Thanks Martin, Comments added below: --- "Martin A. Brown" <mabrown-lartc@xxxxxxxxxxxxxx> wrote: > Hello James, > > : Anyways I was curious if it would be possible to build my own > linux > : router for this purpose and what would I need to install - > compile - or > : patch. > > [ For the record, this is not the only way, but it is one of the > easiest > ways to get into traffic control with linux, and is very well > supported > on this list. ] > > - kernel with HTB (version 3) [ 2.4.20+, without patches ] > - tc with HTB support: http://luxik.cdi.cz/~devik/qos/htb/ > > : I am planning on using Gentoo as the base system so I can put > : everything I need in the Kernel as I install the system. Problem > is I > : am not sure what to add to the kernel to make this Idea > possible. Or > : even where to find a working example similar to what I want to > do > : with my router. > > See the QoS kernel options. (Search for "fair queueing" in your > .config.) > > : Any pointers will be appreciated. > > As usual, there are two good places to start: > > http://lartc.org/ LARTC > http://www.docum.org/ Stef Coene's site > > There are ample other resources if you have more specific > questions. > > : The part 2 portion of the idea would be to have different > iptables > : rules for some of the ip ranges that don't have their bandwidth > : limited... > > What exactly do you mean here? Do you wish to use fwmark as a > selector > for traffic control? Not sure if I mean fwmark. However Stef's docs are on my reading list. Basically I will want to simulate different types of firewalls per iprange. Meaning -- the basic firewall config I will allow anything out and only responses into the "network" and on a more evil admin type firewall I would like to block various ports from outbound access. Any suggestions here would also be appreciated. > If so, read some of Stef's docs: > > http://www.docum.org/ > http://www.docum.org/stef.coene/qos/docs/filter.html > > Short answer: Yes, you can use ipchains/iptables to mark packets > and then > perform traffic control based on these marks. Which would be better ipchains or iptables? > > : What would I need to install/patch to build a bandwidth router? > The > : purpose of the router would be to limit sets of STATIC ip ranges > to > : various up/down speeds for testing purposes. > : > > Your example, a possibility. Modified, with ASCII diagram: > > > selected IPs bandwidth class > ---------------------------------------- > 192.168.2.4-9 28.8 1:2 > 192.168.2.10-15 56.6k 1:3 > 192.168.2.16-21 128k 1:4 > 192.168.2.22-25 256k 1:5 > 192.168.2.26-30 512k 1:6 > > RB=real bandwidth > r = HTB class rate > c = HTB class ceil > > Yes you can select ranges of IPs with classifiers (tc filter) and > restrict > them to classes with specified bandwidths. > > HTB-root-class (1:1) -- - - - - - -> RBkbit r > RBkbit c > | > +--------+--------+--------+--------+-------+ > 1:7 | 1:6 | 1:5 | 1:4 | 1:3 | 1:2 | > | | | | | +--> 28kbit r > 28kbit c > | | | | +-- - - - -> 56kbit r > 56kbit c > | | | +- - - - - - - - - -> 128kbit r > 128kbit c > | | +-- - - - - - - - - - - - - -> 256kbit r > 256kbit c > | +- - - - - - - - - - - - - - - - - - -> 512kbit r > 512kbit c > +-- - - - - - - - - - - - - - - - - - - - - - -> ???kbit r > RBkbit c > > Keep in mind, this is but one example of the way you could > subdivide your > bandwidth. > > The example above is a description of the classes and children > classes > which would allow you to enforce the guidelines you have set out > above. > Great example you definately got the little mouse back onto the wheel. > : Again to futher torture the client side applications we test. > > But why would we want to be so vicious to the poor client? All > it's > trying to do is consume every iota of bandwidth....is that so > wrong? > The client isn't evil, it's just coded that way.... ;-) My job is to punish the coders by beating their little client to a pulp, while maintaining consistant varibles thru out the test. ;-). The problem is they are starting to get wise to my tricks so I am having to get more creative... >:-) James > -Martin > > -- > Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx Again Thanks for your help.
