diff --git a/LDP/howto/docbook/Adv-Routing-HOWTO.sgml b/LDP/howto/docbook/Adv-Routing-HOWTO.sgml
index 568946bd..d07b263a 100644
--- a/LDP/howto/docbook/Adv-Routing-HOWTO.sgml
+++ b/LDP/howto/docbook/Adv-Routing-HOWTO.sgml
@@ -915,7 +915,7 @@ that connect a local network (or even a single machine) to the big Internet.
There are usually two questions given this setup.
-
+
Split access
The first is how to route answers to packets coming in over a
@@ -986,6 +986,7 @@ There are usually two questions given this setup.
or you are going to want to masquerade to one of the two providers. In both
cases you will want to add rules selecting which provider to route out from
based on the IP address of the machine in the local network.
+
Load balancing
@@ -1980,6 +1981,7 @@ ICMP
+
txqueuelen
@@ -1993,6 +1995,7 @@ execute: ifconfig eth0 txqueuelen 10
You can't set this parameter with tc!
+
@@ -2100,6 +2103,7 @@ latency parameter, which specifies the maximum amount of time a packet can
sit in the TBF. The latter calculation takes into account the size of the
bucket, the rate and possibly the peakrate (if set).
+
burst/buffer/maxburst
@@ -2115,6 +2119,7 @@ rates require a larger buffer. For 10mbit/s on Intel, you need at least
If your buffer is too small, packets may be dropped because more tokens
arrive per timer tick than fit in your bucket.
+
mpu
@@ -2124,6 +2129,7 @@ A zero-sized packet does not use zero bandwidth. For ethernet, no packet
uses less than 64 bytes. The Minimum Packet Unit determines the minimal
token usage for a packet.
+
rate
@@ -2131,6 +2137,7 @@ token usage for a packet.
The speedknob. See remarks above about limits!
+
@@ -2163,6 +2170,7 @@ our waits so we send just at peakrate.
However, due to de default 10ms timer resolution of Unix, with 10.000 bits
average packets, we are limited to 1mbit/s of peakrate!
+
mtu/minburst
@@ -2182,6 +2190,7 @@ all.
To calculate the maximum possible peakrate, multiply the configured mtu by
100 (or more correctly, HZ, which is 100 on Intel, 1024 on Alpha).
+
@@ -2287,6 +2296,7 @@ The SFQ is pretty much self tuning:
Reconfigure hashing once this many seconds. If unset, hash will never be
reconfigured. Not recommended. 10 seconds is probably a good value.
+
quantum
@@ -2296,6 +2306,7 @@ Amount of bytes a stream is allowed to dequeue before the next queue gets a
turn. Defaults to 1 maximum sized packet (MTU-sized). Do not set below the
MTU!
+
@@ -2434,6 +2445,7 @@ Read it for the strict definitions of the terms used.
An algorithm that manages the queue of a device, either incoming (ingress)
or outgoing (egress).
+
Classless qdisc
@@ -2441,6 +2453,7 @@ or outgoing (egress).
A qdisc with no configurable internal subdivisions.
+
Classful qdisc
@@ -2453,6 +2466,7 @@ bands which are, in fact, classes. However, from the user's configuration
perspective, it is classless as the classes can't be touched with the tc
tool.
+
Classes
@@ -2461,6 +2475,7 @@ tool.
A classful qdisc may have many classes, which each are internal to the
qdisc. Each of these classes may contain a real qdisc.
+
Classifier
@@ -2469,6 +2484,7 @@ qdisc. Each of these classes may contain a real qdisc.
Each classful qdisc needs to determine to which class it needs to send a
packet. This is done using the classifier.
+
Filter
@@ -2477,6 +2493,7 @@ packet. This is done using the classifier.
Classification can be performed using filters. A filter contains a number of
conditions which if matched, make the filter match.
+
Scheduling
@@ -2487,6 +2504,7 @@ go out earlier than others. This process is called Scheduling, and is
performed for example by the pfifo_fast qdisc mentioned earlier. Scheduling
is also called 'reordering', but this is confusing.
+
Shaping
@@ -2496,6 +2514,7 @@ The process of delaying packets before they go out to make traffic confirm
to a configured maximum rate. Shaping is performed on egress. Colloquially,
dropping packets to slow traffic down is also often called Shaping.
+
Policing
@@ -2505,6 +2524,7 @@ Delaying or dropping packets in order to make traffic stay below a
configured bandwidth. In Linux, policing can only drop a packet and not
delay it - there is no 'ingress queue'.
