On Thu, Aug 22, 2019 at 3:37 AM Cong Wang wrote:
> > I am using ipset + iptables to classify and not filters. Besides, if
> > tc is allowing me to define qdisc -> classes -> qdsic -> classes
> > (1,2,3 ...) sort of structure (ie like the one shown in ascii tree)
> > then how can those lowest chil
>> If your goal is merely having as many classes as you can, then yes.
My goal is not just to make as many classes as possible, but also to
use them to do rate limiting per ip per server. Say, I have a list of
1 IPs and more than 100 servers. So simply if I want few IPs to
get speed of says 1M
On Sat, Aug 17, 2019 at 11:54 PM Cong Wang wrote:
>
> On Sat, Aug 17, 2019 at 5:46 AM Akshat Kakkar wrote:
> >
> > I agree that it is because of 16bit of minor I'd of class which
> > restricts it to 64K.
> > Point is, can we use multilevel qdisc and clas
I agree that it is because of 16bit of minor I'd of class which
restricts it to 64K.
Point is, can we use multilevel qdisc and classes to extend it to more
no. of classes i.e. to more than 64K classes
One scheme can be like
100: root qdisc
I want to have around 1 Million htb tc classes.
The simple structure of htb tc class, allow having only 64K classes at once.
But, it is possible to make it more hierarchical using hierarchy of
qdisc and classes.
For this I tried something like this
tc qdisc add dev eno2 root handle 100: htb
tc cla
Cake is expected to handle traffic in 2 steps :
First is on the basis of host
Second is within every host, on the basis of flow
So, if I limit traffic to 20Mbps shared across 2 host A & B,
Following are various scenarios, expectation and observations
1. If either A or B is downloading, they will b
I can see there are 3 projects for supporting dynamic routing like
ospf in linux namely,
Quagga
FRRouting
BIRD.
However, as a long term perspective, I am eager to know which out of
these is officially supported by netdev community.
I want to create custom ipsets like hash: iface,iface ,etc.
Can anybody guide which is the best place to start development for the
same? Any documents, etc.
Also, can we store some IP in skbinfo?
Thanks and Regards,
Akshat
der Linux
>> to get very similar functionality, then put into a cron job or a
>> while loop or similar. Something along the lines of (pseudocode):
>>if [the test such as ping fails] ; then
>> if [preferred route exists] ; then ip route delete ... ; fi
>>
Is there a reason why iface is allowed to be paired only with net to
create an ipset?
I think with feature of skbinfo in every ipset, it should be allowed
to add iface in all ipset. As skbinfo can store tc classes, it might
make more sense if I can pin point on which outgoing interface this
class
Thanks.
Thanks a lot for clarifying all this.
On Tue, May 29, 2018 at 3:59 PM, Michal Kubecek wrote:
> On Tue, May 29, 2018 at 03:39:05PM +0530, Akshat Kakkar wrote:
>> For following commands,
>> ip addr add 10.10.10.1/24 brd + dev br0
>> ip addr add 10.10.10.2/24 b
of route that will decide?
And what about communication in local subnet, say ping to 10.10.10.200
and 20.20.20.200? Will source for both will change according to
destination IP?
On Mon, May 28, 2018 at 11:50 PM, Akshat Kakkar wrote:
> Thanks for clarifying that first ip will be used as primary
28, 2018 at 5:35 PM, Michal Kubecek wrote:
> On Mon, May 28, 2018 at 02:35:41PM +0530, Akshat Kakkar wrote:
>> I am having a bridge named br0 having ports eno1 and eno2 as members.
>> I have given IP to br0 as 10.10.10.1/24
>>
>> Now I want to create alias on
I am having a bridge named br0 having ports eno1 and eno2 as members.
I have given IP to br0 as 10.10.10.1/24
Now I want to create alias on br0 as br0:1 and give IP as
10.10.10.2/24, but I am unable to.
I know, we can add multiple IPs to br0 using "ip addr" command, but I
dont want to do it that
Has anybody got any clue in this?
can somebody throw more light on this? How it is possible (without a
bug) that for exactly same set of IPs, at time IPSET HASHSIZE remains
at 1024 and at times it increases to 2048?
