Hello, We have a small LAN with 7 PCs. On the Linux server I have created a traffic shaping script that must do the following: 1) Total BW to be shaped 7MBit 2) Group A (8001) bound BW 3MBit 3) Group B (8002) bound BW 1.5MBit -for the tests I have inserted all the PCs in Group B. They are with different rates but always LESS than the Group B BW. As a total they are over the total BW of the Group. I want to set the shaper to not allow the groups to use MORE than allowed setting some contention ratio of 1:2. Here is my current test script. Please advise! Thanks. # flush root qdisc tc qdisc del dev eth0 root # add root qdisc on eth0 tc qdisc add dev eth0 root handle 10: cbq bandwidth 100MBit avpkt 1000 # add main bandwidth for shaping 7168KBit tc class add dev eth0 parent 10:0 classid 10:8000 est 1sec 8sec cbq bandwidth 100MBit rate 7168KBit allot 1514 avpkt 1000 prio 3 bounded isolated tc filter add dev eth0 parent 10:0 protocol ip prio 4 handle 1 fw classid 10:8000 tc filter add dev eth0 parent 10:0 protocol ip prio 4 handle 2 fw classid 10:8000 tc filter add dev eth0 parent 10:0 protocol ip prio 4 handle 3 fw classid 10:8000 # add groups in the main stream # group 1 of 3072KBit tc class add dev eth0 parent 10:8000 classid 10:8001 est 1sec 8sec cbq bandwidth 100MBit rate 3072KBit allot 1514 avpkt 1000 prio 3 bounded # group 2 of 1536KBit tc class add dev eth0 parent 10:8000 classid 10:8002 est 1sec 8sec cbq bandwidth 100MBit rate 1536KBit allot 1514 avpkt 1000 prio 3 bounded tc filter add dev eth0 parent 10:8000 protocol ip prio 4 handle 1 fw classid 10:8002 tc filter add dev eth0 parent 10:8000 protocol ip prio 4 handle 2 fw classid 10:8002 tc filter add dev eth0 parent 10:8000 protocol ip prio 4 handle 3 fw classid 10:8002 # add users in group 2 # user 1 is 512KBit with 1Mbit bound # bound class tc class add dev eth0 parent 10:8002 classid 10:4001 est 1sec 8sec cbq bandwidth 100MBit rate 1024KBit allot 1514 avpkt 1000 prio 3 bounded tc filter add dev eth0 parent 10:8002 protocol ip prio 4 handle 1 fw classid 10:4001 # rate class not bound tc class add dev eth0 parent 10:4001 classid 10:1 est 1sec 8sec cbq bandwidth 100MBit rate 512KBit allot 1514 avpkt 1000 prio 3 tc filter add dev eth0 parent 10:4001 protocol ip prio 4 handle 1 fw classid 10:1 # user 2 is 1Mbit with 1500KBit bound # bound class tc class add dev eth0 parent 10:8002 classid 10:4002 est 1sec 8sec cbq bandwidth 100MBit rate 1500KBit allot 1514 avpkt 1000 prio 3 bounded tc filter add dev eth0 parent 10:8002 protocol ip prio 4 handle 2 fw classid 10:4002 # rate class not bound tc class add dev eth0 parent 10:4002 classid 10:2 est 1sec 8sec cbq bandwidth 100MBit rate 1024KBit allot 1514 avpkt 1000 prio 3 tc filter add dev eth0 parent 10:4002 protocol ip prio 4 handle 2 fw classid 10:2 # user 3 is 1Mbit with 1500KBit bound # bound class tc class add dev eth0 parent 10:8002 classid 10:4003 est 1sec 8sec cbq bandwidth 100MBit rate 1500KBit allot 1514 avpkt 1000 prio 3 bounded tc filter add dev eth0 parent 10:8002 protocol ip prio 4 handle 3 fw classid 10:4003 # rate class not bound tc class add dev eth0 parent 10:4003 classid 10:3 est 1sec 8sec cbq bandwidth 100MBit rate 1024KBit allot 1514 avpkt 1000 prio 3 tc filter add dev eth0 parent 10:4003 protocol ip prio 4 handle 3 fw classid 10:3 # iptables flush table iptables -t mangle -F PREROUTING iptables -t mangle -F OUTPUT # mark packets iptables -t mangle -A PREROUTING -d 192.168.20.35 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -d 192.168.20.35 -j RETURN iptables -t mangle -A OUTPUT -d 192.168.20.35 -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -d 192.168.20.35 -j RETURN iptables -t mangle -A PREROUTING -d 192.168.20.64 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -d 192.168.20.64 -j RETURN iptables -t mangle -A OUTPUT -d 192.168.20.64 -j MARK --set-mark 2 iptables -t mangle -A OUTPUT -d 192.168.20.64 -j RETURN iptables -t mangle -A PREROUTING -d 192.168.20.50 -j MARK --set-mark 3 iptables -t mangle -A PREROUTING -d 192.168.20.50 -j RETURN iptables -t mangle -A OUTPUT -d 192.168.20.50 -j MARK --set-mark 3 iptables -t mangle -A OUTPUT -d 192.168.20.50 -j RETURN Regards, Kalin.
