Re: Routing Question; Plan B
From: prg (rdgentry1_at_cablelynx.com)
Date: 01/19/05
- Next message: Santiago Copano: "Re: How to connect a VPN tunnel Linux-Windows?"
- Previous message: bosseb: "How to connect a VPN tunnel Linux-Windows?"
- In reply to: Coenraad Loubser: "Re: Routing Question; Plan B"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 19 Jan 2005 14:44:20 -0800
Coenraad Loubser wrote:
> Yo prg!
> Here's the deal:
> I get 3GB accounts from ISPs, after which theyre 'capped' to local
> bandwidth. Local being my country's internet which all falls within
the
> 196/8 range. So, rather than paying $50/3G for local access, I can
just
> route it through an already capped account.
So, once they are "capped" you still have a netpath -- just at a
much(?) slower speed, but still fully routable through ISP's network?
> So, theres no quick way to route slow traffic over another account
with
> timeouts or TTLs or something. Yea well.
>
> > Why must all 196/8 traffic traverse 10.0.0.200? Where/who is
providing
> > the upstream NAT from a private 10 net space to a public IP
(10.0.0.200
> > to 196/8)?
> the modems as 10.0.0.2 and 200 both run PPPoE to our single only
> national ISP, albeit via different accounts they sell to "ISP's"; ...
So, the modems are to two separate ISPs? This _may_ actually make
things much easier.
> .... The capped accounts get dynamic ips 165.165.x.x and the uncapped
> 165.146.x.x from which the modems operate.
> So, basically, each modem is a gateway; but the whole internet can
only
> be reached at reasonable speed on the one, which costs $50/3GB and
local
> traffic is free on the other; yet charged at the same rate on the
one.
So, you have one that is both high speed and provides complete access
to internet. The other is slower and provides unlimited "local" route
access, but "painfully slow"(?) internet access (also capped at
3GB/month?).
Can you accurately define "local" in a way that you can control which
modem "locally destined" packets use? Thus unlimited "local" traffic
through SlowModem -- saving bandwidth usage on FastModem. Using
SlowModem for internet access _only_ when near/at the bandwidth cap on
FastModem -- a kind of "backup" access to the internet. Thinking out
loud ...
> Well, there won't only be 2 client PC's - there'll be more like 30 or
> 40. I'm tying out all kinds of bandwidth accounting packages - ntop,
> shaperd, ... you name it. But theyre all quite a pain to setup.
Traffic shaping/bandwidth control _can_ be difficult especially if you
don't choose the "right" -- ie., easy and effective -- strategy.
> The modems/routers can provide dns caching, dhcp, anything, I can
change
> their ip's to whatever i please. I just want them both running to
> different nics via a linux box, to a switch, wireless ap, 30 or so
clients.
>
> Yes, the ISP provides DNS; but i suppose nothing prevents me from
> running it on my linux box either? It'll be quicker plus I won't pay
for
> the few bytes DNS uses. Right? hah hah
For such a small number of PCs -- if you have control over the IPs
assigned to them -- you might be interested in dnsmasq as a local,
cacheing DNS server. You might even point it at the dns servers of the
SlowModem ISP.
http://www.thekelleys.org.uk/dnsmasq/doc.html
You have to download the source to get the documentation -- about
550KB.
> > Re: Q-1
> > Again, why do you think you will gain _anything_ by trying to do
this?
> > When do you start the 2 sec clock? When the SYN packet leaves the
> Well, probably a bad idea as you say. But the one link has much
higher
> contention than the other, thus may be slower.
Yes, the "time out and switch" idea is just too much hassle for an
unreliable effect.
> > Re: Q-3
> > Depends on which nic you are talking about. Presume you mean PC1
and
> > PC2. In this case, your default gw is the router _immediately_
> > upstream that processes all unknown routes -- in this case,
192.168.0.1
> > (your Linux box). It will NAT and forward the request to _its_ gw.
> but i can add a route such as
> route add 196.0.0.0 netmask 255.0.0.0 gw 10.0.0.200
> right?
Yes, on the Linux box. The client PCs sitting behind the Linux box
must use the Linux box as _their_ default gw. You _could_ add a net
route to 196.0.0.0 with gw=Linux box IP to the clients, but their
default route would _still_ be the Linux box IP -- nothing gained.
> There was a time I never had any problems wil any of this stuff, but
> lately i've confused myself trying all kindsa things on windows - and
> didnt get anything right, so I gave up. Eventually turned out to be
> dysfuctional windows drivers!!
>
> So, the above would be fine.
> You dont know how to "enable" packet forwarding on windows XP by any
> chance? is there a simple answer?
XP Home has no way to really route packets at all and even Pro has
limited functionality for routing. Linux has a full blown, top class
routing implementation in its TCP/IP stack.
> I've got a setup where my linux box is connected via ethernet to
windows
> xp box with a wireless adapter. now the linux box can access internet
> fine, but not my laptop wired to the linux box. Not if i put the
laptop
> on a different subnet... but wait. Maybe its cuz i used 11.0.0.2 for
the
> laptop. Yet, still. 11.0.0.2 speaks to 11.0.0.1 which is linux, and
> forwards it via its 10.0.0.3 link's gateway at 10.0.0.2. Ah, i feel
so
> dumb. Yes i should brush up on my networking. But all the docs are
oh-so
> wordy. Isn't there a network primer with only pictures and commands?
Not much in the way of pictures, but a pretty good "background summary"
for advanced networking -- which is what you will need -- can be found
here:
http://linux-ip.net/html/part-concepts.html
What you will be looking to do -- I _think_ -- is:
a) rate limit all/some traffic on FastModem in order not to exceed your
cap
b) monitor the usage on FastModem -- with packet/byte accounting -- and
_then_ impose sharp rate limits as you near cap
c) route all possible -- ie., local and maybe dns lookups -- through
SlowModem
d) use SlowModem for all traffic only _after_ the cap on FastModem.
a) has the "easiest" solution for your cap problem _if_ you can figure
out what rate to use. Ie., clients notice a consistent connection
speed and with the "right rate" they would presumably not eat up your
cap before the end of the month. "Right rate" could be pretty tough to
determine.
b) allows full rate access till near the end, then BAM! the packet goo
slows everything down. I don't like this if clients will involve a
number of different people -- encourages them to do heavy net
trafficing early in the month before "everybody else" uses up the cap.
c) make as much use of SlowModem as you can for routine usage to save
FastModem's cap. You'll want to use as much of SlowModem's bandwidth
as is possible by routing through it the _kinds_ of traffic where its
slower speed does not get "painful". You would also have it available
as a "backup" in case FastModem's ISP was having troubles.
d) If at/near cap on FastModem you switch all use to SlowModem, it
suffers the same problem as b). In fact, really b) and d) belong
together as a two-part solution. It might work OK if you slowly
decreased the packet flow based on the prior week's usage. Once it was
slowed to SlowModem's speed (hopefully never), you could use them both.
After a smoke break and talking things over with Heidi the hide-n-seek
cat, I've concluded that the best way to go may be to "cap" each of the
clients in a manner that duplicates the cap the ISPs impose.
Strategy:
FastModem is capped at 3GB/month, so for 30 clients each client is
"capped" at 3.33...MB/day. When they exceed their "cap" you can cut
them off or force them to use SlowModem the rest of that day till they
use up their SlowModem "cap" of (?)MB/day (at which point only local
access allowed).
Variations would include a monthly cap of 100MB/month or whatever other
scheme you decide to use.
You would need to count the number of bytes each client uses then
adjust your iptables rules accordingly. Dynamically adjusting iptables
rules based on usage would require a script and I've not thought of
this sort of arrangement before. You will have to look here for a
suitable script:
http://www.linuxguruz.com/iptables/
that can be customized.
This would be _much_ easier to setup and maintain than traffic shaping
and/or policing using rate limits. It only involves adjusting the
packet filter rules in iptables.
Think about it and check out the links. If I find time in the next few
days, I'll look for a suitable script to borrow from -- don't count on
it though.
I've reached my "brain cell" cap ;-)
hth,
prg
email above disabled
- Next message: Santiago Copano: "Re: How to connect a VPN tunnel Linux-Windows?"
- Previous message: bosseb: "How to connect a VPN tunnel Linux-Windows?"
- In reply to: Coenraad Loubser: "Re: Routing Question; Plan B"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
