I've been using tc/htb for network control previously to control bandwidth available to different services running on their own IPs on a unvirtualized host.
Now, I have put them into their own guest VM. I would like to be able to do something similar to ensure the more crucial service gets more bandwidth as well as ensuring ssh always get reserved bandwidth. However, when I try the good old tc/htb commands on the host, it fails to do anything useful.
My script that works on the non-virtualized setup was this
TCADD="tc class add dev eth0 parent" $TCADD 1:0 classid 1:1 htb rate 1250kbps ceil 1250kbps $TCADD 1:1 classid 1:10 htb rate 25kbps ceil 150kbps prio 0 $TCADD 1:1 classid 1:11 htb rate 100kbps ceil 300kbps prio 1 $TCADD 1:1 classid 1:12 htb rate 300kbps ceil 600kbps prio 1 $TCADD 1:1 classid 1:19 htb rate 75kbps ceil 150kbps prio 2
TFADD="tc filter add dev eth0 protocol ip parent" $TFADD 1:0 prio 0 u32 match ip dport 10022 0xffff flowid 1:10 $TFADD 1:0 prio 1 u32 match ip dst <public ip ipaddress 1> flowid 1:11 $TFADD 1:0 prio 1 u32 match ip dst <public ip address 2> flowid 1:12
I can't put the restrictions within the guest because I don't want the individual VM admins to be able to stop the script from running.
On my new host, I have bridged networking with br0, eth0 and guests running off vnet<n>. I've tried applying tc on br0, eth0, vnet<n> but they don't seem to have any effect based on a 20MB FTP test.
I've been googling for a while to find an solution but haven't hit on anything apart from using yet another firewall/router sitting between everything and the Internet. Is there any other solution apart from that?
On 09/20/2011 08:20 PM, Emmanuel Noobadmin wrote:
I can't put the restrictions within the guest because I don't want the individual VM admins to be able to stop the script from running.
On my new host, I have bridged networking with br0, eth0 and guests running off vnet<n>. I've tried applying tc on br0, eth0, vnet<n> but they don't seem to have any effect based on a 20MB FTP test.
I've been googling for a while to find an solution but haven't hit on anything apart from using yet another firewall/router sitting between everything and the Internet. Is there any other solution apart from that?
I would convert bridged setup on host to the routed one. Then you will have several separate interfaces on host, each one used for communication with only one guest and it will be easy to attach tc to them.
Regards,
Nenad
On 9/21/11, Nenad Opsenica nenad@panline.net wrote:
I would convert bridged setup on host to the routed one. Then you will have several separate interfaces on host, each one used for communication with only one guest and it will be easy to attach tc to them.
In other words, there's no solution for bridged networking?
How would routed networking impact the guest performance? The reason I went for bridged was that it was supposed to have the least overheads and here http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networkin... said it was required for servers with multiple network cards. Which is the case here because I have 3 NICs, one each for Internet traffic, networked storage and user access.
Although, admittedly on hindsight, given the number of users in the company, it probably isn't going to be noticeable I would still like to know what kind of impact would it cause. That is assuming routed networking can work on the server given the NICs in it.
On 09/20/2011 08:44 PM, Emmanuel Noobadmin wrote:
On 9/21/11, Nenad Opsenicanenad@panline.net wrote:
I would convert bridged setup on host to the routed one. Then you will have several separate interfaces on host, each one used for communication with only one guest and it will be easy to attach tc to them.
In other words, there's no solution for bridged networking?
I'm afraid so. Maybe it could be possible in some strange setup, but I think it would be too complicated, if possible at all.
How would routed networking impact the guest performance? The reason I went for bridged was that it was supposed to have the least overheads and here http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networkin... said it was required for servers with multiple network cards. Which is the case here because I have 3 NICs, one each for Internet traffic, networked storage and user access.
You can combine bridged and routed setup - for example, use bridging for storage, routing for internet and user access.
Using routed setup have one more advantage - you can use firewall on host to filter guests' traffic.
On 9/21/11, Nenad Opsenica nenad@panline.net wrote:
You can combine bridged and routed setup - for example, use bridging for storage, routing for internet and user access.
Using routed setup have one more advantage - you can use firewall on host to filter guests' traffic.
Thanks for the tip, I'll have to look into this during the weekends when, almost guaranteed by virtue of noobness, I will probably kill connectivity to the services for hours and render it useless for work :D