I send frames in packets from a client to a server on the server I want to shape my traffic.
I use this script to control the traffic. First down to 80 kbit after 10 seconds down to 40 kbit. (I know this is ridiculously low, I usually use bigger values)
#!/bin/bash
datenrate=80
datenrate2=40
echo "setting datarate to ${datenrate}"
touch started.info
sudo tc qdisc del dev ens3 root
sudo tc qdisc add dev ens3 handle 1: root htb default 11
sudo tc class add dev ens3 parent 1: classid 1:1 htb rate ${datenrate}kbit
sudo tc class add dev ens3 parent 1:1 classid 1:11 htb rate ${datenrate}kbit
echo "worked"
MSECONDS=$(($(date +%s%N)/1000000))
STOPTIME=0
while :
do
STOPTIME=$((($(date +%s%N)/1000000) - $MSECONDS))
if [ $STOPTIME -ge 10000 ]
then
sudo tc qdisc del dev ens3 root
sudo tc qdisc add dev ens3 handle 1: root htb default 11
sudo tc class add dev ens3 parent 1: classid 1:1 htb rate ${datenrate2}kbit
sudo tc class add dev ens3 parent 1:1 classid 1:11 htb rate ${datenrate2}kbit
touch calledthrottle.info
break
fi
done
echo "10 sec over - setting up a datarate drop to ${datenrate2} kbit"
while :
do
STOPTIME=$((($(date +%s%N)/1000000) - $MSECONDS))
if [ $STOPTIME -ge 20000 ]
then
sudo tc qdisc del dev ens3 root
echo "set to normal"
break
fi
done
touch ended.info
On my client I generate a logfile which I plot with GNUPlot and I both calculate the avg uploadspeed on server and on the client. In this case 2740 kbit/s. Am I not using the tc tool correctly?
Image of my results generated with GNUPlot:
Upload speed
tc qdisc show dev ens3
gives me
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
which Im not able to delete with
sudo tc qdisc del dev ens3 root
Would be kind if someone could point me in the right direction and could explain why there is such a high upload rate, why there are frames coming through with a far higher throughput then shaped. Thank you.
Updated as adviced
Ok upload rate 80 kbit in tc gives me around 80*8 = 640 KiloBit/s. Still does not explain the fluctuation of the packet income
Related
I am trying to simulate a 5% packet loss using the tc tool at server port 1234. Here are my steps -
sudo tc qdisc del dev eth0 root
sudo tc qdisc add dev eth0 root handle 1: prio
sudo tc filter add dev eth0 parent 1: protocol ip prio 1 u32 flowid 1:1 match ip dport 1234 0xffff
sudo tc qdisc add dev eth0 parent 1:1 handle 1: netem loss 5%
There are no errors during the above commands. But when I send any TCP traffic to that port, there is no packet loss observed.
What am I doing wrong in the above commands ?
Any help is appreciated.
See https://serverfault.com/a/841865/342799 for similar case.
Commands I have in my testing rig to drop 5.5% of packets:
# tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
# tc qdisc add dev eth0 parent 1:1 handle 10: netem loss 5.5% 25%
# DST_IP=1.2.3.4/32
# tc filter add \
dev eth0 \
parent 1: \
protocol ip \
prio 1 \
u32 \
match ip dst $DST_IP \
flowid 1:1
To confirm, run:
# ping -f -c 1000 $DST_IP
before and after this setup.
Note: Almost all hosting providers start throttling your traffic if you do lot of flood pings.
I have following routing table:
➜ ~ netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.0.1 UGSc 63 1 en0
default 10.255.254.1 UGScI 1 0 ppp0
10 ppp0 USc 2 4 ppp0
10.255.254.1 10.255.254.2 UHr 1 0 ppp0
92.46.122.12 192.168.0.1 UGHS 0 0 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 2 62144 lo0
169.254 link#4 UCS 0 0 en0
192.168.0 link#4 UCS 8 0 en0
192.168.0.1 c0:4a:0:2d:18:48 UHLWIir 60 370 en0 974
192.168.0.100 a0:f3:c1:22:1d:6e UHLWIi 1 228 en0 1174
How can I add gateway(10.25.1.252) to specific IP(10.12.254.9) inside VPN.
I tried this command but with no luck:
sudo route -n add 10.12.0.0/16 10.25.1.252
But traceroute show that it uses default gateway:
~ traceroute 10.12.254.9
traceroute to 10.12.254.9 (10.12.254.9), 64 hops max, 52 byte packets
1 10.255.254.1 (10.255.254.1) 41.104 ms 203.766 ms 203.221 ms
Are you using Cisco AnyConnect? Here's a tidbit from https://supportforums.cisco.com/document/7651/anyconnect-vpn-client-faq
Q. How does the AnyConnect client enforce/monitor the
tunnel/split-tunnel policy?
