Qos/TrafficShaping(on Shorewall) Howto available for Web-viewing
Homer
hparker at homershut.net
Sat May 8 16:53:49 UTC 2004
On Fri, 2004-05-07 at 01:45, Ow Mun Heng wrote:
> > Cisco??!? I'm a little ISP and can hardly afford to
> > spell Cisco, let
> > alone buy them.. I've got an old P166 handling it all for me... Moves
> > the packets nicely, though I'm going to upgrade it soon, as I
> > need some
> > of the newer QOS that tc provides....
>
>
> oh.. can you tell a bit more on how you set up the QoS in the sense that
> which client gets what sort of allowed bandwidth?
>
> Cause, I've mentioned already that from what I read, I can only successfully
> control the upload and not the download.
>
> Say my pipe is 1.5Mbit and I want to separate that into 256kbps/384kbps and
> 512kbps
> on different clients. How would you write the tc rules??
What I ended up doing was using FMARK on the packets to sort by
origination/destination. I then have tc look for the FMARK to determine
how to handle it. Find attached the tc rules I run on my 4 interface
firewall at home.
--
Homer Parker /"\ ASCII Ribbon Campaign
BOFH for homershut.net \ / No HTML/RTF in email
http://www.homershut.net x No Word docs in email
telnet://bbs.homershut.net / \ Respect for open standards
"Bill Gates reports on security progress made and the challenges ahead."
-- Microsoft's Homepage, on the day an SQL Server bug crippled large
sections of the Internet.
-------------- next part --------------
tc qdisc add dev eth0 root handle 1: htb default 255
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
# Default class
tc class add dev eth0 parent 1:1 classid 1:255 htb rate 64kbit ceil 128kbit
# Default gets Stochastic Fairness
tc qdisc add dev eth0 parent 1:255 sfq perturb 10
# Root class for test ip
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 9Mbit ceil 10Mbit
# Secondary classes
tc class add dev eth0 parent 1:10 classid 1:11 htb rate 256kbit ceil 4Mbit prio 2
tc class add dev eth0 parent 1:10 classid 1:12 htb rate 256kbit ceil 512kbit prio 3
tc class add dev eth0 parent 1:20 classid 1:23 htb rate 60kbit ceil 64kbit prio 4
tc class add dev eth0 parent 1:30 classid 1:33 htb rate 60kbit ceil 64kbit prio 4
# Stochastic Fairness:
tc qdisc add dev eth0 parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev eth0 parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev eth0 parent 1:23 handle 23: sfq perturb 10
tc qdisc add dev eth0 parent 1:33 handle 33: sfq perturb 10
# High priority for interactive
tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip tos 0x10 0xff classid 1:11
# Next is ICMP
tc filter add dev eth0 parent 1: protocol ip prio 2 u32 match ip protocol 1 0xff flowid 1:11
# Put ACK packets in the interactive class:
tc filter add dev eth0 parent 1: protocol ip prio 3 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:11
# Filter on fw-marks
tc filter add dev eth0 parent 1: protocol ip prio 4 handle 11 fw classid 1:11
tc filter add dev eth0 parent 1: protocol ip prio 5 handle 14 fw classid 1:12
tc filter add dev eth0 parent 1: protocol ip prio 6 handle 23 fw classid 1:23
tc filter add dev eth0 parent 1: protocol ip prio 7 handle 33 fw classid 1:33
# filter on ip for phone
tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip dst 192.168.1.102 flowid 1:11
# Eth1 setup
tc qdisc add dev eth1 root handle 10: htb default 12
tc class add dev eth1 parent 10: classid 10:1 htb rate 95Mbit ceil 99Mbit
# Secondary classes -- Internet
tc class add dev eth1 parent 10:1 classid 10:11 htb rate 5Mbit ceil 6Mbit prio 1
tc class add dev eth1 parent 10:1 classid 10:12 htb rate 512kbit ceil 768kbit prio 2
tc class add dev eth1 parent 10:1 classid 10:13 htb rate 80Mbit ceil 85Mbit prio 2
tc class add dev eth1 parent 10:1 classid 10:14 htb rate 5Mbit ceil 7Mbit prio 2
