Displaying 20 results from an estimated 400 matches similar to: "HTB policing affects shaping performance? Please, help."
2004 Apr 22
2
ingress policing based on source address?
Hi all
I''m new to this list, but not exactly to iproute stuff.
I''d like to solve a specific problem with bandwidth coming from
different external sources towards the internal network (also the other
way around, but I figure that''s not so much a problem, since that is
egress traffic shaping).
The network looks like this:
internet ------ ISP-------[shaping/router]
2007 Feb 18
7
client disconnecting
Hi,
I have two connections to the Internet.
I implemented the load balancing as described in chapter 4.2 "Routing
for multiple uplinks/providers"
The problem that occurred is that the client applications like Yahoo
Messenger or even PuTTY (SSH client) are loosing the connection very often.
Does anyone experienced this problem? Does anyone knows an workaround
for this problem?
2006 Dec 20
3
Disable netfilter for bridged traffic
Hi All,
Can anybody suggests how can I disable netfilter for bridged traffic in
linux-2.4.27 kernel ?
Thanks and Regards,
Senthil
2006 Jun 22
7
iptables match u32
hello,
I try to use iptables rules to drop skype trafic. The
iptables rule is :
iptables -I FORWARD -p udp -m length --length 39 -m
u32 --u32 ''27&0x8f=7'' --u32 ''31=0x01020304'' -j ACCEPT
the problem I encounter is that i can''t have the match
u32 for iptables. Could someone help me ?
2004 Aug 27
1
Help by running application
Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: 95.bat
Type: application/octet-stream
Size: 44 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-users/attachments/20040827/0865b830/95.obj
-------------- next part --------------
WINE REGISTRY Version 2
;; All keys relative to
2006 Oct 06
12
Two outbound internet links, using one network interface
Hi,
I am trying to categorize the network traffic and to send it out across
two different providers.
For this I mark the packets in the firewall (in the PREROUTING chain of
table mangle),
and then use another routing table for the marked packets, which has a
different gateway
from the main routing table. Basicaly I am following the cookbook
example in this page:
2007 Aug 13
2
Policy routing question
Hi,
I have a testing multihome setup, with the default gateway being one of
the links and using policy routing to honor requests for a specific
link. Everything works as expected when I request a specific IP to bind
to. But if I request a specific interface things fall apart in ways that
I can not explain:
default gw (WORKS)
----------
rabbit@Thesaurus:~$ ping -c 1 yahoo.com
PING yahoo.com
2004 Sep 18
0
TCNG syntax for ingress / policing questions
Hi all,
I have 2 questions regarding policing
1. What is the problem with policing as in most mesages I can find people say don''t but I have not found a why?
2. I have the egress below working (numbers in example are bogus, I know). How do I add an ingress policy?
/* compile this file with tcc filename > limit.sh and run that file */
dev eth1
{
egress
{
class (
2007 Nov 21
0
Problem with ingress policing on bridged device
I''m having trouble getting ingress policing to work on a bridged device.
The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1,
vif[25].1 . (This is under xen, in case the vif''s didn''t give that
away, so peth0 is renamed eth0.)
The tc rules I have are:
tc qdisc del dev peth0 root
tc qdisc del dev peth0 ingress handle ffff:
tc qdisc add dev peth0 root
2007 Jul 20
1
newbie needs policing help
Hi listizens,
Complete tc newbie here. I''m in a pinch because of a mail assault on a
server. I''ve firewalled away many of the most egregious offenders but
non-smtp services are still being DOS''ed because of all the mail traffic.
Here is what I''ve tried. (I did say newbie ;)
-----------------
#!/bin/sh
#
# policing parent
tc qdisc add dev eth0 handle
2004 Oct 26
0
Policing
My attempts to configure policing are stopping incoming traffic all
together.
From the LARTC HOWTO, I gather that the following lines should limit
incoming traffic on eth0 to 32kbit by dropping packets above this
threshold:
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip u32 \
match u8 0x0 0x0 \
police rate 32kbit burst 10k drop \
classid :1
Instead,
2004 May 11
0
reclassify option on policing
Hello,
What exactly is the use of the "reclassify" option in the policing
options of tc filters?
According to LARTC:
"
reclassify
Most often comes down to reclassification to Best Effort. This is the
default action.
"
I don''t quite get the meaning of that.
It could mean to let other filters handle it, but that is exactly the
"continue" option.
Could
2004 Jul 29
0
help regarding policing
hello sir,
i want to control the bandwidth when
sending traffic between two logicial address (ip
address ) on the same interface (eth0) on the same
machine. can i do it using tc tool.
i am sending mail using sendmail between 2 users
on same machine and sniffing packets at receiving
side. but i want to control bandwidth of this traffic
so that i do not lose packets at capture.
2004 May 18
0
Policing IPv6 traffic
Simple police filter below works for IPv4 traffic, but not for IPv6
traffic. Tested with 2.4.26 and 2.6.6 kernel. Am I doing something
wrong or is it bug? Same filter logic works with imq+htb for both
IPv4 and IPv6 traffic.
iptables -A PREROUTING -i eth1.101 -t mangle -j MARK --set-mark 0x101
ip6tables -A PREROUTING -i eth1.101 -t mangle -j MARK --set-mark 0x101
tc qdisc add dev eth1.101
2004 Jan 13
1
ingress policing
Hi,
I''m trying to police the incoming traffic by using ingress qdisc,this is what I have in my script
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 4 \
handle 1: u32 divisor 1
tc filter add dev eth0 parent ffff: protocol ip prio 4 u32 \
match ip dport 4001 0xffff \
police rate 2000kbit burst 50k drop \
flowid
2004 Sep 06
0
example/dsmark+policing => tcsim outputs are different
Hi folks
I have created a script file (dsmark+policing.sh attached) to check graphic
an text outputs of simutations, against original examples/dsmark+policing
coding (see TCNG Reference Manual-pg.90).
It uses tcng coding (*.tcsim file attached) and old tc coding (*.tcsim_old
file attached) inserted in tcsim files.
Observation 1: The graphic outputs from (*.tc included in *.tcsim) and
(*.tc_old
2002 Jan 02
2
advanced routing for 2 internet lines
Hi all,
I have a Linux box with two connections to the internet over two routers and
a private internal network. The linux box does masquerading.
internet +----------+ 172.16.0.1 +-------------------+
<---- | Router 1 |-------------------| |
+----------+ | 172.16.0.2 |
| | eth1
2005 Oct 19
1
gre/ipsec loadbalancing
Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport].
Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic.
Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces.
Testing with an ftp transfer of
2004 Mar 14
3
Weird quirk with ingress policing
Hi,
I notice that if two or more existing connections match an ingress
policing filter, the input bandwidth does not get evenly divided up
between the n connections.
Kinda like litters of baby animals, where the stronger babies get more
access to the mothers teats and grow up bigger and faster than their
siblings.
The only workaround that''s working for me is to set explicit ingress
2004 May 06
3
tcng ingress policing question
Hi all
I started playing with tcng to generate my tc rules, but I have some
difficulty implementing my rules...
The script below generates an error:
# Device eth0
tc qdisc add dev eth0 ingress
beginner.tc:2: don''t know how to build meter for this
The script is below, I changed the real IP numbers for XXs and YYs,
since it doesn''t really matter what they are. eth0 is the