A. AnyConnect enforces the tunnel policy in 2 ways:
1)Route monitoring and repair (e.g. if you change the route table),
AnyConnect will restore it to what was provisioned.
2)Filtering (on platforms that support filter engines). Filtering ensures that even if you could perform some sort of route injection, the filters would block the packets.
Which I interpret as: Whenever you change the route from, the Cisco client resets the route to what your VPN administrator configured.
Your best bet it to talk to you VPN administrator and ask them to add your route.
I am trying to modify the Red Algorithm (http://en.wikipedia.org/wiki/Random_early_detection) for certain experiments.
After modifying the code, I loaded onto the kernel using the insmod command.
I verified the successful loading by using lsmod | grep red_new
However when I try to use the tc qdisc command it fails giving the following error:
tc qdisc add dev eth0 root red_new limit 100 min 80 max 90 avpkt 10 burst 10 probability 1 bandwidth 200 ecn
unknown qdisc "red_new" hence option "limit" is unparsable
What could be the possible reason ?
After running the ltrace command suggested by ymonad I get the following output:
strlen("red_new") = 7
strlen("red_new") = 7
strlen("red_new") = 7
strncpy(0x7fff6467ad10, "red_new", 15) = 0x7fff6467ad10
dlopen("./tc/q_red_new.so", 1) = 0x1abe030
dlsym(0x1abe030, "red_new_qdisc_util") = 0x7f62bdd240c0
memcpy(0x7fff6467ad48, "red_new\0", 8) = 0x7fff6467ad48
I ran the tc qdisc show to check if it was added but it hasn't.
tc qdisc show
qdisc mq 0: dev eth0 root
qdisc mq 0: dev eth1 root
qdisc mq 0: dev eth2 root
qdisc mq 0: dev eth3 root
According to the result of strace tc qdisc add dev eth0 root red_new, and source of tc command, it seems that tc is searching for $TC_LIB_DIR/q_red_new.so.
You have to create the module for your own. I would give you small instruction.
(1) Download source of iproute2 from following url, extract it, and cd to the folder.
https://wiki.linuxfoundation.org/networking/iproute2
(2) Copy q_red.c to q_red_new.c
$ cp tc/q_red.c tc/q_red_new.c
(3) Edit tc/q_red_new.c
Rename red_parse_opt, red_print_opt, red_print_xstats, to red_new_parse and so on.
Additionally you have to rename red_qdisk_util to req_new_qdisc_util and change the id and other members.
struct qdisc_util red_new_qdisc_util = {
.id = "red_new",
.parse_qopt = red_new_parse_opt,
.print_qopt = red_new_print_opt,
.print_xstats = red_new_print_xstats,
};
(4) Configure and build q_red_new.so
$ ./configure
$ make TCSO=q_red_new.so
now you see that ./tc/q_red_new.so is created
(5) Run tc command with TC_LIB_DIR environment.
$ TC_LIB_DIR='./tc' tc qdisc add dev eth0 root red_new
UPDATE: here's how to know that the tc command loaded the q_red_new.so correctly.
if dlopen returns zero then you failed to load./tc/q_red_new.so.
if dlsym returns zero then you failed to load red_new_qdisc_util inside the q_red_new.so.
# export TC_LIB_DIR='./tc'
# ltrace ./tc/tc qdisc add dev eth0 root red_new limit 100 min 80 max 90 avpkt 10 burst 10 probability 1 bandwidth 200 ecn 2>&1 | grep red_new
.. OMITTED ..
dlopen("./tc/q_red_new.so", 1) = 0x12c1030
snprintf("red_new_qdisc_util", 256, "%s_qdisc_util", "red_new") = 18
dlsym(0x12c1030, "red_new_qdisc_util") = 0x7f1cf0d6cc40
.. OMITTED ..
I am using Gumstix overo and from the past many days I am unable to get my Wifi working correctly.
I followed the instructions from Gumstix Overo Wifi and Overo Wifi to set correct parameters in /etc/network/interfaces and /etc/wpa_supplicant.conf.
