Re: [LARTC] Routing/forwarding/shaping problems in v2.2.x (Long - sorry)

From: Gordan Bobic <lartc@bobich.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Routing/forwarding/shaping problems in v2.2.x (Long - sorry)
Date: Thu, 20 Mar 2003 13:38:34 +0000	[thread overview]
Message-ID: <marc-lartc-104816786407226@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104816249501359@msgid-missing>

On Thursday 20 Mar 2003 12:59, Julian Anastasov wrote:
> Hello,
>
> On Thu, 20 Mar 2003, Gordan Bobic wrote:
> > The setup:
> >
> > "Home brewed" v2.2.24 (will patch to v2.2.25 later today) with the DS8
> > patch applied. Currently downloading the DS9/rbtree/htb3 patches to be
> > applied later (obviously, unpatching the old DS8 first), and see if at
> > least some of my problems go away.
>
> 	Yes, DS-8 has many problems including security ones.
> The only problem is that I still didn't upgraded the patches to
> 2.2.25, may be in the next days I'll find time to do so.

It all patched cleanly anyway, don't worry about it. I patched 2.2.24 and then 
patched that to 2.2.25. I haven't compiled it yet because I am not in front 
of the machine right now (not doing remote kernel upgrades - bad things 
happen). :-)

> > Multiple cable/DSL lines with multiple default routes and equal cost
> > multipath.
>
> 	I strongly recommend the route patches in such case:
>
> http://www.ssi.bg/~ja/#routes-2.2
> http://www.ssi.bg/~ja/routes-2.2.20-7.diff

Aha! Thanks. I wonder if whis will cure my problems. BTW, that applies cleanly 
to my already heavily patched 2.2.25 tree.

> > When applying ingres shaping (policing filter) all executes fine without
> > reporting any errors, but
> >
> > tc -s -d qdisc show dev eth1
> > and
> > tc -s -d filter show dev eth1
>
> 	DS9 has fixes for the ingress stats

Marvellous. :-)

> > Can anyone hazard a guess as to why this is not doing what it should be?
> > Is this a know bug in DS8 and DS9 will fix it? I will try it anyway, just
> > to make sure, but some encouraging news would be nice. :-)
>
> 	Yes, yes, I'll add it to the changelog

:-)

> > 2) ipmasqadm portfw unstable/unreliable
> >
> > I have tried to use this approach to forward ports from the firewall to
> > an internal server. It works OK initially, but within minutes, things
> > start going wrong. Some connections get through on one interface but not
> > the other. Later, connections from the same host will work on a different
> > interface, but not the one it worked on initially.
>
> 	Such problems should be solved from the "routes" patches,
> they will keep each traffic through its ISP.

Excellent. Note that I also use policy routing so that the sessions started to 
ethX will always be reponded to on ethX. I think that is fairly standard 
(things break horribly otherwise). However, what happens when a host randomly 
alternates between IP addresses it is starting sessions to/from? This sort of 
worked before, but it quickly started to break. I take it that with the 
routes patch things will not fall apart like before?

> 	Read nano.txt from http://www.ssi.bg/~ja/#routes
> It is for 2.4 but the concept and the routing rules are same.

Thanks for that. I already have the setup working as far as multi-homedness 
(that cannot possibly be a word...) is concerned, though.

Thanks for the help.

Gordan
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/