+
Work-Conserving
@@ -2514,6 +2534,7 @@ A work-conserving qdisc always delivers a packet if one is available. In
other words, it never delays a packet if the network adaptor is ready to
send one (in the case of an egress qdisc).
+
non-Work-Conserving
@@ -2524,6 +2545,7 @@ to a packet for a certain time in order to limit the bandwidth. This means
that they sometimes refuse to give up a packet, even though they have one
available.
+
@@ -2811,6 +2833,7 @@ The following parameters are recognized by tc:
Number of bands to create. Each band is in fact a class. If you change this
number, you must also change:
+
priomap
@@ -2824,6 +2847,7 @@ at the TC_PRIO priority to decide how to enqueue traffic.
This works just like with the pfifo_fast qdisc mentioned earlier, see there
for lots of detail.
+
The bands are classes, and are called major:1 to major:3 by default, so if
@@ -3051,6 +3075,7 @@ These are parameters you can specify in order to configure shaping:
Average size of a packet, measured in bytes. Needed for calculating maxidle,
which is derived from maxburst, which is specified in packets.
+
bandwidth
@@ -3059,6 +3084,7 @@ which is derived from maxburst, which is specified in packets.
The physical bandwidth of your device, needed for idle time
calculations.
+
cell
@@ -3069,6 +3095,7 @@ based on the packet size. An 800 and an 806 size packet may take just as long
to send, for example - this sets the granularity. Most often set to '8'.
Must be an integral power of two.
+
maxburst
@@ -3079,6 +3106,7 @@ at maxidle, this number of average packets can be burst before avgidle drops
to 0. Set it higher to be more tolerant of bursts. You can't set maxidle
directly, only via this parameter.
+
minburst
@@ -3096,6 +3124,7 @@ The time to wait is called the offtime. Higher values of minburst lead to
more accurate shaping in the long term, but to bigger bursts at millisecond
timescales.
+
minidle
@@ -3111,6 +3140,7 @@ it gets too low.
Minidle is specified in negative microseconds, so 10 means that avgidle is
capped at -10us.
+
mpu
@@ -3120,6 +3150,7 @@ Minimum packet size - needed because even a zero size packet is padded
to 64 bytes on ethernet, and so takes a certain time to transmit. CBQ needs
to know this to accurately calculate the idle time.
+
rate
@@ -3127,6 +3158,7 @@ to know this to accurately calculate the idle time.
Desired rate of traffic leaving this qdisc - this is the 'speed knob'!
+
@@ -3176,6 +3208,7 @@ the 'priority' parameter. Each time a class gets its turn, it can only send out
a limited amount of data. 'Allot' is the base unit of this amount. See
the 'weight' parameter for more information.
+
prio
@@ -3185,6 +3218,7 @@ The CBQ can also act like the PRIO device. Inner classes with lower priority
are tried first and as long as they have traffic, other classes are not
polled for traffic.
+
weight
@@ -3203,6 +3237,7 @@ using 'rate/10' as a rule of thumb and it appears to work well. The renormalized
weight is multiplied by the 'allot' parameter to determine how much data can
be sent in one round.
+
@@ -3239,6 +3274,7 @@ agencies on your link who do want to give each other freebies.
The control program tc also knows about 'sharing', which is the reverse
of 'isolated'.
+
bounded/borrow
@@ -3248,6 +3284,7 @@ A class can also be 'bounded', which means that it will not try to borrow
bandwidth from sibling classes. tc also knows about 'borrow', which is the
reverse of 'bounded'.
+
A typical situation might be where you have two agencies on your link which
@@ -3750,6 +3787,7 @@ packet.
Source mask 'match ip src 1.2.3.0/24', destination mask 'match ip dst
4.3.2.0/24'. To match a single host, use /32, or omit the mask.
+
On source/destination port, all IP protocols
@@ -3757,6 +3795,7 @@ Source mask 'match ip src 1.2.3.0/24', destination mask 'match ip dst
Source: 'match ip sport 80 0xffff', 'match ip dport 0xffff'
+
On ip protocol (tcp, udp, icmp, gre, ipsec)
@@ -3765,6 +3804,7 @@ Source: 'match ip sport 80 0xffff', 'match ip dport 0xffff'
Use the numbers from /etc/protocols, for example, icmp is 1: 'match ip
protocol 1 0xff'.
