similar to: HTB policing affects shaping performance? Please, help.

Hi all I''m new to this list, but not exactly to iproute stuff. I''d like to solve a specific problem with bandwidth coming from different external sources towards the internal network (also the other way around, but I figure that''s not so much a problem, since that is egress traffic shaping). The network looks like this: internet ------ ISP-------[shaping/router]

Hi, I have two connections to the Internet. I implemented the load balancing as described in chapter 4.2 "Routing for multiple uplinks/providers" The problem that occurred is that the client applications like Yahoo Messenger or even PuTTY (SSH client) are loosing the connection very often. Does anyone experienced this problem? Does anyone knows an workaround for this problem?

Hi All, Can anybody suggests how can I disable netfilter for bridged traffic in linux-2.4.27 kernel ? Thanks and Regards, Senthil

hello, I try to use iptables rules to drop skype trafic. The iptables rule is : iptables -I FORWARD -p udp -m length --length 39 -m u32 --u32 ''27&0x8f=7'' --u32 ''31=0x01020304'' -j ACCEPT the problem I encounter is that i can''t have the match u32 for iptables. Could someone help me ?

Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: 95.bat Type: application/octet-stream Size: 44 bytes Desc: not available Url : http://www.winehq.org/pipermail/wine-users/attachments/20040827/0865b830/95.obj -------------- next part -------------- WINE REGISTRY Version 2 ;; All keys relative to

Hi, I am trying to categorize the network traffic and to send it out across two different providers. For this I mark the packets in the firewall (in the PREROUTING chain of table mangle), and then use another routing table for the marked packets, which has a different gateway from the main routing table. Basicaly I am following the cookbook example in this page:

Hi, I have a testing multihome setup, with the default gateway being one of the links and using policy routing to honor requests for a specific link. Everything works as expected when I request a specific IP to bind to. But if I request a specific interface things fall apart in ways that I can not explain: default gw (WORKS) ---------- rabbit@Thesaurus:~$ ping -c 1 yahoo.com PING yahoo.com

Hi all, I have 2 questions regarding policing 1. What is the problem with policing as in most mesages I can find people say don''t but I have not found a why? 2. I have the egress below working (numbers in example are bogus, I know). How do I add an ingress policy? /* compile this file with tcc filename > limit.sh and run that file */ dev eth1 { egress { class (

I''m having trouble getting ingress policing to work on a bridged device. The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1, vif[25].1 . (This is under xen, in case the vif''s didn''t give that away, so peth0 is renamed eth0.) The tc rules I have are: tc qdisc del dev peth0 root tc qdisc del dev peth0 ingress handle ffff: tc qdisc add dev peth0 root

Hi listizens, Complete tc newbie here. I''m in a pinch because of a mail assault on a server. I''ve firewalled away many of the most egregious offenders but non-smtp services are still being DOS''ed because of all the mail traffic. Here is what I''ve tried. (I did say newbie ;) ----------------- #!/bin/sh # # policing parent tc qdisc add dev eth0 handle

My attempts to configure policing are stopping incoming traffic all together. From the LARTC HOWTO, I gather that the following lines should limit incoming traffic on eth0 to 32kbit by dropping packets above this threshold: tc qdisc add dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip u32 \ match u8 0x0 0x0 \ police rate 32kbit burst 10k drop \ classid :1 Instead,

Hello, What exactly is the use of the "reclassify" option in the policing options of tc filters? According to LARTC: " reclassify Most often comes down to reclassification to Best Effort. This is the default action. " I don''t quite get the meaning of that. It could mean to let other filters handle it, but that is exactly the "continue" option. Could

hello sir, i want to control the bandwidth when sending traffic between two logicial address (ip address ) on the same interface (eth0) on the same machine. can i do it using tc tool. i am sending mail using sendmail between 2 users on same machine and sniffing packets at receiving side. but i want to control bandwidth of this traffic so that i do not lose packets at capture.

Simple police filter below works for IPv4 traffic, but not for IPv6 traffic. Tested with 2.4.26 and 2.6.6 kernel. Am I doing something wrong or is it bug? Same filter logic works with imq+htb for both IPv4 and IPv6 traffic. iptables -A PREROUTING -i eth1.101 -t mangle -j MARK --set-mark 0x101 ip6tables -A PREROUTING -i eth1.101 -t mangle -j MARK --set-mark 0x101 tc qdisc add dev eth1.101

Hi, I''m trying to police the incoming traffic by using ingress qdisc,this is what I have in my script tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 4 \ handle 1: u32 divisor 1 tc filter add dev eth0 parent ffff: protocol ip prio 4 u32 \ match ip dport 4001 0xffff \ police rate 2000kbit burst 50k drop \ flowid

Hi folks I have created a script file (dsmark+policing.sh attached) to check graphic an text outputs of simutations, against original examples/dsmark+policing coding (see TCNG Reference Manual-pg.90). It uses tcng coding (*.tcsim file attached) and old tc coding (*.tcsim_old file attached) inserted in tcsim files. Observation 1: The graphic outputs from (*.tc included in *.tcsim) and (*.tc_old

Hi all, I have a Linux box with two connections to the internet over two routers and a private internal network. The linux box does masquerading. internet +----------+ 172.16.0.1 +-------------------+ <---- | Router 1 |-------------------| | +----------+ | 172.16.0.2 | | | eth1

Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport]. Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic. Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces. Testing with an ftp transfer of

Hi, I notice that if two or more existing connections match an ingress policing filter, the input bandwidth does not get evenly divided up between the n connections. Kinda like litters of baby animals, where the stronger babies get more access to the mothers teats and grow up bigger and faster than their siblings. The only workaround that''s working for me is to set explicit ingress

Hi all I started playing with tcng to generate my tc rules, but I have some difficulty implementing my rules... The script below generates an error: # Device eth0 tc qdisc add dev eth0 ingress beginner.tc:2: don''t know how to build meter for this The script is below, I changed the real IP numbers for XXs and YYs, since it doesn''t really matter what they are. eth0 is the