As a workaround I am running the show setting HASHSIZE as 16384 at
times of IPSET creation itself, and till now (its
Any more information needed?
Another observation :
At times rehashing happens (v6.32) and hashsize increases to 2048 from
1024. But this is at times and not always. Needless to mention, it is
for exactly same IPs added to the ipset in exactly same order.
What I observed is rehashing of set is not happening.
When I add multiple IPs to the ipset manually on ipset v6.32,
rehashing is not happening and my hashsize remains same as 1024
but when I add to ipset 4.5 (pretty old, I know!), rehashing is
happening and my hashsize changes from 1024 to 1536 t
I understand that without reproducible scenarios, its hard to debug ...
But the point is, this issue is fully random and of very low frequency.
For the setup, it is CentOS 7.3 upgraded to kernel 4.4.
Whenever a system comes up on the network, he provides his credentials
and after successful authe
output of ipset -L -t
Name: STORE
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 50480
References: 1
I am having ipset 6.32
The hash type is hash:ip
I am adding/deleting IP addresses to it dynamically using scripts.
However, it has been observed that at times few IPs (3-4 out of 4000)
are not found in the set though it was added. Also, logs show there
was not request for deletion of that IP fro
Anybody?
On Tue, Aug 29, 2017 at 4:11 PM, Akshat Kakkar wrote:
> I am using ulogd2 to log iptables activity.
> However, when using pgsql as output plugin ... performance is very
> very sluggish. (~130-150 entries per second)
>
> To enhance performance I am trying
>
> modpr
Anybody ?
On Tue, Aug 29, 2017 at 3:53 PM, Akshat Kakkar wrote:
> With ulog/nflog, NFCT plugin, is it possible to not log entries with src ip
> as 127.0.0.1
>
> I can see following options in ulogd.conf
> #accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection
> mu
I am using ulogd2 to log iptables activity.
However, when using pgsql as output plugin ... performance is very
very sluggish. (~130-150 entries per second)
To enhance performance I am trying
modprobe ipt_ULOG nlbufsiz=65535 flushtimeout=1000
but this gives error : ipt_ULOG module not found.
On
With ulog/nflog, NFCT plugin, is it possible to not log entries with src ip
as 127.0.0.1
I can see following options in ulogd.conf
#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection
must belong to these networks
#accept_dst_filter=192.168.1.0/24 # destination ip of connection mus
On Tue, Aug 22, 2017 at 5:58 PM, Neal Cardwell wrote:
> On Tue, Aug 22, 2017 at 1:42 AM, Akshat Kakkar wrote:
>> There are multiple hosts/clients. All are mainly windows based.
>>
>> Timestamp is not used as my clients mainly are windows based and in
>> that it
On Tue, Aug 22, 2017 at 11:12 AM, Akshat Kakkar wrote:
> There are multiple hosts/clients. All are mainly windows based.
>
> Timestamp is not used as my clients mainly are windows based and in
> that it tcp timestamp is by defauly disabled.
>
> sysctl is as follows:
There are multiple hosts/clients. All are mainly windows based.
Timestamp is not used as my clients mainly are windows based and in
that it tcp timestamp is by defauly disabled.
sysctl is as follows:
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.pid_max=4194303
vm.max_map_count=1
On Monday, August 21, 2017, Eric Dumazet wrote:
>
> On Mon, 2017-08-21 at 15:26 +0530, Akshat Kakkar wrote:
> > On Mon, Aug 21, 2017 at 3:13 PM, David Laight
> > wrote:
> > > From: Akshat Kakkar
> > >> Sent: 18 August 2017 10:14
> > >
On Mon, Aug 21, 2017 at 3:13 PM, David Laight wrote:
> From: Akshat Kakkar
>> Sent: 18 August 2017 10:14
>> On Thu, Aug 17, 2017 at 5:06 PM, Eric Dumazet wrote:
>> > On Thu, 2017-08-17 at 14:35 +0530, Akshat Kakkar wrote:
>> >
>> >> I upgr
On Fri, Aug 18, 2017 at 5:36 PM, Eric Dumazet wrote:
> On Fri, 2017-08-18 at 14:44 +0530, Akshat Kakkar wrote:
>> On Thu, Aug 17, 2017 at 5:06 PM, Eric Dumazet wrote:
>> > On Thu, 2017-08-17 at 14:35 +0530, Akshat Kakkar wrote:
>> >
>> >> I upgraded t
On Thu, Aug 17, 2017 at 5:06 PM, Eric Dumazet wrote:
> On Thu, 2017-08-17 at 14:35 +0530, Akshat Kakkar wrote:
>
>> I upgraded to 4.4 but still experiencing same issue.
