Hi everyone. I''m working on a problem since some days. I have a linux router with about 100 ppp interfaces. Each interface should bei limited to an individual bandwidth of 1024kbit, 2048kbit or 3096kbit. Up AND downstream. (let''s say for example 1024kbit upstream and 1024kbit downstream) The reason for this problem: I have to limit users to their booked bandwidth, because there are hard rules, who is allowed to use which kind of bandwidth. but some users used their 1024kbit login data with an 3096kbit dsl line and of course they got the whole 3mbit bandwidth for downloads/uploads. So i MUST limit the users to a hard limit of bandwidth. no fair dealing or something else. just a hardlimit for bandwidth. User X (pppX) get''s 1024kbit of bandwidth. no more nor less. Another problem is, that behind an ppp interface there are some /29 net of ip-adresses. So i am not able to filter by ip address. i have to filter by interface. but i just don''t know how to deal with the problem Traffic shaping works only for egress traffic, doesn''t it? Did anybody worked on the same problem before or can provide a solution for this? Regards Florian Taeger _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Florian Taeger wrote:> Hi everyone. > > I''m working on a problem since some days. > > I have a linux router with about 100 ppp interfaces. Each interface should > bei limited to an individual bandwidth of 1024kbit, 2048kbit or 3096kbit. Up > AND downstream. (let''s say for example 1024kbit upstream and 1024kbit > downstream) > > The reason for this problem: I have to limit users to their booked > bandwidth, because there are hard rules, who is allowed to use which kind of > bandwidth. but some users used their 1024kbit login data with an 3096kbit > dsl line and of course they got the whole 3mbit bandwidth for > downloads/uploads. > > So i MUST limit the users to a hard limit of bandwidth. no fair dealing or > something else. just a hardlimit for bandwidth. User X (pppX) get''s 1024kbit > of bandwidth. no more nor less. > > Another problem is, that behind an ppp interface there are some /29 net of > ip-adresses. So i am not able to filter by ip address. i have to filter by > interface. > > but i just don''t know how to deal with the problem Traffic shaping works > only for egress traffic, doesn''t it? > > Did anybody worked on the same problem before or can provide a solution for > this?If the traffic from all the ppps leave by one interface then you could mark packets by incoming interface and set up egress shaping with say HTB on that interface. If the traffic leaves on > 1 interfaces then you need to use IMQ. Andy. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> If the traffic leaves on > 1 interfaces then you > need to use IMQ.I forgot to put - you can also attach policers to each ppp - thay are not queues so they don''t limit rate as such - but they can drop if over rate - thus limiting TCP. Andy. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi.> If the traffic from all the ppps leave by one interface then you could > mark packets by incoming interface and set up egress shaping with say > HTB on that interface.There is only one eth0 interface to the internet and many ppp for the users. So ... I have to shape every traffic from the ppp interfaces to eth0 (internet) and the same way around, don''t I ?? How would it be done with htb ?? The problem ist - 50% of all the traffic on eth0 is to establish the ppp session through a l2tp tunnel and the other 50% are for the real traffic to the internet. So i only want to shape down the traffic from or to the ppp interfaces. But I can''t shape the whole traffic on eth0. So ... will there be any problems regarding this ? Of course i read the docs, but I just don''t know how exactly to generate the shape-filter for this. I know i have to establish a root entry and make another entry for every ppp device. but how do i connect the interfaces an the traffic ?!? How would I generate this "hard limit" for the traffic ? Many thanks for the help. Regards F.Taeger _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Florian Taeger wrote:>Of course i read the docs, but I just don''t know how exactly to generate the >shape-filter for this. I know i have to establish a root entry and make >another entry for every ppp device. but how do i connect the interfaces an >the traffic ?!? How would I generate this "hard limit" for the traffic ? > >Like Andy Furniss wrote: Mark each incoming packets on pppn so you know where it is coming from. Then attach n HTB classes below eth0''s root and stuff each packet in its class. Kind regards, Leslie _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Fri, 2004-10-29 at 10:51 +0200, Leslie Patrick Polzer wrote:> Florian Taeger wrote: > Mark each incoming packets on pppn so you know where it is coming from. > Then attach n HTB classes below eth0''s root and stuff each packet in its > class.Maybe not the best way to do. Script can be run when a ppp connection come up. Username (ppp login) is at this moment available as a variable environnement. Knowing that, you can then set up the correct QOS policy on the link. BR, -- Eric Leblond <eric@regit.org> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Florian Taeger wrote:> Hi. > > >>If the traffic from all the ppps leave by one interface then you could >>mark packets by incoming interface and set up egress shaping with say >>HTB on that interface. > > > There is only one eth0 interface to the internet and many ppp for the users. > > So ... I have to shape every traffic from the ppp interfaces to eth0 > (internet) and the same way around, don''t I ??I think you should think about what Eric says - I don''t have experience with many ppps and I guess you will need to use scripts per ppp. For Egress you can add a TBF per ppp. For ingress you could add a policer to each or you could use IMQ, but you would need one device per ppp. To this you could then add a TBF to ratelimit. This will not involve iptables. Iptables plus HTB on eth is still a non IMQ option for doing ingress - depends on detail though :-) I am assuming that you don''t want to do any sort of QOS for the customers.> > How would it be done with htb ?? > > The problem ist - 50% of all the traffic on eth0 is to establish the ppp > session through a l2tp tunnel and the other 50% are for the real traffic to > the internet. So i only want to shape down the traffic from or to the ppp > interfaces. But I can''t shape the whole traffic on eth0. So ... will there > be any problems regarding this ?I think it would be OK. HTB has a default class for traffic it can''t classify AFAIK the default for this is no limits. Or you could just make a class with a big limit.> > Of course i read the docs, but I just don''t know how exactly to generate the > shape-filter for this. I know i have to establish a root entry and make > another entry for every ppp device. but how do i connect the interfaces an > the traffic ?!? How would I generate this "hard limit" for the traffic ?Exactly how you do things depends on whether you can get your scripts to set a mark for a new ppp that relates it to a specific customer. If you can do this and inserting the rules into running iptables works OK then you could have an HTB class already setup on eth0 for each customers rates. Andy.> > Many thanks for the help. > > Regards > > F.Taeger > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/