Hi, I am new to the Linux Advance Routing Project and to Policy Based Routing as implemented in Linux.... but I have been using Linux for 10 years so not _really_ a newbie.... Looking at the lartc.org website I came across the reference implementation of a traffic shaper... I also have Matt Marsh''s book on ''Policy Based Routing using Linux'' which covers traffic shaping a bit in the later chapters.... but I am not crystal clear on it.... I have a linux box doing simple policy based routing for a fairly substantial private network and routing the resulting traffic in a policy based way to two different ISPs via T-1 (1.544 Mb/s) pipes... Sort of arbitrary poor-boy load balancing resulting in two distinct QOSes (i.e., heavily loaded and lightly loaded ;)... I would like to also experiment with traffic shaping and would welcome any thoughts that you might have regarding implementation in such a setup... Basically the PBR Linux box has two NICs.... Eth0 is facing the private network and is the default gateway for all private traffic... while eth1 is facing a DMZ LAN where the various ISPs and other private network services live.... My first thought was to run wondershaper as is and set the parameters to 3 Mb up and 3 Mb down (i.e., 2 x t-1).... But then I had a flash of common sense and decided to ask first if there might not be a better way.... ;) If anyone has any thoughts about traffic shaping in this environment or on the setup in general I would love to hear them... TIA. Any and all instruction gratefully received. Dave Sims Houston, Texas
Eliot, Wireless and Server Administrator, Great Lakes Internet
2005-Oct-13 18:08 UTC
RE: wondershaper....
Well, the way I see it, if you are trying to load balance over two T1 lines in your own network, using multipath routing or something similar is not an issue. However, when you are trying to load balance over two T1 lines provided by seperate ISPs, you run into the "global address problem." That is, your packets going through 1 T1 go out to the world with a source IP from ISP 1 and your packets going through the other T1 go out to the world with a source IP from ISP 2. Now, on the sending end, you don''t really care. But, the receiving end does care. If you are just doing a packet-per-packet load balancing, JOE webserver on the Internet is going to see half your packets coming from one IP and half coming from the other. It is not going to reassemble them into a full stream and decode them. And if you try to force your packets going out one T1 to have the IP of the other T1, the ingress filter on your ISP''s network (that would be ingress from you to them, egress from them to the world) will likely filter out your packets as spoofed packets. So, the only real load balancing you can do on two T1 lines from two different ISPs is flow-based load balancing. A single connection goes through a single T1 and you load balance the seperate connections across the T1 lines. By doing it this way, you make the sacrifice that you are not receiving equal load balancing. Specifically, your upload speed on any given connection will never exceed the maximum speed of a single T1 line. BGP comes in handy when that''s not what you want to do. With BGP, you can advertise a route to your network block through both providers. Then, you can send packets out either provider with a single IP address and the packets will return via the best route from the server you are connecting to and your network. You can alter that load balancing on a network block basis by advertising some network blocks out one T1 and other network blocks out the other T1 with smaller subnet masks than your entire network block. This takes advantage of the fact that routers always route to the route with the smallest subnet mask. For instance, if you have a /20 network block, you can advertise the /20 out both providers, then advertise 8 /24''s out one provider and 8 /24''s out the other (or 4 /23''s, or whatever you want). If you combine BGP with equal-cost multipath routing and force the costs of the T1 lines to the same cost, you can send one packet out one T1 and one out the other giving you a maximum upload speed of 3 Mbps. This is the only way I know of to load balance across two connections to seperate ISPs. If you have another way that solves the above listed problem, please let me know. Now, if your T1 lines are from the same ISP, you should look into bonding them or using equal-cost multipath routing on both ends, either of which would give you 3 Mbps in both directions. Eliot Gable Certified Wireless Network Administrator Cisco Certified Network Associate CompTIA Security+ Certified CompTIA Network+ Certified Network and Systems Administrator Great Lakes