Hi everybody,
I have a network that only uses terminal services.
Look at the diagram.
20 machines running WinXP <-> LinuxFW-1 <-> 1Mbit link dedicated fiber link <–> LinuxFW-2 <–> Terminal Server
I’d like to give the maximum priority for bandwidth to terminal services (port 3389).
I’ve changed the CBQ script from LARTC site to suite my needs, but every time I run it my connections to 3389 becomes slower. Without TC the connections are faster and better.
I can’t afford to loose more time trying to reinvent the wheel. I’ve read all documentations and I still can’t make a good traffic control for my needs.
1) Does anyone have something like that?
2) Where should I put the traffic control? In LinuxFW-1 or LinuxFW-2?
3) Is my script changes right?
Here comes the script. Thanks a lot.
---- cut ---
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
DOWNLINK=850
UPLINK=850
DEV=eth2
# clean existing down- and uplink qdiscs, hide errors
/sbin/tc qdisc del dev $DEV root 2> /dev/null > /dev/null
/sbin/tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
###### uplink
# install root CBQ
/sbin/tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
# main class
/sbin/tc class add dev $DEV parent 1: classid 1:1 cbq rate 1000kbit \
allot 1500 prio 5 bounded isolated
# high prio class 1:10:
/sbin/tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \
allot 1600 prio 1 avpkt 1000
# prioridade para o TS
/sbin/tc class add dev $DEV parent 1:1 classid 1:11 cbq rate 1000kbit \
allot 1600 prio 1 avpkt 1000
# bulk and default class 1:20 - gets slightly less traffic,
# and a lower priority:
/sbin/tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[7*$UPLINK/10]kbit \
allot 32000 prio 2 avpkt 1000
# both get Stochastic Fairness:
/sbin/tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
/sbin/tc qdisc add dev $DEV parent 1:11 handle 11: sfq perturb 10
/sbin/tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
# start filters
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
/sbin/tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
# Coloca a porta do TS como interativa
/sbin/tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip sport 3389 0xff flowid 1:11
/sbin/tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip dport 3389 0xff flowid 1:11
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
/sbin/tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
/sbin/tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
/sbin/tc filter add dev $DEV parent 1: protocol ip prio 13 u32 \
match ip dst 0.0.0.0/0 flowid 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
/sbin/tc qdisc add dev $DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
/sbin/tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
Thanks a lot.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
