Re: [LARTC] traffic shaping

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 13:22 4-1-01 +0100, you wrote:
Hello,

I'm trying to limit all outgoing traffic by means of TC. With six students
we are connected through the server (Debian 2.2 kernel 2.2.18) with a
cablemodem. When one person uploads (usually with full bandwidth available
15KB/s) none of the others can make use of the internet because no requests
for information can be send.

So, i want to limit the maximum individual upload to 5KB/s so this doesnt
disturb others useing the internet.

Situation:

Server: 192.168.1.1
Clients: 192.168.1.2 - 192.168.1.7
eth0: LAN
eth1: Cablemodem

Below is what I came up with myself but it doesnt seem to work. Also when do
i activate this rules? pre- of post configuring interfaces?

Thnx,
Wouter Smit

------------------------------------------------
#!/bin/sh

TC="/sbin/tc"
IF="eth1"

echo Configure queueing discipline
$TC qdisc add dev $IF root handle 10: cbq bandwidth 120Kbit avpkt 1000

echo Configure root class
$TC class add dev $IF parent 10:0 classid 10:1 cbq bandwidth 120Kbit rate \
 120Kbit allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000

echo Configure class divisions
$TC class add dev $IF parent 10:1 classid 10:100 cbq bandwidth 120Kbit rate
\
  40Kbit allot 1514 weight 4Kbit prio 5 maxburst 20 avpkt 1000 bounded

echo Configure queue management
$TC qdisc add dev $IF parent 10:100 sfq perturb 15 quantum 1514

echo Configure which packets belong to which class
$TC filter add dev $IF parent 10:0 protocol ip prio 25 u32 match ip src \
  192.168.1.0/24 flowid 10:100

We have the exact same situation, so here is our configuration script, with a little tweaking you should be able to implement it. Most important is that you MARK the packets that enter the router with ipchains.

# setup packetforwarding
/sbin/ipchains -P forward DENY
# here we mark the packets with -m
/sbin/ipchains -A forward -s 192.168.0.1/32 -j MASQ -m 0x1
/sbin/ipchains -A forward -s 192.168.0.4/32 -j MASQ -m 0x4
/sbin/ipchains -A forward -s 192.168.0.3/32 -j MASQ -m 0x3
/sbin/ipchains -A forward -s 192.168.0.6/32 -j MASQ -m 0x6
/sbin/ipchains -A forward -s 192.168.0.7/32 -j MASQ -m 0x7
/sbin/ipchains -A forward -s 192.168.0.10/32 -j MASQ -m 0xa
# eliminate spoofing
/sbin/ipchains -A forward -i $extip -s 192.168.0.0/24 -d 0.0.0.0/0 -j DENY

#root device for upstream, divided in various subclasses to more or less guarantee a fair loadbalancing (see below..)
/usr/bin/tc qdisc add dev eth1 root handle 1: cbq bandwidth 128Kbit avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 128Kbit rate 128Kbit \
allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 128Kbit rate 64Kbit \
allot 1514 weight 6Kbit prio 8 maxburst 20 avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:1 classid 1:3 cbq bandwidth 128Kbit rate 64Kbit \
allot 1514 weight 6Kbit prio 8 maxburst 20 avpkt 1000

# configure ip 1 here for 40 kbit (to ensure fairnes..) WITH borrowing
/usr/bin/tc class add dev eth1 parent 1:2 classid 1:11 cbq bandwidth 128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
/usr/bin/tc qdisc add dev eth1 parent 1:11 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 1 fw classid 1:11
#192.168.0.3
/usr/bin/tc class add dev eth1 parent 1:2 classid 1:13 cbq bandwidth 128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
/usr/bin/tc qdisc add dev eth1 parent 1:13 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 3 fw classid 1:13
#192.168.0.4
/usr/bin/tc class add dev eth1 parent 1:2 classid 1:14 cbq bandwidth 128Kbit rate 35Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
/usr/bin/tc qdisc add dev eth1 parent 1:14 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 4 fw classid 1:14
#192.168.0.6
/usr/bin/tc class add dev eth1 parent 1:3 classid 1:16 cbq bandwidth 128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
/usr/bin/tc qdisc add dev eth1 parent 1:16 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 6 fw classid 1:16
#192.168.0.7
/usr/bin/tc class add dev eth1 parent 1:3 classid 1:17 cbq bandwidth 128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
/usr/bin/tc qdisc add dev eth1 parent 1:17 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 7 fw classid 1:17
#192.168.0.10
/usr/bin/tc class add dev eth1 parent 1:3 classid 1:20 cbq bandwidth 128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
/usr/bin/tc qdisc add dev eth1 parent 1:20 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 10 fw classid 1:20

So we now have 1 root class of 128 kbit, two subclasses of 64 kbit, each of those subclass serving 3 people.
The 40kbit per person thing was done with one purpose: when 1 person starts the upload, and another person kicks in, the first person still gets 128Kbit - 40Kbit and the second one gets that 40 Kbit. This is more then one would get when we would simply divide 128Kbit by 6. I don't yet know how to get the loadbalancing system to divide the space evenly (1 person=128 Kbit, 2 persons = 64Kbit, 3=43Kbit etc..), but haven't come up with a solution yet.

Sander


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux