LARTC - May 2003 - configuration + HTB: question

Hello!

Can you help me with the following:

i want to devide traffic to clients from my server and
from internet. my intention is to mark with iptables
packets with src == 193.220.70.3 as local, and with
another src as going from internet. i need fairly
divide 60 Mbit of local traffic(traffic from my
server) between ethernet clients(192.168.1.2 -
192.168.1.20)

i think i need to create class with rate 60Mbit(attach
it to root qdisc) and to make 20 child classes with
rate 32Kbit ceil 60Mbit and to attach to these child
classes qdiscs with sfq. Then mark packets with
src=192.168.1.2-192.168.1.20 and to make thrm go to
these clasess? Am i right, or wrong? Maybe there is
better approach?

Thanks in advance for your help.

Best regards,
Ruslan

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Monday 26 May 2003 13:40, Ruslan Spivak wrote:
> Hello!
>
> Can you help me with the following:
>
> i want to devide traffic to clients from my server and
> from internet. my intention is to mark with iptables
> packets with src == 193.220.70.3 as local, and with
> another src as going from internet. i need fairly
> divide 60 Mbit of local traffic(traffic from my
> server) between ethernet clients(192.168.1.2 -
> 192.168.1.20)
>
> i think i need to create class with rate 60Mbit(attach
> it to root qdisc) and to make 20 child classes with
> rate 32Kbit ceil 60Mbit and to attach to these child
> classes qdiscs with sfq. Then mark packets with
> src=192.168.1.2-192.168.1.20 and to make thrm go to
> these clasess? Am i right, or wrong? Maybe there is
> better approach?
I think you are on the right track.  But I think it''s better that you
create 2
classes.  One for the internet traffic and one for the local traffic.  So you 
seperate the traffic from the internet from your local traffic.
The internet traffic has ceil = rate = 256kbit.  The local traffic has rate = 
60mbit - 256kbit and ceil = 60mbit.  If you want more control, you can add 1 
class / pc to each of these 2 classes.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

--- Stef Coene <stef.coene@docum.org> wrote:
> On Monday 26 May 2003 13:40, Ruslan Spivak wrote:
> > Hello!
> >
> > Can you help me with the following:
> >
> > i want to devide traffic to clients from my server
> and
> > from internet. my intention is to mark with
> iptables
> > packets with src == 193.220.70.3 as local, and
> with
> > another src as going from internet. i need fairly
> > divide 60 Mbit of local traffic(traffic from my
> > server) between ethernet clients(192.168.1.2 -
> > 192.168.1.20)
> >
> > i think i need to create class with rate
> 60Mbit(attach
> > it to root qdisc) and to make 20 child classes
> with
> > rate 32Kbit ceil 60Mbit and to attach to these
> child
> > classes qdiscs with sfq. Then mark packets with
> > src=192.168.1.2-192.168.1.20 and to make thrm go
> to
> > these clasess? Am i right, or wrong? Maybe there
> is
> > better approach?
> I think you are on the right track.  But I think
> it''s better that you create 2 
> classes.  One for the internet traffic and one for
> the local traffic.  So you 
> seperate the traffic from the internet from your
> local traffic.
> The internet traffic has ceil = rate = 256kbit.  The
> local traffic has rate = 
> 60mbit - 256kbit and ceil = 60mbit.  If you want
> more control, you can add 1 
> class / pc to each of these 2 classes.
> 
> Stef
> 
Thanks Stef,

Can you look at this, am i doing correct?

tc qdisc del dev eth0 root

# Add HTB root qdisc
tc qdisc add dev eth0 root handle 1: htb

# Add main ''local'' rate class
tc class add dev eth0 parent 1: classid 1:1 htb rate
60Mbit

#add leaf classes(20 classes, one class for one ip in
range 192.168.1.1 - 192.168.1.20)
tc class add dev eth0 parent 1:1 classid 1:20 htb rate
32kbit ceil 60&#65533;Mbit
tc class add dev eth0 parent 1:1 classid 1:21 htb rate
32kbit ceil 60&#65533;Mbit
tc class add dev eth0 parent 1:1 classid 1:22 htb rate
32kbit ceil 60&#65533;Mbit
tc class add dev eth0 parent 1:1 classid 1:23 htb rate
32kbit ceil 60&#65533;Mbit
...
tc class add dev eth0 parent 1:1 classid 1:39 htb rate
32kbit ceil 60&#65533;Mbit

# attach qdisc to leaf classes
tc qdisc add dev eth0 parent 1:20 handle 20: sfq
tc qdisc add dev eth0 parent 1:21 handle 21: sfq
tc qdisc add dev eth0 parent 1:22 handle 22: sfq
tc qdisc add dev eth0 parent 1:23 handle 23: sfq
...
tc qdisc add dev eth0 parent 1:39 handle 39: sfq