# echo secondary 1
# Stochastic Fairness:
tc qdisc add dev eth1 parent 10:11 handle 11: sfq perturb 10
tc qdisc add dev eth1 parent 10:12 handle 12: sfq perturb 10
tc qdisc add dev eth1 parent 10:13 handle 13: sfq perturb 10
tc qdisc add dev eth1 parent 10:14 handle 14: sfq perturb 10
# echo sf 1
tc filter add dev eth1 parent 10: protocol ip prio 3 handle 1 fw classid 10:11
tc filter add dev eth1 parent 10: protocol ip prio 5 handle 21 fw classid 10:13
tc filter add dev eth1 parent 10: protocol ip prio 6 handle 31 fw classid 10:14
# TOS Minimum Delay (ssh, NOT scp)
tc filter add dev eth1 parent 10: protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 10:11
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev eth1 parent 10: protocol ip prio 2 u32 match ip protocol 1 0xff flowid 10:11
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev eth1 parent 10: protocol ip prio 4 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 10:11
#filter on ip for phone
tc filter add dev eth1 parent 10: protocol ip prio 1 u32 match ip src 192.168.1.102 flowid 1:11
# Eth2 setup
tc qdisc add dev eth2 root handle 20: htb default 12
tc class add dev eth2 parent 20: classid 20:1 htb rate 95Mbit ceil 99Mbit
# Secondary classes
tc class add dev eth2 parent 20:1 classid 20:11 htb rate 60kbit ceil 64kbit prio 1
tc class add dev eth2 parent 20:1 classid 20:12 htb rate 60kbit ceil 64kbit prio 2
tc class add dev eth2 parent 20:1 classid 20:13 htb rate 80Mbit ceil 85Mbit prio 2
tc class add dev eth2 parent 20:1 classid 20:14 htb rate 4Mbit ceil 5Mbit prio 2
# Stochastic Fairness:
tc qdisc add dev eth2 parent 20:11 handle 11: sfq perturb 10
tc qdisc add dev eth2 parent 20:12 handle 12: sfq perturb 10
tc qdisc add dev eth2 parent 20:13 handle 13: sfq perturb 10
tc qdisc add dev eth2 parent 20:14 handle 14: sfq perturb 10
tc filter add dev eth2 parent 20: protocol ip prio 3 handle 2 fw classid 20:13
tc filter add dev eth2 parent 20: protocol ip prio 3 handle 12 fw classid 20:13
tc filter add dev eth2 parent 20: protocol ip prio 4 handle 32 fw classid 20:14
# TOS Minimum Delay (ssh, NOT scp)
tc filter add dev eth2 parent 20: protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 20:11
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev eth2 parent 20: protocol ip prio 2 u32 match ip protocol 1 0xff flowid 20:11
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev eth2 parent 20: protocol ip prio 5 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 20:11
# Eth3 setup
tc qdisc add dev eth3 root handle 30: htb default 12
tc class add dev eth3 parent 30: classid 30:1 htb rate 9Mbit ceil 10Mbit
# Secondary classes
tc class add dev eth3 parent 30:1 classid 30:13 htb rate 4Mbit ceil 5Mbit prio 1
tc class add dev eth3 parent 30:1 classid 30:11 htb rate 64kbit ceil 128kbit prio 2
tc class add dev eth3 parent 30:1 classid 30:12 htb rate 64kbit ceil 128kbit prio 2
# Stochastic Fairness:
tc qdisc add dev eth3 parent 30:11 handle 11: sfq perturb 10
tc qdisc add dev eth3 parent 30:12 handle 12: sfq perturb 10
tc qdisc add dev eth3 parent 30:13 handle 13: sfq perturb 10
tc filter add dev eth3 parent 30: protocol ip prio 3 handle 13 fw classid 30:13
tc filter add dev eth3 parent 30: protocol ip prio 4 handle 22 fw classid 30:13
# TOS Minimum Delay (ssh, NOT scp)
tc filter add dev eth3 parent 30: protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 30:11
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev eth3 parent 30: protocol ip prio 2 u32 match ip protocol 1 0xff flowid 30:11
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev eth3 parent 30: protocol ip prio 5 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 30:11
More information about the fedora-list
mailing list