LARTC - Apr 2001 - Sharing bandwidth between two interfaces

Hello all.

I have been playing around with CBQ, cbq.init et al for a while, and
have got some impressive results. It works after all!... I have used SFQ
as the leaf queuing discipline on all my classes and created a bounded
class with the total bandwidth I wanted to share (64K), from which
unbounded subclasses borrow bandwidth. It works great.

But now I''ve got a problem... This setup works well when there is only
one input interface and one output interface. But my interest now is to
share the internet connection between two subnets, each one attached to
a different interface. The problem is that the 64K class must be
attached to one of the interfaces, so I think it will not work if I try
to use it from the other ethernet interface. How can I solve this? Maybe
with some type of tunneling? teql maybe?

Many thanks in advance,


--
                José Carlos Ramírez Pérez
                Área de Internet y Telecomunicaciones

                mailto:JoseCarlos.Ramirez@isotrol.com
                ___________________________________________________
                ISOTROL S.A.
                Avda. de la innovación nº 1, 3ª plta, 41020 Sevilla
                Tel.:+34 955 036 800 - Fax:+34 955 036 849  (Spain)
                web: http://www.isotrol.com/

Hi,
> one input interface and one output interface. But my interest now is to
> share the internet connection between two subnets, each one attached to
> a different interface. The problem is that the 64K class must be
> attached to one of the interfaces,
Is it correct understood that you want to limit some traffic which can go out on
two different interfaces, to 64K in total?


Christian

Dne 2 Apr 2001, v 20:21, Christian Worm Mortensen napsal(a):
> > one input interface and one output interface. But my interest now is
to
> > share the internet connection between two subnets, each one attached
to
> > a different interface. The problem is that the 64K class must be
> > attached to one of the interfaces,
> 
> Is it correct understood that you want to limit some traffic which can go
out on two different interfaces, to 64K in total?
Well, although I didn''t post the original message, I hope that I would
like to
do the same. To limit sum of outgoing traffic to some maximum and to 
borrow bandwidth between interfaces. 

Can anbnody confirm that it is or it is not possibile?


Zdravim/Regards

     Vladimir Smelhaus

Christian Worm Mortensen wrote:
> Hi,
>
> > one input interface and one output interface. But my interest now is
to
> > share the internet connection between two subnets, each one attached
to
> > a different interface. The problem is that the 64K class must be
> > attached to one of the interfaces,
>
> Is it correct understood that you want to limit some traffic which can go
out on two different interfaces, to 64K in total?
>
> Christian
Yes, that''s it. Sorry, my english isn''t any good...



--
                José Carlos Ramírez Pérez
                Área de Internet y Telecomunicaciones

                mailto:JoseCarlos.Ramirez@isotrol.com
                ___________________________________________________
                ISOTROL S.A.
                Avda. de la innovación nº 1, 3ª plta, 41020 Sevilla
                Tel.:+34 955 036 800 - Fax:+34 955 036 849  (Spain)
                web: http://www.isotrol.com/

Hi,
> > Is it correct understood that you want to limit some traffic which can
go
> >  out on two different interfaces, to 64K in total?
> Yes, that''s it. Sorry, my english isn''t any good...
Ok... If anyone knows a way to do this I would like to know too ;-) Maybe it
is possible by shaping on a loopback interface?


Christian

Depending on what you are trying to do, channel bonding or teql
should do the trick. But I haven''t tried these things out (yet)...
One more thing: channel bonding nor teql will work when those two
interfaces are connected to different ISPs. If this is the case,
only ingress policing on your local LAN interface will work.

Btw, I don''t think shaping on a loopback interface will solve this
problem...

Guy

worm@dkik.dk wrote:
> Hi,
> 
> 
>>> Is it correct understood that you want to limit some traffic which
can go
>>>  out on two different interfaces, to 64K in total?
>> 
> 
>> Yes, that''s it. Sorry, my english isn''t any good...
> 
> 
> Ok... If anyone knows a way to do this I would like to know too ;-) Maybe
it
> is possible by shaping on a loopback interface?
> 
> 
> Christian
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/

Hi,
> interfaces are connected to different ISPs. If this is the case,
> only ingress policing on your local LAN interface will work.
What in fact is the ingress qdisc? Accoring to the howto it limits _incomming_
bandwidth. But a basic principple of qdiscs is that they handle _outgoing_
packets. How does this make sence?


Christian

Christian Worm Mortensen wrote:
> 
> What in fact is the ingress qdisc? Accoring to the howto it limits
_incomming_ bandwidth. But a basic principple of qdiscs is that they handle
_outgoing_ packets. How does this make sence?
> 
Indeed, it is normally not done, but if you want to shape incoming bandwidth, it
is perfectly
possible to create a queue for incoming packets, and to do ingress policing by
means of this queue.

That''s what the ingress policing qdisc does...

One major application of ingress policing is only letting a limited rate of icmp
or
tcp syn packets coming into your network. That will keep your network less
vulnerable
for ping floods and dos attacks.
> 
> Christian
> 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/

On Thu, Apr 05, 2001 at 11:59:43PM +0200, Guy Van Den Bergh
wrote:
> One major application of ingress policing is only letting a limited
> rate of icmp or tcp syn packets coming into your network. That will
> keep your network less vulnerable for ping floods and dos attacks.
It''s perhaps worth noting that for applications like this, in which you
don''t want to queue the traffic at all but just drop or reject it, this
can be easily done with kernel 2.4''s netfilter, using iptables and
LIMIT.  This is covered in Rusty''s Remarklably Useful but Allegedly
Unreliable Guide, the Linux 2.4 Packet Filtering HOWTO at
http://netfilter.kernelnotes.org/

Hi,
> > What in fact is the ingress qdisc? Accoring to the howto it limits 
> > _incomming_ bandwidth. But a basic principple of qdiscs is that they
handle
> > _outgoing_ packets. How does this make sence?
> Indeed, it is normally not done, but if you want to shape incoming
bandwidth, it
> is perfectly possible to create a queue for incoming packets, and to do
ingress
> policing by means of this queue.
Is it also possible to take an arbitary qdisc and put in the incomming
direction? Like Kevin Turner also seems to want?


Christian