* [LARTC] HTB - shaping services and IP
@ 2003-09-18 6:47 Phill
2003-09-19 4:56 ` Martin A. Brown
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Phill @ 2003-09-18 6:47 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 3136 bytes --]
Hello all,
I am trying to solve this problem for more than a month and can not still find a way how to do it.
If you could please help me and many other people interested in the same problem.
Lets say, I got this configuration
_____________________________________________ 160kbps/96kbps _____
|imq0(eth1, eth2) Linux router with NAT>ppp0|------------------------|ISP|
--------------------------------------------- -----
+|Roman| - 192.168.1.10 on eth1
+|Phill| - 192.168.2.10 on eth2
+ ...
The point is, that I want to shape the speed of each client
and I want to shape the speed of the services the client uses.
I don't use iptables to mark the packets, because the use of IMQ,
but I know that there is a patch for this.
So for ex. I want to do if the user is downloading something from FTP,
that he would be able to use the other services like websurfing
or playing games at the same speed as if he didn't download.
Roman - Rate 80 Ceil 160
+FTP Rate 1 Ceil 160
+Other Traffic Rate 79 Ceil 160
Then I got Phill with the same settings,
but that if Roman is downloading something from FTP it will slow down
while Phill is surfing the web.
There will be some clients, whoose services I dont want to shape,
that's why I want to do it this way.
Please help me any way, I tried almost everything to get this working
Thank you very much,
Phill
---This is my latest idea---
LOCAL="imq0"
NET="ppp0"
IPT=/sbin/iptables
modprobe imq numdevs=1
ip link set imq0 up
$IPT -t mangle -A PREROUTING -i ppp0 -j IMQ
tc qdisc add dev $LOCAL root handle 1: htb default 999
tc class add dev $LOCAL parent 1:0 classid 1:1 htb rate 160kbit ceil 160kbit
#Roman
tc class add dev $LOCAL parent 1:1 classid 1:110 htb rate 80kbit ceil 160kbit
tc class add dev $LOCAL parent 1:110 classid 1:1101 htb rate rate 79kbit ceil 160kbit
tc class add dev $LOCAL parent 1:110 classid 1:1102 htb rate 1kbit ceil 160kbit
tc filter add dev $LOCAL parent 1:0 protocol ip u32 match ip dst 192.168.1.10 flowid 1:110
tc filter add dev $LOCAL parent 1:110 protocol ip u32 match ip dst 192.168.1.10 flowid 1:1101
tc filter add dev $LOCAL parent 1:110 protocol ip u32 match ip dport 20 0xffff flowid 1:1102
tc filter add dev $LOCAL parent 1:110 protocol ip u32 match ip dport 21 0xffff flowid 1:1102
#Phill
tc class add dev $LOCAL parent 1:1 classid 1:210 htb rate 80kbit ceil 160kbit
tc class add dev $LOCAL parent 1:210 classid 1:2101 htb rate rate 79kbit ceil 160kbit
tc class add dev $LOCAL parent 1:210 classid 1:2102 htb rate 1kbit ceil 160kbit
tc filter add dev $LOCAL parent 1:0 protocol ip u32 match ip dst 192.168.1.10 flowid 1:210
tc filter add dev $LOCAL parent 1:210 protocol ip u32 match ip dst 192.168.1.10 flowid 1:2101
tc filter add dev $LOCAL parent 1:210 protocol ip u32 match ip dport 20 0xffff flowid 1:2102
tc filter add dev $LOCAL parent 1:210 protocol ip u32 match ip dport 21 0xffff flowid 1:2102
[-- Attachment #2: Type: text/html, Size: 6159 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] HTB - shaping services and IP
2003-09-18 6:47 [LARTC] HTB - shaping services and IP Phill
@ 2003-09-19 4:56 ` Martin A. Brown
2003-09-19 6:49 ` Phill
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Martin A. Brown @ 2003-09-19 4:56 UTC (permalink / raw)
To: lartc
Phill,
: _____________________________________________ 160kbps/96kbps _____
: |imq0(eth1, eth2) Linux router with NAT>ppp0|------------------------|ISP|
: --------------------------------------------- -----
: +|Roman| - 192.168.1.10 on eth1
: +|Phill| - 192.168.2.10 on eth2
: + ...
