LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) (http://www.linuxquestions.org/questions/linux-networking-3/traffic-shaping-limiting-outgoing-bandwidth-of-all-tcp-traffic-except-ftp-http-385639/)

ffkodd 11-22-2005 06:29 PM

Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP)
 
Hi!

I'd like to be able to limit the outgoing speed on my computer.

I'd like all traffic that's NOT tcp port 20,21,80,443 to be slowed down as much as possible.

I've spent ~8 hours figuring out "tc" (I've been reading most of the LARTC-faq) but still have some problems.

I'm able to limit ALL outgoing traffic to my desired bandwidth when I use the following command:
______________________________________________________

tc qdisc add dev eth1 root tbf rate 256kbit latency 50ms burst 1540
______________________________________________________

but this isn't quite what I want as this also blocks my outgoing ftp-/http-speed.




I've tried to use other approaces (htb) but that in turn seemed to limit my download-speed
to something bizarre (it was <10kbps) and outgoing < 40kbps

These are the commands I tried in order to limit all but ftp/http/https:

______________________________________________________
tc qdisc add dev eth0 root handle 1: htb default 12
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbps ceil 10mbps
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10mbps ceil 10mbps
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 40kbps ceil 40kbps

tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 80 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 80 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 21 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 21 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 20 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 20 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 443 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 443 0xffff flowid 1:10
______________________________________________________

I hope someone can help me out here and tell me what I'm doing wrong.

My goal is quite simpel:

Limit all traffic that's not FTP-/WEB-related to a maximum speed at 40kbps.

Best regards!

imitheos 11-24-2005 07:20 AM

It seems good to me.

I have a almost same setup and it works fine.
The only things i have different are the following

Code:

tc qdisc add dev eth0 root handle 1: htb default 12
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbps ceil 10mbps
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 9mbps ceil 10mbps
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 40kbps ceil 40kbps

tc qdisc add dev eth0 parent 1:10 sfq
tc qdisc add dev eth0 parent 1:12 sfq

I don't know if it makes any difference but don't give the full 1:1 bandwidth to 1:10 that is why i changed yours to 9.
Second, you didn't set any queue for the classes. (I think this is needed but very long time has passed since i have set it up, so i can't
remember, maybe i am wrong, but try it anyway)
I used the SFQ queue but you can use any one you want (SFQ is good though)

Another thing you can do instead of all the port matching, use the firewall classifier.
that is you mark the packets with iptables and then you choose the iptables mark for matching.
For example
Code:

tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 7 fw flowid 1:10
iptables -t mangle -A POSTROUTING -p tcp --dport 80 -j MARK --set-mark 7

This is the same as your approach. It will have the same effect, i just find it easier to mess with iptables.

mndar 10-23-2008 12:42 PM

I had posted a method to get perfect load balancing on another forum a while back. You might find it useful
http://forums.fedoraforum.org/showthread.php?p=835704

To use some specific iptables features, you may have to re-compile it. This link will help
http://mndar.phpnet.us/tutorials/Lin...s_goodies.html

monohouse 10-25-2008 12:09 AM

I have tried many scripts none of them work, im trying to shape on linux for the last 2 weeks
how can I know what is wrong ?

I have all the requirements I have selected almost all in kernel config related to qos netfilter and iptables (modules) including (all of) those mentioned here: http://www.knowplace.org/pages/howto...quirements.php
but the shaping does not take place, and has no effect, even if
iptables -t mangle -L -n -v
tc -s qdisc ls dev ppp0
tc -s class ls dev ppp0
tc -s filter ls dev ppp0

say that it does, how can that be ?

here is a test:

with shaping
Code:

ping www.linuxquestions.org -n 10

Pinging www.linuxquestions.org [75.126.162.205] with 32 bytes of data:

Reply from 75.126.162.205: bytes=32 time=328ms TTL=49
Reply from 75.126.162.205: bytes=32 time=370ms TTL=49
Reply from 75.126.162.205: bytes=32 time=415ms TTL=49
Reply from 75.126.162.205: bytes=32 time=336ms TTL=49
Reply from 75.126.162.205: bytes=32 time=458ms TTL=49
Reply from 75.126.162.205: bytes=32 time=366ms TTL=49
Reply from 75.126.162.205: bytes=32 time=305ms TTL=49
Reply from 75.126.162.205: bytes=32 time=313ms TTL=49
Reply from 75.126.162.205: bytes=32 time=255ms TTL=49
Reply from 75.126.162.205: bytes=32 time=256ms TTL=49

Ping statistics for 75.126.162.205:
    Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 255ms, Maximum = 458ms, Average = 340ms

without
Code:

ping www.linuxquestions.org -n 10

Pinging www.linuxquestions.org [75.126.162.205] with 32 bytes of data:

Reply from 75.126.162.205: bytes=32 time=394ms TTL=49
Reply from 75.126.162.205: bytes=32 time=342ms TTL=49
Request timed out.
Reply from 75.126.162.205: bytes=32 time=398ms TTL=49
Reply from 75.126.162.205: bytes=32 time=345ms TTL=49
Reply from 75.126.162.205: bytes=32 time=391ms TTL=49
Reply from 75.126.162.205: bytes=32 time=374ms TTL=49
Reply from 75.126.162.205: bytes=32 time=328ms TTL=49
Reply from 75.126.162.205: bytes=32 time=384ms TTL=49
Reply from 75.126.162.205: bytes=32 time=374ms TTL=49

Ping statistics for 75.126.162.205:
    Packets: Sent = 10, Received = 9, Lost = 1 (10% loss),
Approximate round trip times in milli-seconds:
    Minimum = 328ms, Maximum = 398ms, Average = 370ms

the download was congested During test, upload was unused, using the (a bit modified, without incoming traffic shaping) myshaper script


All times are GMT -5. The time now is 11:44 AM.