HTB, CBQ, shapecfg: howto prioritize network?

Artik · 06-10-2005, 06:59 AM

Hello,

I want to prioritize netwok connection... I've found there are lots of tools... but
Is there some simple way to do it... I mean there very powerful methods but I can't get into them after reading very long manuals... What and how to do...

I need following simple prioritization:

Lowest - aMule - I want give it lower priority
Low - ftpd - I want it to have low priority in network usage bu higher then aMule
normal - all the rest - web surfing, skype, etc...

Is there some simple strightforward instruction what to do.
I've fund different scripts like HTB - but it seems that I need customize them... but HOW-HOW -HOW.

Please help me... Give a lood link!!! Or maybe explain brifly what to do? What to install?

Thanks.

slacky · 06-10-2005, 09:13 AM

I'm still playing around with this myself so I could have some mistakes, but here's an snippet from a script I wrote that's a pretty simple way of doing HTB. Replace $TC with /sbin/tc or whereever your tc command is (from the iproute package) and replace $INTERFACE with your outbound network interface (eth1?). I'm pretty sure the 2.6 kernels included with Debian Sarge have the HTB and Netfilter Classify modules with them already.

The first section limits the bandwidth on the interface to 240kbps (I really have a 256kbps connection, but I want the Linux box to be the bottleneck). I then divide the 240kbps into three equal 80kbps classes 1:10, 1:20, & 1:30 - assigning them priorities (it gives priority to lower numbers first, so prio 0 is highest, prio is medium, and prio 3 is lowest) - but a lower priority can still use the full 240kbps if there is no higher priority traffic.

I then use Netfilter's Iptables Classify Target to sort traffic into the different priorities (you can do this with tc instead of iptables, but I'm familiar with iptables so this way was easier for me). Pretty much you can match ports & ip address with normal iptables & use the classify to make high priority by putting in class 1:10, low with class 1:30, etc. Note everything defaults to class 1:30 so everything is low priority except what I give higher priority to - you might want to change "default 30" to "default 10" so you default everything to highest priority.

You also might not need the "-m physdev --physdev-out $INTERFACE" section - I need because this is for a bridge, not a router. So you might want just:
iptables -t mangle -A POSTROUTING -p tcp --dport $AMULE_PORT -j CLASSIFY --set-class 1:30 or similar.

Hope that helps (or at least doesn't confuse you further ^_^),
Josh

Code:

                #set up traffic shaping
                echo "Starting Traffic Shaping..."
                $TC qdisc add dev $INTERFACE root handle 1: htb default 30
                $TC class add dev $INTERFACE parent 1: classid 1:1 htb rate 240kbit
                $TC class add dev $INTERFACE parent 1:1 classid 1:10 htb rate 80kbit ceil 240kbit prio 0 quantum 1514
                $TC class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 80kbit ceil 240kbit prio 1 quantum 1514
                $TC class add dev $INTERFACE parent 1:1 classid 1:30 htb rate 80kbit ceil 240kbit prio 2 quantum 1514
                $TC qdisc add dev $INTERFACE parent 1:10 handle 10: sfq perturb 10
                $TC qdisc add dev $INTERFACE parent 1:20 handle 20: sfq perturb 10
                $TC qdisc add dev $INTERFACE parent 1:30 handle 30: sfq perturb 10


                #set up netfilter to mark traffic
                echo "Starting Iptables Rules for Traffic Shaping..."
                IPTSHAPE="$IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out $INTERFACE"
                $IPTABLES -t mangle -F POSTROUTING
                $IPTABLES -t mangle -Z POSTROUTING

                #give traffic to these two servers first priority
                $IPTSHAPE -p tcp --destination 192.168.4.10 -j CLASSIFY --set-class 1:10
                $IPTSHAPE -p tcp --destination 192.168.4.12 -j CLASSIFY --set-class 1:10

                #give first priority to web server
                $IPTSHAPE -p tcp --destination 192.168.1.205 -j CLASSIFY --set-class 1:10

                #give any Lotus Notes traffic second priority
                $IPTSHAPE -p tcp --dport 1352 -j CLASSIFY --set-class 1:20

                #everything else defaults to last priority

Artik · 06-10-2005, 11:46 AM

Thanks a lot...

I've tryed but I have some problems - I have no effect on this. Trying upload - I still get 1.0-1.2kbps when I have 12 maximum

this is the script... maybe I've did something wrong:

Code:

#!/bin/bash
TC=tc
INTERFACE=eth0

# Cleaning previous settings
tc qdisc del dev eth0 root

#set up traffic shaping
echo "Starting Traffic Shaping..."

$TC qdisc add dev $INTERFACE root handle 1: htb default 10
$TC class add dev $INTERFACE parent 1: classid 1:1 htb rate 90kbit
$TC class add dev $INTERFACE parent 1:1 classid 1:10 htb rate 74kbit ceil 90kbit prio 0 quantum 1514
$TC class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 8kbit ceil 90kbit prio 1 quantum 1514
$TC class add dev $INTERFACE parent 1:1 classid 1:30 htb rate 8kbit ceil 20kbit prio 2 quantum 1514
$TC qdisc add dev $INTERFACE parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $INTERFACE parent 1:20 handle 20: sfq perturb 10
$TC qdisc add dev $INTERFACE parent 1:30 handle 30: sfq perturb 10

#set up netfilter to mark traffic
echo "Starting Iptables Rules for Traffic Shaping..."

#give traffic to these two servers lowest priority

iptables -t mangle -A POSTROUTING -p tcp --dport 4661 -j CLASSIFY --set-class 1:30
iptables -t mangle -A POSTROUTING -p tcp --dport 4662 -j CLASSIFY --set-class 1:30
iptables -t mangle -A POSTROUTING -p udp --dport 4672 -j CLASSIFY --set-class 1:30

#give 2nd priority to FTP server

iptables -t mangle -A POSTROUTING -p tcp --dport 21 -j CLASSIFY --set-class 1:20

#everything else defaults to last priority

slacky · 06-10-2005, 12:09 PM

Hi,

Have you run any of the following to see the various counters to make sure packets are going where they should be going?

tc -s -d qdisc show dev eth0
tc -s -d class show dev eth0
iptables -t mangle -L POSTROUTING -nv --line-numbers

Also, which are you testing - I know FTP is a special case & there's a netfilter ftp conntrack module just for it.

Josh