Re: [LARTC] pptp, vpn & traffic control

From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] pptp, vpn & traffic control
Date: Thu, 18 Dec 2003 23:21:46 +0000	[thread overview]
Message-ID: <marc-lartc-107179000805693@msgid-missing> (raw)
In-Reply-To: <marc-lartc-107170129112910@msgid-missing>

Hello Doug,

 : Before I got your message I spent a couple of hours reading chapter 9
 : of the how to at lartc.org. The HTB option makes sense in concept to
 : me...

Right....good...LARTC doc is quite good, though occasionally dense.

 : Can you provide some example syntax for me given the following...

I'll refrain until you have a more fully-formed scenario.  Since you are
new to Linux traffic control, let me suggest that you consider using tcng
(I'm a big fan--it's much more human-legible than raw tc syntax).  See my
tcng and HTB HOWTO [0].

  [ snip ]

 : As I understand it the HTB works by limited the 'outgoing' data and not
 : the incomming data and the limits will be placed on the ppp sessions
 : and not the eth0.

Premise:  You can only shape what you transmit [1]. (Yes, exceptions to
this rule exist.)

 : How do I make the limiting start when the ppp session comes up?

Good question.....this will probably require some glue code.  Shell, perl,
whatever you like.  Others may have better suggestions.  In short, the
traffic control structures inside the kernel are static--they can be
manipulated (added/removed), although my impression (and my own usage)
relies on creating a static traffic control configuration.  Regardless, if
you can hook into an "ip-up" or "if-up" script on your PPTP server, then
you can write raw tc commands which create the traffic control structures
(and iptables, hint...hint) for each connection.

 : I'm using Rethat 9 with kernel 2.4.20-8.

Retchhat?  (I never stop with the teasing, do I?)  If you choose to use
tcng, you may end up needing dsmark.  That's easy with RedHat boxen in the
post 2.4.20 world.  "modprobe dsmark" works very well.  Almost everything
you'll need is built as a module for your use.

You will, however need a custom "tc".  I have a now-outdated SRPM you can
use as a template for rebuilding against the recently issued iproute
errata package [2], or you can use the binary provided by Martin Devera
(author of HTB) [3].

-Martin

  [0] http://tldp.org/HOWTO/Traffic-Control-tcng-HTB-HOWTO/
  [1] http://tldp.org/HOWTO/Traffic-Control-HOWTO/rules.html
  [2] http://linux-ip.net/traffic-control/iproute-2.4.7-7.src.rpm *
  [3] http://luxik.cdi.cz/~devik/qos/htb/
      http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz

  * You can use this as an example, but please understand that it is
    grossly out of date.  If you don't know how to build SRPMS, just skip
    it and grab Martin Devera's "tc".

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/