[Linux-Discussion] ultimate linux box cont. shaping (long post)

• From: "Curt Binder" <binder@xxxxxxxxxxxxxx>
• To: linux-discussion@xxxxxxxxxxxxx
• Date: Wed, 9 Jul 2003 14:05:37 -0500 (EST)

Since I didn't go into detail about traffic shaping in my last post, I'm
gonna add it now. ( since it's been requested :)  )

This script is what I used when I had a 512K up / 512K down connection.
It worked BEAUTIFULLY for me.  I'm gonna make comments throughout the
script and have them in bash style so you can just copy/paste this script
and go (make sure it's executable too :) ).

Hopefully this will help all of you out with shaping your networks (or
datacenters).

Curt

--Start Script--
#!/bin/bash

# up|down|status
# Set the following values to somewhat less than your actual
# download & uplink speed.  (in kilobits)
# dev is the WAN interface we are shaping the traffic on
DOWNLINK=500
UPLINK=500
DEV=eth1

shape_status() {
  tc -s qdisc ls dev $DEV
  tc -s class ls dev $DEV
}

shape_cleanup() {
  # clean existing down- & uplink qdiscs, hide errors
  tc qdisc del dev $DEV root 2> /dev/null > /dev/null
  tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
}

shape_uplink() {
  #### uplink stuff
  #  from what I've read, the higher priority gets processed last
  #  the weight is just a 'proportion'...  so the combined weight
  #  adds up to 1.  I don't quite fully understand it though.
  #  the docs say that it's 'common' to have it be rate/10
  ############
  # root CBQ #
  ############
  tc qdisc add dev $DEV root handle 1:0 cbq bandwidth 10mbit avpkt 1000 \
    cell 8

  ###################################################
  # child class                                     #
  # add the 1:1 child & limit it to my uplink speed #
  ###################################################
  # bounded means that the bandwidth available can't be greater than the
  # bandwidth specified
  tc class add dev $DEV parent 1:0 classid 1:1 cbq bandwidth 10Mbit \
    rate ${UPLINK}kbit weight $[$UPLINK/10]kbit allot 1514 prio 8 \
    cell 8 maxburst 20 avpkt 1000 bounded

  ###############
  # leafs       #
  ###############
  # high priority class / interactive services
  tc class add dev $DEV parent 1:1 classid 1:3 cbq rate ${UPLINK}kbit \
    bandwidth 10Mbit weight $[$UPLINK/10]kbit allot 1514 prio 5 \
    avpkt 1000 cell 8 maxburst 20

  # ut
  # only give ut 128kbit
  tc class add dev $DEV parent 1:1 classid 1:4 cbq rate 128kbit \
    bandwidth 10Mbit weight $[128/10]kbit allot 1514 prio 5 \
    avpkt 1000 cell 8 maxburst 20 bounded

  # bulk & default class 1:10 - gets slightly less traffic,
  #  bound to only use the bandwith given by rate
  tc class add dev $DEV parent 1:1 classid 1:10 cbq rate
$[8*$UPLINK/10]kbit \
    bandwidth 10Mbit weight $[8*$UPLINK/10/10]kbit allot 1514 prio 3 \
    avpkt 1000 cell 8 maxburst 20 bounded

  # class 1:15, used for web & ftp to limit my brothers friends from #
hogging all my bandwidth with their movies
  tc class add dev $DEV parent 1:1 classid 1:15 cbq rate
$[2*$UPLINK/10]kbit \
    bandwidth 10Mbit weight $[2*$UPLINK/10/10]kbit allot 1514 prio 3 \
    avpkt 1000 cell 8 maxburst 20 bounded

  # add the qdiscs
  tc qdisc add dev $DEV parent 1:3 handle 30: sfq perturb 10
  tc qdisc add dev $DEV parent 1:4 handle 40: sfq perturb 10
  tc qdisc add dev $DEV parent 1:10 handle 100: sfq perturb 10
  tc qdisc add dev $DEV parent 1:15 handle 150: sfq perturb 10

  #################
  # start filters #
  #################
  # to speed up downloads while an upload is going on, put ACK packets #
in the interactive class
  tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
    match ip protocol 6 0xff \
    match u8 0x05 0x0f at 0 \
    match u16 0x0000 0xffc0 at 2 \
    match u8 0x10 0xff at 33 \
    flowid 1:3

  # TOS minimum delay & ssh  in 1:3 interactive class:
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip dport 22 0xffff flowid 1:3
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip tos 0x10 0xff flowid 1:3

  ## instead of having all these rules/filters
  ## why not mark the UT packets with iptables and then
  ## filter on the mark, should be easier and less filters
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip sport 7777 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip dport 7777 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip sport 7778 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip dport 7778 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip sport 7779 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip dport 7779 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip sport 7780 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip dport 7780 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip sport 7781 0xffff flowid 1:4
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 17 0xff match ip dport 7781 0xffff flowid 1:4

  # web stuff & ftp stuff to keep bandwidth usage down
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip sport 80 0xffff flowid 1:15
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip sport 21 0xffff flowid 1:15
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip sport 20 0xffff flowid 1:15

  # ICMP (ip protocol 1)
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip protocol 1 0xff flowid 1:3

  # rest is 'non-interactive' ie 'bulk' and ends up in 1:10
  tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
    match ip dst 0.0.0.0/0 flowid 1:10
}

shape_downlink() {
  #### downlink
  # attach ingress policer:
  tc qdisc add dev $DEV handle ffff: ingress

  # BULK TRAFFIC
  # the ingress filter doesn't need hardly any filters except for the #
main one to 'police' the traffic to 90% of my incoming bandwidth #
otherwise drop the packets
  tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src
\
    0.0.0.0/0 police rate $[9*$DOWNLINK/10]kbit burst 10k drop flowid :1
}

case "$1" in
  'up')
    shape_cleanup
    shape_uplink
    #shape_downlink
  ;;
  'down')
    shape_cleanup
  ;;
  'status')
    shape_status
  ;;
  'reload')
    shape_cleanup
    shape_uplink
    shape_downlink
  ;;
  *)
    echo "usage $0 up|down|status"
  ;;
esac

--End Script--

-- 
# Curt Binder <binder@xxxxxxxxxxxxxx>
# ICQ: 3132781  AOL: cbinder69
# http://gotpenguin.com/
# http://www.mailandfiles.com/

Other related posts:

• » [Linux-Discussion] ultimate linux box cont. shaping (long post)

1. Home
2. linux-discussion
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---