Re: [LARTC] limiting bandwidth on a sequence of ports.

[Andy Furniss <andy.furniss@dsl.pipex.com>]

David Eduardo Gómez Noguera wrote:
> Hello.
> I have just started using iproute2 commands, and I am having a go at
> making bittorrent use the same bandwidth for upload as for download. 
> 
> I am stuck I think in understanding speeds
> I connect to the internet through a router modem which gets the real IP
> and assigns me a private ip through dhcp. So this router can handle a
> private network, and route it to the internet, pressumably with nat.
> It is a 2wire ruter-modem
> 
> I have come up with the next small script, which doesn't works as I
> expected:
> ------------
> #!/bin/sh
> 
> DEV=eth0
> NET="172.16.0.1/16"
> 
> # Internal network works at 100mbps, which is also supported by the
> router. I don't understand burst that much, I used that value out of the
> examples from the HOW-TO.
> tc class add dev $DEV parent 1: classid 1:1 htb rate 100mbit burst 15k
> #The ADS connection is 256/126 kbps, So I set up another class for
> connections to the internet.
> tc class add dev $DEV parent 1: classid 1:2 htb rate 128kbit burst 1024
>                                                                                                                                                              
> # These also out from the HOW-TO.
> # I will filter the internal network 172.16.0.1/16 into the class 1:1,
> and let class 1:2 be the default
> tc qdisc add dev $DEV parent 1:1 handle 10: sfq perturb 10
> tc qdisc add dev $DEV parent 1:2 handle 20: sfq perturb 10
>                                                                                                                                                              
> # Here I filter connections with a FLAG 20, which I assign through
> iptables to every conection with destination network 172.16.0.1/16.
> # So far so good
> tc filter add dev $DEV parent 1:0 protocol ip prio 1 handle 20 fw flowid
> 1:1
> iptables -A OUTPUT -t mangle -o $DEV -d $NET -j MARK --set-mark 20
> 
> # Now I want to limit badwidth for connections between the client (which
> is running iptables here) and the internet in ports 6881:6999
> # So I flag connections with source not in the private network, and
> ports 6881:6999 with flag 21, and have an ingress qdisc created with id
> ffff:0
> 
> tc qdisc add dev $DEV handle ffff: ingress
> iptables -A PREROUTING -t mangle -i $DEV -s '!' $NET -p tcp
> --source-port "6881:6999" -j MARK --set-mark 21
> iptables -A PREROUTING -t mangle -i $DEV -s '!' $NET -p tcp
> --destination-port "6881:6999" -j MARK --set-mark 21
> # And add a filter to the ingress to drop packages that come faster than
> 128 kbps.
> tc filter add dev $DEV parent ffff: protocol ip prio 5 handle 21 fw
> police burst 5k rate 128kbps avrate 128kbps drop flowid :1
> 
> -----------------

kbps means k bytes - use kbit for your rates.

You can't guarantee getting all bittorrent traffic by just doing the ports.

If you wan't to be sure you may need something like ipp2p or l7filter.

> 
> Any Idea what am I doing wrong? If I lower the burst, which I Think I
> haven't understood yet, to like 1k, the bandwidth will drop to zero.
> Else, it will barely move. Maybe I got the rate wrong?

I guess the burst on the ingress policer needs to be > MTU (not on htb 
though)

> 
> Just one extra question, the flowid I also got it from the examples, but
> I havent found and explanation yet why its ":1" instead of a full id in
> the examples.

If you mean 1: it's just shorthand for 1:0

Andy.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/