+
On fwmark
@@ -3791,6 +3831,7 @@ The number 6 is arbitrary.
If you don't want to understand the full tc filter syntax, just use
iptables, and only learn to select on fwmark.
+
On the TOS field
@@ -3806,6 +3847,7 @@ To select interactive, minimum delay traffic:
Use 0x08 0xff for bulk traffic.
+
@@ -4240,6 +4282,7 @@ Bases the decision on how the firewall has marked the packet. This can be
the easy way out if you don't want to learn tc filter syntax. See the
Queueing chapter for details.
+
u32
@@ -4247,6 +4290,7 @@ Queueing chapter for details.
Bases the decision on fields within the packet (i.e. source IP address, etc)
+
route
@@ -4254,6 +4298,7 @@ Bases the decision on fields within the packet (i.e. source IP address, etc)
Bases the decision on which route the packet will be routed by
+
rsvp, rsvp6
@@ -4265,6 +4310,7 @@ URL="http://www.isi.edu/div7/rsvp/overview.html"
>. Only useful
on networks you control - the Internet does not respect RSVP.
+
tcindex
@@ -4272,6 +4318,7 @@ on networks you control - the Internet does not respect RSVP.
Used in the DSMARK qdisc, see the relevant section.
+
@@ -4297,6 +4344,7 @@ here for convenience:
The protocol this classifier will accept. Generally you will only be
accepting only IP traffic. Required.
+
parent
@@ -4305,6 +4353,7 @@ accepting only IP traffic. Required.
The handle this classifier is to be attached to. This handle must be
an already existing class. Required.
+
prio
@@ -4312,6 +4361,7 @@ an already existing class. Required.
The priority of this classifier. Lower numbers get tested first.
+
handle
@@ -4319,6 +4369,7 @@ The priority of this classifier. Lower numbers get tested first.
This handle means different things to different filters.
+
@@ -4828,6 +4879,7 @@ Currently, three actions are available:
Causes this filter not to match, but perhaps other filters will.
+
drop
@@ -4839,6 +4891,7 @@ For example, you may have a name server that falls over if offered more than
5mbit/s of packets, in which case an ingress filter could be used to make
sure no more is ever offered.
+
Pass/OK
@@ -4847,6 +4900,7 @@ sure no more is ever offered.
Pass on traffic ok. Might be used to disable a complicated filter, but leave
it in place.
+
reclassify
@@ -4855,6 +4909,7 @@ it in place.
Most often comes down to reclassification to Best Effort. This is the
default action.
+
@@ -5158,6 +5213,7 @@ Kuznetsov <kuznet@ms2.inr.ac.ru> and Andi Kleen <ak@muc.de>
If the kernel decides that it can't deliver a packet, it will drop it, and
send the source of the packet an ICMP notice to this effect.
+
/proc/sys/net/ipv4/icmp_echo_ignore_all
@@ -5166,6 +5222,7 @@ send the source of the packet an ICMP notice to this effect.
Don't act on echo packets at all. Please don't set this by default, but if
you are used as a relay in a DoS attack, it may be useful.
+
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts [Useful]
@@ -5175,6 +5232,7 @@ If you ping the broadcast address of a network, all hosts are supposed to
respond. This makes for a dandy denial-of-service tool. Set this to 1 to
ignore these broadcast messages.
+
/proc/sys/net/ipv4/icmp_echoreply_rate
@@ -5182,6 +5240,7 @@ ignore these broadcast messages.
The rate at which echo replies are sent to any one destination.
+
/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
@@ -5190,6 +5249,7 @@ The rate at which echo replies are sent to any one destination.
Set this to ignore ICMP errors caused by hosts in the network reacting badly
to frames sent to what they perceive to be the broadcast address.
+
/proc/sys/net/ipv4/icmp_paramprob_rate
@@ -5199,6 +5259,7 @@ A relatively unknown ICMP message, which is sent in response to incorrect
packets with broken IP or TCP headers. With this file you can control the
rate at which it is sent.
+
/proc/sys/net/ipv4/icmp_timeexceed_rate
@@ -5207,6 +5268,7 @@ rate at which it is sent.
This the famous cause of the 'Solaris middle star' in traceroutes. Limits
number of ICMP Time Exceeded messages sent.
+
/proc/sys/net/ipv4/igmp_max_memberships
@@ -5215,6 +5277,7 @@ number of ICMP Time Exceeded messages sent.
Maximum number of listening igmp (multicast) sockets on the host.
