Re: HTB - shaping services and IP

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

WOW, thanks very much, I know I had some problems in understanding the
problem.
When I read my post I found out that it is sometimes not making sense,
sorry.

I am sending my currently working config.

It seems to be working, but I got some problems. When I start downloading
from
the web then the packets flow through class 1:11. And if I starts Dirrect
Connect(P2P)
downloading something. It gets limited to about 5-8kbytes, but I want it to
be something
like 1000kbit or less. That is my first problem.

The second problem is, that I want to make a limitation of speed to some
clients.
Lets say that user Phill won't download more then 64kbps. I don't know how
to do it.
That's why I was trying to selve it the way in previous email.


Thank you!!!!
    Phill


#!/bin/sh
############################################################################
####
#    HTB script made by phill
#    mailto:phill@xxxxxxxxx
############################################################################
####
LOCAL="imq0"
NET="ppp0"

CeilDownload=170
CeilDouwnloadDC=120 #max download speed for direct connect
CeilUpload=96
CeilUploadDC=16     #max upload speed for direct connect
############################################################################
####
#echo -n "Starting HTB..."
############################################################################
####

modprobe imq numdevs=1
ip link set imq0 up

############################################################################
####
#    Download part ...
############################################################################
####

tc qdisc add dev $LOCAL root handle 1: htb default 14

tc class add dev $LOCAL parent 1:  classid 1:1  htb rate ${CeilDownload}kbit
ceil ${CeilDownload}kbit

#11-->Fast-WWW,telnet,ssh,ping,...
    tc class add dev $LOCAL parent 1:1 classid 1:11 htb rate 100kbit ceil
${CeilDownload}kbit prio 1 burst 15k quantum 100
#12-->Medium-eMail
    tc class add dev $LOCAL parent 1:1 classid 1:12 htb rate 25kbit  ceil ${
CeilDownload}kbit prio 2 burst 5k  quantum 100
#13-->Slow-FTP
    tc class add dev $LOCAL parent 1:1 classid 1:13 htb rate 25kbit  ceil
${CeilDownload}kbit prio 3 burst 15k quantum 100
#14-->Other stuff-Default
    tc class add dev $LOCAL parent 1:1 classid 1:14 htb rate 18kbit  ceil
${CeilDownload}kbit prio 4 burst 5k quantum 100
#15-->DC,eDonkey
    tc class add dev $LOCAL parent 1:1 classid 1:15 htb rate 2kbit   ceil
${CeilDownloadDC}kbit prio 5 quantum 1

tc filter add dev $LOCAL parent 1:0 protocol ip prio 1 handle 1 fw classid
1:11
tc filter add dev $LOCAL parent 1:0 protocol ip prio 2 handle 2 fw classid
1:12
tc filter add dev $LOCAL parent 1:0 protocol ip prio 3 handle 3 fw classid
1:13
tc filter add dev $LOCAL parent 1:0 protocol ip prio 4 handle 4 fw classid
1:14
tc filter add dev $LOCAL parent 1:0 protocol ip prio 5 handle 5 fw classid
1:15

#sfq
tc qdisc add dev $LOCAL parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:13 handle 13: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:14 handle 14: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:15 handle 15: sfq perturb 10