/etc/network/interfaces file:
# Wireless interfaces
auto wlan0
iface wlan0 inet dhcp
pre-up wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf -B
down killall -q wpa_supplicant
wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
update_config=1
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="xxxxxx"
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
scan_ssid=1
psk="xxxxx"
priority=10
}
After setting up and running ifdown wlan0 && ifup wlan0 i constantly get this message:
[ 1176.528778] cfg80211: Calling CRDA to update world regulatory domain
[ 2155.687255] cfg80211: Calling CRDA to update world regulatory domain
[ 1175.293609] cfg80211: Calling CRDA to update world regulatory domain
My iwconfig:
lo no wireless extensions.
wlan0 IEEE 802.11bg ESSID:off/any
Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
My lsmod looks like this:
root#overo:~# lsmod
Module Size Used by
libertas_sdio 16484 0
libertas 99993 1 libertas_sdio
firmware_class 6920 2 libertas_sdio,libertas
ipv6 252525 22
cfg80211 172644 1 libertas
rfkill 17524 3 cfg80211
lib80211 5138 1 libertas
mt9v032 7169 1
omap3_isp 132270 0
v4l2_common 8681 2 omap3_isp,mt9v032
ads7846 10528 0
videodev 98880 3 omap3_isp,mt9v032,v4l2_common
media 12853 3 omap3_isp,mt9v032,videodev
I am using yocto project for gumstix cloned from https://github.com/gumstix/Gumstix-YoctoProject-Repo
It would be great help if I could get any inputs where I am doing wrong.
The reason for wifi drop is the Network manager. By disabling it we can run ifconfig, iwconfig without any interference from the NetworkManager.
or Another workaround is this which is quite successful:
After creating SD card with proper Image on, do not unmount the partitions.
Install a Custom systemd Service
To bring up the wireless interface on boot, you will need to create and install a custom systemd service on the microSD card.
In the rootfs partition, create a new service script:
$sudoedit /media/rootfs/etc/systemd/system/network-wireless#.service
Copy and paste the following into the file:
Description=Wireless network connectivity (%i)
Wants=network.target
Before=network.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/ifconfig %i up
ExecStart=/usr/sbin/wpa_supplicant -B -i %i -c /etc/wpa_supplicant.conf
ExecStart=/sbin/dhclient %i
RestartSec=1min
Restart=on-failure
ExecStop=/sbin/ifconfig %i down
[Install]
WantedBy=multi-user.target
Save this file.
Because we are editing these files on a development machine, the normal systemd method of enabling services (systemctl) will not work. To enable our new service:
~ Change into the multi-user.target.wants directory on the root filesystem:
$cd /media/rootfs/etc/systemd/system/multi-user.target.wants/
~ Create a symbolic link to enable the service:
Overo Series COMs
$sudo ln -s ../network-wireless#.service network-wireless#wlan0.service
Finally, edit the wpa_supplicant configuration file:
$sudoedit /media/rootfs/etc/wpa_supplicant.conf
Change it to look like the following:
network={
ssid="Your Network's SSID"
psk="Your WPA2 Passkey"
}
Save the file.
Unmount the partitions on the microSD card.
SSH Into Your System
1) If you don't know the ip $ssh root#overo.local
2) If you know the IP address $ssh root#192.xx.xx.xx.local
I have bunch of ipv6 neigh entries which are failed:
6000::2828:2802 dev eth2 lladdr 00:1f:a0:02:0e:b2 STALE
7000::1e1e:1e01 dev eth1 FAILED
8000::1e1e:1e01 dev eth1 FAILED
4000::1414:149e dev eth2 lladdr 00:03:00:04:00:09 PERMANENT
5000::1e1e:1e01 dev eth1 FAILED
3000::a0a:a3a dev eth1 lladdr 00:03:00:03:00:09 PERMANENT
Now, When I use flush to remove these entries, it says nothing to flush. Do you guys know how to flush or remove these entries, If I delete the entry, it goes in the failed state. Can I change the time for these values, so it automatically gets removed in say 10 seconds.
They should completely disappear when you do something like
ip -6 neigh del 3000::a0a:a3a dev eth1
But much more important: those addresses are bogons. They should never be in use anywhere... Seeing them in your neighbor discovery tables means that your system thinks they are on-link, and that should not be the case.
I suggest you look at your network configuration first. Your interfaces might have the wrong prefixes of prefix-lengths configured...
Yes you can have them removed in 10 secs or whatever.
$ sysctl net.ipv6.neigh.default
...
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
...
gc_interval is seconds after which the clean-up kicks in to remove stale entries.
gc_stale_time is seconds after which the entries are marked to be stale.
You can set both these values to 10. You can override these values exclusively for eth1 under net.ipv6.neigh.eth1.
$ sysctl -w net.ipv6.neigh.eth1.gc_interval=10
$ sysctl -w net.ipv6.neigh.eth1.gc_stale_time=10