LARTC - Jun 2001 - How to use tc to limit bandwidth of a special IP in LAN

hi,

I want to limit bandwidth of a special IP in LAN, when it upload or download
from Internet through Linux server. How to use tc to do?

Thanks.

Chuanbo Xu <iproute2@btamail.net.cn> writes:
> I want to limit bandwidth of a special IP in LAN, when it upload or
> download from Internet through Linux server. How to use tc to do?
The HOWTO covers this quite well:
        <http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html>
but there were two hiccups I encountered:
1. with "tc class" the priority must be no more than 8
2. with "tc filter" the priority must be no more than 99

Here is my setup (shortened), modify to suit:

## ROOT Class
tc qdisc add dev eth2 root handle 12: cbq bandwidth 10Mbit avpkt 1400

tc class add dev eth2 parent 12: classid 12:1 cbq bandwidth 10Mbit \
   rate 10Mbit allot 1514 weight 1Mbit prio 2 maxburst 20 avpkt 1400

## FLOWs
# 192.168.2.12 (unbounded)
tc class add dev eth2 parent 12:1 classid 12:212 cbq bandwidth 10Mbit \
   rate 256Kbit allot 1514 weight 25Kbit prio 5 maxburst 20 avpkt 1400

# 192.168.2.13 (bounded)
tc class add dev eth2 parent 12:1 classid 12:213 cbq bandwidth 10Mbit \
   rate 64Kbit allot 1514 weight 6Kbit prio 5 maxburst 20 avpkt 1400 bounded

# unbounded class for local traffic
tc class add dev eth2 parent 12:1 classid 12:300 cbq bandwidth 10Mbit \
   rate 3Mbit allot 1514 weight 300Kbit prio 3 maxburst 20 avpkt 1400

## QDISCs
tc qdisc add dev eth2 parent 12:212 sfq quantum 1514b perturb 15
tc qdisc add dev eth2 parent 12:213 sfq quantum 1514b perturb 15
tc qdisc add dev eth2 parent 12:300 sfq quantum 1514b perturb 15

## FILTERs
# unbounded class (local)
tc filter add dev eth2 parent 12:0 protocol ip prio 10 u32 \
   match ip src 192.168.2.0/24  flowid 12:300

# bounded classes (Internet)
tc filter add dev eth2 parent 12:0 protocol ip prio 20 u32 \
   match ip dst 192.168.2.12 flowid 12:212
tc filter add dev eth2 parent 12:0 protocol ip prio 20 u32 \
   match ip dst 192.168.2.13 flowid 12:213


I have only limited downloads.  To cover uploads as well you need to 
do the same thing for that direction.

-- 
Manfred
----------------------------------------------------------------
NetfilterLogAnalyzer, NetCalc, whois at: <http://logi.cc/linux/>

I have seen this document, but I don''t understand means of options.
Usage: tc qdisc [ add | del | replace | change | get ] dev STRING
       [ handle QHANDLE ] [ root | ingress | parent CLASSID ]
       [ estimator INTERVAL TIME_CONSTANT ]
       [ [ QDISC_KIND ] [ help | OPTIONS ] ]

What are root,ingress and parent?
What is CLASSID?
What is handle?
..



>http://www.ibiblio.org/pub/Linux/docs/HOWTO/Adv-Routing-HOWTO
>
>----- Original Message -----
>From: "Chuanbo Xu" <iproute2@btamail.net.cn>
>To: <lartc@mailman.ds9a.nl>
>Sent: Tuesday, June 12, 2001 1:00 AM
>Subject: [LARTC] How to use tc to limit bandwidth of a special IP in LAN
>
>
>> hi,
>>
>> I want to limit bandwidth of a special IP in LAN, when it upload or
>download from Internet through Linux server. How to use tc to do?
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> LARTC mailing list / LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a
>..nl/2.4Routing/
>>


