[LARTC] Some shaping questions....

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello mailing list.

I am sitting here at the office and after reading the Advanced
routing howto, some iptables documents and Howto, I am not quite sure
how to do this. I have the following setup
and while I explain it, I would like to ask everyone that reads this
to tell me if they would go about it in a similar fashion or not.

We own a symmetric 2 Mbit uplink via ATM and I am trying to limit the
services a bit.

We would like to sort out the followinf services into their own
classes, so that they may be bandwidth shaped.

HTTP+HTTPs+SQUID connections which are outgoing to fetch data
FTP+FTP-DATA
SSH
ICMP
MAIL

I was thinking about the following bandwidth assignements:

HTTP... gets 15% (of the 2 Mbit)
FTP gets 15%
SSH gets 5% but the badnwidth is isolated and borrows from other
classes
ICMP gets 1% but is bounded
MAIL gets 10% (we do send an aweful lot of mail)

I am marking the traffic with IPtables in the PREROUTING chain and I
thought it would be the correct way to later use the fwmark target in
the tc filter add directive, however, if you think it is smarter to
use a u32 classifier, so please do tell me.

Right now my setup would look somewhat like this:

1:0 is a 10Mbit parent class which is the NIC to the Router.

1:1 is a subclass, which has 2Mbit and all other classes should
derrive from it.

I then wanted to create 1:3 to 1:7 for the services.
where the class for SSH would be isolated, borrow
The ICMP class would be bounded.

The output I currently have looks somewhat like this:

[root@gw root]# tc qdisc show dev eth0
qdisc sfq 70: quantum 1514b
qdisc sfq 60: quantum 1514b
qdisc sfq 50: quantum 1514b
qdisc sfq 40: quantum 1514b
qdisc sfq 30: quantum 1514b
qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit

(since I am using sfq as the queue algorithm)

The classes:
[root@gw root]# tc class show dev eth0
class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
class cbq 1:1 parent 1: rate 2Mbit (bounded) prio no-transmit
class cbq 1:3 parent 1:1 leaf 30: rate 153Kbit prio no-transmit
class cbq 1:4 parent 1:1 leaf 40: rate 153Kbit prio no-transmit
class cbq 1:5 parent 1:1 leaf 50: rate 20Kbit (bounded) prio
no-transmit
class cbq 1:6 parent 1:1 leaf 60: rate 102Kbit (isolated) prio
no-transmit
class cbq 1:7 parent 1:1 leaf 70: rate 204Kbit prio no-transmit

1:3 is Ftp+ftp-data
1:4 is https+http plus everything from sport 3128
1:5 is icmp
1:6 is ssh
1:7 is smtp

The filters look as follows:
[root@gw root]# tc filter show dev eth0
filter parent 1: protocol ip pref 100 fw
filter parent 1: protocol ip pref 100 fw handle 0x1 classid 1:5
filter parent 1: protocol ip pref 100 fw handle 0x2 classid 1:6
filter parent 1: protocol ip pref 100 fw handle 0x3 classid 1:3
filter parent 1: protocol ip pref 100 fw handle 0x4 classid 1:4
filter parent 1: protocol ip pref 100 fw handle 0x6 classid 1:7

and my iptables marking rules read as follows:
[root@gw root]# iptables -t mangle -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination       
MARK       icmp --  anywhere             anywhere           MARK set
0x1
MARK       tcp  --  anywhere             anywhere           tcp
dpt:http MARK set 0x4
MARK       tcp  --  anywhere             anywhere           tcp
dpt:https MARK set 0x4
MARK       tcp  --  anywhere             anywhere           tcp
dpt:ftp MARK set 0x3
MARK       tcp  --  anywhere             anywhere           tcp
spt:ftp-data MARK set 0x3
MARK       tcp  --  anywhere             anywhere           tcp
dpt:ssh MARK set 0x2
MARK       tcp  --  anywhere             anywhere           tcp
dpt:smtp MARK set 0x6
MARK       tcp  --  anywhere             anywhere           tcp
spt:squid MARK set 0x4

Would you go about this the same way? Or do you recommend doing it in
a different way?
I am very grateful for any hints, because I am very new to this on
Linux, i usually use cisco IOS for it, but this time, linux is my
choice and I really wish to learn it. Any other hints,
such as documenation is greatly appreciated as well.

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAjytjtMACgkQSv4PndfE29DlCACeKbTI8foLoe6ERc2cztjBOE/G
OW0AoKlKMQJRa3Nny8yRenI/AqlgWu/g
=IeHQ
-----END PGP SIGNATURE-----






[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux