hi all
i want to first apollogiaze if my message will annoy you(my guess is
because it will be quite large:))
i have the following situation on my hands
i was recently faced with the problem of traffic shaping/bandwith
limiting.
my setup is(very common i guess)
-internet comming in(going out) through eth0
-internet is being "shared" with the private local network via eth1.
i googled&googled worked my brain out and arrived to this sollution:
in order to have everybody have a guaranteed bandwidth i have to "htb"
them:)
here''s what i did
i limit the upload by ahaping outgoing traffic according to this tree, on
eth0
# +---------+
# | root 1: |
# +---------+
# |
# +----------------------------------------------+
# | class 1:11-total |
# +----------------------------------------------+
# | | \
# | | \
# | | +-------------------------------+
# | | | class 1:101 -upload "local"
|
# | | +-------------------------------+
# | | |
# | \ 111:sfq
# | |
# +------------------+ +--------------------------+
# | class 1:1-lower | | class 1:2-higher rates |
# +------------------+ +--------------------------+
# / \ | |
# | | | |
# +-----+ +-----+ +-----+ +-----+
# |1:102|... |1:130| |1:204| ... |1:228|
# +-----+ +-----+ +-----+ +-----+
#
so here goes how i build the tree
#first some variables
dev=eth0
total=512
#for first class i define the limits-i have ten users in this
min1=16
max1=$[$min1*10]
#second class-12 users
min2=24
max2=$[$min2*12]
#what''s left of the bandwidth i put into the local upload class
local=$[$total-$max1-$max2]
#the root
tc qdisc add dev $dev root handle 1: htb default 101 r2q 1
#i fixed r2q to 1 because of the warnings i could get from too low/high
#quantums.
#the main class
tc class add dev $dev parent 1:0 classid 1:11 htb rate ${max}kbit\
burst 2k prio 1
#the class for the first category of users
tc class add dev $dev parent 1:11 classid 1:1 htb rate ${max1}kbit\
ceil $[$max1+$max1/5]kbit burst 2k prio 1
#then the list of classes for this category
tc class add dev $dev parent 1:1 clasid 1:102 htb rate ${min1}kbit\
ceil $[$max1/2] burst 2k prio 1
#and so on
#then we do the second category
tc class add dev $dev parent 1:11 classid 1:2 htb rate ${max2}kbit\
ceil $[$max2+$max2/4]kbit burst 2k prio 1
#then a class for every ip in this group
tc class add dev $dev parent 1:2 classid 1:204 htb rate ${min2}kbit\
ceil $[$max2/2]kbit burst 2k prio 1
##
at this point i have a first round of questions....do i need to set
a different burst value? do i need to specify quantum? i saw on a
htb-utils generated script that quantum for the parent classes was set to
1500, should i do that too? any other suggestion is wellcome
##
#now i define the class for the trafic generated from the router itself
tc class add dev $dev parent 1:11 classid 1:101 htb rate ${local}kbit\
burst 2k prio 1
#we add a sfq qdisc to share equally this bandwidth between all the
#visitors/guest or whatever
tc qdisc add dev $dev parent 1:101 handle 111: sfq perturb 10
now the tree is done
because i use SNAT i can t use the u32 selector to classify the traffic.
so i use the fw filter, after marking the packets that come from each ip
with iptables.
#first we mark the packets leaving the machine
iptables -A OUTPUT -t mangle -o $dev -s $local_internet_ip -j MARK\
--set-mark 1
then we atach a filter that sends this traffic where it needs to go
tc filter add dev $dev parent 1:0 protocol ip prio 1 handle 1\
fw flowid 1:101
#we add rules to mark the packets from the local network
iptables -A FORWARD -t mangle -i eth1 -o eth0 -s 192.168.168.2/32\
-j MARK --set-mark 2
#then the filters ..
tc filter add dev $dev parent 1:0 protocol ip prio 2 handle 2\
fw flowid 1:102
#any comments about how i use iptables here?
#i put a different priority to this filter because i want the local trafic
#to be tested first. is this wrong?
to shape the download i use a similar tree but on eth1, and i use larger
values for the limits since this is the "download" speed:)
also here i use the u32 selector to direct the trafic. is this ok, or
should i find a way to use iptables marking as well?
and instead of the local upload branch i have a separate "larger"
branch
for local downloads(from the router).
# +---------+
# | root 1: |-------------------
# +---------+ \
# | |
# | +----------------------+
# | |class 1:3 local 3mbit |
# | +----------------------+
# | |
# | +--------+
# | | 1:30 |
# | +--------+
# +------------------------------+ |
# | class 1:11-internet 512kbit | sfq:
# +------------------------------+
# / \
# | |
# +-----------------------------------+ +-------------------------+
# | class 1:1-minim 160kbit | | class 1:2 minim 360kbit |
# +-----------------------------------+ +-------------------------+
# | | | | | |
# +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
# |1:102| | ... | |1:130| |1:204| | ... | |1:228|
# +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
#
another problem i ran into is that i can t seem to atach filters anywhere
but the root qdisc
any advice on how i can inprove my setup is wellcome
aaa almost forgot
i use fedora core 4
THANK YOU FOR YOUR PACIENCE!
