* [LARTC] Lamer needs help for basic tc setup
@ 2005-06-10 6:21 Geri Fehringer
2005-06-16 0:56 ` Andy Furniss
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Geri Fehringer @ 2005-06-10 6:21 UTC (permalink / raw)
To: lartc
Hi fellows,
i'm just a newbie to use the cool tc and played around
the last 2 weeks.
I'm quite confident - in theory - what's possible and
the basic difference
between the queuing disciplines.
We're using a Fedora Core 3 box as Gateway
(iptables,tc,iproute2 with NAT).
Clients are coming in via eth1 and outgouing traffic
(2Mbit/s SDSL) through
eth0.
So we would like to enable bandwidth limitation
per-user, so i just used
several scripts (htp from sourceforge,cbq.init
,wondershaper etc).
(Each client: Downstream max 128kbit/s, Upstream max
90kbit/s)
Shaping is working fine if i mark this specific source
with a iptables
rule, but as soon i apply multiple different source
ip's to mark it within
the same queue, all are sharing my limitation and i
thought each of them
will get the rate-limiting.
Example firewall rule:
$IPTABLES -t mangle -A FORWARD -s ! 10.0.0.30 -d
10.0.0.30 -j MARK --set-mark 1 #downstream
$IPTABLES -t mangle -A FORWARD -s 10.0.0.30 -j MARK
--set-mark 2 #upstream
I also tried the u23 matching within tc, but same
effect, i'm also not
sure if i can use this kind of matching in a nat
environment ?
I'm really done, no ideas what i'm doing wrong !
BTW: Anyone using tcng on FC3 and kernel 2.6x :-)
My tc output:
*************
### eth0: queueing disciplines
qdisc cbq 1: rate 2Mbit (bounded,isolated) prio
no-transmit
qdisc tbf 90: parent 1:90 rate 90Kbit burst 10Kb lat
444.4ms
### eth0: traffic classes
class cbq 1: root rate 2Mbit (bounded,isolated) prio
no-transmit
class cbq 1:90 parent 1: leaf 90: rate 90Kbit
(bounded) prio 5
class tbf 90:1 parent 90:
### eth0: filtering rules
filter parent 1: protocol ip pref 200 fw
filter parent 1: protocol ip pref 200 fw handle 0x2
classid 1:90
### eth1: queueing disciplines
qdisc cbq 1: rate 10Mbit (bounded,isolated) prio
no-transmit
qdisc tbf 128: parent 1:128 rate 128Kbit burst 10Kb
lat 312.5ms
### eth1: traffic classes
class cbq 1: root rate 10Mbit (bounded,isolated) prio
no-transmit
class cbq 1:128 parent 1: leaf 128: rate 128Kbit
(bounded) prio 5
class tbf 128:1 parent 128:
### eth1: filtering rules
filter parent 1: protocol ip pref 200 fw
filter parent 1: protocol ip pref 200 fw handle 0x1
classid 1:128
### eth2: queueing disciplines
qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1
1 1 1 1 1 1 1
THANKS for any hints
Cheers
Geri
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] Lamer needs help for basic tc setup
2005-06-10 6:21 [LARTC] Lamer needs help for basic tc setup Geri Fehringer
@ 2005-06-16 0:56 ` Andy Furniss
2005-06-16 4:45 ` Dariusz Dwornikowski
2005-06-16 19:51 ` Andy Furniss
2 siblings, 0 replies; 4+ messages in thread
From: Andy Furniss @ 2005-06-16 0:56 UTC (permalink / raw)
To: lartc
Geri Fehringer wrote:
> Hi fellows,
>
>
> i'm just a newbie to use the cool tc and played around
> the last 2 weeks.
>
> I'm quite confident - in theory - what's possible and
> the basic difference
> between the queuing disciplines.
>
> We're using a Fedora Core 3 box as Gateway
> (iptables,tc,iproute2 with NAT).
> Clients are coming in via eth1 and outgouing traffic
> (2Mbit/s SDSL) through
> eth0.
>
> So we would like to enable bandwidth limitation
> per-user, so i just used
> several scripts (htp from sourceforge,cbq.init
> ,wondershaper etc).
> (Each client: Downstream max 128kbit/s, Upstream max
> 90kbit/s)
>
> Shaping is working fine if i mark this specific source
> with a iptables
> rule, but as soon i apply multiple different source
> ip's to mark it within
> the same queue, all are sharing my limitation and i
> thought each of them
> will get the rate-limiting.
You need to have a seperate class and mark for each user
> I also tried the u23 matching within tc, but same
> effect,
When doing NAT u32 will work for downloads shaped on the lan facing
interface but not for uploads on the wan interface you need to
mark/classify.
> qdisc cbq 1: rate 2Mbit (bounded,isolated) prio
> no-transmit
I would use htb with a class for each user - It would probably be nicer
to seperate interactive traffic out from bulk aswell - depends on how
many users share the bandwidth really.
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Lamer needs help for basic tc setup
2005-06-10 6:21 [LARTC] Lamer needs help for basic tc setup Geri Fehringer
2005-06-16 0:56 ` Andy Furniss
@ 2005-06-16 4:45 ` Dariusz Dwornikowski
2005-06-16 19:51 ` Andy Furniss
2 siblings, 0 replies; 4+ messages in thread
From: Dariusz Dwornikowski @ 2005-06-16 4:45 UTC (permalink / raw)
To: lartc
[-- Attachment #1.1: Type: text/plain, Size: 651 bytes --]
>
> When doing NAT u32 will work for downloads shaped on the lan facing
> interface but not for uploads on the wan interface you need to
> mark/classify.
>
>
is it necessary to mark every ip with separate mark ?
all clients in my net have the same speed, can i mark them all with for example : 10 ?
--
*Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl |
*[JID]:tdi@gentoo.pl|[gg]:2266034|[IRC]:#gentoo-pl@freenode |
*[MAIL]:tdi@pozman.pl|[WWW]:www.tdi.pozman.pl |
*Serwery,administracja,webapps - www.ProAdmin.com.pl |
*Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F |
[-- Attachment #1.2: Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Lamer needs help for basic tc setup
2005-06-10 6:21 [LARTC] Lamer needs help for basic tc setup Geri Fehringer
2005-06-16 0:56 ` Andy Furniss
2005-06-16 4:45 ` Dariusz Dwornikowski
@ 2005-06-16 19:51 ` Andy Furniss
2 siblings, 0 replies; 4+ messages in thread
From: Andy Furniss @ 2005-06-16 19:51 UTC (permalink / raw)
To: lartc
Dariusz Dwornikowski wrote:
>>When doing NAT u32 will work for downloads shaped on the lan facing
>>interface but not for uploads on the wan interface you need to
>>mark/classify.
>>
>>
>
>
> is it necessary to mark every ip with separate mark ?
> all clients in my net have the same speed, can i mark them all with for example : 10 ?
You said per user in the first post so they each need to have their own
class and if you use mark they will need one each.
You could use iptables CLASSIFY instead of mark - you wouldn't need a
filter for each attached to the queue then - just create a class for
each with the same classid (You can sort of do the same thing with marks
and htb).
There is also a netfilter pom-ng patch called IPMARK which will mark
things a bit more efficiently if you have loads of addresses to do.
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-06-16 19:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-10 6:21 [LARTC] Lamer needs help for basic tc setup Geri Fehringer
2005-06-16 0:56 ` Andy Furniss
2005-06-16 4:45 ` Dariusz Dwornikowski
2005-06-16 19:51 ` Andy Furniss
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.