Re: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall (SOLVED)

"Indunil Jayasooriya" <indunil75@xxxxxxxxx> · Fri, 10 Aug 2007 16:44:43 +0530

Hi Paolo Malfatti, 

Thanks for your script. It works fine. 

I get what I expect. 

THANK you all the way until it comes to an end. 

FOR the benifit for evryone in the LIST.

HERE IS the SCRIPT AGAIN. 

INTERFAZ_LAN=eth0  

FULLBANDWIDTH=256

BANDWIDTH4LAN=64
tc qdisc del root dev $INTERFAZ_LAN

tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4
tc class add dev $INTERFAZ_LAN parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit

tc class add dev $INTERFAZ_LAN parent 1: classid 1:5 htb rate "$BANDWIDTH4LAN"Kbit 

tc qdisc add dev $INTERFAZ_LAN parent 1:5 handle 5 sfq perturb 10
tc filter add dev $INTERFAZ_LAN parent 1:0 protocol ip prio 1 u32 match ip dst 
192.168.101.0/24 classid 1:5

On 8/8/07, Pio Mendez <pio_mendez@xxxxxxxxxxx> wrote:

This script only shape the outgoing traffic (upload) in a NAT firewall. To shape the incoming traffic (downloads) there is a simpler script: 
INTERFAZ_LAN=eth0  

FULLBANDWIDTH=256

BANDWIDTH4LAN=64
tc qdisc del root dev $INTERFAZ_LAN

tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4
tc class add dev $INTERFAZ_LAN parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit
tc class add dev $INTERFAZ_LAN parent 1: classid 1:5 htb rate "$BANDWIDTH4LAN"Kbit 

tc qdisc add dev $INTERFAZ_LAN parent 1:5 handle 5 sfq perturb 10
tc filter add dev $INTERFAZ_LAN parent 1:0 protocol ip prio 1 u32 match ip dst 
192.168.101.0/24 classid 1:5

Regards
Paolo Malfatti
PS: dont forget to put a "tc qdisc del root dev $INTERFAZ_INT" rule  at the beginning of your previous script. 

From:  "Indunil Jayasooriya" <indunil75@xxxxxxxxx>
To:  "Pio Mendez" <
pio_mendez@xxxxxxxxxxx>, 
lartc@xxxxxxxxxxxxxxx
Subject:  Re:  Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall
Date:  Wed, 8 Aug 2007 12:30:59 +0530

Hi Paolo Malfatti,

Thanks for your script. I tried it . 

 But I still can not allocate 64 kbit for LAN.  We have a 256 kbit link. We usually download around @ 30-33  kbytes per second. That means, when it comes to kbits, I will have to mulitple it in to 8  as

1kbps=8kbit .

pls see below for usual download  rate, before
 applying your rules. 

[root@worldnet wget]# wget  
http://mirrors.kernel.org/centos/5.0/isos/i386/CentOS-5.0-i386-bin-6of6.iso

--12:16:27--  http://mirrors.kernel.org/centos/5.0/isos/i386/CentOS-5.0-i386-bin-6of6.iso

           => `CentOS-5.0-i386-bin-6of6.iso.1
'
Resolving mirrors.kernel.org... 
204.152.191.7, 204.152.191.39
Connecting to mirrors.kernel.org|204.152.191.7|:80... connected.
HTTP request sent, awaiting response... 200 OK

Length: 407,005,184 (388M) [application/x-iso9660-image]

 0% [                                                                                  ] 2,749,752     
30.10K/s  ETA 4:43:0

Then, I applied your rules. pls see below

INTERFAZ_INT=eth0  

FULLBANDWIDTH=256

BANDWIDTH4LAN=64

iptables -t mangle -A PREROUTING -s 192.168.101.0/24
 -j MARK --set-mark 0x5

tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4
tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit

tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate "$BANDWIDTH4LAN"Kbit

tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10
tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 5 fw classid 1:5

Still no luck. after applying rules, I downloaded an centos ISO image. But , I still can download @ usual rate. (
i.e 30-33 kbytes per seconds). 

If your rules work, I will be able to download @ about 8 kbyes per second. (i.e - 8*8 kbit= 64 kbit)

That is what I expect ? 

Where have I gone wrong? 

On 8/7/07, Pio Mendez <
pio_mendez@xxxxxxxxxxx> wrote:

>What is r2q ad 4 there ?. I do not understand those two.

I recommend you to read this: 

http://luxik.cdi.cz/~devik/qos/htb/

the r2q is a divisor used to calculate the quantum of htb (the amount of bytes that will be transmitted before serving another class: quantum = rate / r2q).

>tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10

   >What is this above rule?, I don not understand at all. 

a must: http://lartc.org/howto/lartc.qdisc.html

The classes do shape of traffic, but you need a Queue manager to trasmit it (qdisc rule).  Here you will find an example of HTB script: 
http://lartc.org/howto/lartc.qdisc.classful.html#AEN1072

>tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 10 fw classid 1:5

>I do not understand the above rule too.

there is an error: the right filter rule is: 

tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 5 fw classid 1:5

The filter rule filter the traffic and send the mathing packets to the right class. 

The iptables MARK rule mark the traffic before the SNAT. Later, after all iptables processing, the packets are filtered by this rule; if some packet match the "handle 5" filter (packet marked with 5 by the  iptables rule will 

match) then it will be shaped by htb class to 64kbps. 

Hope this will help

Regards

Paolo Malfatti

MSN Amor Busca tu ½ naranja

-- 
Thank you
Indunil Jayasooriya

Charla con tus amigos en línea mediante MSN Messenger: 
Haz clic aquí 

-- 
Thank you
Indunil Jayasooriya

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall (SOLVED)

Linux Advanced Routing and Traffic Control