[LARTC] Classful queues

[Jonathan Gazeley]

Dear all,

I am trying to set up multi-user traffic control. In short, I want each 
user to be hard limited to 128kbit download and 64kbit upload. On top of 
that, I want interactive traffic (ICMP, ACK packets, SSH, etc) to be 
prioritised to minimise latency. It sounds like it ought to be done with 
a classful qdisc but I don't really know what I'm doing. I think I want 
something like the following:

root class
  |
 + 192.168.0.1 class
  |   + priority 0: SSH, ICMP, ACK, etc
  |   + priority 1: all other traffic
  |
 + 192.168.0.2 class
      + etc

I'm not sure if it's good to have ~250 classes for the IP addresses, and 
sub classes within those for the different priorities, or if all the 
traffic should be rate-limited by IP first, and then sorted into a 
handful of shared classes, to be dequeued.

I have taken advice from this list for the past couple of weeks and I 
have a semi functional script now. However the latency suddenly jumps to 
 >4000ms as soon as the user starts downloading. Also my script uses 
police rate to limit upload speed - but this is not particularly 
effective and also not really required, as the box is able to shape 
traffic in both directions. It is also a NAT box.

Related, not but strictly to do with tc, is there any way of concisely 
and effectively logging connections between NATd users and external IPs? 
I need to be able to maintain a log which tells me that a certain user 
was connected to a certain remote host on port 1234 at a certain time 
and date, for legal reasons.

I realise this is a bit of a mammoth request, but I hope someone can 
help me.

Many thanks in advance,
Jonathan

------------------------
Jonathan Gazeley
ResNet | Wireless & VPN Team
Information Systems & Computing
University of Bristol
------------------------