Slashdot Mirror
Domain: lartc.org
Stories and comments across the archive that link to lartc.org.
Comments · 135
-
Re:Bandwidth limits?
Ok so uploads are slow. I can deal with that. But when I *do* decide to upload, not only is that slow, but I get *major* slowdowns on my dowloads and typically start getting packet loss too.
This is because your modem has a built in buffer. Say your upload speed is limited to 16k/sec and the modem has a 32k buffer. If you were maxing out the upload bandwidth, it would take a full two seconds for a packet to traverse the buffer.
If you are using a router, configure the router to limit upload traffic to a smaller amount than your upload limit. There a script for Linux that tries to do this (sometimes it works, sometimes it doesn't). -
Traffic shaping could solve most of these problems
...except, of course the fact that the ISP does pay for its traffic to the upstream providers. But that's their problem, not the users'. If they advertise their service 'unlimited', then they should be prepared to pay for what they customers use.
Which leaves us with nothing but the argument that a few people are hogging bandwidth from everyone else. There are a lot of things that could be done about that, even by using just some Linux boxen as a traffic shapers.See the Linux Advanced Routing & Traffic Control Howto for some ideas.
-
Yes, it is simple.
You may want to try the shoreline firewallif you want to learn to use an iptables firewall on linux.(or even if you dont, you can just use shorewall and never actually write your own custom scripts.)
add wondershaper and you can have a VERY decent firewall/traffic shaper knowing almost nothing of how it works.
If you have problems editing text files(such as shorewall uses for configuration) you can also use webmin for a point and click interface with most of the funtions. -
Re:Managing bandwidth
Because due to the assymetrical nature of ADSL, once my upstream gets clogged, it cannot facilitate the neccisary ACK's that need to be sent out to the other end in order to ensure my download stays up.
Check out WonderShaperIt is made especially for that.
-
If you want more information ...The layer 7 filtering is only a small part of a shaping setup. First of all, you need a htb or cbq setup. This changes the behaviour of the packets you send. You can create multiple cbq/htb classes. Each class can be seen as a seperate traffic channel that sends the packets that are placed in this class. Each class can have it's own config like minimal and maximal bandwidth, delays and so on.
To place the packets in the classes, you need some filters. The 2 most used filters are fw (it can use iptables marks) and u32 (it can use any bit in a packet). So basically, you are limited to ip-addresses and ports.
But with l7 filtering, you can look in the packets and use the contents of the packet to filter the packets and place them in the class you want. To do so, you have to be able the recognise the traffic. And that's what the extra kernel patch will do.
The more people are looking for ways to recognise patterns, the better. So if you find a new way to recoginise kazaa traffic (use tcpdump or so to examine the packets), send it to the l7 patch author so he can update the protocol definition file.
Some handy URL's :
lartc.org : information about "linux advanced routing and traffic control"
docum.org : my site -
Re:This will be nice
and use this GPL software:
http://lartc.org/wondershaper/. -
Wondershaper
Does anyone else use Wondershaper? It works very well for my cable modem and is extremely easy to set up and use. Any comments on how it compares to this one?
-
Re:Any documentation on this?
Well the linked site links to the original Linux traffic shaping web page, located here: http://lartc.org/. That would be a good start =).
-
Traffic shaping
Restricting upload speeds restricts download speeds. This is an absolute must-have feature for those of us on ADSL or other asymetric connection.
This issue causes problems in other situations as well, but there's a simple solution for those on Linux or BSD: traffic shaping. I use Wondershaper, but there are a bunch of scripts out there that set this up for you, and it's actually not all that hard to do yourself if you're willing to spend a little time on it.
The result is ping times and interactive responsiveness that don't change perceptibly regardless of the load. It does cost you a tiny fraction of your bandwidth, since the shaper intentionally leaves just a bit of unused space in your pipe so that new connections can start up, but the overall effect is a huge perceived performance improvement on a full pipe.
-
Re:Improvements
What you need is an intelligent router! Wondershaper, it really does do wonders!
-
Re:I'm blocking p2p on my network
Nice troll. I do have one bullet left in my mod gun right now, but I have decided to let you off with this warning.
Not everyone who uses p2p is illegally sharing copyrighted works. I have a p2p node that stays slammed offering completely legal and non-porn content. I host linux distros, stuff related to Orbiter space flight simulator (free), and stuff that gets slashdotted. (People still download the Starship Exeter videos).
The node runs slammed 24/7, and I've had to implement traffic control to be able to concurrently use my connection for other things. Why do I go to the trouble? Because p2p is the best hope of ordinary people to share information. The next Thomas Paine probably will not have access to a web server, and if he did post the 21st century version of "Common Sense", it would get DMCA'ed or shut down by the government. The only hope, then, of free speech is going to be p2p, particularly next generation encrypted/anonymous p2p networks.
If I'm smart enough to figure out how to shape traffic so that I can ssh over a 200k upstream connection swamped with p2p traffic, then I'm reasonably certain ISP managers can probably figure it out without finding new and creative ways to tax the first amendment.
-
Re:spam?
I salute your superior nazism. Of course, it sounds like you're running a business network, so you are entitled. I would recommend, however, that you consider bandwidth management practices. Blocking ports is like stepping on ants, especially when most p2p lets you change ports. If you instead prioritize your key business traffic, you will be amazed at the results.
-
Re:short term - new clients are too configurable
That's why you need to control your connection.
-
Linux traffich shaper here...
For the ones not willing to change their OS only for the trafic shaper DSL trick, here's the link for linux: (including many other very interesting things...) Linux advanced routing and traffic control
enjoy it!
