prioritizing traffic from "main" computer on LAN

Xyne · 2010-05-16 22:24:40

My Current Setup

internet    router (dhcp server)      main computer   
   ●──────────────────●────────────(eth1)─●
                      │                   │(eth0)
                      │                   │
                      │   switch          │
                      └─────●─────────────┘
                            │
                            └─● [other computers]

My main computer is connected to the router via a switch on eth0 and directly via a usb cable on eth1. Other computers on the LAN connect to the router via the switch.

The Problem
I need to shape traffic in such a way that priority is given to uploads from the main computer when other computers are uploading.* I do not always have the option of throttling the upload on the other systems and I do not want to impose any arbitrary limits on them. I simple want to make sure that all the necessary bandwidth is given to the main computer and whatever is leftover can be used for the other computers.

NOTE: I cannot shape traffic via the router. My ISP uses crippling firmware and I cannot bypass it.

The Plan
The main computer is not always on so I can't configure it to be an integral part of the network. I don't mind having to disconnect and reconnect a cable though so I suspect that I can disconnect the switch from the router and thus shape traffic from the other computers by passing it through the main computer:

internet    router (dhcp server)      main computer   
   ●──────────────────●────────────(eth1)─●
                                          │(eth0)
                                          │
                          switch          │
                            ●─────────────┘
                            │
                            └─● [other computers]

This is where I need some help. I've looked through a lot of documentation but I'm still not sure how to set this up. I think I need to use proxy ARP (with iproute2) but I'm hoping that someone else can confirm this before I explore it further. I'm afraid that I'll waste time only to find that it was a false start and that I need to do it differently.

Can anyone with network configuration experience confirm that proxy ARP is the way to go? If not, what do you suggest?

I would also appreciate any links to relevant tutorials|guides|documentation. I wouldn't mind some simple examples either but I'm not asking anyone to do this for me. I just need to know that I'm on the right path.

Thanks.

*I'm only concerned about upload bandwidth right now because I'm on ADSL and download bandwidth is usually not an issue. I also expect that any solution for upload shaping will work for download shaping as well.

fukawi2 · 2010-05-16 23:03:55

Xyne wrote:

I think I need to use proxy ARP (with iproute2) but I'm hoping that someone else can confirm this before I explore it further. I'm afraid that I'll waste time only to find that it was a false start and that I need to do it differently.

God no.... Proxy ARP is the most god awful creation ever created. The person who thought that was a good idea should be taken out the back and shot.

You want to create a bridge with eth0 and eth1 = br0 so they both act on the same Layer 2 (ie, your Main computer becomes a 2-port switch). This should get you going, you'll just have to hack out / modify the firewall parts to do the traffic prioritisation stuff:
http://www.sjdjweis.com/linux/bridging/

thestinger · 2010-05-16 23:34:47

whatever way you decide to do it, netfilter is the way to go (ebtables, iptables, arptables)

the cleanest way will probably just be making a network switch with ebtables + iproute2

Xyne · 2010-05-17 02:20:10

Thanks for the replies so far.

@fukawi2
I've never used proxy ARP so I have no idea what it's like. From what I had read it seemed that it was just a "controllable" bridge. I'll scratch that off the list and read up on bridging firewalls.

fukawi2 · 2010-05-17 06:09:03

Xyne wrote:

@fukawi2
I've never used proxy ARP so I have no idea what it's like.

Do yourself a favour when you have some free time and install it, learn about it, then realize what a stupid idea it is

Sin.citadel · 2010-05-17 17:40:39

what you need is to use iptables to mark packets in your main computer's iptables chains, you can use MARK on PREROUTING and POSTROUTING to simplify marks for uploads/downloads, you can then use htb to rate limit all uploads by using the iptables marks, since htb doesnt impose hard limits (although you can add it), you can use it to specify priorities (e.g, for a max upload of 512 kbps, 256 kbps is always reserved for the main computer, or 256 kbps is reserved only if the main computer does uploads, otherwise other users get full 512 kbps).

the only difference between upload or download rate limits is the interface it is applied on, if applied on your main --> router interface, it can limit uploads, or applied on main --> users, it can limit downloads.

if u need more help on this, i will gladly post some examples of it.

Arch Linux

#1 2010-05-16 22:24:40

prioritizing traffic from "main" computer on LAN

#2 2010-05-16 23:03:55

Re: prioritizing traffic from "main" computer on LAN

#3 2010-05-16 23:34:47

Re: prioritizing traffic from "main" computer on LAN

#4 2010-05-17 02:20:10

Re: prioritizing traffic from "main" computer on LAN

#5 2010-05-17 06:09:03

Re: prioritizing traffic from "main" computer on LAN

#6 2010-05-17 17:40:39

Re: prioritizing traffic from "main" computer on LAN

Board footer