hello gentle readers,
a somewhat complicated situation to explain, but I am most curious to
hear any advice or comments that you may be kind enough to offer.
I have the following situation:
[ multiple ]
[ client ----- BW-Linux-1 ] --------- BW-Linux-2 ----- Internet
[ networks ]
(A) (B) (C) (D)
[ [X] ]
metrics:
[X] multiple, mututally exclusive [X]'s will exist
(A) private rfc-1918 address spaces that do not conflict with other
client networks in the same (A) -- we hope! we are limited to 14 client
nets behind (B) if we nat each one with a seperate address.
(B) -NAT's each client network in (A) with its own address from (C)
-large squid to hopefully economize (C) bandwidth
(C) an expensive link out of our administrative control. we get a
rfc-1918 /28 for each [X]. 2^4-2=14 usable addresses.
(D) -large parent squid cache for BW-Linux-1
-iptables passes pkt hdrs to ulogd and we save portions to mysql
-summary traffic accounting for each (A) -- how much and where for
http, ftp, etc.
questions:
it would be desirable if (D) could collect all traffic data for
bandwidth usage graphs, etc., however, due to natting and squid,
ascertaining what a specfic host did in (A) seems unlikely.
does anyone know of a connection tracking mechnism (x-forwarded-for, or
other) such that (D) could know what a specific host in (A) did?
when a network in (A) exceeds its bandwidth quota, it will require (or
would be best) that both BW-Linux-1 and BW-Linux-2 acted in a
cooperative manner limiting its bandwidth. is there an existing
mechinism to have tc perform changes cooperatively on (B) and (D)?
does anyone have experience with the quota patch in iptables and jumped
to a userspace target to instigate tc commands? i'm thinking about
trying to develop a program that would allow (B) and (D) to syncronize
their tc policy simultaneously ...
Many, Many Sincere Thanks
Charles Shick
