1. I think you should read the manuals again. 2. First of all if you want to prioritize download traffic you attach a qdisc to the internal network interface(interfaces) ...not eth0 (which I presume it's the external one). In your case ..because you have multiple network interfaces IMQ might be the right answer for your problems. With a qdisc attached to eth0 you can only prioritize upload traffic and your eth0 only sees gre tunnel kind of traffic. So 3. If you want to prioritze upload traffic then you should attach a qdisc to the kappa (your tunnel) interface. 4. If you want to prioritze download traffic ...you either attach a qdisc for every interface....or you can create an IMQ device and filter traffic according to iptables -j MARK. Regards, Mihai P.S. Attached you'll find some examples of IMQ and HTB. #!/bin/bash # iptm="/usr/local/sbin/iptables -t mangle" ipt="/usr/local/sbin/iptables" tc="/usr/src/tc" IF_EXT=eth0 IF_CMB=eth1 IF_TUN=bebe ######################################################################## ############## ## ## IMQ ## ip link set imq0 down $tc qdisc del dev imq0 root $tc qdisc add dev imq0 handle 1: root htb default 4 # debug 3333333 $tc class add dev imq0 parent 1: classid 1:5 htb rate 5mbit burst 6k # icmp, ssh $tc class add dev imq0 parent 1:5 classid 1:1 htb rate 512kbit ceil 5mbit burst 6k prio 1 # cmb: web ,yahoo,msn $tc class add dev imq0 parent 1:5 classid 1:2 htb rate 512kbit ceil 3mbit burst 6k prio 2 # cmb: restu $tc class add dev imq0 parent 1:5 classid 1:3 htb rate 8kbit ceil 2000kbit burst 6k prio 3 # mihai $tc class add dev imq0 parent 1:5 classid 1:4 htb rate 8kbit ceil 2000kbit burst 6k prio 4 $tc qdisc add dev imq0 parent 1:1 handle 10: sfq perturb 10 $tc qdisc add dev imq0 parent 1:2 handle 20: sfq perturb 10 $tc qdisc add dev imq0 parent 1:3 handle 30: sfq perturb 10 $tc qdisc add dev imq0 parent 1:4 handle 40: sfq perturb 10 ## Filter 1 # # ICMP $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip protocol 1 0xff flowid 1:1 # pun ACKurile in prio 1 ca sa mearga mai repede DL fata de UL #$tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ # match ip protocol 6 0xff \ # match u8 0x05 0x0f at 0 \ # match u16 0x0000 0xffc0 at 2 \ # match u8 0x10 0xff at 33 flowid 1:1 # TOS 0x10 Min Delay (ssh ) $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip tos 0x10 0xff flowid 1:1 $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip sport 22 0xffff flowid 1:1 ############################################################### # ## Filter 2 - cmb # web, msn(1863), yahoo(5050) # $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip sport 80 0xffff flowid 1:2 $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip sport 5050 0xffff flowid 1:2 $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip sport 1863 0xffff flowid 1:2 # pop (110) $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip sport 110 0xffff flowid 1:2 ############################################################### # ## Filter 3 - cmb # $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip dst 10.0.0.0/24 flowid 1:3 ############################################################### # ## Filter 4 - mihai # $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip dst 192.168.40.0/24 flowid 1:4 $tc filter add dev imq0 protocol ip prio 10 parent 1: u32 \ match ip dst 192.168.42.2 flowid 1:4 ip link set imq0 up where 192.168.42.2 is a tunnel end...not on the server using IMQ. (this script manages bandwidth sharing between the downloads that take place in the local network and the traffic that will go out the tunnel interface in order to reach one of the addresses from the class 192.168.40.0/24.) following an example of