Q. -
Re:Much better than all of us rushing the FTP servYou can use the firewall features of linux to greatly improve this:
-
Wonder ShaperThis is an easy way to setup a traffic shaper under Linux for the beginner. It is a script called Wonder Shaper. All you do is set your upload/download speed and magically download/uploading in bulk does not interfere with interactive apps like online games and SSH sessions.
-
Re:From one of the links - Script for linux
looks like Wondershaper to me.
-
Re:like wondershaper does for months now?
From the Wondershaper script:
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10 -
Linux solution
The Linux Advanced Routing & Traffic Control HOWTO discuss how to achieve the same thing on linux using QoS. See section 9.2.2.2(Sample configuration)
-
Linux solution
The Linux Advanced Routing & Traffic Control HOWTO discuss how to achieve the same thing on linux using QoS. See section 9.2.2.2(Sample configuration)
-
like wondershaper does for months now?
-
Re:Won't work!
With even rudimentary traffic shaping capabilities this problem is easilly solved without removing a single person's access. Simply allocate a small percentage (say, 10%) of the outgoing and incoming bandwidth to the problem sites (the Library, student housing, and probably most student labs) for ALL traffic, encrypted or otherwise, and leave the other 90% for "serious research."
How about this: give the "default" maximum bandwidth as 10% for "problem sites", but allow it to borrow from the other sites when they aren't using it...When "serious research" is taking 90%, the dorms only get 10%. If "serious research" is only taking 25%, then the dorms get the remainder, ie 75%. Pretty simple to do, too... See this.
-
Re:That won't work either
I wouldn't want my research slowed down because some freshmen was trying to download Friends episodes.
Implement traffic shaping, then, that will limit the bandwidth allowed by file-sharing programs.See here for details.
-
Re:oh my!Traffic shaping is a wonderful thing!
With it, you can give priority to certain packets, or de-prioritize other packets, or limit packets to a certain bandwidth, or
-
Solution for Linux 2.4/IPFilter
Assuming you use your linux machine as a router there is a solution. Using a recent distro/kernel there should be an ipt_TCPMSS module available. Running iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss -to-pmtu "does the trick" of adjusting packet sizes. Sites like CERT, SecurityFocus or GMX.de are accessible then.
-
Exact software configuration
I have recently achived this with two ADSL/Cable connection, there is not differences.
Using Linux Advanced Routing & Traffic Control HOWTO - Chapter 4.2. Routing for multiple uplinks/providers -
it's quite easy you know!
You just create your internal network, and as a router you get a litle linux box with (eg) 3 NICs in. One NIC goes to the internal network, the other 2 each to an adsl modem. You then read the Linux Advanced Routing & Traffic Control HOWTO. Chapter 10 is what you want to do
-
for maximum download while uploading try...
The Wondershaper: http://lartc.org/wondershaper/
Works nice for me -
So much disinformation
The latency is -- most likely -- caused by the huge buffers in the modem. It *is* possible to improve the situation locally. It's got nothing to do with asymetric lines or somesuch.
It's simple: what happens is that the upstream buffer in the DSL modem does'nt prioritize traffic at all, most likely it's just FIFO and big. So if the buffer is 128kB and you're serving a big file, your next Telnet packet is going to have to wait for these 128kB to go up before going itself.
The solution: have a router that artificially limit the outgoing bandwidth to slightly less that the DSL line permits to make sur the modem's buffer never fills up. Then it's the router's buffers that are filling up; but your router is smarter and you can have it order packet. IE if you have 128kB worth of warez0r waiting to go up, it can decide to let that lone Telnet packet go first.
Me I installed Wonder Shaper, works very well esp. when you've identified what causes the contention (just add the relevant ports to the junk traffic list), even if I completely saturate the link. There's one thing that doesn't work tho: I discovered that at times I had huge ping, again, even with wshaper. What happens (*I think*) is that my ISP is getting overloaded at times, and my actual bandwidth goes below what I set it to in Wshaper. I have to find a way to improve this. -
Re:Build a Linux box, use QoS and cbq.init
-
Re:Build a Linux box, use QoS and cbq.init
-
shape your trafficRun linux and shape your traffic so that an upload can't eat _ALL_ of your outgoing bandwidth.
See wondershaper for a semi user friendly script and the Linux Advanced Routing & Shaping HOWTO for docs if you want to tweak it.
-
shape your trafficRun linux and shape your traffic so that an upload can't eat _ALL_ of your outgoing bandwidth.
See wondershaper for a semi user friendly script and the Linux Advanced Routing & Shaping HOWTO for docs if you want to tweak it.
-
Re:This is timely for me as...
So far I've just used the DSL by setting up a few static routes. Load balancing would be great, but I'm not sure I want to pay $400 for a black box. Correction -- I'm sure I do not want to pay $400 for a black box.
As a reply to this and others of the style "Why use such a device when you can run linux/bsd on a PC" or "Why use bsd/linux on a PC when you can use such a device". Both ways have their advantages. If you have a PC lying around anyway and want maximum control over the connection (including traffic shaping to fix that high ping time which has everything to do with large buffers in the speedtouch), go for the PC. I haven't seen one of those routerboxes yet where I can set up IP/GRE tunnels, extended firewalling and IPv6-in-IPv4 tunnels. If you want 'plug, play and works', go for the dedicated box. -
Re:This is a good idea beyond CARP.
That's true of most DSL streams, but for example 56k modems have this 56k shared between up and down.
And my DSL's line (256/128) is affected by uploads. If I'm uploading above 12-13 Kb/s, my download rate drops. There are some recipes to avoid this (and further bandwidth magic) in the Linux Advanced Routing and Traffic Control HOWTO.