All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Some shaping questions....
@ 2002-04-05 11:47 David H
  0 siblings, 0 replies; only message in thread
From: David H @ 2002-04-05 11:47 UTC (permalink / raw)
  To: lartc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello mailing list.

I am sitting here at the office and after reading the Advanced
routing howto, some iptables documents and Howto, I am not quite sure
how to do this. I have the following setup
and while I explain it, I would like to ask everyone that reads this
to tell me if they would go about it in a similar fashion or not.

We own a symmetric 2 Mbit uplink via ATM and I am trying to limit the
services a bit.

We would like to sort out the followinf services into their own
classes, so that they may be bandwidth shaped.

HTTP+HTTPs+SQUID connections which are outgoing to fetch data
FTP+FTP-DATA
SSH
ICMP
MAIL

I was thinking about the following bandwidth assignements:

HTTP... gets 15% (of the 2 Mbit)
FTP gets 15%
SSH gets 5% but the badnwidth is isolated and borrows from other
classes
ICMP gets 1% but is bounded
MAIL gets 10% (we do send an aweful lot of mail)

I am marking the traffic with IPtables in the PREROUTING chain and I
thought it would be the correct way to later use the fwmark target in
the tc filter add directive, however, if you think it is smarter to
use a u32 classifier, so please do tell me.

Right now my setup would look somewhat like this:

1:0 is a 10Mbit parent class which is the NIC to the Router.

1:1 is a subclass, which has 2Mbit and all other classes should
derrive from it.

I then wanted to create 1:3 to 1:7 for the services.
where the class for SSH would be isolated, borrow
The ICMP class would be bounded.

The output I currently have looks somewhat like this:

[root@gw root]# tc qdisc show dev eth0
qdisc sfq 70: quantum 1514b
qdisc sfq 60: quantum 1514b
qdisc sfq 50: quantum 1514b
qdisc sfq 40: quantum 1514b
qdisc sfq 30: quantum 1514b
qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit

(since I am using sfq as the queue algorithm)

The classes:
[root@gw root]# tc class show dev eth0
class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
class cbq 1:1 parent 1: rate 2Mbit (bounded) prio no-transmit
class cbq 1:3 parent 1:1 leaf 30: rate 153Kbit prio no-transmit
class cbq 1:4 parent 1:1 leaf 40: rate 153Kbit prio no-transmit
class cbq 1:5 parent 1:1 leaf 50: rate 20Kbit (bounded) prio
no-transmit
class cbq 1:6 parent 1:1 leaf 60: rate 102Kbit (isolated) prio
no-transmit
class cbq 1:7 parent 1:1 leaf 70: rate 204Kbit prio no-transmit

1:3 is Ftp+ftp-data
1:4 is https+http plus everything from sport 3128
1:5 is icmp
1:6 is ssh
1:7 is smtp

The filters look as follows:
[root@gw root]# tc filter show dev eth0
filter parent 1: protocol ip pref 100 fw
filter parent 1: protocol ip pref 100 fw handle 0x1 classid 1:5
filter parent 1: protocol ip pref 100 fw handle 0x2 classid 1:6
filter parent 1: protocol ip pref 100 fw handle 0x3 classid 1:3
filter parent 1: protocol ip pref 100 fw handle 0x4 classid 1:4
filter parent 1: protocol ip pref 100 fw handle 0x6 classid 1:7

and my iptables marking rules read as follows:
[root@gw root]# iptables -t mangle -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination       
MARK       icmp --  anywhere             anywhere           MARK set
0x1
MARK       tcp  --  anywhere             anywhere           tcp
dpt:http MARK set 0x4
MARK       tcp  --  anywhere             anywhere           tcp
dpt:https MARK set 0x4
MARK       tcp  --  anywhere             anywhere           tcp
dpt:ftp MARK set 0x3
MARK       tcp  --  anywhere             anywhere           tcp
spt:ftp-data MARK set 0x3
MARK       tcp  --  anywhere             anywhere           tcp
dpt:ssh MARK set 0x2
MARK       tcp  --  anywhere             anywhere           tcp
dpt:smtp MARK set 0x6
MARK       tcp  --  anywhere             anywhere           tcp
spt:squid MARK set 0x4

Would you go about this the same way? Or do you recommend doing it in
a different way?
I am very grateful for any hints, because I am very new to this on
Linux, i usually use cisco IOS for it, but this time, linux is my
choice and I really wish to learn it. Any other hints,
such as documenation is greatly appreciated as well.

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAjytjtMACgkQSv4PndfE29DlCACeKbTI8foLoe6ERc2cztjBOE/G
OW0AoKlKMQJRa3Nny8yRenI/AqlgWu/g
=IeHQ
-----END PGP SIGNATURE-----




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2002-04-05 11:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-04-05 11:47 [LARTC] Some shaping questions David H

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.