| View previous topic :: View next topic |
| Author |
Message |
phajdan.jr
Retired Dev
Joined: 23 Mar 2006
Posts: 1777
Location: Poland
|
 Posted: Wed Jun 15, 2011 5:05 pm Post subject: fair traffic queuing for a small network router |
 |
|
I've set up the following qdiscs for a small network router (eth0 is the LAN interface, and eth1 is the WAN interface, 256kbit/s upload):
| Code: |
tc qdisc add dev eth0 root sfq perturb 10
tc qdisc add dev eth1 root tbf rate 256kbit latency 50ms burst 1540
|
My goal is to prevent bandwidth monopolization by one user uploading or downloading a large file. I don't want to explicitly set different priorities for some protocols, and the general idea is to keep it simple.
Does the above script look correct? What would you change in it? Do you know some tricks that could help here?
_________________
http://phajdan-jr.blogspot.com/ |
|
| Back to top |
|
 |
PaulBredbury
Watchman
Joined: 14 Jul 2005
Posts: 7310
|
| Posted: Wed Jun 15, 2011 5:53 pm Post subject: |
|
|
Edit: Oops, duplicate post 
Last edited by PaulBredbury on Sat Oct 15, 2011 10:28 am; edited 1 time in total |
|
| Back to top |
|
|
PaulBredbury
Watchman
Joined: 14 Jul 2005
Posts: 7310
|
| Posted: Wed Jun 15, 2011 6:11 pm Post subject: |
|
|
Setting up rules to prioritize e.g. ACK packages can make all the difference to responsiveness, when e.g. trying to use SSH while uploading a large file. Here's a snippet that I use:
| Code: | # Flush existing rules
iptables -F -t mangle
for iface in eth0 ppp0 wlan0 ; do
if [[ -e /sys/class/net/$iface ]] ; then
MAX=800
if [[ $iface == ppp0 ]] ; then MAX=33 ; fi
if [[ $iface == wlan0 ]] ; then MAX=5000 ; fi
tc qdisc del dev $iface root 2>/dev/null
tc qdisc add dev $iface root handle 1: htb default 40
tc class add dev $iface parent 1: classid 1:1 htb rate ${MAX}kbit
for i in 1 2 3 4 ; do
tc class add dev $iface parent 1:1 classid 1:$[$i*10] htb rate $[$MAX/4]kbit ceil ${MAX}kbit prio $[$i-1]
tc qdisc add dev $iface parent 1:$[$i*10] handle $[$i*10]: sfq perturb 10
iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL ACK -m length --length 0:128 -j CLASSIFY --set-class 1:$[$i*10]
done
# time-critical traffic
CLA=10
iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL FIN,ACK -j CLASSIFY --set-class 1:$CLA
iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL SYN,ACK -j CLASSIFY --set-class 1:$CLA
iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL RST,ACK -j CLASSIFY --set-class 1:$CLA
iptables -t mangle -A POSTROUTING -o $iface -p tcp --tcp-flags ALL RST -j CLASSIFY --set-class 1:$CLA
iptables -t mangle -A POSTROUTING -o $iface -p tcp --syn -j CLASSIFY --set-class 1:$CLA
iptables -t mangle -A POSTROUTING -o $iface -p udp -j CLASSIFY --set-class 1:$CLA
# critical traffic
#CLA=20
#iptables -t mangle -A POSTROUTING -o $iface -p ipv6 -j CLASSIFY --set-class 1:$CLA
# high-priority interactive traffic
CLA=20
# 2152 is my SSH port
iptables -t mangle -A POSTROUTING -o $iface -p tcp -m multiport --dport 22,123,53,2152 -j CLASSIFY --set-class 1:$CLA
iptables -t mangle -A POSTROUTING -o $iface -p tcp -m multiport --sport 22,123,53,2152 -j CLASSIFY --set-class 1:$CLA
# low-priority interactive traffic
CLA=30
iptables -t mangle -A POSTROUTING -o $iface -p tcp -m multiport --dport 80,443,25,110,5222,20,21,194 -j CLASSIFY --set-class 1:$CLA
iptables -t mangle -A POSTROUTING -o $iface -p tcp -m multiport --sport 80,443,25,110,5222,20,21,194 -j CLASSIFY --set-class 1:$CLA
# non-critical traffic
CLA=40
iptables -t mangle -A POSTROUTING -o $iface -p icmp -j CLASSIFY --set-class 1:$CLA
fi
done |
I don't use ipv6, so that line is commented out, and of course I've used a different number for my custom SSH port 
Edit: See discussion for my better version. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