# filter traffic into classes by fwmark
tc filter add dev eth0 parent 1:0 protocol ip handle 1
fw flowid 1:20
tc filter add dev eth0 parent 1:0 protocol ip handle 2
fw flowid 1:21
tc filter add dev eth0 parent 1:0 protocol ip handle 3
fw flowid 1:22
tc filter add dev eth0 parent 1:0 protocol ip handle 4
fw flowid 1:23
...
tc filter add dev eth0 parent 1:0 protocol ip handle 1
fw flowid 1:39

# add fwmark entries
iptables -t mangle -A OUTPUT -d 192.168.1.1 -j MARK
--set-mark 1
iptables -t mangle -A OUTPUT -d 192.168.1.2 -j MARK
--set-mark 2
iptables -t mangle -A OUTPUT -d 192.168.1.3 -j MARK
--set-mark 3
iptables -t mangle -A OUTPUT -d 192.168.1.4 -j MARK
--set-mark 4
...
iptables -t mangle -A OUTPUT -d 192.168.1.20 -j MARK
--set-mark 39


But if i want to add one more ip, for example
192.168.1.21, i need:
1) add leaf class
2) attach to it qdisc with sfq
3) add filter by fwmark
4) add one entry with iptables to mark ip 192.168.1.21

Maybe i''m on wrong way or is it standard way for
fairly dividing 60Mbit between users and what if i
need to delete/add users dynamically?
I''m newbie to this and your help is very, very
appreciated

Thanks in advance,
Ruslan
> -- 
> 
> stef.coene@docum.org
>  "Using Linux as bandwidth manager"
>      http://www.docum.org/
>      #lartc @ irc.oftc.net
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> Thanks Stef,
>
> Can you look at this, am i doing correct?
>
> tc qdisc del dev eth0 root
>
> # Add HTB root qdisc
> tc qdisc add dev eth0 root handle 1: htb
>
> # Add main ''local'' rate class
> tc class add dev eth0 parent 1: classid 1:1 htb rate
> 60Mbit
>
> #add leaf classes(20 classes, one class for one ip in
> range 192.168.1.1 - 192.168.1.20)
> tc class add dev eth0 parent 1:1 classid 1:20 htb rate
> 32kbit ceil 60Mbit
> tc class add dev eth0 parent 1:1 classid 1:21 htb rate
> 32kbit ceil 60Mbit
> tc class add dev eth0 parent 1:1 classid 1:22 htb rate
> 32kbit ceil 60Mbit
> tc class add dev eth0 parent 1:1 classid 1:23 htb rate
> 32kbit ceil 60Mbit
> ...
> tc class add dev eth0 parent 1:1 classid 1:39 htb rate
> 32kbit ceil 60Mbit
>
> # attach qdisc to leaf classes
> tc qdisc add dev eth0 parent 1:20 handle 20: sfq
> tc qdisc add dev eth0 parent 1:21 handle 21: sfq
> tc qdisc add dev eth0 parent 1:22 handle 22: sfq
> tc qdisc add dev eth0 parent 1:23 handle 23: sfq
> ...
> tc qdisc add dev eth0 parent 1:39 handle 39: sfq
>
> # filter traffic into classes by fwmark
> tc filter add dev eth0 parent 1:0 protocol ip handle 1
> fw flowid 1:20
> tc filter add dev eth0 parent 1:0 protocol ip handle 2
> fw flowid 1:21
> tc filter add dev eth0 parent 1:0 protocol ip handle 3
> fw flowid 1:22
> tc filter add dev eth0 parent 1:0 protocol ip handle 4
> fw flowid 1:23
> ...
> tc filter add dev eth0 parent 1:0 protocol ip handle 1
> fw flowid 1:39
>
> # add fwmark entries
> iptables -t mangle -A OUTPUT -d 192.168.1.1 -j MARK
> --set-mark 1
> iptables -t mangle -A OUTPUT -d 192.168.1.2 -j MARK
> --set-mark 2
> iptables -t mangle -A OUTPUT -d 192.168.1.3 -j MARK
> --set-mark 3
> iptables -t mangle -A OUTPUT -d 192.168.1.4 -j MARK
> --set-mark 4
> ...
> iptables -t mangle -A OUTPUT -d 192.168.1.20 -j MARK
> --set-mark 39
>
>
> But if i want to add one more ip, for example
> 192.168.1.21, i need:
> 1) add leaf class
> 2) attach to it qdisc with sfq
> 3) add filter by fwmark
> 4) add one entry with iptables to mark ip 192.168.1.21
Indeed.
You can reduce the number of fw filters rules if you use the mark as hash key.  
So if you add 
tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw
and you have a packet with mark 39, it will placed in class 1:39.
> Maybe i''m on wrong way or is it standard way for
> fairly dividing 60Mbit between users and what if i
> need to delete/add users dynamically?
> I''m newbie to this and your help is very, very
> appreciated
I think you implemented it like it should be.  Each user a class.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/