I don't understand what you are trying to convey with the notes "eth1/eth2"
and 160kbps/96kbps part of the diagram, but the rest makes sense to me.
I'm going to draw a picture of your traffic control structure to point out
where I think your problem lies.
root class
+ r/c 160kbit
r 80kbit | r 80kbit
c 160kbit +---------------+---------------+ c 160kbit
Roman | | Phill
+---------+---------+ +---------+---------+
| ftp other | | other ftp |
| | | |
r 1kbit r 79kbit r 79kbit r 1kbit
c 160kbit c 160kbit c 160kbit c 160kbit
Note that you have four leaf classes. Two classes, each with a rate of 79kbit
and two each with a rate of 1kbit (which HTB can't reasonably accomplish [1],
but your technique should work, anyway--keep reading).
Several items of note.
- HTB only performs shaping in the leaf classes. [2]
- HTB rate is essentially treated as a CIR, and HTB will not
check a parent class to see if a parent class is above its
rate. [2]
- The sum of the rates of your leaf classes is 160kbit. You have
committed all of your bandwidth, and left nothing for borrowing or
dynamic allocation.
Try this instead:
root class
+ r/c 160kbit
r 80kbit | r 80kbit
c 160kbit +---------------+---------------+ c 160kbit
Roman | | Phill
+---------+---------+ +---------+---------+
| ftp other | | other ftp |
| | | |
r 1kbit r 40kbit r 40kbit r 1kbit
c 160kbit c 160kbit c 160kbit c 160kbit
With this sort of configuration, the borrowing model of HTB should distribute
the leftover bandwidth in a way that seems fairer to you. You have now
guaranteed a total of 82kbit to your leaf classes and above that (sum of the
rates of the leaf classes), the leaf classes will try to borrow as much as
they can up to ceil.
: The point is, that I want to shape the speed of each client
: and I want to shape the speed of the services the client uses.
: I don't use iptables to mark the packets, because the use of IMQ,
: but I know that there is a patch for this.
I don't know what you mean in this paragraph.....
[ snipped textual description ]
: modprobe imq numdevs=1
: ip link set imq0 up
: $IPT -t mangle -A PREROUTING -i ppp0 -j IMQ
Do you need to use IMQ? It's not a bad thing to use IMQ, but if your router
is a separate machine, you can simply attach the "download" shaper to the
internal interface--the interface closest to Phill and Roman. [3]
[ snipped start of script ]
See notes above about the rate/ceil here.
: ... parent 1:0 protocol ip u32 match ip dst 192.168.1.10 flowid 1:110
: ... parent 1:110 protocol ip u32 match ip dst 192.168.1.10 flowid 1:1101
: ... parent 1:110 protocol ip u32 match ip dport 20 0xffff flowid 1:1102
: ... parent 1:110 protocol ip u32 match ip dport 21 0xffff flowid 1:1102
See note above about IMQ necessity. In particular your u32 classifier with
"ip dport 21" will never match. Do you perhaps mean "ip sport 21"? Still
probably not all that helpful. Your u32 classifier "ip dport 20" is correct,
but will only work for port mode connections. Check/search the LARTC archives
for a description of the problems involved with shaping FTP (port v. passive
mode data channel). [4]
Best of luck,
-Martin
[1] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#sharing
(see last paragraph, for mtu\x1500, r2q=1, 12kbit is minimum rate)
[2] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#hsharing
[3] http://www.docum.org/stef.coene/qos/faq/cache/9.html
[4] http://www.google.com/search?q=site%3Amailman.ds9a.nl+ftp+shaping
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] HTB - shaping services and IP
2003-09-18 6:47 [LARTC] HTB - shaping services and IP Phill
2003-09-19 4:56 ` Martin A. Brown
@ 2003-09-19 6:49 ` Phill
2003-09-19 6:57 ` Phill
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Phill @ 2003-09-19 6:49 UTC (permalink / raw)
To: lartc
WOW, thanks very much, I know I had some problems in understanding the
problem.
