Open Source Bandwidth Management Introduction to Linux Traffic ...

Reviews

Tags

Open Source Bandwidth Management Introdu..., Open Source, bandwidth monitor, the network, Bandwidth Management, Network Monitor, Bandwidth Meter, estimation tools, network tools, White Papers

Stats

views:: 1155
rating:: 10(1)
reviews:: 0
posted:: 11/21/2008
language:: English
pages:: 0

Public Domain

Open Source Bandwidth Management: Introduction to Linux Traffic Control Christian Benvenuti christian.benvenuti@libero.it [http://benve.info] International Centre for Theoretical Physics (ICTP), Trieste AfNOG 2007, 30 April 2007, Abuja, Nigeria Agenda ● Optimization of the use of the external link/s Factors that can contribute to a better use of the bandwidth (distributed optimizations) Translation of policies into network configurations (Traffic Control + Netfilter) Do you have bandwidth problems in your network? Do you have policies in place in your campus? Do you monitor the traffic? ● ● ● ● ● ● Are you using any kind of Shaping/Firewalling software/hardware? The focus of this presentation is on the external link/s ● Under the assumption that the campus network is significantly faster than the external link/s (to the ISP or to a peer institution), the bottleneck that requires optimization is/are the external link/s. – In this presentation I will therefore touch only briefly the use/implications of QoS inside the campus network (for example to support VoIP, etc). Distributed Optimizations ● Some applications/servers can can be configured (and optimized) separately. For example: – – Email (attachments (size, URLs), delayed/batched TX of digests, ...) Proxies ● Traffic can be filtered by the firewall/s according to the policy Traffic can be rate-limited by a device that implements some form of Traffic Control (i.e., shaper). ● – This can be done by the same device that acts as firewall too. Where would you do shaping/policing? Border Router firewall Object 2 ? Local Internet exchange switch Core Router Core Switch Core Router Fiber link to building switch ... ... ... Fiber link to building switch Fiber link to building switch ... ... ... Fiber link to building switch (Centralized Vs Distributed) Ingress vs Egress Queuing/Shaping Internet RX TX queue queue Where do you think it is better to drop/delay packets? Security Vs Bandwidth Asymmetric RX/TX $ RX TX queue queue Your campus network here Common applications ● HTTP/FTP DNS ... ● ● Terminal (SSH/Telnet) Email TX (SMTP) Email RX (POP,IMAP) ... ● Audio/Video streaming P2P ... ● Viruses Spyware (email spam) ... ● ● ● ● ● ● ● ● ● Easy to cache Not cachable Not cachable (unless ...) The effects of these applications (with the exception of spam) can be significantly reduced with some user cooperation Malware How about polices, priorities and shaping? Open Source Bandwidth Management with Linux ● QoS – – iproute2 / Traffic Control http://linux-net.osdl.org/index.php/Iproute2 iptables / Netfilter http://www.netfilter.org ● Firewall – – ● ... A Linux box can be a firewall and a shaper at the same time Open Source VS Commercial Border Router Single Device VS Multiple Devices Firewall Shaper/Policer Core Switch Object 10 Local Internet exchange switch Core Router Core Router Fiber link to building switch ... ... ... Fiber link to building switch Fiber link to building switch ... ... ... Fiber link to building switch The big (scary) picture User Application 1 (i.e., SSHD) ... Application n (i.e., squid) Kernel M N F M N OUTPUT INPUT M F POSTROUTING N F M FORWARD PREROUTING N M Egress Traffic Control Ingress Traffic Control Filter table M Mangle table eth0 N NAT table (The Raw table is not shown in the figure) F eth1 Example of iptables command iptables -t ... -j – I would like to block ingress ICMP echo request messages SSHD OUTPUT ... FORWARD User Squid INPUT Table Operation Hook Match/es Target -t filter A INPUT -p icmp – icmp-type echo-request -j DROP Kernel POSTROUTING PREROUTING Egress Traffic Control Ingress Traffic Control eth0 eth1 #iptables -t filter A INPUT -p icmp – icmp-type echo-request -j DROP Traffic Control Elements ● Queueing disciplines – – Classless: FIFO, RED, GRED, TBF, SFQ, NETEM, TEQL Classful: CBQ, HTB, HFSC, PRIO, DS, ... FW, ROUTE, RSVP, TCINDEX, U32, BASIC ● Classifiers – ● Classifier extensions – Policers, Actions ● Estimators Example of Hierarchical Queuing Discipline Campus 50% 25% 25% Faculty 1 Faculty 2 Faculty 3 50% Laboratory 1 50% Laboratory 2 70% Prio 1 HTTP 30% Prio 2 Anything else Sharing/Borrowing Priorities Default class ... Centralized Vs Distributed Example of simple HTB configuration Firewall, Shaper/Policer Filter External network eth1 eth0 Internal network HTB qdisc 1:0 Class 1:1 # QUEUE tc qdisc add dev eth1 handle 1:0 root htb default 1:20 Class 1:10 Class 1:20 # CLASSES tc class add dev eth1 parent 1:0 classid 1:1 htb rate 10Mbit ceil 10Mbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 7Mbit ceil 10Mbit tc class add dev eth1 parent 1:1 classid 1:20 htb rate 3Mbit ceil 10Mbit # FILTERS ## 1st solution tc filter add dev eth1 protocol ip parent 1:0 u32 match ip dport 80 0xffff flowid 1:10 ## 2nd solution iptables -t mangle -A FORWARD -p tcp --dport 80 -j MARK --set-mark 1 tc filter add dev eth1 protocol ip parent 1:0 handle 1 fw classid 1:10 Useful links ● Book: “ How To Accelerate Your Internet” – A Practical Guide to bandwidth Management and Optimization Using Open Source Software http://bwmo.net (you can download it here) – ● Mailing List: LARTC – – Linux Advanced Routing and Traffic Control http://mailman.ds9a.nl/pipermail/lartc/ Any Questions?