LARTC - Aug 2003 - QoS upstream and downstream...

Hi 

I know this question is being asked in some other forms but I am getting
confused with the answers. I''ll re-form the question again.

Say I want to implement QoS for users like - 
512 kpbs downstream (incoming) and 128 kbps upstream (outgoing),
1 Mbps downstream (incoming) and 256 kbps upstream (outgoing), etc.

Is it possible to implement the above QoS scheme using HTB,SFQ etc ?
If yes how ? The network diagram is as given below.

                ------------------ 
Private --------| eth1      eth0 |-------Internet
ipaddresses     |                |
                ------------------
                   Linux firewall 
                   with masquerade.

eth1 : internal interface
eth0/ppp0 : outgoing interface

The private ip-addresses are NATed before they go out to Internet.

The users will be distinguished on the basis of their private ip-addresses.

So far I know we can apply HTB,SFQ (as given in examples) on eth0 for outgoing
traffic and marking packets in the PREROUTING stage using iptables. This will
implement the QoS for upstream traffic.

Is it okay , if I simply mark packets on the basis of source ip-addresses only
and put them in the appropriate classes or do I have to further consider
classification of traffic on the basis of services like telnet, http, ftp, smtp
etc as well ?

Similarly can I apply HTB,SFQ  on eth1 for incoming traffic and mark packets
using iptables in the PREROUTING stage and this time on the basis of destination
ipaddresses to implement the QoS requirements on download speeds ?

Will it give me the desired results as per requirements ?

If not, do we have any other solution to implement the above requirement ?

Help is invaluably appreciated.

Thanks,
Rajesh





_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> Say I want to implement QoS for users like - 
> 512 kpbs downstream (incoming) and 128 kbps upstream (outgoing),
> 1 Mbps downstream (incoming) and 256 kbps upstream (outgoing), etc.
> Is it possible to implement the above QoS scheme using HTB,SFQ etc ?
> If yes how ? The network diagram is as given below.
Yes indeed! All you need is create the appropriate classes on the
network-interfaces. As I''m only using HTB and iptables I can give you
just a HTB
example:
> eth1 : internal interface
> eth0/ppp0 : outgoing interface
Ok, let''s say you create the following classes according to your
information:
eth1: 
-1:1 512kbps (user1)
-1:2 1Mbps (user2)

ppp0:
-2:1 128kbps (user1)
-2:2 256kbps (user2)       

user1''s ip is 192.168.0.1
user2''s ip is 192.168.0.2

The iptables rules would be:

#marking packets
iptables -t mangle -A FORWARD -s 192.168.0.1 -j MARK --set-mark 1
iptables -t mangle -A FORWARD -d 192.168.0.1 -j MARK --set-mark 1
iptables -t mangle -A FORWARD -s 192.168.0.2 -j MARK --set-mark 2
iptables -t mangle -A FORWARD -d 192.168.0.2 -j MARK --set-mark 2

#putting packets in HTB classes
iptables -t mangle -A POSTROUTING -o eth1 -m mark --mark 1 -j CLASSIFY
--set-class 1:1

iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark 1 -j CLASSIFY
--set-class 2:1

iptables -t mangle -A POSTROUTING -o eth1 -m mark --mark 1 -j CLASSIFY
--set-class 1:2

iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark 1 -j CLASSIFY
--set-class 2:2

As I don''t know your setup you can make sure that nothing goes wrong by
adding the incoming and outgoing interfaces at the marking part like this:
iptables -t mangle -A FORWARD -i eth1 -o ppp0 -s 192.168.0.1 -j MARK
--set-mark 1

For putting the packets into HTB classes you can also use tc filter if
you''re not familar with CLASSIFY.

Hope that helps!
M.

