Raymond Leach wrote:
Hi all
Am I going about this in the right way?
This is what I plan to do :
1. Outgoing www traffic originating from our web servers has priority 1
with min 30% bandwidth and max 60% bandwidth.
2. Outgoing mail traffic (smtp and pop3) originating from our mail
servers has priority 2 with min 5% bandwidth and max 20% bandwidth.
3. Outgoing ftp traffic originating from our ftp servers has priority 3
with min 5% bandwidth and max 10% bandwidth.
4. All other traffic has priority 4 with min 0% bandwidth and max 10%
bandwidth.
I was thinking of using htb and sfq. What should my 'tree that is not a
tree' look like?
I was also planning to use netfilter iptables to mark the traffic and
use tc to filter the packets based on the mark (let's say 1,2,3,4
corresponding to the priorities above).
Any suggestions?
I thought my tree would look something like this:
10: (htb)
|
10:1 (htb)
(rate 512kbps, ceil 512kbps)
|
________________________________________________________
| | | |
10:10 (htb) 10:20 (htb) 10:30 (htb) 10:40 (htb)
(rate 153kbps, (rate 25kbps, (rate 25kbps, (rate 0kbps,
ceil 306kbps) ceil 102kbps) ceil 50kbps) ceil 50kbps)
| | | |
SFQ SFQ SFQ SFQ
Does my tree look correct? Will this tree honour the priorities I want
to set? Is netfilter FWMARK the right way to go here?
Regards
Ray
Maybe you can use it.
You need this:
http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz
(The tc binary is needed without the right version it won´t work)
Insert all QOS stuff from kernel sources in your kernel.
put this as qos-on script.
-----------------------------------------
#!/bin/sh
#
# Shell-Skript fuer Quality of Service mit HTB
#
EXTIF=ppp0
INTIF=eth0
############
# Outgoing
############
## Root
tc qdisc add dev $EXTIF root handle 1:0 htb default 12
## Hauptklasse
tc class add dev $EXTIF parent 1:0 classid 1:1 htb rate 125kbit ceil 125kbit
## Klasse fuer ACK
tc class add dev $EXTIF parent 1:1 classid 1:10 htb rate 10kbit ceil 125kbit prio 0
## Klasse fuer VPN/SSH
tc class add dev $EXTIF parent 1:1 classid 1:11 htb rate 30kbit ceil 125kbit prio 1
## Klasse fuer normalen Traffic
tc class add dev $EXTIF parent 1:1 classid 1:12 htb rate 75kbit ceil 125kbit prio 2
## Klasse fuer Bulk
tc class add dev $EXTIF parent 1:1 classid 1:13 htb rate 10kbit ceil 100kbit prio 3
# ACKs
#iptables -A OUTPUT -t mangle -o $EXTIF -p tcp -m length --length :64 -j MARK --set-mark 10
# VPN/IPsec
iptables -A POSTROUTING -t mangle -o $EXTIF -p 50 -j MARK --set-mark 11
# SSH
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 22 -j MARK --set-mark 11
## lokaler SSH Server auf Port 4444
## iptables -A OUTPUT -t mangle -o $EXTIF -p tcp --sport 4444 -j MARK --set-mark 11
## SMTP
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 25 -j MARK --set-mark 13
# eDonkey
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 4662 -j MARK --set-mark 13
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 4662 -j MARK --set-mark 13
tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11
# default: 1:12
tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13
###########
# Incoming
###########
tc qdisc add dev $INTIF root handle 2:0 htb default 20
tc class add dev $INTIF parent 2:0 classid 2:2 htb rate 750kbit ceil 750kbit
tc class add dev $INTIF parent 2:2 classid 2:20 htb rate 500kbit ceil 700kbit prio 1
tc class add dev $INTIF parent 2:2 classid 2:21 htb rate 150kbit ceil 750kbit prio 0
tc class add dev $INTIF parent 2:2 classid 2:22 htb rate 100kbit ceil 500kbit prio 3
# ACKs
#iptables -A POSTROUTING -t mangle -o $INTIF -m length --length :200 -j MARK --set-mark 21
# SSH
#iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --sport 22 -j MARK --set-mark 21
# eDonkey
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --dport 4662 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --sport 4662 -j MARK --set-mark 22
# zu drosselnder Rechner
#iptables -A POSTROUTING -t mangle -o $INTIF -d 192.168.111.1 -j MARK --set-mark 22
tc filter add dev $INTIF parent 2:0 prio 0 protocol ip handle 21 fw flowid 2:21
tc filter add dev $INTIF parent 2:0 prio 0 protocol ip handle 22 fw flowid 2:22
#########
# SFQ
#########
tc qdisc add dev $EXTIF parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $EXTIF parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $EXTIF parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev $EXTIF parent 1:13 handle 13: sfq perturb 10
tc qdisc add dev $INTIF parent 2:20 handle 20: sfq perturb 10
tc qdisc add dev $INTIF parent 2:21 handle 21: sfq perturb 10
tc qdisc add dev $INTIF parent 2:22 handle 22: sfq perturb 10
-----------------------------------------------------------------------
and this as qos-off script.
-----------------------------------------------------------------
# /bin/sh
EXTIF=ppp0
INTIF=eth0
iptables -F -t mangle
tc qdisc del dev $EXTIF root 2> /dev/null > /dev/null
tc qdisc del dev $EXTIF ingress 2> /dev/null > /dev/null
tc qdisc del dev $INTIF root 2> /dev/null > /dev/null
tc qdisc del dev lo root 2> /dev/null > /dev/null
----------------------------------------------------------------
Have a nice day,
Joerg Esser
