Shorewall users - Mar 2009 - Understanding traffic shaping in relation to zones

Hi,

I''ve just spent many hours reading:

http://www.shorewall.net/traffic_shaping.htm

and: 

http://www.shorewall.net/PacketMarking.html

and skimmed it''s links (I understand most of the links anyway). 

I''m trying to relate my understanding of that material to my setup.

I''m using shorewall-perl-4.0.10-3.noarch

In my /etc/shorewall/hosts and /etc/shorewall/zones files, I have about 15 zones
where I specify different subnets, and route for those zones, have rules for
them etc.

What I want to do is perform outbound traffic shaping on one of those zones.

In the early days of shorewall 2.x, I used to use wondershaper and a tcstart
script but when upgrading to 4.x I didn''t need to implement traffic
shaping so didn''t migrate that setup at the time.

Now I need shaping again, the steps I plan to take for 4.x is:

1. set TC_ENABLED to "Internal" in /etc/shorewall/shorewall.conf

2. set IN-BANDWIDTH and OUT-BANDWIDTH values in /etc/shorewall/tcdevices

3. define rules in /etc/shorewall/tcrules

I don''t fully understand how I would use/need classes for the tcclasses
file.

Generally, do those steps look ok?

Also, looking at one of the examples on the Packet Marking URL, there''s
this example:

#INTERFACE      IN-BANDWITH     OUT-BANDWIDTH
eth3            1.3mbit         384kbit
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

#INTERFACE      MARK    RATE            CEIL            PRIORITY        OPTIONS
eth3            10      full            full            1              
tcp-ack,tos-minimize-delay
eth3            20      9*full/10       9*full/10       2               default
eth3            30      6*full/10       6*full/10       3
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Is the:

9*full/10

an actual equation that''s processed by shorewall? if so,
what''s the figure used for "full".

Just in case it''s needed, the link I''m shaping is a
25Mbps/25Mbps link.

Any advice is appreciated. 

Thanks.

Michael.



      Stay connected to the people that matter most with a smarter inbox. Take a
look http://au.docs.yahoo.com/mail/smarterinbox

------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com

Michael Mansour wrote:
> In my /etc/shorewall/hosts and /etc/shorewall/zones files, I have
> about 15 zones where I specify different subnets, and route for those
> zones, have rules for them etc.
> 
> What I want to do is perform outbound traffic shaping on one of those
> zones.
Zones are security objects. Traffic shaping is based on network interfaces.
> 
> In the early days of shorewall 2.x, I used to use wondershaper and a
> tcstart script but when upgrading to 4.x I didn''t need to
implement
> traffic shaping so didn''t migrate that setup at the time.
I assume that you saw the wondershaper-replacement configuration at
http://www1.shorewall.net/traffic_shaping.htm#Wondershaper.
> 
> Now I need shaping again, the steps I plan to take for 4.x is:
> 
> 1. set TC_ENABLED to "Internal" in /etc/shorewall/shorewall.conf
> 
> 2. set IN-BANDWIDTH and OUT-BANDWIDTH values in
> /etc/shorewall/tcdevices
You will need to tune them, especially IN-BANDWIDTH.
http://www1.shorewall.net/traffic_shaping.htm gives
instructions.
> 
> 3. define rules in /etc/shorewall/tcrules
> 
> I don''t fully understand how I would use/need classes for the
> tcclasses file.
The entries in tcrules mark packets so that they can be associated with
a class that you define in /etc/shorewall/tcclasses.
> 
> Generally, do those steps look ok?
You need to define your classes also.
> 
> Also, looking at one of the examples on the Packet Marking URL,
> there''s this example:
> 
> #INTERFACE      IN-BANDWITH     OUT-BANDWIDTH eth3            1.3mbit
> 384kbit #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
> REMOVE
> 
> #INTERFACE      MARK    RATE            CEIL            PRIORITY
> OPTIONS eth3            10      full            full            1
> tcp-ack,tos-minimize-delay eth3            20      9*full/10
> 9*full/10       2               default eth3            30
> 6*full/10       6*full/10       3 #LAST LINE -- ADD YOUR ENTRIES
> BEFORE THIS ONE -- DO NOT REMOVE
> 
> Is the:
> 
> 9*full/10
> 
> an actual equation that''s processed by shorewall? if so,
what''s the
> figure used for "full".
Please see ''man shorewall-tcrules''.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com