From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?Ulrich_P=F6schl?= Date: Sun, 08 May 2005 14:27:30 +0000 Subject: [LARTC] tc/htb QoS script Message-Id: <427E21D2.8020101@wir-sind.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org hello folks, this is my first post to that list. so I hope I am not completely OT=20 here :-) reading the (excellent!) lartc and then writing my own qos-script I have=20 still some open questions which I will try to formulate now: - "Now we can optionally attach queuing disciplines to the leaf classes.=20 If none is specified the default is pfifo." - I can't find info about=20 Pfifo. is it the same as pfifo_fast? what happenes when I do not add queuing disciplines to the leaf classes?=20 only the filters? - can a class burst above the ceil-parameter when there is NO other=20 traffic on the line at that moment? - what happens when a packet passing trough the filters can be matched=20 by two filters? f.e. I have a "general" type of WWW-port 80 filter and=20 another WWW-port 80 filter to a certain subnet. is it like a cisco ACL?=20 the first hit is applied? - is hardware a criteria? i want to shape a pretty full 2048/2048 line=20 and use an old server with 2 NICs at the moment. 128 MB ram, but gnome=20 running.. :) could I create a bottleneck by doing so? - question concerning the script (below): it is quite simple. I want to filter any traffic going to an "SAP"=20 subnet. (where we have the SAP-system) and WWW as well as email i apply it to interface eth0 and eth1 (which are part of an ethernet=20 bridge br0). as there are all servers on one side of the bridge and I want it to be=20 "plug and play"-like I apply the same script to both interfaces. The setup is like this: [Manchester] (~250 Clients) ---> Transparent QoS-Bridge ----> ROUTER=20 -------- FR WAN 2 Mbit ------> [AT/Vienna] (Mailserver, Proxy, SAP) - and: will my script work as expected with that setup? :) thanks in advance and kind regards, Ulrich #!/bin/sh # ############ Configuration part ############## =20 DEVICE=3D$1 # interface (eth0 / eth1) Bandwidth 48kbit # rate of WAN - line / remember you can't ceil this=20 or you'll experience latency. 75-80% of ceil is a good place to start. rateSAP=1024kbit ceilSAP 48kbit prioSAP=3D1 rateEMAILQ2kbit ceilEMAILv8kbit prioEMAIL=3D3 rateWEBv8kbit ceilWEB=1024kbit prioWEB=3D2 rateBulkQ2kbit ceilBULKv8kbit prioBULK=3D4 rateVIEMON02Q2kbit ceilVIEMON02=800kbit prioVIEMON02=3D1 VIEMON02=3D"172.24.69.34" SAPNET=3D"172.24.64.0/24" PROXY=3D"172.24.69.21/32" MAILSERVER=3D"172.24.69.23/32" TCCLASS=3D"tc class add dev $DEVICE" TCQDISC=3D"tc qdisc add dev $DEVICE" ############ End of configuration part ############## ##################################### # Delete any old rules # tc qdisc del root dev $DEVICE # root qdisc / qdisc =3D queueing discipline # tc qdisc add dev $DEVICE root handle 1: htb default 16 # ceil hier eigentlich redundant - da es $TCCLASS parent 1: classid 1:1 htb rate $Bandwidth ceil $Bandwidth # child qdiscs (like child nodes on a tree) # $TCCLASS parent 1:1 classid 1:11 htb rate $rateEMAIL ceil $ceilEMAIL=20 prio $prioEMAIL $TCCLASS parent 1:1 classid 1:12 htb rate $rateSAP ceil $ceilSAP prio=20 $prioSAP $TCCLASS parent 1:1 classid 1:13 htb rate $rateWEB ceil $ceilWEB prio=20 $prioWEB $TCCLASS parent 1:1 classid 1:14 htb rate $rateVIEMON02 ceil=20 $ceilVIEMON02 prio $prioVIEMON02 $TCCLASS parent 1:1 classid 1:16 htb rate $rateBulk ceil $ceilBULK prio=20 $prioBULK ###########################################################################= ############################# # To continue let's add a pfifo queuing discipline to each of the=20 service classes; $TCQDISC parent 1:11 handle 110: pfifo limit 10 $TCQDISC parent 1:12 handle 120: pfifo limit 10 $TCQDISC parent 1:13 handle 130: pfifo limit 10 $TCQDISC parent 1:14 handle 140: pfifo limit 10 # BULK $TCQDISC parent 1:16 handle 160: sfq perturb 20 ###########################################################################= ############################# # Filter definitions for traffic matching ###########################################################################= ############################# ############### SAP ############## # all SAP-systems are in the same subnet - all traffic from/to that=20 subnet is business-critical tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match=20 ip src $SAPNET flowid 1:12 tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match=20 ip dst $SAPNET flowid 1:12 # A little tweaking.... :-) # match icmp echo request tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match=20 ip icmp_type 0x08 0xff flowid 1:12 # match icmp echo reply tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match=20 ip icmp_type 0x00 0xff flowid 1:12 ############### WEB ############### # Web-surfing only possible via $PROXY-Server tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 match=20 ip src $PROXY flowid 1:13 tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 match=20 ip dst $PROXY flowid 1:13 #tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32=20 match ip dport 80 flowid 1:13 ############### EMAIL ################ tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioEMAIL u32=20 match ip src $MAILSERVER flowid 1:11 tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioEMAIL u32=20 match ip dst $MAILSERVER flowid 1:11 ##################################### ############ VIEMON02 ############### # # tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioVIEMON02 u32=20 match ip src $VIEMON02/32 flowid 1:14 tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioVIEMON02 u32=20 match ip dst $VIEMON02/32 flowid 1:14 ##################################### ######### Bulk / Default ############ # # tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioBULK u32=20 match ip src 0.0.0.0/0 flowid 1:16 tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioBULK u32=20 match ip dst 0.0.0.0/0 flowid 1:16 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc