From: Lawrence MacIntyre <lpz@ornl.gov>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Forwarded traffic bypassing filter
Date: Fri, 17 Oct 2003 12:38:41 +0000 [thread overview]
Message-ID: <marc-lartc-106640651722038@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106634010031680@msgid-missing>
[-- Attachment #1: Type: text/plain, Size: 2715 bytes --]
Is the netmask actually /24 instead of /8 or are you bridging the
traffic with Machine1?
On Thu, 2003-10-16 at 17:26, Amit Gandhi wrote:
> Please consider the following scenario & corresponding question.....
>
>
> Machine1 Machine2
> _________________ _________________
> MachineX | | | |
> HTTP(1) | | | HTTP Server |
> ------>-------->| -----|------------------| |
> eth0| / |eth1 |eth0 |
> 10.20.253.242/8| / |10.20.255.238/8 |10.20.246.247/8|
> | HTTP(2) | | |
> |_______________| |_______________|
>
> 10.20.246.247 dev eth1
> 10.20.246.247 dev eth1 lladdr xx:xx:xx:xx:xx:xx
> proxy_arp =1
> ip_forward=1
>
> Here are my shaping rules (primary goal is to send the web traffic
> through a seperate queue)
>
> tc qdisc add dev eth1 root handle 1: htb default 20
>
> tc class add dev eth1 parent 1: classid 1:1 htb rate 2mbit burst 15k
>
> tc class add dev eth1 parnet 1:1 classid 1:10 htb rate 1mbit ceil 2mbit
> burst 15k
> tc class add dev eth1 parnet 1:1 classid 1:20 htb rate 1mbit burst 15k
>
> tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
>
> tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dport
> 0x50 0xffff flowid 1:10
>
>
> Now, after all of this configuration I've observed that:
>
> a) All the web requests comming from "MachineX" go thru the default
> queue 20
> b) Web traffic generated from "Machine1" does gets send thru queue 10
>
>
> Why, is the forwarded traffic bypassing the filter?
>
> I inserted debug messages in the 'u32_classify' function
> inside the kernel, just to make sure that the filter is not
> failing, but the function never gets called for HTTP(1)
> traffic!!!
>
>
> Regards,
> +Amit
> email: subscribeamit@yahoo.com
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--
Lawrence MacIntyre 865.574.8696 lpz@ornl.gov
Oak Ridge National Laboratory
High Performance Information Infrastructure Technology Group
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2003-10-17 12:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-16 21:26 [LARTC] Forwarded traffic bypassing filter Amit Gandhi
2003-10-17 12:38 ` Lawrence MacIntyre [this message]
2003-10-17 13:25 ` Amit Gandhi
2003-10-17 13:31 ` Lawrence MacIntyre
2003-10-17 14:59 ` Amit Gandhi
2003-10-17 21:17 ` Amit Gandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106640651722038@msgid-missing \
--to=lpz@ornl.gov \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.