similar to: tc / MARK question

Hi all, ive been reading lartc howto, im new about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress

Hi all, Another requirement we have is that traffic entering the DS domain be classified then subsequently assigned a (different?) DSCP based upon its classification. For illustrative purposes only let''s say (for traffic entering the DS domain on dev eth0): - WWW traffic would be marked BE - traffic destined for 10.10.10.10 would be marked AF11 - VoIP traffic from 20.20.20.20 would

Hello list, I just wonder if someone did any performance tests (speed of processing the packets) or maybe could advise about this two scenario: 1. packets are marked with iptables and processed by tc using filters 2. packets are sent by iptables directly to tc using CLASSIFY chain, thus avoiding the tc filters I had some thinking about these two ways of dealing with egress traffic and my

On a router, there is no need for and IMQ because there is always an egress path. For example: Internet -> eth1 -> iptables -> routing -> ... -> egress qdisc -> eth0 -> LAN LAN -> eth0 -> iptables -> routing -> .... -> egress qdisc -> eth1 -> Internet Local Process / Proxy -> routing -> iptables -> egress qdisc -> eth1/eth0 ->

Hello, I run one of my PCs as my personal router, with iptables+tc to control traffic and be my firewall. In TC, I use a combination of htb, qdisc and sfq (as well as prio) to classify bandwidth. In my current setup, I have 10 classifications of my bandwidth. (Even I admit this is probably more than I need, but at this point I''m still learning, so I''ll just leave them be.)

Hi, I would like to control download bandwidth from the Internet for clients inside a network. The gateway is a Linux box using ''iptables nat''. I would like to use ''iptables mangle'' to mark the packets coming from the Internet and going to specific clients and then use CBQ to shape it: +-----------+ Internal network | Linux

Hello, I''ve been trying to shape the bittorrent traffic (on my external interface, upload), but without luck, for this I''m using layer7 filter right now, but I''ve also tried ipp2p, with the same results, I might say that this is not a problem with this packet classifiers, the problem is with HTB, here''s why. When I open azureus (the bittorrent client I

Folks, I am a little bit confuse in how to put these packets into correct mangle table for traffic shaping. This is what i ve planned to do: - - - - :eth0 [ LINUX-BOX ] eth1: - - - - Let say: eth0: 220.100.1.1 eth1: 192.168.1.1 eth1:1 192.168.1.2 192.168.1.0/24 get natted into 220.100.1.1 before reaching the internet. I put every packets coming from internet (eth0) this way: # iptables -t

Using below configuration multiplied by 3000+ nodes to control bandwidth causes very high kernel cpu usage (99.5%) narrowed it down to the mangle table. Any ideas to do this more efficiently would be appreciated. The mangle table entry (indicated by ***) is sucking all the cpu. I am running RH7.3 kernel 2.4.18-3 and iptables 1.2.5 This setup has worked well for more than 1000 devices but as the

Hello I have few questions regarding tc functionality (qdiscs, classes, etc.) when vlans are in use. For example, consider interface eth0, for which I create and extra vlan with vconfig, let''s say eth0.11. Then using tc I can add usual things - qdiscs, filters, ... - to both eth0 and eth0.11. The questions are: - on which interface - virtual or real, should I actually use tc ? Or

Hi, I have a Debian that is connected to Internet in eth0, and to a LAN in eth1. I wanted to control traffic with HTB, dividing it depending on what kind of traffic is (Mail, Application Server and others). Would it be good to use HTB qdisc in eth0 egress to control outgoing traffic and HTB qdisc in eth1 egress to control incoming traffic? Or the only way to control incoming traffic is with eth0

Hi folks...!!! I´ve a problem that i did not solve it. i want to limit the DOWNLOAD to my hosts (upstream traffic for the firewall) using IMQ, If i classify by PORT (source or destination) all seems to be fine, but...BUT...if i want to restrict by IP addresss (internal IP address) i can´t do it, because my hosts go to Internet toward the firewall using NAT, so after NAT my IP address in

Hi all I have a trouble configuring the qdiscs, when I indicate the "perturb 10" option to tc, i gives me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10 RTNETLINK answers: Invalid argument if I don''t put the "perturb 10" option, it works. another question is about iptables, when I indicate the " --set-mark" option: iptables -t

Hello list members, Finaly I''m here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don''t work at all for me. Let me explain a bit more in

Hello! I''ve put some questions on this list some weeks ago and I''ve got good answers. Thank you! Now I''ve finished my (beautyful) script and I ran it on my router... About my script: It routes packages based on their destination on the Internet. I have about 1650 preffered destination networks listed in some file. The script read this file and marks every package for

Hi all, I''m having a hell of a time getting my IFB to work. I know I''ve done this before, so I''m missing something stupid. Can anybody tell me what it might be? Configs as follows: -------- #!/bin/sh modprobe ifb numifbs=1000 modprobe act_mirred modprobe 8021q brctl addbr br0 brctl setfd br0 0 brctl stp br0 off brctl addif br0 eth1 brctl addif br0 eth2 ifconfig eth1

Hi to all of you!!! I am a Computer Science student trying to do the pre-grade thesis. I am trying to develop a free software tool to help administrators to control the traffic. Right now this tool is based on tc and iptables. I am having some problems trying to understand tc and tc examples: - Why in almost every list of tc rules based on htb class, there is a "tc qdisc dev ... root ...

Hi! It''s me again bothering you guys, what I want to do is to give full bandwidth to VPN traffic and limit the rest to 30KB/s (kilobytespersecond), ok? Here''s what I have: tcclasses ################################## eth0 1 1kbps 70kbps 1 eth0 2 1kbps 30kbps 2 default eth1 3 15kbps 10000kbps 1 eth1 4

Hello! I have an internet connection of 64kbps garanteed in a channel of 256kbps. On this connection the metropolitan speed is 10Mbps and in the provider''s network the speed is 100Mbps. I have a few clients behind my linux box and i want to set up some limitations because some of them are using it irrational. I am marking the packets with 0 for internet; 1 for metropolitan 2 for

Hi! I am learning tcng without having experiance of tc and I am trying to build something that shall schedule traffic dependent on the value in the IPv4 packets ip_ttl field. I have read the tcng reference manual and cannot find information about forwarding. Is it possible to farward packets from ingress to egress without sending them upwards in layers?