Internet, Inc. 112 North Howard Croswell, MI 48422 810-679-3395 -----Original Message----- From: David Sims [mailto:dpsims@dpsims.com] Sent: Thu 10/13/2005 11:38 AM To: Eliot, Wireless and Server Administrator, Great Lakes Internet Subject: RE: [LARTC] wondershaper.... Hi Eliot, Of course, BGP would be the traditional solution for Policy Based Routing.... but I like doing things in new and different ways to learn about them and to see if they are actually better or worse than the traditional way.... (it''s through that process that computer science moves ahead ;)... It would seem at first blush that Policy Based Routing under Linux is head and shoulders above the traditional methodologies.... and I think the functionality is far better than even Cisco''s.... I would agree that fault tolerance is not as good as with one of the more traditional mechanisms, but think of my environment as a ''lab''... It''s easy enough to swing all the traffic to one T-1 or another in the event of a failure... even though the volume would kill the working T-1 due to the amount of traffic... A more optimal situation would be to use ethernet over fiber where one could just get 4 Mb/s without regard to electical interfaces.... rather than load balancing two T-1s.... but then there''s no backup at all in that situation... it would either be working or not working.... Any other thoughts?? Dave ********************************************************************** On Thu, 13 Oct 2005, Eliot, Wireless and Server Administrator, Great Lakes Internet wrote:> > I would recommend that you investigate the possible use of BGP over > those T1s from other providers. That would be your best solution. You > can use BGP to shape the loading on the T1 lines and it would offer you > better fault tolerance in the event that one of the T1 lines went down. > Of course, you would still benefit from QoS policies on your routers. > > Eliot Gable > Certified Wireless Network Administrator > Cisco Certified Network Associate > CompTIA Security+ Certified > CompTIA Network+ Certified > Network and Systems Administrator > Great Lakes Internet, Inc. > 112 North Howard > Croswell, MI 48422 > 810-679-3395 > > > > -----Original Message----- > From: lartc-bounces@mailman.ds9a.nl on behalf of David Sims > Sent: Thu 10/13/2005 11:19 AM > To: lartc@mailman.ds9a.nl > Subject: [LARTC] wondershaper.... > > Hi, > > I am new to the Linux Advance Routing Project and to Policy Based > Routing as implemented in Linux.... but I have been using Linux for 10 > years so not _really_ a newbie.... Looking at the lartc.org website I came > across the reference implementation of a traffic shaper... > > I also have Matt Marsh''s book on ''Policy Based Routing using Linux'' > which covers traffic shaping a bit in the later chapters.... but I am not > crystal clear on it.... > > I have a linux box doing simple policy based routing for a fairly > substantial private network and routing the resulting traffic in a policy > based way to two different ISPs via T-1 (1.544 Mb/s) pipes... Sort of > arbitrary poor-boy load balancing resulting in two distinct QOSes (i.e., > heavily loaded and lightly loaded ;)... > > I would like to also experiment with traffic shaping and would welcome > any thoughts that you might have regarding implementation in such a > setup... Basically the PBR Linux box has two NICs.... Eth0 is facing the > private network and is the default gateway for all private traffic... > while eth1 is facing a DMZ LAN where the various ISPs and other private > network services live.... > > My first thought was to run wondershaper as is and set the parameters to > 3 Mb up and 3 Mb down (i.e., 2 x t-1).... But then I had a flash of common > sense and decided to ask first if there might not be a better way.... ;) > > If anyone has any thoughts about traffic shaping in this environment or > on the setup in general I would love to hear them... > > TIA. Any and all instruction gratefully received. > > Dave Sims > Houston, Texas > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > >_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hi, I am doing LARTC style policy based routing to allocate traffic between two different T-1 based ISPs via a single egress NIC card (two different default routes depending on source address). I would like to try out Wondershaper on this NIC. I have initially set: DOWNLINK=2500 UPLINK=2500 DEV=eth1 with the idea being that the aggregate maximum rate out this NIC is 2 x 1544 (i.e., 2 T-1s) or about 3.1 Mb/s.... Is that an appropriate setting?? What''s the best way to tell if this traffic shaping is having the desired effect?? Is there a way to independently apply this shaper to each of the flows? Dave