FIXME: Is this true?
+
/proc/sys/net/ipv4/inet_peer_gc_maxtime
@@ -5226,6 +5289,7 @@ Minimum interval between garbage collection passes. This interval is in
effect under low (or absent) memory pressure on the pool. Measured in
jiffies.
+
/proc/sys/net/ipv4/inet_peer_gc_mintime
@@ -5234,6 +5298,7 @@ jiffies.
Minimum interval between garbage collection passes. This interval is in
effect under high memory pressure on the pool. Measured in jiffies.
+
/proc/sys/net/ipv4/inet_peer_maxttl
@@ -5243,6 +5308,7 @@ Maximum time-to-live of entries. Unused entries will expire after this
period of time if there is no memory pressure on the pool (i.e. when the
number of entries in the pool is very small). Measured in jiffies.
+
/proc/sys/net/ipv4/inet_peer_minttl
@@ -5253,6 +5319,7 @@ time-to-live on the reassembling side. This minimum time-to-live
is guaranteed if the pool size is less than inet_peer_threshold.
Measured in jiffies.
+
/proc/sys/net/ipv4/inet_peer_threshold
@@ -5263,6 +5330,7 @@ entries will be thrown aggressively. This threshold also determines
entries' time-to-live and time intervals between garbage collection passes.
More entries, less time-to-live, less GC interval.
+
/proc/sys/net/ipv4/ip_autoconfig
@@ -5271,6 +5339,7 @@ More entries, less time-to-live, less GC interval.
This file contains the number one if the host received its IP configuration by
RARP, BOOTP, DHCP or a similar mechanism. Otherwise it is zero.
+
/proc/sys/net/ipv4/ip_default_ttl
@@ -5280,6 +5349,7 @@ Time To Live of packets. Set to a safe 64. Raise it if you have a huge
network. Don't do so for fun - routing loops cause much more damage that
way. You might even consider lowering it in some circumstances.
+
/proc/sys/net/ipv4/ip_dynaddr
@@ -5290,6 +5360,7 @@ address. Once your demand interface comes up, any local TCP sockets which haven'
connection that brings up your interface itself does not work, but the
second try does.
+
/proc/sys/net/ipv4/ip_forward
@@ -5297,6 +5368,7 @@ second try does.
If the kernel should attempt to forward packets. Off by default.
+
/proc/sys/net/ipv4/ip_local_port_range
@@ -5305,6 +5377,7 @@ If the kernel should attempt to forward packets. Off by default.
Range of local ports for outgoing connections. Actually quite small by
default, 1024 to 4999.
+
/proc/sys/net/ipv4/ip_no_pmtu_disc
@@ -5315,6 +5388,7 @@ determine the largest Maximum Transfer Unit possible on your path. See also
the section on Path MTU discovery in the
chapter.
+
/proc/sys/net/ipv4/ipfrag_high_thresh
@@ -5325,6 +5399,7 @@ ipfrag_high_thresh bytes of memory is allocated for this purpose,
the fragment handler will toss packets until ipfrag_low_thresh
is reached.
+
/proc/sys/net/ipv4/ip_nonlocal_bind
@@ -5335,6 +5410,7 @@ which doesn't belong to a device on your system. This can be useful when
your machine is on a non-permanent (or even dynamic) link, so your services
are able to start up and bind to a specific address when your link is down.
+
/proc/sys/net/ipv4/ipfrag_low_thresh
@@ -5342,6 +5418,7 @@ are able to start up and bind to a specific address when your link is down.
Minimum memory used to reassemble IP fragments.
+
/proc/sys/net/ipv4/ipfrag_time
@@ -5349,6 +5426,7 @@ Minimum memory used to reassemble IP fragments.
Time in seconds to keep an IP fragment in memory.
+
/proc/sys/net/ipv4/tcp_abort_on_overflow
@@ -5358,6 +5436,7 @@ A boolean flag controlling the behaviour under lots of incoming connections.
When enabled, this causes the kernel to actively send RST packets when a
service is overloaded.
+
/proc/sys/net/ipv4/tcp_fin_timeout
@@ -5371,6 +5450,7 @@ to overflow memory with kilotons of dead sockets, FIN-WAIT-2 sockets are
less dangerous than FIN-WAIT-1, because they eat maximum 1.5K of memory, but
they tend to live longer. Cf. tcp_max_orphans.
+
/proc/sys/net/ipv4/tcp_keepalive_time
@@ -5380,6 +5460,7 @@ How often TCP sends out keepalive messages when keepalive is enabled.
