LARTC - Jan 2002 - Subject: Mini-ISP-like bandwidth limiter

hi stan,

Greeting from INDIA .... :-)
We do at our setup with multiple/combo network adapters !.. with
netfilter & lartc not only v do badwidth managment ip based but also a
little bit of la layer 4 switching, priortising usage of our servers !
i dont use GUI interface and am unaware of any but i guess there was
some discussion on netfilter mailing list a few days back for kde
netfilter admin or something like that !
how-to is ones best bet & ofcourse nice guys & gurus on this list makes
it outsanding !

> Message: 3
> From: "Stanis?aw Winiecki - Admin" <admin@banpol.com.pl>
> To: <lartc@mailman.ds9a.nl>
> Date: Fri, 25 Jan 2002 13:29:13 +0100
> Subject: [LARTC] Mini-ISP-like bandwidth limiter
> 
> Hi everyone,
> 
> Greetings from Poland :)
> I want to be able to allocate portions of the internet link bandwidth to
> several homes in an apartment house. We pay together for internet access
and
> have a Linux router/gateway.
> Now we want to expand a little, i.e. buy a bit more bandwidth and achieve
> the following:
> - A possibility to assign a public IP address to a household (some people
> want to have their own servers at home)
> - Split the bandwidth to a requested level, so that some people could get
> more, some less, and pay their appropriate share in the overall link cost.
> 
> It looks to me as a small ISP-like problem :) Of course we run this network
> privately, so we can''t afford a professional bandwidth limiting
software or
> hardware solution.
> 
> To be honest I''m not a Linux guru [yet ;)], so learning about
LARTC,
> experimenting and maintaining it will take some time. In the meantime I was
> wondering, whether someone has experience with such a setup, with multiple
> network adapters and hopefully some administration aids (a web-based
> interface would be a dream).
> 
> Anyone can help?...
> 
> Best regards
> Stan
-- 
Arindam Haldar
Systems & Network
Digital 2 Virtual ISP Pvt Ltd.
Vadodara, Gujarat  INDIA

Hello Arindam,

it sound fine what you''re doing :-)
Could you provide some example-scripts please ???
You have to understand that I''m a beginner in QOS.

Thanks and greetings from Germany,
Gunther


-----Ursprungliche Nachricht-----
Von: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]Im
Auftrag von Arindam Haldar
Gesendet: Sonntag, 27. Januar 2002 10:42
An: admin@banpol.com.pl; lartc@mailman.ds9a.nl
Betreff: Subject: [LARTC] Mini-ISP-like bandwidth limiter


hi stan,

Greeting from INDIA .... :-)
We do at our setup with multiple/combo network adapters !.. with
netfilter & lartc not only v do badwidth managment ip based but also a
little bit of la layer 4 switching, priortising usage of our servers !
i dont use GUI interface and am unaware of any but i guess there was
some discussion on netfilter mailing list a few days back for kde
netfilter admin or something like that !
how-to is ones best bet & ofcourse nice guys & gurus on this list makes
it outsanding !

> Message: 3
> From: "Stanis?aw Winiecki - Admin" <admin@banpol.com.pl>
> To: <lartc@mailman.ds9a.nl>
> Date: Fri, 25 Jan 2002 13:29:13 +0100
> Subject: [LARTC] Mini-ISP-like bandwidth limiter
>
> Hi everyone,
>
> Greetings from Poland :)
> I want to be able to allocate portions of the internet link bandwidth to
> several homes in an apartment house. We pay together for internet access
and
> have a Linux router/gateway.
> Now we want to expand a little, i.e. buy a bit more bandwidth and achieve
> the following:
> - A possibility to assign a public IP address to a household (some people
> want to have their own servers at home)
> - Split the bandwidth to a requested level, so that some people could get
> more, some less, and pay their appropriate share in the overall link cost.
>
> It looks to me as a small ISP-like problem :) Of course we run this
network
> privately, so we can''t afford a professional bandwidth limiting
software
or
> hardware solution.
>
> To be honest I''m not a Linux guru [yet ;)], so learning about
LARTC,
> experimenting and maintaining it will take some time. In the meantime I
was
> wondering, whether someone has experience with such a setup, with multiple
> network adapters and hopefully some administration aids (a web-based
> interface would be a dream).
>
> Anyone can help?...
>
> Best regards
> Stan
--
Arindam Haldar
Systems & Network
Digital 2 Virtual ISP Pvt Ltd.
Vadodara, Gujarat  INDIA
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

hi all,
hi stef,

stef i went thru the site www.docum.org & would really like to thank u
on one part--->monitor.pl.. :-).. havent tried it yestreday but will
today when i find time but reading it i know that ... :-)
1) comming accros 2 one of the pages -->
www.docum.org/stef.coene/qos/tests/cbq/splitting/weight/splitting-weight.html
..i saw these 4 lines & got curious 2know y ur sending pkts with mark of
1 & 2 to both classes 10:2 & 20:10 ?..wont there b confusion 2 what
rules 2b applied?
tc filter add $DEV parent 10: protocol ip prio 3 handle 1 fw classid
10:2
tc filter add $DEV parent 10: protocol ip prio 3 handle 2 fw classid
10:2
tc filter add $DEV parent 20: protocol ip prio 3 handle 1 fw classid
20:10
tc filter add $DEV parent 20: protocol ip prio 3 handle 2 fw classid
20:20

