* [LARTC] Traffic control + NAT + HTB
@ 2003-05-28 9:54 Ruslan Spivak
2003-05-28 13:27 ` Martin A. Brown
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Ruslan Spivak @ 2003-05-28 9:54 UTC (permalink / raw)
To: lartc
Hello, lart? users!
Can you help me understand hot to make HTB work with NAT in my situation?
---------------
| linux | eth0 -------
| 193.220.70.33 |------|switch |--|cisco|<-->internet
| NAT | ---------
----------------- |
|
------------ eth0 |
client1 |-------------
192.168.1.1 |
-------------
Client's(192.168.1.2) default route is to 193.220.70.33
On linux server(193.220.70.33) there is rule:
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j SNAT --to
193.220.70.33
As i understand i can control traffic bandwidth going to client1 and
from client1 on linux server due to one interface on linux server.(maybe
i'm wrong)
On linux server i need to mark packets with iptables and then use fw to
put that packets in corresponding class. I'm not sure about hot to do
that if i have NAT on linux server eth0. For example:
/usr/local/iproute2/sbin/tc qdisc add dev eth0 root handle 1: htb
/usr/local/iproute2/sbin/tc class add dev eth0 parent 1:1 classid 1:20
htb rate 32kbit ceil 60Mbit
/usr/local/iproute2/sbin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq
/usr/local/iproute2/sbin/tc filter add dev eth0 parent 1:0 protocol ip
handle 1 fw flowid 1:20
/sbin/iptables -t mangle -A POSTROUTING -s 192.168.1.2 -j MARK --set-mark 1
Will be packet with src 192.168.1.2 put into classid 1:20, or for that
moment it will be already nated and his source will be 193.220.70.33?
Looking at 'Kernel Packet Traveling Diagram' at docum.org, i may suggest
, that it will be marked and put before it will be nated, but if you
can give advice about that i will greatly appreciate that.
Thanks a lot for your help.
Bets regards,
Ruslan
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] Traffic control + NAT + HTB
2003-05-28 9:54 [LARTC] Traffic control + NAT + HTB Ruslan Spivak
@ 2003-05-28 13:27 ` Martin A. Brown
2003-05-28 22:39 ` Ruslan Spivak
2003-05-28 22:43 ` Martin A. Brown
2 siblings, 0 replies; 4+ messages in thread
From: Martin A. Brown @ 2003-05-28 13:27 UTC (permalink / raw)
To: lartc
Ruslan,
: Can you help me understand hot to make HTB work with NAT in my situation?
You appear to have the right solution in mind. Mark the packets before
the address has been altered, and add the filter command to put the
packets into your 60Mbit class.
: ---------------
: | linux | eth0 -------
: | 193.220.70.33 |------|switch |--|cisco|<-->internet
: | NAT | ---------
: ----------------- |
: |
: ------------ eth0 |
: client1 |-------------
: 192.168.1.1 |
: -------------
:
: Client's(192.168.1.2) default route is to 193.220.70.33
:
: On linux server(193.220.70.33) there is rule:
: iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j SNAT --to
: 193.220.70.33
:
: As i understand i can control traffic bandwidth going to client1 and
: from client1 on linux server due to one interface on linux server.(maybe
: i'm wrong)
I noticed your question earlier about using a machine with a single
interface as a router. Is that what you are doing here? If so, then
you'll want to add one other command, and here's why:
- Your linux machine will only shape data it is transmitting.
- You are shaping only data transmitted from client1 through the gateway
(practically speaking this means you are capping the outbound flow
from client1).
: /usr/local/iproute2/sbin/tc qdisc add dev eth0 root handle 1: htb
: /usr/local/iproute2/sbin/tc class add dev eth0 parent 1:1 classid 1:20 \
: htb rate 32kbit ceil 60Mbit
: /usr/local/iproute2/sbin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq
: /usr/local/iproute2/sbin/tc filter add dev eth0 parent 1:0 protocol ip \
: handle 1 fw flowid 1:20
Your tc commands look correct. You have an implicit class which will
transmit as fast as the hardware allows--that is HTB's default.
: /sbin/iptables -t mangle -A POSTROUTING -s 192.168.1.2 -j MARK --set-mark 1
Now, simply add this:
/sbin/iptables -t mangle -A POSTROUTING -d 192.168.1.2 -j MARK --set-mark 1
Now, you'll be shaping both upload (from source client1) and download
(to destination client1).
: Will be packet with src 192.168.1.2 put into classid 1:20, or for that
: moment it will be already nated and his source will be 193.220.70.33?
The mark will survive while the packet is being handled by the kernel, so
even after NAT, the mark will be available.
