Board index Linux Networking

NAT interferes with traffic control

NAT interferes with traffic control

Post by timeOda » Sun, 12 Oct 2008 00:51:10



I have tc rule that matches the source address.  But it doesn't work on
masqueraded connections - I guess since the source address is re-written
to be that of the router itself (this is all on a single router host).

I would like to match the source address before it is changed by nat.
Can I put -j MASQUERADE target in a different chain or something?  Or do
I have to resort to "marking" packets?

Quote:>> tc filter add dev eth3 parent 2: protocol ip prio 10 u32 \

        match ip src 10.0.0.8 flowid 2:1

Quote:>> iptables -t nat -A POSTROUTING -s 10.0.0.8  -j MASQUERADE
>> grep 10.0.0.8 /proc/net/ip_conntrack

udp      17 176 src=10.0.0.8 dst=69.59.242.89 sport=5061 dport=10000
packets=1276 bytes=926980 src=69.59.242.89 dst=10.0.0.3 sport=10000
dport=5061 packets=1273 bytes=489462 [ASSURED] mark=0 use=1

Quote:>> uname -r

2.6.24-gentoo-r8

As a workaround I am simply nat'ing all packets not destined for the
lan, any disadvantages to that?

Quote:>> iptables -t nat -A POSTROUTING -d ! 10.0.0.0/8 -j MASQUERADE

 
 
 
Top

NAT interferes with traffic control

Post by pedroarthur.j.. » Sun, 12 Oct 2008 23:15:20


You may use FWMark and the Netfilter/IPTables' mangle table.

See this link for more information: http://lartc.org/lartc.html#LARTC.NETFILTER

IMHO, It's the best guide on traffic control.

 
 
 
Top

1. Traffic Control traffic unexpectedly dipping

I am using traffic control with a 2.6.26 kernel. During my testing, I
am intentionally sending in more best effort traffic than my hardware
can handle and I am seeing that the traffic control is dropping it, as
it should.  Occasionally, I see a dip in the traffic in the queues I
have defined for higher priority traffic.  This traffic is running
below the minimum rate.  When this happens, I see the following qdisc
statistics (sampling every 3 seconds):

qdisc htb 9997: root r2q 10 default 9999 direct_packets_stat 0
 Sent 299188596 bytes 197913 pkt (dropped 162746, overlimits 377808
requeues 0)
 rate 0bit 0pps backlog 0b 999p requeues 0

qdisc htb 9997: root r2q 10 default 9999 direct_packets_stat 0
 Sent 300330198 bytes 198669 pkt (dropped 163401, overlimits 379300
requeues 0)
 rate 0bit 0pps backlog 0b 1000p requeues 0

qdisc htb 9997: root r2q 10 default 9999 direct_packets_stat 0
 Sent 300818616 bytes 198993 pkt (dropped 163684, overlimits 380146
requeues 0)
 rate 0bit 0pps backlog 0b 571p requeues 0

qdisc htb 9997: root r2q 10 default 9999 direct_packets_stat 0
 Sent 301102914 bytes 199182 pkt (dropped 163684, overlimits 380626
requeues 0)
 rate 0bit 0pps backlog 0b 81p requeues 0

qdisc htb 9997: root r2q 10 default 9999 direct_packets_stat 0
 Sent 303284730 bytes 200625 pkt (dropped 163684, overlimits 382126
requeues 0)
 rate 0bit 0pps backlog 0b 753p requeues 0

qdisc htb 9997: root r2q 10 default 9999 direct_packets_stat 0
 Sent 304795218 bytes 201624 pkt (dropped 164095, overlimits 383623
requeues 0)
 rate 0bit 0pps backlog 0b 1000p requeues 0

As you can see, backlog goes from  999p to 1000p to 571p to 81p to
753p to 1000p.  Is this dip in the backlog to be expected?  Does
traffic control occasionally flush the backlog if it is staying around
1000p? I have verified that the incoming data, generated by iperf, is
constant and does not dip like this.  Note: while the backlog stays
well under 1000p, the number dropped stays at 163684.  Also, how can
backlog be 1000p but 0b?  (I assume that means 1000 packets and 0
bits.)

2. dualboot issues

3. Should traffic control root qdisc & child class limit traffic?

4. Solaris 9 SPARC: How small can you make / ???

5. How to setup a router forwarding ALL traffic and providing NAT services

6. IDE-CDROM Problem

7. Using IPFilter to NAT Locally-Generated Traffic

8. Help can't rlogin tom Linux machine (Slackware)

9. Traffic shaping and NAT

10. Traffic analysing tool that translates NAT?

11. iptables rule to block FTP-NAT-Helper-Traffic

12. counting traffic to individual hosts behind a NAT router using ONLY iptables

13. NAT/iptables Network traffic monitoring


All times are UTC
Board index