Hello,
I have installed a server with three physical ethernet links and some
virtual interfaces:
eth0 - 213.215.42.70
eth0:1 - 213.215.42.71
eth0:2 - 213.215.42.72
eth0:3 - 213.215.42.73
eth0:4 - 213.215.42.74
eth0:5 - 213.215.42.75
eth0:6 - 213.215.42.76
eth0:7 - 213.215.42.77
eth0:8 - 213.215.42.78
eth2 - 192.168.1.128
eth3 - 213.215.42.69
All traffic are routed by iproute2 and iptables rules without any
trouble, but I don''t understand how install a traffic limitation on
each
IP address. I have to limit forwarded traffic on eth0:x, and input and
output traffic on eth3. Thus, I have written :
MAX_LOCAL_RATE=2mbit
MAX_PUBLIC_RATE=100mbit
LOCAL_INTERFACE=eth3
LOCAL_ADDRESS=213.215.42.69
PUBLIC_INTERFACE=eth0
# eth3
tc qdisc add dev $LOCAL_INTERFACE root handle 1: htb default 100
tc class add dev $LOCAL_INTERFACE parent 1: classid 1:1 \
htb rate $MAX_LOCAL_RATE
tc filter add dev $LOCAL_INTERFACE protocol ip parent 1: \
prio 1 u32 match ip src $LOCAL_ADDRESS/32 flowid 1:1
tc class add dev $LOCAL_INTERFACE parent 1: classid 1:100 \
htb rate 16kbit
tc qdisc add dev $LOCAL_INTERFACE parent 1:100 sfq perturb 10
tc qdisc add dev $LOCAL_INTERFACE handle ffff: ingress
tc filter add dev $LOCAL_INTERFACE protocol ip parent ffff: \
prio 1 u32 match ip dst $LOCAL_ADDRESS/32 \
police rate $MAX_LOCAL_RATE burst 20k drop flowid :1
# eth0
tc qdisc add dev $PUBLIC_INTERFACE root handle 2: htb default 200
tc class add dev $PUBLIC_INTERFACE parent 2: classid 2:1 \
htb rate $MAX_PUBLIC_RATE burst 20k
tc class add dev $PUBLIC_INTERFACE parent 2: classid 2:200 \
htb rate 16kbit
tc qdisc add dev $PUBLIC_INTERFACE parent 2:200 sfq perturb 10
# 213.215.42.71
tc class add dev $PUBLIC_INTERFACE parent 2:1 classid 2:71 \
htb rate 1024kbps ceil 1024kbps burst 20k
tc qdisc add dev $PUBLIC_INTERFACE parent 2:71 handle 71: sfq perturb 10
tc filter add dev $PUBLIC_INTERFACE protocol ip parent 2:71 \
prio 1 handle 71 fw flowid 2:71
# 213.215.42.72
tc class add dev $PUBLIC_INTERFACE parent 2:1 classid 2:72 \
htb rate 512kbit
tc qdisc add dev $PUBLIC_INTERFACE parent 2:72 handle 72: sfq perturb 10
tc filter add dev $PUBLIC_INTERFACE protocol ip parent 2:72 \
prio 1 handle 72 fw flowid 2:72
When I start for example a ftp connection (and only one) on
213.215.42.71, traffic shaping works fine (fw mark are set by iptables
rules). When more than one connection are done, paquet transfert is very
slow (~20 kbps even I specify 1024kbps). I suspect a mistake in my code
but I don''t know how fix it. I have tried to use quantum, r2q, burst,
cburst without any success. Any idea ?
Thanks in advance,
JKB