            Chuanbo Xu
            iproute2@btamail.net.cn

On Wed, 13 Jun 2001, Chuanbo Xu wrote:
> I have seen this document, but I don''t understand means of
options.
> Usage: tc qdisc [ add | del | replace | change | get ] dev STRING
>        [ handle QHANDLE ] [ root | ingress | parent CLASSID ]
>        [ estimator INTERVAL TIME_CONSTANT ]
>        [ [ QDISC_KIND ] [ help | OPTIONS ] ]
>
> What are root,ingress and parent?
> What is CLASSID?
> What is handle?
You don''t have to understand all details to setup a working bandwidth
limiting Linux router, try the example setups and experiment. That''s
the
only way to lear to use it.

CLASSID and handle are just identifiers to point the the right classes.
Just think about them like names. Root is the root of the class tree.

RTFM means "Read The Fucking Manual". You can find it back at:
http://www.astro.umd.edu/~marshall/abbrev.html#R

There is even a Chinese version of the manual:
http://www.e-infomax.com/ipmasq/ipmasq-howto.html



-- 
GnuPG public key: http://win-www.uia.ac.be/u/s965817/pub.key
fingerprint = A3C4 DE50 712D 4FA8 C564  4D96 5E06 C9CC ECFA 19C5
Please type your text BELOW the qoute.

On Wed, Jun 13, 2001 at 11:14:24AM +0800, Chuanbo Xu wrote:
> I have seen this document, but I don''t understand means of
options.
> Usage: tc qdisc [ add | del | replace | change | get ] dev STRING
>        [ handle QHANDLE ] [ root | ingress | parent CLASSID ]
>        [ estimator INTERVAL TIME_CONSTANT ]
>        [ [ QDISC_KIND ] [ help | OPTIONS ] ]
> 
> What are root,ingress and parent?
> What is CLASSID?
> What is handle?
Good question. If anybody has any idea what all these keywords mean
I''d really appreciate the answer.

Ramin

On Wed, Jun 13, 2001 at 12:00:27PM +0200, Wingtung.Leung wrote:
> On Wed, 13 Jun 2001, Chuanbo Xu wrote:
> 
> > I have seen this document, but I don''t understand means of
options.
> > Usage: tc qdisc [ add | del | replace | change | get ] dev STRING
> >        [ handle QHANDLE ] [ root | ingress | parent CLASSID ]
> >        [ estimator INTERVAL TIME_CONSTANT ]
> >        [ [ QDISC_KIND ] [ help | OPTIONS ] ]
> >
> > What are root,ingress and parent?
> > What is CLASSID?
> > What is handle?
> 
> You don''t have to understand all details to setup a working
bandwidth
> limiting Linux router, try the example setups and experiment.
That''s the
> only way to lear to use it.
You mean there is no-one (even not the one who wrote this QoS thing)
has a decent doc on that? Trial and error is evil and waste of time.

Ramin
> 
> CLASSID and handle are just identifiers to point the the right classes.
> Just think about them like names. Root is the root of the class tree.
> 
> RTFM means "Read The Fucking Manual". You can find it back at:
> http://www.astro.umd.edu/~marshall/abbrev.html#R
> 
> There is even a Chinese version of the manual:
> http://www.e-infomax.com/ipmasq/ipmasq-howto.html

Hi

Is it possible to limit bandwidth for a couple of users on the Linux box?
And if so, is there any docs describing how or can someone help me?

Thx,
  Joachim

On Wed, 13 Jun 2001, Ramin Alidousti wrote:
> You mean there is no-one (even not the one who wrote this QoS thing)
> has a decent doc on that? Trial and error is evil and waste of time.
First, the best way to learn things is to try it. If you think that''s a
waste of time, you shouldn''t be using GNU/Linux in the first place, but
consider a commercial boxed Cisco router or something alike.

And secondly, the best and most accurate documentation: the source code.
Every detail is explained there.

No offence.