2) our linux box does managemnt of public lan(office ) & pvt
lan(cable)--by ip''s.. sucess with public ips, marking & using tc
filter
is sucessful but not true with pvt ips (10 series, marking part!).. to
let u know better here is what we did with public ip..
 iptables -t mangle -A PREROUTING -i eth1 -s <a.b.c.0/26> -d
<a.b.e.0/25> -j MARK --set-mark 90
 iptables -t mangle -A PREROUTING -i eth0 -d <a.b.c.0/26> -s
<a.b.e.0/25> -j MARK --set-mark 91
 the tc commands
 tc filter add dev eth0 parent 1:105 pfifo limit 2
 tc filter add dev eth1 parent 2:105 pfifo limit 2
This works fine--tested with different traffic loads of download&
upload.
BUT with lan on eth4 which has pvt ip range(10series) vr not sucesful.
the problem is how to make sure that the pkts detination for 10.0.0.0/8
should be marked as they r MASQUERADEd. so i trired to mark with
FORWARD/OUTPUT/POSTROUTING but unsuccesful. tc -s class.... etc command
doesnt show any data being passed thru the class while iptables -nvL -t
mangle shows pkts r being marked & passing thru.

3) do we need to reset/restart the iptables script when iproute script
is reapplied or vice versa ?

4) have any one of you faced this problem --> when allowing a network
segment to INPUT/FORWARD/MASQUERADE thru, the ip''s/pc''s show
eractic
behaviour of performance..for eg allwoing 10.20.30.0/28 & restructing it
to say 64 kbps will allow one ip/pc to utlise the bandidth while other
ip/pc struggle to get an equal share. this have been monitored for
hours/days with iptraf. 
how can one insure that a few ip''s being used on that perticular
network
segment at any perticulr time, all ip get equal share of bandwith
alloted to that network segmenet--well if not equal a fair share of
bandwidth alloted !!

pls pardon me 4 my english.
thanx in advance

arindam haldar


-- 
Arindam Haldar
Systems & Network
Digital 2 Virtual ISP Pvt Ltd.
Vadodara, Gujarat  INDIA
www.d2visp.com

On Wednesday 30 January 2002 05:01, Arindam Haldar
wrote:
> hi all,
> hi stef,
>
> stef i went thru the site www.docum.org & would really like to thank u
> on one part--->monitor.pl.. :-).. havent tried it yestreday but will
> today when i find time but reading it i know that ... :-)
> 1) comming accros 2 one of the pages -->
> www.docum.org/stef.coene/qos/tests/cbq/splitting/weight/splitting-weight.ht
>ml ..i saw these 4 lines & got curious 2know y ur sending pkts with mark
of
> 1 & 2 to both classes 10:2 & 20:10 ?..wont there b confusion 2 what
rulesse
> 2b applied?
> tc filter add $DEV parent 10: protocol ip prio 3 handle 1 fw classid
> 10:2
> tc filter add $DEV parent 10: protocol ip prio 3 handle 2 fw classid
> 10:2
> tc filter add $DEV parent 20: protocol ip prio 3 handle 1 fw classid
> 20:10
> tc filter add $DEV parent 20: protocol ip prio 3 handle 2 fw classid
> 20:20
The filters are attached to different parents.  So when a packets enters 10:, 
it''s matched.  If it has mark 1 it''s sended to class 10:2. 
But qdisc 20: is
attached to 10:2 so the packet is matched to the filter that puts the packet 
in 20:10.  This test was to see how you have to attach the filters.  But
it''s
not recommended to use more then 1 qdisc in your setup.
> 2) our linux box does managemnt of public lan(office ) & pvt
> lan(cable)--by ip''s.. sucess with public ips, marking & using
tc filter
> is sucessful but not true with pvt ips (10 series, marking part!).. to
> let u know better here is what we did with public ip..
>  iptables -t mangle -A PREROUTING -i eth1 -s <a.b.c.0/26> -d
> <a.b.e.0/25> -j MARK --set-mark 90
>  iptables -t mangle -A PREROUTING -i eth0 -d <a.b.c.0/26> -s
> <a.b.e.0/25> -j MARK --set-mark 91
>  the tc commands
>  tc filter add dev eth0 parent 1:105 pfifo limit 2
>  tc filter add dev eth1 parent 2:105 pfifo limit 2
> This works fine--tested with different traffic loads of download&
> upload.
> BUT with lan on eth4 which has pvt ip range(10series) vr not sucesful.
> the problem is how to make sure that the pkts detination for 10.0.0.0/8
> should be marked as they r MASQUERADEd. so i trired to mark with
> FORWARD/OUTPUT/POSTROUTING but unsuccesful. tc -s class.... etc command
> doesnt show any data being passed thru the class while iptables -nvL -t
> mangle shows pkts r being marked & passing thru.
>
> 3) do we need to reset/restart the iptables script when iproute script
> is reapplied or vice versa ?
Nop.

