I will be out of the office from 8/19 until 8/23. I will be returning on Monday afternoon, 8/26, and will reply then. Thank you, Michael Pellegrino Softerware, Inc. ___________________________________________________________________________ Subject: LARTC digest, Vol 1 #737 - 2 msgs From: lartc@mailman.ds9a.nl Date: 08/25/02 01:27:57 Send LARTC mailing list submissions to lartc@mailman.ds9a.nl To subscribe or unsubscribe via the World Wide Web, visit http://mailman.ds9a.nl/mailman/listinfo/lartc or, via email, send a message with subject or body 'help' to lartc-request@mailman.ds9a.nl You can reach the person managing the list at lartc-admin@mailman.ds9a.nl When replying, please edit your Subject line so it is more specific than "Re: Contents of LARTC digest..." Today's Topics: 1. Re: LARTC digest, Vol 1 #736 - 4 msgs (mikep02@softerware.com) 2. traffic id by iproute2 for iptables (Nic Ivy) --__--__-- Message: 1 Date: Sat, 24 Aug 2002 00:29:23 -0400 To: lartc@mailman.ds9a.nl From: mikep02@softerware.com Reply-To: mikep02@softerware.com Subject: Re: LARTC digest, Vol 1 #736 - 4 msgs I will be out of the office from 8/19 until 8/23. I will be returning on Monday afternoon, 8/26, and will reply then. Thank you, Michael Pellegrino Softerware, Inc. ___________________________________________________________________________ Subject: LARTC digest, Vol 1 #736 - 4 msgs From: lartc@mailman.ds9a.nl Date: 08/24/02 01:27:48 Send LARTC mailing list submissions to lartc@mailman.ds9a.nl To subscribe or unsubscribe via the World Wide Web, visit http://mailman.ds9a.nl/mailman/listinfo/lartc or, via email, send a message with subject or body 'help' to lartc-request@mailman.ds9a.nl You can reach the person managing the list at lartc-admin@mailman.ds9a.nl When replying, please edit your Subject line so it is more specific than "Re: Contents of LARTC digest..." Today's Topics: 1. Re: LARTC digest, Vol 1 #735 - 3 msgs (mikep02@softerware.com) 2. Re: Is TC flow-aware? (Anton Yurchenko) 3. htb doubts (Arindam Haldar) 4. Re: htb doubts (Stef Coene) -- __--__-- Message: 1 Date: Fri, 23 Aug 2002 00:33:28 -0400 To: lartc@mailman.ds9a.nl From: mikep02@softerware.com Reply-To: mikep02@softerware.com Subject: Re: LARTC digest, Vol 1 #735 - 3 msgs I will be out of the office from 8/19 until 8/23. I will be returning on Monday afternoon, 8/26, and will reply then. Thank you, Michael Pellegrino Softerware, Inc. ___________________________________________________________________________ Subject: LARTC digest, Vol 1 #735 - 3 msgs From: lartc@mailman.ds9a.nl Date: 08/23/02 01:27:45 Send LARTC mailing list submissions to lartc@mailman.ds9a.nl To subscribe or unsubscribe via the World Wide Web, visit http://mailman.ds9a.nl/mailman/listinfo/lartc or, via email, send a message with subject or body 'help' to lartc-request@mailman.ds9a.nl You can reach the person managing the list at lartc-admin@mailman.ds9a.nl When replying, please edit your Subject line so it is more specific than "Re: Contents of LARTC digest..." Today's Topics: 1. Re: Q: best solution to stop traffic to huge amount of unregisteredhosts (Gerry Creager N5JXS) 2. psched_tod_diff function (Pedro Larroy) 3. Re: HTB is in 2.4.20pre1,2 (Pedro Larroy) -- __--__-- Message: 1 Date: Thu, 22 Aug 2002 19:02:26 -0500 From: Gerry Creager N5JXS <n5jxs@tamu.edu> Reply-To: n5jxs@tamu.edu Organization: Da House To: Karl Gaissmaier <karl.gaissmaier@rz.uni-ulm.de> Cc: Linux Advanced Routing & Traffic Control <lartc@mailman.ds9a.nl> Subject: Re: Q: best solution to stop traffic to huge amount of unregisteredhosts Karl Gaissmaier wrote: > Gerry Creager N5JXS schrieb: > >>The answers are not necessarily pretty. >> >>I've done a similar task with a Juniper M5 router. It will handle up to >>about 180,000 