Here''s a challenge for you Shorewall gurus out there. I have a client that has just installed a two-circuit T1 connection to their office. The T1''s are not bonded, in the truest sense. Instead, the ISP maintains a Cisco router that performs ECMP over the circuits. They claim the routing metric performs per-packet splitting of the data across both circuits. This represents a challenge to me, as coming out of the Cisco router I have only one Ethernet connection to the Shorewall box. Aggregate speeds across that link can be up to both lines summed, but individual sessions can only be the speed of one of the circuits. Is there any way to use traffic shaping in this environment? The client definitely needs it, but it doesn''t appear to me that tc has the ability to handle this scenario. Any suggestions welcome. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
List Receiver wrote:> Here''s a challenge for you Shorewall gurus out there. I have a client that has just installed a two-circuit T1 connection to their office. The T1''s are not bonded, in the truest sense. Instead, the ISP maintains a Cisco router that performs ECMP over the circuits. They claim the routing metric performs per-packet splitting of the data across both circuits. > > This represents a challenge to me, as coming out of the Cisco router I have only one Ethernet connection to the Shorewall box. Aggregate speeds across that link can be up to both lines summed, but individual sessions can only be the speed of one of the circuits. > > Is there any way to use traffic shaping in this environment? The client definitely needs it, but it doesn''t appear to me that tc has the ability to handle this scenario. > > Any suggestions welcome.Have you tried using straight-forward traffic shaping in this environment? Did it fail? If so, how did it fail? Let''s be sure that there is a real problem here before we start trying to solve it. -Tom PS -- any way that you could post with line folding -- your post is a complete pain to reply to since each paragraph is one long line. So my apologies for the sloppy quoting but it''s too painful to prune what you wrote. -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > users-bounces@lists.sourceforge.net] On Behalf Of Tom Eastep > Sent: Tuesday, October 23, 2007 7:25 PM > To: Shorewall Users > Subject: Re: [Shorewall-users] Traffic shaping suggestions for ECMP > config > > List Receiver wrote: > > Here''s a challenge for you Shorewall gurus out there. I have a > client that has just installed a two-circuit T1 connection to their > office. The T1''s are not bonded, in the truest sense. Instead, the > ISP maintains a Cisco router that performs ECMP over the circuits. > They claim the routing metric performs per-packet splitting of the data > across both circuits. > > > > This represents a challenge to me, as coming out of the Cisco router > I have only one Ethernet connection to the Shorewall box. Aggregate > speeds across that link can be up to both lines summed, but individual > sessions can only be the speed of one of the circuits. > > > > Is there any way to use traffic shaping in this environment? The > client definitely needs it, but it doesn''t appear to me that tc has the > ability to handle this scenario. > > > > Any suggestions welcome. > > Have you tried using straight-forward traffic shaping in this > environment? Did it fail? If so, how did it fail? > > Let''s be sure that there is a real problem here before we start trying > to solve it. > > -Tom > > PS -- any way that you could post with line folding -- your post is a > complete pain to reply to since each paragraph is one long line. So my > apologies for the sloppy quoting but it''s too painful to prune what you > wrote. > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.keyTom, Sorry, I don''t think Outlook 2007 has that feature (line folding). I did look around for it, but I didn''t see anything in the options. If someone knows the trick, let me know. Line wrap is set at 76 characters, but it doesn''t seem to do anything when I''m composing a message. In answer to your question, yes, I''ve tried straight-forward traffic shaping. It only works when both circuits reach saturation of either downstream or upstream channels simultaneously. That is when set to the speed of the circuits combined. When set to the speed of one of the circuits, we''re wasting half the bandwidth available to the firewall. Clear as mud? ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Tue, Oct 23, 2007 at 08:29:40PM -0700, List Receiver wrote:> > Sorry, I don''t think Outlook 2007 has that feature (line folding). I > did look around for it, but I didn''t see anything in the options. If > someone knows the trick, let me know. Line wrap is set at 76 > characters, but it doesn''t seem to do anything when I''m composing a > message. >IIRC, you can fix that by forcing outlook to *not* use word as an email editor and also to compose/read in plain-text. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Oct 23, 2007, at 5:50 PM, List Receiver wrote:> > This represents a challenge to me, as coming out of the Cisco > router I have only one Ethernet connection to the Shorewall box. > Aggregate speeds across that link can be up to both lines summed, > but individual sessions can only be the speed of one of the circuits.This basically proves that they''re distributing across the links by state/connection rather than by packet. If you can get the ISP to do it by packet, you''ll be able to shape the connection much more effectively. Keep in mind that routers on both end would have to share this configuration. Also beware that some protocols/clients don''t handle out of order packets very well and that out of order packets are much more likely to happen when using a by packet distribution scheme. -Brian ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > users-bounces@lists.sourceforge.net] On Behalf Of Roberto C. Sánchez > Sent: Tuesday, October 23, 2007 8:41 PM > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] Traffic shaping suggestions for ECMP > config > > On Tue, Oct 23, 2007 at 08:29:40PM -0700, List Receiver wrote: > > > > Sorry, I don''t think Outlook 2007 has that feature (line folding). I > > did look around for it, but I didn''t see anything in the options. If > > someone knows the trick, let me know. Line wrap is set at 76 > > characters, but it doesn''t seem to do anything when I''m composing a > > message. > > > IIRC, you can fix that by forcing outlook to *not* use word as an email > editor and also to compose/read in plain-text. > > Regards, > > -Roberto > > -- > Roberto C. Sánchez > http://people.connexer.com/~roberto > http://www.connexer.com >I *never* user Word as my editor, and I already have it set to plain-text. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > users-bounces@lists.sourceforge.net] On Behalf Of Brian Camp > Sent: Tuesday, October 23, 2007 9:10 PM > To: List Receiver > Cc: Shorewall Users > Subject: Re: [Shorewall-users] Traffic shaping suggestions for ECMP > config > > > On Oct 23, 2007, at 5:50 PM, List Receiver wrote: > > > > > This represents a challenge to me, as coming out of the Cisco > > router I have only one Ethernet connection to the Shorewall box. > > Aggregate speeds across that link can be up to both lines summed, > > but individual sessions can only be the speed of one of the circuits. > > > This basically proves that they''re distributing across the links by > state/connection rather than by packet. If you can get the ISP to do > it by packet, you''ll be able to shape the connection much more > effectively. Keep in mind that routers on both end would have to > share this configuration. > > Also beware that some protocols/clients don''t handle out of order > packets very well and that out of order packets are much more likely > to happen when using a by packet distribution scheme. > > -Brian >That was one scenario I was thinking as well. Given I can only achieve ~1Mbps throughputs from anything behind the firewall, that lends further food for the fire. I think I''m going to have to bring this up with the ISP...again. :^/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Tue, Oct 23, 2007 at 10:18:55PM -0700, List Receiver wrote:> > -----Original Message----- > > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > > users-bounces@lists.sourceforge.net] On Behalf Of Roberto C. Sánchez > > Sent: Tuesday, October 23, 2007 8:41 PM > > To: shorewall-users@lists.sourceforge.net > > Subject: Re: [Shorewall-users] Traffic shaping suggestions for ECMP > > config > > > > On Tue, Oct 23, 2007 at 08:29:40PM -0700, List Receiver wrote: > > > > > > Sorry, I don''t think Outlook 2007 has that feature (line folding). I > > > did look around for it, but I didn''t see anything in the options. If > > > someone knows the trick, let me know. Line wrap is set at 76 > > > characters, but it doesn''t seem to do anything when I''m composing a > > > message. > > > > > IIRC, you can fix that by forcing outlook to *not* use word as an email > > editor and also to compose/read in plain-text. > > > > Regards, > > > > -Roberto > > > > -- > > Roberto C. Sánchez > > http://people.connexer.com/~roberto > > http://www.connexer.com > > > > I *never* user Word as my editor, and I already have it set to plain-text. >Odd. Then I don''t know. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/