#IPTABLES
#default
    iptables -A PREROUTING -t mangle -j MARK --set-mark 0x4
#11
    #WWW without squida
        iptables -A PREROUTING -t mangle  -p tcp --sport 80 -j
MARK --set-mark 0x1
        iptables -A PREROUTING -t mangle -p tcp --sport 443 -j
MARK --set-mark 0x1
    #WWW through squid <???>
         #dont know how but lets say everything going to the router machine
will
         #have this class. This works :->
         iptables -A PREROUTING -t mangle -p tcp -s 192.168.1.1 -j
MARK --set-mark 0x1
    #telnet
        iptables -A PREROUTING -t mangle -p tcp --sport 23 -j
MARK --set-mark 0x1
        iptables -A PREROUTING -t mangle -p udp --sport 23 -j
MARK --set-mark 0x1
    #ssh
        iptables -A PREROUTING -t mangle -p tcp --sport 22 -j
MARK --set-mark 0x1
        iptables -A PREROUTING -t mangle -p udp --sport 22 -j
MARK --set-mark 0x1
    #icmp
        iptables -A PREROUTING -t mangle -p icmp -j MARK --set-mark 0x1
    #dns
        iptables -A PREROUTING -t mangle -p tcp --sport 53 -j
MARK --set-mark 0x1
        iptables -A PREROUTING -t mangle -p udp --sport 53 -j
MARK --set-mark 0x1
    #ack
        iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j MARK --set-mark 0x1
#12
   #pop3
      iptables -A PREROUTING -t mangle -p tcp --sport 110 -j MARK --set-mark
0x2
      iptables -A PREROUTING -t mangle -p udp --sport 110 -j MARK --set-mark
0x2
   #smtp
      iptables -A PREROUTING -t mangle -p tcp --sport 25 -j MARK --set-mark
0x2
      iptables -A PREROUTING -t mangle -p udp --sport 25 -j MARK --set-mark
0x2
   #imap
      iptables -A PREROUTING -t mangle -p tcp --sport 143 -j MARK --set-mark
0x2
      iptables -A PREROUTING -t mangle -p udp --sport 143 -j MARK --set-mark
0x2
#13
   #ftp
    iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 20:21 -j
MARK --set-mark 0x3
#14
   #Other stuff...DEFAULT!!!
#15
   #DC 2 users, 2 ports 412,414
    iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 412 -j
MARK --set-mark 0x5
    iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 412 -j
MARK --set-mark 0x5
    iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 414 -j
MARK --set-mark 0x5
    iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 414 -j
MARK --set-mark 0x5
   #eDonkey
    iptables -A PREROUTING -t mangle -p tcp --sport 4662 -j MARK --set-mark
0x5
    iptables -A PREROUTING -t mangle -p tcp --dport 4662 -j MARK --set-mark
0x5

############################################################################
####
#    Download part ... OK
############################################################################
####
############################################################################
####
#    Upload part ...
############################################################################
####

tc qdisc add dev $NET root handle 2: htb default 21

tc class add dev $NET parent 2:  classid 2:1  htb rate ${CeilUpload}kbit
ceil ${CeilUpload}kbit

#11-->Fast-everything...Default
    tc class add dev $NET parent 2:1 classid 2:11 htb rate 90kbit ceil
${CeilUpload}kbit prio 7 burst 15k
#12-->Slow-DC,edonkey upload
    tc class add dev $NET parent 2:1 classid 2:12 htb rate 6kbit  ceil
${CeilUploadDC}kbit prio 8 burst 5k quantum 1

tc filter add dev $NET parent 2:0 protocol ip prio 1 handle 1 fw classid
2:11
tc filter add dev $NET parent 2:0 protocol ip prio 5 handle 5 fw classid
2:12

############################################################################
####
#    Upload part ... OK
############################################################################
####

iptables -t mangle -A PREROUTING -i ppp0 -j IMQ

echo " OK"

