QoS on a bridge+NAT

[Asle Festø <asle@xxxxxx>]

I have a setup where I have three NIC in a Debian box. I have eth1
conected to internet and eth0 NAT'ed to 192.168.1.1. eth1 and eth2 are
bridged together, given ip 192.168.122.2. 

What I want to achieve is to perform traffic shaping on the bridge as
well as prioritizing the traffic from eth0 very low. (This is from
trental flat ...) However it seems that I am unable to perform thhe
traffic shaping from these two nets on eth1. Can somebody please help
me? I am very new to traffic shaping but determined to learn ...

Where should the root qdisc be attached to be able to prioritize
between the two NICs eth 0 and eth2?

Asle

My files:
/etc/network/interfaces:
# The loopback network interface
auto lo
iface lo inet loopback

auto br0
iface br0 inet static
        address 192.168.122.2
        netmask 255.255.255.0
        gateway 192.168.122.1
        network 192.168.122.0
        broadcast 192.168.122.255
        pre-up /sbin/ip link set eth2 up
        pre-up /sbin/ip link set eth1 up
        pre-up /usr/sbin/brctl addbr br0
        pre-up /usr/sbin/brctl addif br0 eth2
        pre-up /usr/sbin/brctl addif br0 eth1

iface eth0 inet static
        address 192.168.1.1
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255

My shaper script:
#!/bin/bash

# Wonder Shaper
# please read the README before filling out these values
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be
shaped.
DOWNLINK=3400
UPLINK=350
DEV=eth1

#Speed for eth0
DOWNLINK2=60
UPLINK2=600
DEV2=eth0

# low priority OUTGOING traffic - you can leave this blank if you want
# low priority source netmasks
NOPRIOHOSTSRC=192.168.1.0/24

# low priority destination netmasks
NOPRIOHOSTDST=192.168.1.0/24

#########################################################

if [ "$1" = "status" ]
then
        tc -s qdisc ls dev $DEV
        tc -s qdisc ls dev $DEV2
        tc -s class ls dev $DEV
        tc -s class ls dev $DEV2
        exit
fi


# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root    2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
tc qdisc del dev $DEV2 root    2> /dev/null > /dev/null
tc qdisc del dev $DEV2 ingress 2> /dev/null > /dev/null

####Downlink/Uplink eth0 #######
#Rate limit single host
#Out of eth0
#tc qdisc add dev $DEV2 handle 2: root tbf rate ${DOWNLINK2}kbit
#latency 50ms burst 1540

#Into eth0
#tc qdisc add dev $DEV2 ingress

#tc filter add dev $DEV2 parent ffff: protocol ip prio 50 u32 match ip
#src \
#   192.168.1.0/24 police rate ${UPLINK2}kbit burst 5k drop flowid :1

###### uplink
# install root CBQ
tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
# shape everything at $UPLINK speed - this prevents huge queues in
your
# DSL modem which destroy latency:
# main class
tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
allot 1500 prio 5 bounded isolated

# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \
   allot 1600 prio 1 avpkt 1000

# bulk and default class 1:20 - gets slightly less traffic,
#  and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 cbq rate
$[9*$UPLINK/10]kbit \
   allot 1600 prio 2 avpkt 1000

# 'traffic we hate'
tc class add dev $DEV parent 1:1 classid 1:30 cbq rate
$[8*$UPLINK/10]kbit \
   allot 1600 prio 2 avpkt 1000

# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10

# start filters
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
        match ip protocol 1 0xff flowid 1:10

# prioritize small packets (<64 bytes)
tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   flowid 1:10

# Low prio for rental flat
        tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
           match ip src 192.168.1.0/24 flowid 1:30

        tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \
           match ip dst 192.168.1.0/24 flowid 1:30


# rest is 'non-interactive' ie 'bulk' and ends up in 1:20

tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
   match ip dst 0.0.0.0/0 flowid 1:20


########## downlink main #############
# slow downloads down to somewhat less than the real speed  to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:

tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip
src \
   0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc