<HTML ><HEAD ><TITLE >Linux Advanced Routing & Traffic Control HOWTO</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="NEXT" TITLE="Dedication" HREF="lartc.dedication.html"></HEAD ><BODY CLASS="BOOK" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="BOOK" ><A NAME="LARTC" ></A ><DIV CLASS="TITLEPAGE" ><H1 CLASS="TITLE" ><A NAME="AEN2" ></A >Linux Advanced Routing & Traffic Control HOWTO</H1 ><H3 CLASS="AUTHOR" ><A NAME="AEN5" ></A >Bert Hubert</H3 ><DIV CLASS="AFFILIATION" ><SPAN CLASS="ORGNAME" >Netherlabs BV<BR></SPAN ><DIV CLASS="ADDRESS" ><P CLASS="ADDRESS" ><TT CLASS="EMAIL" ><<A HREF="mailto:bert.hubert@netherlabs.nl" >bert.hubert@netherlabs.nl</A >></TT ></P ></DIV ></DIV ><SPAN CLASS="COLLAB" ><SPAN CLASS="COLLABNAME" >Gregory Maxwell</SPAN ><DIV CLASS="AFFILIATION" ><DIV CLASS="ADDRESS" ><P CLASS="ADDRESS" ><TT CLASS="EMAIL" ><<A HREF="mailto:greg@linuxpower.cx" >greg@linuxpower.cx</A >></TT ></P ></DIV ></DIV ><BR></SPAN ><SPAN CLASS="COLLAB" ><SPAN CLASS="COLLABNAME" >Remco van Mook</SPAN ><DIV CLASS="AFFILIATION" ><DIV CLASS="ADDRESS" ><P CLASS="ADDRESS" ><TT CLASS="EMAIL" ><<A HREF="mailto:remco@virtu.nl" >remco@virtu.nl</A >></TT ></P ></DIV ></DIV ><BR></SPAN ><SPAN CLASS="COLLAB" ><SPAN CLASS="COLLABNAME" >Martijn van Oosterhout</SPAN ><DIV CLASS="AFFILIATION" ><DIV CLASS="ADDRESS" ><P CLASS="ADDRESS" ><TT CLASS="EMAIL" ><<A HREF="mailto:kleptog@cupid.suninternet.com" >kleptog@cupid.suninternet.com</A >></TT ></P ></DIV ></DIV ><BR></SPAN ><SPAN CLASS="COLLAB" ><SPAN CLASS="COLLABNAME" >Paul B Schroeder</SPAN ><DIV CLASS="AFFILIATION" ><DIV CLASS="ADDRESS" ><P CLASS="ADDRESS" ><TT CLASS="EMAIL" ><<A HREF="mailto:paulsch@us.ibm.com" >paulsch@us.ibm.com</A >></TT ></P ></DIV ></DIV ><BR></SPAN ><SPAN CLASS="COLLAB" ><SPAN CLASS="COLLABNAME" >Jasper Spaans</SPAN ><DIV CLASS="AFFILIATION" ><DIV CLASS="ADDRESS" ><P CLASS="ADDRESS" ><TT CLASS="EMAIL" ><<A HREF="mailto:jasper@spaans.ds9a.nl" >jasper@spaans.ds9a.nl</A >></TT ></P ></DIV ></DIV ><BR></SPAN ><DIV CLASS="REVHISTORY" ><TABLE WIDTH="100%" BORDER="0" ><TR ><TH ALIGN="LEFT" VALIGN="TOP" COLSPAN="3" ><B >Revision History</B ></TH ></TR ><TR ><TD ALIGN="LEFT" >Revision 1.1</TD ><TD ALIGN="LEFT" >2002-07-22</TD ><TD ALIGN="LEFT" ></TD ></TR ><TR ><TD ALIGN="LEFT" COLSPAN="3" >DocBook Edition</TD ></TR ></TABLE ></DIV ><DIV ><DIV CLASS="ABSTRACT" ><A NAME="AEN42" ></A ><P ></P ><P >A very hands-on approach to <SPAN CLASS="APPLICATION" >iproute2</SPAN >, traffic shaping and a bit of <SPAN CLASS="APPLICATION" >netfilter</SPAN >. </P ><P ></P ></DIV ></DIV ><HR></DIV ><DIV CLASS="TOC" ><DL ><DT ><B >Table of Contents</B ></DT ><DT >1. <A HREF="lartc.dedication.html" >Dedication</A ></DT ><DT >2. <A HREF="lartc.intro.html" >Introduction</A ></DT ><DD ><DL ><DT >2.1. <A HREF="lartc.intro.disclaimer.html" >Disclaimer & License</A ></DT ><DT >2.2. <A HREF="lartc.intro.prior.html" >Prior knowledge</A ></DT ><DT >2.3. <A HREF="lartc.intro.linux.html" >What Linux can do for you</A ></DT ><DT >2.4. <A HREF="lartc.intro.houskeeping.html" >Housekeeping notes</A ></DT ><DT >2.5. <A HREF="lartc.intro.cvs.html" >Access, CVS & submitting updates</A ></DT ><DT >2.6. <A HREF="lartc.intro.mlist.html" >Mailing list</A ></DT ><DT >2.7. <A HREF="lartc.intro.layout.html" >Layout of this document</A ></DT ></DL ></DD ><DT >3. <A HREF="lartc.iproute2.html" >Introduction to iproute2</A ></DT ><DD ><DL ><DT >3.1. <A HREF="lartc.iproute2.why.html" >Why iproute2?