rules at wire speed. But it is expensive. >> >>If your switches were a little newer, we could use 802.1x to enable the >>switch-use capability flag (:-) and solve the problem. > > > you know, 10k hosts are never attached to a network with homogenous > new network devices :-( Unfortunately, I do. We have 50k hosts, more or less, on 2 class B address spaces. We have about 200 buildings, and I'm not sure how many wiring closet switches. And worse, yet, how many wiring closet hubs! Our (switched) dorm hosts are about 10k. So, I understand the issues. The comment about newer gear, and 802.1x, however, stands. This will provide some capability to handle registered hosts in the future, perhaps... but I remain skeptical. >>Instead of policing at a single edge point, you might consider policing >>at dormatory and building edges, where the load is smaller and you can >>use masking and diminsh the ruleset some more. > > > but the management is very difficult, see above Correct, but you have several management issues. One is unnecessary delays while filtering, marking and queuing. Another is device configuration. I've found little existing useful software for real-life multiple device (and heterogeneous device) management. And none I'm willing to pay for. I _do_ have a team of graduate students who are working on a heterogeneous-environment configuration tool, but it's not nearly ready for prime time. >>With a sufficiently fast box, or series of boxes, doing specific tasks, >>you should be able to do this. Folks like Juniper achieve it by being >>able to classify and mark in ASIC without having to go to the processor. > > > Netfilter and iproute2/tc is very good but I miss just a fast > matching module for a "pool" of ip addresses and the missing tc-cref > or better documented tc examples, especially dealing with general > ingress policing. We have experimented with A Juniper M5, as a shaping and filtering box for specific applications. It worked well in the tests, but is an expensive toy for this. You might consider a Sitara box for some off your work. I prefer the Linux approach, too, but there are times where scalability, due to the state of the art (and certainly not for want of advancement in the state of the art!) means a commercial solution. What HAS happened, though, is that my expectations for the commercial products are now higher than they were... and the salesmen are somewhat worried. Regards, Gerry -- __--__-- Message: 2 Date: Fri, 23 Aug 2002 04:33:31 +0200 To: lartc@mailman.ds9a.nl From: Pedro Larroy <piotr@omega.resa.es> Subject: psched_tod_diff function Hi I don't understand what psched_tod_diff function in net/sched/sch_api.c does, so I don't know what PSCHED_TDIFF_SAFE does in sch_tbf.c Any help will be apreciated. -- ... ___________________________________________________________ ... | /| |\ | | /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr |-\ | | /--| No MS-Office attachments please. |--\ | o-|--| e-mail: piotr@omega.resa.es |--|-o | \-| finger piotr@omega.resa.es for public key and info |-/ | |...\|_________________________________________________________|/...| -- __--__-- Message: 3 Date: Fri, 23 Aug 2002 04:36:12 +0200 To: lartc@mailman.ds9a.nl Subject: Re: HTB is in 2.4.20pre1,2 From: Pedro Larroy <piotr@omega.resa.es> On Wed, Aug 14, 2002 at 11:32:05PM +0200, devik wrote: > Hi, > for those who haven't realized it yet. It is in 2.4.20pre2, > 2.5.xx, should go into new iproute2 package and I have informations > about possibility to have it in 2.2 soon. > > devik Congratulations devik :) Regards. -- ... ___________________________________________________________ ... | /| |\ | | /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr |-\ | | /--| No MS-Office attachments please. |--\ | o-|--| e-mail: piotr@omega.resa.es |--|-o | \-| finger piotr@omega.resa.es for public key and info |-/ | |...