From: Andrew Beverley <andy@andybev.com>
To: J Webster <webster_jack@hotmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: limit badwidth not working
Date: Sun, 02 Jan 2011 16:43:20 +0000 [thread overview]
Message-ID: <1293986600.1936.46.camel@steve-pc> (raw)
In-Reply-To: <BAY145-ds16C678B220343FEE352F61F3060@phx.gbl>
On Sun, 2011-01-02 at 16:18 +0100, J Webster wrote:
> > On Tue, 2010-12-28 at 12:12 +0100, J Webster wrote:
> >> I have a setup where uisers connect by VPN and are given IP addresses in
> >> the
> >> range 10.8.0.xxx
> >
> > I can't advise on the VPN aspects of this, but see below for some
> > general comments.
> >
> >> I would like to limit their bandwidth to 1.5Mbps per IP address.
<rant> Please don't top post. Even better, please also use an email
client that does proper quoting </rant>
> Do you know of any tutorials on this with examples? I've looked through the
> main tc tutorials and they are pretty hard to follow.
>
I found the following webpage to be really useful:
http://www.opalsoft.net/qos/DS-28.htm
> Re connections, my network is 100Mbps, I want to leave that as unlimited so
> their is no overall bucket level.
> Users connect to the VPN and each of the IP addresses connected to the VPN
> should have a limit of 1.5Mbps.
>
The following is untested, but should give you an idea. $DEV should be
the *outbound* device, on the local network side, not the internet side.
# Add root qdisc
tc qdisc add dev $DEV root handle 1: htb
# Add parent class. The limit here should add up to all the leaf classes
tc class add dev $DEV parent 1: classid 1:1 htb rate 4.5mbit burst 15k
# Add leaf classes, each with 1.5mbit limit
tc class add dev $DEV parent 1:1 classid 1:10 htb rate 1.5mbit ceil 1.5mbit
tc class add dev $DEV parent 1:1 classid 1:20 htb rate 1.5mbit ceil 1.5mbit
tc class add dev $DEV parent 1:1 classid 1:30 htb rate 1.5mbit ceil 1.5mbit
...
# Add a filter to each leaf class to pipe in the traffic for each IP address
U32="tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32"
$U32 match ip dst 10.0.8.1 flowid 1:10
$U32 match ip dst 10.0.8.2 flowid 1:20
$U32 match ip dst 10.0.8.3 flowid 1:30
...
Andy
next prev parent reply other threads:[~2011-01-02 16:43 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-07 1:23 OpenVPN throttling problem J Webster
2010-09-07 11:09 ` Thomas Jacob
2010-09-07 14:25 ` J Webster
2010-09-07 15:05 ` Thomas Jacob
2010-09-07 15:12 ` J Webster
2010-09-07 15:20 ` Thomas Jacob
2010-09-07 15:25 ` J Webster
2010-09-07 15:37 ` Thomas Jacob
2010-09-08 16:18 ` J Webster
2010-09-07 16:48 ` Payam Chychi
2010-12-28 11:12 ` limit badwidth not working J Webster
2011-01-01 16:08 ` Andrew Beverley
2011-01-02 15:18 ` J Webster
2011-01-02 16:43 ` Andrew Beverley [this message]
2011-01-02 18:56 ` J Webster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1293986600.1936.46.camel@steve-pc \
--to=andy@andybev.com \
--cc=netfilter@vger.kernel.org \
--cc=webster_jack@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox