I think I explained wrong, my purpose is not to get 12 Mbps per link, I know
that is not possible. Again I explain my problem, this will show the scheme of
my academic project.
I am working with WRAP 2 boards and every one of these boards have two Atheros
wireless card and an ethernet that is connected to the local area.
schema:
WRAP1
WRAP2
link 1
link 1
------------
-------------
LAN ----------------------------
- ------------------------- LAN2
1: 10.1.6.10 - ath1 (ISP1) -
- ath0 (ISP1)
2: 10.1.6.20 Switch ---------- 192.168.2.1 -
- 192.168.2.2 ------------- 1: 10.1.10.10
3: 10.1.6.30 eth0 -
- eth0 Switch 2:
10.1.10.20
10.1.6.2 - -
10.1.10.3 3: 10.1.10.30
---------- ath1(ISP2) -
- ath0(ISP2) -------------
- 192.168.1.1 - - 192.168.1.2
------------------------------
- ----------------------------
------------- ---------------
link
2 link 2
You see, I am simulating two ISP with wireless access.
The configured bandwidth for each atheros wireless card is 6 Mbps, but by
testing each of the links, I know I can transmit a maximum of 4 Mbps.
The purpose of this project is balancing the two links and achieve more
throughput with the help of the two links (the throughput obtained by the two
links must be greater than the throughput of a link).
Using shorewall managed load balancing (if I send 2 streams to two requests, the
router chooses to leave because provider. In our case may come out ISP1 first
and the second by ISP2 or vice versa).
Now I want to obtain higher transfer rates, this does not mean that my link1
magimanente can transmit at twice, I know that is not possible. But if I have
two links and each can transmit at 4 Mbps, building that has two links expect
the transfer rate is approached 8 Mbps, thus obtain a higher throughput.
For this, I show the following scenario:
From WRAP1, sending two streams to the WRAP 2.
IP Source IP Destination number of packets
Bitrate
flow 1 : 10.1.6.10 10.1.10.10 340
4 Mbps
flow 2: 10.1.6.10 10.1.10.30 340
4 Mbps
Observing Packets transmitted TX WRAP1 device interfaces, see the packets went
through different interfaces.
Now I fixed the packages arrived WRAP2.
packages Received
flow 1: 10.1.10.10 200
flow 2: 10.1.10.30 140
(is observed the loss of 140 and 200 packets for flows 1 and 2)
Iperf results show:
host@soporte# iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 10.1.10.10 port 5001 connected with 10.1.10.3 port
46049
[ ID] Interval
Transfer Bandwidth
[ 4] 0.0-10.3
sec 100 MBytes 2.5 Mbits/sec
[ 4] local 10.1.10.30 port 5015 connected with 10.1.10.3 port
46023
[ ID] Interval
Transfer Bandwidth
[ 4] 0.0-10.3
sec 70 MBytes 1.4 Mbits/sec
SUM 3,9 Mbits/sec
Traducción de texto o de páginas web
Quizás quisiste decir: throughput Escribe texto o la dirección de un sitio web,
o bien, traduce un documento.Cancelar traducción del español - detectado al
inglésIt is observed that the bandwidth limit is only about 4 Mbps, but the
packages are out for different ISP.
How should I configure shorewall to take advantage of two links and can
approach a transfer rate of 8 Mbps?.
Thanks for your help.
Geovana
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you''ll get a free "Love Thy Logs" t-shirt
when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
Schema:
WRAP1
WRAP2
link 1
link 1
--------
--------
LAN ----------------------------
- ------------------------- LAN2
1: 10.1.6.10 - ath1 (ISP1) -
- ath0 (ISP1)
2: 10.1.6.20 Switch --- 192.168.2.1 - -
192.168.2.2 ------------- 1: 10.1.10.10
3: 10.1.6.30 eth0 -
- eth0 Switch 2:
10.1.10.20
10.1.6.2
- - 10.1.10.3
3: 10.1.10.30
---- ath1(ISP2) -
- ath0(ISP2) -------------
- 192.168.1.1 - - 192.168.1.2
------------------------------ -
----------------------------
---------
--------
link 2
link 2
From: anina_luz@hotmail.com
To: shorewall-users@lists.sourceforge.net
Date: Thu, 1 Sep 2011 14:33:16 +0000
Subject: [Shorewall-users] SHOREWALL - ISP Y LOAD BALANCE
I think I explained wrong, my purpose is not to get 12 Mbps per link, I know
that is not possible. Again I explain my problem, this will show the scheme of
my academic project.