When I read my post I found out that it is sometimes not making sense,
sorry.
I am sending my currently working config.
It seems to be working, but I got some problems. When I start downloading
from
the web then the packets flow through class 1:11. And if I starts Dirrect
Connect(P2P)
downloading something. It gets limited to about 5-8kbytes, but I want it to
be something
like 1000kbit or less. That is my first problem.
The second problem is, that I want to make a limitation of speed to some
clients.
Lets say that user Phill won't download more then 64kbps. I don't know how
to do it.
That's why I was trying to selve it the way in previous email.
Thank you!!!!
Phill
#!/bin/sh
############################################################################
####
# HTB script made by phill
# mailto:phill@seznam.cz
############################################################################
####
LOCAL="imq0"
NET="ppp0"
CeilDownload\x170
CeilDouwnloadDC\x120 #max download speed for direct connect
CeilUpload–
CeilUploadDC\x16 #max upload speed for direct connect
############################################################################
####
#echo -n "Starting HTB..."
############################################################################
####
modprobe imq numdevs=1
ip link set imq0 up
############################################################################
####
# Download part ...
############################################################################
####
tc qdisc add dev $LOCAL root handle 1: htb default 14
tc class add dev $LOCAL parent 1: classid 1:1 htb rate ${CeilDownload}kbit
ceil ${CeilDownload}kbit
#11-->Fast-WWW,telnet,ssh,ping,...
tc class add dev $LOCAL parent 1:1 classid 1:11 htb rate 100kbit ceil
${CeilDownload}kbit prio 1 burst 15k quantum 100
#12-->Medium-eMail
tc class add dev $LOCAL parent 1:1 classid 1:12 htb rate 25kbit ceil ${
CeilDownload}kbit prio 2 burst 5k quantum 100
#13-->Slow-FTP
tc class add dev $LOCAL parent 1:1 classid 1:13 htb rate 25kbit ceil
${CeilDownload}kbit prio 3 burst 15k quantum 100
#14-->Other stuff-Default
tc class add dev $LOCAL parent 1:1 classid 1:14 htb rate 18kbit ceil
${CeilDownload}kbit prio 4 burst 5k quantum 100
#15-->DC,eDonkey
tc class add dev $LOCAL parent 1:1 classid 1:15 htb rate 2kbit ceil
${CeilDownloadDC}kbit prio 5 quantum 1
tc filter add dev $LOCAL parent 1:0 protocol ip prio 1 handle 1 fw classid
1:11
tc filter add dev $LOCAL parent 1:0 protocol ip prio 2 handle 2 fw classid
1:12
tc filter add dev $LOCAL parent 1:0 protocol ip prio 3 handle 3 fw classid
1:13
tc filter add dev $LOCAL parent 1:0 protocol ip prio 4 handle 4 fw classid
1:14
tc filter add dev $LOCAL parent 1:0 protocol ip prio 5 handle 5 fw classid
1:15
#sfq
tc qdisc add dev $LOCAL parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:13 handle 13: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:14 handle 14: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:15 handle 15: sfq perturb 10
#IPTABLES
#default
iptables -A PREROUTING -t mangle -j MARK --set-mark 0x4
#11
#WWW without squida
iptables -A PREROUTING -t mangle -p tcp --sport 80 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p tcp --sport 443 -j
MARK --set-mark 0x1
#WWW through squid <???>
#dont know how but lets say everything going to the router machine
will
#have this class. This works :->
iptables -A PREROUTING -t mangle -p tcp -s 192.168.1.1 -j
MARK --set-mark 0x1
#telnet
iptables -A PREROUTING -t mangle -p tcp --sport 23 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 23 -j
MARK --set-mark 0x1
#ssh
iptables -A PREROUTING -t mangle -p tcp --sport 22 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 22 -j
MARK --set-mark 0x1
#icmp
iptables -A PREROUTING -t mangle -p icmp -j MARK --set-mark 0x1
#dns
iptables -A PREROUTING -t mangle -p tcp --sport 53 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 53 -j
MARK --set-mark 0x1
#ack
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j MARK --set-mark 0x1
#12
#pop3
iptables -A PREROUTING -t mangle -p tcp --sport 110 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 110 -j MARK --set-mark
0x2
#smtp
iptables -A PREROUTING -t mangle -p tcp --sport 25 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 25 -j MARK --set-mark
0x2
#imap
iptables -A PREROUTING -t mangle -p tcp --sport 143 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 143 -j MARK --set-mark
0x2
#13
#ftp
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 20:21 -j
MARK --set-mark 0x3
#14
#Other stuff...DEFAULT!!!
