Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
fair traffic queuing for a small network router
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
phajdan.jr
Retired Dev
Retired Dev


Joined: 23 Mar 2006
Posts: 1777
Location: Poland

PostPosted: Wed Jun 15, 2011 5:05 pm    Post subject: fair traffic queuing for a small network router Reply with quote

I've set up the following qdiscs for a small network router (eth0 is the LAN interface, and eth1 is the WAN interface, 256kbit/s upload):

Code:

tc qdisc add dev eth0 root sfq perturb 10                                                                                                                       
tc qdisc add dev eth1 root tbf rate 256kbit latency 50ms burst 1540


My goal is to prevent bandwidth monopolization by one user uploading or downloading a large file. I don't want to explicitly set different priorities for some protocols, and the general idea is to keep it simple.

Does the above script look correct? What would you change in it? Do you know some tricks that could help here?
_________________
http://phajdan-jr.blogspot.com/
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Wed Jun 15, 2011 5:53 pm    Post subject: Reply with quote

Edit: Oops, duplicate post :oops:

Last edited by PaulBredbury on Sat Oct 15, 2011 10:28 am; edited 1 time in total
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Wed Jun 15, 2011 6:11 pm    Post subject: Reply with quote

Setting up rules to prioritize e.g. ACK packages can make all the difference to responsiveness, when e.g. trying to use SSH while uploading a large file. Here's a snippet that I use:
Code:
   # Flush existing rules
   iptables -F -t mangle

   for iface in eth0 ppp0 wlan0 ; do
      if [[ -e /sys/class/net/$iface ]] ; then
         MAX=800
         if [[ $iface == ppp0 ]] ; then MAX=33 ; fi
         if [[ $iface == wlan0 ]] ; then MAX=5000 ; fi

         tc qdisc del dev $iface root 2>/dev/null
         tc qdisc add dev $iface root handle 1: htb default 40
         tc class add dev $iface parent 1: classid 1:1 htb rate ${MAX}kbit

         for i in 1 2 3 4 ; do
            tc class add dev $iface parent 1:1 classid 1:$[$i*10] htb rate $[$MAX/4]kbit ceil ${MAX}kbit prio $[$i-1]
            tc qdisc add dev $iface parent 1:$[$i*10] handle $[$i*10]: sfq perturb 10
            iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL ACK -m length --length 0:128 -j CLASSIFY --set-class 1:$[$i*10]
         done

         # time-critical traffic
         CLA=10
         iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL FIN,ACK -j CLASSIFY --set-class 1:$CLA
         iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL SYN,ACK -j CLASSIFY --set-class 1:$CLA
         iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL RST,ACK -j CLASSIFY --set-class 1:$CLA
         iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL RST -j CLASSIFY --set-class 1:$CLA
         iptables -t mangle -A POSTROUTING -o $iface -p tcp --syn -j CLASSIFY --set-class 1:$CLA
         iptables -t mangle -A POSTROUTING -o $iface -p udp -j CLASSIFY --set-class 1:$CLA

         # critical traffic
         #CLA=20
         #iptables -t mangle -A POSTROUTING -o $iface -p ipv6 -j CLASSIFY --set-class 1:$CLA

         # high-priority interactive traffic
         CLA=20
         # 2152 is my SSH port
         iptables -t mangle -A POSTROUTING -o $iface -p tcp -m multiport --dport 22,123,53,2152 -j CLASSIFY --set-class 1:$CLA
         iptables -t mangle -A POSTROUTING -o $iface -p tcp -m multiport --sport 22,123,53,2152 -j CLASSIFY --set-class 1:$CLA


         # low-priority interactive traffic
         CLA=30
         iptables -t mangle -A POSTROUTING -o $iface -p tcp -m multiport --dport 80,443,25,110,5222,20,21,194 -j CLASSIFY --set-class 1:$CLA
         iptables -t mangle -A POSTROUTING -o $iface -p tcp -m multiport --sport 80,443,25,110,5222,20,21,194 -j CLASSIFY --set-class 1:$CLA

         # non-critical traffic
         CLA=40
         iptables -t mangle -A POSTROUTING -o $iface -p icmp -j CLASSIFY --set-class 1:$CLA
      fi
   done

I don't use ipv6, so that line is commented out, and of course I've used a different number for my custom SSH port ;)

Edit: See discussion for my better version.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum