Hi fellows, i''m just a newbie to use the cool tc and played around the last 2 weeks. I''m quite confident - in theory - what''s possible and the basic difference between the queuing disciplines. We''re using a Fedora Core 3 box as Gateway (iptables,tc,iproute2 with NAT). Clients are coming in via eth1 and outgouing traffic (2Mbit/s SDSL) through eth0. So we would like to enable bandwidth limitation per-user, so i just used several scripts (htp from sourceforge,cbq.init ,wondershaper etc). (Each client: Downstream max 128kbit/s, Upstream max 90kbit/s) Shaping is working fine if i mark this specific source with a iptables rule, but as soon i apply multiple different source ip''s to mark it within the same queue, all are sharing my limitation and i thought each of them will get the rate-limiting. Example firewall rule: $IPTABLES -t mangle -A FORWARD -s ! 10.0.0.30 -d 10.0.0.30 -j MARK --set-mark 1 #downstream $IPTABLES -t mangle -A FORWARD -s 10.0.0.30 -j MARK --set-mark 2 #upstream I also tried the u23 matching within tc, but same effect, i''m also not sure if i can use this kind of matching in a nat environment ? I''m really done, no ideas what i''m doing wrong ! BTW: Anyone using tcng on FC3 and kernel 2.6x :-) My tc output: ************* ### eth0: queueing disciplines qdisc cbq 1: rate 2Mbit (bounded,isolated) prio no-transmit qdisc tbf 90: parent 1:90 rate 90Kbit burst 10Kb lat 444.4ms ### eth0: traffic classes class cbq 1: root rate 2Mbit (bounded,isolated) prio no-transmit class cbq 1:90 parent 1: leaf 90: rate 90Kbit (bounded) prio 5 class tbf 90:1 parent 90: ### eth0: filtering rules filter parent 1: protocol ip pref 200 fw filter parent 1: protocol ip pref 200 fw handle 0x2 classid 1:90 ### eth1: queueing disciplines qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit qdisc tbf 128: parent 1:128 rate 128Kbit burst 10Kb lat 312.5ms ### eth1: traffic classes class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit class cbq 1:128 parent 1: leaf 128: rate 128Kbit (bounded) prio 5 class tbf 128:1 parent 128: ### eth1: filtering rules filter parent 1: protocol ip pref 200 fw filter parent 1: protocol ip pref 200 fw handle 0x1 classid 1:128 ### eth2: queueing disciplines qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 THANKS for any hints Cheers Geri
Geri Fehringer wrote:> Hi fellows, > > > i''m just a newbie to use the cool tc and played around > the last 2 weeks. > > I''m quite confident - in theory - what''s possible and > the basic difference > between the queuing disciplines. > > We''re using a Fedora Core 3 box as Gateway > (iptables,tc,iproute2 with NAT). > Clients are coming in via eth1 and outgouing traffic > (2Mbit/s SDSL) through > eth0. > > So we would like to enable bandwidth limitation > per-user, so i just used > several scripts (htp from sourceforge,cbq.init > ,wondershaper etc). > (Each client: Downstream max 128kbit/s, Upstream max > 90kbit/s) > > Shaping is working fine if i mark this specific source > with a iptables > rule, but as soon i apply multiple different source > ip''s to mark it within > the same queue, all are sharing my limitation and i > thought each of them > will get the rate-limiting.You need to have a seperate class and mark for each user> I also tried the u23 matching within tc, but same > effect,When doing NAT u32 will work for downloads shaped on the lan facing interface but not for uploads on the wan interface you need to mark/classify.> qdisc cbq 1: rate 2Mbit (bounded,isolated) prio > no-transmitI would use htb with a class for each user - It would probably be nicer to seperate interactive traffic out from bulk aswell - depends on how many users share the bandwidth really. Andy.
> > When doing NAT u32 will work for downloads shaped on the lan facing > interface but not for uploads on the wan interface you need to > mark/classify. > >is it necessary to mark every ip with separate mark ? all clients in my net have the same speed, can i mark them all with for example : 10 ? -- *Dariusz ''tdi'' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:tdi@gentoo.pl|[gg]:2266034|[IRC]:#gentoo-pl@freenode | *[MAIL]:tdi@pozman.pl|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Dariusz Dwornikowski wrote:>>When doing NAT u32 will work for downloads shaped on the lan facing >>interface but not for uploads on the wan interface you need to >>mark/classify. >> >> > > > is it necessary to mark every ip with separate mark ? > all clients in my net have the same speed, can i mark them all with for example : 10 ?You said per user in the first post so they each need to have their own class and if you use mark they will need one each. You could use iptables CLASSIFY instead of mark - you wouldn''t need a filter for each attached to the queue then - just create a class for each with the same classid (You can sort of do the same thing with marks and htb). There is also a netfilter pom-ng patch called IPMARK which will mark things a bit more efficiently if you have loads of addresses to do. Andy.