From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sander thrill12@gmx.net Date: Thu, 04 Jan 2001 18:17:55 +0000 Subject: [LARTC] traffic shaping Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org 
At 13:22 4-1-01 +0100, you wrote:
>Hello,
>
>I'm trying to limit all outgoing traffic by means of TC. With six students
>we are connected through the server (Debian 2.2 kernel 2.2.18) with a
>cablemodem. When one person uploads (usually with full bandwidth available
>15KB/s) none of the others can make use of the internet because no requests
>for information can be send.
>
>So, i want to limit the maximum individual upload to 5KB/s so this doesnt
>disturb others useing the internet.
>
>Situation:
>
>Server: 192.168.1.1
>Clients: 192.168.1.2 - 192.168.1.7
>eth0: LAN
>eth1: Cablemodem
>
>Below is what I came up with myself but it doesnt seem to work. Also when do
>i activate this rules? pre- of post configuring interfaces?
>
>Thnx,
>Wouter Smit
>
>------------------------------------------------
>#!/bin/sh
>
>TC="/sbin/tc"
>IF="eth1"
>
>echo Configure queueing discipline
>$TC qdisc add dev $IF root handle 10: cbq bandwidth 120Kbit avpkt 1000
>
>echo Configure root class
>$TC class add dev $IF parent 10:0 classid 10:1 cbq bandwidth 120Kbit rate \
>  120Kbit allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000
>
>echo Configure class divisions
>$TC class add dev $IF parent 10:1 classid 10:100 cbq bandwidth 120Kbit rate
>\
>   40Kbit allot 1514 weight 4Kbit prio 5 maxburst 20 avpkt 1000 bounded
>
>echo Configure queue management
>$TC qdisc add dev $IF parent 10:100 sfq perturb 15 quantum 1514
>
>echo Configure which packets belong to which class
>$TC filter add dev $IF parent 10:0 protocol ip prio 25 u32 match ip src \
>   192.168.1.0/24 flowid 10:100

We have the exact same situation, so here is our configuration script, with 
a little tweaking you should be able to implement it. Most important is 
that you MARK the packets that enter the router with ipchains.

# setup packetforwarding
/sbin/ipchains -P forward DENY
# here we mark the packets with -m
/sbin/ipchains -A forward -s 192.168.0.1/32 -j MASQ -m 0x1
/sbin/ipchains -A forward -s 192.168.0.4/32 -j MASQ -m 0x4
/sbin/ipchains -A forward -s 192.168.0.3/32 -j MASQ -m 0x3
/sbin/ipchains -A forward -s 192.168.0.6/32 -j MASQ -m 0x6
/sbin/ipchains -A forward -s 192.168.0.7/32 -j MASQ -m 0x7
/sbin/ipchains -A forward -s 192.168.0.10/32 -j MASQ -m 0xa
# eliminate spoofing
/sbin/ipchains -A forward -i $extip -s 192.168.0.0/24 -d 0.0.0.0/0 -j DENY

#root device for upstream, divided in various subclasses to more or less 
guarantee a fair loadbalancing (see below..)
/usr/bin/tc qdisc add dev eth1 root handle 1: cbq bandwidth 128Kbit avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 128Kbit 
rate 128Kbit \
allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 128Kbit 
rate 64Kbit \
allot 1514 weight 6Kbit prio 8 maxburst 20 avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:1 classid 1:3 cbq bandwidth 128Kbit 
rate 64Kbit \
allot 1514 weight 6Kbit prio 8 maxburst 20 avpkt 1000

# configure ip 1 here for 40 kbit (to ensure fairnes..) WITH borrowing
/usr/bin/tc class add dev eth1 parent 1:2 classid 1:11 cbq bandwidth 
128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
/usr/bin/tc qdisc add dev eth1 parent 1:11 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 1 fw 
classid 1:11
#192.168.0.3
/usr/bin/tc class add dev eth1 parent 1:2 classid 1:13 cbq bandwidth 
128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
/usr/bin/tc qdisc add dev eth1 parent 1:13 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 3 fw 
classid 1:13
#192.168.0.4
/usr/bin/tc class add dev eth1 parent 1:2 classid 1:14 cbq bandwidth 
128Kbit rate 35Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2
/usr/bin/tc qdisc add dev eth1 parent 1:14 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 4 fw 
classid 1:14
#192.168.0.6
/usr/bin/tc class add dev eth1 parent 1:3 classid 1:16 cbq bandwidth 
128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
/usr/bin/tc qdisc add dev eth1 parent 1:16 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 6 fw 
classid 1:16
#192.168.0.7
/usr/bin/tc class add dev eth1 parent 1:3 classid 1:17 cbq bandwidth 
128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
/usr/bin/tc qdisc add dev eth1 parent 1:17 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 7 fw 
classid 1:17
#192.168.0.10
/usr/bin/tc class add dev eth1 parent 1:3 classid 1:20 cbq bandwidth 
128Kbit rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:3
/usr/bin/tc qdisc add dev eth1 parent 1:20 sfq quantum 1514b perturb 15
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 10 
fw classid 1:20

So we now have 1 root class of 128 kbit, two subclasses of 64 kbit, each of 
those subclass serving 3 people.
The 40kbit per person thing was done with one purpose: when 1 person starts 
the upload, and another person kicks in, the first person still gets 
128Kbit - 40Kbit and the second one gets that 40 Kbit. This is more then 
one would get when we would simply divide 128Kbit by 6. I don't yet know 
how to get the loadbalancing system to divide the space evenly (1 
person8 Kbit, 2 persons = 64Kbit, 3CKbit etc..), but haven't come up 
with a solution yet.

Sander