Re: Mark traffic on one machine, match on another machine?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jack Bates <uo4zau@nottheoilrig.com>
To: Eliezer Croitoru <eliezer@ngtech.co.il>
Cc: giles@coochey.net, Steven Kath <steven@vyatta.com>,
	netfilter@vger.kernel.org
Subject: Re: Mark traffic on one machine, match on another machine?
Date: Mon, 03 Dec 2012 00:43:37 -0800	[thread overview]
Message-ID: <50BC6639.3090502@nottheoilrig.com> (raw)
In-Reply-To: <50B851E8.8070107@ngtech.co.il>

Thank you Eliezer, how do I shape traffic differently depending on the 
connection mark?

Currently I use the ingress qdisc plus ifb0 plus the tbf qdisc to limit 
the *sum* of our upstream plus downstream traffic to < 1.5mbit (to "own" 
the queue). Something like:

    1: ifconfig ifb0 up
    2:
    3: insmod sch_ingress
    4: tc qdisc add dev eth0.2 ingress
    5:
    6: insmod cls_u32
    7: insmod act_mirred
    8: tc filter add dev eth0.2 root protocol ip u32 match u32 0 0 
action mirred egress redirect dev ifb0
    9: tc filter add dev eth0.2 parent ffff: protocol ip u32 match u32 0 
0 action mirred egress redirect dev ifb0
   10:
   11: insmod sch_tbf
   12: tc qdisc add dev ifb0 root handle 1 tbf rate 1mbit burst 5k 
latency 70ms

Then I use the prio qdisc to prioritize traffic:

   14: insmod sch_prio
   15: tc qdisc add dev ifb0 parent 1: handle 2 prio

I can imagine a couple ways of classifying traffic from our proxy server 
based on the TOS/DSCP field, and also how to set the connection mark 
based on this field. But how do I classify and shape response traffic 
from the origin server based on the connection mark?

On 29/11/12 10:27 PM, Eliezer Croitoru wrote:
> You can do a connection marking\remarking based on the TOS of one packet.
> This way you need to set it only on even one packet of the connection.
>
> Regards,
> Eliezer
>
> On 11/30/2012 7:41 AM, Jack Bates wrote:
>> Cool, thanks a lot for this advice Steven and Giles, our proxy server is
>> Apache Traffic Server, so I started work on a simple "remap" plugin to
>> set TOS/DSCP field:
>> http://nottheoilrig.com/trafficserver/201211300/tos.cc
>>
>> It should enable something like the following, in the Traffic Server
>> remap.config:
>>
>>    map http://gmail.com @plugin=tos.so @pparam=3
>>    map http://facebook.com @plugin=tos.so @pparam=7
>>
>> But what about response traffic? Is there a way to copy the TOS/DSCP
>> field to the response from the origin server?

next prev parent reply	other threads:[~2012-12-03  8:43 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-28  5:09 Mark traffic on one machine, match on another machine? Jack Bates
2012-11-28  5:25 ` Steven Kath
2012-11-28 12:54   ` Giles Coochey
2012-11-30  5:41     ` Jack Bates
2012-11-30  6:27       ` Eliezer Croitoru
2012-12-03  8:43         ` Jack Bates [this message]
2012-12-03 11:52           ` Eliezer Croitoru
2012-12-03 14:32             ` Jack Bates
2012-12-05  2:39               ` Anatoly Muliarski
2012-12-05  9:12                 ` Eliezer Croitoru
2012-12-05 14:17                   ` Jack Bates
2012-12-06  4:18                     ` Anatoly Muliarski
2012-12-10 16:18                       ` Jack Bates
2012-12-10 20:11                         ` Anatoly Muliarski
2012-12-12 15:25                           ` Jack Bates
2012-12-13  5:06                             ` Anatoly Muliarski
2012-12-13  5:45                             ` Andrew Collins
2012-12-13 20:59                               ` Anatoly Muliarski
2012-12-13 22:06                                 ` Andrew Collins
2012-12-14  5:17                                   ` Anatoly Muliarski
2012-12-08 20:58 ` Jan Engelhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50BC6639.3090502@nottheoilrig.com \
    --to=uo4zau@nottheoilrig.com \
    --cc=eliezer@ngtech.co.il \
    --cc=giles@coochey.net \
    --cc=netfilter@vger.kernel.org \
    --cc=steven@vyatta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.