by November 5, 2002 0 comments



Bandwidth management services and tools have always been an important component in the suite of network-management solutions. Almost all networks–big, medium and small– have felt a need for a simple and inexpensive solution to shaping bandwidth. With these tools in place, you can do useful things like allocate fixed throughputs to your mail and Web traffic so that an unexpected increase in one does not slow down the other, maintaining traffic of each service at an assured level at all times or even change these assured levels at fixed time slots during the day. No more cursing those incorrigible surfers who slow down your mail, or those huge attachments that slow down your Web traffic. You can even keep the boss happy with IP-based traffic shaping. While commercial solutions have been available for some time now, they tend to be expensive and almost always involve dedicated hardware blackboxes that tend to scare away IT managers from even testing and trying these products let alone buying them.

Now here’s the good news,
little known outside the Linux world. You can build a full-featured bandwidth shaper on a standard Linux box with just one or two tools that can be freely downloaded. Ever since kernel version 2.2, bandwidth management services have been available in the Linux and with the introduction of iptables in version 2.4, bandwidth management can be considered to have matured beyond its age. Today, Linux can manage bandwidth and manage it rather well. Such has been the quiet success of the iptables implementation that several of the commercial hardware based bandwidth management products are actually either embedded Linux chips or have Linux installed on the hard disk in the box. You can now, with a Linux box and two network cards, build yourself a bandwidth manager with the same functionality (if not more) like any of the commercial
black boxes.

To set up a bandwidth management solution with Linux, you need one of the recent distros (PCQ Linux or the recent RedHat-7.3 or 8.0 will do just fine) with the iptables kernel modules. If you prefer to roll your own kernel, make sure that you have said “Y” (compiled into the kernel) to the following kernel configuration options: 

CONFIG_NET_SCHED=y
CONFIG_ NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NET_ SCH_CBQ=y
CONFIG_NET_ SCH_CSZ=y
CONFIG_NET_ SCH_PRIO= y
CONFIG_NET_SCH_ RED=y
CONFIG_NET_ SCH_SFQ=y
CONFIG_NET_ SCH_TEQL=y
CONFIG_NET_ SCH_TBF=y
CONFIG_ NET_SCH_ INGRESS=y
CONFIG_ NET_QOS=y
CONFIG_ NET_ ESTIMATOR=y
CONFIG_NET_ CLS=y
CONFIG_NET_CLS_ TCINDEX=y
CONFIG_NET_ CLS_FW=y
CONFIG_ NET_CLS_POLICE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_TARGET_MARK=y

If you are using a standard kernel that comes with any of the recent distros (RedHat 7.2+, PCQLinux, etc), you should have these options already enabled. Many of these can be compiled as kernel modules and loaded automatically by the shaper script

Bandwidth manager on a floppy

While working on the Bandwidth management story, we came across this really neat utility called Dummynet, which is a complete bandwidth manager on a floppy. It’s based on FreeBSD and is excellent at its job. It was actually designed as a tool for testing network protocols, but as the author says, it’s now being (mis)used for managing bandwidth. Setting this up is really simple, all you need to do is grab the floppy image from the website, create the floppy using either rawrite if you only have DOS and Windows based machines or directly from FreeBSD and that’s it. Boot from the floppy and you are set. The documentation and how to use dummy net is at the website http://info.iet.unipi.it/~luigi/ip_dummynet/. It simply can’t get simpler than this. 

If you really want to know what you are doing and are not in a hurry to just get up and going, then this is a good time to read through the detailed and excellent Linux 2.4 Advanced Routing Howto at:
www.linuxguruz. org/iptables/howto/2.4routing.html. This document is a detailed guide explaining the technical background as well as providing clear cut recipes for how to implement. On this issue of the CD, you will find a script–shaper.conf–included which implements some of the techniques described in the How to. The script is extensively documented and one should not have any trouble running it.

The most important thing to understand in managing bandwidth are the queues and the queuing disciplines and the fact that we can’t really control data coming in with the same flexibility as we can with data going out. In the simplest form, data is accepted and the only thing done to it is to reorder it, delay it or drop it all together. These decisions can be based on complex criteria and sets of these criteria lead to “queuing disciplines”. The script shaper.conf has several of these options and you can edit this script to choose the option most useful to you.

The only issue after you have the script running is to test it and see the results of whether your limiting actually works or not. In our tests at PCQ Labs, we used IPTraf as the network monitoring tool. There are many other similar tools available including web-based monitors, but we found IPTraf quite adequate. IPTraf can be found at http://cebu.mozcom. com/riker/iptraf/ and is extremely useful little utility that gives you huge amounts of information to police your network.

Armed with the scripts on the CD, limit.conn and shaper, and a Linux box with a few additional tools like IPTraf, MRTG and Ntop, you are now all set to start managing your bandwidth. We were able to get the scripts running with minimal changes. The single biggest difference between these scripts and dedicated products was the configuration and user interface. The entire configuration was based on a text-based file with several commands being required. The other problem was of actually seeing the effects of the bandwidth management. The tools for this definitely exist but all of them require separate configuration as well. In terms of performance the Linux box does very well. One other advantage of using the Shaper script was that it is a complete firewall and packet filter as well.

Kishore Bhargava Technology Consultant,
Linkaxis Technologies

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<