• Networking

Networking

/etc/sysconfig/network-scripts

If you want to convert a DHCP host to static, you need the following type stuff:

NETMASK=255.255.255.224
IPADDR=168.156.85.10
GATEWAY=168.156.85.1

New Commands

ethtool

the new mii-tool

ip

the new ifconfig

tc

traffic control - er.. I never did that before so it's not like I know an equivalent...

Traffic Policing Use Case

The vast majority of QOS, traffic control, bandwidth shaping or other hanky-panky is done on packets heading out of your box. The uses for meddling with inbound packets are pretty limited, seeing as the packets are already there and you can't go back in time to re-meddle with them before they go on their journey. One thing you can do is drop packets, thus simulating a saturated link and hopefully convincing the transmitter to slow down. Finding an actual use for this is pretty rare, so I wanted to write this down on the interweb so Google could index it for posterity. And, just for the benifit of Google: ingress, tc, iptables.

I have a switch with several linux servers. One is a server where my nightly backups go. When my machines do a backup they use pretty much all the bandwidth of the switch causing severe service crappyness and nagios alerts. I could limit the rate of the backups from each individual server but that would be a pain and it wouldn't even work if multiple machines were trying to run a backup at the same time. Instead, I'm going to limit the bandwidth in to the backup server. Woot!

Making it Work

And, after much ado: My script cribbed from several sources, including:

• http://lartc.org

• http://mailman.ds9a.nl/pipermail/lartc/2003q3/009572.html

• http://blog.stevedoria.net/20050906/ingress-policing-with-linux-and-tc

DEV=eth0
TC=tc
INDEV=$DEV
RATE=75mbit
BUFFER=50k

for ARG in $@ ; do
    if $ARG eq '-l' ; then
        LIST='TRUE';
    fi
done

if [ $LIST = $TRUE ] ; then
    #deleting the ingress qdisc
    $TC qdisc del dev $INDEV ingress

    # add ingress qdisc
    tc qdisc add dev $DEV handle ffff: ingress

    # add filter to ingress qdisc
    tc filter add dev $DEV parent ffff: \
        protocol ip prio 20 \
        u32 match ip src 0.0.0.0/0  \
        police rate $RATE buffer $BUFFER drop \
        flowid :1

fi

echo "---- qdisc parameters Ingress  ----------"
$TC qdisc ls dev $INDEV
echo "---- Class parameters Ingress  ----------"
$TC class ls dev $INDEV
echo "---- filter parameters Ingress ----------"
$TC filter ls dev $INDEV parent ffff:

Things it Took a While to Figure Out

• ingress qdisc always have the handle ffff:

• ingress qdisc cannot have sub-qdiscs. It can only have filters. Your job is to attach the ingress qdisk and then attach a filter. That's it.
• "police" is a special filter thing which indicates a kind of mini-tbf who's only purpose is ingress filters