Re: [LARTC] balancing behind NAT?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 13:25 30-11-00 +0100, you wrote:
Hi,

I'd like to setup cbq for my 7 lan users, but i'd like to do it only for the internet connect (LAN is accessing internet through masquerading), not for the whole server machine: i mean somebody on the lan should access the server at full rate(10Mbit/s), but internet at for example 30KB/sec).
i now i've setup only kbits, but those dramastic low-speed was to see easily if it was working or not :)

how could i do that?

my lan NIC is eth0 and internet eth1, i already tried the following thingie that doesn't work (i suppose it's logic, but i had to try it ;) )

And, How could i reset all the cbq existing config to remake a new one?

tc qdisc add dev eth1 root handle 10: cbq bandwidth 105Kbit avpkt 1000
tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 105Kbit rate \
  105Kbit allot 1514 weight 15Kbit prio 8 maxburst 20 avpkt 1000

tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 105Kbit rate \
  10Kbit allot 1514 weight 5Kbit prio 5 maxburst 20 avpkt 1000 bounded

tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15
tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15

tc filter add dev eth1 parent 10:0 protocol ip prio 25 u32 match ip dst \
   192.168.0.0/16 flowid 10:100
I got the same problem, until I figured out that you cant denote IP-adresses with the filter, as those are 'masqueraded' out and replaced by the router's address. With your ipchains-masquerading command, you should add a 'mark packet' command, which gives each individual forwarded machine an individual mark on its packets, so tc filter can pick those out. An example configuration of me (upstream!):
(eth1 is the outgoing interface)

# masq a fictious machine and mark it with 0xa (hexadecimal = 10 decimal!)
/sbin/ipchains -A forward -s 192.168.0.1/32 -j MASQ -m 0xa

#make root class with 128 kbit
/usr/bin/tc qdisc add dev eth1 root handle 1: cbq bandwidth 128Kbit avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 128Kbit rate 128Kbit \
allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000

#this gives the fictious machine above a bounded bandwidth of 40 kbit
/usr/bin/tc class add dev eth1 parent 1:1classid 1:11 cbq bandwidth 128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:1
/usr/bin/tc qdisc add dev eth1 parent 1:11 sfq quantum 1514b perturb 15
#here we add the filter command and give with it 'handle 10' which corresponds to the fictious machine above, which was marked with 10 (=0xa):

/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 10 fw classid 1:11

That's it for one machine, the rest you can hopely figure out for yourself ;)

Sander Raaijmakers


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux