[LARTC] Re: Problem with HTB accurancy

Alexandra Alvarado <aaaa@xxxxxxxxxxxx> · Thu, 27 Feb 2003 17:09:21 -0500

Hello, I'm Alexandra Alvarado

I've been working with linux and CBQ with a long time, but know 
I

want to migrate to HTB, and I'm testing it in a linux with the next
features:
- Pentium IV 1.7 Ghz

- 256 MB

- 1 3Com 3C905B

- 1 3Com 3C905C

- Red Hat 8.0

- Kernel 2.4.20

- iproute-2.4.7-7

- Squid - Transparent Proxy

- VPN

- Named

- Reiserfs

- SNMP

- HTB (The configuration is in the attached file)
My problem is that rrdtool graph shows :
    ETH0 IN:       
596.99Kbps

    ETH0 OUT:    100.71Kbps
    ETH1 IN:       
74.44Kbps

    ETH1 OUT:    150.13Kbps
And the configuration has a ceil of 384Kbit
What I'm doing wrong??
I suppose that it could be with Squid Transparent Proxy, but in HTB
I have a default classid 20,

that is where must go any not specified traffic, how can I solve my
problem?
Thanks
Alexandra Alvarado

#!/bin/sh

iptables -F -t mangle

# ===>> Control de Trafico de Salida << === #

# ===>> PC1 <<=== #
iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.194 -j MARK --set-mark 1
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.194 -j MARK --set-mark 1

# ===>> PC2 <<=== #
iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.199 -j MARK --set-mark 3
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.199 -j MARK --set-mark 3

# ===>> PC3 <<=== #
iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.201 -j MARK --set-mark 5
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.201 -j MARK --set-mark 5

# ===>> Resto de la Red Privada <<=== #
iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.0/25 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.0/25 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.128/26 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.128/26 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.192 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.192 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.193 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.193 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.195 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.195 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.196 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.196 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.197 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.197 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.198 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.198 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.200 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.200 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.202 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.202 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.203 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.203 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.204 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.204 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.205 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.205 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.206 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.206 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.207 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.207 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.208/28 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.208/28 -j MARK --set-mark 7

iptables -A PREROUTING -t mangle -p tcp -s 207.100.136.224/27 -j MARK --set-mark 7
iptables -A PREROUTING -t mangle -p udp -s 207.100.136.224/27 -j MARK --set-mark 7

tc qdisc del dev eth0 root handle 1:

tc qdisc add dev eth0 root handle 1: htb default 20
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit ceil 384kbit burst 2k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth0 parent 1:1 classid 1:13 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth0 parent 1:1 classid 1:14 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 100kbit ceil 128kbit burst 2k

tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev eth0 parent 1: protocol ip prio 3 handle 3 fw classid 1:11
tc filter add dev eth0 parent 1: protocol ip prio 3 handle 5 fw classid 1:12
tc filter add dev eth0 parent 1: protocol ip prio 3 handle 7 fw classid 1:13

# ===>> Control de Trafico de Entrada << === # 

# ===>> PC1 <<=== #
iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.194 -j MARK --set-mark 2
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.194 -j MARK --set-mark 2

# ===>> PC2 <<=== #
iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.199 -j MARK --set-mark 4
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.199 -j MARK --set-mark 4

# ===>> PC3 <<=== #
iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.201 -j MARK --set-mark 6
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.201 -j MARK --set-mark 6

# ===>> Resto de la Red Privada <<=== #
iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.0/25 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.0/25 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.128/26 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.128/26 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.192 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.192 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.193 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.193 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.195 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.195 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.196 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.196 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.197 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.197 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.198 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.198 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.200 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.200 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.202 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.202 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.203 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.203 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.204 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.204 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.205 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.205 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.206 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.206 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.207 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.207 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.208/28 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.208/28 -j MARK --set-mark 8

iptables -A POSTROUTING -t mangle -p tcp -d 207.100.136.224/27 -j MARK --set-mark 8
iptables -A POSTROUTING -t mangle -p udp -d 207.100.136.224/27 -j MARK --set-mark 8

tc qdisc del dev eth1 root handle 1:

tc qdisc add dev eth1 root handle 1: htb default 20
tc class add dev eth1 parent 1: classid 1:1 htb rate 100mbit ceil 384kbit burst 2k
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 56kbit ceil 64kbit burst 2k
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 100kbit ceil 128kbit burst 2k

tc filter add dev eth1 parent 1: protocol ip prio 1 handle 2 fw classid 1:10
tc filter add dev eth1 parent 1: protocol ip prio 3 handle 4 fw classid 1:11
tc filter add dev eth1 parent 1: protocol ip prio 3 handle 6 fw classid 1:13
tc filter add dev eth1 parent 1: protocol ip prio 3 handle 8 fw classid 1:14

# === >> Fin << === #

[LARTC] Re: Problem with HTB accurancy

Linux Advanced Routing and Traffic Control