[LARTC] CBQ and load balancing

[bert hubert ahu@ds9a.nl]

<PRE>On Mon, Oct 09, 2000 at 02:46:17PM +0200, joern maier wrote:
&gt;<i> Hi there,
</I>&gt;<i> 
</I>&gt;<i> I got a question about CBQ, hope anybody can help me (did not found
</I>&gt;<i> anything
</I>&gt;<i> in the archives).
</I>
This is the first post ever on the LARTC list, so this does not amaze me :-)

&gt;<i> My setup is like this:
</I>&gt;<i> all hosts are Athlon 800MHZ, 256 MByte RAM and 3com9x Netcards (100MBit)
</I>&gt;<i> Distribution SuSE 7.0 -&gt; Kernel 2.2.16
</I>&gt;<i> 
</I>&gt;<i> Host Setup:
</I>&gt;<i> 
</I>&gt;<i> 			 ---www_server_1
</I>&gt;<i> 			/
</I>&gt;<i> --------------|-------------www_server_2
</I>&gt;<i> 	load balancer   \
</I>&gt;<i> 	(with CBQ)	 ---www_server_3
</I>&gt;<i> 	192.168.10.17	 \x18
</I>&gt;<i> 
</I>&gt;<i> 
</I>&gt;<i> all I want to do is shaping the INCOMING traffic this means
</I>&gt;<i> that if I define a special IP only 200Kbit of HTTP request 
</I>&gt;<i> traffic (as an example) is forwarded to the webservers from
</I>&gt;<i> that IP.
</I>
Well, you can't shape incoming traffic directly. You can shape traffic going
out to www_server_[123].

&gt;<i> The load balancer (Linux Virtual Server) works on IP basis and
</I>&gt;<i> is integrated as a patch into the system-kernel. It distributes
</I>&gt;<i> the packets via &quot;direct routing&quot; this means load balancer and
</I>&gt;<i> www_server_X have all the same IP. If a package is received by
</I>&gt;<i> the LB it changes the MAC Address of the package and forward it
</I>&gt;<i> to the right www_server_X.
</I>
Perhaps this interferes with Linux traffic shaping, not sure. Does your
loadbalancer have multiple ethernet cards? If so, you could shape the
'backend card' to limit itself to 200kbit.

&gt;<i> The following attempts did not work:
</I>&gt;<i> 
</I>&gt;<i> using the fw filter:
</I>&gt;<i> implementing one of the following rules via ipchains did not work:
</I>&gt;<i> (ip 192.168.10.15 is the client I want to restrict bandwidth)
</I>&gt;<i> 
</I>&gt;<i> ipchains -A forward -p ip -d 192.168.10.17 m 1 -j ACCEPT
</I>&gt;<i> or
</I>&gt;<i> ipchains -A output -p ip -d 192.168.10.17 m 1 -j ACCEPT
</I>&gt;<i> or
</I>&gt;<i> ipchains -A forward -p ip -s 192.168.10.15 m 1 -j ACCEPT
</I>&gt;<i> or
</I>&gt;<i> ipchains -A output -p ip -s 192.168.10.15 m 1 -j ACCEPT
</I>&gt;<i> 
</I>&gt;<i> the filter was set up with the following rule
</I>&gt;<i> 
</I>&gt;<i> tc filter add dev eth0 protocol ip parent 100:0 prio 100 handle 1 fw
</I>&gt;<i> classid 100:100
</I>
Did you enable 'shaping based on fwmark' when compiling the kernel?

&gt;<i> should be reduced to to let´s say 200Kbit, with the last two rules
</I>&gt;<i> traffic
</I>&gt;<i> from source IP 192.168.10.15 sould be reduced to 200Kbit. Non did work.
</I>&gt;<i> 
</I>&gt;<i> using the u32 filter:
</I>&gt;<i> 
</I>&gt;<i> tc filter add dev eth0 parent 100:0 protocol ip prio 100 u32 match ip
</I>&gt;<i> src 192.168.10.15 flowid 100:100
</I>
Here you match outgoing traffic on eth0 with a source of your webbrowser
client.

&gt;<i> the whole outgoing traffic was reduced to 200Kbit.
</I>&gt;<i> So if anybody has an idea what I did wrong in first place I would be
</I>&gt;<i> very 
</I>&gt;<i> happy if you could tell me. Or is it impossible to shape incomming
</I>&gt;<i> traffic 
</I>&gt;<i> like this. If you need any further information please ask me. 
</I>
Please give some details on your network cards, and include where
192.168.10.15 is in this picture, and which card it is connected to, and
which card the webservers are connected to.

Regards,

bert hubert

-- 
PowerDNS                     Versatile DNS Services  
Trilab                       The Technology People   
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet


</PRE>