#15
#DC 2 users, 2 ports 412,414
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 412 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 412 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 414 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 414 -j
MARK --set-mark 0x5
#eDonkey
iptables -A PREROUTING -t mangle -p tcp --sport 4662 -j MARK --set-mark
0x5
iptables -A PREROUTING -t mangle -p tcp --dport 4662 -j MARK --set-mark
0x5
############################################################################
####
# Download part ... OK
############################################################################
####
############################################################################
####
# Upload part ...
############################################################################
####
tc qdisc add dev $NET root handle 2: htb default 21
tc class add dev $NET parent 2: classid 2:1 htb rate ${CeilUpload}kbit
ceil ${CeilUpload}kbit
#11-->Fast-everything...Default
tc class add dev $NET parent 2:1 classid 2:11 htb rate 90kbit ceil
${CeilUpload}kbit prio 7 burst 15k
#12-->Slow-DC,edonkey upload
tc class add dev $NET parent 2:1 classid 2:12 htb rate 6kbit ceil
${CeilUploadDC}kbit prio 8 burst 5k quantum 1
tc filter add dev $NET parent 2:0 protocol ip prio 1 handle 1 fw classid
2:11
tc filter add dev $NET parent 2:0 protocol ip prio 5 handle 5 fw classid
2:12
############################################################################
####
# Upload part ... OK
############################################################################
####
iptables -t mangle -A PREROUTING -i ppp0 -j IMQ
echo " OK"
> Phill,
>
> : _____________________________________________ 160kbps/96kbps
_____
> : |imq0(eth1, eth2) Linux router with
NAT>ppp0|------------------------|ISP|
>
------------------------- -----
> : +|Roman| - 192.168.1.10 on eth1
> : +|Phill| - 192.168.2.10 on eth2
> : + ...
>
> I don't understand what you are trying to convey with the notes
"eth1/eth2"
> and 160kbps/96kbps part of the diagram, but the rest makes sense to me.
>
> I'm going to draw a picture of your traffic control structure to point out
> where I think your problem lies.
>
> root class
> + r/c 160kbit
> r 80kbit | r 80kbit
> c 160kbit +---------------+---------------+ c 160kbit
> Roman | | Phill
> +---------+---------+ +---------+---------+
> | ftp other | | other ftp |
> | | | |
> r 1kbit r 79kbit r 79kbit r 1kbit
> c 160kbit c 160kbit c 160kbit c 160kbit
>
>
> Note that you have four leaf classes. Two classes, each with a rate of
79kbit
> and two each with a rate of 1kbit (which HTB can't reasonably accomplish
[1],
> but your technique should work, anyway--keep reading).
>
> Several items of note.