Stef

-- 

stef.coene@docum.org
 More QOS info : http://www.docum.org/
 Title : "Using Linux as bandwidth manager"

hi again !
thanx for ur mail.

Stef Coene wrote:
> On Wednesday 30 January 2002 05:01, Arindam Haldar wrote:
> > hi all,
> > hi stef,
> > stef i went thru the site www.docum.org & would really like to
thank u
> > on one part--->monitor.pl.. :-).. havent tried it yestreday but
will
> > today when i find time but reading it i know that ... :-)
> > 1) comming accros 2 one of the pages -->
> >
www.docum.org/stef.coene/qos/tests/cbq/splitting/weight/splitting-weight.ht
> >ml ..i saw these 4 lines & got curious 2know y ur sending pkts with
mark of
> > 1 & 2 to both classes 10:2 & 20:10 ?..wont there b confusion 2
what rulesse
> > 2b applied?
> > tc filter add $DEV parent 10: protocol ip prio 3 handle 1 fw classid
> > 10:2
> > tc filter add $DEV parent 10: protocol ip prio 3 handle 2 fw classid
> > 10:2
> > tc filter add $DEV parent 20: protocol ip prio 3 handle 1 fw classid
> > 20:10
> > tc filter add $DEV parent 20: protocol ip prio 3 handle 2 fw classid
> > 20:20
> The filters are attached to different parents.  So when a packets enters
10:,
> it''s matched.  If it has mark 1 it''s sended to class
10:2.  But qdisc 20: is
> attached to 10:2 so the packet is matched to the filter that puts the
packet
> in 20:10.  This test was to see how you have to attach the filters.  But
it''s
> not recommended to use more then 1 qdisc in your setup.
> 
> > 2) our linux box does managemnt of public lan(office ) & pvt
> > lan(cable)--by ip''s.. sucess with public ips, marking &
using tc filter
> > is sucessful but not true with pvt ips (10 series, marking part!).. to
> > let u know better here is what we did with public ip..
> >  iptables -t mangle -A PREROUTING -i eth1 -s <a.b.c.0/26> -d
> > <a.b.e.0/25> -j MARK --set-mark 90
> >  iptables -t mangle -A PREROUTING -i eth0 -d <a.b.c.0/26> -s
> > <a.b.e.0/25> -j MARK --set-mark 91
> >  the tc commands
> >  tc filter add dev eth0 parent 1:105 pfifo limit 2
> >  tc filter add dev eth1 parent 2:105 pfifo limit 2
> > This works fine--tested with different traffic loads of download&
> > upload.
> > BUT with lan on eth4 which has pvt ip range(10series) vr not sucesful.
> > the problem is how to make sure that the pkts detination for
10.0.0.0/8
> > should be marked as they r MASQUERADEd. so i trired to mark with
> > FORWARD/OUTPUT/POSTROUTING but unsuccesful. tc -s class.... etc
command
> > doesnt show any data being passed thru the class while iptables -nvL
-t
> > mangle shows pkts r being marked & passing thru.
have u tried with using private ips as described above in any of ur
experiments? i am really curious to know how i can mark pkts comming on
eth0(internet) tracelling thru eth4(pvt Lan).basically wanting to have a
effective filter/routing/bandwidth usage. for eg i want to give ftp/imap
a more bandwidth for local pc(private ip) to our local server having
public ip.
> >
> > 3) do we need to reset/restart the iptables script when iproute script
> > is reapplied or vice versa ?
> Nop.
i need one more help guidance on setting of web enabled badwidth
utilisation u have described in ur site. i will be really thankful if u
can tell me how i can implement it. im not into perl that makes things a
bit difficult for me though i ma trying to.
> 
> Stef
> --
> 
> stef.coene@docum.org
>  More QOS info : http://www.docum.org/
>  Title : "Using Linux as bandwidth manager"
> 
thanx in advance
arindam

-- 
Arindam Haldar
Systems & Network
Digital 2 Virtual ISP Pvt Ltd.
Vadodara, Gujarat  INDIA

> i need one more help guidance on setting of web enabled badwidth
> utilisation u have described in ur site. i will be really thankful if u
> can tell me how i can implement it. im not into perl that makes things a
> bit difficult for me though i ma trying to.
For those who are interested, I created some perl script to process the tc 
output.  Currently, it takes the packets/bytes sended by a class/qdisc and 
makes some graphs with it. You can find it on www.docum.org under
"GUI".
They use RRDs.pm so you have to install rrdtool (apt-get install librrds-perl 
on a Debian based system).

I want to extend the scripts, but for now, they just create some nice looking 
graphs.  But help is appreciated :-)  
I''m still writing the pages and hopely I can update them tonight.

Stef

-- 

stef.coene@docum.org
 More QOS info : http://www.docum.org/
 Title : "Using Linux as bandwidth manager"