-----Original Message----- From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx]On Behalf Of lartc-request@xxxxxxxxxxxxxxx Sent: Saturday, June 30, 2001 6:01 PM To: lartc@xxxxxxxxxxxxxxx Subject: LARTC digest, Vol 1 #249 - 7 msgs Send LARTC mailing list submissions to lartc@xxxxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://mailman.ds9a.nl/mailman/listinfo/lartc or, via email, send a message with subject or body 'help' to lartc-request@xxxxxxxxxxxxxxx You can reach the person managing the list at lartc-admin@xxxxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of LARTC digest..." Today's Topics: 1. CBQ (Luiz C. Spies) 2. Re: CBQ (Wingtung.Leung) 3. Re: RTNETLINK Problems <ip route> don't work as expected. (I think) (Theo Cabrerizo Diem) 4. u32 nexthdr problem (Don Cohen) 5. PRIOMAP, SPLIT, DEFMAP usage info + PRIO, TBF and other bugs (ness) 6. simple router (Jeremiah Savage) 7. Re: simple router (Jing Shen) --__--__-- Message: 1 From: "Luiz C. Spies" <luiz@xxxxxxxx> Organization: UCIC - You See I See To: lartc@xxxxxxxxxxxxxxx Date: Fri, 29 Jun 2001 09:40:17 -0400 Subject: [LARTC] CBQ Hi everyone, i use CBQ to limit my bandwidth and works, but sometimes when the traffic is very hard, the CBQ generates delay, 2000 MS 3500MS and my clients, don't have internet, because de delay is very hight this problem have a solution, i try use redhat 7.1 with kernel 2.4.5 iptables nat and all features i need to router firewall, and masquerade, the kernel works good the squid to, but de CBQ not, i learn a little of CBQ and my CBQ are using TBF module, i think is this module generate a delay if someone know the answer of my problem, send to me the solution or the cause of delays.... Thank's Luiz --__--__-- Message: 2 Date: Fri, 29 Jun 2001 15:51:32 +0200 (MET DST) From: "Wingtung.Leung" <s965817@xxxxxxxxxxxx> To: Linux Advanced Router & Traffic Control <lartc@xxxxxxxxxxxxxxx> Subject: Re: [LARTC] CBQ On Fri, 29 Jun 2001, Luiz C. Spies wrote: > Hi everyone, i use CBQ to limit my bandwidth and works, but sometimes when > the traffic is very hard, the CBQ generates delay, 2000 MS 3500MS and my > clients, don't have internet, because de delay is very hight this problem > have a solution, i try use redhat 7.1 with kernel 2.4.5 iptables nat and all > features i need to router firewall, and masquerade, the kernel works good the > squid to, but de CBQ not, i learn a little of CBQ and my CBQ are using TBF > module, i think is this module generate a delay if someone know the answer of > my problem, send to me the solution or the cause of delays.... I think the high delay is normal because of your limit. What is your rate limit? If your clients would try to push 10Mbit, but the limit is set to 100Kbit, you can expect to have the delay increased extremely. Please try to explain your setup in more detail and tell what you really want to achieve. -- fingerprint = A3C4 DE50 712D 4FA8 C564 4D96 5E06 C9CC ECFA 19C5 --__--__-- Message: 3 Date: Fri, 29 Jun 2001 16:23:30 -0300 From: Theo Cabrerizo Diem <diem.netlink@xxxxxxxxxx> To: Ramin Alidousti <ramin@xxxxxx> Cc: lartc@xxxxxxxxxxxxxxx Subject: Re: [LARTC] RTNETLINK Problems <ip route> don't work as expected. (I think) Yes, I can ping 10.1.0.1. I tried from another box, <one connected to my corporate net> and without using any default route, I can add a route to 10.1.0.1 using my firewall as gateway (and my firewall with a route configured too), but I can't use it as gateway to my default route ... :o/ <reply me at theoc@xxxxxxxxxxxxx> Theo. Ramin Alidousti wrote: >Do you have a route (no default) to that destination? It should work >if you do. > >Ramin > >On Thu, Jun 28, 2001 at 05:52:33PM -0300, Theo Cabrerizo Diem wrote: > >>Hi, >> >>I have one firewall with 3 ethernet cards, 2 internet links, one cisco >>2920 and one problem in RTNETLINK ;o) >> >>Let me explain my network : >> >>| *** Internet Link 1 *** *** Internet Link >>2 *** >> 10.1.0.1| Serial Serial | 10.2.0.1 >>|||| +--------------+ +------------+ >> >> | | >>|| +------------+ >> 10.1.0.2| CISCO | 10.2.0.2 >> +------+-----+ >> 192.168.1.1 / 192.168.2.1 >> | >> eth2 192.168.1.2/ 192.168.2.1 >> +------------+ >> FIREWALL >> +-+--------+-+ >> 10.20.0.0 eth0| |eth1 10.30.0.0 >> | | >> MY DMZ NET MY CORPORATE NET >> >>I used reserved IPs for security reasons .. <sorry :o( > >>What I'm trying to do: >>I don't want to use my cisco default route, because I will do some >>filtering, based on source address, at my firewall to choose wich link >>to use, so I must add (at my firewall) a default route using my ISP 1 >>end <10.1.0.1> at one routing table, and other default route using my >>ISP 2 end <10.2.0.1> at another routing table, and do trafic control >>using iptables/iproute <as described in Advanced Routing how-to>. >> >>the problem is ... RTNETLINK says Unreachable Network when I try to add >>a route, using a gateway wich isn't directly connected to my firewall >>:o( this is the line I'm trying to use : >><I know I'm not writing on a specific routing table to do traffic control> >> >>ip route add default via 10.1.0.1| >>RTNETLINK answers: Network is unreachable >> >>So .. I've tried >>ip route add default via 10.1.0.1 nexthop via 192.168.1.1 >>RTNETLINK answers: Invalid argument >> >>Can anyone help me ? If someone need more info, ask me ... <please >>reply me at theoc@xxxxxxxxxxxxx but I will check this list every day ;o) > >> >>[]'s >> --__--__-- Message: 4 Date: Fri, 29 Jun 2001 15:00:53 -0700 (PDT) From: don-lartc@xxxxxxxxxxxxxxxxx (Don Cohen) To: lartc@xxxxxxxxxxxxxxx Subject: [LARTC] u32 nexthdr problem I'm having trouble with nexthdr. tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \ match ip protocol 0x6 0xff match u8 0x02 0x12 at nexthdr+13 flowid 10:3 fails to match my test packets whereas tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \ match ip protocol 0x6 0xff match u8 0x02 0x12 at 33 flowid 10:3 does match them. Of course, the second one is really wrong since it means something totally different if your packet contains any IP options (which my test packets do not, of course). Does anyone either see what I'm doing wrong? Anyone else experience the same problems? Anyone know how to fix them? --__--__-- Message: 5 From: "ness" <ness@xxxxxxxx> To: <lartc@xxxxxxxxxxxxxxx> Date: Sat, 30 Jun 2001 04:45:31 +0300 Subject: [LARTC] PRIOMAP, SPLIT, DEFMAP usage info + PRIO, TBF and other bugs This is a multi-part message in MIME format. ------=_NextPart_000_000B_01C1011F.7E0734E0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable this message was originally send to stafke@xxxxxxxxx http://users.belgacom.net/staf/ Currently I'm trying to install all this QoS stuff on my bridge and I = have A LOT of problems, so I very glad to find someone interested in helping others to solve = this not trivial problem. I decided to share that I have found so far with you :) NOTE: DON'T consider all this correct, it's all just my thoughts. So = don't hit me if I'm wrong. From you TODO list: 1. Unclassified traffic - traffic to which none of the filters has been = applyed, so by default it will fall to root class. You can use Defmap to assign all this = unclassified traffic to other class. For example setting Defmap to 0xFFFF will assign all = unclassified by other means traffic to this class. Split also must be specified else defmap will = not work. Here is some words from Alex: "defmaps are intended to make fallback classification when a packet does not match to any stronger classifier or no classifiers are configured. Algorithm is very simple: protocol layer assigns a logical priority numbered of 0 to 15 to any packet. For forwarded packets it is derived from tos, for locally originated ones it is controlled by SO_PRIORITY socket option (or derived from tos too).=20 If a class is ready to serve some logical priority, it has corresponding bit in its defmap. If packet matches to any classifier, this priority is ignored. When it does not, cbq searches for class which is ready to serve corresponding priority level. That's almost all. Note that, to make cbq working properly, you should sweep at least all priorities 0..7, otherwise unclassified packets will fallback to root class, which is not intended to transmit anything at all. For IPv4 mapping tos -> priority is established in route.c by array ip_tos2prio[]. It is not changable from user level for now and complies to canonical ietf rules. You may change it to diffserv, if you want. About "split". Normally, split is root. You may set split to a node in hierarchy and use some simple and fast classifier, which understands only limited set of keys (sort of route), to point to this node. In this case, only classes with split=3D=3Dthis node, will be matched. It means, that sk->priority and tos may live in peace with multiagency link sharing with zero classification cost. Seems, it is the best my invention for last year 8)" Ok. So far so good. I still not sleeping :) 2. About this Priomap. This all about this early mentioned "logical = priority", if we have for example Priomap 0 0 0 0 0 1 1 1 1 1 2 2 2 2 2 2 then all traffic with any of the 5 high bits set in this "logical = priority" will be assigned to band 0, if any of the 5 bits set in the middle then this = packet will be assigned to band 1 and so forth. Oh, one more notice: AS FAR I UNDERSTAND PRIO NOT WORKING AT ALL, OR AT LEAST NOT WORKING AS IT MUST WORK. First of all it not implement class manipulation functions, so if = you just try to list PRIO classes (tc class ls dev eth0) this will give you = segmentation fault :(. The more the better. I far as I understand PRIO qdisc = creates classes "on fly", so I tryed to filter some packets to this classed. After 2 = weaks of experements I understand that it don't prioritize packets AT ALL. = (I'll be glad to hear that I'm wrong...) OK some more bugs.... TBF. If you defined this one as described in README it will not work = :( At least it's not working on my setup. tc qdisc add dev eth1 parent 1:2 tbf rate 64Kbit buffer 5Kb/8 limit = 10Kb You'll get latency set to something near 5000s :( So, to work correctly you must define NOT LIMIT but LATENCY (1000 = =3D 1.2 ms), or define BURST and use it with LIMIT, BTW you can't use Kb in burst = you must use kB :( I think this is enough. I'm very interested in you latency testing. = How you manage=20 to do some latency changing with CBQ. AFAIK CBQ not intended to = PRIORITIZE=20 traffic it only Fair Destribute it in case of congestion. Hope for you understanding. And excuse my english. I'm russian too = ;) =20 Plz share you experience with the comunity! Alex where is fixed version? And where is HPFQ support? Where? Aaaa? = Gde? -- Ness ness@xxxxxxxx ------=_NextPart_000_000B_01C1011F.7E0734E0 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r"> <META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>this message was originally send to <A=20 href=3D"mailto:stafke@xxxxxxxxx";>stafke@xxxxxxxxx</A></FONT></DIV> <DIV><FONT face=3DArial size=3D2><A=20 href=3D"http://users.belgacom.net/staf/";>http://users.belgacom.net/staf/<= /A></FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV> <DIV><FONT face=3DArial size=3D2>Currently I'm trying to install all = this QoS stuff=20 on my bridge and I have A LOT of problems,</FONT></DIV> <DIV><FONT face=3DArial size=3D2>so I very glad to find someone = interested in=20 helping others to solve this not trivial problem.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>I decided to share that I = have found so=20 far with you :)</FONT></DIV> <DIV><FONT face=3DArial size=3D2>NOTE: DON'T consider all this correct, = it's all=20 just my thoughts. So don't hit me if I'm wrong.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>From you TODO list:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>1. Unclassified traffic - traffic to = which none of=20 the filters has been applyed, so by default it</FONT></DIV> <DIV><FONT face=3DArial size=3D2> will fall to root = class. You can=20 use Defmap to assign all this unclassified traffic to other</FONT></DIV> <DIV><FONT face=3DArial size=3D2> class. For example = setting=20 Defmap to 0xFFFF will assign all unclassified by other = means</FONT></DIV> <DIV><FONT face=3DArial size=3D2> traffic to this = class. Split=20 also must be specified else defmap will not work.