I am working with WRAP 2 boards and every one of these boards have two Atheros
wireless card and an ethernet that is connected to the local area.
schema:
--_afa22174-d131-4130-aab6-acb1d5feba18_
Content-Type: text/html; charset="windows-1256"
Content-Transfer-Encoding: 8bit
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class=''hmmessage''><div
dir=''ltr''>
Schema:<br><br>
WRAP1
WRAP2<br><div dir="ltr"><br>
link 1
link 1<br>
<wbr>
--------
<wbr> --------<br>LAN
----------------------------<wbr>
<wbr> - ------------------------- &nb
sp;
LAN2
<br>1:
10.1.6.10
-
ath1 (ISP1)
-
<wbr> - ath0 (ISP1)
&
nbsp;
<br>2: 10.1.6.20 Switch ---
192.168.2.1 -
<wbr>
- 192.168.2.2
------------- <wbr>
1: 10.1.10.10<br>
3: 10.1.6.30
eth0
-
<wbr>
-
eth0
Switch 2:
10.1.10.20
<br>
10.1.6.2
-
-
10.1.10.3
3: 10.1.10.30<br>
----
ath1(ISP2) -
-
ath0(ISP2)
-------------<br>
- 192.168.1.1
-
- 192.168.1.2<br>
------------------------------
-
----------------------------
<br>
<wbr>
---------
--------<br> <wbr>
link 2
&n
bsp;
link 2</div><br><br><div><hr
id="stopSpelling">From: anina_luz@hotmail.com<br>To:
shorewall-users@lists.sourceforge.net<br>Date: Thu, 1 Sep 2011 14:33:16
+0000<br>Subject: [Shorewall-users] SHOREWALL - ISP Y LOAD
BALANCE<br><br>
<meta http-equiv="Content-Type" content="text/html;
charset=unicode">
<meta name="Generator" content="Microsoft SafeHTML">
<style>
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
</style>
<div dir="ltr">
<span id="ecxresult_box" class="ecxlong_text"
lang="en"><span class="ecxhps">I think
I</span> <span class="ecxhps">explained</span>
<span class="ecxhps">wrong, my</span> <span
class="ecxhps">purpose is not to</span> <span
class="ecxhps">get 12</span> <span
class="ecxhps">Mbps</span> <span
class="ecxhps">per link</span><span>, I know
that</span> <span class="ecxhps">is not
possible.</span> <span class="ecxhps">Again I</span>
<span class="ecxhps">explain my</span> <span
class="ecxhps">problem,</span> <span
class="ecxhps">this will</span> <span
class="ecxhps">show</span> <span
class="ecxhps">the scheme of my</span> <span
class="ecxhps">academic
project.</span></span><br><span
id="ecxresult_box" class="ecxlong_text"
lang="en"><span class="ecxhps">I am working
with</span> <span class="ecxhps">W
RAP</span> <span class="ecxhps">2 boards</span>
<span class="ecxhps">and every</span> <span
class="ecxhps">one of these boards</span> <span
class="ecxhps">have two</span> <span
class="ecxhps">Atheros</span> <span
class="ecxhps">wireless card</span> <span
class="ecxhps">and</span> <span
class="ecxhps">an ethernet</span> <span
class="ecxhps">that is connected</span> <span
class="ecxhps">to the local
area</span><span>.</span><br> <span
class="ecxhps">schema:</span></span><br
clear="all"><br>
<br></div></div>
</div></body>
</html>
--_afa22174-d131-4130-aab6-acb1d5feba18_--
--===============8848551670248186398=Content-Type: text/plain;
charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you''ll get a free "Love Thy Logs" t-shirt
when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
--===============8848551670248186398=Content-Type: text/plain;
charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On Thu, 2011-09-01 at 14:33 +0000, Geovana Navarro wrote:> I think I explained wrong, my purpose is not to get 12 Mbps per link, > I know that is not possible. Again I explain my problem, this will > show the scheme of my academic project. > I am working with WRAP 2 boards and every one of these boards have two > Atheros wireless card and an ethernet that is connected to the local > area.> > Now I want to obtain higher transfer rates, this does not mean that my > link1 magimanente can transmit at twice, I know that is not possible. > But if I have two links and each can transmit at 4 Mbps, building that > has two links expect the transfer rate is approached 8 Mbps, thus > obtain a higher throughput. >If you have two cars, each that can go 100 miles per hour, you can still only go 100 miles per hour because you can only drive one car at a time. If you drive one car and your wife drives the other, then each of you can go 100 miles per hour. Although 100+100 = 200, neither you nor your wife can go faster than 100 mph. This is the same with two links. A single connection goes out one link or the other, but it is still limited to the speed of that link. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
On 01/09/11 16:28, Tom Eastep wrote:> On Thu, 2011-09-01 at 14:33 +0000, Geovana Navarro wrote: >> I think I explained wrong, my purpose is not to get 12 Mbps per link, >> I know that is not possible. Again I explain my problem, this will >> show the scheme of my academic project. >> I am working with WRAP 2 boards and every one of these boards have two >> Atheros wireless card and an ethernet that is connected to the local >> area. >> Now I want to obtain higher transfer rates, this does not mean that my >> link1 magimanente can transmit at twice, I know that is not possible. >> But if I have two links and each can transmit at 4 Mbps, building that >> has two links expect the transfer rate is approached 8 Mbps, thus >> obtain a higher throughput. >> > If you have two cars, each that can go 100 miles per hour, you can still > only go 100 miles per hour because you can only drive one car at a time. > If you drive one car and your wife drives the other, then each of you > can go 100 miles per hour. Although 100+100 = 200, neither you nor your > wife can go faster than 100 mph. > > This is the same with two links. A single connection goes out one link > or the other, but it is still limited to the speed of that link. > > -Tom >Quite so. I think, though, that Geovana is saying that both ends are controlled. In that case, it would be possible to increase throughput with a bond interface. It may be that ifenslave-ing ath0 and ath1 to a mode 0 kernel bonding device at both ends would do it, but it depends how the interface is set up, and what is between the two gateways. Point-to-point it should be fine; if it needs to be routed then some sort of tunneling devices would be needed. Setting that up isn''t really a Shorewall question, though... ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
