Hello everyone,

This is going to be a Badwidth Arbitrator (ver 8.63) install guide on RH9.

First of all you will need to download Red Hat 9 cd1,cd2,cd3 from here http://www.linuxiso.org/distro.php?distro=7.

Note about the computer I used for my network of 110~ computers and a 256kbit/s down, and 128kbit/s up cable modem line :

CPU : Intel Celeron 2Ghz
RAM : 256 MB DDR
HDD : 4GB Western Digital (some really old model, probably older then me)
ETHERNET : 2x Realtek 100Mbps (RTL8193too)

STEP 1

Put in cd1 into your computer and boot up with it, choose custom installation and select only kernel development tools and make sure you install gcc , its under compilers near the kernel development tools.

Once installation has finished download kernel-2.4.19 (it only works with this kernel without any need to touch the code , or some hacking...so if you just want it to work for the first time , get this kernel) from here ftp://ftp.kernel.org/pub/linux/kernel/v2....x-2.4.19.tar.gz to for example /home
like this.



This will take some time to download it is aprox 30MB in size. Once the kernel has been downloaded
go to /usr/src and do the following.



So what we did was removed the old symbolic links to the 2.4.20-8 kernel , and created a new symbolic link that points to kernel 2.4.19.

Okay enough chit-chat let's start recompiling the kernel so that bridge-utils will work.



WARNING:
If you used for example realtek cards when you install rh9 it detected them and it is working, but if you look at Network Devices and 100mbps ethernet in menuconfig you'll see that they are compiled in as modules only, now this will be a problem , since rh9 will no longer see the realtek cards once you reboot to the 2.4.19 kernel, so instead of using the rtl8139 as module you must compile it in , change that M in front of it to a * .

After your done, you only need to make sure that the ethernet device you are using is compiled in , and not used as a module. You can continue with the following steps, wich will take some time, even on my 2Ghz machine it took me 2hrs~.



Once done , reboot the system.

At the grub boot menu choose 2.4.19 kernel.

STEP 2

Preparing the bridge utils :



STEP 3

Setting up the Arbitrator :



Just answer Y to everything. Then we will recompile the modified kernel again , so that it will work properly with the Arbitrator.



CONFIG_BRIDGE_NF in /usr/src/linux/.config nneds to be toggled on if you plan to use the arbitrator
co-resident with a firewall.
Look for CONFIG_BRIDGE_NF and modify it to CONFIG_BRIDGE_NF = Y
Then do the following (this will take another few minutes... 1hrs~) :



Then we recompile the bridge-utils :



Then we copy the brctl and brctld files into the correct locations :



Now let's make sure eth0 and eth1 wont come up automaticaly :



Using your favorite editor modify both ifcfg-eth0 and ifcfg-eth1 file , changing the following line in both.

ONBOOT=no


Once done with this, we will make the kernel-2.4.19 the default one , do the following :



Using your favorite editor modift the file @menu.lst

And change the following line :

default = 1

to

default = 0

Then we make sure that upon the next reboot our Arbitrator will be up and running :



Add the following lines to rc.local file (to the end of it):

/usr/local/sbin/brctl addbr my
/usr/local/sbin/brctl addif my eth0
/usr/local/sbin/brctl addif my eth1
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0
/sbin/ifconfig my 192.168.10.3 netmask 255.255.255.0 up
/sbin/route add default gw 192.168.10.1
/etc/init.d/arbitrate start

You will offcourse use a different IP address for my , and will probably use a different gateway as well, this changes from network to network.

Let's do some basic configuration of the Arbitrator :



Using your favorite editor modify the file arbdefault.conf :

BRIDGEIP should be the same ip you used for my above
BRIDGENETMASK should be the same netmask you used above for my
BRIDGEROUTE should be the same route you used above for my

For the rest of the config , you need to tune youreself, once I understand and test things out more , I will post aditional info on how to configure Arbitrator for different networks/needs. What config options to use.