>> Please help.
>
> Still too old kernel, shoot again ;)
>
>
Sorry but that's the maximu
On Wed, Aug 16, 2017 at 4:04 PM, Eric Dumazet wrote:
> On Wed, 2017-08-16 at 10:18 +0530, Akshat Kakkar wrote:
>> On Mon, Aug 14, 2017 at 2:37 PM, Akshat Kakkar wrote:
>> > I have centos 7.3 (Kernel 3.10) running on a server with 128GB RAM and
>> > 2 x 10 Core Xeon Pr
On Mon, Aug 14, 2017 at 2:37 PM, Akshat Kakkar wrote:
> I have centos 7.3 (Kernel 3.10) running on a server with 128GB RAM and
> 2 x 10 Core Xeon Processor.
> I have hosted a webserver on it and enabled ssh for remote maintenance.
> Previously it was running on Centos 6.3.
> Aft
I have centos 7.3 (Kernel 3.10) running on a server with 128GB RAM and
2 x 10 Core Xeon Processor.
I have hosted a webserver on it and enabled ssh for remote maintenance.
Previously it was running on Centos 6.3.
After upgrading to CentOS 7.3, occasionally (probably when number of
hits are more on t
There is no handle with fw filter. That's the whole point is. If
handle and class (flow id) is not specified, then whatever be the mark
on the packet, its automatically set as flowid. So if mark is 0x10003,
then this fw filter
tc filter add dev eth0 parent 1:0 protocol ip fw
will cause 0x10003 be
Recently I came to know that,
Without any options fw classifier maps fwmark to classid.
tc filter add dev parent protocol ip prio 1 fw
i.e. if my packet has mark(0x10001) and class id is not set,
then above tc filter, will set class id = 0x10001 i.e. 1:1
But when I am trying it out, its not wo
Wang wrote:
> On Mon, Aug 24, 2015 at 10:14 PM, Akshat Kakkar wrote:
>> Dear Florian,
>>
>> There are two filters 15:2:2 and 15:2:3 and I have deleted only
>> 15:2:3, so 15:2:2 will still be there and hence this condition
>> "destroy proto tp when all filt
Dear Florian,
There are two filters 15:2:2 and 15:2:3 and I have deleted only
15:2:3, so 15:2:2 will still be there and hence this condition
"destroy proto tp when all filters are gone" should not be applicable
over here.
On Tue, Aug 25, 2015 at 4:52 AM, Florian Westphal wrote:
>
When I am trying to delete a single tc filter (i.e. specifying its
handle), it is deleting all the
filters with the same priority/preference. i.e. it is ignoring the
handle specified.
But, When I am doing similar activity in hashtable 800: it is deleting only the
specified filter, i.e. it is behav
Thanks for the reply.
And ya ... it is the same. :)
On Mon, Aug 24, 2015 at 12:17 PM, Vadim Kochan wrote:
> On Mon, Aug 24, 2015 at 11:40:10AM +0530, Akshat Kakkar wrote:
>> Dear All,
>> A behavioural bug has been found in iproute2. How and where should I report
>> it?
&g
Dear All,
A behavioural bug has been found in iproute2. How and where should I report it?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
I actually posted this on lartc first. But then it was suggested to
post it over here as you guys might be able to guide better.
Please help ...
On Fri, Aug 21, 2015 at 10:38 AM, Akshat Kakkar wrote:
> When I am trying to delete a single tc filter, it deleting all the
> filters with th
When I am trying to delete a single tc filter, it deleting all the
filters with the same priority/preference. i.e. it is ignoring the
handle specified.
But, When I am deleting in hashtable 800: it is deleting only the
specified filter.
For example, following set of commands create a hashtable 1
45 matches
Mail list logo
