Dear all,
I'm having real problems getting tc to do anything useful at all. I'm
also under pressure to get this fixed before the students start arriving
later this month (I work in a university).
In short, I want each IP address to be hard limited to 128kbit down,
64kbit up, never to be allowed more bandwidth than this. It is also
important that the latency remains reasonably low - maybe this implies a
need to apply some sort of traffic filtering and classifying. I did
manage to get a script semi-working but as soon as any decent bandwidth
started flowing on the connection, the latency jumped up to >4000ms.
I tried to change my script to make it more classful and intelligent but
I ended up breaking it and now it doesn't work at all. (Upon execution,
I get '172.19.123.254 Illegal "match"') I'm inexperienced with tc so I
don't really know the best way to design such a system as this. I also
struggle with the tc syntax. I only know what I need the end result to be.
I'd be very grateful if anyone could lend a hand to help me get this
working in time for the start of term. I've attached my script at the
end of this email.
Cheers,
Jonathan
#!/bin/sh
# Interfaces
LAN=eth0
WAN=eth1
# Maximum global uplink and downlink in mbit/s
GLOBAL_DOWN=100
GLOBAL_UP=100
# Maximum per-user download & upload speed in kbit/s
DOWNLINK=128
UPLINK=64
UPLINK=$((UPLINK/4)) # required because the old rate wasn't accurate
# IP range in each subnet
LOW_IP=2
HIGH_IP=254
#-----------------Don't mess with stuff below---------------|
#-----------------this line or you'll break it--------------|
# Flush existing rules
tc qdisc del dev $LAN root
# tc qdisc del dev $WAN root
# Create root class for 100mbit interface - total traffic can't exceed this
tc qdisc add dev $LAN root handle 1: cbq avpkt 1000 bandwidth
${GLOBAL_DOWN}mbit
tc qdisc add dev $LAN ingress handle ffff:
# Set useful counter
total=0
# Apply rules for all included subnets
for i in `seq $LOW_IP $HIGH_IP`
do
total=$((total+1))
echo 172.19.123.$i
tc class add dev $LAN parent 1: classid 1:$total cbq rate
${DOWNLINK}kbit allot 1600 prio 1 bounded isolated
tc filter add dev $LAN parent 1: protocol ip prio 1 u32 match ip dst
172.19.123.$i flowid 1:$total
tc filter add dev $LAN parent ffff: protocol ip prio 50 u32 match ip
src 172.19.123.$i police rate ${UPLINK}kbit burst 10k drop flowid :1
tc filter add dev $LAN parent 1: protocol ip prio 11 u32 match ip
protocol 1 0xff flowid 1:$total match ip protocol 6 0xff match u8 0x05
0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid
1:$total
done
------------------------
Jonathan Gazeley
ResNet | Wireless & VPN Team
Information Systems & Computing
University of Bristol
------------------------
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
