Hello all. We have three tunnels over the internet between our "central" gateway and some branch office gateway. Each gateway has eth0 on its LAN an eth1 on the internet. We use DSL lines and eth1's have the internet IP directly attached on it. Each gateway, also, acts as iptables NAT gateway. The outgoing bandwith is 300 kbit, and we tried this (i.e.) on each tunnel: tc qdisc add dev tun2 handle 1:0 root dsmark indices 4 default_index 0 tc qdisc add dev tun2 handle 2:0 parent 1:0 htb tc class add dev tun2 parent 2:0 classid 2:1 htb rate 4000bps ceil 4000bps tc class add dev tun2 parent 2:1 classid 2:2 htb rate 250bps ceil 1000bps tc qdisc add dev tun2 handle 3:0 parent 2:2 sfq tc class add dev tun2 parent 2:1 classid 2:3 htb rate 250bps ceil 3500bps tc qdisc add dev tun2 handle 4:0 parent 2:3 sfq tc class add dev tun2 parent 2:1 classid 2:4 htb rate 3250bps ceil 4000bps tc qdisc add dev tun2 handle 5:0 parent 2:4 sfq tc filter add dev tun2 parent 2:0 protocol all prio 1 tcindex mask 0x3 shift 0 tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 3 tcindex classid 2:4 tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 2 tcindex classid 2:3 tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 1 tcindex classid 2:2 tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 1:0:0 u32 divisor 1 tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 1:0:0 tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 1:0:1 u32 ht 1:0:0 match u16 0x16 0xffff at 0 classid 1:1 tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 2:0:0 u32 divisor 1 tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 2:0:0 tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 2:0:1 u32 ht 2:0:0 match u16 0x19 0xffff at 2 classid 1:2 tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 1:3 We try classify SSH and SMTP and limit it to 2 kbytes/sec. It could get more bandwith if available. Other traffics must get more bandwith in all cirscumstances. Also, tc -s "says": tc -s -d class show dev tun2 class htb 2:1 root rate 4000bps ceil 4000bps burst 1639b/8 mpu 0b cburst 1639b/8 mpu 0b level 7 Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 0) lended: 937 borrowed: 0 giants: 0 tokens: 319488 ctokens: 319488 class htb 2:2 parent 2:1 leaf 3: prio 0 quantum 1000 rate 250bps ceil 1000bps burst 1601b/8 mpu 0b cburst 1609b/8 mpu 0b level 0 Sent 73221 bytes 99 pkts (dropped 0, overlimits 0) lended: 52 borrowed: 47 giants: 0 tokens: -4594059 ctokens: 1132136 class htb 2:3 parent 2:1 leaf 4: prio 0 quantum 1000 rate 250bps ceil 3500bps burst 1601b/8 mpu 0b cburst 1634b/8 mpu 0b level 0 Sent 1227729 bytes 857 pkts (dropped 0, overlimits 0) lended: 70 borrowed: 787 giants: 0 tokens: -265392 ctokens: 360214 class htb 2:4 parent 2:1 leaf 5: prio 0 quantum 1000 rate 3250bps ceil 4000bps burst 1631b/8 mpu 0b cburst 1639b/8 mpu 0b level 0 Sent 370402 bytes 1187 pkts (dropped 0, overlimits 0) lended: 1084 borrowed: 103 giants: 0 tokens: 391201 ctokens: 319488 AND tc -s -d qdisc show dev tun2 qdisc sfq 5: quantum 1450b limit 128p flows 128/1024 Sent 370402 bytes 1187 pkts (dropped 0, overlimits 0) qdisc sfq 4: quantum 1450b limit 128p flows 128/1024 Sent 1227729 bytes 857 pkts (dropped 0, overlimits 0) qdisc sfq 3: quantum 1450b limit 128p flows 128/1024 Sent 73221 bytes 99 pkts (dropped 0, overlimits 0) qdisc htb 2: r2q 10 default 0 direct_packets_stat 0 ver 3.7 Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 2823) qdisc dsmark 1: indices 0x0004 default_index 0x0000 Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 0) but if we send big emails, when it "passes" trough tun2, and in absebce of other traffic, it only gets about 45 kbit/sec. Apparently, SMTP gets bandwith limitation, but it doesn't get available bandwith. Any light on it? --Miguel _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