Default: 2hours.
+
/proc/sys/net/ipv4/tcp_keepalive_intvl
@@ -5389,6 +5470,7 @@ How frequent probes are retransmitted, when a probe isn't acknowledged.
Default: 75 seconds.
+
/proc/sys/net/ipv4/tcp_keepalive_probes
@@ -5402,6 +5484,7 @@ Default value: 9.
Multiplied with tcp_keepalive_intvl, this gives the time a link can be
non-responsive after a keepalive has been sent.
+
/proc/sys/net/ipv4/tcp_max_orphans
@@ -5416,6 +5499,7 @@ network conditions require more than default value, and tune network
services to linger and kill such states more aggressively. Let me remind you
again: each orphan eats up to 64K of unswappable memory.
+
/proc/sys/net/ipv4/tcp_orphan_retries
@@ -5426,6 +5510,7 @@ Default value 7 corresponds to 50sec-16min depending on RTO. If your machi
is a loaded WEB server, you should think about lowering this value, such
sockets may consume significant resources. Cf. tcp_max_orphans.
+
/proc/sys/net/ipv4/tcp_max_syn_backlog
@@ -5439,6 +5524,7 @@ make it greater than 1024, it would be better to change TCP_SYNQ_HSIZE in
include/net/tcp.h to keep TCP_SYNQ_HSIZE*16<=tcp_max_syn_backlog and to
recompile kernel.
+
/proc/sys/net/ipv4/tcp_max_tw_buckets
@@ -5451,6 +5537,7 @@ not lower the limit artificially, but rather increase it (probably, after
increasing installed memory), if network conditions require more than
default value.
+
/proc/sys/net/ipv4/tcp_retrans_collapse
@@ -5460,6 +5547,7 @@ Bug-to-bug compatibility with some broken printers.
On retransmit try to send bigger packets to work around bugs in
certain TCP stacks.
+
/proc/sys/net/ipv4/tcp_retries1
@@ -5470,6 +5558,7 @@ and it is necessary to report this suspicion to network layer.
Minimal RFC value is 3, it is default, which corresponds
to 3sec-8min depending on RTO.
+
/proc/sys/net/ipv4/tcp_retries2
@@ -5484,6 +5573,7 @@ says that the limit should be longer than 100 sec.
It is too small number. Default value 15 corresponds to 13-30min
depending on RTO.
+
/proc/sys/net/ipv4/tcp_rfc1337
@@ -5495,6 +5585,7 @@ sockets in the time-wait state.
Default: 0
+
/proc/sys/net/ipv4/tcp_sack
@@ -5503,6 +5594,7 @@ Default: 0
Use Selective ACK which can be used to signify that specific packets are
missing - therefore helping fast recovery.
+
/proc/sys/net/ipv4/tcp_stdurg
@@ -5516,6 +5608,7 @@ Linux might not communicate correctly with them.
Default: FALSE
+
/proc/sys/net/ipv4/tcp_syn_retries
@@ -5524,6 +5617,7 @@ Default: FALSE
Number of SYN packets the kernel will send before giving up on the new
connection.
+
/proc/sys/net/ipv4/tcp_synack_retries
@@ -5534,6 +5628,7 @@ piggybacked ACK on it, to acknowledge the earlier received SYN. This is part
2 of the threeway handshake. This setting determines the number of SYN+ACK
packets sent before the kernel gives up on the connection.
+
/proc/sys/net/ipv4/tcp_timestamps
@@ -5544,6 +5639,7 @@ sequence numbers. A 1 gigabit link might conceivably re-encounter a previous
sequence number with an out-of-line value, because it was of a previous
generation. The timestamp will let it recognize this 'ancient packet'.
+
/proc/sys/net/ipv4/tcp_tw_recycle
@@ -5552,6 +5648,7 @@ generation. The timestamp will let it recognize this 'ancient packet'.
Enable fast recycling TIME-WAIT sockets. Default value is 1.
It should not be changed without advice/request of technical experts.
+
/proc/sys/net/ipv4/tcp_window_scaling
@@ -5561,6 +5658,7 @@ TCP/IP normally allows windows up to 65535 bytes big. For really fast
networks, this may not be enough. The window scaling options allows for
almost gigabyte windows, which is good for high bandwidth*delay products.
