Hi,
I wanted to configure the following :
1. VPN + some other special connections (TCP 82,8282,23,22 and ICMP) to
have priority over the rest
2. special upstream for our updating system on port 4000
3. within the VPN tunnels citrix traffic ( TCP 1494, 2598) + icmp has
priority
I need this for both incoming and outgoing traffic as it is the bandwith
managment config on a central system from which 5 vpn tunnels are
configured to small offices and for which also mail , surf ,...
traffic exists.
I started from a working config file implementing 1. and 2.
As I understood it is possible to make a distinction within a class for
different subclasses thus allowing me to implement 3. . Therefore I
added the lines with ''===>>'' .
I clearly did something wrong cause it doesn''t compile :( Can anyone
explain me how to implement 3. ?
kind regards,
Pieter
$intDev = "adsl0";
// in bps (bits per second)
$maxUpstream = 2048000;
$maxDownstream = 2048000;
// Internet device
dev $intDev {
// outgoing traffic
egress {
/* classification */
// very interactive
class (<$group1>)
//VPN Protocols
if ip_proto == 50
if ip_proto == 47
// Known very interactive
if tcp_dport == 23
// Our interactive sessions
if tcp_dport == 82
if tcp_dport == 8282
// voorlopig omdat ''combined'' spullen precies niet
meer werken
// op kernel 2.4.24-axs-1
if tcp_dport == 22 && ip_tos_delay == 1
// ICMP
if ip_proto == 1;
// update server
class (<$group2>)
if tcp_sport == 4000;
// default
class (<$rest>)
if 1;
/* Queueing */
htb ( ) {
/* rate is what they normally get, ceil is the maximum they
can get when borrowing from the parent */
/* this is the surrounding class. limit the upstream here to
something just below the
real limit. this is to avoid that the next device (maybe
cable modem), will queue which will
result in having us no control ... */
class ( rate $maxUpstream bps, ceil $maxUpstream bps,
quantum 1 sec) {
$group1 = class ( rate ($maxUpstream / 8
*3) bps, ceil ($maxUpstream / 4) bps ){
==========>> // special citrix applications
==========>> class (<$vpn_prior>)
==========>> if tcp_dport == 1494
==========>> if tcp_dport == 2598
==========>> if ip_proto == 1;
==========>> // default
==========>> class (<$rest>)
==========>> if 1;
==========>> /* Queueing */
==========>> htb ( ) {
==========>> $vpn_prior = class (
rate ($maxUpstream / 8 *3) bps, ceil ($maxUpstream / 4) bps );
==========>> $rest = class ( rate
($maxUpstream / 8) bps, ceil ($maxUpstream / 4) bps ) ;
==========>> }
==========>> }
$group2 = class ( rate ($maxUpstream /
2) bps, ceil ($maxUpstream / 8 * 7) bps ) ;
$rest = class ( rate ($maxUpstream / 8)
bps, ceil ($maxUpstream / 4) bps ) ;
}
}
}
// incoming traffic
ingress {
// speeds
$veryhigh_cir = $maxDownstream / 4;
$veryhigh_pir = $maxDownstream / 4 * 3;
$low_cir = $maxDownstream / 4;
$low_pir = $maxDownstream / 4;
// variables to make categories
$is_veryhigh = (tcp_sport == PORT_SSH && ip_tos_delay == 1)
|| (ip_proto == 50) || (ip_proto == 47);
$is_low = 1;
// Double Leaky Buckets
$is_veryhigh_pol = DLB(cir $veryhigh_cir bps,cbs 20kB,pir
$veryhigh_pir bps,pbs 5kB) {
==========>> class (<$vpn_prior>)
==========>> if tcp_dport == 1494
==========>> if tcp_dport == 2598
==========>> if ip_proto == 1;
==========>> // default
==========>> class (<$rest>)
==========>> if 1;
==========>> prio {
==========>> $vpn_prior= class {}
==========>> $rest = class {}
==========>>
==========>> }
==========>> };
$is_low_pol = DLB(cir $low_cir bps,cbs 20kB,pir $low_pir
bps,pbs 5kB);
// do the policing
class (<>)
if $is_veryhigh && DLB_else_drop($is_veryhigh_pol);
class (<>)
if $is_low && DLB_else_drop($is_low_pol);
}
}
--
**********************************************
NEW ADDRESS as of 20/12/2004:
Dellingstraat 28b
2800 Mechelen
**********************************************
aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
