[LARTC] tc/htb QoS script

["Ulrich Pöschl" <poeschl@wir-sind.org>]

hello folks,

this is my first post to that list. so I hope I am not completely OT 
here :-)

reading the (excellent!) lartc and then writing my own qos-script I have 
still some open questions which I will try to formulate now:

- "Now we can optionally attach queuing disciplines to the leaf classes. 
If none is specified the default is pfifo." - I can't find info about 
Pfifo. is it the same as pfifo_fast?
what happenes when I do not add queuing disciplines to the leaf classes? 
only the filters?


- can a class burst above the ceil-parameter when there is NO other 
traffic on the line at that moment?

- what happens when a packet passing trough the filters can be matched 
by two filters? f.e. I have a "general" type of WWW-port 80 filter and 
another WWW-port 80 filter to a certain subnet. is it like a cisco ACL? 
the first hit is applied?

- is hardware a criteria? i want to shape a pretty full 2048/2048 line 
and use an old server with 2 NICs at the moment. 128 MB ram, but gnome 
running.. :) could I create a bottleneck by doing so?


- question concerning the script (below):
it is quite simple. I want to filter any traffic going to an "SAP" 
subnet. (where we have the SAP-system) and WWW as well as email
i apply it to interface eth0 and eth1 (which are part of an ethernet 
bridge br0).
as there are all servers on one side of the bridge and I want it to be 
"plug and play"-like I apply the same script to both interfaces.

The setup is like this:
[Manchester] (~250 Clients) ---> Transparent QoS-Bridge ----> ROUTER 
-------- FR WAN 2 Mbit ------> [AT/Vienna] (Mailserver, Proxy, SAP)

- and: will my script work as expected with that setup? :)

thanks in advance and kind regards,

Ulrich




#!/bin/sh
#
############ Configuration part ##############
         
DEVICE=$1       # interface (eth0 / eth1)

Bandwidth 48kbit  # rate of WAN - line / remember you can't ceil this 
or you'll experience latency. 75-80% of ceil is a good place to start.

rateSAP\x1024kbit
ceilSAP 48kbit
prioSAP=1

rateEMAILQ2kbit
ceilEMAILv8kbit
prioEMAIL=3

rateWEBv8kbit
ceilWEB\x1024kbit
prioWEB=2

rateBulkQ2kbit
ceilBULKv8kbit
prioBULK=4

rateVIEMON02Q2kbit
ceilVIEMON02€0kbit
prioVIEMON02=1


VIEMON02="172.24.69.34"

SAPNET="172.24.64.0/24"

PROXY="172.24.69.21/32"

MAILSERVER="172.24.69.23/32"

TCCLASS="tc class add dev $DEVICE"
TCQDISC="tc qdisc add dev $DEVICE"


############ End of configuration part ##############



#####################################

# Delete any old rules #
tc qdisc del root dev $DEVICE

# root qdisc /  qdisc = queueing discipline #
tc qdisc add dev $DEVICE root handle 1: htb default 16

# ceil hier eigentlich redundant - da es
$TCCLASS parent 1: classid 1:1 htb rate $Bandwidth ceil $Bandwidth

# child qdiscs (like child nodes on a tree) #
$TCCLASS parent 1:1 classid 1:11 htb rate $rateEMAIL ceil $ceilEMAIL 
prio $prioEMAIL

$TCCLASS parent 1:1 classid 1:12 htb rate $rateSAP ceil $ceilSAP prio 
$prioSAP

$TCCLASS parent 1:1 classid 1:13 htb rate $rateWEB ceil $ceilWEB prio 
$prioWEB

$TCCLASS parent 1:1 classid 1:14 htb rate $rateVIEMON02 ceil 
$ceilVIEMON02 prio $prioVIEMON02


$TCCLASS parent 1:1 classid 1:16 htb rate $rateBulk ceil $ceilBULK prio 
$prioBULK

########################################################################################################
# To continue let's add a pfifo queuing discipline to each of the 
service classes;

$TCQDISC parent 1:11 handle 110: pfifo limit 10
$TCQDISC parent 1:12 handle 120: pfifo limit 10
$TCQDISC parent 1:13 handle 130: pfifo limit 10
$TCQDISC parent 1:14 handle 140: pfifo limit 10

# BULK
$TCQDISC parent 1:16 handle 160: sfq perturb 20


########################################################################################################
# Filter definitions for traffic matching
########################################################################################################


############### SAP ##############
# all SAP-systems are in the same subnet - all traffic from/to that 
subnet is business-critical

tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match 
ip src $SAPNET flowid 1:12
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match 
ip dst $SAPNET flowid 1:12

# A little tweaking.... :-)
# match icmp echo request
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match 
ip icmp_type 0x08 0xff flowid 1:12
# match icmp echo reply
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match 
ip icmp_type 0x00 0xff flowid 1:12




############### WEB ###############
# Web-surfing only possible via $PROXY-Server

tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 match 
ip src $PROXY flowid 1:13
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 match 
ip dst $PROXY flowid 1:13
#tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 
match ip dport 80 flowid 1:13


############### EMAIL ################

tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioEMAIL u32 
match ip src $MAILSERVER flowid 1:11
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioEMAIL u32 
match ip dst $MAILSERVER flowid 1:11




#####################################
############ VIEMON02 ###############
#                                   #
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioVIEMON02 u32 
match ip src $VIEMON02/32 flowid 1:14
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioVIEMON02 u32 
match ip dst $VIEMON02/32 flowid 1:14

#####################################
######### Bulk / Default ############
#                                   #

tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioBULK u32 
match ip src 0.0.0.0/0 flowid 1:16
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioBULK u32 
match ip dst 0.0.0.0/0 flowid 1:16

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc