All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Gareth Glaccum" <verycoldpenguin@hotmail.com>
To: lartc@vger.kernel.org
Subject: [LARTC] tcng/tc setup
Date: Wed, 14 Jul 2004 09:54:40 +0000	[thread overview]
Message-ID: <BAY14-F12EVGmEUv9cM00099fe7@hotmail.com> (raw)

Hi all,
Can someone please help with a tcng setup? I have played with tc and tcng in 
the past, and now would like to get some serious rules in place. However, I 
have a difficulty in setting them up.

My setup is as follows:
One machine working as a firewall:
eth0 is the interface connected to a 512K DSL line
eth1 is connected to a LAN
eth2 is connected to another LAN, a bit like a DMZ

eth1 and 2 are totaly different subnets, 10.1.1.x and 10.2.1.x both class B, 
(sorry, this is a system I inherited, I am slowly getting ready to collapse 
it all to class C).

I wanted to set the following rules:
High priority data needs to be some ssh from 10.1.1.x/16 (all) to external 
IPs.
Priority is to be given to data going to 10.1.1.x/16 over the DMZ data.
Input is 55KB/s, output is 25KB/s

To the DMZ from the LAN, there should be no throttling.
To the LAN from the DMZ, there should be no throttling. (100Mbs/s)
SSH data should be given priority over HTTP
SMTP should be given priority over HTTP
HTTP is given priority over anything else
Interfaces,
eth0,
512Kb/s input, 256 Kb/s output
eth1, 100Mb/s each way
eth2, 100Mb/s each way

And I wrote out some rules. These rules seem to be correct, as far as I can 
tell, but I stupidly forgot that this is all egress, and it cannot be done 
as easily with ingress. Can someone please help by showing me how I can 
modify these to give me control over the bandwidth in (albeit limited) as 
well as out? Also could someone explain how I can easily write flows to test 
all of the possible traffic I might be experiencing?
My aim is, that any normal ssh to any machine, whether comming from the DMZ 
to the internet, or from the LAN to the internet, should get at least 2KB/s 
low-latency traffic each, even if other machines or other connections are 
being made in the background.
I am wondering whether my first qdisc should infact be an SFQ and then HTBs 
below it?
All help will be gratefully received.
Thank you,
Gareth

----- Start long probably incorrect tcng code (I have left out the ingress 
code I had, because it didn't work at all, and I didn't understand any of 
it)
#define INTERNET eth0
#define LAN eth1
#define DMZ eth2

#define INTERNET_IP 0.0.0.0/0
#define DMZ_IP 10.2.1.0/16
#define LAN_IP 10.1.1.0/16

#define maxadsl 600kbps/2
#define highadsl 500kbps/2
#define medadsl 400kbps/2
#define midadsl 300kbps/2
#define lowadsl 200kbps/2
#define intadsl 150kbps/2
#define vloadsl 100kbps/2
#define noadsl 50kbps/2

dev INTERNET {

$meter = trTCM( cir 128kbps, cbs 10kB, pir 200kbps, pbs 10 kB );
	egress {
		class(<$lanssh>)
			if tcp_sport = 22 || tcp_dport = 22
			if ip_src = LAN_IP || ip_dst = LAN_IP;
		class(<$dmzssh>)
			if tcp_sport = 22 || tcp_dport = 22
			if ip_src = DMZ_IP || ip_dst = DMZ_IP;
		class(<$ssh>)
			if tcp_sport = 22 || tcp_dport = 22
			if ip_tos_delay=1 ;
		class(<$smtp>)
			if tcp_sport = 25 || tcp_dport = 25;
		class(<$lanhttp>)
			if tcp_sport = 80 || tcp_dport = 80
			if ip_src = LAN_IP || ip_dst = LAN_IP;
		class(<$dmzhttp>)
			if tcp_sport = 80 || tcp_dport = 80
			if ip_src = DMZ_IP || ip_dst = DMZ_IP;
		class(<$http>)
			if tcp_sport = 80 || tcp_dport = 80;
		class(<$othermed>)
			if trTCM_green( $meter);
		class(<$otherslow>)
			if trTCM_yellow( $meter);
		drop if trTCM_red ( $meter);
		class(<$otherslow>) if 1;
		drop if 1;



		htb(){
			class ( rate maxadsl, ceil maxadsl){
				$ssh = class ( rate medadsl, ceil highadsl) {
					$lanssh = class ( rate midadsl , ceil medadsl){ sfq ( perturb 10 sec 
);};
					$dmzssh = class (rate vloadsl, ceil lowadsl){ sfq ( perturb 10 sec );};
				};
				$smtp = class ( rate midadsl, ceil highadsl) {sfq ( perturb 10 sec );};
				$http = class ( rate lowadsl, ceil highadsl) {
					$lanhttp = class (rate lowadsl , ceil highadsl) {sfq ( perturb 10 sec 
);};
					$dmzhttp = class (rate lowadsl, ceil highadsl) {sfq ( perturb 10 sec 
);};
				};
				$othermed = class ( rate lowadsl, ceil medadsl) {sfq ( perturb 10 sec 
);};
				$otherslow = class ( rate noadsl, ceil intadsl) {sfq ( perturb 10 sec 
);};
			}
		}
	}

}

_________________________________________________________________
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

             reply	other threads:[~2004-07-14  9:54 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-14  9:54 Gareth Glaccum [this message]
2004-07-14 15:00 ` [LARTC] tcng/tc setup Jason Boxman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BAY14-F12EVGmEUv9cM00099fe7@hotmail.com \
    --to=verycoldpenguin@hotmail.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.