+
@@ -5584,6 +5682,7 @@ to resend your packet on the same interface), it will send us a ICMP
Redirect. This is a slight security risk however, so you may want to turn it
off, or use secure redirects.
+
/proc/sys/net/ipv4/conf/DEV/accept_source_route
@@ -5593,6 +5692,7 @@ Not used very much anymore. You used to be able to give a packet a list of
IP addresses it should visit on its way. Linux can be made to honor this IP
option.
+
/proc/sys/net/ipv4/conf/DEV/bootp_relay
@@ -5607,6 +5707,7 @@ such packets.
The default is 0, since this feature is not implemented yet (kernel version
2.2.12).
+
/proc/sys/net/ipv4/conf/DEV/forwarding
@@ -5614,6 +5715,7 @@ The default is 0, since this feature is not implemented yet (kernel version
Enable or disable IP forwarding on this interface.
+
/proc/sys/net/ipv4/conf/DEV/log_martians
@@ -5622,6 +5724,7 @@ Enable or disable IP forwarding on this interface.
See the section on
.
+
/proc/sys/net/ipv4/conf/DEV/mc_forwarding
@@ -5629,6 +5732,7 @@ See the section on
If we do multicast forwarding on this interface
+
/proc/sys/net/ipv4/conf/DEV/proxy_arp
@@ -5640,6 +5744,7 @@ pseudo bridges'. Do take care that your netmasks are very correct before
enabling this! Also be aware that the rp_filter, mentioned elsewhere, also
operates on ARP queries!
+
/proc/sys/net/ipv4/conf/DEV/rp_filter
@@ -5648,6 +5753,7 @@ operates on ARP queries!
See the section on
.
+
/proc/sys/net/ipv4/conf/DEV/secure_redirects
@@ -5656,6 +5762,7 @@ See the section on
Accept ICMP redirect messages only for gateways, listed in default gateway
list. Enabled by default.
+
/proc/sys/net/ipv4/conf/DEV/send_redirects
@@ -5663,6 +5770,7 @@ list. Enabled by default.
If we send the above mentioned redirects.
+
/proc/sys/net/ipv4/conf/DEV/shared_media
@@ -5671,6 +5779,7 @@ If we send the above mentioned redirects.
If it is not set the kernel does not assume that different subnets on this
device can communicate directly. Default setting is 'yes'.
+
/proc/sys/net/ipv4/conf/DEV/tag
@@ -5678,6 +5787,7 @@ device can communicate directly. Default setting is 'yes'.
FIXME: fill this in
+
@@ -5700,6 +5810,7 @@ Maximum for random delay of answers to neighbor solicitation messages in
jiffies (1/100 sec). Not yet implemented (Linux does not have anycast support
yet).
+
/proc/sys/net/ipv4/neigh/DEV/app_solicit
@@ -5708,6 +5819,7 @@ yet).
Determines the number of requests to send to the user level ARP daemon. Use 0
to turn off.
+
/proc/sys/net/ipv4/neigh/DEV/base_reachable_time
@@ -5716,6 +5828,7 @@ to turn off.
A base value used for computing the random reachable time value as specified
in RFC2461.
+
/proc/sys/net/ipv4/neigh/DEV/delay_first_probe_time
@@ -5724,6 +5837,7 @@ in RFC2461.
Delay for the first time probe if the neighbor is reachable. (see
gc_stale_time)
+
/proc/sys/net/ipv4/neigh/DEV/gc_stale_time
@@ -5735,6 +5849,7 @@ to another machine). When ucast_solicit is greater than 0 it first tries to
send an ARP packet directly to the known host When that fails and
mcast_solicit is greater than 0, an ARP request is broadcast.
+
/proc/sys/net/ipv4/neigh/DEV/locktime
@@ -5743,6 +5858,7 @@ mcast_solicit is greater than 0, an ARP request is broadcast.
An ARP/neighbor entry is only replaced with a new one if the old is at least
locktime old. This prevents ARP cache thrashing.
+
/proc/sys/net/ipv4/neigh/DEV/mcast_solicit
@@ -5750,6 +5866,7 @@ locktime old. This prevents ARP cache thrashing.
Maximum number of retries for multicast solicitation.
+
/proc/sys/net/ipv4/neigh/DEV/proxy_delay
@@ -5759,6 +5876,7 @@ Maximum time (real time is random [0..proxytime]) before answering to an
request for which we have an proxy ARP entry. In some cases, this is used to
prevent network flooding.
