[Vserver] traffic accounting and shaping:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

[Vserver] traffic accounting and shaping

From: Nikolay Kichukov <hijacker_at_oldum.net>
Date: Sat 13 May 2006 - 13:45:38 BST
Message-Id: <1147524338.5102.31.camel@ccja.localhost>

Good afternoon all.

The topic I would like to discuss here is how one is able to setup the
host so it does traffic accounting with iptables and traffic shaping and
policing with iproute2 for a guest on the host.

What brought me to this was a recent posting named "What is the best way
to connect from 1 vserver to other vserver within the same host ?" There
I learned that the guest connections actually go through the host lo
interface?! Which alternatively made me think why do I ever created a
file called dev with one of my interfaces there if the traffic from the
guest goes through the host loopback device? Can someone please
elaborate a bit more on this topic?

Then, having the following setup:
dev=eth0 which is the interface that is connected to the internal LAN
ip=localIPaddress of the vserver

in this scenario I have an entry in the nat table on the host that
allows the guest to use the internet on the $EXTERNALINTERFACE :

iptable -t nat -A -s localIPaddress/32 -SNAT --to $EXTERNALIP

is there a way I can go without that if I configure the guest with
nodev?

Now about the traffic accounting topic, which are the tables that the
packets generated from the guest and going back to the guest traverse to
get to the internet on the $EXTERNALINTERNET eth1? If dev contains eth0,
that is the internal interface and the other variant with nodev?

The other point is about traffic shaping and policing.
I use tc to do traffic shaping and policing for computers in the LAN and
for the host itself. Now if I want to add limits for the guest, can I
use eth0 to limit the max allowed outgoing speed? And then the max
download speed on eth0? As a summary - will the packets on the guest go
through the eth0?

Maybe that e-mail got too long and difficult to follow.
Any help or further questions will be appreaciated...

Thanks and Regards,
-Nik 

-- 
������ ��� ��������, ��� �����.
�� ������ ��� �����, �� ������ ��� ��������...
-����� �����
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sat May 13 13:46:07 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 13 May 2006 - 13:46:12 BST by hypermail 2.1.8