LARTC - Oct 2004 - Shaping on Ports, multiple IP Address''s, and SFQ

Hi, 

I have a 3Mbit (up,down) connection going through a Linux box (Debian
600mhz, 500mb ram) using NAT to approx 125 users.

Presently I am shaping by marking packets by their port numbers. I''m
prioritizing 22, 23, 25,  80, 81, 110, 443, 500, 3389, 1214,
6881:6889, etc, into their appropriate classes depending on weather
there getting more or less bandwidth.  This has worked pretty good,
but some users have problems at times like time-outs browsing, email
and such.

One question, should I be using SFQ on these classes? Would this
decrease the time-outs some users are getting at heavy load times?  If
so, could someone please explain what this (SFQ) does, as the
documentation in the LARTC and other spots is very weak.

Another question, I was also thinking of limiting everyone''s bandwidth
to like say 500K each, so no connection can get more then 500k, then
it would take about 6 people using full connections to max the line. 
I have searched and found no real good way to do this other than
creating 125 classes and filters AND if I did that would I still be
able to perform QoS on certain ports.  I''m confused on if this is
possible or not for it seems that once you filtered a IP address for
instance, then it''s gone and cannot be filtered through another qdisc.

Doing the math, if I had 125 users divided up into a 3mbit connection,
I would have to have a rate of 24 kbps and ceil of 500kbps per class. 
But if I did rate limit each user, now how do I rate limit all the
ports flowing as a whole like I was originally doing?

Thanks for the help.
-Dave
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Dave Scott wrote:
> Another question, I was also thinking of limiting everyone''s
bandwidth
> to like say 500K each, so no connection can get more then 500k, then
> it would take about 6 people using full connections to max the line. 
And then what? If the line is maxed, then it''s maxed, wether
that''s done
by a single user, or by three, six, or twelve people doesn''t really
make
much difference to me...
> Doing the math, if I had 125 users divided up into a 3mbit connection,
> I would have to have a rate of 24 kbps and ceil of 500kbps per class.
> But if I did rate limit each user, now how do I rate limit all the
> ports flowing as a whole like I was originally doing?
Limiting per user and limiting per port are two different approaches 
which just don''t mix well. By creating one class per user (all with the
same rates), HTB is supposed to distribute available bandwidth in a fair 
manner among all active users. By adding a limit to certain ports 
however, some users will be limited in favour to others.

The port stuff isn''t a good idea anyway since it can be easily
bypassed.
Especially filesharing applications such as BitTorrent can be moved to 
any port you like. If you want to recognize this kind of traffic,
you''re
better off using ipp2p, l7-filter or similar.

Andreas
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/