So we are finally done, reboot and behold!


once it's up and running, don't get nervous, it takes a few seconds for the bridge to come up, so it wont work imediately ... after a 1 min everything should be working okay.



cat arblog

and you will see something like this :




You should put the arbitrator somewhere between the clients and your internet connection , like this :

LAN1----|
LAN2----|
LAN3----| ROUTER |---Bandwidth Arbitrator---FIREWALL---INTERNET
LAN4----|
LAN5----|

Visit http://www.bandwidtharbitrator.com/ for the manual, and aditional addon software .

And if you got it working, and have a webpage put up a link to www.bandwidtharbitrator.com to support this nice piece of free software.


Sincerely
Robert B

I've been playing with this software for a few days , and I think I finaly found a pretty good configuration for a 115~ computer lan , where users like to use p2p applications sometimes, do a lot of e-mail sending, and usualy browse the entire day away, and get payed for it (atleast that I don't have to manage with the arbitrator ).


So with the configuration I use now, I was able to use the internet during the very-very busy hours, and it was actualy working at a acceptable speed , without the arbitrator my upload was always overloaded and noone was able to use the internet , till the e-mail sending hours ended.

With this configuration the load on the server is 0.49 0.40 0.32 according to top command.

The configuration :

DROP_COUNT=10
RATIO=90
PENALTY_UNIT=7
MAX_PENALTY=75
QUEUE_LIMIT=15
BUFFERS=123
ANCIENT=20
BRAIN_SIZE=1000
INACTIVE_TICS=1000
MOVING_AVG=8
DEFAULT_RULES=on

- - - - warning - - - -

I have a cable modem connection currently and is asymetric, so my download is 32000 bytes/s
and my upload is 13750bytes/s...well you might wonder why on earth have configured arbi with a TRUNK_DOWN of 13750 and a TRUNK_UP of 32000, because arbi TRUNK_DOWN is actualy TRUNK_UP and TRUNK_DOWN is actualy TRUNK_UP...if you check the log files /tmp/arblog you'll see that when you download at high speed wich value goes up... it will be TRAFFIC_UP (which is controlled by TRUNK_UP)...so to make things really simple :

TRUNK_DOWN = your upload speed in bytes
TRUNK_UP = your download speed in bytes

if you have a symetric connection to the internet...with both upload and download running at same speeds this does not matter...input same speed for both of them and it will work.

- - - - warning - - - -

TRUNK_DOWN=13750
TRUNK_UP=32000
HOGMIN=8000


This is about the config , and if you are a lucky person like me who also runs his very own proxy server which is not running on the same machine as the firewall, you can do the following to allow atleast ssh and other non 80 443 traffic to go to the proxy server and the firewall without being regulated by the Arbi.

LAN1---|
LAN2---|
LAN3---| ROUTER |---Arbi---SWITCH---FIREWALL
LAN4---|
LAN5---|

The proxy server is connected to the swithc and has ip address 192.168.10.2

ROUTER has 192.168.10.10 in subnet 192.168.10.0

And firewall has 192.168.10.1 in subnet 192.168.10.0

To allow unregulated access to the proxy server via ssh and other non 80 443 ports... you can add a virtual interface like this



then you edit the arbdefault.conf file (only example):

MASK 192.168.0.0/24 2
MASK 192.168.1.0/24 2
MASK 192.168.2.0/24 2
MASK 192.168.11.0/24 2
MASK 192.168.56.0/24 2
MASK 192.168.10.1/32 2
MASK 192.168.10.3/32 2

traffic will go without limit to 192.168.10.1 and 192.168.10.3 ... and http https traffic will still
be limited by the arbi.

I don't know any better way to solve this yet. Unless offcourse you put the firewall and the proxy server on same machine.

You can't put the arbi in front of the proxy, since it will see all http https traffic coming from the proxy server.

Sincerely
Robert B