Re: limiting bandwidth on a sequence of ports.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Eduardo Gómez Noguera wrote:
Hello.
I have just started using iproute2 commands, and I am having a go at
making bittorrent use the same bandwidth for upload as for download.


I am stuck I think in understanding speeds
I connect to the internet through a router modem which gets the real IP
and assigns me a private ip through dhcp. So this router can handle a
private network, and route it to the internet, pressumably with nat.
It is a 2wire ruter-modem

I have come up with the next small script, which doesn't works as I
expected:
------------
#!/bin/sh

DEV=eth0
NET="172.16.0.1/16"

# Internal network works at 100mbps, which is also supported by the
router. I don't understand burst that much, I used that value out of the
examples from the HOW-TO.
tc class add dev $DEV parent 1: classid 1:1 htb rate 100mbit burst 15k
#The ADS connection is 256/126 kbps, So I set up another class for
connections to the internet.
tc class add dev $DEV parent 1: classid 1:2 htb rate 128kbit burst 1024
# These also out from the HOW-TO.
# I will filter the internal network 172.16.0.1/16 into the class 1:1,
and let class 1:2 be the default
tc qdisc add dev $DEV parent 1:1 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:2 handle 20: sfq perturb 10
# Here I filter connections with a FLAG 20, which I assign through
iptables to every conection with destination network 172.16.0.1/16.
# So far so good
tc filter add dev $DEV parent 1:0 protocol ip prio 1 handle 20 fw flowid
1:1
iptables -A OUTPUT -t mangle -o $DEV -d $NET -j MARK --set-mark 20


# Now I want to limit badwidth for connections between the client (which
is running iptables here) and the internet in ports 6881:6999
# So I flag connections with source not in the private network, and
ports 6881:6999 with flag 21, and have an ingress qdisc created with id
ffff:0

tc qdisc add dev $DEV handle ffff: ingress
iptables -A PREROUTING -t mangle -i $DEV -s '!' $NET -p tcp
--source-port "6881:6999" -j MARK --set-mark 21
iptables -A PREROUTING -t mangle -i $DEV -s '!' $NET -p tcp
--destination-port "6881:6999" -j MARK --set-mark 21
# And add a filter to the ingress to drop packages that come faster than
128 kbps.
tc filter add dev $DEV parent ffff: protocol ip prio 5 handle 21 fw
police burst 5k rate 128kbps avrate 128kbps drop flowid :1

-----------------

kbps means k bytes - use kbit for your rates.


You can't guarantee getting all bittorrent traffic by just doing the ports.

If you wan't to be sure you may need something like ipp2p or l7filter.


Any Idea what am I doing wrong? If I lower the burst, which I Think I haven't understood yet, to like 1k, the bandwidth will drop to zero. Else, it will barely move. Maybe I got the rate wrong?

I guess the burst on the ingress policer needs to be > MTU (not on htb though)



Just one extra question, the flowid I also got it from the examples, but I havent found and explanation yet why its ":1" instead of a full id in the examples.

If you mean 1: it's just shorthand for 1:0


Andy.

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux