On Wednesday 18 December 2002 22:12, LARTC@VLMINTERNATIONAL.COM wrote:
> I've got some customers that have lots of bandwidth that are uploading =
and
> downloading files to our https:// help desk and are using up all of my =
T-1
> at times. This leaves other customers sucking wind. I've taken a look a=
t
> the '15.10. Example of a full nat solution with QoS' section. Would it =
work
> for me if I change the section that says eth0 to my internet adapter
> Serial0? If I can do that, will that allow fair sharing between all my
> customers of the https:// help desk?
>
> My setup:
>
> ////////// ///////////////// ///////
> https:// |-- |eth0 * Serial0 |-- |INET |
> ////////// ///////////////// ///////
>
> My proposed script:
>
> CEIL=3D1020 # actual is 1024Kbit
> IFACE=3DSerial0
>
> tc qdisc add dev $IFACE root handle 1: htb default 15
> tc class add dev $IFACE parent 1: classid 1:1 htb rate ${CEIL}kbit ceil
> ${CEIL}kbit
> tc class add dev $IFACE parent 1:1 classid 1:10 htb rate 170kbit ceil
> 170kbit prio 0
> tc class add dev $IFACE parent 1:1 classid 1:11 htb rate 170kbit ceil
> ${CEIL}kbit prio 1
> tc class add dev $IFACE parent 1:1 classid 1:12 htb rate 170kbit ceil
> ${CEIL}kbit prio 2
> tc class add dev $IFACE parent 1:1 classid 1:13 htb rate 170kbit ceil
> ${CEIL}kbit prio 2
> tc class add dev $IFACE parent 1:1 classid 1:14 htb rate 170kbit ceil
> ${CEIL}kbit prio 3
> tc class add dev $IFACE parent 1:1 classid 1:15 htb rate 170kbit ceil
> ${CEIL}kbit prio 3
>
> tc qdisc add dev $IFACE parent 1:12 handle 120: sfq perturb 10
> tc qdisc add dev $IFACE parent 1:13 handle 130: sfq perturb 10
> tc qdisc add dev $IFACE parent 1:14 handle 140: sfq perturb 10
> tc qdisc add dev $IFACE parent 1:15 handle 150: sfq perturb 10
>
> tc filter add dev $IFACE parent 1:0 protocol ip prio 1 handle 1 fw clas=
sid
> 1:10
> tc filter add dev $IFACE parent 1:0 protocol ip prio 2 handle 2 fw clas=
sid
> 1:11
> tc filter add dev $IFACE parent 1:0 protocol ip prio 3 handle 3 fw clas=
sid
> 1:12
> tc filter add dev $IFACE parent 1:0 protocol ip prio 4 handle 4 fw clas=
sid
> 1:13
> tc filter add dev $IFACE parent 1:0 protocol ip prio 5 handle 5 fw clas=
sid
> 1:14
> tc filter add dev $IFACE parent 1:0 protocol ip prio 6 handle 6 fw clas=
sid
> 1:15
>
> iptables -t mangle -I PREROUTING -p icmp -j MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -p icmp -j RETURN
> iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j
> MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j RETURN
> iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
> SYN -j MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
> SYN -j RETURN
> iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j
> MARK --set-mark 0x3
> iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j RETURN
>
> iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j
> MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j RETURN
> iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j
> MARK --set-mark 0x5
> iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j RETURN
> iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j
> MARK --set-mark 0x6
> iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j RE=
TURN
>
> Thanks in advance for any suggestions
I think this is a good script. =20
But different prio's for filters are not usefull. They only determine th=
e=20
order the filters are matched. And in your case, there is no specific ord=
er. =20
In fact, if you add 1 fw filter with no handle parameter, the mark will b=
e=20
used as filter key. So packets marked with 16 will end up in class 1:16.=
I=20
think this will save more CPU cycles.
Stef
--=20
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net