A handle is just a tool or way to hold something, in this case a pointer
or reference to the previously constructed class.

(Please don''t CC me, I''m already subscribed to the list.)

-- 
GnuPG public key: http://www.keyserver.net
fingerprint = A3C4 DE50 712D 4FA8 C564  4D96 5E06 C9CC ECFA 19C5

On Wed, 13 Jun 2001, Joachim Wickman wrote:
> Is it possible to limit bandwidth for a couple of users on the Linux box?
> And if so, is there any docs describing how or can someone help me?
If you mean that you want to limit bandwidth for different users at a
single system: only the outgoing stream can be shaped, with the owner
match extension. I don''t think incoming traffic can be shaped per user.

If the different users have different machines and IP addresses, it can be
done easily. Just read the HOWTO.


-- 
GnuPG public key: http://www.keyserver.net
fingerprint = A3C4 DE50 712D 4FA8 C564  4D96 5E06 C9CC ECFA 19C5

On Thu, Jun 14, 2001 at 01:02:19AM +0200, Wingtung.Leung wrote:
> First, the best way to learn things is to try it. If you think
that''s a
I''m not opposed to trying. But just think how much time you''d
waste if you had
to start from nowhere with apache/sendmail/bash/netfilter and many many other
applications. Of course you have the source and can figure out what they do
by going through the code line by line, but that''s not the point.

Why do you think that your "GNU/Linux" has "Linux Documentation
Project"????
> waste of time, you shouldn''t be using GNU/Linux in the first
place, but
> consider a commercial boxed Cisco router or something alike.
Actually, one of the reasons that I don''t like the commercial products
like
cisco is that you get:

Command			Comment
-------			-------
ip cef			enables cef
no ip cef		disables cef

but what the heck is cef in the first place?

Most of the Linux applications have an excellent documentation. iproute2 is
an exception.
> And secondly, the best and most accurate documentation: the source code.
> Every detail is explained there.
I''m glad that it''s not coded in machine language...
> No offence.
non taken.
> A handle is just a tool or way to hold something, in this case a pointer
> or reference to the previously constructed class.
> 
> (Please don''t CC me, I''m already subscribed to the list.)
I''d expected more from an academicus as yourself. They used to have
many
courses like "formele specificaties". Did they remove them from the
programs?

Ramin

Nothing like trial and error, but cone on, let''s not have have each
person
individually reinvent the wheel.  Many man hours are wasted trying to figure
out how the most basic commands work by experimentation, when it would be so
easy to just make a clear explanation of them in the documentation.  Some
examples of the command line would be most helpful.

While Linux, in general is not for the faint of heart, the doccumentation
for this particular set of tools is overly cryptic.  I, for one, am not a
programmer and can''t "read the source code".  Not that that
should be
necessary for anyone not refining it anyway.  With a good explanation of the
cammands and variables, those man hours could be spent working on innovative
ways to impliment these wonderful  tools, rather than trying to figure out
which end goes up.

I have spent days trying to do the most basic things with these new tools
that I accomplished in hours with 2.2.x, and have made some progress but it
does not have to be so difficult.

The Linux project is a wonderful thing!  Millons of people from all over the
world, working together and sharing their knowledge and ideas.  And creating
a first rate OS in the process.  Linux is gaining more and more support
every day.  I believe that it will soon find it''s place in the
commonwealth
that it is so deserving of, but for that to happen it''s features must
be
accessable to users other than the Elete.

Finally, the power is in the right place.  In the hands of the users.
Let''s
try and get along.  We are all on the same team.