wrote before>If you have two cars, each that can go 100 miles per hour, you can still>only go 100 miles per hour because you can only drive one car at a time. >If you drive one car and your wife drives the other, then each of you >can go 100 miles per hour. Although 100+100 = 200, neither you nor your >wife can go faster than 100 mph.>This is the same with two links. A single connection goes out one link >or the other, but it is still limited to the speed of that link.>-Tom-->Tom Eastep \ When I die, I want to go like my Grandfather who >Shoreline, \ died peacefully in his sleep. Not screaming like >Washington, USA \ all of the passengers in his car >http://shorewall.net \________________________________________________I understand, in my case I have 2 links that would be similar to two roads. In each road may pass 10 cars, if I add another road where they can move another 10 cars, so now the two roads can move 20 cars, this is what I hope to do with shorewall. If 40 IP packets per second coming through a link, if I add another link of equal capacity, so now I will move 80 IP packets in a second, the total capacity: 40 for the first link and 40 the second link, then it gets transiting 80 Now what is happening is: With shorewall am sending cars on both roads simultaneously, at most only manage to move 10 cars divided into two roads, when they should move about 20 cars. How I can use both links to move a greater number of IP packets between WRAP1 and WRAP2? regards Geovana ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
> Quite so. > I think, though, that Geovana is saying that both ends are controlled. > In that case, it would be possible to increase throughput with a bond > interface. > It may be that ifenslave-ing ath0 and ath1 to a mode 0 kernel bonding > device at both ends would do it, but it depends how the interface is set > up, and what is between the two gateways. Point-to-point it should be > fine; if it needs to be routed then some sort of tunneling devices would > be needed. Setting that up isn''t really a Shorewall question, though...Thanks Dominic Just my academic project to find the best option to get more throughput and availability using multiple simultaneous connections in WiFi. Bonding is that I use at link layer, while shorewall at the network and transport layer. Just I am testing with bonding and shorewall , but bonding is designed for wired networks and attempt to adapt it to wifi. Geovana ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
ARUN CHAKRAPANI RAO
2011-Sep-01 17:12 UTC
can We use shorewall as a firewall for our ISP service
Hi, Not sure where to ask this question. Please excuse me if it is the wrong place. I have started the ISP service and I am quite new in this process. I am planning to provide the service totally with an open source concept. Currently I am using around 350Mbps of traffic, but in the coming months it will be bumped upto around a Gbps. Currently we are seeing around 1200 to 1500 concurrent users. Once we start the Gbps traffic we are expecting around 2 to 3000 concurrent users. Currently i do not have any kind of a firewall, but I was thinking whether Shorewall can used as a firewall. Can this software handle the load or is this software only for a small residence, Please do give me suggestion, your help is greatly appreciated. If yes any idea what kind of hardware we are looking for to get this implemented. Thanks Arun ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
Tom Eastep
2011-Sep-01 17:46 UTC
Re: can We use shorewall as a firewall for our ISP service
On Thu, 2011-09-01 at 10:12 -0700, ARUN CHAKRAPANI RAO wrote:> > Not sure where to ask this question. Please excuse me if it is the > wrong place. > I have started the ISP service and I am quite new in this process. > I am planning to provide the service totally with an open source > concept. Currently I am using around 350Mbps of traffic, but in the > coming months it will be bumped upto around a Gbps. Currently we are > seeing around 1200 to 1500 concurrent users. Once we start the Gbps > traffic we are expecting around 2 to 3000 concurrent users. > Currently i do not have any kind of a firewall, but I was thinking > whether Shorewall can used as a firewall. Can this software handle the > load or is this software only for a small residence, Please do give me > suggestion, your help is greatly appreciated. > If yes any idea what kind of hardware we are looking for to get this > implemented. >I guess my first question would be "What would be the purpose of this firewall?". If you are operating an ISP service, you most probably don''t want to restrict outgoing connectons from your subscribers to the internet. If you filter incoming connections from the internet to your subscribers, you are likely to break a lot of applications (BitTorrent comes to mind). So placing a firewall between your subscribers and the internet probably doesn''t make a lot of sense. I would think that the only place where you would want a firewall is in front of the systems that you use to run the business itself (your web server, desktops, etc.). And that can be done with very modest hardware. One thing that I should clarify is that Shorewall itself is not really a firewall; it is rather a tool for configuring Netfilter, the packet filter built into the Linux kernel. So if you build a Linux-based firewall, its throughput capability is limited by Netfilter and the complexity of your ruleset, and not by the firewall configuration tool that you use. And ruleset complexity only affects the cost of connection establishment and not the cost of forwarding packets that are part of an existing connection. Hope this helps, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev