Home Page

23/11/2001 : This page is not valid. Plz go to docum.org 

 

 

 

  • Introduction

    • You can do traffic shaping with the linux kernel. It's very important that you understand that you can only shape the outgoing bandwidth.

  • Hierarchical tree

    •  If you want to shape the traffic, you have to imagine yourself a tree. The trunk represents the maximale bandwidth you can get on the link. Each branch uses a part of the available bandwidth of it's parent and is called a class. Traffic that flows in a class, is tied to this class. When two classes contains traffic and they come together, they are considered as a single stream for the remaining of the tree.

  • Example 1

    •

    So we have three branches. Branche 1 gets 50% and branche 2 and 3 gets 25%. When there is enough traffic in the three classes, they will fairly divide the traffic : 50% -25% - 25%.

    When there is no traffic in class 1, class 2 and 3 will get each 50% of the available bandwidth. When there is no traffic in class 2, class 1 will get 66% ( 50/(50+25) ) of the available bandwidth and class 3 33%.

    You can also say that class 2 and 3 gets allways 25% of the available bandwith.

  • Example 2

    • This is a similar setup, but with more branches :
    Traffic in all classes : class 11 and 12 gets 50%, class 2 gets 25%
    Traffic in class 11 and 2: class 11 gets 75% and class 2 gets 25%
    Traffic in class 11 and 12: class 11 gets 50% and class 12 gets 50%

    You can also say that class 2 gets mimimum 25% of the available bandwidth while the rest is shared by class 11 and class 12.

  • Filter

    • Of course you have to put the traffic in a certain class. For each possible traffic flow you want to put in a class, you create a filter that put the traffic directly in the end-class.

  • Minimum bandwidth

    •  You can give a class a minimum bandwidth by making two classes. One for the class with the mimimum bandwidth and an other class for the rest. The second example is an example for this. Class 2 will gets a minimum bandwidth of 25%.

  • Elements in the script

    •

  • Deleting previous settings

    •  
    tc qdisc del dev eth0 root

    We have to be sure there are no remaining settings. That's why we delete everything.

  • Creating root qdisc

    • tc qdisc add dev eth0 root handle 10: cbq bandwidth 10mbit avpkt 1000

    The root qdisc is attached directly to the NIC. This qdisc contains all traffic. We have to create this qdisc so we can attach all the classes to it.

    The option bandwidth we have to provide, has nothing to do with the link bandwidth. This option is used for the internal sharing algorithm and you need to provide the NIC bandwidth. This is usually 10 or 100 mbit.

    Handle 10: gives the root qdisc the number 10. You have to provide this so you can specify this root qdisc in the commands. The other options are just needed.

  • Specifing Link Bandwidth

    • tc class add dev eth0 parent 10: classid 10:1 cbq bandwidth 10mbit rate 128kbit allot 1514 maxburst 20 avpkt 1000 bounded prio 3

    This is the first class we create. For each class, you have to specify the parent. This is the number of the class or qdisc where it's attached to. Each class het his own number and this is specified with the classid option. Remark that the first part of this number is allways the same.

    The rate we give to the class, is the bandwidth that this class may get. Of course, it will have to share this bandwidth with the other classes.

    The bounded option is used to tell the class it may not get more than it's rate. We use this option so this class is bounded to the link bandwidth.

    The bandwidth is the bandwidth of the NIC and is in each command the same. Allot, maxburst, avpkt and prio are options we give and we don't change.

  • Specifing other classes

    • You can create as much classes as you want. You have to know the parent and the bandwidth these classes may get. You can specify the bounded option to bound all the traffic that flows in this is class to the rate of the class.

  • Putting traffic in a class

    •  
    tc filter add dev eth0 parent 10: protocol ip prio 100 u32 match ip dst 192.168.1.254 match ip dport 2001 0xffff flowid 10:2

    You can use the ip-address and the port of the source and the destination of the traffic. You attach the qdisc to the root qdisc with the parent option and you specify the desination class with the flowid option.

    You can use as many matches as you want. You can also use as many filters as you want to put the traffic in the classes. First filter that match the traffic will be used.

  • PRIO qdisc

    • To give one class more prioriy as an other class, we can use the prio qdisc. This is qdisc with three builtin classess. These classes are sended after each other. First will everything be sended from class 1, then everything from class 2 and then everything from class3.

