* [LARTC] Sharing a DSL between 40 subnets with htb
@ 2006-01-07 8:15 Flemming Frandsen
2006-01-08 18:08 ` Flemming Frandsen
2006-01-08 21:16 ` Andy Furniss
0 siblings, 2 replies; 3+ messages in thread
From: Flemming Frandsen @ 2006-01-07 8:15 UTC (permalink / raw)
To: lartc
I have a network with around 40 /24 subnets that shares a common DSL,
this cries out for shaping so here I am trying to make it work as my
first tc project.
I have managed to cargocult some snippets from this list and tried to
come up with a config, but there are a few things that I'd really like
some input on:
1) Are the NAT'ed addresses available in the PREROUTING table of eth0?
2) If not then can I have the iptable --set-mark stuff in the tables
for one interface and use the mark in tc on another interface?
3) Is it possible to filter on the routing table in stead of the
--set-mark? so all traffic going to a certain router gets
filtered into the same htb?
4) Does this look at all sane?
Note: I didn't generate the 40 classes for this example.
#!/bin/sh -x
#This is a generated traffic shaper script that is supposed to evenly
#share out a common DSL line between a number of subnets on:
#eth0: The DSL line.
#eth1: The 10.48.0.0/12 net, which contains 20 user subnets.
#eth2: The 10.16.0.0/12 net, which contains the server net.
#ath0: The 10.32.0.0/12 net, which contains 20 user subnets.
#Root htb that all the traffic is going to go through:
tc qdisc add dev eth0 root handle 1: htb default 0x42
tc class add dev eth0 parent 1: classid 1:1 htb rate 700kbit burst 6k
#Default class for everything not matched by the firewall rules:
tc class add dev eth0 parent 1:1 classid 1:42 htb rate 600kbit\
burst 15k prio 0
tc qdisc add dev eth0 parent 1:42 handle 42: sfq perturb 20
#Have the bucket that traffic gets dropped into
#be determined by the firewall mark
#btw: --set-mark 0xbabeface maps to class id babe:face
tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw
#Start the table for classifying traffic:
iptables -t mangle -N to-dsl
#Hook up the classification table to the interface
iptables -t mangle -A PREROUTING -o eth0 -j to-dsl
#Here are all the buckets for the user subnets
#Adding subnet: 10.16.0.0/24
iptables -t mangle -A to-dsl -s 10.16.0.0/24\
-j MARK --set-mark 0x11000
tc class add dev eth0 parent 1:1 classid 1:1000\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:1000 sfq perturb 20
#Adding subnet: 10.32.0.0/24
iptables -t mangle -A to-dsl -s 10.32.0.0/24\
-j MARK --set-mark 0x12000
tc class add dev eth0 parent 1:1 classid 1:2000\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:2000 sfq perturb 20
#Adding subnet: 10.32.1.0/24
iptables -t mangle -A to-dsl -s 10.32.1.0/24\
-j MARK --set-mark 0x12001
tc class add dev eth0 parent 1:1 classid 1:2001\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:2001 sfq perturb 20
#Adding subnet: 10.32.2.0/24
iptables -t mangle -A to-dsl -s 10.32.2.0/24\
-j MARK --set-mark 0x12002
tc class add dev eth0 parent 1:1 classid 1:2002\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:2002 sfq perturb 20
#Adding subnet: 10.32.3.0/24
iptables -t mangle -A to-dsl -s 10.32.3.0/24\
-j MARK --set-mark 0x12003
tc class add dev eth0 parent 1:1 classid 1:2003\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:2003 sfq perturb 20
#Adding subnet: 10.48.0.0/24
iptables -t mangle -A to-dsl -s 10.48.0.0/24\
-j MARK --set-mark 0x13000
tc class add dev eth0 parent 1:1 classid 1:3000\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:3000 sfq perturb 20
#Adding subnet: 10.48.1.0/24
iptables -t mangle -A to-dsl -s 10.48.1.0/24\
-j MARK --set-mark 0x13001
tc class add dev eth0 parent 1:1 classid 1:3001\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:3001 sfq perturb 20
#Adding subnet: 10.48.2.0/24
iptables -t mangle -A to-dsl -s 10.48.2.0/24\
-j MARK --set-mark 0x13002
tc class add dev eth0 parent 1:1 classid 1:3002\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:3002 sfq perturb 20
#Adding subnet: 10.48.3.0/24
iptables -t mangle -A to-dsl -s 10.48.3.0/24\
-j MARK --set-mark 0x13003
tc class add dev eth0 parent 1:1 classid 1:3003\
htb rate 600kbit burst 15k prio 10
tc qdisc add dev eth0 parent 1:3003 sfq perturb 20
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [LARTC] Sharing a DSL between 40 subnets with htb
2006-01-07 8:15 [LARTC] Sharing a DSL between 40 subnets with htb Flemming Frandsen
@ 2006-01-08 18:08 ` Flemming Frandsen
2006-01-08 21:16 ` Andy Furniss
1 sibling, 0 replies; 3+ messages in thread
From: Flemming Frandsen @ 2006-01-08 18:08 UTC (permalink / raw)
To: lartc
gypsy wrote:
> I recommend that you look here. It may not be what you want, but it
> certainly is worth checking out even if it turns out not to be your
> answer: http://www.shurdix.org/
I'm not going to change the entire OS just to get the traffic shaping
set up and the traffic shaper in shuredix does shaping pr. ip (which is
not what I want) .
However, shurdix does use the imq to do ingres shaping (aka policing)
and that's a neat trick that had somehow escaped my attention, so thanks
for the hint.
Someone really ought to start a LARTC cookbook wiki to go with the LARTC
howto.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Sharing a DSL between 40 subnets with htb
2006-01-07 8:15 [LARTC] Sharing a DSL between 40 subnets with htb Flemming Frandsen
2006-01-08 18:08 ` Flemming Frandsen
@ 2006-01-08 21:16 ` Andy Furniss
1 sibling, 0 replies; 3+ messages in thread
From: Andy Furniss @ 2006-01-08 21:16 UTC (permalink / raw)
To: lartc
Flemming Frandsen wrote:
> I have a network with around 40 /24 subnets that shares a common DSL,
> this cries out for shaping so here I am trying to make it work as my
> first tc project.
>
> I have managed to cargocult some snippets from this list and tried to
> come up with a config, but there are a few things that I'd really like
> some input on:
>
> 1) Are the NAT'ed addresses available in the PREROUTING table of eth0?
eth0 doesn't have a prerouting table everything coming in from anywhere
hits prerouting. If eth0 is WAN then packets coming in will still have
real ip addresses in PREROUTING.
>
> 2) If not then can I have the iptable --set-mark stuff in the tables
> for one interface and use the mark in tc on another interface?
Yes tables are not device specific.
>
> 3) Is it possible to filter on the routing table in stead of the
> --set-mark? so all traffic going to a certain router gets
> filtered into the same htb?
You could use tc filters on ip/dst mac etc
> #Have the bucket that traffic gets dropped into
> #be determined by the firewall mark
> #btw: --set-mark 0xbabeface maps to class id babe:face
> tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw
Don't think you need handle 1 here.
>
> #Hook up the classification table to the interface
> iptables -t mangle -A PREROUTING -o eth0 -j to-dsl
Out dev isn't known in prerouting.
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-01-08 21:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-07 8:15 [LARTC] Sharing a DSL between 40 subnets with htb Flemming Frandsen
2006-01-08 18:08 ` Flemming Frandsen
2006-01-08 21:16 ` Andy Furniss
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.