Hi Sander,
Seems to work now, below is my slightly altered configuration, thnx for
helping!
Greets,
Wouter
CLIENTS="2 3 4 5 6 7"
## Traffic shaping
##########################################################
# Configure queueing discipline
$TCBIN qdisc add dev $EXTERNALIF root handle 1: cbq bandwidth 128Kbit
avpkt 1000
# Configure root class
$TCBIN class add dev $EXTERNALIF parent 1:0 classid 1:1 cbq bandwidth
128Kbit rate 128Kbit \
allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000
# Configure class divisions
$TCBIN class add dev $EXTERNALIF parent 1:1 classid 1:2 cbq bandwidth
128Kbit rate 40Kbit \
allot 1514 weight 4Kbit prio 8 maxburst 20 avpkt 1000 bounded
# configure ips for 40Kbit
for I in $CLIENTS; do
$TCBIN class add dev $EXTERNALIF parent 1:2 classid 1:1$I cbq bandwidth
128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 bounded
$TCBIN qdisc add dev $EXTERNALIF parent 1:1$I sfq quantum 1514b perturb
15
$TCBIN filter add dev $EXTERNALIF parent 1:0 protocol ip prio 100 handle
$I fw classid 1:1$I
done
----- Original Message -----
From: "Sander" <thrill12@xxxxxxx>
To: "Wouter Smit" <wouter@xxxxxxxxxxxx>
Cc: <lartc@xxxxxxxxxxxxxxx>
Sent: Friday, January 05, 2001 4:52 AM
Subject: Re: [LARTC] traffic shaping
> That is my internet-interface ;) It is quite simple:
>
> -the packets enter eth0
> -then they are marked by ipchains
> -then they enter eth1 and thus the 128kbit class I made
> -and then they are balanced
>
> Sander
>
> At 21:27 4-1-01 +0100, you wrote:
> >Is eth1 your lan of inet interface?
> >
> >Thnx,
> >Wouter
> >
> >----- Original Message -----
> >From: "Sander" <thrill12@xxxxxxx>
> >To: "Wouter Smit" <wouter@xxxxxxxxxxxx>
> >Cc: <lartc@xxxxxxxxxxxxxxx>
> >Sent: Thursday, January 04, 2001 7:17 PM
> >Subject: Re: [LARTC] traffic shaping
> >
> >
> > > At 13:22 4-1-01 +0100, you wrote:
> > > >Hello,
> > > >
> > > >I'm trying to limit all outgoing traffic by means of TC. With six
> >students
> > > >we are connected through the server (Debian 2.2 kernel 2.2.18) with a
> > > >cablemodem. When one person uploads (usually with full bandwidth
> >available
> > > >15KB/s) none of the others can make use of the internet because no
> >requests
> > > >for information can be send.
> > > >
> > > >So, i want to limit the maximum individual upload to 5KB/s so this
doesnt
> > > >disturb others useing the internet.
> > > >
> > > >Situation:
> > > >
> > > >Server: 192.168.1.1
> > > >Clients: 192.168.1.2 - 192.168.1.7
> > > >eth0: LAN
> > > >eth1: Cablemodem
> > > >
> > > >Below is what I came up with myself but it doesnt seem to work. Also
when
> >do
> > > >i activate this rules? pre- of post configuring interfaces?
> > > >
> > > >Thnx,
> > > >Wouter Smit
> > > >
> > > >------------------------------------------------
> > > >#!/bin/sh
> > > >
> > > >TC="/sbin/tc"
> > > >IF="eth1"
> > > >
> > > >echo Configure queueing discipline
> > > >$TC qdisc add dev $IF root handle 10: cbq bandwidth 120Kbit avpkt
1000
> > > >
> > > >echo Configure root class
> > > >$TC class add dev $IF parent 10:0 classid 10:1 cbq bandwidth 120Kbit
rate
> >\
> > > > 120Kbit allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000
> > > >
> > > >echo Configure class divisions
> > > >$TC class add dev $IF parent 10:1 classid 10:100 cbq bandwidth
120Kbit
> >rate
> > > >\
> > > > 40Kbit allot 1514 weight 4Kbit prio 5 maxburst 20 avpkt 1000
bounded
> > > >
> > > >echo Configure queue management
> > > >$TC qdisc add dev $IF parent 10:100 sfq perturb 15 quantum 1514
> > > >
> > > >echo Configure which packets belong to which class
> > > >$TC filter add dev $IF parent 10:0 protocol ip prio 25 u32 match ip
src \
> > > > 192.168.1.0/24 flowid 10:100
> > >
> > > We have the exact same situation, so here is our configuration script,
> >with
> > > a little tweaking you should be able to implement it. Most important
is
> > > that you MARK the packets that enter the router with ipchains.
> > >
> > > # setup packetforwarding
> > > /sbin/ipchains -P forward DENY
> > > # here we mark the packets with -m
> > > /sbin/ipchains -A forward -s 192.168.0.1/32 -j MASQ -m 0x1
> > > /sbin/ipchains -A forward -s 192.168.0.4/32 -j MASQ -m 0x4
> > > /sbin/ipchains -A forward -s 192.168.0.3/32 -j MASQ -m 0x3
> > > /sbin/ipchains -A forward -s 192.168.0.6/32 -j MASQ -m 0x6
> > > /sbin/ipchains -A forward -s 192.168.0.7/32 -j MASQ -m 0x7
> > > /sbin/ipchains -A forward -s 192.168.0.10/32 -j MASQ -m 0xa
> > > # eliminate spoofing
> > > /sbin/ipchains -A forward -i $extip -s 192.168.0.0/24 -d 0.0.0.0/0 -j
DENY
> > >
> > > #root device for upstream, divided in various subclasses to more or
less
> > > guarantee a fair loadbalancing (see below..)
> > > /usr/bin/tc qdisc add dev eth1 root handle 1: cbq bandwidth 128Kbit
avpkt
> >1000
> > > /usr/bin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth
> >128Kbit
> > > rate 128Kbit \
> > > allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000
> > > /usr/bin/tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth
> >128Kbit
> > > rate 64Kbit \
> > > allot 1514 weight 6Kbit prio 8 maxburst 20 avpkt 1000
> > > /usr/bin/tc class add dev eth1 parent 1:1 classid 1:3 cbq bandwidth
> >128Kbit
> > > rate 64Kbit \
> > > allot 1514 weight 6Kbit prio 8 maxburst 20 avpkt 1000
> > >
> > > # configure ip 1 here for 40 kbit (to ensure fairnes..) WITH borrowing
> > > /usr/bin/tc class add dev eth1 parent 1:2 classid 1:11 cbq bandwidth
> > > 128Kbit rate 40Kbit \
> > > allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
> > > /usr/bin/tc qdisc add dev eth1 parent 1:11 sfq quantum 1514b perturb
15
> > > /usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle
1
> >fw
> > > classid 1:11
> > > #192.168.0.3
> > > /usr/bin/tc class add dev eth1 parent 1:2 classid 1:13 cbq bandwidth
> > > 128Kbit rate 40Kbit \
> > > allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
> > > /usr/bin/tc qdisc add dev eth1 parent 1:13 sfq quantum 1514b perturb
15
> > > /usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle
3
> >fw
> > > classid 1:13
> > > #192.168.0.4
> > > /usr/bin/tc class add dev eth1 parent 1:2 classid 1:14 cbq bandwidth
> > > 128Kbit rate 35Kbit \
> > > allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
> > > /usr/bin/tc qdisc add dev eth1 parent 1:14 sfq quantum 1514b perturb
15
> > > /usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle
4
> >fw
> > > classid 1:14
> > > #192.168.0.6
> > > /usr/bin/tc class add dev eth1 parent 1:3 classid 1:16 cbq bandwidth
> > > 128Kbit rate 40Kbit \
> > > allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
> > > /usr/bin/tc qdisc add dev eth1 parent 1:16 sfq quantum 1514b perturb
15
> > > /usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle
6
> >fw
> > > classid 1:16
> > > #192.168.0.7
> > > /usr/bin/tc class add dev eth1 parent 1:3 classid 1:17 cbq bandwidth
> > > 128Kbit rate 40Kbit \
> > > allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
> > > /usr/bin/tc qdisc add dev eth1 parent 1:17 sfq quantum 1514b perturb
15
> > > /usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle
7
> >fw
> > > classid 1:17
> > > #192.168.0.10
> > > /usr/bin/tc class add dev eth1 parent 1:3 classid 1:20 cbq bandwidth
> > > 128Kbit rate 40Kbit \
> > > allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
> > > /usr/bin/tc qdisc add dev eth1 parent 1:20 sfq quantum 1514b perturb
15
> > > /usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle
10
> > > fw classid 1:20
> > >
> > > So we now have 1 root class of 128 kbit, two subclasses of 64 kbit,
each
> >of
> > > those subclass serving 3 people.
> > > The 40kbit per person thing was done with one purpose: when 1 person
> >starts
> > > the upload, and another person kicks in, the first person still gets
> > > 128Kbit - 40Kbit and the second one gets that 40 Kbit. This is more
then
> > > one would get when we would simply divide 128Kbit by 6. I don't yet
know
> > > how to get the loadbalancing system to divide the space evenly (1
> > > person=128 Kbit, 2 persons = 64Kbit, 3=43Kbit etc..), but haven't come
up
> > > with a solution yet.
> > >
> > > Sander
