All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Please advise how to set up for 5 IPs
@ 2004-09-28 19:36 gypsy
  2004-09-28 19:41 ` Jason Boxman
  2004-09-30 12:46 ` Andy Furniss
  0 siblings, 2 replies; 3+ messages in thread
From: gypsy @ 2004-09-28 19:36 UTC (permalink / raw)
  To: lartc

I have need to use HTB on multiple (5) IPs.

The present setup has the DSL connection going to a switch and then each
computer with an external IP configures the external interface to listen
on that IP.

I have had TERRIBLE luck trying to use iptables to DNAT so if DNAT needs
to be done, any advice that includes tested and working examples would
be sincerely appreciated.

There are 3 computers connected to the switch:
1) yesican.chsoft.biz 206.72.89.154
  This also listens on eth1:0 to 206.72.89.158 as ns.chsoft.biz
2) news.chsoft.biz    206.72.89.155
3) phil.chsoft.biz    206.72.89.156

yesican (AKA ns) and news are both Slackware Linux boxes and each has a
working HTB script.  news' (non-business hours) script is at
ftp://andthatsjazz.org/pub/lartc/ultimatePM.sh.

phil is a Windows 2000 Server and between it and the switch is a
SonicWall (hardware) firewall.

How should I set up so that one computer can listen to all 5 IPs, shape
and then distribute the shaped packets to the correct server?

How can I implement ingress shaping / policing to limit the combined
incoming rate, regardless of IP, to about 700K (the connection is
actually 730K in and 690K out).  Only because it REALLY annoys me to
drop an already received packet, I would prefer to shape than to drop,
but I am presently policing.

I would like to avoid, for space and room temperature reasons, another
computer if possible.

May I please hear your $.02?  Thanks!

gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Please advise how to set up for 5 IPs
  2004-09-28 19:36 [LARTC] Please advise how to set up for 5 IPs gypsy
@ 2004-09-28 19:41 ` Jason Boxman
  2004-09-30 12:46 ` Andy Furniss
  1 sibling, 0 replies; 3+ messages in thread
From: Jason Boxman @ 2004-09-28 19:41 UTC (permalink / raw)
  To: lartc

On Tuesday 28 September 2004 15:36, gypsy wrote:
<snip>
> How can I implement ingress shaping / policing to limit the combined
> incoming rate, regardless of IP, to about 700K (the connection is
> actually 730K in and 690K out).  Only because it REALLY annoys me to
> drop an already received packet, I would prefer to shape than to drop,
> but I am presently policing.

I can't see how you could shape other than to drop.  You have already received 
the packet.  If it's over the rate for that particular flow, and the traffic 
is TCP, you can only hope enough drops will result in the connection being 
throttled by the remote end's TCP stack.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Please advise how to set up for 5 IPs
  2004-09-28 19:36 [LARTC] Please advise how to set up for 5 IPs gypsy
  2004-09-28 19:41 ` Jason Boxman
@ 2004-09-30 12:46 ` Andy Furniss
  1 sibling, 0 replies; 3+ messages in thread
From: Andy Furniss @ 2004-09-30 12:46 UTC (permalink / raw)
  To: lartc

Jason Boxman wrote:
> On Tuesday 28 September 2004 15:36, gypsy wrote:
> <snip>
> 
>>How can I implement ingress shaping / policing to limit the combined
>>incoming rate, regardless of IP, to about 700K (the connection is
>>actually 730K in and 690K out).  Only because it REALLY annoys me to
>>drop an already received packet, I would prefer to shape than to drop,
>>but I am presently policing.
> 
> 
> I can't see how you could shape other than to drop.  You have already received 
> the packet.  If it's over the rate for that particular flow, and the traffic 
> is TCP, you can only hope enough drops will result in the connection being 
> throttled by the remote end's TCP stack.

Queueing is important aswell as dropping. You will need to drop 
sometimes, but you can decide to only queue/drop bulk traffic if you 
shape with htb. For ingress, or more correctly, shaping from the wrong 
and of a bottleneck I like to use esfq (so I can choose length) with 
classic hash - so that each tcp gets dequeued at the rate it's entitled 
- rather than a burst at near full speed followed by a wait while others 
are serviced. Shaping from the narrow end of the bottleneck is hard if 
you care alot about latency and don't want to sacrifice too much 
bandwidth. SFQ helps prevent burstiness over other queues - but don't 
set perturb too low - Default (10) is OK, I use 20. It causes packet 
reordering which hurts latency when shaping incoming - the effect is 
worse with single connections.

There are other tweaks possible but they are probably not worth the 
hassle unless you are noticing problems.

Andy.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-09-30 12:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-28 19:36 [LARTC] Please advise how to set up for 5 IPs gypsy
2004-09-28 19:41 ` Jason Boxman
2004-09-30 12:46 ` Andy Furniss

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.