From mboxrd@z Thu Jan 1 00:00:00 1970 From: joern maier joern.maier@informatik.uni-ulm.de Date: Tue, 10 Oct 2000 10:36:36 +0000 Subject: [LARTC] CBQ and load balancing Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org 
bert hubert wrote:
> 
> On Mon, Oct 09, 2000 at 04:32:58PM +0200, joern maier wrote:
> > o.k. here some more details I haven=B4t mentioned yet
> 
> Please keep it on the list, I don't like to give private advice, I =
want
> everyone to benefit.

sorry -> I just pushed the reply button not thinking that it won=B4t get
back
to the list but to your private e-mail account

> 
> >
> > network cofiguration of the LB
> >
> > eth0      Link encap:Ethernet  HWaddr 00:01:02:07:5F:CF
> >           inet addr:192.168.10.6  Bcast:192.168.255.255
> > Mask:255.255.255.0
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric=
:1
> >           RX packets:50624 errors:0 dropped:0 overruns:0 f=
rame:0
> >           TX packets:50630 errors:0 dropped:0 overruns:0 c=
arrier:0
> >           collisions:0 txqueuelen:100
> >           Interrupt:11 Base address:0xe800
> >
> > eth0:110  Link encap:Ethernet  HWaddr 00:01:02:07:5F:CF
> >           inet addr:192.168.10.17  Bcast:192.168.255.255
> > Mask:255.255.255.255
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric=
:1
> >           Interrupt:11 Base address:0xe800
> >
> > lo        Link encap:Local Loopback
> >           inet addr:127.0.0.2  Mask:255.255.255.0
> >           UP LOOPBACK RUNNING  MTU:3924  Metric:1
> >           RX packets:77 errors:0 dropped:0 overruns:0 fram=
e:0
> >           TX packets:77 errors:0 dropped:0 overruns:0 carr=
ier:0
> >           collisions:0 txqueuelen:0
> >
> > the route table:
> >
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metr=
ic Ref    Use
> > Iface
> > lb.mynetwork.or *               255.255.255.255 UH    0   =
   0        0
> > eth0
> > 192.168.10.0    *               255.255.255.0   U     0   =
   0        0
> > eth0
> > default         gw.mynetwork.or 0.0.0.0         UG    0   =
   0        0
> > eth0
> >
> >
> > -> so I only got one ethernet card which is listening t=
o the normal IP
> > and a
> > virtual IP (the LB IP)
> >
> > for the nodes behind the lb the setup looks like this
> >
> > eth0      Link encap:Ethernet  HWaddr 00:01:02:07:60:29
> >           inet addr:192.168.10.8  Bcast:192.168.10.255
> > Mask:255.255.255.0
> >           UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metri=
c:1
> >           RX packets:180379 errors:0 dropped:0 overruns:0 =
frame:0
> >           TX packets:183275 errors:0 dropped:0 overruns:0 =
carrier:0
> >           collisions:0 txqueuelen:100
> >           Interrupt:11 Base address:0xe800
> >
> > lo        Link encap:Local Loopback
> >           inet addr:127.0.0.1  Mask:255.0.0.0
> >           UP LOOPBACK RUNNING  MTU:3924  Metric:1
> >           RX packets:77 errors:0 dropped:0 overruns:0 fram=
e:0
> >           TX packets:77 errors:0 dropped:0 overruns:0 carr=
ier:0
> >           collisions:0 txqueuelen:0
> >
> > lo:0      Link encap:Local Loopback
> >           inet addr:192.168.10.17  Mask:255.255.255.255
> >           UP LOOPBACK RUNNING  MTU:3924  Metric:1
> >
> > routing table:
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metr=
ic Ref    Use
> > Iface
> > lb.mynetwork.or *               255.255.255.255 UH    0   =
   0        0
> > lo
> > 192.168.10.0    *               255.255.255.0   U     0   =
   0        0
> > eth0
> > loopback        *               255.0.0.0       U     0   =
   0        0
> > lo
> > default         gw.mynetwork.or 0.0.0.0         UG    0   =
   0        0
> > eth0
> >
> >
> > [...snip]
> >
> > >
> > > Well, you can't shape incoming traffic directly. You =
can shape traffic going
> > > out to www_server_[123].
> > >
> > that=B4s what I wanted to do
> >
> > [...snip...]
> >
> > >
> > > Did you enable 'shaping based on fwmark' when compili=
ng the kernel?
> > >
> >
> > did not do that in first place -> but I recompiled the =
kernel right now
> > and
> > it didn=B4t work either.
> >
> > [...snip...]
> >
> > > Please give some details on your network cards, and i=
nclude where
> > > 192.168.10.15 is in this picture, and which card it i=
s connected to, and
> > > which card the webservers are connected to.
