All of lore.kernel.org
 help / color / mirror / Atom feed
From: David H <david@uptime.at>
To: lartc@vger.kernel.org
Subject: [LARTC] Some shaping questions....
Date: Fri, 05 Apr 2002 11:47:46 +0000	[thread overview]
Message-ID: <marc-lartc-101800737331820@msgid-missing> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello mailing list.

I am sitting here at the office and after reading the Advanced
routing howto, some iptables documents and Howto, I am not quite sure
how to do this. I have the following setup
and while I explain it, I would like to ask everyone that reads this
to tell me if they would go about it in a similar fashion or not.

We own a symmetric 2 Mbit uplink via ATM and I am trying to limit the
services a bit.

We would like to sort out the followinf services into their own
classes, so that they may be bandwidth shaped.

HTTP+HTTPs+SQUID connections which are outgoing to fetch data
FTP+FTP-DATA
SSH
ICMP
MAIL

I was thinking about the following bandwidth assignements:

HTTP... gets 15% (of the 2 Mbit)
FTP gets 15%
SSH gets 5% but the badnwidth is isolated and borrows from other
classes
ICMP gets 1% but is bounded
MAIL gets 10% (we do send an aweful lot of mail)

I am marking the traffic with IPtables in the PREROUTING chain and I
thought it would be the correct way to later use the fwmark target in
the tc filter add directive, however, if you think it is smarter to
use a u32 classifier, so please do tell me.

Right now my setup would look somewhat like this:

1:0 is a 10Mbit parent class which is the NIC to the Router.

1:1 is a subclass, which has 2Mbit and all other classes should
derrive from it.

I then wanted to create 1:3 to 1:7 for the services.
where the class for SSH would be isolated, borrow
The ICMP class would be bounded.

The output I currently have looks somewhat like this:

[root@gw root]# tc qdisc show dev eth0
qdisc sfq 70: quantum 1514b
qdisc sfq 60: quantum 1514b
qdisc sfq 50: quantum 1514b
qdisc sfq 40: quantum 1514b
qdisc sfq 30: quantum 1514b
qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit

(since I am using sfq as the queue algorithm)

The classes:
[root@gw root]# tc class show dev eth0
class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
class cbq 1:1 parent 1: rate 2Mbit (bounded) prio no-transmit
class cbq 1:3 parent 1:1 leaf 30: rate 153Kbit prio no-transmit
class cbq 1:4 parent 1:1 leaf 40: rate 153Kbit prio no-transmit
class cbq 1:5 parent 1:1 leaf 50: rate 20Kbit (bounded) prio
no-transmit
class cbq 1:6 parent 1:1 leaf 60: rate 102Kbit (isolated) prio
no-transmit
class cbq 1:7 parent 1:1 leaf 70: rate 204Kbit prio no-transmit

1:3 is Ftp+ftp-data
1:4 is https+http plus everything from sport 3128
1:5 is icmp
1:6 is ssh
1:7 is smtp

The filters look as follows:
[root@gw root]# tc filter show dev eth0
filter parent 1: protocol ip pref 100 fw
filter parent 1: protocol ip pref 100 fw handle 0x1 classid 1:5
filter parent 1: protocol ip pref 100 fw handle 0x2 classid 1:6
filter parent 1: protocol ip pref 100 fw handle 0x3 classid 1:3
filter parent 1: protocol ip pref 100 fw handle 0x4 classid 1:4
filter parent 1: protocol ip pref 100 fw handle 0x6 classid 1:7

and my iptables marking rules read as follows:
[root@gw root]# iptables -t mangle -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination       
MARK       icmp --  anywhere             anywhere           MARK set
0x1
MARK       tcp  --  anywhere             anywhere           tcp
dpt:http MARK set 0x4
MARK       tcp  --  anywhere             anywhere           tcp
dpt:https MARK set 0x4
MARK       tcp  --  anywhere             anywhere           tcp
dpt:ftp MARK set 0x3
MARK       tcp  --  anywhere             anywhere           tcp
spt:ftp-data MARK set 0x3
MARK       tcp  --  anywhere             anywhere           tcp
dpt:ssh MARK set 0x2
MARK       tcp  --  anywhere             anywhere           tcp
dpt:smtp MARK set 0x6
MARK       tcp  --  anywhere             anywhere           tcp
spt:squid MARK set 0x4

Would you go about this the same way? Or do you recommend doing it in
a different way?
I am very grateful for any hints, because I am very new to this on
Linux, i usually use cisco IOS for it, but this time, linux is my
choice and I really wish to learn it. Any other hints,
such as documenation is greatly appreciated as well.

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAjytjtMACgkQSv4PndfE29DlCACeKbTI8foLoe6ERc2cztjBOE/G
OW0AoKlKMQJRa3Nny8yRenI/AqlgWu/g
=IeHQ
-----END PGP SIGNATURE-----




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

                 reply	other threads:[~2002-04-05 11:47 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-101800737331820@msgid-missing \
    --to=david@uptime.at \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.