Hi,
Firstly I appologise for the cross-posting but as I got help from all
over the place I thought I had better feed back the results now I have
this working.
The Problem:
I run a Speedtouch ADSL modem on my router and host a number of services
behind my link (web server mainly) so people can access my files.
Unfortunately some of the files on my web-server are quite big > 100Mb
and while I'm happy for people to download them it kinda kills
interactivity when I am at home surfing.
The Solution:
Line rate control! I was going through various cookbook approaches (e.g.
the wondershapper) but decided to role my own because:
a) I've just grokked iptables and I didn't want to learn yet another
packet matching syntax
b) cbq solutions looked to hard to understand
c) its the only way to learn
What this script does is mark upstream packets using a bunch of iptables
matches. The marks correspond to the priority I want to assign my
traffic (remember I can only do this for outgoing packets, shaping
incoming data on my LAN wouldn't achieve much).
The script then create a bunch of htb shapers, one for each traffic type
giving a controlled rate of output. The filters are then setup to direct
packets to each traffic class based on the iptables matches done
earlier.
For more info read the script
Caveats:
This works for me, YMMV. I've done limited testing and for me I can
surf at my normal high speeds while large downloads happen from my
server. I expect it can be tuned further with experimentation and
would welcome any feedback on the script. I have a moderate number of
services on my link, I expect most people can simplify the priorities
to traffic originated by me and incomming connections. The script is
part of a larger firewall script that can be found on my websites CVS
pages (under software) but its not fully integrated yet.
Enjoy,
Alex.
function setup_shaping ()
{
# Setup POSTROUTING marking on dsl output
# needed for QoS type hacks
# 1 - outgoing interactive (ssh)
# 2 - outgoing file stuff (www)
# 3 - incomming interactive (ssh)
# 4 - incomming personal use (https, http-tunnel)
# 5 - incomming web
# 6 - incomming mail
# 7 - everything else
# create the to-dsl table (we can only shape outgoing traffic)
/sbin/iptables -t mangle -N to-dsl
# For outgoing packets we need to mark stuff
/sbin/iptables -t mangle -A to-dsl -p tcp --dport 22 -j MARK
--set-mark 1
/sbin/iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK
--set-mark 2
/sbin/iptables -t mangle -A to-dsl -p tcp --sport 24 -j MARK
--set-mark 3
/sbin/iptables -t mangle -A to-dsl -p tcp --sport 443 -j MARK
--set-mark 4
/sbin/iptables -t mangle -A to-dsl -p tcp --sport 8890 -j MARK
--set-mark 4
/sbin/iptables -t mangle -A to-dsl -p tcp --sport 80 -j MARK
--set-mark 5
/sbin/iptables -t mangle -A to-dsl -p tcp --sport 25 -j MARK
--set-mark 6
# enable the marking on all outgoing packets
/sbin/iptables -t mangle -A POSTROUTING -o $EXTIF -j to-dsl
# and the qdisc's
# Base htb class
/sbin/tc qdisc add dev ppp0 root handle 1: htb default 60
# add a rate limiting class underneath - this ensure we don't send
# packets to the dsl modem faster than its going to send them
/sbin/tc class add dev ppp0 parent 1: classid 1:1 htb rate 250kbit
burst 6k
#sub classes for each traffic type
/sbin/tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 250kbit
burst 15k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 250kbit
burst 15k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:30 htb rate 250kbit
burst 15k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:40 htb rate 250kbit
burst 15k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:50 htb rate 128kbit
burst 50k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:60 htb rate 100kbit
burst 15k
#note to self: to show class stats
#tc -s -d class show dev ppp0 parent 1:
# don't use prio anymore
#tc qdisc add dev ppp0 parent 1:1 handle 2: prio bands 6 priomap 0 1
2 3 4 5
# create sfq's under each traffic class to share it all out
/sbin/tc qdisc add dev ppp0 parent 1:10 handle 10: sfq
/sbin/tc qdisc add dev ppp0 parent 1:20 handle 20: sfq
/sbin/tc qdisc add dev ppp0 parent 1:30 handle 30: sfq
/sbin/tc qdisc add dev ppp0 parent 1:40 handle 40: sfq
/sbin/tc qdisc add dev ppp0 parent 1:50 handle 50: sfq
/sbin/tc qdisc add dev ppp0 parent 1:60 handle 60: sfq
# note to self: delete with
# tc qdisc del dev ppp0 parent 1:0 handle 10:
# are flowid and classid interchangable?
# create filters from the root to sort the traffic
/sbin/tc filter add dev ppp0 parent 1: protocol ip prio 1 handle 1
fw classid 1:10
/sbin/tc filter add dev ppp0 parent 1: protocol ip prio 2 handle 2
fw classid 1:20
/sbin/tc filter add dev ppp0 parent 1: protocol ip prio 3 handle 3
fw classid 1:30
/sbin/tc filter add dev ppp0 parent 1: protocol ip prio 4 handle 4
fw classid 1:40
/sbin/tc filter add dev ppp0 parent 1: protocol ip prio 5 handle 5
fw classid 1:50
/sbin/tc filter add dev ppp0 parent 1: protocol ip prio 6 handle 6
fw classid 1:60
#look at with
#tc filter show dev ppp0 parent 1:
#delete with
#tc filter del dev ppp0 parent 1: prio 1 etc..
}
--
Alex@Bennee.com
http://www.bennee.com/~alex/
