Andrew Lewis
2004-Apr-07 13:38 UTC
Selectively filtering traffic in/out to common threshold
Hello again all, Question: I have a number of users, who need to be shaped at different rates. My question is this: Is there a way that I can shape both *inbound* and *outbound* traffic to not exceed a single threshold, ie. they can get x kbps traffic in or x kbps out, but no more than x kbps in/out combined? Best Regards, -AL.
First WRITE IN PLAIN TEXT now your problem: This can be done easily with my imq version, http://pupa.da.ru/imq seems there is no other way I was trying to use policers but this worked realy bad. ----------------------------------- Question: I have a number of users, who need to be shaped at different rates. My question is this: Is there a way that I can shape both *inbound* and *outbound* traffic to not exceed a single threshold, ie. they can get x kbps traffic in or x kbps out, but no more than x kbps in/out combined? Best Regards, -AL. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Andrew Lewis
2004-Apr-13 13:59 UTC
RE: Selectively filtering traffic in/out to common threshold
Hi all, Thanks for the pointer, Roy. I''m currently busy implementing my own traffic shaping configuration using the IMQ device, and from my testing, it seems I''m doing something horribly wrong. Here''s what I''m up to: I have to shape a number of clients to various rates for local & international traffic. These queue''s must then be shaped into collective queues for local & international, because we have sold more bandwidth than we have. Traffic in/out must have a common threshold. So: I do insmod imq.o And /sbin/ifconfig imq up Then I do like so: To test locally something like what I want to do on our live servers: #!/bin/env sh PATH=/sbin iptables -F iptables -X iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT tc qdisc del dev imq root tc qdisc add dev imq root handle 2 htb r2q 1 tc class add dev imq parent 2: classid 2:1 htb rate 1kbit ceil 1kbit tc class add dev imq parent 2: classid 2:2 htb rate 10mbit ceil 10mbit iptables -t mangle -F PREROUTING iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -j MARK --set-mark 0x20 iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j MARK --set-mark 0x21 iptables -t mangle -A PREROUTING -s ! 192.168.1.0/24 -d 192.168.1.0/24 -j MARK --set-mark 0x21 tc filter add dev imq parent 2: protocol ip pref 4 handle 0x20 fw classid 2:2 tc filter add dev imq parent 2: protocol ip pref 4 handle 0x21 fw classid 2:1 I then set this machine as my default gateway, which means my external connections should be very slow (1kbit). Not so. Packets go to imq (from where I don''t know, but not necessarily from my machine).. My connections made through this box remain speedy. Excuse ignorance. :) Can some-one tell me where I''m going wrong? -AL. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/