[LARTC] Newbie STILL trying to limit bandwidth - is this script wrong?
Jason Boxman
jasonb@edseek.com
Mon, 24 May 2004 19:07:35 -0400
On Monday 24 May 2004 18:37, George Adams wrote:
> My previous message
> (http://mailman.ds9a.nl/pipermail/lartc/2004q2/012285.html) didn't generate
> any replies, so I thought I'd try posting what I've done trying to solve my
> own problem, in hopes that someone will take pity and show me if/where I'm
> going wrong.
>
> Just to recap, I'm trying to accomplish this on my server, which streams
> RealAudio files and allows HTTP downloads of large files.
>
> 1) SSH connections (port 22) (i.e. me connecting remotely) should get all
> the bandwidth they can consume (highest priority).
>
> 2) RealAudio streaming clients (port 554) should get all the bandwidth left
> after #1 that they can consume.
>
> 3) Web downloaders (port 80) should get all the bandwidth left after #1 and
> #2 that they can consume (lowest priority).
>
> I've tried adapting an existing tcng script into this:
I had little success using TCNG, although it was a nice tool to use and the
ruleset is easy and straight forward.
I am having considerable, nearly out-of-the-box success using IPTables with
the CLASSIFY extension (for 2.4 and 2.6) and a few raw `tc` commands to
create the actual shaping classes.
<snip>
> class ( <$ssh> ) if tcp_sport == 22 ;
> class ( <$audio> ) if tcp_sport == 554 || tcp_sport == 7070 ;
> class ( <$web> ) if tcp_sport == 80 ;
> class ( <$other> ) if 1 ;
^^^^^^^^^^^^^
You grab those with IPTables and CLASSIFY, or if you really must, you can just
use the MARK target and some extra `tc` filters to catch those marks.
> htb () {
> class ( rate 600kbps, ceil 600kbps ) {
> $ssh = class ( rate 64kbps, ceil 128kbps ) { sfq; } ;
> $audio = class ( rate 128kbps, ceil 128kbps ) { sfq; } ;
> $web = class ( rate 256kbps, ceil 512kbps ) { sfq; } ;
> $other = class ( rate 128kbps, ceil 384kbps ) { sfq; } ;
> }
> }
Not too bad:
tc qdisc add dev eth0 root handle 1: htb default 90
tc class add dev eth0 parent 1: classid 1:1 htb rate 600kbit ceil 600kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit
...
tc class add dev eth0 parent 1:1 classid 1:90 htb rate 8kbit ceil 64kbit
SFQ for each:
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 20
...
tc qdisc add dev eth0 parent 1:90 handle 90: sfq perturb 20
Replace 'eth0' with your actual Internet facing interface.
<snip tcc output>
> I've tried loading them into tc, but I'm not really sure if it's working or
> not. The only way I could think to test it was to get a friend (in another
> state) to trying download 3 files via HTTP, which would normally cause my
> SSH sessions to slow to a crawl. The 3 downloads started, and it still
> seemed like the latency in my SSH sessions was high (i.e. it didn't appear
> that they had any priority over the HTTP downloads).
SSH is a lot of fun, and it doesn't flag things like tunnels or `scp` with the
TOS flags that it should, so bear in mind without tweaks you will suffer if
you perform any of those activities while using any SSH terminal sessions.
Here's a rule to match all outbound packets trying to hit port 80 (i.e. HTTP
requests by me to external sites):
$IPTABLES -t mangle -A POSTROUTING -o $LOCALIF -p tcp --dport 80 \
-j CLASSIFY --set-class 1:20
Classify simply assigns it to the correct class, which will be whatever you
define. I believe it only works in the POSTROUTING chain, however.
> So am I totally on the wrong track here? Or am I on the right track but
> just needing some tweaks to my script?
>
> Thanks to anyone who can help - I need it!
Enjoy.
--
Jason Boxman
Perl Programmer / *NIX Systems Administrator
Shimberg Center for Affordable Housing | University of Florida
http://edseek.com/ - Linux and FOSS stuff