* [LARTC] Sequence and Default port
@ 2003-09-22 11:37 Raghuveer
2003-09-22 18:25 ` Stef Coene
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Raghuveer @ 2003-09-22 11:37 UTC (permalink / raw)
To: lartc
Hi All,
I have following queries :--
1. For indicating any default IP we are placing 0/0 as src or dst in the
tc script, similarly what can I use for default port....?. This is the
scenario when rules are framed based on ports. For example, For a
firewall with eth0(WAN), eth1(LAN) and eth2(DMZ), Iam doing CBQ outgoing
(egress) traffic shaping at eth0 interface for public hosted servers
located at eth2(DMZ) based on ports(80 for http etc). Now I want to
frame a rule for remaining traffic (default) allocating remaining
bandwidth(total rate is 512Kbits, 256 Kbits provided to the hosted
servers, rest 256KBits is for other traffic). My rules for identifying
the hosted servers is based entirely on src port. Hence what rule should
I frame for all other traffic coming from eth1(LAN).
2. Is the rule sequence play any role, like if there is any conflict
between the rules then the last rule will be given preference. what
happens exactly if there is any conflict...?
Any suggestions and reply is very much helpful.
Regards
-Raghu
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Sequence and Default port
2003-09-22 11:37 [LARTC] Sequence and Default port Raghuveer
@ 2003-09-22 18:25 ` Stef Coene
2003-09-23 6:08 ` Raghuveer
2003-09-23 19:46 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2003-09-22 18:25 UTC (permalink / raw)
To: lartc
On Monday 22 September 2003 13:25, Raghuveer wrote:
> Hi All,
>
> I have following queries :--
>
> 1. For indicating any default IP we are placing 0/0 as src or dst in the
> tc script, similarly what can I use for default port....?. This is the
> scenario when rules are framed based on ports. For example, For a
> firewall with eth0(WAN), eth1(LAN) and eth2(DMZ), Iam doing CBQ outgoing
> (egress) traffic shaping at eth0 interface for public hosted servers
> located at eth2(DMZ) based on ports(80 for http etc). Now I want to
> frame a rule for remaining traffic (default) allocating remaining
> bandwidth(total rate is 512Kbits, 256 Kbits provided to the hosted
> servers, rest 256KBits is for other traffic). My rules for identifying
> the hosted servers is based entirely on src port. Hence what rule should
> I frame for all other traffic coming from eth1(LAN).
There is no such thing as default port. But I don't understand why you need
this. I think it can be done with the dst/src parameter.
> 2. Is the rule sequence play any role, like if there is any conflict
> between the rules then the last rule will be given preference. what
> happens exactly if there is any conflict...?
The first rule that's a match wil be followed. Order is based on prio and the
order they are entered.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Sequence and Default port
2003-09-22 11:37 [LARTC] Sequence and Default port Raghuveer
2003-09-22 18:25 ` Stef Coene
@ 2003-09-23 6:08 ` Raghuveer
2003-09-23 19:46 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Raghuveer @ 2003-09-23 6:08 UTC (permalink / raw)
To: lartc
Hi Stef,
Stef Coene wrote:
>On Monday 22 September 2003 13:25, Raghuveer wrote:
>
>
>>Hi All,
>>
>>I have following queries :--
>>
>>1. For indicating any default IP we are placing 0/0 as src or dst in the
>>tc script, similarly what can I use for default port....?. This is the
>>scenario when rules are framed based on ports. For example, For a
>>firewall with eth0(WAN), eth1(LAN) and eth2(DMZ), Iam doing CBQ outgoing
>>(egress) traffic shaping at eth0 interface for public hosted servers
>>located at eth2(DMZ) based on ports(80 for http etc). Now I want to
>>frame a rule for remaining traffic (default) allocating remaining
>>bandwidth(total rate is 512Kbits, 256 Kbits provided to the hosted
>>servers, rest 256KBits is for other traffic). My rules for identifying
>>the hosted servers is based entirely on src port. Hence what rule should
>>I frame for all other traffic coming from eth1(LAN).
>>
>>
>There is no such thing as default port. But I don't understand why you need
>this. I think it can be done with the dst/src parameter.
>
>
Here are the rules Iam applying to control outgoing traffic at WAN(eth0)
interface for public hosted services.
Here actual Isp rate = 512Kbit, rate taken = 97% of 512Kbit, eth0 ip is
192.168.1.2
tc qdisc add dev eth0 root handle 1: cbq bandwidth 100Mbit avpkt 1000 cell 8
tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate
497Kbit weight 49Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000
bounded
/* Hosted http server bandwidth = 64Kbit */
tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate
64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000
tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src
192.168.1.2 match ip sport 80 0xffff classid 1:2
/* Hosted ftp server bandwidth = 64Kbit */
tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate
64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000
tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src
192.168.1.2 match ip sport 21 0xffff classid 1:3
/* Default : Rest/Other traffic */
tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate
369Kbit weight 40Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000
/* Here I want replace the below rule with a simple rule based only on
port i.e by using some default port other than 80, 21 as sport, which
according to your last mail is not possible, hence pls check whether the
below rule will do for remaining traffic */
tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src
0/0 match ip dst 0/0 classid 1:4
Pls let me know whether the above rules are framed correctly or can be
done in a better way.
>>2. Is the rule sequence play any role, like if there is any conflict
>>between the rules then the last rule will be given preference. what
>>happens exactly if there is any conflict...?
>>
>>
>The first rule that's a match wil be followed. Order is based on prio and the
>order they are entered.
>
>
Thanks for this confirmation.
Regards
-Raghu
>Stef
>
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Sequence and Default port
2003-09-22 11:37 [LARTC] Sequence and Default port Raghuveer
2003-09-22 18:25 ` Stef Coene
2003-09-23 6:08 ` Raghuveer
@ 2003-09-23 19:46 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2003-09-23 19:46 UTC (permalink / raw)
To: lartc
On Tuesday 23 September 2003 07:56, Raghuveer wrote:
> Here are the rules Iam applying to control outgoing traffic at WAN(eth0)
> interface for public hosted services.
> Here actual Isp rate = 512Kbit, rate taken = 97% of 512Kbit, eth0 ip is
> 192.168.1.2
>
> tc qdisc add dev eth0 root handle 1: cbq bandwidth 100Mbit avpkt 1000 cell
> 8 tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate
> 497Kbit weight 49Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000
> bounded
> /* Hosted http server bandwidth = 64Kbit */
> tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate
> 64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000
> tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src
> 192.168.1.2 match ip sport 80 0xffff classid 1:2
>
> /* Hosted ftp server bandwidth = 64Kbit */
> tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate
> 64Kbit weight 6Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000
> tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src
> 192.168.1.2 match ip sport 21 0xffff classid 1:3
>
> /* Default : Rest/Other traffic */
> tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate
> 369Kbit weight 40Kbit prio 3 allot 1514 cell 8 maxburst 10 avpkt 1000
> /* Here I want replace the below rule with a simple rule based only on
> port i.e by using some default port other than 80, 21 as sport, which
> according to your last mail is not possible, hence pls check whether the
> below rule will do for remaining traffic */
> tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip src
> 0/0 match ip dst 0/0 classid 1:4
>
> Pls let me know whether the above rules are framed correctly or can be
> done in a better way.
I can't do it better then you did :)
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-09-23 19:46 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-09-22 11:37 [LARTC] Sequence and Default port Raghuveer
2003-09-22 18:25 ` Stef Coene
2003-09-23 6:08 ` Raghuveer
2003-09-23 19:46 ` Stef Coene
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.