* [LARTC] limiting bandwidth to one IP
@ 2001-12-23 16:49 Carles Pina i Estany
2001-12-23 19:49 ` Stef Coene
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Carles Pina i Estany @ 2001-12-23 16:49 UTC (permalink / raw)
To: lartc
Hi,
I am testing tc and company tools :-)
I have an ADSL with three interfaces (one to ADSL router, one to one net
and another one to another net).
I am trying to limit the download from Internet to one computer.
I try it (and some variations...):
tc qdisc add dev eth1 root handle 1: cbq bandwidth 256kbit allot 1514 cell
8 avpkt 1000 mpu 64
(eth1 is the interface where computer that I want to limit is connected)
tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 256kbit rate
128kbit weight 12kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded
256 is my bandwidth (to download)
128 is the bandwidth that I want to this computer
12kbit I don't know ¿?...
bounded is to test, only
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst
192.168.0.5 flowid 1:1
But the computer is receiving more than 128kbit.
If I try:
tc qdisc add dev eth1 root tbf rate 128kbit latency 50ms burst 1540
Works fine, but I am limiting the whole network (I don't want it)
thank you very much for your attention.
And excuse me my bad English.
----
Carles Pina i Estany | Nick: Pinux / Pine / Teufeus
E-Mail: carles.pina@salleURL.edu / is08139@salleURL.edu / cpina@cat-linux.com
http://www.salleURL.edu/~is08139/
Vendo teléfono militar. También marca el paso
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] limiting bandwidth to one IP
2001-12-23 16:49 [LARTC] limiting bandwidth to one IP Carles Pina i Estany
@ 2001-12-23 19:49 ` Stef Coene
2001-12-23 21:28 ` Stef Coene
2001-12-24 12:17 ` Jerome Petazzoni
2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2001-12-23 19:49 UTC (permalink / raw)
To: lartc
On Sunday 23 December 2001 19:06, Carles Pina i Estany wrote:
> Hi,
>
> I am testing tc and company tools :-)
>
> I have an ADSL with three interfaces (one to ADSL router, one to one net
> and another one to another net).
>
> I am trying to limit the download from Internet to one computer.
>
> I try it (and some variations...):
>
> tc qdisc add dev eth1 root handle 1: cbq bandwidth 256kbit allot 1514 cell
> 8 avpkt 1000 mpu 64
Bandwith must be the real bandwith of the NIC. Usual 10 or 100 mbit.
> (eth1 is the interface where computer that I want to limit is connected)
>
> tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 256kbit rate
> 128kbit weight 12kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000
> bounded
>
> 256 is my bandwidth (to download)
> 128 is the bandwidth that I want to this computer
> 12kbit I don't know ¿?...
> bounded is to test, only
>
> tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip dst
> 192.168.0.5 flowid 1:1
>
> But the computer is receiving more than 128kbit.
> If I try:
>
> tc qdisc add dev eth1 root tbf rate 128kbit latency 50ms burst 1540
> Works fine, but I am limiting the whole network (I don't want it)
What you want to do is easy. But you are using the wrong commands. I have
some working scripts. You can find them on www.docum.org.
But I advise you to use the htb qdisc. Much easier to set up and to
understand. Again, more information on www.docum.org. If you really want to
use CBQ, I can give you more information. Just leave a message on the
mailing list.
Stef
--
stef.coene@docum.org
More QOS info : http://www.docum.org/
Title : "Using Linux as bandwidth manager"
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] limiting bandwidth to one IP
2001-12-23 16:49 [LARTC] limiting bandwidth to one IP Carles Pina i Estany
2001-12-23 19:49 ` Stef Coene
@ 2001-12-23 21:28 ` Stef Coene
2001-12-24 12:17 ` Jerome Petazzoni
2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2001-12-23 21:28 UTC (permalink / raw)
To: lartc
> > Bandwith must be the real bandwith of the NIC. Usual 10 or 100 mbit.
>
> ok
>
> > What you want to do is easy. But you are using the wrong commands. I
> > have some working scripts. You can find them on www.docum.org.
>
> Ok, I have looked now...
>
> > But I advise you to use the htb qdisc. Much easier to set up and to
> > understand. Again, more information on www.docum.org. If you really
> > want to use CBQ, I can give you more information. Just leave a message
> > on the mailing list.
>
> I have seen htb qdisc. But I see that it isn't in standard Kernel. I would
> use standard kernel because (for various reasons). If I have time I will
> test htb qdisc.
>
> Now my script works (with the help of your webpage):
>
> DEV="dev eth1"
> OPTION="allot 1514 maxburst 20 avpkt 1000 prio 3"
> tc qdisc add $DEV root handle 10: cbq bandwidth 10mbit avpkt 1000
> tc class add $DEV parent 10:0 classid 10:2 cbq bandwidth 10mbit rate \
> $2kbit $OPTION bounded
>
> tc filter add dev eth1 parent 10: protocol ip prio 1 u32 match ip \
> dst 192.168.0.5 flowid 10:2
>
> But now I would like limit the bandwidth that 192.168.0.5 is sending.
>
> I cannot change dst for src, I think, because I am doing NAT and I think
> that when the paquet traverse "tc filter bla bla bla" has IP of the
> firewall machine. Then I have to do with iptables and mangle table? But
> this table only has PREROUTING and OUTPUT:
>
>
> cpie:~/tc# iptables -L -t mangle | grep Chain
> Chain PREROUTING (policy ACCEPT)
> Chain OUTPUT (policy ACCEPT)
>
> I suppose that I can mark paquets in PREROUTING Chain before the IP is
> masqueraded. I will test.
Indeed. You can not use the u32 filter but you will need the fw filter in
conjuction with iptables if you do SNAT.
>
> Thank you very much for your attention.
You can makt it easier to understand for us if you (try) to draw a small
ASCII picture of your setup.
Stef
--
stef.coene@docum.org
More QOS info : http://www.docum.org/
Title : "Using Linux as bandwidth manager"
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 4+ messages in thread* RE: [LARTC] limiting bandwidth to one IP
2001-12-23 16:49 [LARTC] limiting bandwidth to one IP Carles Pina i Estany
2001-12-23 19:49 ` Stef Coene
2001-12-23 21:28 ` Stef Coene
@ 2001-12-24 12:17 ` Jerome Petazzoni
2 siblings, 0 replies; 4+ messages in thread
From: Jerome Petazzoni @ 2001-12-24 12:17 UTC (permalink / raw)
To: lartc
> I am testing tc and company tools :-)
> I am trying to limit the download from Internet to one computer.
you might be interested by my bytelimit patch, so I'll do some more
advertistement for it ... :-)
it is a netfilter (iptables) match allowing to do traffic shaping, like
the "limit" match but in bytes/second instead of packets/second. it's
as simple as :
iptables -A FORWARD -d 192.168.23.45 -m bytelimit --rate 10000 -j DROP
this will limit 192.168.23.45 to 10000 bytes/second . every packet
"out of quota" will be dropped.
the patch is at http://etudiant.univ-mlv.fr/~jpetazzo/bytelimit.tgz
feel free to contact me for more info/help about the patch.
Jerome Petazzoni <skaya at enix dot org>
--
Whoever had created humanity had left in a major design flaw. It was its
tendency to bend at the knees.
(Feet of Clay)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2001-12-24 12:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-12-23 16:49 [LARTC] limiting bandwidth to one IP Carles Pina i Estany
2001-12-23 19:49 ` Stef Coene
2001-12-23 21:28 ` Stef Coene
2001-12-24 12:17 ` Jerome Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.