----- Original Message -----
From: "Ramin Alidousti" <ramin@UU.NET>
To: <lartc@mailman.ds9a.nl>
Sent: Wednesday, June 13, 2001 4:49 PM
Subject: Re: Re: [LARTC] How to use tc to limit bandwidth of a special IP in
LAN

> On Thu, Jun 14, 2001 at 01:02:19AM +0200, Wingtung.Leung wrote:
>
> > First, the best way to learn things is to try it. If you think
that''s a
>
> I''m not opposed to trying. But just think how much time
you''d waste if you
had
> to start from nowhere with apache/sendmail/bash/netfilter and many many
other
> applications. Of course you have the source and can figure out what they
do
> by going through the code line by line, but that''s not the point.
>
> Why do you think that your "GNU/Linux" has "Linux
Documentation
Project"????
>
> > waste of time, you shouldn''t be using GNU/Linux in the first
place, but
> > consider a commercial boxed Cisco router or something alike.
>
> Actually, one of the reasons that I don''t like the commercial
products
like
> cisco is that you get:
>
> Command Comment
> ------- -------
> ip cef enables cef
> no ip cef disables cef
>
> but what the heck is cef in the first place?
>
> Most of the Linux applications have an excellent documentation. iproute2
is
> an exception.
>
> > And secondly, the best and most accurate documentation: the source
code.
> > Every detail is explained there.
>
> I''m glad that it''s not coded in machine language...
>
> > No offence.
>
> non taken.
>
> > A handle is just a tool or way to hold something, in this case a
pointer
> > or reference to the previously constructed class.
> >
> > (Please don''t CC me, I''m already subscribed to the
list.)
>
> I''d expected more from an academicus as yourself. They used to
have many
> courses like "formele specificaties". Did they remove them from
the
programs?
>
> Ramin
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
>

On Wed, 13 Jun 2001, streeterk wrote:
> Nothing like trial and error, but cone on, let''s not have have
each person
> individually reinvent the wheel.  Many man hours are wasted trying to
figure
> out how the most basic commands work by experimentation, when it would be
so
> easy to just make a clear explanation of them in the documentation.  Some
> examples of the command line would be most helpful.
>
> While Linux, in general is not for the faint of heart, the doccumentation
> for this particular set of tools is overly cryptic.
Maybe I''m using a different iproute2 package than you, but my iproute2
came with a massive 60 page manual: ip-cref.dvi.  It really is way more
documentation than you get with most tools.

I''ve often cursed iproute2 for its command syntax, but the root problem
always turns out to be my own ignorance of routing and internetworking.

-jwb

> I have spent days trying to do the most basic things with these new tools
> that I accomplished in hours with 2.2.x, and have made some progress but it
> does not have to be so difficult.

HOW DO YOU DO THIS IN 2.2.x???  I''ve been trying to find this info.  So
far, no responses from anyone here.  Thanks!

Bob

On Wed, Jun 13, 2001 at 07:10:00PM -0700, Jeffrey W. Baker wrote:
> On Wed, 13 Jun 2001, streeterk wrote:
> 
> > Nothing like trial and error, but cone on, let''s not have
have each person
> > individually reinvent the wheel.  Many man hours are wasted trying to
figure
> > out how the most basic commands work by experimentation, when it would
be so
> > easy to just make a clear explanation of them in the documentation. 
Some
> > examples of the command line would be most helpful.
> >
> > While Linux, in general is not for the faint of heart, the
doccumentation
> > for this particular set of tools is overly cryptic.
> 
> Maybe I''m using a different iproute2 package than you, but my
iproute2
> came with a massive 60 page manual: ip-cref.dvi.  It really is way more
> documentation than you get with most tools.
> 
> I''ve often cursed iproute2 for its command syntax, but the root
problem
> always turns out to be my own ignorance of routing and internetworking.
Yes. I have these .tex files as well. Much beter than scanning through the
source code...

"ip" is kind of easy to follow (maybe because I already know what
I''m looking
for) but when it comes down to "tc", my head spins. Take the following
(easy)
example:

tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate 1Mbit \
allot 1514 cell 8 weight 100Kbit prio 3 maxburst 20 avpkt 1000 split 1:0 \
defmap c0

A small note on all these options would have saved me a lot of guess-work.

