Hi David! I prefer using shaping instead of policing in most cases (in my experience it is always a hassle tuning rate-limit's to handle tcp streams correctly). For shaping you can use HTB (just remember that it can only delay outgoing traffic, so you need to add rules on eth1 in your case for incoming traffic and eth0 for outgoing traffic). Remember that you need to use smaller r2q values than the default for slow bandwidth such as 64k (I use 4 for our clients which works fine down to 32k) Here are some rules to get you started: tc qdisc add dev eth1 root handle 1: htb default 0 r2q 4 # your isp total bandwidth tc class add dev eth1 parent 1: classid 1:1 htb rate 2mbit # catchall rule for all your ips tc filter add dev $i protocol ip parent 1: prio 1 \ u32 match ip src a.b.c.d/y flowid 1:1 # shape client X to 64kbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 64kbit tc filter add dev eth1 protocol ip parent 1: prio 1 \ u32 match ip src e.f.g.h/x flowid 1:10 > I'm looking for the best way to set up a Linux router with "tc" to limit the > incoming bandwidth my ISP's clients use. > Please assist me with the following: > > > Diagram: > > INTERNET > | > | > | > |eth0 > ----------- Linux router/shaper > |eth1 > | > | > | > --------------- Clients1(64k)/2(128k)/3(64k)/... > > Clients normally purchase bandwidth in bundles of 64kbit. and I need to > limit their incoming bandwidth so that they are restricted to the amount > they have purchased from me. Some clients buy 64kbit, 128kbit and 256kbit of > incoming bandwidth. > > So far I've pick up the following: > > iptables -A PREROUTING -t mangle -i eth0 -p tcp \ > -s 0/0 -d <client 1> -j MARK --set-mark 1 > tc qdisc add dev eth0 handle ffff: ingress > tc filter add dev eth0 parent ffff: protocol ip prio 50 handle 1 fw \ > police rate 64kbit burst 10k mtu 1500 drop flowid :1 > > Is "drop" the correct action to take on packets that exceed the "rate" ? > Would this not cause data from internet servers to be retransmitted and > therefor increase the utilization of my link to my upstream provider ? > If possible I'd also like to prioritize certain clients incoming bandwidth > over other clients....or perhaps guarantee them a certain amount of incoming > bandwidth - is this also possible ? > > Thanks, any assistance or guidance would be greatly appreciated. > > Many thanks and kind regards. -- Regards Abraham ... I want FORTY-TWO TRYNEL FLOATATION SYSTEMS installed within SIX AND A HALF HOURS!!! ___________________________________________________ Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks P.O. Box 3472, Matieland, Stellenbosch, 7602 Cell: +27 82 565 4451 Http: http://www.frogfoot.net Email: abz@frogfoot.net
Attachment:
pgp00043.pgp
Description: PGP signature
