[LARTC] am i on the right track ?

From: Chandrashekhar Joshi <shekhar@dishatech.com>
To: lartc@vger.kernel.org
Subject: [LARTC] am i on the right track ?
Date: Mon, 14 Jan 2002 01:44:44 +0000	[thread overview]
Message-ID: <marc-lartc-101099113808821@msgid-missing> (raw)

hi,

i am trying to have bandwidth shaping on my linux router.
i have a 64kbps link, on which i want to restrict the link use for http
/ftp access and give more bandwidth priority for vpn access. thanks to
martin devera i am using the htb for this.

|-----------|            |-----------|
| MAIN LINK |-----+------|  CLASS A  |
|-----------|     |      |-----------|
                   |
            |------+-----|
            | CLASS B    |
            |------------|

MAIN LINK  = 64kbps
CLASS A = 24kbps  (for HTTP/ FTP and other internet related activities )
CLASS B = 40kbps  ( reserved for PPTP-VPN access incoming and outgoing)

requirements :
each class should be able to borrow bandwidth from the other class when
excess is available
incoming vpn connections should come through the class B bandwidth policy
outgoing vpn connections should go through the class B bandwidth policy

following is the command set (lifted from the htb manual :-)  ) i am
trying to use :

# tc qdisc add dev eth0 root handle 1: htb default 11
# tc class add dev eth0 parent 1: classid 1:1 htb rate 64kbps ceil 64
kbps burst 2k
# tc class add dev eth0 parent 1: classid 1:10 htb rate 64kbps ceil 64
kbps burst 2k
# tc class add dev eth0 parent 1: classid 1:11 htb rate 64kbps ceil 64
kbps burst 2k
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.1.0 match tcp dst 21 0xffff flowid \      1:10
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.1.0 match tcp dst 80 0xffff flowid  \      1:10
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.1.0 match tcp dst 443 0xffff flowid \    1:10
# tc qdisc add dev eth0 parent 1:10 handle 20: pfifo limit 5
# tc qdisc add dev eth0 parent 1:11 handle 30: sfq perturb 10

first i would like to know whether what i have done is correct or not in
context with my problem , i think i am on right track ?

why i did what i did
now to meet the above requirements what i did was to define bandwidth
shaping only for http, https & ftp (the major bandwidth guzzlers to
class A and made the class B as default.
but because of above rulesets my other inet services (like domain, ssh,
whois, ping etc) will go through the default  policy of class B, which i
want to avoid without adding additional rulesets; can i define a ruleset
for VPN something like below :    (and remove the rulesets for class A
and make clas A as default)

# tc filter add dev eth0 protocol 47 parent 1:0 prio 1 u32 match ip src
192.168.1.0 flowid 1:11
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.1.0 match tcp dst 1723 0xffff \
    flowid 1:11

but how do i define the ruleset for incoming connections, can the
following be true

# tc filter add dev eth0 protocol 47 parent 1:0 prio 1 u32 match ip dst
192.168.1.0 flowid 1:11
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst
192.168.1.0 match tcp dst 1723 0xffff \
    flowid 1:11

thanx in advance

regards / shekhar

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/