-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
there''s something I really don''t understand. What I wanna
do is to shape my incoming _and_ my outgoing traffic in speperate
queues. I have a 256kbit up and 256kbit down link on eth1.
I want to use iptables to set the marks.
wan=eth1
lowin=1 # ; highin=2
lowout=5 # ; highout=6
# mark incoming traffic
iptables -t mangle -A PREROUTING -i $wan -p tcp --sport 80 \
-j MARK --set-mark $lowin
# mark outgoing traffic
iptables -t mangle -A OUTPUT -o $wan -p tcp --dport 80 \
-j MARK --set-mark $lowout
tc qdisc handle add dev $wan root handle 1:0 htb
tc class add dev $wan parent 1:0 classid 1:1 htb rate 256kbit # input shaping
tc class add dev $wan parent 1:0 classid 1:2 htb rate 256kbit # output shaping
tc class add dev $wan parent 1:1 classid 1:11 htb rate 64kbit # low in
tc class add dev $wan parent 1:1 classid 1:12 htb rate 192kbit # high in
tc class add dev $wan parent 1:2 classid 1:21 htb rate 64kbit # low out
tc class add dev $wan parent 1:2 classid 1:22 htb rate 192kbit # high out
tc filter add dev $wan parent 1:1 protocol ip prio 1 \
fw handle $lowin flowid 1:11
tc filter add dev $wan parent 1:2 protocol ip prio 1 \
fw handle $lowout flowid 1:21
What I think I have done is that I''ve created to main queues (1:1 and
1:2)
each one rating up to 256kbit. Each main queue got devided into a queue for
low traffic (non priorized) and one high traffic (priorized).
Then, I attatched the filter that anchors the iptables marked ip packets to
their corresponding queue.
But does this really work? I also notices somewhere that you just can shape
input traffic, and for output you need a special IMQ target for iptables,
why? And why doesn''t it work in that way?
Furthermore, is this right how I mark the outgoing traffic? should this be
done in POSTROUTING, or even somewhere else? It''s that we''ve
PREROUTING,INPUT, FORWARD,OUTPUT and POSTROUTING have in table mangle.
Please, would you help me solving my problem?
Thanks in advance,
Christian Parpart.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9eWOpPpa2GmDVhK0RAgYtAJ9EgbgblPUgeB+1C0rbBMGE2u6MCACdFpOh
ZIoj8dQQ3GYpWjxHrgTT/5Y=hq5D
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> But does this really work? I also notices somewhere that you just can shape > input traffic, and for output you need a special IMQ target for iptables, > why? And why doesn''t it work in that way?it'' the other way around. You can only shape outgoing traffic. You shape traffic by influencing the queue where the packets wait to be sended. For incoming packets, there is no queue, so you can''t shape incoming traffic. But, there is a IMQ device. You can put all incoming packets in this virtual device and this device has a queue. So you can shape incoming traffic. But this can/will introduce extra delays. There is also a ingress qdisc. This qdisc contains no queue, but you can attach filter to it. And you can use policers on this filter. A policer is sort of shaper on a filter : it will only match the packets at a certain rate. So you can match packets at a certain rate and throttle incoming traffic. Howerver, this is a one-level setup so you can''t create a hierarchical setup like you can with htb/cbq. You never provided a ceil parameter when you created the classes. So the class will never borrow unused bandwidth from each other. And to be able to shape the traffic, you have to shape at 250 kbit or so. So YOU are the bottleneck and not your router/modem. You will loose some bandwidth, but you will be able the shape it. So if shaping is not working, try to lower the total bandwidth you send/receive. I suggest reading some docs : lartc.org in general and I have some more info about shaping on docum.org.> Furthermore, is this right how I mark the outgoing traffic? should this be > done in POSTROUTING, or even somewhere else? It''s that we''ve > PREROUTING,INPUT, FORWARD,OUTPUT and POSTROUTING have in table mangle.It depends if the traffic is generated locally or forwarded. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Outgoing shaping (LAN --> WAN) makes sense as your input rate to the router is at LAN speeds while its output rate is at (relatively low-bandwidth) WAN speeds. A good set of rules will provide significant performance benefits for critical apps, while relegating non-critical ones to a "best effort" basis. Shaping incoming traffic with queueing technology (WAN --> LAN) does not make much sense as queues would occur after packets have crossed a (presumably congested) WAN link, to be forwarded by the routing engine to a 10, 100 or 1,000 Mbps infrastructure. Queues in such a case add unnecessary latency and provide no real benefit. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/