>>
>>I don''t know if someone used IMQ in a 27Mbps link but it is
worth
>>trying. I would like to invite you to visit our site at www.linuximq.net
>>and join our low traffic mailling list.
>>
>>If you ever decide to give our beta patch a try, it has some corrections
>>and implementations as follows:
>>
>>- Correction of ipv6 support "+"s issue (Hasso Tepper)
>>- Correction of imq_init_devs() issue that resulted in
>>kernel OOPS unloading IMQ as module (Norbert Buchmuller)
>>- Addition of functionality to choose number of IMQ devices
>>during kernel config (Andre Correa)
>>- Addition of functionality to choose how IMQ hooks on
>>PRE and POSTROUTING (after or before NAT) (Andre Correa)
>>- Cosmetic corrections (Norbert Buchmuller) (Andre Correa)
>>
>>
>>Please let us know if we can help you somehow.
>>
>>Good Luck!
>>
>>Andre
>>
>>
>>
>>Walt Wyndroski wrote:
>>
>>>I''ve followed this list for quite a long time and have even
posted a
> 
> couple
> 
>>>of times. I used the early versions of IMQ from Devik (I think that
was
> 
> his
> 
>>>name), and it worked well. I only ever got the chance to implement
it in
> 
> my
> 
>>>test environment. I now need to implement it in my production
> 
> environment.
> 
>>>My Linux core router has nine interfaces and has a 27 megabit
connection
> 
> to
> 
>>>the internet. It is quite busy much of the time. It runs Fedora Core
1
> 
> now
> 
>>>but will most likely be upgraded to Fedora Core 2 in the next month
or
> 
> so.
> 
>>>Now with all that said, here is my question. I see that maintenance
of
> 
> IMQ
> 
>>>has been passed on a couple of times. I see some people say that IMQ
is
> 
> not
> 
>>>stable and should not be put into a production environment. My use
of
> 
> IMQ a
> 
>>>year ago invovled only egress qdiscs using HTB and SFQ because the
> 
> egress
> 
>>>qdiscs were much more powerful and better than the ingress qdisc.
The
> 
> only
> 
>>>problem that I ever had with IMQ was using the iptables target with
both
>>>PREROUTING and POSTROUTING. I see Roy has posted that IMQ
essentially
>>>crashes when doing egress shaping. Is this correct? I''ve
always
> 
> understood
> 
>>>egress as outbound shaping/filtering and ingress as inbound
>>>shaping/filtering. I say that because I saw in an earlier post by
Roy
> 
> that
> 
>>>he changed his terminology to INPUT,OUTPUT, and FORWARD. Was he not
> 
> using
> 
>>>the terms egress and ingress correctly? I see that the current
''big''
> 
> problem
> 
>>>is touching locally generated traffic. What I need to know is which
> 
> version
> 
>>>of IMQ is most stable for kernel 2.6? Or even kernel2.4? Is it
Devera''s?
>>>McHardy''s? Correa''s? or Roy''s? Or should
I just leave it alone? My
> 
> apologies
> 
>>>if I got names wrong.
>>>
>>>This is probably a long email just to ask that question, but I
can''t
> 
> seem to
> 
>>>find an answer from the list archives. I downloaded the whole 46 mb
> 
> archive
> 
>>>and essentially read 90% of the posts related to IMQ. I''m
just trying to
> 
> get
> 
>>>a good understanding of what''s happening with/to IMQ.
>>>
>>>Thank you in advance for any advice.
>>>
>>>Walt Wyndroski
>>>
>>>_______________________________________________
>>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/
>>>
>>>
>>
>>_______________________________________________
>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi, I''m facing a problem that I cannot figure out how to solve. Some of
my linux boxes with heavy traffic (>20Mbps) are registering avg of 
200pkts per second in their default classes. This is not supposed to 
happen and I want to find some info about this traffic (source ip, 
destination ip, proto, ports, etc).

Is there a way to find what is going to the default class or any other 
class? For what I know there is no way and it wouldn''t be trivial to 
program it.

Thanks in advance for any information.

Andre
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/