I am attempting to build a Linux replacement for our Packeteer PacketShaper
using HTB. Everyone is behind the firewall in a 10.0.0.0/8 network. Each
property that we provide service to has it''s own B-class network over a
full T-1 point-to-point connection. That can then be separated into class
C''s.
I need to...
1. Keep the TC layout streamlined well enough that it does not kill
speed/latency for the users. With over 25 different class B networks subdivided
this way, will it kill the server/response? Should I be using MANGLE table
marking? How will that work with my extreme number of Classes? Will my
hierarchical Class/Filter design flow properly and not fall short of reaching
the final Class definitions?
2. Create a dynamic default class that the remainder of the property falls in.
What I mean is... instead of a 128Kbit maximum for the entire remainder, I
don''t want to have to add everyone''s IP address to a filter, I
would like to setup a 128Kbit class that "each" connection at the same
concurrent time can reach the maximum.
3. Use a Class/Filter per registered IP address in a database to limit speed to
our available plans. These plans are kept in a Database and can be different for
each parent class. For example; 10.10.3.0/24 available plans (n Kbits)... Plan A
(1536/1536), Plan B (1536/128), Plan C (768/128), Plan D (default) (128/64)
4. Parse the Class stats to monitor and graph with MRTG each registered IP,
network and property.
5. (Later) Build a script via PERL so that the Classes and Filters can be
created "on the fly" using a custom ODBC database connection to our
customized management/accounting database. I have this connector working
properly for other uses such as a "walled garden" authentication
section in IPTABLES.
Here is an example of the inbound script I have been playing with to sample
traffic. Notice that I am trying to use Handle, ClassID and FlowIDs that are
relevant to the IP address schemes.
----------------------------------------
#!/bin/bash
TC=''/sbin/tc''
# Upload
$TC qdisc del dev eth0 root
$TC qdisc add dev eth0 root handle 1: htb default 10
# 10.10.0.0/16
$TC class add dev eth0 parent 1: classid 1:10 htb rate 100Mbit
$TC filter add dev eth0 pref 10 parent 1: protocol ip u32 _
flowid 1:10 match ip src 10.10.0.0/16
$TC qdisc add dev eth0 parent 1:10 handle 10: htb default 255
# 10.10.3.0/24
$TC class add dev eth0 parent 10: classid 10:3 htb rate 8Mbit
$TC filter add dev eth0 pref 103 parent 10: protocol ip u32 _
flowid 10:3 match ip src 10.10.3.0/24
$TC qdisc add dev eth0 parent 10:3 handle 103: htb default 2
$TC class add dev eth0 parent 103: classid 103:1 htb rate 800Kbit
$TC filter add dev eth0 pref 1031 parent 103: protocol ip u32 _
flowid 103:1 match ip src 10.10.3.198/32
$TC filter add dev eth0 pref 1031 parent 103: protocol ip u32 _
flowid 103:1 match ip src 10.10.3.199/32
$TC class add dev eth0 parent 103: classid 103:2 htb rate 1000Kbit
$TC filter add dev eth0 pref 1032 parent 103: protocol ip u32 _
flowid 103:2 match ip src 10.10.3.0/24
# 10.10.4.0/24
$TC class add dev eth0 parent 10: classid 10:4 htb rate 8Mbit
$TC filter add dev eth0 pref 104 parent 10: protocol ip u32 _
flowid 10:4 match ip src 10.10.4.0/24
$TC qdisc add dev eth0 parent 10:4 handle 104: htb default 2
$TC class add dev eth0 parent 104: classid 104:1 htb rate 800Kbit
$TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
flowid 104:1 match ip src 10.10.4.198/32
$TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
flowid 104:1 match ip src 10.10.4.199/32
$TC class add dev eth0 parent 104: classid 104:2 htb rate 1000Kbit
$TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
flowid 104:2 match ip src 10.10.4.0/24
# 10.10.0.0/16 - Remainder
$TC class add dev eth0 parent 10: classid 10:255 htb rate 8Mbit
$TC filter add dev eth0 pref 101 parent 10: protocol ip u32 _
flowid 10:1 match ip src 10.10.3.0/24
# 10.41.0.0/16
$TC class add dev eth0 parent 1: classid 1:41 htb rate 1500Kbit
$TC filter add dev eth0 pref 41 parent 1: protocol ip u32 _
flowid 1:41 match ip src 10.41.0.0/16
$TC qdisc add dev eth0 parent 1:41 handle 41: htb
$TC class add dev eth0 parent 41: classid 41:1 htb rate 1500Kbit
$TC filter add dev eth0 pref 411 parent 41: protocol ip u32 _
flowid 41:1 match ip src 10.41.1.0/24
$TC class add dev eth0 parent 41: classid 41:2 htb rate 1500Kbit
$TC filter add dev eth0 pref 412 parent 41: protocol ip u32 _
flowid 41:2 match ip src 10.41.2.0/24
$TC qdisc add dev eth0 parent 41:2 handle 412: htb default 9
$TC class add dev eth0 parent 412: classid 412:1 htb rate 1500Kbit
$TC class add dev eth0 parent 412: classid 412:2 htb rate 800Kbit
$TC class add dev eth0 parent 412: classid 412:3 htb rate 130Kbit
$TC class add dev eth0 parent 412: classid 412:9 htb rate 40Kbit
# Other
$TC class add dev eth0 parent 1: classid 1:9999 htb rate 28Kbit
$TC filter add dev eth0 pref 9999 parent 1: protocol ip u32 _
flowid 1:9999 match ip src 0.0.0.0/8
(some errors may be in here during cleanup from transfer to email)
-----------------------
Colin Vander Veen
IMNisp
Senior Engineer
http://www.imnisp.net/
-----------------------
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/