LARTC - Jun 2004 - Hierarchy of HTBs

I''ve been having a bit of difficulty with a hierarchy of HTBs that
I''m
wanting to create.  Essentially, I''ve got one interface that goes to
both
the DMZ and the internet.  When going to the internet, some of the traffic
will be going through a VPN and therefore I want to prioritize it
differently, however I want to give the DMZ traffic full speed as long as
it doesn''t take away from the internet traffic.

Here is the network diagram:

Internet
  |
tcbox1
  |
VPN/Router --- DMZ
  |
tcbox2
  |
Internal network

The tcbox2 is the complex one where I want to limit local traffic if there
is VPN traffic going through.  tcbox1 is a relatively normal setup just
prioritizing the traffic going out to the internet.

Here is my config (it''s a test setup at the moment that is just proof
of
concept):

--- Begin tcbox2.tc

#include "fields.tc"
#include "ports.tc"

#define INTERFACE  eth0

dev INTERFACE {
  egress {

    /* In class selection path, the filters come first! */

    /* I don''t recall the ip addresses, but you can tell where
I''m going
       with ''em */
    class ( <$local> )    if ip_dst == 10.0.0.0/8 ;
    class ( <$external> ) if ip_dst != 10.0.0.0/8 ;
    class ( <$vpn> )      if ip_dst == 192.168.100.0/24 || \
                             ip_dst == 192.168.101.0/24 ;

    class ( <$lpr> )   if tcp_dport == PORT_PRINTER || \
                          tcp_dport == PORT_PRINTER_AGENT || \
                          tcp_dport == PORT_PRINT_SRV ;
    class ( <$other> ) if 1 ;

    /* section in which we configure the qdiscs and classes */

    htb () {
      class ( rate 100Mbps, ceil 100Mbps ) {
        $local    = class ( rate 10Mbps,   ceil 100Mbps ) { sfq; } ;
        $external = class ( rate 1544kBps, ceil 1544kBps ) { /* T1 */
          htb () { /* all external traffic */
            $vpn   = class ( rate 1000kBps, ceil 1544kBps ) {
              htb () {
                $lpr   = class ( rate 100kBps,  ceil 1544kBps ) { sfq; } ;
                $other = class ( rate 900kBps, ceil 1544kBps ) { sfq; } ;
	      }
	    } ;
	    $other = class ( rate 544kBps, ceil 1544kBps ) { sfq; } ;
	  }
	}
      }
    }
  }
}
--- End tcbox2.tc

Thanks for any help.

Bill

-- 
"What people forget is that the only difference between Clippy and HAL9000
is that Clippy makes you want to kill yourself while HAL9000 does the job
for you."
  -- skaffen42, slashdot.org/article.pl?sid=03/08/15/1451223
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/