Dear all,
I am trying to set up multi-user traffic control. In short, I want each
user (each IP) to be hard limited to 128kbit download and 64kbit upload.
On top of that, I want interactive traffic (ICMP, ACK packets, SSH, etc)
to be prioritised to minimise latency. It sounds like it ought to be
done with a classful qdisc but I don't really know what I'm doing. I
think I want something like the following:
root class (global limit 100mbit)
|
+ 192.168.0.1 class - limit 128kbit
| + priority 0: SSH, ICMP, ACK, etc
| + priority 1: all other traffic
|
+ 192.168.0.2 class - limit 128kbit
| + etc
... and similarly for the uplink, but with a per-IP limit of 64kbit.
I'm not sure if it's good to have ~250 classes for the IP addresses, and
sub classes within those for the different priorities, or if all the
traffic should be rate-limited by IP first, and then sorted into a
handful of shared classes, to be dequeued.
I have taken advice from this list for the past couple of weeks and I
have a semi functional script now. However the latency suddenly jumps to
>4000ms as soon as the user starts downloading. Also my script uses
police rate to limit upload speed - but this is not particularly
effective and also not really required, as the box is able to shape
traffic in both directions. It is also a NAT box.
Related, not but strictly to do with tc, is there any way of concisely
and effectively logging connections between NATd users and external IPs?
I need to be able to maintain a log which tells me that a certain user
was connected to a certain remote host on a certain port at a certain
time and date, for legal reasons.
I realise this is a bit of a mammoth request, but I hope someone can
help me.
Many thanks in advance,
Jonathan
------------------------
Jonathan Gazeley
ResNet | Wireless & VPN Team
Information Systems & Computing
University of Bristol
------------------------
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