>
> - HTB only performs shaping in the leaf classes. [2]
> - HTB rate is essentially treated as a CIR, and HTB will not
> check a parent class to see if a parent class is above its
> rate. [2]
> - The sum of the rates of your leaf classes is 160kbit. You have
> committed all of your bandwidth, and left nothing for borrowing or
> dynamic allocation.
>
> Try this instead:
>
> root class
> + r/c 160kbit
> r 80kbit | r 80kbit
> c 160kbit +---------------+---------------+ c 160kbit
> Roman | | Phill
> +---------+---------+ +---------+---------+
> | ftp other | | other ftp |
> | | | |
> r 1kbit r 40kbit r 40kbit r 1kbit
> c 160kbit c 160kbit c 160kbit c 160kbit
>
>
> With this sort of configuration, the borrowing model of HTB should
distribute
> the leftover bandwidth in a way that seems fairer to you. You have now
> guaranteed a total of 82kbit to your leaf classes and above that (sum of
the
> rates of the leaf classes), the leaf classes will try to borrow as much as
> they can up to ceil.
>
> : The point is, that I want to shape the speed of each client
> : and I want to shape the speed of the services the client uses.
> : I don't use iptables to mark the packets, because the use of IMQ,
> : but I know that there is a patch for this.
>
> I don't know what you mean in this paragraph.....
>
> [ snipped textual description ]
>
> : modprobe imq numdevs=1
> : ip link set imq0 up
> : $IPT -t mangle -A PREROUTING -i ppp0 -j IMQ
>
> Do you need to use IMQ? It's not a bad thing to use IMQ, but if your
router
> is a separate machine, you can simply attach the "download" shaper to the
> internal interface--the interface closest to Phill and Roman. [3]
>
> [ snipped start of script ]
>
> See notes above about the rate/ceil here.
>
> : ... parent 1:0 protocol ip u32 match ip dst 192.168.1.10 flowid 1:110
> : ... parent 1:110 protocol ip u32 match ip dst 192.168.1.10 flowid
1:1101
> : ... parent 1:110 protocol ip u32 match ip dport 20 0xffff flowid 1:1102
> : ... parent 1:110 protocol ip u32 match ip dport 21 0xffff flowid 1:1102
>
> See note above about IMQ necessity. In particular your u32 classifier
with
> "ip dport 21" will never match. Do you perhaps mean "ip sport 21"? Still
> probably not all that helpful. Your u32 classifier "ip dport 20" is
correct,
> but will only work for port mode connections. Check/search the LARTC
archives
> for a description of the problems involved with shaping FTP (port v.
passive
> mode data channel). [4]
>
> Best of luck,
>
> -Martin
>
> [1] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#sharing
> (see last paragraph, for mtu\x1500, r2q=1, 12kbit is minimum rate)
> [2] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#hsharing
> [3] http://www.docum.org/stef.coene/qos/faq/cache/9.html
> [4] http://www.google.com/search?q=site%3Amailman.ds9a.nl+ftp+shaping
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] HTB - shaping services and IP
2003-09-18 6:47 [LARTC] HTB - shaping services and IP Phill
2003-09-19 4:56 ` Martin A. Brown
2003-09-19 6:49 ` Phill
@ 2003-09-19 6:57 ` Phill
2003-09-21 5:22 ` Martin A. Brown
2003-09-21 6:25 ` Phill
4 siblings, 0 replies; 6+ messages in thread
From: Phill @ 2003-09-19 6:57 UTC (permalink / raw)
To: lartc
I am sending the script onesmore, because the lines are longer than 80 chars.
Thanx,
Phill
#!/bin/sh
################################################################################
# HTB script made by phill
# mailto:phill@seznam.cz
################################################################################
LOCAL="imq0"
NET="ppp0"
CeilDownload\x170
CeilDouwnloadDC\x120 #max download speed for direct connect
CeilUpload–
CeilUploadDC\x16 #max upload speed for direct connect
################################################################################
#echo -n "Starting HTB..."
