We help IT Professionals succeed at work.

LARTC - load balancing / routing by bandwidth

jar3817 asked
Medium Priority
Last Modified: 2012-05-06
I'm trying to find out if it's possible to route based on current bandwidth consumption. I have a linux router connected to three networks:
- internal lan (eth1)
- 4mb/512kb cable connection (eth2)
- 3mb/3mb dual T1 connection (eth3).

Currently all unmarked traffic gets NAT'd and goes out eth2 (cable). I can mark traffic with iptables and force it to get NAT'd and go out eth3 (T1s). I also have a public /27 that gets routed directly out eth3 (T1s).

I just started messing around with TC to shape the outgoing bandwidth on eth2 (cable) since it has such little outgoing bandwidth. I'd like to be able to force all (NAT'd) traffic out eth2 (cable) until that link is maxed out and then let addition connections go out eth3 (T1s).

I'm aware I can load balance with iproute2 based on a weight, but I'd rather let the cable connection get consumed first and leave the T1s open for our server traffic.

Does anyone know if this is possible?

I've read the incredibly confusing howto docs on lartc.org and in the section on ingress policing they talk about overlimits, which is in the right neighborhood: http://lartc.org/howto/lartc.adv-filter.policing.html

I guess my real question is, is it possible to mark traffic using the TC commmand like I can with iproute2? Or can I send packets that come in on one interface to a TC qdisc on another interface?
Watch Question

system administrator
Top Expert 2007
> is it possible to mark traffic using the TC commmand like I can with iproute2?

You can classify it and direct to any  queue on the _given_ interface, but you can't change interface _with TC_.
>  Or can I send packets that come in on one interface to a TC qdisc on another interface?

Again, not with TC.

TC works after the routing decision (when outgoing interface has been already chosen), so if you like to pass some extra traffic to another interface, try to do it with iptables. Currently there is no module in IPtables, that would measure current byte  transfer rate per interface (however there is one, that measures transfer rate per connection), but you can measure it with some external tool (say once a minute) and then use iptables 'condition' module.
iptables -t nat -A PREROUTING -m conntrack --ctstate NEW  -m condition --condition eth2_overloaded -j YOUR_ETH3_NAT_CHAIN

then in external program, that will monitor your transfer rate: touch /proc/net/ipt_condition/eth2_overloaded

to make it work, you should also install 'condition' module, that is not setup by default, read here: http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html about installation.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Artysystem administrator
Top Expert 2007

I found a module, that might help you:

 also non-standard, I'm not sure even that it is still supported, but you may try :-)


Not really what I was looking for, but good enough, thanks!
Artysystem administrator
Top Expert 2007

Thank you for points.

Really this problem is not easy. You are trying to apply some rule to every one packet where the packet itself doesn't play any role for the decision. Also there are no internal kernel structures for the rule 'condition', so some external process is required.


Yeah, it's kind of a weird situation. This is an old machine that is in use 24/7 so maybe I'll look harder into when it's time to update this machine.

Thanks for the input!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.