Hi,
I''d like to setup cbq for my 7 lan users, but i''d like to do
it only for the
internet connect (LAN is accessing internet through masquerading), not for
the whole server machine: i mean somebody on the lan should access the
server at full rate(10Mbit/s), but internet at for example 30KB/sec).
i now i''ve setup only kbits, but those dramastic low-speed was to see
easily
if it was working or not :)
how could i do that?
my lan NIC is eth0 and internet eth1, i already tried the following thingie
that doesn''t work (i suppose it''s logic, but i had to try it
;) )
And, How could i reset all the cbq existing config to remake a new one?
tc qdisc add dev eth1 root handle 10: cbq bandwidth 105Kbit avpkt 1000
tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 105Kbit rate \
105Kbit allot 1514 weight 15Kbit prio 8 maxburst 20 avpkt 1000
tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 105Kbit rate
\
10Kbit allot 1514 weight 5Kbit prio 5 maxburst 20 avpkt 1000 bounded
tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15
tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15
tc filter add dev eth1 parent 10:0 protocol ip prio 25 u32 match ip dst \
192.168.0.0/16 flowid 10:100
Same kind of thing for upstream
PS: where could i find a decent doc/faq/howto about cbq? Advanced-routing
isn''t that bad but it''s far from explaining every little trick
:/
Greetings,
JY
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
At 13:25 30-11-00 +0100, you wrote:>Hi, > >I''d like to setup cbq for my 7 lan users, but i''d like to do it only for >the internet connect (LAN is accessing internet through masquerading), not >for the whole server machine: i mean somebody on the lan should access the >server at full rate(10Mbit/s), but internet at for example 30KB/sec). >i now i''ve setup only kbits, but those dramastic low-speed was to see >easily if it was working or not :) > >how could i do that? > >my lan NIC is eth0 and internet eth1, i already tried the following >thingie that doesn''t work (i suppose it''s logic, but i had to try it ;) ) > >And, How could i reset all the cbq existing config to remake a new one? > >tc qdisc add dev eth1 root handle 10: cbq bandwidth 105Kbit avpkt 1000 >tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 105Kbit rate \ > 105Kbit allot 1514 weight 15Kbit prio 8 maxburst 20 avpkt 1000 > >tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 105Kbit rate \ > 10Kbit allot 1514 weight 5Kbit prio 5 maxburst 20 avpkt 1000 bounded > >tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15 >tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15 > >tc filter add dev eth1 parent 10:0 protocol ip prio 25 u32 match ip dst \ > 192.168.0.0/16 flowid 10:100I got the same problem, until I figured out that you cant denote IP-adresses with the filter, as those are ''masqueraded'' out and replaced by the router''s address. With your ipchains-masquerading command, you should add a ''mark packet'' command, which gives each individual forwarded machine an individual mark on its packets, so tc filter can pick those out. An example configuration of me (upstream!): (eth1 is the outgoing interface) # masq a fictious machine and mark it with 0xa (hexadecimal = 10 decimal!) /sbin/ipchains -A forward -s 192.168.0.1/32 -j MASQ -m 0xa #make root class with 128 kbit /usr/bin/tc qdisc add dev eth1 root handle 1: cbq bandwidth 128Kbit avpkt 1000 /usr/bin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 128Kbit rate 128Kbit \ allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000 #this gives the fictious machine above a bounded bandwidth of 40 kbit /usr/bin/tc class add dev eth1 parent 1:1classid 1:11 cbq bandwidth 128Kbit rate 40Kbit \ allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:1 /usr/bin/tc qdisc add dev eth1 parent 1:11 sfq quantum 1514b perturb 15 #here we add the filter command and give with it ''handle 10'' which corresponds to the fictious machine above, which was marked with 10 (=0xa): /usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 10 fw classid 1:11 That''s it for one machine, the rest you can hopely figure out for yourself ;) Sander Raaijmakers
At 03:58 1-12-00 +0000, you wrote:>Hi, > >Im trying to setup a traffic shaping in a simialar setup to youris. The >stuff below makes sense but I can''t figure out how to shape the >downstream. Could you give me an example from your config to start me >off. > >The thing I don''t understand is that packets coming from the internet to >(for example) 192.168.0.4 will not be marked so how can they be >routed to the right class ? > >thanks > >david.Hi, I am sorry to say, I wasn''t able to get that to work either (partially because I don''t need it in my configuration). But I do think that you can follow the advanced routing howto more closely on that one when you use the interface to the local network, as the IP-adress is translated back to the internal adress long before it travels through this interface. So in theory: #example from the advanced routing-howto, slightly changed tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip dst \ 150.151.0.0 flowid 10:100 This should work (with the previous rules being pretty much the same as I gave them). Sander Raaijmakers
On Fri, 1 Dec 2000, Sander wrote:> At 03:58 1-12-00 +0000, you wrote: > > > > >The thing I don''t understand is that packets coming from the internet to > >(for example) 192.168.0.4 will not be marked so how can they be > >routed to the right class ?You need to create seperate queues for each direction. Outgoing traffic to the internet gets in a queue in your eth1 (internet) and incoming traffic to your LAN is put in queues at eth0 (LAN). You just need to mark the packets depending on the incoming interface and destination. (check out ipchains or iptables)