</A ></DT ><DT >3.2. <A HREF="lartc.iproute2.tour.html" >iproute2 tour</A ></DT ><DT >3.3. <A HREF="lartc.iproute2.package.html" >Prerequisites</A ></DT ><DT >3.4. <A HREF="lartc.iproute2.explore.html" >Exploring your current configuration</A ></DT ><DT >3.5. <A HREF="lartc.iproute2.arp.html" >ARP</A ></DT ></DL ></DD ><DT >4. <A HREF="lartc.rpdb.html" >Rules - routing policy database</A ></DT ><DD ><DL ><DT >4.1. <A HREF="lartc.rpdb.simple.html" >Simple source policy routing</A ></DT ><DT >4.2. <A HREF="lartc.rpdb.multiple-links.html" >Routing for multiple uplinks/providers</A ></DT ></DL ></DD ><DT >5. <A HREF="lartc.tunnel.html" >GRE and other tunnels</A ></DT ><DD ><DL ><DT >5.1. <A HREF="lartc.tunnel.remarks.html" >A few general remarks about tunnels:</A ></DT ><DT >5.2. <A HREF="lartc.tunnel.ip-ip.html" >IP in IP tunneling</A ></DT ><DT >5.3. <A HREF="lartc.tunnel.gre.html" >GRE tunneling</A ></DT ><DT >5.4. <A HREF="lartc.tunnel.userland.html" >Userland tunnels</A ></DT ></DL ></DD ><DT >6. <A HREF="lartc.ipv6-tunnel.html" >IPv6 tunneling with Cisco and/or 6bone</A ></DT ><DD ><DL ><DT >6.1. <A HREF="lartc.tunnel-ipv6.addressing.html" >IPv6 Tunneling</A ></DT ></DL ></DD ><DT >7. <A HREF="lartc.ipsec.html" >IPsec: secure IP over the Internet</A ></DT ><DT >8. <A HREF="lartc.multicast.html" >Multicast routing</A ></DT ><DT >9. <A HREF="lartc.qdisc.html" >Queueing Disciplines for Bandwidth Management</A ></DT ><DD ><DL ><DT >9.1. <A HREF="lartc.qdisc.explain.html" >Queues and Queueing Disciplines explained</A ></DT ><DT >9.2. <A HREF="lartc.qdisc.classless.html" >Simple, classless Queueing Disciplines</A ></DT ><DT >9.3. <A HREF="lartc.qdisc.advice.html" >Advice for when to use which queue</A ></DT ><DT >9.4. <A HREF="lartc.qdisc.terminology.html" >Terminology</A ></DT ><DT >9.5. <A HREF="lartc.qdisc.classful.html" >Classful Queueing Disciplines</A ></DT ><DT >9.6. <A HREF="lartc.qdisc.filters.html" >Classifying packets with filters</A ></DT ><DT >9.7. <A HREF="lartc.imq.html" >The Intermediate queueing device (IMQ)</A ></DT ></DL ></DD ><DT >10. <A HREF="lartc.loadshare.html" >Load sharing over multiple interfaces</A ></DT ><DD ><DL ><DT >10.1. <A HREF="lartc.loadshare.caveats.html" >Caveats</A ></DT ><DT >10.2. <A HREF="lartc.loadshare.other.html" >Other possibilities</A ></DT ></DL ></DD ><DT >11. <A HREF="lartc.netfilter.html" >Netfilter & iproute - marking packets</A ></DT ><DT >12. <A HREF="lartc.adv-filter.html" >Advanced filters for (re-)classifying packets</A ></DT ><DD ><DL ><DT >12.1. <A HREF="lartc.adv-filter.u32.html" >The <TT CLASS="OPTION" >u32</TT > classifier</A ></DT ><DT >12.2. <A HREF="lartc.adv-filter.route.html" >The <TT CLASS="OPTION" >route</TT > classifier</A ></DT ><DT >12.3. <A HREF="lartc.adv-filter.policing.html" >Policing filters</A ></DT ><DT >12.4. <A HREF="lartc.adv-filter.hashing.html" >Hashing filters for very fast massive filtering</A ></DT ></DL ></DD ><DT >13. <A HREF="lartc.kernel.html" >Kernel network parameters</A ></DT ><DD ><DL ><DT >13.1. <A HREF="lartc.kernel.rpf.html" >Reverse Path Filtering</A ></DT ><DT >13.2. <A HREF="lartc.kernel.obscure.html" >Obscure settings</A ></DT ></DL ></DD ><DT >14. <A HREF="lartc.adv-qdisc.html" >Advanced & less common queueing disciplines</A ></DT ><DD ><DL ><DT >14.1. <A HREF="lartc.adv-qdisc.bfifo-pfifo.html" ><TT CLASS="LITERAL" >bfifo</TT >/<TT CLASS="LITERAL" >pfifo</TT ></A ></DT ><DT >14.2. <A HREF="lartc.adv-qdisc.csz.html" >Clark-Shenker-Zhang algorithm (CSZ)</A ></DT ><DT >14.3. <A HREF="lartc.adv-qdisc.dsmark.html" >DSMARK</A ></DT ><DT >14.4. <A HREF="lartc.adv-qdisc.ingress.html" >Ingress qdisc</A ></DT ><DT >14.5. <A HREF="lartc.adv-qdisc.red.html" >Random Early Detection (RED)</A ></DT ><DT >14.6. <A HREF="lartc.adv-qdisc.gred.html" >Generic Random Early Detection</A ></DT ><DT >14.7. <A HREF="lartc.adv-qdisc.vc-atm.html" >VC/ATM emulation</A ></DT ><DT >14.8. <A HREF="lartc.adv-qdisc.wrr.html" >Weighted Round Robin (WRR)</A ></DT ></DL ></DD ><DT >15. <A HREF="lartc.cookbook.html" >Cookbook</A ></DT ><DD ><DL ><DT >15.1. <A HREF="lartc.cookbook.sla.html" >Running multiple sites with different SLAs</A ></DT ><DT >15.2. <A HREF="lartc.cookbook.synflood-protect.html" >Protecting your host from SYN floods</A ></DT ><DT >15.3. <A HREF="lartc.cookbook.icmp-ratelimit.html" >Rate limit ICMP to prevent dDoS</A ></DT ><DT >15.4. <A HREF="lartc.cookbook.interactive-prio.html" >Prioritizing interactive traffic</A ></DT ><DT >15.5. <A HREF="lartc.cookbook.squid.html" >Transparent web-caching using <SPAN CLASS="APPLICATION" >netfilter</SPAN >, <SPAN CLASS="APPLICATION" >iproute2</SPAN >, <SPAN CLASS="APPLICATION" >ipchains</SPAN > and <SPAN CLASS="APPLICATION" >squid</SPAN ></A ></DT ><DT >15.6. <A HREF="lartc.cookbook.mtu-discovery.html" >Circumventing Path MTU Discovery issues with per route MTU settings</A ></DT ><DT >15.7. <A HREF="lartc.cookbook.mtu-mss.html" >Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable, PPPoE & PPtP users)</A ></DT ><DT >15.8. <A HREF="lartc.cookbook.ultimate-tc.html" >The Ultimate Traffic Conditioner: Low Latency, Fast Up & Downloads</A ></DT ><DT >15.9. <A HREF="lartc.ratelimit.single.html" >Rate limiting a single host or netmask</A ></DT ></DL ></DD ><DT >16. <A HREF="lartc.bridging.html" >Building bridges, and pseudo-bridges with Proxy ARP</A ></DT ><DD ><DL ><DT >16.1. <A HREF="lartc.bridging.iptables.html" >State of bridging and iptables</A ></DT ><DT >16.2. <A HREF="lartc.bridging.shaping.html" >Bridging and shaping</A ></DT ><DT >16.3. <A HREF="lartc.bridging.proxy-arp.html" >Pseudo-bridges with Proxy-ARP</A ></DT ></DL ></DD ><DT >17. <A HREF="lartc.dynamic-routing.html" >Dynamic routing - OSPF and BGP</A ></DT ><DT >18. <A HREF="lartc.other.html" >Other possibilities</A ></DT ><DT >19. <A HREF="lartc.further.html" >Further reading</A ></DT ><DT >20. <A HREF="lartc.ack.html" >Acknowledgements</A ></DT ></DL ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="lartc.dedication.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Dedication</TD ></TR ></TABLE ></DIV ></BODY ></HTML >