From: Jonathan Gazeley <jonathan.gazeley@bristol.ac.uk>
To: lartc@vger.kernel.org
Subject: [LARTC] Re: tc n00b
Date: Mon, 30 Jul 2007 13:16:22 +0000 [thread overview]
Message-ID: <46ADE4A6.1020808@bristol.ac.uk> (raw)
In-Reply-To: <20070730121432.GB30519@toroid.org>
[-- Attachment #1: Type: text/plain, Size: 2219 bytes --]
Hi Abhijit,
Thanks a lot for your advice - I didn't realise that the source IP was
re-written before the traffic was shaped.
I have attached the script I wrote. As I said before, the download limit
does successfully work and each client (I am using 2 test clients) gets
512kbit each. However the upload is still unlimited. But I don't believe
this is currently due to the source IP being re-written - tc itself
doesn't like my commands. They were literally copied and pasted from the
download commands and altered as appropriate, as you see in the script.
When I run this script, for each iteration of lines 48-49 produces the
following error:
137.222.235.125
Error: Qdisc "tbf" is classless.
Error: Qdisc "1:" is classless.
Unknown filter "1:", hence option "protocol" is unparsable
I don't really understand that error - especially as the identical code
does work for the download limits. If you can offer any more help, I'd
be most grateful.
Cheers,
Jonathan
Abhijit Menon-Sen wrote:
> Hello Jonathan.
>
> At 2007-07-30 12:40:00 +0100, jonathan.gazeley@bristol.ac.uk wrote:
>
>> So far I have managed to get the download limits working. However I
>> need to shape on both interfaces so I recycled the same code to apply
>> to uploads but it didn't work and I can't figure out why
>>
>
> That's not really enough information to try to debug your problem, but I
> can think of one problem you might encounter. Since you're doing NAT for
> your clients, you should be aware that the source address is rewritten
> (i.e. in nat/POSTROUTING) _before_ egress QoS processing.
>
> So if you're trying to classify outgoing traffic based on their source
> IP address, it won't work.
>
> One alternative is to mark packets from the internal network (i.e. use
> -J MARK --set-mark N in mangle/PREROUTING), and write a filter on the
> outgoing interface that assigns traffic to classes based on how it's
> marked (u32 match mark ...). (If you want more details, ask.)
>
> (If anyone has other suggestions, I would be interested in them too.)
>
> -- ams
>
--
------------------------
Jonathan Gazeley
Wireless & VPN Team
Information Systems & Computing
University of Bristol
------------------------
[-- Attachment #2: newtcscript.sh --]
[-- Type: text/plain, Size: 1618 bytes --]
#!/bin/sh
## JONATHAN'S TC SCRIPT
# LAN interfaces
LAN=eth0
WAN=eth1
# Maximum global uplink and downlink in mbit/s
GLOBAL_DOWN=100
GLOBAL_UP=100
# Maximum per-user download & upload speed in kbit/s
DOWNLINK=512
UPLINK=256
# Subnets to be stamped down upon, delimited by spaces
SUBNETS='235'
# IP range in each subnet
LOW_IP=1
HIGH_IP=125
#-----------------Don't mess with stuff below---------------|
#-----------------this line or you'll break it--------------|
# Flush existing rules
tc qdisc del dev $LAN root
tc qdisc del dev $WAN root
# Create root class for 100mbit interface - total traffic can't exceed this
tc qdisc add dev $LAN root handle 1: cbq avpkt 1000 bandwidth ${GLOBAL_DOWN}mbit
tc qdisc add dev $WAN root handle 1: cbq avpkt 1000 bandwidth ${GLOBAL_UP}mbit
# Set useful counters
jcount=1
icount=1
total=0
# Apply rules for all included subnets
for j in $SUBNETS
do
for i in `seq $LOW_IP $HIGH_IP`
do
total=$((total+1))
echo 137.222.$j.$i
tc class add dev $LAN parent 1: classid 1:$total tbf rate ${DOWNLINK}kbit allot 1500 prio 5 bounded isolated
tc filter add dev $LAN parent 1: protocol ip prio 16 u32 match ip dst 137.222.$j.$i flowid 1:$total
tc class add dev $wAN parent 1: classid 1:$total tbf rate ${UPLINK}kbit allot 1500 prio 5 bounded isolated
tc filter add dev $wAN parent 1: protocol ip prio 16 u32 match ip src 137.222.$j.$i flowid 1:$total
i=i+1
done
j=j+1
done
echo
echo $total miscreants were stamped down upon. Good work Pokey!
echo Their IP addresses were in the following ranges:
for j in $SUBNETS
do
echo 137.222.$j.$LOW_IP-$HIGH_IP
done
[-- Attachment #3: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2007-07-30 13:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-30 12:26 [LARTC] Re: tc n00b Abhijit Menon-Sen
2007-07-30 13:16 ` Jonathan Gazeley [this message]
2007-07-30 13:36 ` Jonathan Gazeley
2007-07-30 13:38 ` Abhijit Menon-Sen
2007-07-30 13:55 ` Abhijit Menon-Sen
2007-07-30 13:58 ` Jonathan Gazeley
2007-07-30 14:10 ` Martin Milata
2007-07-31 7:59 ` Nikolay Kichukov
2007-07-31 9:37 ` Jonathan Gazeley
2007-07-31 10:00 ` Nikolay Kichukov
2007-07-31 10:08 ` Jonathan Gazeley
2007-07-31 11:24 ` Nikolay Kichukov
2007-07-31 14:33 ` Nikolay Kichukov
2007-08-03 15:11 ` Jonathan Gazeley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46ADE4A6.1020808@bristol.ac.uk \
--to=jonathan.gazeley@bristol.ac.uk \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.