Dnia poniedziałek, 5 grudnia 2005 13:58, Dave Weis napisał(a): > > That's because you are putting all /24 network into one single HTB. You > > have to make one HTB (SFQ for every user helps a lot too) for each > > computer in the network: > > > > tc qdisc del root dev eth1 > > tc qdisc add root dev eth1 handle 1: htb default 1 > > tc class add dev eth1 parent 1: classid 1:1 htb \ > > rate 1000Mbit ceil 1000Mbit burst 100kbit > > > > tc class add dev eth1 parent 1:1 classid 1:2 htb \ > > rate 64kbit ceil 256kbit quantum 2000 burst 10kbit > > tc qdisc add dev eth1 parent 1:2 handle 2: sfq perturb 5 quantum 1500b > > > > tc class add dev eth1 parent 1:1 classid 1:3 htb \ > > rate 80kbit ceil 320kbit quantum 2000 burst 10kbit > > tc qdisc add dev eth1 parent 1:3 handle 3: sfq perturb 5 quantum 1500b > > Do I still need to connect the IP to the class and qdisc with the filter > add command? Yes you do. I didn't write any because I mentioned hashing filters later ;) > > Putting all computers to proper HTBs with separate filters can make high > > load on your machine, so it is best to use hashing filters. > > Is there any rule of thumb on how much bandwidth you can handle for a > general size of machine? This is two 7 meg DSL connections, a 1.7 GHz > Celeron, and 200 users. I don't know, I was always working with hashing filters. But I heared people complaining about high load if they have big networks. Hash filtering goes like this: # create main filter divided into 256 filters... tc filter add dev eth1 parent 1:0 prio 5 protocol ip u32 tc filter add dev eth1 parent 1:0 handle 2: \ prio 5 protocol ip u32 divisor 256 # now we create many filters... they direct packets into # proper HTB. In fact they don't even have to check anything! # hash filtering will put packets into proper filter # (here is only checking if ip address is from proper network) # important: ht is defined in hexdecimal! # 1:2 ... 1:254 are HTBs for each user tc filter add dev eth1 protocol ip parent 1:0 \ prio 5 u32 ht 2:2: match ip dst 192.168.2.0/24 flowid 1:2 tc filter add dev eth1 protocol ip parent 1:0 \ prio 5 u32 ht 2:3: match ip dst 192.168.2.0/24 flowid 1:3 tc filter add dev eth1 protocol ip parent 1:0 \ prio 5 u32 ht 2:4: match ip dst 192.168.2.0/24 flowid 1:4 ... tc filter add dev eth1 protocol ip parent 1:0 \ prio 5 u32 ht 2:fd: match ip dst 192.168.2.0/24 flowid 1:253 tc filter add dev eth1 protocol ip parent 1:0 \ prio 5 u32 ht 2:fe: match ip dst 192.168.2.0/24 flowid 1:254 # now add the hashing filter - it takes the number from 16th byte # of IP header with mask 0x000000ff - the last number of IP address # so it just reads one byte and directs packet to filter with # the same number (this filter sends it to proper HTB) - this is really fast! tc filter add dev eth1 protocol ip parent 1:0 u32 match ip dst 192.168.2.0/24 hashkey mask 0x000000ff at 16 link 2: summary: check ip address -> go to filter numbered as the ip address -> redirect to HTB Position 16 in IP header is dst address. If you need src address (for example on IMQ interface for incoming traffic (upload from users)) then you need check address at position 12. some piece of example is also here: http://lartc.org/howto/lartc.adv-filter.hashing.html -- | pozdrawiam / greetings | powered by Trustix, Gentoo and FreeBSD | | Kajetan Staszkiewicz | JID: vegeta@xxxxxxxxx | | Vegeta | IMQ devnames: http://tuxpowered.net | `------------------------^----------------------------------------' _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
