* [LARTC] Am I correct?
@ 2002-12-18 21:12 LARTC
2002-12-18 21:32 ` Stef Coene
0 siblings, 1 reply; 2+ messages in thread
From: LARTC @ 2002-12-18 21:12 UTC (permalink / raw)
To: lartc
I've got some customers that have lots of bandwidth that are uploading and
downloading files to our https:// help desk and are using up all of my T-1
at times. This leaves other customers sucking wind. I've taken a look at the
'15.10. Example of a full nat solution with QoS' section. Would it work for
me if I change the section that says eth0 to my internet adapter Serial0? If
I can do that, will that allow fair sharing between all my customers of the
https:// help desk?
My setup:
////////// ///////////////// ///////
https:// |-- |eth0 * Serial0 |-- |INET |
////////// ///////////////// ///////
My proposed script:
CEIL\x1020 # actual is 1024Kbit
IFACE=Serial0
tc qdisc add dev $IFACE root handle 1: htb default 15
tc class add dev $IFACE parent 1: classid 1:1 htb rate ${CEIL}kbit ceil
${CEIL}kbit
tc class add dev $IFACE parent 1:1 classid 1:10 htb rate 170kbit ceil
170kbit prio 0
tc class add dev $IFACE parent 1:1 classid 1:11 htb rate 170kbit ceil
${CEIL}kbit prio 1
tc class add dev $IFACE parent 1:1 classid 1:12 htb rate 170kbit ceil
${CEIL}kbit prio 2
tc class add dev $IFACE parent 1:1 classid 1:13 htb rate 170kbit ceil
${CEIL}kbit prio 2
tc class add dev $IFACE parent 1:1 classid 1:14 htb rate 170kbit ceil
${CEIL}kbit prio 3
tc class add dev $IFACE parent 1:1 classid 1:15 htb rate 170kbit ceil
${CEIL}kbit prio 3
tc qdisc add dev $IFACE parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev $IFACE parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev $IFACE parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev $IFACE parent 1:15 handle 150: sfq perturb 10
tc filter add dev $IFACE parent 1:0 protocol ip prio 1 handle 1 fw classid
1:10
tc filter add dev $IFACE parent 1:0 protocol ip prio 2 handle 2 fw classid
1:11
tc filter add dev $IFACE parent 1:0 protocol ip prio 3 handle 3 fw classid
1:12
tc filter add dev $IFACE parent 1:0 protocol ip prio 4 handle 4 fw classid
1:13
tc filter add dev $IFACE parent 1:0 protocol ip prio 5 handle 5 fw classid
1:14
tc filter add dev $IFACE parent 1:0 protocol ip prio 6 handle 6 fw classid
1:15
iptables -t mangle -I PREROUTING -p icmp -j MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p icmp -j RETURN
iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j
MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j RETURN
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN -j MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN -j RETURN
iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j
MARK --set-mark 0x3
iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j RETURN
iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j
MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j RETURN
iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j
MARK --set-mark 0x5
iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j
MARK --set-mark 0x6
iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j RETURN
Thanks in advance for any suggestions
Bernard
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [LARTC] Am I correct?
2002-12-18 21:12 [LARTC] Am I correct? LARTC
@ 2002-12-18 21:32 ` Stef Coene
0 siblings, 0 replies; 2+ messages in thread
From: Stef Coene @ 2002-12-18 21:32 UTC (permalink / raw)
To: lartc
On Wednesday 18 December 2002 22:12, LARTC@VLMINTERNATIONAL.COM wrote:
> I've got some customers that have lots of bandwidth that are uploading and
> downloading files to our https:// help desk and are using up all of my T-1
> at times. This leaves other customers sucking wind. I've taken a look at
> the '15.10. Example of a full nat solution with QoS' section. Would it work
> for me if I change the section that says eth0 to my internet adapter
> Serial0? If I can do that, will that allow fair sharing between all my
> customers of the https:// help desk?
>
> My setup:
>
> ////////// ///////////////// ///////
> https:// |-- |eth0 * Serial0 |-- |INET |
> ////////// ///////////////// ///////
>
> My proposed script:
>
> CEIL=1020 # actual is 1024Kbit
> IFACE=Serial0
>
> tc qdisc add dev $IFACE root handle 1: htb default 15
> tc class add dev $IFACE parent 1: classid 1:1 htb rate ${CEIL}kbit ceil
> ${CEIL}kbit
> tc class add dev $IFACE parent 1:1 classid 1:10 htb rate 170kbit ceil
> 170kbit prio 0
> tc class add dev $IFACE parent 1:1 classid 1:11 htb rate 170kbit ceil
> ${CEIL}kbit prio 1
> tc class add dev $IFACE parent 1:1 classid 1:12 htb rate 170kbit ceil
> ${CEIL}kbit prio 2
> tc class add dev $IFACE parent 1:1 classid 1:13 htb rate 170kbit ceil
> ${CEIL}kbit prio 2
> tc class add dev $IFACE parent 1:1 classid 1:14 htb rate 170kbit ceil
> ${CEIL}kbit prio 3
> tc class add dev $IFACE parent 1:1 classid 1:15 htb rate 170kbit ceil
> ${CEIL}kbit prio 3
>
> tc qdisc add dev $IFACE parent 1:12 handle 120: sfq perturb 10
> tc qdisc add dev $IFACE parent 1:13 handle 130: sfq perturb 10
> tc qdisc add dev $IFACE parent 1:14 handle 140: sfq perturb 10
> tc qdisc add dev $IFACE parent 1:15 handle 150: sfq perturb 10
>
> tc filter add dev $IFACE parent 1:0 protocol ip prio 1 handle 1 fw classid
> 1:10
> tc filter add dev $IFACE parent 1:0 protocol ip prio 2 handle 2 fw classid
> 1:11
> tc filter add dev $IFACE parent 1:0 protocol ip prio 3 handle 3 fw classid
> 1:12
> tc filter add dev $IFACE parent 1:0 protocol ip prio 4 handle 4 fw classid
> 1:13
> tc filter add dev $IFACE parent 1:0 protocol ip prio 5 handle 5 fw classid
> 1:14
> tc filter add dev $IFACE parent 1:0 protocol ip prio 6 handle 6 fw classid
> 1:15
>
> iptables -t mangle -I PREROUTING -p icmp -j MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -p icmp -j RETURN
> iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j
> MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j RETURN
> iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
> SYN -j MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
> SYN -j RETURN
> iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j
> MARK --set-mark 0x3
> iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j RETURN
>
> iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j
> MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j RETURN
> iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j
> MARK --set-mark 0x5
> iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j RETURN
> iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j
> MARK --set-mark 0x6
> iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j RETURN
>
> Thanks in advance for any suggestions
I think this is a good script.
But different prio's for filters are not usefull. They only determine the
order the filters are matched. And in your case, there is no specific order.
In fact, if you add 1 fw filter with no handle parameter, the mark will be
used as filter key. So packets marked with 16 will end up in class 1:16. I
think this will save more CPU cycles.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-12-18 21:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-18 21:12 [LARTC] Am I correct? LARTC
2002-12-18 21:32 ` Stef Coene
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.