</FONT></DIV> <DIV><FONT face=3DArial size=3D2> Here is some words = from=20 Alex:</FONT></DIV><FONT face=3DArial size=3D2> <DIV><BR>"defmaps are intended to make fallback classification<BR>when a = packet=20 does not match to any stronger classifier<BR>or no classifiers are=20 configured.</DIV> <DIV><BR>Algorithm is very simple: protocol layer assigns a logical=20 priority<BR>numbered of 0 to 15 to any packet. For forwarded packets it = is=20 derived<BR>from tos, for locally originated ones it is controlled by=20 SO_PRIORITY<BR>socket option (or derived from tos too). </DIV> <DIV><BR>If a class is ready to serve some logical priority,<BR>it has=20 corresponding bit in its defmap.</DIV> <DIV><BR>If packet matches to any classifier, this priority<BR>is = ignored. When=20 it does not, cbq searches for class<BR>which is ready to serve = corresponding=20 priority level.<BR>That's almost all. Note that, to make cbq working=20 properly,<BR>you should sweep at least all priorities 0..7,=20 otherwise<BR>unclassified packets will fallback to root class,<BR>which = is not=20 intended to transmit anything at all.</DIV> <DIV><BR>For IPv4 mapping tos -> priority is established in = route.c<BR>by=20 array ip_tos2prio[]. It is not changable from user level for now<BR>and = complies=20 to canonical ietf rules. You may change it to<BR>diffserv, if you = want.</DIV> <DIV><BR>About "split". Normally, split is root.</DIV> <DIV><BR>You may set split to a node in hierarchy and use some = simple<BR>and=20 fast classifier, which understands only limited set of keys<BR>(sort of = route),=20 to point to this node.<BR>In this case, only classes with = split=3D=3Dthis=20 node,<BR>will be matched. It means, that sk->priority and tos<BR>may = live in=20 peace with multiagency link sharing<BR>with zero classification cost. = Seems, it=20 is<BR>the best my invention for last year 8)"</DIV> <DIV> </DIV> <DIV>Ok. So far so good. I still not sleeping :)</DIV> <DIV> </DIV> <DIV>2. About this Priomap. This all about this early mentioned "logical = priority",</DIV> <DIV> if we have for example Priomap 0 0 0 0 0 1 = 1 1 1 1=20 2 2 2 2 2 2</DIV> <DIV> then all traffic with any of the 5 = high bits set in=20 this "logical priority" will be</DIV> <DIV> assigned to band 0, if any of the 5 bits set in = the=20 middle then this packet</DIV> <DIV> will be assigned to band 1 and so forth.</DIV> <DIV> </DIV> <DIV>Oh, one more notice:</DIV> <DIV> AS FAR I UNDERSTAND PRIO NOT WORKING AT ALL, OR = AT=20 LEAST</DIV> <DIV> NOT WORKING AS IT MUST WORK.</DIV> <DIV> First of all it not implement class = manipulation=20 functions, so if you just try</DIV> <DIV> to list PRIO classes (tc class ls dev eth0) this = will=20 give you segmentation</DIV> <DIV> fault :(. The more the better. I far as I = understand=20 PRIO qdisc creates classes</DIV> <DIV> "on fly", so I tryed to filter some packets to = this=20 classed. After 2 weaks of</DIV> <DIV> experements I understand that it don't = prioritize=20 packets AT ALL. (I'll be glad</DIV> <DIV> to hear that I'm wrong...)</DIV> <DIV> </DIV> <DIV> OK some more bugs....</DIV> <DIV> </DIV> <DIV> TBF. If you defined this one as described in = README it=20 will not work :(</DIV> <DIV> At least it's not working on my setup.</DIV> <DIV> </DIV> <DIV> tc qdisc add dev eth1 parent 1:2 tbf rate 64Kbit = buffer=20 5Kb/8 limit 10Kb</DIV> <DIV> </DIV> <DIV> You'll get latency set to something near 5000s = :(</DIV> <DIV> So, to work correctly you must define = NOT LIMIT but=20 LATENCY (1000 =3D 1.2 ms),</DIV> <DIV> or define BURST and use it with LIMIT, BTW you = can't use=20 Kb in burst you must</DIV> <DIV> use kB :(</DIV> <DIV> </DIV> <DIV> I think this is enough. I'm very interested in = you=20 latency testing. How you manage </DIV> <DIV> to do some latency changing with CBQ. AFAIK CBQ = not=20 intended to PRIORITIZE </DIV> <DIV> traffic it only Fair Destribute it in case of=20 congestion.</DIV> <DIV> </DIV> <DIV> Hope for you understanding. And excuse my = english. I'm=20 russian too ;)</DIV> <DIV> </DIV> <DIV> Plz share you experience with the = comunity!