From: Michele Petrazzo - Unipex <michele.petrazzo@unipex.it>
To: "Mihamina Rakotomandimby (R12y)" <mihamina@lab.vectoris.fr>
Cc: netfilter@vger.kernel.org
Subject: Re: traffic shaping documentation
Date: Tue, 21 Apr 2009 13:29:38 +0200 [thread overview]
Message-ID: <49EDAE22.5030701@unipex.it> (raw)
In-Reply-To: <49ED88BD.4070406@lab.vectoris.fr>
Mihamina Rakotomandimby (R12y) wrote:
> Hi all,
Hi !
> I have a gateway on which I would like to implement traffic shapping
> based only on ports.
> The problem is HTTP traffic is so much that SSH connection to the
> remote servers I manage are slow.
>
> Therefore, I would like to give: - highest priority to SSH
> (INPUT/OUTPUT/FORWARD dport 22) - normal priority to others
> (INPUT/OUTPUT/FORWARD dport:FTP, SVN,...) - lowest priority to HTTP
> (dport 80 REDIRECTed INPUT on squid's 3128, OUTPUT dport 80)
>
Until here no problem.
> The perfect would be to shape it on the OUTPUT chain, because I would
> like also the shape affects my (Gateway) behaviour.
>
That is the normal behavior and the right place where do the
classification. There are also an implementation that works for incoming
and it's called imq, but I never use it.
> I am not asking for the direct solution, I am first asking if what I
> want: - is a good idea
Why not?
> - implementable
Yes, of course.
> - is documented in another place than lartc.org (which is good but
> too much big for my simple needs)
>
Yes. There is a lot of documentation and not a single place for "a copy
and paste for start to play"
For make your setup, I give you some tips for start to work:
for make the classification, you can use:
- iptables by port (simplest)
- iptables by l7 (l7-filter.sf.net)
after match the packets, use the CLASSIFY target (simplest from my point
of view), or the MARK one
OR
- tc filter for the same (classify by port/ip)
Now that you have look at the classification, it's time to prioritize,
so tc it's your friend.
A lot of shape queues can help you and, by me, htb it's one of the more
understandable that exists (http://luxik.cdi.cz/~devik/qos/htb/)
For a simple "copy and work" example with iptables, classify and tc I
post a message on the samba ml where I show I do to it, so take a look
here: http://tinyurl.com/dmdtuz
For all the other, I'm sorry, but lartc howto it's the unique source!
Michele
prev parent reply other threads:[~2009-04-21 11:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-21 8:50 traffic shaping documentation Mihamina Rakotomandimby (R12y)
2009-04-21 11:18 ` Julien Vehent
2009-04-21 13:26 ` SISINT BA
2009-04-21 14:09 ` Julien Vehent
2009-04-21 14:23 ` SISINT BA
2009-04-21 15:23 ` Julien Vehent
2009-04-21 11:29 ` Michele Petrazzo - Unipex [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49EDAE22.5030701@unipex.it \
--to=michele.petrazzo@unipex.it \
--cc=mihamina@lab.vectoris.fr \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.