Differences between version 10 and revision by previous author of TrafficShaping.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 10 | Last edited on Sunday, September 14, 2003 4:59:00 pm | by CraigBox | Revert |
| Older page: | version 1 | Last edited on Saturday, November 23, 2002 1:48:02 pm | by PerryLorier | Revert |
@@ -1,7 +1,7 @@
This is my first attempt and writing something up about traffic shaping. I don't really understand much how this works, but I'm going to document a bit in the hope that people can improve it.
-This is a script I use to throttle one machine down to half our ADSL rate. This machine is used for downloading large files (for example .iso's of the latest LinuxDistribution
), but we don't want it impacting the rest of our machines. This example was stolen from the Advanced Router HOWTO, and cleaned up a bit by me.
+This is a script I use to throttle one machine down to half our ADSL rate. This machine is used for downloading large files (for example .iso's of the latest [Linux] [Distribution]
), but we don't want it impacting the rest of our machines. This example was stolen from the Advanced Router HOWTO, and cleaned up a bit by me.
You run this script on your gateway rate limiting data to your internal client machine(s).
#!/bin/sh
@@ -23,9 +23,9 @@
# Where the tc executable is.
TC=/sbin/tc
- if [ ! -x $TC ]; then
+ if [
[ ! -x $TC ]; then
echo Cant find $TC, aborting
exit 1
fi
@@ -68,4 +68,116 @@
$TC qdisc add dev $DEV parent 1:1 sfq perturb 10
Hopefully this is enough to get people started, please, if you know anything more add it to this page. I found the advanced router howto very oblique in it's information.
+
+----
+Some points to remember:
+!!Outgoing interface
+You the interface you use must be your *outgoing* interface, not your *incoming* interface. Getting this confused will cause this to be of no use.
+
+!!Tag data in the right direction
+I use "dst $IP" for 'traffic destined to $IP', if you want traffic *from* an IP use 'src $IP' instead.
+
+
+
+
+----
+After a bit of fiddling I've managed to get TrafficShaping working on a per protocol (read port) basis
+
+as per below
+
+I wanted to limit my personal machine at work to only use 5kbps of bandwidth but ran into the quandry that
+my machine also runs nagios for monitoring.
+
+I started with the above but found that when the 5kbps limit was reached, all the nagios ping tests
+started to go critical because of the latency introduced, so we needed to differentiate between different
+ports and protocols
+
+so I ended up with this script
+
+ #!/bin/sh
+
+ DEV=eth0
+
+ IP=203.97.10.61
+
+ LINERATE=2mbit
+
+ THROTTLERATE=5kbps
+ ICMPRATE=40kbps
+ HTTP=80
+
+ # Where the tc executable is.
+ TC=/sbin/tc
+
+ if ! test -x $TC; then
+ echo Cant find $TC, aborting
+ exit 1
+ fi
+
+ $TC qdisc del dev $DEV root
+
+ $TC qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth $LINERATE
+
+ $TC class add dev $DEV parent 1: classid 1:1 cbq rate $THROTTLERATE \
+ allot 1500 prio 5 bounded isolated
+ $TC class add dev $DEV parent 1: classid 1:2 cbq rate $ICMPRATE \
+ allot 1500 prio 5 bounded isolated
+
+ # Filter ICMP traffic to class 1:2
+ $TC filter add dev $DEV parent 1: protocol ip prio 16 u32 \
+ match ip src $IP match ip protocol 1 0xFF flowid 1:2
+ # Filter port 80 (tcp and udp) to class 1:1
+ $TC filter add dev $DEV parent 1: protocol ip prio 16 u32 \
+ match ip src $IP match ip sport $HTTP 0xFFFF flowid 1:1
+
+
+ $TC qdisc add dev $DEV parent 1:1 sfq perturb 60
+
+ #Display Traffic Shaping details
+ echo "---- qdisc parameters Ingress ----------"
+ $TC qdisc ls dev $DEV
+ echo "---- Class parameters Ingress ----------"
+ $TC class ls dev $DEV
+ echo "---- filter parameters Ingress ----------"
+ $TC filter ls dev $DEV
+
+''note that sport and protocols require 2 operands, the port/protocol number and a mask''
+
+
+----
+
+[Ingress] shaping
+
+It is possible to perform ingress shaping using a similar process. Your version of tc has to have ingress support compiled in - it appears that some RedHat versions may not have this.
+
+The following script will limit traffic from source port 80 (ie, the return-path from a web connection) to 100kbit. It applies these rules on ppp0, which is my external interface.
+
+ #!/bin/sh
+
+ TC=/sbin/tc
+ IPTABLES=/sbin/iptables
+
+ DEV=ppp0
+
+ MAXRATE=128kbit
+ THROTTLE=100kbit
+ BURST=5000
+ MTU=1492
+
+ # Mark traffic with a source port of 80 with the mark 1
+ $IPTABLES -A PREROUTING -i $DEV -t mangle -p tcp --sport 80 -j MARK --set-mark 1
+
+ # Delete the old ingres rule
+ $TC qdisc del dev $DEV ingress
+
+ # then add the queuing discipline
+ $TC qdisc add dev $DEV handle FFFF: ingress
+ # apply the actual filter.
+ $TC filter add dev $DEV parent ffff: protocol ip prio 50 handle 1 fw \
+ police rate $THROTTLE burst $BURST mtu $MTU drop flowid :1
+
+
+If I look at the output of wget, its reasonably good at limiting a port 80 download to 10 - 12k/second, which is about right for what we asked. If i look at my ppp0 usage meter in gkrellm, it seems to be using more bandwidth than it should - spends a lot of time at 16 or 17 K/s incoming. Running iptraf on ppp0, in detailed statistics mode, shows that my incoming rate seems to be about 100kbit/sec, although it tends to be a bit higher than this normally. I also tested, and verified, that traffic not caught by the above script - eg, FTP traffic, still obtained full rate
+
+In comparison with a by-port filter such as the one prior to the ingress script, I see a high level of fluctuation in the download rate, in all three test cases. Whether this is to do with some misconfiguration on my part I dont know
