I am copying a discussion that is being held on the NISTNET mail list to lartc, as I know some people such as Stef Coene have mentioned it on this list. For those on LARTC that don't know, NISTNET is a kernel module that allows emulation of link impairments such as latency and loss. This is done at the IP layer on incoming packets. Impairments may be specified on a packet source addr / destination addr / port / COS basis. It seems that this code was pre-netfilter / iproute2. The problem as described by Marinos below is that if there are more than one potential route to a destination, which may not be known a-priori then it is not possible to differentiate between packets traversing the two routes, and so impose different impairments. NISTNET does not work on a per interface basis, but after all the packets are thrown together. Therefore, the last hop router is not known just the source and destination points. Now there would seem to me to be several options, but keeping with a layer 3 solution the following seem possible: Ingress Interface: 1) Modify NISTNET to use the netfilter hooks. This way any packet filtering / marking possible by netfilter could be used to affect classify the packets so that they can be handled differently by NISTNET. a) As a kernel mod b) In userspace via libipq (may be timing problems) Egress Interface: 2) Integrate the NISTNET functionality into iproute2 - some of the NISTNET functionality may already be provided by iproute2 - additional functionality could be added in a new scheduler. e.g. long latency queue etc. I am currently trying to scope how much effort this would take, to see whether I have the time to do one of the above. Alternatively, this could all be done at layer 2, basing work on ebtables or mackill. Any thoughts Andrew -----Original Message----- From: Marinos Stylianou [mailto:marinos.s@xxxxxxxxx] Sent: Tuesday, June 10, 2003 11:38 PM To: 'Burnside, Andrew'; 'James Nichols' Cc: nistnet@xxxxxxxxxxxxx Subject: RE: [nistnet] NISTNET and multiple WAN links Dear all, I was just testing the tool and I came across a similar problem. I have set up a topology where I need to set link distance delays for my tests. The tool provides such functionality but based only on source destination addressing. Is there a way to set I at the interface level? Bellow find a rough diagram of a network. The network is larger but this portion tells more or less the problem - - - Router B --- Router C --- Sink - - Source --- Router A - - - - - - Router D - As you can see I need to set delay limitations to each of these links and test some scenarios. For instance I need to set delay = 20ms to between router A --- router B and delay = 30ms between router B --- router C and delay = 10ms to the link of router D --- router C along with some bandwidth limitation aswell. I cannot do this by using only source destination address. I need to set it at the interfaces level. Something like "cnistnet eth0 eth1 -delay 20". Is that possible? Marinos --------------------------------------------------------------------- Marinos Stylianou Research Associate - Networksgroup Lab Computer Science Department University of Cyprus Tel: +357 22892687 Email: marinos.s@xxxxxxxxx -----Original Message----- From: nistnet-admin@xxxxxxxxxxxxx [mailto:nistnet-admin@xxxxxxxxxxxxx] On Behalf Of Burnside, Andrew Sent: Tuesday, June 10, 2003 5:38 PM To: 'James Nichols'; Burnside, Andrew Cc: nistnet@xxxxxxxxxxxxx Subject: RE: [nistnet] NISTNET and multiple WAN links -----Original Message----- From: James Nichols [mailto:jnick@xxxxxxxxxx] Sent: Tuesday, June 10, 2003 2:29 PM To: Burnside, Andrew Cc: nistnet@xxxxxxxxxxxxx Subject: Re: [nistnet] NISTNET and multiple WAN links > > Now the problem that I have is that if NISTNET does its link impairment > > based on source and destination address, then how is it possible to > > differentiate between these links as the source and destination address > > will be the same in both cases. > > Unless, NISNET can impose impairment based on the interface or address of > > the adjacent hop machine. Can you phrase your question differently? I don't understand. You can set up two rules in NIST Net, one for packet going hostA-hostB, then hostB-hostA, is that what you need? But why do you need to do that? > > Can anyone help? No. I don't mean asymmetric links. I mean there are two links between router A and router B. e.g. one has a 1.5Mbps bandwidth, one has a 0.5Mbps bandwidth. These may or may not go through other hops to get between router A and B. Now suppose I send some traffic from the source to the sink. Regardless of the route between A and B, then the NISTNET module at B will impose the same impairment, as this is done on source and destination address. Policy based routing, link saturation or load balancing could decide to send traffic down either rouute between A and B. This traffic should be impaired differently. I hope that this is clearer. Regards Andrew _______________________________________________ nistnet mailing list nistnet@xxxxxxxxxxxxx http://www.antd.nist.gov/mailman/listinfo/nistnet _______________________________________________ nistnet mailing list nistnet@xxxxxxxxxxxxx http://www.antd.nist.gov/mailman/listinfo/nistnet