But anyway, don''t take me wrong. I think that iproute2 is one of the
coolest
networking tools I''ve ever seen. 

Ramin
> 
> -jwb

Good point I think the only way to do what he''s talking about is
creating a
.bashrc that alters the netconfig... only problem with that is finding a way
to make it not happen system wide :)

-David Talbot

-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of Wingtung.Leung
Sent: Wednesday, June 13, 2001 6:13 PM
To: Linux Advanced Router & Traffic Control
Subject: Re: [LARTC] How to limit bandwidth for a single user


On Wed, 13 Jun 2001, Joachim Wickman wrote:
> Is it possible to limit bandwidth for a couple of users on the Linux box?
> And if so, is there any docs describing how or can someone help me?
If you mean that you want to limit bandwidth for different users at a
single system: only the outgoing stream can be shaped, with the owner
match extension. I don''t think incoming traffic can be shaped per user.

If the different users have different machines and IP addresses, it can be
done easily. Just read the HOWTO.


--
GnuPG public key: http://www.keyserver.net
fingerprint = A3C4 DE50 712D 4FA8 C564  4D96 5E06 C9CC ECFA 19C5



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/

"Jeffrey W. Baker" wrote:
> 
> On Wed, 13 Jun 2001, streeterk wrote:
> 
> > Nothing like trial and error, but cone on, let''s not have
have each person
> > individually reinvent the wheel.  Many man hours are wasted trying to
figure
> > out how the most basic commands work by experimentation, when it would
be so
> > easy to just make a clear explanation of them in the documentation. 
Some
> > examples of the command line would be most helpful.
> >
> > While Linux, in general is not for the faint of heart, the
doccumentation
> > for this particular set of tools is overly cryptic.
I''m publishing everything I''m doing with the tc command. 
Scripts,
documentation, results, explanation, tools: you can find on my website
(see below for link).  I even contacted the HOWTO makers to help them
but they are to busy to answer me.  I''m still looking for any respons
on
the website or for someone to help me.  I know people are visiting the
website,  but nobody is offering some help.  
> 
> Maybe I''m using a different iproute2 package than you, but my
iproute2
> came with a massive 60 page manual: ip-cref.dvi.  It really is way more
> documentation than you get with most tools.
But there is no manpage for tc.  I still don''t know all the options. 
For instance "tc get" is not implemented
> 
> I''ve often cursed iproute2 for its command syntax, but the root
problem
> always turns out to be my own ignorance of routing and internetworking.
> 
> -jwb
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
-- 

Stef

More QOS info : http://users.belgacom.net/staf/

> tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate
1Mbit \
> allot 1514 cell 8 weight 100Kbit prio 3 maxburst 20 avpkt 1000 split 1:0 \
> defmap c0
- tc : command
- class : ''owns'' a part of the traffic that flows through his
parent
- add : add a new class
- dev eth0 : we are working onf device eth0
- parent 1:1 : parent of this class (see also option class)
	number : first part is the major number (equal for all classes and
parent who belongs to each other)
                 second part is the minor number : uniq number
- classid 1:2 : number of the class (first number = first number of
parent)
- cbq : type of class
- bandwidth 10Mbit : bandwidth of parent (should be the same for all
elements with same major number)
- rate 1Mbit : bandwidth of this class
- allot 1514 cell 8 maxburst 10 avpkt 1000 : forget these options for
now, just set them
- weight 100Kbit : Used to divide the traffic in the class.  When you
takes it 10 time less then bandwidth, everything will be fine
- split 1:0 defmap c0 :  ? ? ? ? Maybe to split the traffic?  I never
needed this options, so I don''t know what this mean.  Just forget this
option for now.
> 
> A small note on all these options would have saved me a lot of guess-work.
Better? ;-)
> 
> But anyway, don''t take me wrong. I think that iproute2 is one of
the coolest
> networking tools I''ve ever seen.
Me to, you can do great things with CBQ but it really sucks and is not
accurate enough.
> 
> Ramin
> 
> >
> > -jwb
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
-- 

