hi,
i am trying to have bandwidth shaping on my linux router.
i have a 64kbps link, on which i want to restrict the link use for http
/ftp access and give more bandwidth priority for vpn access. thanks to
martin devera i am using the htb for this.
|-----------| |-----------|
| MAIN LINK |-----+------| CLASS A |
|-----------| | |-----------|
|
|------+-----|
| CLASS B |
|------------|
MAIN LINK = 64kbps
CLASS A = 24kbps (for HTTP/ FTP and other internet related activities )
CLASS B = 40kbps ( reserved for PPTP-VPN access incoming and outgoing)
requirements :
each class should be able to borrow bandwidth from the other class when
excess is available
incoming vpn connections should come through the class B bandwidth policy
outgoing vpn connections should go through the class B bandwidth policy
following is the command set (lifted from the htb manual :-) ) i am
trying to use :
# tc qdisc add dev eth0 root handle 1: htb default 11
# tc class add dev eth0 parent 1: classid 1:1 htb rate 64kbps ceil 64
kbps burst 2k
# tc class add dev eth0 parent 1: classid 1:10 htb rate 64kbps ceil 64
kbps burst 2k
# tc class add dev eth0 parent 1: classid 1:11 htb rate 64kbps ceil 64
kbps burst 2k
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.1.0 match tcp dst 21 0xffff flowid \ 1:10
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.1.0 match tcp dst 80 0xffff flowid \ 1:10
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.1.0 match tcp dst 443 0xffff flowid \ 1:10
# tc qdisc add dev eth0 parent 1:10 handle 20: pfifo limit 5
# tc qdisc add dev eth0 parent 1:11 handle 30: sfq perturb 10
first i would like to know whether what i have done is correct or not in
context with my problem , i think i am on right track ?
why i did what i did
now to meet the above requirements what i did was to define bandwidth
shaping only for http, https & ftp (the major bandwidth guzzlers to
class A and made the class B as default.
but because of above rulesets my other inet services (like domain, ssh,
whois, ping etc) will go through the default policy of class B, which i
want to avoid without adding additional rulesets; can i define a ruleset
for VPN something like below : (and remove the rulesets for class A
and make clas A as default)
# tc filter add dev eth0 protocol 47 parent 1:0 prio 1 u32 match ip src
192.168.1.0 flowid 1:11
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.1.0 match tcp dst 1723 0xffff \
flowid 1:11
but how do i define the ruleset for incoming connections, can the
following be true
# tc filter add dev eth0 protocol 47 parent 1:0 prio 1 u32 match ip dst
192.168.1.0 flowid 1:11
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst
192.168.1.0 match tcp dst 1723 0xffff \
flowid 1:11
thanx in advance
regards / shekhar
