All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] refining my rules
@ 2005-11-27  1:06 nix4me
  2005-11-27 10:05 ` Andreas Klauer
  0 siblings, 1 reply; 2+ messages in thread
From: nix4me @ 2005-11-27  1:06 UTC (permalink / raw)
  To: lartc

Hi,
I am currently using the following script to shape traffic on my linux 
box.  I am getting ready to move the script to my linux firewall box so 
it shapes traffic for my home lan.  I am looking to refine my rules a 
bit so to make bandwidth sharing a bit more efficient.

Specifically I am looking to give out bound email more priority so that 
when a large email is sent, I want it to borrow all of the ftp 
bandwidth.  For some reason it only borrows some of the bandwidth but 
not all.

Here is my script:
#!/bin/bash
#shaping passive and active outbound ftp traffic on an internal computer 
without affecting inbound and lan speed

# mark the outbound passive ftp packets on ports 50000-51000
iptables -t mangle -D OUTPUT -o eth0 -j MYSHAPER-OUT 2> /dev/null > 
/dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I OUTPUT -o eth0 -j MYSHAPER-OUT
# mark packets: 20 is lan traffic, 26 is active ftp and passive ftp, 30 
is ACK for downloads, 35 is email
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 59999 -j MARK 
--set-mark 26
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK 
--set-mark 26
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK 
--set-mark 30
iptables -t mangle -A MYSHAPER-OUT -m tcp -p tcp --dport 25 -j MARK 
--set-mark 35
# clear it
tc qdisc del dev eth0 root

#add the root qdisk
tc qdisc add dev eth0 root handle 1: htb default 20

#add main rate limit class
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit

#add leaf classes, 1:2 is lan, 1:3 is outbound max
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 100mbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 40kbps
# 1:31 is ftp with lower prio, 1:32 is ACk AND email higher prio
tc class add dev eth0 parent 1:3 classid 1:31 htb rate 20kbps ceil 
40kbps prio 2
tc class add dev eth0 parent 1:3 classid 1:32 htb rate 20kbps ceil 
40kbps prio 1

#filter traffic into classes
tc filter add dev eth0 parent 1:0  prio 0 protocol ip handle 20 fw 
flowid 1:2
tc filter add dev eth0 parent 1:0  prio 0 protocol ip handle 26 fw 
flowid 1:31
tc filter add dev eth0 parent 1:0  prio 0 protocol ip handle 30 fw 
flowid 1:32
tc filter add dev eth0 parent 1:0  prio 0 protocol ip handle 35 fw 
flowid 1:32

Any comments would be greatly appreciated,
Mark
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] refining my rules
  2005-11-27  1:06 [LARTC] refining my rules nix4me
@ 2005-11-27 10:05 ` Andreas Klauer
  0 siblings, 0 replies; 2+ messages in thread
From: Andreas Klauer @ 2005-11-27 10:05 UTC (permalink / raw)
  To: lartc

On Sunday 27 November 2005 02:06, nix4me wrote:
> #add main rate limit class
> tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit

In a 100mbit network, the full 100mbit can only be reached under optimal 
conditions (I don't know what they are though), so I suggest you measure 
the actual throughput your network can reach and use this as rate, or just 
use a slightly lower value here.

> #add leaf classes, 1:2 is lan, 1:3 is outbound max
> tc class add dev eth0 parent 1:1 classid 1:2 htb rate 100mbit

If you give the LAN class the full parent class rate, you've got two 
problems. First, your parent class will already be fully booked. There is 
nothing left for the other classes, and HTB will have to cheat somehow to 
distribute bandwidth now, which may lead to unexpected results. Second, if 
you got a lot of LAN traffic between the router and other machines 
(fileserver etc.), this traffic can take up the whole line and interfere 
with your internet traffic. So in my opinion the rate of the LAN class 
should be the rate of the parent class minus the rate(s) of your internet 
class(es).

> tc class add dev eth0 parent 1:1 classid 1:3 htb rate 40kbps
> # 1:31 is ftp with lower prio, 1:32 is ACk AND email higher prio
> tc class add dev eth0 parent 1:3 classid 1:31 htb rate 20kbps ceil
> 40kbps prio 2
> tc class add dev eth0 parent 1:3 classid 1:32 htb rate 20kbps ceil
> 40kbps prio 1

You don't have any internet traffic other than ftp and email?

Regards,
Andreas Klauer
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-11-27 10:05 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-27  1:06 [LARTC] refining my rules nix4me
2005-11-27 10:05 ` Andreas Klauer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.