plain HTB: iptm="/sbin/iptables -t mangle" ipt="/sbin/iptables" tc="/sbin/tc" IF_EXT=eth0 IF_LOC=eth1 IFE=eth0 ######################################################################## ##### # INCEP PRIO...LOGICA E ASA..ARANJEZ PE COZI CE VREA SA PLECE #PE ETH0 SI LAS COADA PT ICMP SA FIE CEA CARE PLEACA PRIMA SI EVENTUAL SI #ACK-URILE SA PLECE..CA SA NU IMI AFECTEZE DOWNLOADU..UPLOADURILE IN PROGRESS $tc qdisc del dev $IF_EXT root $tc qdisc add dev $IF_EXT handle 1: root htb default 99 $tc class add dev $IF_EXT parent 1: classid 1:1 htb rate 520kbit $tc class add dev $IF_EXT parent 1:1 classid 1:2 htb rate 250kbit ceil 520kbit prio 1 $tc class add dev $IF_EXT parent 1:1 classid 1:3 htb rate 90kbit ceil 350kbit prio 2 $tc class add dev $IF_EXT parent 1:1 classid 1:4 htb rate 55kbit ceil 300kbit prio 3 $tc class add dev $IF_EXT parent 1:1 classid 1:99 htb rate 55kbit ceil 300kbit prio 7 $tc qdisc add dev $IF_EXT parent 1:4 handle 40: sfq perturb 10 $tc qdisc add dev $IF_EXT parent 1:99 handle 990: sfq perturb 10 # ICMP $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip protocol 1 0xff flowid 1:2 #SSH din intern spre extern $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip dport 22 0xffff flowid 1:2 #smtp+imap #$tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ # match ip sport 25 0xffff flowid 1:2 #$tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ # match ip dport 143 0xffff flowid 1:2 #Counter-strike $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip dport 27015 0xffff flowid 1:2 #radio 21 $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip dport 8000 0xffff flowid 1:2 #radio total $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip dport 9200 0xffff flowid 1:2 #MSN #$tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ # match ip dport 1863 0xffff flowid 1:3 #MSN $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip dst 212.93.142.226 flowid 1:2 # TOS Minimum Delay (ssh, NOT scp) in 1:10: $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip tos 0x10 0xff flowid 1:2 #schimb bitu de TOS din pachete pt ssh => se misca bine cand e traficu la #greu #surprinzator merge..de retinut Minimize-Delay are prio cea mai mare dintre #toate combinatiile de biti de TOS #iptables -A PREROUTING -i eth1 -t mangle -p tcp --dport 22 -j TOS --set-tos Minimize-Delay ###################################### #ackurile pt downloads $tc filter add dev $IF_EXT parent 1: protocol ip prio 2 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:3 $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip dport 53 0xffff flowid 1:3 ############################################# # diverse trafice stiute $tc filter add dev $IF_EXT parent 1: protocol ip prio 2 u32 \ match ip dport 80 0xffff flowid 1:4 $tc filter add dev $IF_EXT parent 1: protocol ip prio 2 u32 \ match ip dport 31280 0xffff flowid 1:4 $tc filter add dev $IF_EXT parent 1: protocol ip prio 2 u32 \ match ip dport 3128 0xffff flowid 1:4 $tc filter add dev $IF_EXT parent 1: protocol ip prio 2 u32 \ match ip dport 411 0xffff flowid 1:4 $tc filter add dev $IF_EXT parent 1: protocol ip prio 2 u32 \ match ip dport 6667 0xffff flowid 1:4 $tc filter add dev $IF_EXT parent 1: protocol ip prio 2 u32 \ match ip dport 1412 0xffff flowid 1:4 ############################################# # Restu $tc filter add dev $IF_EXT protocol ip prio 2 parent 1: u32 \ match ip src 0.0.0.0/0 flowid 1:99 ######################################################################## ################## ######################################################################## ################## ############## PIORITATE PE INTERN ############### $tc qdisc del dev $IF_LOC root $tc qdisc add dev $IF_LOC handle 2: root htb default 99 $tc class add dev $IF_LOC parent 2: classid 2:1 htb rate 5500kbit $tc class add dev $IF_LOC parent 2:1 classid 2:2 htb rate 1000kbit ceil 5500kbit prio 1 $tc class add dev $IF_LOC parent 2:1 classid 2:20 htb rate 2000kbit ceil 2400kbit prio 2 $tc class add dev $IF_LOC parent 2:1 classid 2:99 htb rate 1000kbit ceil 5500kbit prio 3 #PRIO FIFO...nu are rost quantum si perturb..vreau latency mic #$tc qdisc add dev $IF_LOC parent 2:99 handle 990: sfq perturb 1 $tc qdisc add dev $IF_LOC parent 2:20 handle 220: sfq perturb 1 #Counter-strike $tc filter add dev $IF_LOC protocol ip prio 2 parent 2: u32 \ match ip dport 27005 0xffff flowid 2:2 ############################################# #MSN #dc++ pana in 300K*8=2400Mbits $tc filter add dev $IF_LOC protocol ip prio 2 parent 2: u32 \ match ip dport 1411 0xffff flowid 2:20 $tc filter add dev $IF_LOC protocol ip prio 2 parent 2: u32 \ match ip dport 411 0xffff flowid 2:20 $tc filter add dev $IF_LOC protocol ip prio 2 parent 2: u32 \ match ip dport 412 0xffff flowid 2:20 $tc filter add dev $IF_LOC protocol ip prio 2 parent 2: u32 \ match ip dport 1412 0xffff flowid 2:20 # Restu $tc filter add dev $IF_LOC protocol ip prio 2 parent 2: u32 \ match ip dst 0.0.0.0/0 flowid 2:99 ----- Original Message ----- From: "Radu-Mihail Obada" <radu@xxxxxxxxxxxxx> To: <lartc@xxxxxxxxxxxxxxx> Sent: Saturday, June 07, 2003 5:21 PM Subject: [LARTC] Traffic shapping - problems with filtering & need your comments > Hey everyone, > Yes, I have read the docs and the man pages and the examples bla bla ;-). > Ok, here is my setup: > Linux - router, 4 interfaces (3 hardware & 1 virtual), which follow: > eth0 - optical fiber 100mbit full-duplex (limited by the ISP at 10mbit > full duplex - like it's connected @ 100mbit full-dupex but I can't get > more than 1.2, 1.3MB/s); > eth1 & eth2 (with two aliases on eth1), the interfaces I need to do > routing for; > kappa0 - gre tunnel over eth0 - dunno if it matters, but to be safe, I > include it here. > This is what I want to do: I want to prioritize and guarantee bandwidth > for important traffic (which is web, smtp, ssh, irc, pop, imap) and let > the bulk traffic (peer to peer, ftp etc.) come second. > So I've attached a HTB root qdisc to eth0, then two HTB classes; the one > for the important traffic has a prio qdisc which has sfq leaves. > This is what I've done: > ----*excerpts for the shapping script*---- > tc qdisc add dev eth0 root handle 1: htb default 12 > tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit burst 12kb > tc class add dev eth0 parent 1:1 classid 1:11 htb rate 4mbit ceil 10mbit \ > burst 6kb prio 1 > tc class add dev eth0 parent 1:1 classid 1:12 htb rate 6mbit ceil 10mbit \ > burst 6kb prio 2 > tc qdisc add dev eth0 parent 1:12 sfq perturb 10 > tc qdisc add dev eth0 parent 1:11 handle 11: prio > tc qdisc add dev eth0 parent 11:1 sfq perturb 10 > tc qdisc add dev eth0 parent 11:2 sfq perturb 10 > tc qdisc add dev eth0 parent 11:3 sfq perturb 10 > ----*end*---- > That's my basic setup (hope it's correct). I've addded the prio qdisc to > minimize latency for some applications (like ssh, irc etc.). > I would like to hear any comments on the above... > Now, regarding filtering. Say I want to direct web traffic to class 11:3. > Why doesn't this work (or what's wrong with what I understand about > filtering)? > tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip \ > dport 80 0xffff flowid 11:3 > I guess that's about all (for the moment :-;), thanks alot for your time, > and I'm eager to hear your comments, suggestions etc. > > Best regards, > Radu-Mihail Obada > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