Stef

More QOS info : http://users.belgacom.net/staf/

Thanks Stef :-)

On Fri, Jun 15, 2001 at 07:57:12AM +0200, Stef Coene wrote:
> - allot 1514 cell 8 maxburst 10 avpkt 1000 : forget these options for
> now, just set them
That''s exactly what I meant.
> - split 1:0 defmap c0 :  ? ? ? ? Maybe to split the traffic?  I never
> needed this options, so I don''t know what this mean.  Just forget
this
> option for now.
You will never need something when you don''t know of its existance ;-)
> > A small note on all these options would have saved me a lot of
guess-work.
> Better? ;-)
Yes. Much better :-)
> > But anyway, don''t take me wrong. I think that iproute2 is one
of the coolest
> > networking tools I''ve ever seen.
> Me to, you can do great things with CBQ but it really sucks and is not
> accurate enough.
Why do you need accuracy when you''re doing "Traffic
Engineering" ;-)

Ramin

Ramin Alidousti wrote:
> 
> Thanks Stef :-)
> 
> On Fri, Jun 15, 2001 at 07:57:12AM +0200, Stef Coene wrote:
> 
> > - allot 1514 cell 8 maxburst 10 avpkt 1000 : forget these options for
> > now, just set them
> 
> That''s exactly what I meant.
> 
> > - split 1:0 defmap c0 :  ? ? ? ? Maybe to split the traffic?  I never
> > needed this options, so I don''t know what this mean.  Just
forget this
> > option for now.
> 
> You will never need something when you don''t know of its existance
;-)
> 
> > > A small note on all these options would have saved me a lot of
guess-work.
> > Better? ;-)
> 
> Yes. Much better :-)
> 
> > > But anyway, don''t take me wrong. I think that iproute2
is one of the coolest
> > > networking tools I''ve ever seen.
> > Me to, you can do great things with CBQ but it really sucks and is not
> > accurate enough.
> 
> Why do you need accuracy when you''re doing "Traffic
Engineering" ;-)
I did some tests : I tried to give 2 hosts a bandwidth og 128kbit/s. 
Host A needs 75% of this bandwidth and host B 25%.  They share the same
128kbit/s so they may borrow unused bandwidth.  The only way to do this
is to create a qdisc on a bounded class of 128kbit/s (I tried all other
things and this was the only way to get it working).  On this qdisc you
can attach 2 classes for the two hosts with appropriate optiones and it
works perfect.  Host A gets 75% of the bandwidth and they can borrow
bandwidth. 
BUT, the problem is the bounded class and qdisc.  I did some tests and
CBQ is very bad when it has to bound a class, but the problem is that
you need a bounded class with his rate equal to the link-bandwidth.  You
can find some nice pictures on my website and they are very clear
(http://users.belgacom.net/staf/qos/tests/cbq/bounded/bounded-accuracy.html):
CBQ is not accurate when bounding a class.  So it''s working but not
accurate enough.  There are some other problems, but this the most
inportant.

So if anyone out there has other results or find a solution, plz let us
know.  I did a lot of testing and I''m surre I didn''t made a
mistake.  I
made all the possible combinations of options, and each time it was not
working like I wanted to.



-- 

Stef

More QOS info : http://users.belgacom.net/staf/

> I''m publishing everything I''m doing with the tc command. 
Scripts,
> documentation, results, explanation, tools: you can find on my website
> (see below for link).  I even contacted the HOWTO makers to help them
> but they are to busy to answer me.  I''m still looking for any
respons on
> the website or for someone to help me.  I know people are visiting the
> website,  but nobody is offering some help.  
I''ve appreciated your information very much -- when I catch up to you,
I may be able to help ;-).  As it is now, I don''t have much time for
the
experimentation.

-- 
Michael T. Babcock