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Traffic control + NAT + HTB
2003-05-28 9:54 [LARTC] Traffic control + NAT + HTB Ruslan Spivak
2003-05-28 13:27 ` Martin A. Brown
@ 2003-05-28 22:39 ` Ruslan Spivak
2003-05-28 22:43 ` Martin A. Brown
2 siblings, 0 replies; 4+ messages in thread
From: Ruslan Spivak @ 2003-05-28 22:39 UTC (permalink / raw)
To: lartc
Martin A. Brown wrote:
>Ruslan,
>
> : Can you help me understand hot to make HTB work with NAT in my situation?
>
>You appear to have the right solution in mind. Mark the packets before
>the address has been altered, and add the filter command to put the
>packets into your 60Mbit class.
>
> : ---------------
> : | linux | eth0 -------
> : | 193.220.70.33 |------|switch |--|cisco|<-->internet
> : | NAT | ---------
> : ----------------- |
> : |
> : ------------ eth0 |
> : client1 |-------------
> : 192.168.1.1 |
> : -------------
> :
> : Client's(192.168.1.2) default route is to 193.220.70.33
> :
> : On linux server(193.220.70.33) there is rule:
> : iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j SNAT --to
> : 193.220.70.33
> :
> : As i understand i can control traffic bandwidth going to client1 and
> : from client1 on linux server due to one interface on linux server.(maybe
> : i'm wrong)
>
>I noticed your question earlier about using a machine with a single
>interface as a router. Is that what you are doing here? If so, then
>you'll want to add one other command, and here's why:
>
> - Your linux machine will only shape data it is transmitting.
> - You are shaping only data transmitted from client1 through the gateway
> (practically speaking this means you are capping the outbound flow
> from client1).
>
> : /usr/local/iproute2/sbin/tc qdisc add dev eth0 root handle 1: htb
> : /usr/local/iproute2/sbin/tc class add dev eth0 parent 1:1 classid 1:20 \
> : htb rate 32kbit ceil 60Mbit
> : /usr/local/iproute2/sbin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq
> : /usr/local/iproute2/sbin/tc filter add dev eth0 parent 1:0 protocol ip \
> : handle 1 fw flowid 1:20
>
>Your tc commands look correct. You have an implicit class which will
>transmit as fast as the hardware allows--that is HTB's default.
>
> : /sbin/iptables -t mangle -A POSTROUTING -s 192.168.1.2 -j MARK --set-mark 1
>
>Now, simply add this:
>
> /sbin/iptables -t mangle -A POSTROUTING -d 192.168.1.2 -j MARK --set-mark 1
>
>Now, you'll be shaping both upload (from source client1) and download
>(to destination client1).
>
> : Will be packet with src 192.168.1.2 put into classid 1:20, or for that
> : moment it will be already nated and his source will be 193.220.70.33?
>
>The mark will survive while the packet is being handled by the kernel, so
>even after NAT, the mark will be available.
>
>-Martin
>
>
>
Thanks a lot for your valuable reply, Martin!
Can you tell me how to make so that i will have three htb classes
('local' - 60Mbit, 'internet' - 512Kbit, 'outgoing inet' - 128Kbit)
under root qdisc,
so that they won't borrow each other?
Best regards,
Ruslan
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] Traffic control + NAT + HTB
2003-05-28 9:54 [LARTC] Traffic control + NAT + HTB Ruslan Spivak
2003-05-28 13:27 ` Martin A. Brown
2003-05-28 22:39 ` Ruslan Spivak
@ 2003-05-28 22:43 ` Martin A. Brown
2 siblings, 0 replies; 4+ messages in thread
From: Martin A. Brown @ 2003-05-28 22:43 UTC (permalink / raw)
To: lartc
Hi again, Ruslan,
No problem at all--that's what mailing lists are for....
: Can you tell me how to make so that i will have three htb classes
: ('local' - 60Mbit, 'internet' - 512Kbit, 'outgoing inet' - 128Kbit)
: under root qdisc,
If you trawl back through the archive some, you'll find plenty of
examples.
I'd recommend looking at the wondershaper, too....but here's the brief
answer:
classes
cap (100Mbit?)
1:1 -----+----------- 1:2 (sfq qdisc) rate = ceil = 60Mbit
|
+----------- 1:3 (sfq qdisc) rate = ceil = 128kbit
|
+----------- 1:4 (sfq qdisc) rate = ceil = 512kbit
You might consider making 1:2 the default class.
: so that they won't borrow each other?
HTB classes never borrow from each other. They only (optionally) borrow
up to ceil from their parent.
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-05-28 22:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-28 9:54 [LARTC] Traffic control + NAT + HTB Ruslan Spivak
2003-05-28 13:27 ` Martin A. Brown
2003-05-28 22:39 ` Ruslan Spivak
2003-05-28 22:43 ` Martin A. Brown
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.