\|_________________________________________________________|/...| -- __--__-- _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc End of LARTC Digest -- __--__-- Message: 2 Date: Fri, 23 Aug 2002 11:31:27 +0300 From: Anton Yurchenko <phila@dg.net.ua> To: "George J. Jahchan" <LARTC@Tech.InteractiveNetworks.net> Cc: Linux Advanced Routing & Traffic Control <lartc@mailman.ds9a.nl> Subject: Re: Is TC flow-aware? George J. Jahchan wrote: >Is TC flow-aware for individual flows (sessions) within a given class of >traffic? > >For example, assuming 100Kbps allocated to a class and 100 simultaneous >active flows within that class. Will each flow get approx. 1K, or will the >greedier >flows capture the lion's share of the 100K, leaving the others struggling to >go >through? > if you set up an sfq qdisc attached to the class then the bandwidth will be devided between flows. in a prety fair manner I`m not shure though what happens with your second question. > > -- Anton Yurchenko<phila@dg.net.ua> Digital Generation -- __--__-- Message: 3 Date: Fri, 23 Aug 2002 18:08:05 +0530 From: Arindam Haldar <arindamhaldar@inbox.lv> To: LARTC <lartc@mailman.ds9a.nl> Subject: htb doubts hi all, i want to clear a doubt i have for some time.. if my htb rules(part of) looks like this---> ... ... tc class add dev eth0 parent 1:10 classid 1:1005 htb rate ${Netwk-64}kbit ceil ${Netwk}kbit tc qdisc add dev eth0 parent 1:1005 handle 1005 pfifo limit 2 ... tc class add dev eth0 parent 1:20 classid 1:2000 htb rate ${Caf}kbit ceil ${All}kbit tc qdisc add dev eth0 parent 1:2000 handle 2000 pfifo limit 2 ... tc class add dev eth0 parent 1:20 classid 1:2001 htb rate ${Ofice}kbit ceil $[All-64]kbit tc qdisc add dev eth0 parent 1:2001 handle 2001 pfifo limit 2 ... what numeric should be used in for handle.. can i use the same numeric value as of **classid** for handle ?.. or should they be unique ? for eg above i used classid 1:2001 and used handle 2001--will it work ? awaiting your help in this.... A.H -- __--__-- Message: 4 From: Stef Coene <stef.coene@docum.org> Organization: None To: Arindam Haldar <arindamhaldar@inbox.lv>, LARTC <lartc@mailman.ds9a.nl> Subject: Re: htb doubts Date: Fri, 23 Aug 2002 19:11:35 +0200 > tc class add dev eth0 parent 1:20 classid 1:2001 htb rate ${Ofice}kbit > ceil $[All-64]kbit > tc qdisc add dev eth0 parent 1:2001 handle 2001 pfifo limit 2 > ... > > what numeric should be used in for handle.. can i use the same numeric > value as of **classid** for handle ?.. or should they be unique ? > for eg above i used classid 1:2001 and used handle 2001--will it work ? > > awaiting your help in this.... Yes. Actually it's handle 2001:0 Stef --=20 stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net -- __--__-- _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc End of LARTC Digest --__--__-- Message: 2 Date: Sat, 24 Aug 2002 23:45:42 +1000 (ChST) From: "Nic Ivy" <nji-lartc@njivy.org> To: <lartc@mailman.ds9a.nl> Subject: traffic id by iproute2 for iptables I have several parallel public networks attached to a single network interface. Each public network requires iptables to do a different SNAT in the POSTROUTING table. I think iproute2 can do multipath routing over a single device, but can iptables recognize which network a packet is destined for? I have explored using the 'realm' match in iptables 1.2.8 (cvs), but iproute2 apparently doesn't support realms in multipath routing statements. Can iproute2 mark packets another way such that iptables can recognize it? Nic Ivy --__--__-- _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc End of LARTC Digest _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/