################################################################################
modprobe imq numdevs=1
ip link set imq0 up
################################################################################
# Download part ...
################################################################################
tc qdisc add dev $LOCAL root handle 1: htb default 14
tc class add dev $LOCAL parent 1: classid 1:1 htb rate ${CeilDownload}kbit
ceil ${CeilDownload}kbit
#11-->Fast-WWW,telnet,ssh,ping,...
tc class add dev $LOCAL parent 1:1 classid 1:11 htb rate 100kbit ceil
${CeilDownload}kbit prio 1 burst 15k quantum 100
#12-->Medium-eMail
tc class add dev $LOCAL parent 1:1 classid 1:12 htb rate 25kbit ceil
${CeilDownload}kbit prio 2 burst 5k quantum 100
#13-->Slow-FTP
tc class add dev $LOCAL parent 1:1 classid 1:13 htb rate 25kbit ceil
${CeilDownload}kbit prio 3 burst 15k quantum 100
#14-->Brak-Default
tc class add dev $LOCAL parent 1:1 classid 1:14 htb rate 18kbit ceil
${CeilDownload}kbit prio 4 burst 5k quantum 100
#15-->DC,eDonkey
tc class add dev $LOCAL parent 1:1 classid 1:15 htb rate 2kbit ceil
${CeilDownloadDC}kbit prio 5 quantum 1
tc filter add dev $LOCAL parent 1:0 protocol ip prio 1 handle 1 fw classid 1:11
tc filter add dev $LOCAL parent 1:0 protocol ip prio 2 handle 2 fw classid 1:12
tc filter add dev $LOCAL parent 1:0 protocol ip prio 3 handle 3 fw classid 1:13
tc filter add dev $LOCAL parent 1:0 protocol ip prio 4 handle 4 fw classid 1:14
tc filter add dev $LOCAL parent 1:0 protocol ip prio 5 handle 5 fw classid 1:15
#sfq
tc qdisc add dev $LOCAL parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:13 handle 13: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:14 handle 14: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:15 handle 15: sfq perturb 10
#IPTABLES
#default
iptables -A PREROUTING -t mangle -j MARK --set-mark 0x4
#11
#WWW without squida
iptables -A PREROUTING -t mangle -p tcp --sport 80 -j MARK --set-mark
0x1
iptables -A PREROUTING -t mangle -p tcp --sport 443 -j MARK --set-mark
0x1
#WWW through squid <???>
#dont know how but lets say everything going to the router machine will
#have this class. This works :->
iptables -A PREROUTING -t mangle -p tcp -s 192.168.1.1 -j
MARK --set-mark 0x1
#telnet
iptables -A PREROUTING -t mangle -p tcp --sport 23 -j MARK --set-mark
0x1
iptables -A PREROUTING -t mangle -p udp --sport 23 -j MARK --set-mark
0x1
#ssh
iptables -A PREROUTING -t mangle -p tcp --sport 22 -j MARK --set-mark
0x1
iptables -A PREROUTING -t mangle -p udp --sport 22 -j MARK --set-mark
0x1
#icmp
iptables -A PREROUTING -t mangle -p icmp -j MARK --set-mark 0x1
#dns
iptables -A PREROUTING -t mangle -p tcp --sport 53 -j MARK --set-mark
0x1
iptables -A PREROUTING -t mangle -p udp --sport 53 -j MARK --set-mark
0x1
#ack
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN -j MARK --set-mark 0x1
#12
#pop3
iptables -A PREROUTING -t mangle -p tcp --sport 110 -j MARK --set-mark 0x2
iptables -A PREROUTING -t mangle -p udp --sport 110 -j MARK --set-mark 0x2
#smtp
iptables -A PREROUTING -t mangle -p tcp --sport 25 -j MARK --set-mark 0x2
iptables -A PREROUTING -t mangle -p udp --sport 25 -j MARK --set-mark 0x2
#imap
iptables -A PREROUTING -t mangle -p tcp --sport 143 -j MARK --set-mark 0x2
iptables -A PREROUTING -t mangle -p udp --sport 143 -j MARK --set-mark 0x2
#13
#ftp
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 20:21 -j
MARK --set-mark 0x3
#14
#Brak...DEFAULT!!!
#15
#DC 2 users, 2 ports 412,414
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 412 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 412 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 414 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 414 -j
MARK --set-mark 0x5
#eDonkey
iptables -A PREROUTING -t mangle -p tcp --sport 4662 -j MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp --dport 4662 -j MARK --set-mark 0x5
################################################################################
# Download part ... OK
################################################################################
################################################################################
# Upload part ...
################################################################################
tc qdisc add dev $NET root handle 2: htb default 21
tc class add dev $NET parent 2: classid 2:1 htb rate ${CeilUpload}kbit ceil
${CeilUpload}kbit
#11-->Fast-everything...Default
tc class add dev $NET parent 2:1 classid 2:11 htb rate 90kbit ceil
${CeilUpload}kbit prio 7 burst 15k
#12-->Slow-DC,edonkey upload
tc class add dev $NET parent 2:1 classid 2:12 htb rate 6kbit ceil
${CeilUploadDC}kbit prio 8 burst 5k quantum 1
tc filter add dev $NET parent 2:0 protocol ip prio 1 handle 1 fw classid 2:11
tc filter add dev $NET parent 2:0 protocol ip prio 5 handle 5 fw classid 2:12
################################################################################
# Upload part ... OK
################################################################################
iptables -t mangle -A PREROUTING -i ppp0 -j IMQ
echo " OK"
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] HTB - shaping services and IP
2003-09-18 6:47 [LARTC] HTB - shaping services and IP Phill
` (2 preceding siblings ...)
2003-09-19 6:57 ` Phill
@ 2003-09-21 5:22 ` Martin A. Brown
2003-09-21 6:25 ` Phill
4 siblings, 0 replies; 6+ messages in thread
From: Martin A. Brown @ 2003-09-21 5:22 UTC (permalink / raw)
To: lartc
Hi Phill,
: CeilDouwnloadDC\x120 #max download speed for direct connect
Is this a typographical error? "CeilDownloadDC" instead of what you have
written?
[ snip ]
: #11-->Fast-WWW,telnet,ssh,ping,...
: tc class add dev $LOCAL parent 1:1 classid 1:11 htb rate 100kbit ceil
: ${CeilDownload}kbit prio 1 burst 15k quantum 100
I don't think this is a good idea for a quantum size. I'd suggest a
quantum of minimum MTU size.
[ snip ]
: tc class add dev $LOCAL parent 1:1 classid 1:15 htb rate 2kbit ceil
: ${CeilDownloadDC}kbit prio 5 quantum 1
Did you meant to set r2q to 1? A quantum of one penalizes this class
severely.
[ snip sfqs and fw classifiers/filters ]
( good idea to add the terminal sfq qdiscs )
[ snip many iptables rules ]
: ################################################################################
: # Upload part ...
: ################################################################################
:
: tc qdisc add dev $NET root handle 2: htb default 21
:
: tc class add dev $NET parent 2: classid 2:1 htb rate ${CeilUpload}kbit ceil
: ${CeilUpload}kbit
:
: #11-->Fast-everything...Default
: tc class add dev $NET parent 2:1 classid 2:11 htb rate 90kbit ceil
: ${CeilUpload}kbit prio 7 burst 15k
Good! You should get decent interactive performance out of this class!
: #12-->Slow-DC,edonkey upload
: tc class add dev $NET parent 2:1 classid 2:12 htb rate 6kbit ceil
: ${CeilUploadDC}kbit prio 8 burst 5k quantum 1
Again, with a quantum of 1, you several penalize this upload. I would
agree that this is a good class to penalize. There is no reason to give
away your bandwidth, but this will limit the upload rate to an almost
neglible rate.