</DIV> <DIV> Alex where is fixed version? And where is HPFQ = support?=20 Where? Aaaa? Gde?</DIV> <DIV> --</DIV> <DIV> Ness</DIV> <DIV> <A=20 href=3D"mailto:ness@xxxxxxxx";>ness@xxxxxxxx</A></FONT></DIV></DIV></BODY>= </HTML> ------=_NextPart_000_000B_01C1011F.7E0734E0-- --__--__-- Message: 6 Date: Fri, 29 Jun 2001 21:05:16 -0700 (PDT) From: Jeremiah Savage <jeremiahsavage@xxxxxxxxx> To: lartc@xxxxxxxxxxxxxxx Subject: [LARTC] simple router Hello, I am attempting to construct a (simple?) router based on Linux 2.4 with iproute2. I have 3 ethernet cards on the router, with eth0 connected to a host,eth1 connected to a server and eth2 connected to another computer. xx.yy.88.101 +--------+ | | | host | +---+----+ | xx.yy.zz.aa | | |eth0 - xx.yy.88.100 | | +---------+ | +----------------+ |another | eth2 | | |computer +---------+ router | | | | | +---------+ +-------+--------+ xx.yy.zz.ab | | eth1 - xx.zz.110.145 | +---+-----+ | | | server |xx.zz.110.148 | | +---------+ I am simply trying to get traffic through eth0 to eth1 so it can get to the server and get back out, but so far I can't ping the server through the router, although the router itself is capable of pinging the server (so the link eth1 is active). And I've verified that eth0 is also active as the router and the host can ping each other. So how do I get the router to pass traffic through to the server? I've tried # ip route add to unicast xx.zz.110.148 dev eth1 RTNETLINK answers: File exists and yet the host still can't ping the server. And I've tried making eth0 "promiscuous" # ifconfig eth0 promisc but that doesn't help either. Anyone know the magic incantation that I need? -- Jeremiah __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ --__--__-- Message: 7 Date: Sat, 30 Jun 2001 14:38:57 +0800 From: Jing Shen <jshen@xxxxxxxxxxxxxx> Reply-To: jshen@xxxxxxxxxxxxxx Organization: state key lab of CAD&CG To: Jeremiah Savage <jeremiahsavage@xxxxxxxxx> Cc: lartc@xxxxxxxxxxxxxxx Subject: Re: [LARTC] simple router What's the routing table in host and server looks like ? if there is only one connection on both of them , the routing table in host only need one entry as : 0.0.0.0/0 -> xx.yy.88.100 and server need : 0.0.0.0/0 ->xx.zz.110.145 You don't need to add host route explicitly in the router becasue the subnet on network interface is included in routing table by default. Another indication is "have you enabled iptable on router to block connection between different subnet?" James Shen > Hello, > > I am attempting to construct a (simple?) router based > on Linux 2.4 with iproute2. > > I have 3 ethernet cards on the router, with eth0 > connected to a host,eth1 connected to a server and > eth2 connected to another computer. > > xx.yy.88.101 > +--------+ > | | > | host | > +---+----+ > | > xx.yy.zz.aa | > | |eth0 - xx.yy.88.100 > | | > +---------+ | +----------------+ > |another | eth2 | | > |computer +---------+ router | > | | | | > +---------+ +-------+--------+ > xx.yy.zz.ab | > | eth1 - xx.zz.110.145 > | > +---+-----+ > | | > | server |xx.zz.110.148 > | | > +---------+ > > I am simply trying to get traffic through eth0 to eth1 > so it can get to the server and get back out, but so > far I can't ping the server through the router, > although the router itself is capable of pinging the > server (so the link eth1 is active). And I've verified > that eth0 is also active as the router and the host > can ping each other. > > So how do I get the router to pass traffic through to > the server? > > I've tried > # ip route add to unicast xx.zz.110.148 dev eth1 > RTNETLINK answers: File exists > > and yet the host still can't ping the server. > > And I've tried making eth0 "promiscuous" > # ifconfig eth0 promisc > but that doesn't help either. > > Anyone know the magic incantation that I need? > > -- > Jeremiah > > __________________________________________________ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail > http://personal.mail.yahoo.com/ > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/ --__--__-- _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc End of LARTC Digest
