[LARTC] shaping domain names(www.xyz.com)

[LARTC] shaping domain names(www.xyz.com)

[jayesh rathod]

Hi,

Is there any way by which we can shape domain name(not by IP address)

Eg : suppose i want to shape tarrif to a particular domain www.xyz.com which has multiple ips and i am not aware of there ips

how can we do that.

Regards
Jayesh
-------------------------------------------------
Still single? Click here to find the perfect match.
                                                                                
http://www.bharatmatrimony.com/cgi-bin/bmclicks1.cgi?141
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] shaping domain names(www.xyz.com)

[Michael Renzmann]

Hi.

jayesh rathod wrote:
> Is there any way by which we can shape domain name(not by IP address)
> Eg : suppose i want to shape tarrif to a particular domain www.xyz.com
 > which has multiple ips and i am not aware of there ips

You could achieve this by using different firewall marks for the 
different traffic classes, and shape upon that marks. IIRC there is an 
iptables-extension available that allows to match strings, so you could 
try to match "Host: <domain>" in order to distinguish the different 
domains. But I have no idea if this would work in real world, nor what 
performance impact that may have.

Bye, Mike
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] shaping domain names(www.xyz.com)

[Stef Coene]

On Friday 07 May 2004 15:37, Michael Renzmann wrote:
> Hi.
>
> jayesh rathod wrote:
> > Is there any way by which we can shape domain name(not by IP address)
> > Eg : suppose i want to shape tarrif to a particular domain www.xyz.com
> >
>  > which has multiple ips and i am not aware of there ips
>
> You could achieve this by using different firewall marks for the
> different traffic classes, and shape upon that marks. IIRC there is an
> iptables-extension available that allows to match strings, so you could
> try to match "Host: <domain>" in order to distinguish the different
> domains. But I have no idea if this would work in real world, nor what
> performance impact that may have.
Only one problem.  Tc sees ip packets and ip packets contains ip addresses, 
not hostnames.  So you can't do this.
But I suppose you want to shape http / ftp?  You can try to setup a squid 
transparant proxy server and if I'm not mistaken, you can patch squid so you 
can use tc to shape the squid traffic.

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] shaping domain names(www.xyz.com)

[Michael Renzmann]

Hi.

Stef Coene wrote:
>>You could achieve this by using different firewall marks for the
>>different traffic classes, and shape upon that marks. IIRC there is an
>>iptables-extension available that allows to match strings, so you could
>>try to match "Host: <domain>" in order to distinguish the different
>>domains. But I have no idea if this would work in real world, nor what
>>performance impact that may have.
> Only one problem.  Tc sees ip packets and ip packets contains ip addresses, 
> not hostnames.  So you can't do this.

But tc sees the fwmark value that iptables has attached to a packet, 
right? Hence the idea to accomplish the "destination host distinction" 
with iptables-rules, setting fwmark accordingly and let tc decide on the 
different fwmark values.

Bye, Mike
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] shaping domain names(www.xyz.com)

[Stef Coene]

On Saturday 08 May 2004 09:08, Michael Renzmann wrote:
> Hi.
>
> Stef Coene wrote:
> >>You could achieve this by using different firewall marks for the
> >>different traffic classes, and shape upon that marks. IIRC there is an
> >>iptables-extension available that allows to match strings, so you could
> >>try to match "Host: <domain>" in order to distinguish the different
> >>domains. But I have no idea if this would work in real world, nor what
> >>performance impact that may have.
> >
> > Only one problem.  Tc sees ip packets and ip packets contains ip
> > addresses, not hostnames.  So you can't do this.
>
> But tc sees the fwmark value that iptables has attached to a packet,
> right? Hence the idea to accomplish the "destination host distinction"
> with iptables-rules, setting fwmark accordingly and let tc decide on the
> different fwmark values.
But when do you see the hostname?  In the dns request and maybe in the http 
request.  For all other packets only the ip address is known.

Rereading the original post, I think he has an other problem.  I think he is 
speaking of a web-server that's been hosts on different ip addresses.  Like 
google.com:

Name:   google.com
Address: 216.239.57.99
Name:   google.com
Address: 216.239.39.99
Name:   google.com
Address: 216.239.37.99

So you have to shape on 3 ip addresses.  For that problem you can use iptables 
to mark packets and use googe.com.  It will be expanded to 3 rules matching 
the 3 ip addresses.

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] shaping domain names(www.xyz.com)

[Michael Renzmann]

Hi.

Stef Coene wrote:
>>But tc sees the fwmark value that iptables has attached to a packet,
>>right? Hence the idea to accomplish the "destination host distinction"
>>with iptables-rules, setting fwmark accordingly and let tc decide on the
>>different fwmark values.
> But when do you see the hostname?  In the dns request and maybe in the http 
> request.  For all other packets only the ip address is known.

The http requests surely will contain the hostname, at least in those 
scenarios where a http-server is contacted that serves more than one 
(sub)domain (*).

So, at least the first packet of an established http connection will 
contain a "Host:"-line, which allows to mark that packet accordingly. 
Every following packet that belongs to the same connection can be 
handled with connection tracking, I think.

(*) There is a rare chance that no "Host: "-line is in the http-request, 
but most probably these requests won't be a problem regarding the 
necessity of controling their used bandwidth, since the client won't be 
able to make use of all services of the server. So, if the solution 
doesn't match these rare situations, it won't hurt, I suppose.

Well, I have to admit that I'm no iptables/tc-pro, so the idea I 
described could be wrong. Also:

> Rereading the original post, I think he has an other problem.

Possibly. But maybe still another one than you described: he could be 
the admin of the subnet the described users sit in, or the admin of the 
mentioned server(s). Depending on this "point of view" different 
solutions could apply. It would be good if the original poster could 
clarify this aspect :)

Bye, Mike
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/