-- 
COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test
--------------------------------------------------
1. GMX TopMail - Platz 1 und Testsieger!
2. GMX ProMail - Platz 2 und Preis-Qualitätssieger!
3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi Thanks for your reply.One question - The lartc documentation says  - that in
a NATed environment you should mark packets in the PREROUTING stage while you
have done in FORWARD stage - is that ok ?Actually, I had asked this question
earlier in this forum and I was told to mark packets in the PREROUTING stage.
Similarly while receiving packets (downstream) on eth1 ; which stage should I
mark packets ? I am not that conversant with iptables. TIA,Rajesh     - --- On
Fri 08/15, < miller69@gmx.net > wrote:From: [mailto:
miller69@gmx.net]To: lartc@mailman.ds9a.nlDate: Fri, 15 Aug 2003 16:02:20 +0200
(MEST)Subject: Re: [LARTC] QoS upstream and downstream...>   Say I want
to implement QoS for users like - > 512 kpbs downstream (incoming) and
128 kbps upstream (outgoing),> 1 Mbps downstream (incoming) and 256 kbps
upstream (outgoing), etc.> Is it possible to implement the above QoS
scheme using HTB,SFQ etc ?> If yes how ? The network diagram is as given
below.Y
 
 es indeed! All you need is create the appropriate classes on
thenetwork-interfaces. As I''m only using HTB and iptables I can give
you just a HTBexample:> eth1 : internal interface> eth0/ppp0 :
outgoing interfaceOk, let''s say you create the following classes
according to yourinformation:eth1: -1:1 512kbps (user1)-1:2 1Mbps
(user2)ppp0:-2:1 128kbps (user1)-2:2 256kbps (user2) user1''s ip is
192.168.0.1user2''s ip is 192.168.0.2The iptables rules would
be:#marking packetsiptables -t mangle -A FORWARD -s 192.168.0.1 -j MARK
--set-mark 1iptables -t mangle -A FORWARD -d 192.168.0.1 -j MARK --set-mark
1iptables -t mangle -A FORWARD -s 192.168.0.2 -j MARK --set-mark 2iptables -t
mangle -A FORWARD -d 192.168.0.2 -j MARK --set-mark 2#putting packets in HTB
classesiptables -t mangle -A POSTROUTING -o eth1 -m mark --mark 1 -j
CLASSIFY--set-class 1:1iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark
1 -j CLASSIFY--set-class 2:1iptables -t mangle -A POSTROUTING -o eth1 -m mark -
 
 -mark 1 -j CLASSIFY--set-class 1:2iptables -t mangle -A POSTROUTING -o eth0 -m
mark --mark 1 -j CLASSIFY--set-class 2:2As I don''t know your setup you
can make sure that nothing goes wrong byadding the incoming and outgoing
interfaces at the marking part like this:iptables -t mangle -A FORWARD -i eth1
-o ppp0 -s 192.168.0.1 -j MARK--set-mark 1For putting the packets into HTB
classes you can also use tc filter ifyou''re not familar with
CLASSIFY.Hope that helps!M.-- COMPUTERBILD 15/03: Premium-e-mail-Dienste im
Test--------------------------------------------------1. GMX TopMail - Platz 1
und Testsieger!2. GMX ProMail - Platz 2 und Preis-Qualittssieger!3. Arcor - 4.
web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8.
e-Post_______________________________________________LARTC mailing list /
LARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com

--MYWAYBOUNDARY_000__def60337a6667d3acb2b77c2d7b3816d
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 <table cellpadding=3 cellspacing=0 border=0 width=100%
bgcolor=white><tr valign=top><td width=100%><font size=2
color=black>Hi <br>Thanks for your reply.<br>One question - The
lartc documentation says  - that in a NATed environment you should mark packets
in the PREROUTING stage while you have done in FORWARD stage - is that ok
?<br>Actually, I had asked this question earlier in this forum and I was
told to mark packets in the PREROUTING stage.<br> <br>Similarly
while receiving packets (downstream) on eth1 ; which stage should I mark packets
?<br> <br>I am not that conversant with iptables.<br>
<br>TIA,<br>Rajesh<br> <br> <br> <br>
<br> - --- On Fri 08/15, &lt; miller69@gmx.net &gt; wrote:From:
[mailto: miller69@gmx.net]To: lartc@mailman.ds9a.nlDate: Fri, 15 Aug 2003
16:02:20 +0200 (MEST)Subject: Re: [LARTC] QoS upstream and
downstream...&gt;<br> <br> <br> Say I want to implement
QoS for users like - <BR>&gt; 512 kpbs downstream (incoming) and 128
kbps upstream (outgoing),<B
 