> > >
> > more detailed host setup
> >
> >
> >                                        ---www_server_1 (lo=
:0 192.168.10.17)
> >                                               /
> >   client  --------------|-------------------www_server_2 (=
lo:0
> > 192.168.10.17)
> > 192.168.10.15       load balancer       \
> >                     (with CBQ)         ---www_server_3 (lo=
:0 192.168.10.17)
> >                       eth0:110 =3D 192.168.10.17    =18
> >
> >
> > I tried to configure CBQ on the LB like this:
> > # tc filter add dev eth0:110 protocol ip parent 100:0 prio=
 100 handle 1
> > fw classid 100:100
> > answer was:
> > # Cannot find device eth0:110
> >
> > does this mean that CBQ and virtual IP addresses do not wo=
rk together ?
> >
> > -------
> > bert hubert wrote:
> >
> > On Mon, Oct 09, 2000 at 02:46:17PM +0200, joern maier wrot=
e:
> > > Hi there,
> > >
> > > I got a question about CBQ, hope anybody can help me =
(did not found
> > > anything
> > > in the archives).
> >
> > This is the first post ever on the LARTC list, so this doe=
s not amaze me
> > :-)
> >
> > > My setup is like this:
> > > all hosts are Athlon 800MHZ, 256 MByte RAM and 3com9x=
 Netcards (100MBit)
> > > Distribution SuSE 7.0 -> Kernel 2.2.16
> > >
> > > Host Setup:
> > >
> > >                        ---www_server_1
> > >                       /
> > > --------------|-------------www_server_2
> > >       load balancer   \
> > >       (with CBQ)       ---www_server_3
> > >       192.168.10.17    =18
> > >
> > >
> > > all I want to do is shaping the INCOMING traffic this=
 means
> > > that if I define a special IP only 200Kbit of HTTP re=
quest
> > > traffic (as an example) is forwarded to the webserver=
s from
> > > that IP.
> >
> > Well, you can't shape incoming traffic directly. You can s=
hape traffic
> > going
> > out to www_server_[123].
> >
> > > The load balancer (Linux Virtual Server) works on IP =
basis and
> > > is integrated as a patch into the system-kernel. It d=
istributes
> > > the packets via "direct routing" this means=
 load balancer and
> > > www_server_X have all the same IP. If a package is re=
ceived by
> > > the LB it changes the MAC Address of the package and =
forward it
> > > to the right www_server_X.
> >
> > Perhaps this interferes with Linux traffic shaping, not su=
re. Does your
> > loadbalancer have multiple ethernet cards? If so, you could sh=
ape the
> > 'backend card' to limit itself to 200kbit.
> >
> > > The following attempts did not work:
> > >
> > > using the fw filter:
> > > implementing one of the following rules via ipchains =
did not work:
> > > (ip 192.168.10.15 is the client I want to restrict ba=
ndwidth)
> > >
> > > ipchains -A forward -p ip -d 192.168.10.17 m 1 -j ACC=
EPT
> > > or
> > > ipchains -A output -p ip -d 192.168.10.17 m 1 -j ACCE=
PT
> > > or
> > > ipchains -A forward -p ip -s 192.168.10.15 m 1 -j ACC=
EPT
> > > or
> > > ipchains -A output -p ip -s 192.168.10.15 m 1 -j ACCE=
PT
> > >
> > > the filter was set up with the following rule
> > >
> > > tc filter add dev eth0 protocol ip parent 100:0 prio =
100 handle 1 fw
> > > classid 100:100
> >
> > Did you enable 'shaping based on fwmark' when compiling th=
e kernel?
> >
> > > should be reduced to to let=B4s say 200Kbit, with the=
 last two rules
> > > traffic
> > > from source IP 192.168.10.15 sould be reduced to 200K=
bit. Non did work.
> > >
> > > using the u32 filter:
> > >
> > > tc filter add dev eth0 parent 100:0 protocol ip prio =
100 u32 match ip
> > > src 192.168.10.15 flowid 100:100
> >
> > Here you match outgoing traffic on eth0 with a source of y=
our webbrowser
> > client.
> >
> > > the whole outgoing traffic was reduced to 200Kbit.
> > > So if anybody has an idea what I did wrong in first p=
lace I would be
> > > very
> > > happy if you could tell me. Or is it impossible to sh=
ape incomming
> > > traffic
> > > like this. If you need any further information please=
 ask me.
> >
> > Please give some details on your network cards, and includ=
e where
> > 192.168.10.15 is in this picture, and which card it is con=
nected to, and
> > which card the webservers are connected to.
> >
> > Regards,
> >
> > bert hubert
> >
> > --
> > PowerDNS                     Versatile DNS Services
> > Trilab                       The Technology People
> > 'SYN! .. SYN|ACK! .. ACK!' - the mating call of the intern=
et
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > =
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> > http://ds9a.nl/2.4R=
outing/
> >
> 
> --
> PowerDNS                     Versatile DNS Services
> Trilab                       The Technology People
> 'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet