[ale] QoS Question
Dow Hurst
dhurst at kennesaw.edu
Mon Apr 26 13:04:00 EDT 2004
Chris,
I believe the ipchain rules come first so you protect the network before the
cbqinit script runs. I had setup a test firewall running ipchains and the
cbqinit script with a machine on each side of the firewall. None of the
testbed was hooked to the net. I just wanted to initiate long transfers to
watch the bandwidth and that worked out well for testing. I had a higher
bandwidth specified than yours but essentially was doing the same thing. You
can get into the advanced routing subjects where this type stuff crops up. I
found all this by searching google for advanced routing, iproute2, traffic
shaping, and so on.
Here is a good link for getting a start. But your already up!!! ;-)
http://lartc.org/howto/lartc.qdisc.classful.html#AEN939
Shorewall firewall has iproute2's HTB, Hierarchical Token Bucket filter,
traffic shaping built into it. Hope this helps,
Dow
Christopher Fowler wrote:
> Do I need to run cbq.init before or after my NAT rules? I'm not seeing
> any change and my cbq files look like this:
>
> [root at firewall cbq]# cat cbq-0002
> DEVICE=eth0,10Mbit,1Mbit
> RATE=7000bps
> WEIGHT=700bps
> PRIO=5
> RULE=192.168.1.6
> [root at firewall cbq]# cat cbq-0003
> DEVICE=eth1,10Mbit,1Mbit
> RATE=7000bps
> WEIGHT=70bps
> PRIO=5
> RULE=192.168.1.6,
> [root at firewall cbq]#
>
> I put the numbers real low so I can see from the outside if there was
> some throttling going on.
>
> I'm using kernel 2.4.25
>
> Here is status output:
> [root at firewall cbq]# cbq.init stats
> ### eth0: queueing disciplines
>
> qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit
> Sent 1967746 bytes 21306 pkts (dropped 0, overlimits 0)
> borrowed 0 overactions 0 avgidle 624 undertime 0
>
>
> ### eth0: traffic classes
>
> class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
> Sent 1967746 bytes 21306 pkts (dropped 0, overlimits 0)
> borrowed 0 overactions 0 avgidle 624 undertime 0
>
> ### eth0: filtering rules
>
> filter parent 1: protocol ip pref 100 u32
> filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht
> 800 bkt 0 flowid 1:2
> match c0a80106/ffffffff at 16
>
> ### eth1: queueing disciplines
>
> qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit
> Sent 988234 bytes 11360 pkts (dropped 0, overlimits 0)
> borrowed 0 overactions 0 avgidle 605 undertime 0
>
>
> ### eth1: traffic classes
>
> class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
> Sent 989306 bytes 11368 pkts (dropped 0, overlimits 0)
> borrowed 0 overactions 0 avgidle 605 undertime 0
>
> ### eth1: filtering rules
>
> filter parent 1: protocol ip pref 100 u32
> filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht
> 800 bkt 0 flowid 1:3
> match c0a80106/ffffffff at 12
>
>
> I originally tried it on another machine that I was using bridging on 2
> interfaces but bridging happens before ip filters.
>
> Here is my ifconfig output for my firewall.
>
> [root at firewall cbq]# ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 00:C0:26:63:61:10
> inet addr:66.23.198.2 Bcast:66.23.198.3 Mask:255.255.255.252
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:20078 errors:0 dropped:0 overruns:0 frame:0
> TX packets:25176 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:2481827 (2.3 Mb) TX bytes:2359557 (2.2 Mb)
> Interrupt:11 Base address:0xd000
>
> [root at firewall cbq]# ifconfig eth1
> eth1 Link encap:Ethernet HWaddr 00:E0:C5:BC:00:5A
> inet addr:192.168.1.254 Bcast:192.168.1.255
> Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:18957 errors:0 dropped:0 overruns:0 frame:0
> TX packets:15340 errors:0 dropped:0 overruns:0 carrier:0
> collisions:6 txqueuelen:100
> RX bytes:1456185 (1.3 Mb) TX bytes:1639726 (1.5 Mb)
> Interrupt:10 Base address:0xf000
>
> [root at firewall cbq]#
>
> What I like about this script is that there is a compile command. It
> outputs the commands it executes. This give me a chance to learn the
> commands.
>
> Thanks again,
> Chris
>
>
> On Sat, 2004-04-24 at 16:08, Dow Hurst wrote:
>
>>I was using the cbq script to do it on a whole interface.
>>
>>Here is the link to the script. It is pretty simple to work with and very
>>effective on an interface. It may do what you want depending on the queues
>>that are set up.
>>Dow
>>
>>http://sourceforge.net/projects/cbqinit
>>
>>
>>
>>
>>
>>
>>Christopher Fowler wrote:
>>
>>>Maybe someone knows how to do this. I have one machine on my network
>>>that I want to modify its upload speed. I have a 1.5/256 ADSL
>>>connection. On this one machine I would like to limit upload speeds
>>>to the equivalent of a 56k modem. I want download speeds to remain
>>>normal. I will implement the rule on my firewall. Does anyone know how
>>>to do this?
>>>
>>>Thanks,
>>>Chris
>>>
>>>_______________________________________________
>>>Ale mailing list
>>>Ale at ale.org
>>>http://www.ale.org/mailman/listinfo/ale
>>>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
--
__________________________________________________________
Dow Hurst Office: 770-499-3428 *
Systems Support Specialist Fax: 770-423-6744 *
1000 Chastain Rd. Bldg. 12 *
Chemistry Department SC428 Email: dhurst at kennesaw.edu *
Kennesaw State University Dow.Hurst at mindspring.com *
Kennesaw, GA 30144 *
************************************************************
This message (including any attachments) contains *
confidential information intended for a specific individual*
and purpose, and is protected by law. If you are not the *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it, *
is strictly prohibited. *
************************************************************
More information about the Ale
mailing list