    When you use these extra qdisc, you need also some extra filters. You have to attach a set of filters to each qdisc to put the traffic in the right classes.

  • Example

    • Let's say I have a 1024 kbit (up and down) internet connection and I want to shape the INCOMING traffic. I put a Linux box between the internet connection and the LAN with 2 NIC's. Eth1 is connected to the internet and eth0 is connected to the LAN.

    The BigBoss want to surf and want to have a minimum bandwidth of 128 kbit/s. Also a lot of people use ssh to login to our remote office so I want to give ssh a bigger priority. People that ftp large files may not consume our internet link. I also have a list of illegal sites. I don't want to block them, but they may have only a limited bandwidth of 64 kbit/s.

    We have our web-, ftp- and mail-server hosted locally. I don't want that our mail-server use all available bandwidth. So mail has the lowest priority. Our web and ftp-server needs to have a minimum bandwidth of 50%.

  • eth0 : LAN

    • CBQ qdisc
BigBoss : 128 kbit/s (12,5%)
REST
	PRIO qdisc
	band 1 : SSH
	band 2 : REST CBQ qdisc
		Illegal sites : 64 kbit/s (6%) BOUNDED
		WEB & FTP server : 512 kbit/s (50%)
			WEB server : 256 kbit/s (25%)
			FTP server : 256 kbit/s (25%)
		HTTP : 160 kbit/s (16%)
		FTP : 160 kbit/s (16%)
	band 3 : MAIL server

  • Script

    •  
    #!/bin/sh -v
BB="10.10.10.254" # BigBoss
ILLEGAL="1.2.3.4"
MAIL="10.10.10.1"
 WEB="10.10.10.2"
 FTP="10.10.10.3"

OPTIONS="bandwidth 10mbit allot 1514 maxburst 20 avpkt 1000 prio 3"

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 10: cbq bandwidth 10mbit avpkt 1000
tc class add dev eth0 parent 10: classid 10:1 cbq bandwidth 10mbit rate 1024kbit allot 1514 maxburst 20 avpkt 1000 bounded prio 3
tc class add dev eth0 parent 10:1 classid 10:10 cbq rate 128kbit $OPTIONS
tc class add dev eth0 parent 10:1 classid 10:20 cbq rate 896kbit $OPTIONS

tc qdisc add dev eth0 parent 10:20 handle 20: prio 

tc qdisc add dev eth0 parent 20:2 handle 200: cbq bandwidth 10mbit allot 1514 avpkt 1000
tc class add dev eth0 parent 200:2 classid 200:1 cbq rate 64kbit bounded $OPTIONS # Illegal sites
tc class add dev eth0 parent 200:2 classid 200:2 cbq rate 256kbit $OPTIONS # WEB and FTP-server
tc class add dev eth0 parent 200:2 classid 200:21 cbq rate 128kbit $OPTIONS # WEB-server
tc class add dev eth0 parent 200:2 classid 200:22 cbq rate 128kbit $OPTIONS # FTP-server
tc class add dev eth0 parent 200:2 classid 200:3 cbq rate 160kbit $OPTIONS # HTTP
tc class add dev eth0 parent 200:2 classid 200:4 cbq rate 160kbit $OPTIONS # FTP

tc filter add dev eth0 parent 10: protocol ip prio 100 u32 match ip dst $BB flowid 10:10
tc filter add dev eth0 parent 10: protocol ip prio 100 u32 match ip src 0.0.0.0/32  flowid 10:20

tc filter add dev eth0 parent 20: protocol ip prio 100 u32 match ip dport 22 0xffff flowid 20:1
tc filter add dev eth0 parent 20: protocol ip prio 100 u32 match ip dst $MAIL flowid 20:3

tc filter add dev eth0 parent 20: protocol ip prio 100 u32 match ip src 0.0.0.0/32  flowid 20:2
tc filter add dev eth0 parent 200: protocol ip prio 100 u32 match ip src $ILLEGAL flowid 200:1
tc filter add dev eth0 parent 200: protocol ip prio 100 u32 match ip dst $WEB flowid 200:21
tc filter add dev eth0 parent 200: protocol ip prio 100 u32 match ip dst $FTP flowid 200:22
tc filter add dev eth0 parent 200: protocol ip prio 100 u32 match ip sport 80 0xffff flowid 200:3
tc filter add dev eth0 parent 200: protocol ip prio 100 u32 match ip src 0.0.0.0/32 flowid 200:4