hi all, hi stef, stef i went thru the site www.docum.org & would really like to thank u on one part--->monitor.pl.. :-).. havent tried it yestreday but will today when i find time but reading it i know that ... :-) 1) comming accros 2 one of the pages --> www.docum.org/stef.coene/qos/tests/cbq/splitting/weight/splitting-weight.html ..i saw these 4 lines & got curious 2know y ur sending pkts with mark of 1 & 2 to both classes 10:2 & 20:10 ?..wont there b confusion 2 what rules 2b applied? tc filter add $DEV parent 10: protocol ip prio 3 handle 1 fw classid 10:2 tc filter add $DEV parent 10: protocol ip prio 3 handle 2 fw classid 10:2 tc filter add $DEV parent 20: protocol ip prio 3 handle 1 fw classid 20:10 tc filter add $DEV parent 20: protocol ip prio 3 handle 2 fw classid 20:20 2) our linux box does managemnt of public lan(office ) & pvt lan(cable)--by ip's.. sucess with public ips, marking & using tc filter is sucessful but not true with pvt ips (10 series, marking part!).. to let u know better here is what we did with public ip.. iptables -t mangle -A PREROUTING -i eth1 -s <a.b.c.0/26> -d <a.b.e.0/25> -j MARK --set-mark 90 iptables -t mangle -A PREROUTING -i eth0 -d <a.b.c.0/26> -s <a.b.e.0/25> -j MARK --set-mark 91 the tc commands tc filter add dev eth0 parent 1:105 pfifo limit 2 tc filter add dev eth1 parent 2:105 pfifo limit 2 This works fine--tested with different traffic loads of download& upload. BUT with lan on eth4 which has pvt ip range(10series) vr not sucesful. the problem is how to make sure that the pkts detination for 10.0.0.0/8 should be marked as they r MASQUERADEd. so i trired to mark with FORWARD/OUTPUT/POSTROUTING but unsuccesful. tc -s class.... etc command doesnt show any data being passed thru the class while iptables -nvL -t mangle shows pkts r being marked & passing thru. 3) do we need to reset/restart the iptables script when iproute script is reapplied or vice versa ? 4) have any one of you faced this problem --> when allowing a network segment to INPUT/FORWARD/MASQUERADE thru, the ip's/pc's show eractic behaviour of performance..for eg allwoing 10.20.30.0/28 & restructing it to say 64 kbps will allow one ip/pc to utlise the bandidth while other ip/pc struggle to get an equal share. this have been monitored for hours/days with iptraf. how can one insure that a few ip's being used on that perticular network segment at any perticulr time, all ip get equal share of bandwith alloted to that network segmenet--well if not equal a fair share of bandwidth alloted !! pls pardon me 4 my english. thanx in advance arindam haldar -- Arindam Haldar Systems & Network Digital 2 Virtual ISP Pvt Ltd. Vadodara, Gujarat INDIA www.d2visp.com
