Re: Some advice for QoS setup ...

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Jörg Esser" <jackfritt@boh.de>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: Some advice for QoS setup ...
Date: Thu, 09 Jan 2003 09:20:45 +0100	[thread overview]
Message-ID: <3E1D30DD.3030608@boh.de> (raw)
In-Reply-To: <1042094506.26551.111.camel@rayw.knowledgefactory.co.za>



Raymond Leach wrote:

>Hi all
>
>Am I going about this in the right way?
>
>This is what I plan to do :
>
>1. Outgoing www traffic originating from our web servers has priority 1
>with min 30% bandwidth and max 60% bandwidth.
>2. Outgoing mail traffic (smtp and pop3) originating from our mail
>servers has priority 2 with min 5% bandwidth and max 20% bandwidth.
>3. Outgoing ftp traffic originating from our ftp servers has priority 3
>with min 5% bandwidth and max 10% bandwidth.
>4. All other traffic has priority 4 with min 0% bandwidth and max 10%
>bandwidth.
>
>I was thinking of using htb and sfq. What should my 'tree that is not a
>tree' look like?
>
>I was also planning to use netfilter iptables to mark the traffic and
>use tc to filter the packets based on the mark (let's say 1,2,3,4
>corresponding to the priorities above).
>
>Any suggestions?
>
>I thought my tree would look something like this:
>
>                              10: (htb)
>                                 |
>                              10:1 (htb)
>                       (rate 512kbps, ceil 512kbps)
>                                 |
>    ________________________________________________________
>   |                  |                  |                  |
>10:10 (htb)        10:20 (htb)        10:30 (htb)        10:40 (htb)
>(rate 153kbps,     (rate 25kbps,      (rate 25kbps,      (rate 0kbps,
> ceil 306kbps)      ceil 102kbps)      ceil 50kbps)       ceil 50kbps)
>   |                  |                  |                  |
>  SFQ                SFQ                SFQ                SFQ
>
>Does my tree look correct? Will this tree honour the priorities I want
>to set? Is netfilter FWMARK the right way to go here?
>
>Regards
>
>Ray
>
Found this in german journal ct.
Maybe you can use it.
You need this:
http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz
(The tc binary is needed without the right version it won´t work)
Insert all QOS stuff from kernel sources in your kernel.
put this as qos-on script.
-----------------------------------------
#!/bin/sh
#
# Shell-Skript fuer Quality of Service mit HTB
#

EXTIF=ppp0
INTIF=eth0

############
# Outgoing
############
## Root
tc qdisc add dev $EXTIF root handle 1:0 htb default 12
## Hauptklasse
tc class add dev $EXTIF parent 1:0 classid 1:1 htb rate 125kbit ceil 125kbit
## Klasse fuer ACK
tc class add dev $EXTIF parent 1:1 classid 1:10 htb rate 10kbit ceil 
125kbit prio 0
## Klasse fuer VPN/SSH
tc class add dev $EXTIF parent 1:1 classid 1:11 htb rate 30kbit ceil 
125kbit prio 1
## Klasse fuer normalen Traffic
tc class add dev $EXTIF parent 1:1 classid 1:12 htb rate 75kbit ceil 
125kbit prio 2
## Klasse fuer Bulk
tc class add dev $EXTIF parent 1:1 classid 1:13 htb rate 10kbit ceil 
100kbit prio 3

# ACKs
#iptables -A OUTPUT -t mangle -o $EXTIF -p tcp -m length --length :64 -j 
MARK --set-mark 10
# VPN/IPsec
iptables -A POSTROUTING -t mangle -o $EXTIF -p 50 -j MARK --set-mark 11
# SSH
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 22 -j MARK 
--set-mark 11
## lokaler SSH Server auf Port 4444
## iptables -A OUTPUT -t mangle -o $EXTIF -p tcp --sport 4444 -j MARK 
--set-mark 11
## SMTP
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 25 -j MARK 
--set-mark 13
# eDonkey
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 4662 -j MARK 
--set-mark 13
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 4662 -j MARK 
--set-mark 13

tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 10 fw 
flowid 1:10
tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 11 fw 
flowid 1:11
# default: 1:12
tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 13 fw 
flowid 1:13


###########
# Incoming
###########
tc qdisc add dev $INTIF root handle 2:0 htb default 20
tc class add dev $INTIF parent 2:0 classid 2:2 htb rate 750kbit ceil 750kbit
tc class add dev $INTIF parent 2:2 classid 2:20 htb rate 500kbit ceil 
700kbit prio 1
tc class add dev $INTIF parent 2:2 classid 2:21 htb rate 150kbit ceil 
750kbit prio 0
tc class add dev $INTIF parent 2:2 classid 2:22 htb rate 100kbit ceil 
500kbit prio 3

# ACKs
#iptables -A POSTROUTING -t mangle -o $INTIF -m length --length :200 -j 
MARK --set-mark 21
# SSH
#iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --sport 22 -j MARK 
--set-mark 21
# eDonkey
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --dport 4662 -j MARK 
--set-mark 22
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --sport 4662 -j MARK 
--set-mark 22
# zu drosselnder Rechner
#iptables -A POSTROUTING -t mangle -o $INTIF -d 192.168.111.1 -j MARK 
--set-mark 22

tc filter add dev $INTIF parent 2:0 prio 0 protocol ip handle 21 fw 
flowid 2:21
tc filter add dev $INTIF parent 2:0 prio 0 protocol ip handle 22 fw 
flowid 2:22


#########
# SFQ
#########
tc qdisc add dev $EXTIF parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $EXTIF parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $EXTIF parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev $EXTIF parent 1:13 handle 13: sfq perturb 10

tc qdisc add dev $INTIF parent 2:20 handle 20: sfq perturb 10
tc qdisc add dev $INTIF parent 2:21 handle 21: sfq perturb 10
tc qdisc add dev $INTIF parent 2:22 handle 22: sfq perturb 10
-----------------------------------------------------------------------
and this as qos-off script.
-----------------------------------------------------------------
# /bin/sh
EXTIF=ppp0
INTIF=eth0

iptables -F -t mangle

tc qdisc del dev $EXTIF root    2> /dev/null > /dev/null
tc qdisc del dev $EXTIF ingress 2> /dev/null > /dev/null
tc qdisc del dev $INTIF root    2> /dev/null > /dev/null
tc qdisc del dev lo root      2> /dev/null > /dev/null
 ----------------------------------------------------------------

Have a nice day,

Joerg Esser

     prev parent reply	other threads:[~2003-01-09  8:20 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-01-09  6:41 Some advice for QoS setup Raymond Leach
2003-01-09  8:20 ` Jörg Esser [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3E1D30DD.3030608@boh.de \
    --to=jackfritt@boh.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox