HTB Setup for ISP

"Colin Vander Veen" <colinvv@xxxxxxxxxx> · Fri, 6 Feb 2004 12:50:17 -0500

I am attempting to build a Linux replacement for our Packeteer PacketShaper using HTB. Everyone is behind the firewall in a 10.0.0.0/8 network. Each property that we provide service to has it's own B-class network over a full T-1 point-to-point connection. That can then be separated into class C's. 

I need to...

1. Keep the TC layout streamlined well enough that it does not kill speed/latency for the users. With over 25 different class B networks subdivided this way, will it kill the server/response? Should I be using MANGLE table marking? How will that work with my extreme number of Classes? Will my hierarchical Class/Filter design flow properly and not fall short of reaching the final Class definitions? 

2. Create a dynamic default class that the remainder of the property falls in. What I mean is... instead of a 128Kbit maximum for the entire remainder, I don't want to have to add everyone's IP address to a filter, I would like to setup a 128Kbit class that "each" connection at the same concurrent time can reach the maximum.

3. Use a Class/Filter per registered IP address in a database to limit speed to our available plans. These plans are kept in a Database and can be different for each parent class. For example; 10.10.3.0/24 available plans (n Kbits)... Plan A (1536/1536), Plan B (1536/128), Plan C (768/128), Plan D (default) (128/64)

4. Parse the Class stats to monitor and graph with MRTG each registered IP, network and property.

5. (Later) Build a script via PERL so that the Classes and Filters can be created "on the fly" using a custom ODBC database connection to our customized management/accounting database. I have this connector working properly for other uses such as a "walled garden" authentication section in IPTABLES. 

Here is an example of the inbound script I have been playing with to sample traffic. Notice that I am trying to use Handle, ClassID and FlowIDs that are relevant to the IP address schemes.

----------------------------------------

#!/bin/bash

TC='/sbin/tc'

# Upload

$TC qdisc del dev eth0 root

$TC qdisc add dev eth0 root handle 1: htb default 10

 # 10.10.0.0/16
 $TC class add dev eth0 parent 1: classid 1:10 htb rate 100Mbit
   $TC filter add dev eth0 pref 10 parent 1: protocol ip u32 _
           flowid 1:10 match ip src 10.10.0.0/16
  $TC qdisc add dev eth0 parent 1:10 handle 10: htb default 255

  # 10.10.3.0/24
   $TC class add dev eth0 parent 10: classid 10:3 htb rate 8Mbit
     $TC filter add dev eth0 pref 103 parent 10: protocol ip u32 _
           flowid 10:3 match ip src 10.10.3.0/24
    $TC qdisc add dev eth0 parent 10:3 handle 103: htb default 2
     $TC class add dev eth0 parent 103: classid 103:1 htb rate 800Kbit
      $TC filter add dev eth0 pref 1031 parent 103: protocol ip u32 _
           flowid 103:1 match ip src 10.10.3.198/32
      $TC filter add dev eth0 pref 1031 parent 103: protocol ip u32 _
           flowid 103:1 match ip src 10.10.3.199/32
     $TC class add dev eth0 parent 103: classid 103:2 htb rate 1000Kbit
      $TC filter add dev eth0 pref 1032 parent 103: protocol ip u32 _
           flowid 103:2 match ip src 10.10.3.0/24

  # 10.10.4.0/24
   $TC class add dev eth0 parent 10: classid 10:4 htb rate 8Mbit
     $TC filter add dev eth0 pref 104 parent 10: protocol ip u32 _
           flowid 10:4 match ip src 10.10.4.0/24
    $TC qdisc add dev eth0 parent 10:4 handle 104: htb default 2
     $TC class add dev eth0 parent 104: classid 104:1 htb rate 800Kbit
      $TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
           flowid 104:1 match ip src 10.10.4.198/32
      $TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
           flowid 104:1 match ip src 10.10.4.199/32
     $TC class add dev eth0 parent 104: classid 104:2 htb rate 1000Kbit
      $TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
           flowid 104:2 match ip src 10.10.4.0/24

  # 10.10.0.0/16 - Remainder
   $TC class add dev eth0 parent 10: classid 10:255 htb rate 8Mbit
     $TC filter add dev eth0 pref 101 parent 10: protocol ip u32 _
           flowid 10:1 match ip src 10.10.3.0/24

 # 10.41.0.0/16
 $TC class add dev eth0 parent 1: classid 1:41 htb rate 1500Kbit
   $TC filter add dev eth0 pref 41 parent 1: protocol ip u32 _
           flowid 1:41 match ip src 10.41.0.0/16
  $TC qdisc add dev eth0 parent 1:41 handle 41: htb
   $TC class add dev eth0 parent 41: classid 41:1 htb rate 1500Kbit
     $TC filter add dev eth0 pref 411 parent 41: protocol ip u32 _
           flowid 41:1 match ip src 10.41.1.0/24
   $TC class add dev eth0 parent 41: classid 41:2 htb rate 1500Kbit
     $TC filter add dev eth0 pref 412 parent 41: protocol ip u32 _
           flowid 41:2 match ip src 10.41.2.0/24
    $TC qdisc add dev eth0 parent 41:2 handle 412: htb default 9
     $TC class add dev eth0 parent 412: classid 412:1 htb rate 1500Kbit
     $TC class add dev eth0 parent 412: classid 412:2 htb rate 800Kbit
     $TC class add dev eth0 parent 412: classid 412:3 htb rate 130Kbit
     $TC class add dev eth0 parent 412: classid 412:9 htb rate 40Kbit

 # Other
 $TC class add dev eth0 parent 1: classid 1:9999 htb rate 28Kbit
   $TC filter add dev eth0 pref 9999 parent 1: protocol ip u32 _
           flowid 1:9999 match ip src 0.0.0.0/8

(some errors may be in here during cleanup from transfer to email)

----------------------- 
Colin Vander Veen 
IMNisp 
Senior Engineer 
http://www.imnisp.net/ 
----------------------- 
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

HTB Setup for ISP

Linux Advanced Routing and Traffic Control