|
Forgive me if I'm talking out of my arse here, but I believe one of the
"features" of IP-Masquerading in Linux is that once the masq table entry is
created, much of the normal routing code is bypassed. Maybe this includes
CBQ.
Are you using VS-NAT? That would also explain why your forward rule with
the -j ACCEPT cause things to stop working.
> -----Original Message-----
> From: jmaier@xxxxxxxxxxxxxxxxxxxxx
> [mailto:jmaier@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of joern maier
> Sent: Tuesday, October 10, 2000 4:24 AM
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: LVS and CBQ
>
>
> Hi there,
>
> I hope anybody of you can help me. I´ve got a problem using LVS and CBQ
> (class based queueing -> feature of advanced routing of the Linux
> Kernel)
> with CBQ you can shape bandwidth (see adv_routing_how_to)
> The problem is as follows:
>
> I´ve got a setup like this using LVS and direct_routing, aller hosts are
> Athlon 800MHZ, 256MByte RAM, 3com90x 100Mbit Netcard using SuSE Linux
> 7.0
> i.e. Kernel 2.2.16:
>
>
>
> ---server_1 (lo:0 192.168.10.17)
> /
> client --------------|-----------------server_2 (lo:0 192.168.10.17)
> 192.168.10.15 load balancer \
> (with CBQ) ---server_3 (lo:0 192.168.10.17)
> eth0:110 = 192.168.10.17 �
>
>
> the real IP-Adr of the real servers are:
> server_1: 192.168.10.07
> server_2: 192.168.10.08
> server_3: 192.168.10.09
>
> the real IP-Adr of the LB is:
> 192.168.10.01
>
> serviced which are provided by LVS are telnet and http
>
> additional services on the director which are set up with IP
> 192.168.10.01
> and should therefore be unknown to the director and just be accessable
> via
> the real name of this server are: telnet, http and ftp
>
> the client is just for testing purposes
>
> what I´m trying to do is shaping the bandwidth from the load balancer to
> the
> webservers in a way that the client (src 192.168.10.15) is allowed to
> send a
> a maximum of 200KBit/s of data to the servers. Therefore I compiled the
> kernel
> of the LB (=VS.director) with the appropriate features. However it
> simply does
> not care about the bandwidth limitation. I tried it in two different
> ways:
> attempt 1:
> I implemented a CBQ filter like this:
>
> # tc filter add dev eth0 parent 100:0 protocol ip prio 100 u32 match ip
> src 192.168.10.15 flowid 100:100
>
> -> the queue 100:100 is set to a range of 200Kbit/s but this is just
> ignored. As many
> data as is send by the client is forwarded to the realservers
>
> attempt 2:
>
> I set the filter roule in a way that every package marked with 100 by
> the firewall is
> put into the above mentioned queue (100:100):
>
> # tc filter add dev eth0 protocol ip parent 100:0 prio 100 handle 100 fw
> classid 100:100
>
> then I set up the firewall with the following roule:
>
> # ipchains -A input -p ip -s 192.168.10.15 -m 100 -j ACCEPT
>
> after doing this, the LB (VS.director) did not forward any packet to the
> real_servers
> anymore. Trying it with http he used teh webserver which runs on the
> same
> machine as the director but should be unknown to the director because it
> is set up on the real IP of the director and never mentioned in any of
> the configuration skripts.
>
> using one of the following roules nothing happend:
> # ipchains -A forward -p ip -s 192.168.10.15 -m 100 -j ACCEPT
> or
> # ipchains -A output -p ip -s 192.168.10.15 -m 100 -j ACCEPT
>
> has anybody a clue what I´ve done wrong or if you need some more
> information so
> please e-mail me.
>
> thanks,
> Joern
>
>
|
