From: Andrew Beverley <andy@andybev.com>
To: J Webster <webster_jack@hotmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: limit badwidth not working
Date: Sun, 02 Jan 2011 16:43:20 +0000 [thread overview]
Message-ID: <1293986600.1936.46.camel@steve-pc> (raw)
In-Reply-To: <BAY145-ds16C678B220343FEE352F61F3060@phx.gbl>
On Sun, 2011-01-02 at 16:18 +0100, J Webster wrote:
> > On Tue, 2010-12-28 at 12:12 +0100, J Webster wrote:
> >> I have a setup where uisers connect by VPN and are given IP addresses in
> >> the
> >> range 10.8.0.xxx
> >
> > I can't advise on the VPN aspects of this, but see below for some
> > general comments.
> >
> >> I would like to limit their bandwidth to 1.5Mbps per IP address.
<rant> Please don't top post. Even better, please also use an email
client that does proper quoting </rant>
> Do you know of any tutorials on this with examples? I've looked through the
> main tc tutorials and they are pretty hard to follow.
>
I found the following webpage to be really useful:
http://www.opalsoft.net/qos/DS-28.htm
> Re connections, my network is 100Mbps, I want to leave that as unlimited so
> their is no overall bucket level.
> Users connect to the VPN and each of the IP addresses connected to the VPN
> should have a limit of 1.5Mbps.
>
The following is untested, but should give you an idea. $DEV should be
the *outbound* device, on the local network side, not the internet side.
# Add root qdisc
tc qdisc add dev $DEV root handle 1: htb
# Add parent class. The limit here should add up to all the leaf classes
tc class add dev $DEV parent 1: classid 1:1 htb rate 4.5mbit burst 15k
# Add leaf classes, each with 1.5mbit limit
tc class add dev $DEV parent 1:1 classid 1:10 htb rate 1.5mbit ceil 1.5mbit
tc class add dev $DEV parent 1:1 classid 1:20 htb rate 1.5mbit ceil 1.5mbit
tc class add dev $DEV parent 1:1 classid 1:30 htb rate 1.5mbit ceil 1.5mbit
...
# Add a filter to each leaf class to pipe in the traffic for each IP address
U32="tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32"
$U32 match ip dst 10.0.8.1 flowid 1:10
$U32 match ip dst 10.0.8.2 flowid 1:20
$U32 match ip dst 10.0.8.3 flowid 1:30
...
Andy
next prev parent reply other threads:[~2011-01-02 16:43 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-07 1:23 OpenVPN throttling problem J Webster
2010-09-07 11:09 ` Thomas Jacob
2010-09-07 14:25 ` J Webster
2010-09-07 15:05 ` Thomas Jacob
2010-09-07 15:12 ` J Webster
2010-09-07 15:20 ` Thomas Jacob
2010-09-07 15:25 ` J Webster
2010-09-07 15:37 ` Thomas Jacob
2010-09-08 16:18 ` J Webster
2010-09-07 16:48 ` Payam Chychi
2010-12-28 11:12 ` limit badwidth not working J Webster
2011-01-01 16:08 ` Andrew Beverley
2011-01-02 15:18 ` J Webster
2011-01-02 16:43 ` Andrew Beverley [this message]
2011-01-02 18:56 ` J Webster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1293986600.1936.46.camel@steve-pc \
--to=andy@andybev.com \
--cc=netfilter@vger.kernel.org \
--cc=webster_jack@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.