Hi, I am testing tc and company tools :-) I have an ADSL with three interfaces (one to ADSL router, one to one net and another one to another net). I am trying to limit the download from Internet to one computer. I try it (and some variations...): tc qdisc add dev eth1 root handle 1: cbq bandwidth 256kbit allot 1514 cell 8 avpkt 1000 mpu 64 (eth1 is the interface where computer that I want to limit is connected) tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 256kbit rate 128kbit weight 12kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded 256 is my bandwidth (to download) 128 is the bandwidth that I want to this computer 12kbit I don''t know ¿?... bounded is to test, only tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.5 flowid 1:1 But the computer is receiving more than 128kbit. If I try: tc qdisc add dev eth1 root tbf rate 128kbit latency 50ms burst 1540 Works fine, but I am limiting the whole network (I don''t want it) thank you very much for your attention. And excuse me my bad English. ---- Carles Pina i Estany | Nick: Pinux / Pine / Teufeus E-Mail: carles.pina@salleURL.edu / is08139@salleURL.edu / cpina@cat-linux.com http://www.salleURL.edu/~is08139/ Vendo teléfono militar. También marca el paso
On Sunday 23 December 2001 19:06, Carles Pina i Estany wrote:> Hi, > > I am testing tc and company tools :-) > > I have an ADSL with three interfaces (one to ADSL router, one to one net > and another one to another net). > > I am trying to limit the download from Internet to one computer. > > I try it (and some variations...): > > tc qdisc add dev eth1 root handle 1: cbq bandwidth 256kbit allot 1514 cell > 8 avpkt 1000 mpu 64Bandwith must be the real bandwith of the NIC. Usual 10 or 100 mbit.> (eth1 is the interface where computer that I want to limit is connected) > > tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 256kbit rate > 128kbit weight 12kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 > bounded > > 256 is my bandwidth (to download) > 128 is the bandwidth that I want to this computer > 12kbit I don''t know ¿?... > bounded is to test, only > > tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst > 192.168.0.5 flowid 1:1 > > But the computer is receiving more than 128kbit. > If I try: > > tc qdisc add dev eth1 root tbf rate 128kbit latency 50ms burst 1540 > Works fine, but I am limiting the whole network (I don''t want it)What you want to do is easy. But you are using the wrong commands. I have some working scripts. You can find them on www.docum.org. But I advise you to use the htb qdisc. Much easier to set up and to understand. Again, more information on www.docum.org. If you really want to use CBQ, I can give you more information. Just leave a message on the mailing list. Stef -- stef.coene@docum.org More QOS info : http://www.docum.org/ Title : "Using Linux as bandwidth manager"
> > Bandwith must be the real bandwith of the NIC. Usual 10 or 100 mbit. > > ok > > > What you want to do is easy. But you are using the wrong commands. I > > have some working scripts. You can find them on www.docum.org. > > Ok, I have looked now... > > > But I advise you to use the htb qdisc. Much easier to set up and to > > understand. Again, more information on www.docum.org. If you really > > want to use CBQ, I can give you more information. Just leave a message > > on the mailing list. > > I have seen htb qdisc. But I see that it isn''t in standard Kernel. I would > use standard kernel because (for various reasons). If I have time I will > test htb qdisc. > > Now my script works (with the help of your webpage): > > DEV="dev eth1" > OPTION="allot 1514 maxburst 20 avpkt 1000 prio 3" > tc qdisc add $DEV root handle 10: cbq bandwidth 10mbit avpkt 1000 > tc class add $DEV parent 10:0 classid 10:2 cbq bandwidth 10mbit rate \ > $2kbit $OPTION bounded > > tc filter add dev eth1 parent 10: protocol ip prio 1 u32 match ip \ > dst 192.168.0.5 flowid 10:2 > > But now I would like limit the bandwidth that 192.168.0.5 is sending. > > I cannot change dst for src, I think, because I am doing NAT and I think > that when the paquet traverse "tc filter bla bla bla" has IP of the > firewall machine. Then I have to do with iptables and mangle table? But > this table only has PREROUTING and OUTPUT: > > > cpie:~/tc# iptables -L -t mangle | grep Chain > Chain PREROUTING (policy ACCEPT) > Chain OUTPUT (policy ACCEPT) > > I suppose that I can mark paquets in PREROUTING Chain before the IP is > masqueraded. I will test.Indeed. You can not use the u32 filter but you will need the fw filter in conjuction with iptables if you do SNAT.> > Thank you very much for your attention.You can makt it easier to understand for us if you (try) to draw a small ASCII picture of your setup. Stef -- stef.coene@docum.org More QOS info : http://www.docum.org/ Title : "Using Linux as bandwidth manager"
> I am testing tc and company tools :-) > I am trying to limit the download from Internet to one computer.you might be interested by my bytelimit patch, so I''ll do some more advertistement for it ... :-) it is a netfilter (iptables) match allowing to do traffic shaping, like the "limit" match but in bytes/second instead of packets/second. it''s as simple as : iptables -A FORWARD -d 192.168.23.45 -m bytelimit --rate 10000 -j DROP this will limit 192.168.23.45 to 10000 bytes/second . every packet "out of quota" will be dropped. the patch is at http://etudiant.univ-mlv.fr/~jpetazzo/bytelimit.tgz feel free to contact me for more info/help about the patch. Jerome Petazzoni <skaya at enix dot org> -- Whoever had created humanity had left in a major design flaw. It was its tendency to bend at the knees. (Feet of Clay)