[LARTC] need help in shaping traffic

[LARTC] need help in shaping traffic

[arindam]

hi all,
my system with kernel 2.4.16 & 2.4.17( RH-7.2) has
netfilter-1.2.4, iproute-ss010803, squid, dns with 4
ether cards.i am trying a simple situation where i
want to shape traffic all the interfaces. at present
iam using netfilter to allow a few ips, using
transparent squid & iproute to limit bandwidth. i feel
i must give more bandwidth for my local servers for my
office & customers.
i need some help from u Gurus in knowing what i did
wrong here.
a) y no trafic is passing thru the http handle 101.
infcat only the 102 handle is working(seen below) ??
b) whats recomended--marking pkts in iproute or
iptables ??
c) if i mark pkts with iptables, will i be still able
to use transparent squid as well as shape bandwidth(i
havnt tried this so far)

[root@cab2 root]# tc -s -d class ls dev eth1
class htb 2: parent 2:
class htb 2: parent 2:
class htb 2: parent 2:
class htb 2: parent 2:
class htb 2: parent 2:
[root@cab2 root]# tc -s -d qdisc ls dev eth1
qdisc pfifo 102: limit 2p
Sent 1067212 bytes 991 pkts (dropped 114, overlimits
0)
backlog 2p
 
 qdisc pfifo 101: limit 2p
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
 qdisc pfifo 100: limit 2p
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
 qdisc htb 2:
 Sent 1067296 bytes 993 pkts (dropped 114, overlimits
1414)
 backlog 2p

[root@cab2 root]# cat yemp
#!/bin/sh
tc qdisc add dev eth0 root handle 1: htb default 100
tc class add dev eth0 parent 1: classid 1:1 htb rate
10mbit burst 5k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate
256kbit ceil 1mbit burst 2

tc class add dev eth0 parent 1:10 classid 1:100 htb
rate 2kbit burst 2
tc class add dev eth0 parent 1:10 classid 1:101 htb
rate 4kbit burst 2
tc class add dev eth0 parent 1:10 classid 1:102 htb
rate 32kbit burst 2
 
tc filter add dev eth0 protocol ip parent 1:0 prio 1
u32 match ip dst 10.1.1.0/24 match tcp dst 25 0xffff
flowid 1:100
tc filter add dev eth0 protocol ip parent 1:0 prio 1
u32 match tcp src 80 0xffff flowid 1:101
tc filter add dev eth0 protocol ip parent 1:0 prio 1
u32 match tcp dst 80 0xffff flowid 1:101
tc filter add dev eth0 protocol ip parent 1:0 prio 2
u32 match ip dst 10.1.1.0/24 flowid 1:102
 
##tc qdisc add dev eth0 parent 1:100 handle 101 sfq
perturb 10
tc qdisc add dev eth0 parent 1:100 handle 100 pfifo
limit 2
tc qdisc add dev eth0 parent 1:101 handle 101 pfifo
limit 2
tc qdisc add dev eth0 parent 1:102 handle 102 pfifo
limit 2
 
tc qdisc add dev eth1 root handle 2: htb
tc class add dev eth1 parent 2: classid 2:1 htb rate
10mbit burst 5k
tc class add dev eth1 parent 2:1 classid 2:10 htb rate
256kbit ceil 1mbit burst 2

tc class add dev eth1 parent 2:10 classid 2:100 htb
rate 2kbit burst 2
tc class add dev eth1 parent 2:10 classid 2:101 htb
rate 4kbit burst 2
tc class add dev eth1 parent 2:10 classid 2:102 htb
rate 32kbit burst 2
 
tc filter add dev eth1 protocol ip parent 2:0 prio 1
u32 match ip dst 10.1.1.0/24 match tcp dst 25 0xffff
flowid 2:100
tc filter add dev eth1 protocol ip parent 2:0 prio 1
u32 match tcp src 80 0xffff flowid 2:101
tc filter add dev eth1 protocol ip parent 2:0 prio 1
u32 match tcp dst 80 0xffff flowid 2:101
tc filter add dev eth1 protocol ip parent 2:0 prio 2
u32 match ip dst 10.1.1.0/24 flowid 2:102
 
##tc qdisc add dev eth1 parent 2:200 handle 102 sfq
perturb 10
tc qdisc add dev eth1 parent 2:100 handle 100 pfifo
limit 2
tc qdisc add dev eth1 parent 2:101 handle 101 pfifo
limit 2
tc qdisc add dev eth1 parent 2:102 handle 102 pfifo
limit 2
 
[root@cab2 root]# tc -s -d qdisc ls dev eth1
qdisc pfifo 102: limit 2p
Sent 1372419 bytes 1210 pkts(dropped 129, overlimits
0)
 backlog 1p
 
 qdisc pfifo 101: limit 2p
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
 qdisc pfifo 100: limit 2p
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
 qdisc htb 2:
 Sent 1372545 bytes 1213 pkts (dropped 129, overlimits
1744)
 backlog 1p
 

thanking u all in advance..
arindam


__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] need help in shaping traffic

[bert hubert]

On Fri, Dec 28, 2001 at 03:33:58AM +0000, arindam wrote:
> hi all,
> my system with kernel 2.4.16 & 2.4.17( RH-7.2) has
> netfilter-1.2.4, iproute-ss010803, squid, dns with 4
> ether cards.i am trying a simple situation where i
> want to shape traffic all the interfaces. at present
> iam using netfilter to allow a few ips, using
> transparent squid & iproute to limit bandwidth. i feel
> i must give more bandwidth for my local servers for my
> office & customers.
> i need some help from u Gurus in knowing what i did
> wrong here.
> a) y no trafic is passing thru the http handle 101.
> infcat only the 102 handle is working(seen below) ??

'tcp dst' is not working as you think it is. Use 'ip dport'.

> b) whats recomended--marking pkts in iproute or
> iptables ??

AFAIK, ip can't mark packets.

> c) if i mark pkts with iptables, will i be still able
> to use transparent squid as well as shape bandwidth(i
> havnt tried this so far)

An fwmark will not survive a transparent proxy.

You may want to police on ingress.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl           - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/