> Phill,
>
>  : _____________________________________________      160kbps/96kbps
_____
>  : |imq0(eth1, eth2) Linux router with
NAT>ppp0|------------------------|ISP|
>
-------------------------                        -----
>  :     +|Roman| - 192.168.1.10 on eth1
>  :     +|Phill| - 192.168.2.10 on eth2
>  :         + ...
>
> I don't understand what you are trying to convey with the notes
"eth1/eth2"
> and 160kbps/96kbps part of the diagram, but the rest makes sense to me.
>
> I'm going to draw a picture of your traffic control structure to point out
> where I think your problem lies.
>
>                             root class
>                                 + r/c 160kbit
>       r 80kbit                  |                 r 80kbit
>      c 160kbit  +---------------+---------------+ c 160kbit
>          Roman  |                               | Phill
>       +---------+---------+           +---------+---------+
>       | ftp         other |           | other        ftp  |
>       |                   |           |                   |
>    r 1kbit            r 79kbit    r 79kbit              r 1kbit
>  c 160kbit           c 160kbit   c 160kbit            c 160kbit
>
>
> Note that you have four leaf classes.  Two classes, each with a rate of
79kbit
> and two each with a rate of 1kbit (which HTB can't reasonably accomplish
[1],
> but your technique should work, anyway--keep reading).
>
> Several items of note.
>
>   - HTB only performs shaping in the leaf classes. [2]
>   - HTB rate is essentially treated as a CIR, and HTB will not
>     check a parent class to see if a parent class is above its
>     rate. [2]
>   - The sum of the rates of your leaf classes is 160kbit.  You have
>     committed all of your bandwidth, and left nothing for borrowing or
>     dynamic allocation.
>
> Try this instead:
>
>                             root class
>                                 + r/c 160kbit
>       r 80kbit                  |                 r 80kbit
>      c 160kbit  +---------------+---------------+ c 160kbit
>          Roman  |                               | Phill
>       +---------+---------+           +---------+---------+
>       | ftp         other |           | other        ftp  |
>       |                   |           |                   |
>    r 1kbit            r 40kbit    r 40kbit              r 1kbit
>  c 160kbit           c 160kbit   c 160kbit            c 160kbit
>
>
> With this sort of configuration, the borrowing model of HTB should
distribute
> the leftover bandwidth in a way that seems fairer to you.  You have now
> guaranteed a total of 82kbit to your leaf classes and above that (sum of
the
> rates of the leaf classes), the leaf classes will try to borrow as much as
> they can up to ceil.
>
>  : The point is, that I want to shape the speed of each client
>  : and I want to shape the speed of the services the client uses.
>  : I don't use iptables to mark the packets, because the use of IMQ,
>  : but I know that there is a patch for this.
>
> I don't know what you mean in this paragraph.....
>
> [ snipped textual description ]
>
>  : modprobe imq numdevs=1
>  : ip link set imq0 up
>  : $IPT -t mangle -A PREROUTING -i ppp0 -j IMQ
>
> Do you need to use IMQ?  It's not a bad thing to use IMQ, but if your
router
> is a separate machine, you can simply attach the "download" shaper to the
> internal interface--the interface closest to Phill and Roman. [3]
>
> [ snipped start of script ]
>
> See notes above about the rate/ceil here.
>
>  : ... parent 1:0 protocol ip u32 match ip dst 192.168.1.10 flowid 1:110
>  : ... parent 1:110 protocol ip u32 match ip dst 192.168.1.10 flowid
1:1101
>  : ... parent 1:110 protocol ip u32 match ip dport 20 0xffff flowid 1:1102
>  : ... parent 1:110 protocol ip u32 match ip dport 21 0xffff flowid 1:1102
>
> See note above about IMQ necessity.  In particular your u32 classifier
with
> "ip dport 21" will never match.  Do you perhaps mean "ip sport 21"?  Still
> probably not all that helpful.  Your u32 classifier "ip dport 20" is
correct,
> but will only work for port mode connections.  Check/search the LARTC
archives
> for a description of the problems involved with shaping FTP (port v.
passive
> mode data channel). [4]
>
> Best of luck,
>
> -Martin
>
>  [1]  http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#sharing
>       (see last paragraph, for mtu=1500, r2q=1, 12kbit is minimum rate)
>  [2]  http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#hsharing
>  [3]  http://www.docum.org/stef.coene/qos/faq/cache/9.html
>  [4]  http://www.google.com/search?q=site%3Amailman.ds9a.nl+ftp+shaping
>

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux