[LARTC] Two-way Shared Traffic shaping and NAT

[LARTC] Two-way Shared Traffic shaping and NAT

[Sumit Pandya]

Hi All,

	We are doing traffic shaping with tc command of iproute2. With NATMAP our
internal (Say)192.168.1.X class is mapped with routable 172.16.1.X class. We
can successfully implement traffic shaping on either upload or download. We
are using "red" scheduling and "fw" filter classifier for this.

# /sbin/iptables -t nat -A PREROUTING    -d 192.168.1.0/24 -j NETMAP   \
--to 172.16.1.0/24
# /sbin/iptables -t nat -A POSTROUTING   -s 172.16.1.0/24 -j NETMAP   \
--to 192.168.1.0/24
To restrict Downloads:
# /sbin/iptables –t mangle –I PREROUTING –d 172.16.1.57 –j MARK --set-mark
57
# /sbin/tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt
1000 cell 8
# /sbin/tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100Mbit
\
rate 100Mbit allot 1514 cell 8 weight 10Mbit prio 8 maxburst 20 avpkt 1000
# /sbin/tc class add dev eth0 parent 10:1 classid 10:010 cbq bandwidth
100Mbit  \
rate 120Kbit allot 1514 cell 8 weight 12Kbit prio 5 maxburst 20 avpkt 1000
bounded
# /sbin/tc qdisc add dev eth0 parent 10:10 red max 12288 min 6100 limit
12288  \
avpkt 1000 burst 12
# /sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 100 handle 57 fw
classid 10:10

To restrict Uploads:
# /sbin/iptables –t mangle –I PREROUTING –s 192.168.1.57 –j MARK --set-mark
57
# /sbin/tc qdisc add dev eth1 root handle 11: cbq bandwidth 100Mbit avpkt
1000 cell 8
# /sbin/tc class add dev eth1 parent 11:0 classid 11:1 cbq bandwidth 100Mbit
\
rate 100Mbit allot 1514 cell 8 weight 10Mbit prio 8 maxburst 20 avpkt 1000
# /sbin/tc class add dev eth1 parent 11:1 classid 11:010 cbq bandwidth
100Mbit  \
rate 120Kbit allot 1514 cell 8 weight 12Kbit prio 5 maxburst 20 avpkt 1000
bounded
# /sbin/tc qdisc add dev eth1 parent 11:010 red max 12288 min 6100 limit
12288  \
avpkt 1000 burst 12
# /sbin/tc filter add dev eth1 parent 11:0 protocol ip prio 100 handle 57 fw
classid 11:10

	Though in Advance-Routing-HOWTO Section 9.1 its clearly stated that "With
queueing we determine the way in which data is sent. It is important to
realise that we can only shape data that we transmit". I wanted to work on
setup someting describe below.

	Now instead of this 12Kbytes for individual upload and download; I want let
user have total 12Kbytes; and sum of upload and download should not be more
then this 12Kbytes. Is there any way to implementing traffic shaping over
"from and to" an IP say 192.168.1.1?

	We did a little with "u32" classifier too. in that "match ip src" seems not
work and/or work only while downloads and "match ip dst" works with uploads.
	Thanks for any support or hints. I'd like to even go for any
beta-developmet going on this issue.

Regards,
-- Sumit


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Two-way Shared Traffic shaping and NAT

[Stef Coene]

> 	Though in Advance-Routing-HOWTO Section 9.1 its clearly stated that "With
> queueing we determine the way in which data is sent. It is important to
> realise that we can only shape data that we transmit". I wanted to work on
> setup someting describe below.
>
> 	Now instead of this 12Kbytes for individual upload and download; I want
> let user have total 12Kbytes; and sum of upload and download should not be
> more then this 12Kbytes. Is there any way to implementing traffic shaping
> over "from and to" an IP say 192.168.1.1?
Short answer : no
The queues of device eth0 and eth1 have no idea of each other.  This question 
is been asked before.  Maybe you can dig in the archives to find more 
information about this toppic.
Devik is developping something that can help you.  It's a virtual qdisc that 
holds all packets from all queues before they are queued in the real queue.  
From Devik : " It allows you to implement cross device bandwidth sharing.", 
just wat you need ;-)

Stef

>
> 	We did a little with "u32" classifier too. in that "match ip src" seems
> not work and/or work only while downloads and "match ip dst" works with
> uploads. Thanks for any support or hints. I'd like to even go for any
> beta-developmet going on this issue.
>
> Regards,
> -- Sumit
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

-- 

stef.coene@docum.org
 More QOS info : http://docum.org/
 Title : "Using Linux as bandwidth manager"
     

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Two-way Shared Traffic shaping and NAT

[Martin Devera]

> Devik is developping something that can help you.  It's a virtual qdisc that 
> holds all packets from all queues before they are queued in the real queue.  
> From Devik : " It allows you to implement cross device bandwidth sharing.", 
> just wat you need ;-)

precisely it is virtual network device. It can be used for two-way
shaping and several people already uses it ..
devik


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Two-way Shared Traffic shaping and NAT

[Michael T. Babcock]

On Wed, Dec 19, 2001 at 11:17:49AM +0100, Stef Coene wrote:
> Devik is developping something that can help you.  It's a virtual qdisc that 
> holds all packets from all queues before they are queued in the real queue.  
> From Devik : " It allows you to implement cross device bandwidth sharing.", 
> just wat you need ;-)

That's good -- I've recently come across the need to do more than that though.
In the situation where a proxy server is running on the Linux router which does
the traffic controlling, I would like to be able to add the traffic going to
the localhost for clients requesting web pages.

I have no desire to shape traffic (severely) from the proxy servers to the
clients (on eth1).  But traffic from the Internet (eth0) to eth1 is usually
shaped, except when they use the proxy server (which is encouraged).  In that
case, the proxy server requests traffic and sometimes overloads the incoming
pipe.

I know nothing can be done about this at this point (not in an intelligent way)
but I was wondering if anyone is working on a user-space (or kernel-space for
that matter) wholistic bandwidth manager (where interfaces are just a filtering
option).
-- 
Michael T. Babcock
CTO, FibreSpeed Ltd.     (Hosting, Security, Consultation, Database, etc)
http://www.fibrespeed.net/~mbabcock/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Two-way Shared Traffic shaping and NAT

[Jerome PETAZZONI]

>>      Now instead of this 12Kbytes for individual upload and download; I want
>> let user have total 12Kbytes; and sum of upload and download should not be
>> more then this 12Kbytes. Is there any way to implementing traffic shaping
>> over "from and to" an IP say 192.168.1.1?

to shape traffic, you can also use an unofficial patch for netfilter
(iptables), which does the same thing as the "limit" match, but allowing
to specify rates in bytes/second instead of packets/second. you can
get this patch from http://etudiant.univ-mlv.fr/~jpetazzo/bytelimit.tgz
and you can then do something like :

iptables -N lim1
iptables -A FORWARD -s 192.168.1.1 -j lim1
iptables -A FORWARD -d 192.168.1.1 -j lim1
iptables -A lim1 -m bytelimit --rate 12000 -j DROP

(traffic "under" the 12000 bytes/second limit will go on thru the
chain "lim1")

Jerome Petazzoni <skaya at enix dot org>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/