 R>&gt; 1 Mbps downstream (incoming) and 256 kbps upstream (outgoing),
etc.<BR>&gt; Is it possible to implement the above QoS scheme using
HTB,SFQ etc ?<BR>&gt; If yes how ? The network diagram is as given
below.<BR>Yes indeed! All you need is create the appropriate classes on
the<BR>network-interfaces. As I''m only using HTB and iptables I
can give you just a HTB<BR>example:<BR><BR>&gt; eth1 :
internal interface<BR>&gt; eth0/ppp0 : outgoing interface<BR>Ok,
let''s say you create the following classes according to
your<BR>information:<BR>eth1: <BR>-1:1 512kbps
(user1)<BR>-1:2 1Mbps (user2)<BR><BR>ppp0:<BR>-2:1
128kbps (user1)<BR>-2:2 256kbps (user2)
<BR><BR>user1''s ip is 192.168.0.1<BR>user2''s
ip is 192.168.0.2<BR><BR>The iptables rules would
be:<BR><BR>#marking packets<BR>iptables -t mangle -A FORWARD
-s 192.168.0.1 -j MARK --set-mark 1<BR>iptables -t mangle -A FORWARD -d
192.168.0.1 -j MARK --set-mark 1<BR>iptables -t mangle -A FORWARD -s
192.168.0.2 -j MARK --set-mark 2<BR>i
 
 ptables -t mangle -A FORWARD -d 192.168.0.2 -j MARK --set-mark
2<BR><BR>#putting packets in HTB classes<BR>iptables -t mangle
-A POSTROUTING -o eth1 -m mark --mark 1 -j CLASSIFY<BR>--set-class
1:1<BR><BR>iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark
1 -j CLASSIFY<BR>--set-class 2:1<BR><BR>iptables -t mangle -A
POSTROUTING -o eth1 -m mark --mark 1 -j CLASSIFY<BR>--set-class
1:2<BR><BR>iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark
1 -j CLASSIFY<BR>--set-class 2:2<BR><BR>As I don''t
know your setup you can make sure that nothing goes wrong by<BR>adding the
incoming and outgoing interfaces at the marking part like
this:<BR>iptables -t mangle -A FORWARD -i eth1 -o ppp0 -s 192.168.0.1 -j
MARK<BR>--set-mark 1<BR><BR>For putting the packets into HTB
classes you can also use tc filter if<BR>you''re not familar with
CLASSIFY.<BR><BR>Hope that helps!<BR>M.<BR><BR>--
<BR>COMPUTERBILD 15/03: Premium-e-mail-Dienste im
Test<BR>-------------------------------------------
 
 -------<BR>1. GMX TopMail - Platz 1 und Testsieger!<BR>2. GMX
ProMail - Platz 2 und Preis-Qualittssieger!<BR>3. Arcor - 4. web.de - 5.
T-Online - 6. freenet.de - 7. daybyday - 8.
e-Post<BR><BR>_______________________________________________<BR>LARTC
mailing list /
LARTC@mailman.ds9a.nl<BR>http://mailman.ds9a.nl/mailman/listinfo/lartc
HOWTO:
http://lartc.org/<BR><br></font></td></tr></table><p><hr><font
size=2 face=verdana><b>No banners. No pop-ups. No
kidding.</b><br>Introducing My Way - <a href=http://www.myway.com
target=_blank>http://www.myway.com</a></font>

--MYWAYBOUNDARY_000__def60337a6667d3acb2b77c2d7b3816d--
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

>  Hi Thanks for your reply.One question - The lartc documentation says  -
> that in a NATed environment you should mark packets in the PREROUTING
stage
> while you have done in FORWARD stage - is that ok ?
I did this on purpose because you can check for incoming and outgoing
interface here (-i and -o).  On my box I needed both options and as in
PREROUTING
only -i is available I had to take the FORWARD chain. This is working
absolutely perfect with me.
> Actually, I had asked
> this question earlier in this forum and I was told to mark packets in the
> PREROUTING stage. Similarly while receiving packets (downstream) on eth1 ;
> which stage should I mark packets ? I am not that conversant with
iptables.
> TIA,Rajesh
To my point of view it does NOT matter because you read out the mark for HTB
in/after PREROUTING stage and it''s not important where the mark has
been
set.  If you don''t need the -o option to identify the packets just
replace
FORWARD with PREROUTING ;-)

Cheers,
Mike

-- 
COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test
--------------------------------------------------
1. GMX TopMail - Platz 1 und Testsieger!
2. GMX ProMail - Platz 2 und Preis-Qualitätssieger!
3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/