[LARTC] two internet connections + filter?

[LARTC] two internet connections + filter?

[Dworf]

Hello,

I hope i wont make it too complicated and sorry for my englihs...

The company has multiple connections to the internet ADSL + CABLE + XDSL... 
and i only want to use two for load balancing for now. I have read the HOWTO 
and i got it up and working it works great but i still have a few questions 
if anyone could help!

the setup is: ADSL on ETH0 and CABLE on ETH1

When i load balance on ADSL + CABLE i want to load balance only lets say FTP, 
WEB, SMTP and some other ports BUT NOT ssh, telnet and such applications. I 
want to have ssh and telnet outgoing connections only on my ADSL route. how 
can i do that? any ideas?

and another thing... i was wondering if there is a patch or command or 
somthing that could check if lets say CABLE line is used more then 80% and 
ADSL is used less then 10% that the next connection would be made on ADSL?

And the last one... about the route cache can i reduce the timeout in chache 
from default 60s i think to lets say 1 and that when new connections are made 
they are more frequently reorganized over the load balance?

thank you
David
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] two internet connections + filter?

[Jose Luis Domingo Lopez]

On Saturday, 28 September 2002, at 13:36:27 +0200,
Dworf wrote:

> When i load balance on ADSL + CABLE i want to load balance only lets say FTP, 
> WEB, SMTP and some other ports BUT NOT ssh, telnet and such applications. I 
> want to have ssh and telnet outgoing connections only on my ADSL route. how 
> can i do that? any ideas?
> 
It is easy. Just mark the traffic coming into the Linux router and then
route depending on the marks set. For example:

echo "100    ADSL" >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table ADSL
ip route add table ADSL default via $ADSL_GW_IP
iptables -t mangle -A PREROUTING --protocol tcp --destination-port 22 \
    --jump MARK --set-mark 1

The above does the following: it creates a new routing table called
ADSL, that is populated with just one route, a default one, through your
ADSL router to the Internet. It additionally uses "iptables" to mark
incoming packets going to the SSH well-known port. This traffic gets
marked as "1", the mark matches the added "ip rule", so the packet is
routed checking the table "ADSL".

We configured a very similar setup here some time ago, and is working
fine. Specifically, all traffic is routed along a FR line (costly and
low bandwidth) but HTTP and FTP, that is routed through ADSL (cheap,
high bandwidth). To load balance certain traffic among the two lines we
should need to use something like:
ip route add default nexthop via $ADSL_GW_IP dev $ETH_ADSL weigth 4 \
                     nexthop via $FR_GW_IP   dev $ETH_FR   weight 1

This should direct 80% of connections through ADSL and the remaining 20%
through FR. As route selection is cached, all traffic for a certain TCP
session will go to the same line. UDP traffic will be balanced per-packet.

> and another thing... i was wondering if there is a patch or command or 
> somthing that could check if lets say CABLE line is used more then 80% and 
> ADSL is used less then 10% that the next connection would be made on ADSL?
> 
I don't know if such a command exists (I don't think so). But you could
get something similar with some monitoring and scripting.


Hope this helps, in any case, check the Linux Advanced Routing and
Traffic Shaping HOWTO at lartc.org, becasuse it contains much
information related to what you try to implement.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Woody (Linux 2.4.19-pre6aa1)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] two internet connections + filter?

[William L. Thomson Jr.]

Sorry for the delay in response

On Sat, 2002-09-28 at 04:36, Dworf wrote:
> And the last one... about the route cache can i reduce the timeout in chache 
> from default 60s i think to lets say 1 and that when new connections are made 
> they are more frequently reorganized over the load balance?

Now I am no guru but I will try to explain the following based on my
observations while spending about a week playing around with different
values. I was trying to load balance two SDSL lines, and when I finally
used Julian's patches and got everything working. I reverted back to the
default values for the route cache. So whether you really need to adjust
this is a mood issue. I did not find it a necessity. 

I will go in order and below are the values I last tested, and the
default values.
                                                        # Default Values
#echo 256 > /proc/sys/net/ipv4/route/gc_elasticity      # 8
#echo 1 > /proc/sys/net/ipv4/route/gc_interval          # 60
#echo 0 > /proc/sys/net/ipv4/route/gc_timeout           # 300
#echo 0 > /proc/sys/net/ipv4/route/gc_min_interval      # 5
#echo 128 > /proc/sys/net/ipv4/route/gc_thresh          # 256
#echo 1 > /proc/sys/net/ipv4/route/max_delay            # 10
#echo 1 > /proc/sys/net/ipv4/route/min_delay            # 2  
#echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter        # 1  
#echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter        # 1  

I also looked at the code behind this in route.c, but it did not make
much sense. I may look at it again some other time. Now I find it funny
that the above entries in the /proc file system have little description
or explanation. I cam across very few docs on them, and most were very
incomplete. Not that my observations are any better.

Now the gc_elasticity seems to have something to do with the # of routes
that are expired/removed as part of the gc. A lower # means more gc's to
clear out the cache. A higher # means more at a time.

The gc_interval is pretty self explanatory. However setting this to low,
like 1 causes route lookups to occur more often, and can impact
performance. So be careful with using low values, and stay away from 1.

The gc_timeout seems to be a timeout between gc's?

The gc_min_interval is the minimum interval between gc's?

The gc_thresh hold I believe is the # of routes that can be in cache at
any one time. Not to sure, but it does seem to have an effect, and is
relative to the gc_elasticity. I usually would adjust both.

The max_delay is some sort of max delay in between gc's?

The min_delay is some sort of minimum delay in between gc's?

Basically there is an algorithm that uses all the above values together
to maintain good performance on most machines out there. I assume they
are adjustable for dialing into the machine for specific tasks. It's
hard to say just adjust one. Since each has an effect on the other,
usually you have to adjust most if not all to see a difference.

When all was said and done for me, despite all the experimenting and
testing, I went back to using the default values. When I was able to
make a noticeable adjustment, that seemed to work, it later had other
effects as the load changed.

So that's my .02 base on my experiences. I welcome other to comment, so
maybe we can get some documentation on the web as to what each value
actually does.

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] two internet connections + filter?

[Julian Anastasov]

	Hello,

On 30 Sep 2002, William L. Thomson Jr. wrote:

> I will go in order and below are the values I last tested, and the
> default values.
>                                                         # Default Values
> #echo 256 > /proc/sys/net/ipv4/route/gc_elasticity      # 8

gc_elasticity can be 1..16, gc_elasticity*gc_thresh is
the desired number of entries we can live with, after
that point we start to worry about filling the cache.

> #echo 1 > /proc/sys/net/ipv4/route/gc_interval          # 60
> #echo 0 > /proc/sys/net/ipv4/route/gc_timeout           # 300

	On each interval (gc_interval) up to gc_interval/gc_timeout
entries are checked for expiration. With the default parameters,
1/5 of the table on each 60sec, each cache entry lives up to 300sec
by default.

> #echo 0 > /proc/sys/net/ipv4/route/gc_min_interval      # 5

	gc_min_interval 0 means no restrictions for running GC,
may be it is good on load.

> #echo 128 > /proc/sys/net/ipv4/route/gc_thresh          # 256
> #echo 1 > /proc/sys/net/ipv4/route/max_delay            # 10
> #echo 1 > /proc/sys/net/ipv4/route/min_delay            # 2
> #echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter        # 1
> #echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter        # 1

> The gc_timeout seems to be a timeout between gc's?

this is gc_interval

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/