Best of luck, Phill,
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] HTB - shaping services and IP
2003-09-18 6:47 [LARTC] HTB - shaping services and IP Phill
` (3 preceding siblings ...)
2003-09-21 5:22 ` Martin A. Brown
@ 2003-09-21 6:25 ` Phill
4 siblings, 0 replies; 6+ messages in thread
From: Phill @ 2003-09-21 6:25 UTC (permalink / raw)
To: lartc
Hello,
> : CeilDouwnloadDC\x120 #max download speed for direct connect
>
> Is this a typographical error? "CeilDownloadDC" instead of what you have
> written?
YES, This is a mistake I know about. I have fixed it already. Sorry
> : #11-->Fast-WWW,telnet,ssh,ping,...
> : tc class add dev $LOCAL parent 1:1 classid 1:11 htb rate 100kbit ceil
> : ${CeilDownload}kbit prio 1 burst 15k quantum 100
>
> I don't think this is a good idea for a quantum size. I'd suggest a
> quantum of minimum MTU size.
Ok, I will raise it. I thought that if it is too big, it will take a larger time
to send the packets then.
I want the ping to be as small as possible (fast surfing and game playing-rulles
not added yet).
I guess that quantum 2000 is ok.
>
> : tc class add dev $LOCAL parent 1:1 classid 1:15 htb rate 2kbit ceil
> : ${CeilDownloadDC}kbit prio 5 quantum 1
>
> Did you meant to set r2q to 1? A quantum of one penalizes this class
> severely.
No, I wanted DC (Direct connect -P2P program?) not to eat my bandwidth,
to have the lowest priority. With this settings it almost stops. Is there
anything
else I could do for that. I really want it to stop sending data if some one is
useing the line.
Should I leave the quantum parameter,or change it to what?
> ( good idea to add the terminal sfq qdiscs )
> :
################################################################################
> : # Upload part ...
> :
################################################################################
> :
> : tc qdisc add dev $NET root handle 2: htb default 21
> :
> : tc class add dev $NET parent 2: classid 2:1 htb rate ${CeilUpload}kbit
ceil
> : ${CeilUpload}kbit
> :
> : #11-->Fast-everything...Default
> : tc class add dev $NET parent 2:1 classid 2:11 htb rate 90kbit ceil
> : ${CeilUpload}kbit prio 7 burst 15k
>
> Good! You should get decent interactive performance out of this class!
>
> : #12-->Slow-DC,edonkey upload
> : tc class add dev $NET parent 2:1 classid 2:12 htb rate 6kbit ceil
> : ${CeilUploadDC}kbit prio 8 burst 5k quantum 1
>
> Again, with a quantum of 1, you several penalize this upload. I would
> agree that this is a good class to penalize. There is no reason to give
> away your bandwidth, but this will limit the upload rate to an almost
> neglible rate.
The same problem as above. I dont want to give the upload speed to DC,
that's why the rate is small and cail too. I thought that if I set quantum small
it will be good too. Am I right?
BTW I meassured that the rate matches the CeilUploadDC parametr.
---------------
I have tweaked the script to this state and it works. Of course I want to fix
these mistakes. I am very glad, that you are helping me!!!
The next thing is, that I wanted to shape the traffic for each user.
Lets say I want to shape speed of one user with IP 192.168.2.10 to rate 32 ceil
64.
Is there a way how to implement it to this script? Because really I like this
script,
which helps interactive traffic and web browsing.
If you have some code you can send me, I will be very happy. Don't matter what
it is,
that's the best way to learn from. If you do send them please to my private
phill@seznam.cz. Thanks
Thanks for your help,
Phill
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2003-09-21 6:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-09-18 6:47 [LARTC] HTB - shaping services and IP Phill
2003-09-19 4:56 ` Martin A. Brown
2003-09-19 6:49 ` Phill
2003-09-19 6:57 ` Phill
2003-09-21 5:22 ` Martin A. Brown
2003-09-21 6:25 ` Phill
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.