From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Chijioke Kalu" Date: Sun, 09 Nov 2003 06:26:21 +0000 Subject: [LARTC] Parent rate=ceil Limit not respected MIME-Version: 1 Content-Type: multipart/mixed; boundary="----=_NextPart_000_2745_a3f_16ec" Message-Id: List-Id: To: lartc@vger.kernel.org This is a multi-part message in MIME format. ------=_NextPart_000_2745_a3f_16ec Content-Type: text/plain; format=flowed Hi Stef, lo all, Am hoping someone could have the time to look at my simple script, it basically tries to restrict users based on their ip, but I also incorporated the hints given by Stef on being able to allow local traffic unrestricted. no iptable marking (fw filter) is used, just tc. I see traffic passing thru all the classes when ever those systems are in use. Ave done some stress test on the local traffic by plugging p2p/web crawlers on the LAN of one of the systems, each time i notice that the parent ceil limit is being broken. I have met the one major requirement, sum of child classes rate <= parent rate. I dont know what else i might be doing wrong, once placed perturb to 1, and internally(kernel) am using PSCHED_CPU and a sfq buffer length of 15 as against 128. (notes on docum.org) to try and increase speed. (Processor has TSC flag) Would be much obliged on any comments/improvements i can make on the script. Using kernel 2.4.22 TIA K _________________________________________________________________ MSN Shopping upgraded for the holidays! Snappier product search... http://shopping.msn.com ------=_NextPart_000_2745_a3f_16ec Content-Type: text/plain; name="rc.qosv4.txt"; format=flowed Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="rc.qosv4.txt" #!/bin/bash # # rc.qos - GPL ver 0.04 (rate limiting specific ip's on a LAN) # # # TODO: # 1) make auto-startable # 2) place command line arguments # 3) make generic, this gonna be a hardone ;) # 4) improve QoS, attempt DiffServ again # 5) incorporate SQUID, include upload traffic control # 6) auto determine bandwidth per ip # # Acknowledgements: # Much thanks to Stef, Alex, Clouter and Ahu # Special thanks to reeler@#lartc for pointing out the not so obvious (in my case) ;) # # Schematic # --------- # # _________root 1:0_______ # / \ # local (10mbit) Internet (90kbit) # 1:2 1:3 # (h=handle 5) | # | # --------------+----------------------------------- # / | | | | \ # 1:10 1:11 1:12 1:13 1:... 1:50 # (high priority) (sys 1) (sys 2) (sys 3) (sys ...) (default) # (h10) (h11) (h12) (h13) (h...) (h50) # #set -x # LAN Interface ( Download ) # delete/create root class tc qdisc del dev eth1 root 2> /dev/null tc qdisc add dev eth1 root handle 1: htb default 50 r2q 1 # create local class tc class add dev eth1 parent 1: classid 1:2 htb rate 10mbit ceil 10mbit # create internet class #ceil 86 tc class add dev eth1 parent 1: classid 1:3 htb rate 86Kbit ceil 90Kbit # create high priority class in internet class for ack, icmp packets #ceil 82 tc class add dev eth1 parent 1:3 classid 1:10 htb rate 5Kbit ceil 82Kbit prio 0 # create 20 system classes in internet class, sys01 - sys20 ( 1:11 - 1:30 ) #ceil 82 for LOOP in `seq 11 30` do tc class add dev eth1 parent 1:3 classid 1:$[$LOOP] htb \ rate 4Kbit ceil 82Kbit prio 2 done # default class #ceil 80 tc class add dev eth1 parent 1:3 classid 1:50 htb rate 2Kbit ceil 80Kbit prio 3 # do qdisc attachment # perturb 10 tc qdisc add dev eth1 parent 1:2 handle 5: sfq perturb 10 for LOOP in `seq 10 30` do tc qdisc add dev eth1 parent 1:$[$LOOP] handle $[$LOOP]: sfq \ perturb 10 done tc qdisc add dev eth1 parent 1:50 handle 50: sfq perturb 10 # filter rules # 10mbit local traffic matched tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip src 192.168.0.0/24 classid 1:2 # any other thing not matched to classid 1:3 ( must be from internet bound ) # 90Kbit Internet traffic match tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip tos 0 0 classid 1:3 # High priority class 1:10 filter tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 10 fw classid 1:10 # (1:10 is high priority class in internet class) # TOS minimum delay in 1:10 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip tos 0x10 0xff flowid 1:10 # UDP Traffic in 1:10 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip protocol 17 0xff \ match ip dport 53 0xffff flowid 1:10 # ICMP (ip protocol 1) Set class to 1:10 to impress friends tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip protocol 1 0xff flowid 1:10 # To speed up downloads while an upload is going on, put ACK packets in # the 1:10 class # ACKs on packets < 64 bytes tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ flowid 1:10 # remaining filters for sys01 - sys20 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.106/32 flowid 1:11 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.107/32 flowid 1:12 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.108/32 flowid 1:13 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.109/32 flowid 1:14 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.110/32 flowid 1:15 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.111/32 flowid 1:16 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.112/32 flowid 1:17 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.113/32 flowid 1:18 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.114/32 flowid 1:19 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.121/32 flowid 1:20 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.122/32 flowid 1:21 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.123/32 flowid 1:22 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.124/32 flowid 1:23 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.125/32 flowid 1:24 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.126/32 flowid 1:25 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.127/32 flowid 1:26 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.128/32 flowid 1:27 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.130/32 flowid 1:28 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.129/32 flowid 1:29 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.104/32 flowid 1:30 tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 50 fw classid 1:50 # end of LAN interface ( download ) script ------=_NextPart_000_2745_a3f_16ec-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/