+
/proc/sys/net/ipv4/neigh/DEV/proxy_qlen
@@ -5766,6 +5884,7 @@ prevent network flooding.
Maximum queue length of the delayed proxy arp timer. (see proxy_delay).
+
/proc/sys/net/ipv4/neigh/DEV/retrans_time
@@ -5775,6 +5894,7 @@ The time, expressed in jiffies (1/100 sec), between retransmitted Neighbor
Solicitation messages. Used for address resolution and to determine if a
neighbor is unreachable.
+
/proc/sys/net/ipv4/neigh/DEV/ucast_solicit
@@ -5782,6 +5902,7 @@ neighbor is unreachable.
Maximum number of retries for unicast solicitation.
+
/proc/sys/net/ipv4/neigh/DEV/unres_qlen
@@ -5790,6 +5911,7 @@ Maximum number of retries for unicast solicitation.
Maximum queue length for a pending arp request - the number of packets which
are accepted from other layers while the ARP address is still resolved.
+
Internet QoS: Architectures and Mechanisms for Quality of Service,
@@ -5799,6 +5921,7 @@ Zheng Wang, ISBN 1-55860-608-4
Hardcover textbook covering topics
related to Quality of Service. Good for understanding basic concepts.
+
@@ -5820,6 +5943,7 @@ log from the routing code. The higher the error_cost factor is, the fewer
messages will be written. Error_burst controls when messages will be dropped.
The default settings limit warning messages to one every five seconds.
+
/proc/sys/net/ipv4/route/error_cost
@@ -5830,6 +5954,7 @@ log from the routing code. The higher the error_cost factor is, the fewer
messages will be written. Error_burst controls when messages will be dropped.
The default settings limit warning messages to one every five seconds.
+
/proc/sys/net/ipv4/route/flush
@@ -5837,6 +5962,7 @@ The default settings limit warning messages to one every five seconds.
Writing to this file results in a flush of the routing cache.
+
/proc/sys/net/ipv4/route/gc_elasticity
@@ -5855,6 +5981,7 @@ URL="http://mailman.ds9a.nl/pipermail/lartc/2002q1/002667.html"
>this post by Ard van Breemen.
+
/proc/sys/net/ipv4/route/gc_interval
@@ -5862,6 +5989,7 @@ URL="http://mailman.ds9a.nl/pipermail/lartc/2002q1/002667.html"
See /proc/sys/net/ipv4/route/gc_elasticity.
+
/proc/sys/net/ipv4/route/gc_min_interval
@@ -5869,6 +5997,7 @@ See /proc/sys/net/ipv4/route/gc_elasticity.
See /proc/sys/net/ipv4/route/gc_elasticity.
+
/proc/sys/net/ipv4/route/gc_thresh
@@ -5876,6 +6005,7 @@ See /proc/sys/net/ipv4/route/gc_elasticity.
See /proc/sys/net/ipv4/route/gc_elasticity.
+
/proc/sys/net/ipv4/route/gc_timeout
@@ -5883,6 +6013,7 @@ See /proc/sys/net/ipv4/route/gc_elasticity.
See /proc/sys/net/ipv4/route/gc_elasticity.
+
/proc/sys/net/ipv4/route/max_delay
@@ -5890,6 +6021,7 @@ See /proc/sys/net/ipv4/route/gc_elasticity.
Delays for flushing the routing cache.
+
/proc/sys/net/ipv4/route/max_size
@@ -5898,6 +6030,7 @@ Delays for flushing the routing cache.
Maximum size of the routing cache. Old entries will be purged once the cache
reached has this size.
+
/proc/sys/net/ipv4/route/min_adv_mss
@@ -5905,6 +6038,7 @@ reached has this size.
FIXME: fill this in
+
/proc/sys/net/ipv4/route/min_delay
@@ -5912,6 +6046,7 @@ FIXME: fill this in
Delays for flushing the routing cache.
+
/proc/sys/net/ipv4/route/min_pmtu
@@ -5919,6 +6054,7 @@ Delays for flushing the routing cache.
FIXME: fill this in
+
/proc/sys/net/ipv4/route/mtu_expires
@@ -5926,6 +6062,7 @@ FIXME: fill this in
FIXME: fill this in
+
/proc/sys/net/ipv4/route/redirect_load
@@ -5935,6 +6072,7 @@ Factors which determine if more ICMP redirects should be sent to a specific
host. No redirects will be sent once the load limit or the maximum number of
redirects has been reached.
+
/proc/sys/net/ipv4/route/redirect_number
@@ -5942,6 +6080,7 @@ redirects has been reached.
See /proc/sys/net/ipv4/route/redirect_load.
+
/proc/sys/net/ipv4/route/redirect_silence
@@ -5950,6 +6089,7 @@ See /proc/sys/net/ipv4/route/redirect_load.
Timeout for redirects. After this period redirects will be sent again, even if
this has been stopped, because the load or number limit has been reached.
+
@@ -5997,6 +6137,7 @@ Specifies the length of the queue. Measured in bytes for bfifo, in packets
for pfifo. Defaults to the interface txqueuelen (see pfifo_fast chapter)
packets long or txqueuelen*mtu bytes for bfifo.
+
@@ -6650,8 +6791,7 @@ URL="http://linux-atm.sourceforge.net/"
This qdisc is not included in the standard kernels but can be downloaded from
�.
+/>.
Currently the qdisc is only tested with Linux 2.2 kernels but it will
probably work with 2.4/2.5 kernels too.
@@ -7070,6 +7210,7 @@ BUT
This would put additional load on the router and
some commercial routers might not even support this.
+
Using a Layer 4 switch.
@@ -7087,6 +7228,7 @@ The cost for this equipment is usually very high. Typical
layer 4 switch would normally cost more than
a typical router+good linux server.
+
Using cache server as network's gateway.
@@ -7107,6 +7249,7 @@ or the server itself might crash and no one on the
network will be able to access the Internet if
that occurs.
+
Linux+NetFilter router.
@@ -7117,6 +7260,7 @@ which is using NetFilter for "mark"ing the packets
with destination port 80 and using iproute2 to
route the "mark"ed packets to the Squid server.
+
@@ -7255,6 +7399,7 @@ naret# ip route add default via 10.0.0.2 dev eth0 table www.out
naret# ip route flush cache
+
@@ -7581,6 +7726,7 @@ This means that downloading or uploading files should not disturb SSH or
even telnet. These are the most important things, even 200ms latency is
sluggish to work over.
+
Allow 'surfing' at reasonable speeds while up or downloading
@@ -7589,6 +7735,7 @@ sluggish to work over.
Even though http is 'bulk' traffic, other traffic should not drown it out
too much.
+
Make sure uploads don't harm downloads, and the other way around
@@ -7597,6 +7744,7 @@ too much.
This is a much observed phenomenon where upstream traffic simply destroys
download speed.
+
It turns out that all this is possible, at the cost of a tiny bit of
@@ -7652,6 +7800,7 @@ eliminated, and moved to your Linux router. Luckily this is possible.
By limiting our upload speed to slightly less than the truly available rate,
no queues are built up in our modem. The queue is now moved to Linux.
+
Limit download speed
@@ -7663,6 +7812,7 @@ which causes TCP/IP to slow down to just the rate we want. Because we don't
want to drop traffic unnecessarily, we configure a 'burst' size we allow at
higher speed.
+
@@ -8348,6 +8498,7 @@ URL="http://scry.wanfear.com/~greear/vlan/cisco_howto.html"
Update: has been included in the kernel as of 2.4.14 (perhaps 13).
+
Alternate 802.1Q VLAN Implementation for Linux
+
Linux Virtual Server
+
CBQ.init
+
Chronox easy shaping scripts
+
Virtual Router
@@ -8523,6 +8678,7 @@ Not *one* ping packet was lost! Just after packet 4, I disconnected my P200
from the network, and my 486 took over, which you can see from the higher
latency.
+
@@ -8544,6 +8700,7 @@ URL="http://snafu.freedom.org/linux2.2/iproute-notes.html"
Contains lots of technical information, comments from the kernel
+
Slides by Jamal Hadi Salim, one of the authors of Linux traffic control
+
+
+
Differentiated Services on Linux
@@ -8590,6 +8750,7 @@ URL="ftp://icaftp.epfl.ch/pub/linux/diffserv/misc/dsid-01.txt.gz"
Kuznetsov describes DiffServ facilities in the Linux kernel, amongst which
are TBF, GRED, the DSMARK qdisc and the tcindex classifier.
+
+
+
Docum experimental site
+
TCP/IP Illustrated, volume 1, W. Richard Stevens, ISBN 0-201-63346-9
@@ -8636,6 +8800,7 @@ of practical information, examples, tests and also points out some CBQ/tc bugs.
Required reading if you truly want to understand TCP/IP. Entertaining as
well.
+