HELP!!! Conflicting HTB rates

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey everyone,
Im trying to configure my HTB qdiscs for my network. My network setup:

LAN --> Firewall --> Router -->Internet
		|
		|
		--> DMZ

The firewall has 3 interfaces:
Eth0 = LAN --> 100Mbps NIC
Eth1 = DMZ --> 100Mbps NIC 
Eth2 = Internet --> 4MB link to internet

Backgrond:
DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs) 
WEB/FTP server :10.100.1.1/24
SMTP server:10.100.1.2/24

LAN Eth0: I have 3 different VLANs to categories the 3 different
departments. 
VLAN1 -192.168.1.0/24
VLAN2 -192.168.2.0/24
VLAN3 -192.168.3.0/24

External Eth2 : 4MB Leased line to the internet.

Currently my router that is connected to the 4MB leased line is becoming
the bottleneck! 
1.)How do I make the firewall Eth0 become the bottleneck???? Should I
limit it to 10mbits as such: tc qdisc add dev eth0 root handle 1: htb
default 10 
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit

2.) I want to limit the bandwidth from the WEB/FTP servers from the DMZ
to either the internet or the LAN. This is what I did:

tc qdisc add dev eth0 root handle 1: htb default 10 
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil
256kbps prio 7 tc filter add dev eth0 protocol ip parent 1:1 prio 7
handle 7 fw classid 1:10

tc qdisc add dev eth1 root handle 2: htb default 10 
tc class add dev eth1 parent 2: classid 2:1 htb rate 3840kbps 
tc class add dev eth1 parent 2:1 classid 2:10 htb rate 128kbps ceil
128kbps prio 7 tc filter add dev eth1 protocol ip parent 2:1 prio 7
handle 7 fw classid 2:10


tc qdisc add dev eth2 root handle 3: htb default 10 
tc class add dev eth2 parent 3: classid 3:1 htb rate 3840kbps 
tc class add dev eth2 parent 3:1 classid 3:10 htb rate 128kbps prio 7 tc
filter add dev eth2 protocol ip parent 3:1 prio 7 handle 7 fw classid
3:10

/sbin/iptables -A PREROUTING -I eth1 -s 10.100.1.1 -t mangle -j MARK
--set-mark 7 /sbin/iptables -A PREROUTING -I eth1 -d 10.100.1.1 -t
mangle -j MARK --set-mark 7

After testing Via FTP/web downloads. It appears that Ive managed to
limit the amount of bandwidth thru and from the FTP/WEB server from the
DMZ. All other traffic (internet surfing etc) will fall into the default
rules correct? Did I miss anything out? 


What I would like to accomplish :
I would like to limit the max amount of bandwidth on Eth0 to 10MB, limit
the max amount of bandwidth on Eth1 to 3840kbps and limit the max amount
of bandwidth on Eth2 to 3840kbps. (4MB leased line to internet. Did I
accomplish this?

I executed a tc -s class show dev eth$ and noticed that the default
values were wrong for both eth1 and eth2! 
 

root@gate2 root]# tc -s class show  dev eth0
class htb 1:1 root rate 10Mbit ceil 10Mbit burst 14704b cburst 14704b 
 Sent 114648626 bytes 157670 pkts (dropped 0, overlimits 0) 
 rate 133156bps 221pps 
 lended: 43368 borrowed: 0 giants: 0
 tokens: 7303 ctokens: 7303

class htb 1:10 parent 1:1 prio 7 rate 1Mbit ceil 2Mbit burst 2909b
cburst 4220b 
 Sent 114617144 bytes 157600 pkts (dropped 0, overlimits 0) 
 rate 133156bps 221pps backlog 5p 
 lended: 114302 borrowed: 43368 giants: 0
 tokens: -13123 ctokens: -13466

[root@gate2 root]# tc -s class show  dev eth1
class htb 2:1 root rate 16Mbit ceil 16Mbit burst 22567b cburst 22567b 
 Sent 27918685 bytes 53295 pkts (dropped 0, overlimits 0) 
 rate 890Kbit 122pps 
 lended: 0 borrowed: 0 giants: 0
 tokens: 8780 ctokens: 8780

class htb 2:10 parent 2:1 prio 7 rate 1Mbit ceil 1Mbit burst 2909b
cburst 2909b 
 Sent 27905157 bytes 53263 pkts (dropped 0, overlimits 0) 
 rate 890Kbit 122pps 
 lended: 53295 borrowed: 0 giants: 0
 tokens: 17589 ctokens: 17589

[root@gate2 root]# tc -s class show  dev eth2
class htb 3:1 root rate 30Mbit ceil 30Mbit burst 40914b cburst 40914b 
 Sent 17969859 bytes 119438 pkts (dropped 0, overlimits 0) 
 rate 20777bps 165pps 
 lended: 0 borrowed: 0 giants: 0
 tokens: 8515 ctokens: 8515

class htb 3:10 parent 3:1 prio 7 rate 1Mbit ceil 1Mbit burst 2909b
cburst 2909b 
 Sent 17965779 bytes 119398 pkts (dropped 0, overlimits 0) 
 rate 20777bps 165pps 
 lended: 119438 borrowed: 0 giants: 0
 tokens: 17888 ctokens: 17888

[root@gate2 root]#

Any help in anyway is appreciated!
Regards
edmund



_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux