[SOLVED] Better understanding Traffic Control in Linux

markings · 03-14-2012, 08:48 AM

Hello,

Traffic control is a very complex system which makes it very difficult to understand how it functions to write rules more efficiently. For now I had opted for PHP frontend that wrote the rules automatically to have an example how they're written so I can know how to implement them. Below is a sample of the rules I currently have:

Code:

#Flush mangle table
/usr/sbin/iptables -t mangle -D POSTROUTING -j SHARE_USERS
/usr/sbin/iptables -t mangle -F SHARE_USERS
/usr/sbin/iptables -t mangle -X SHARE_USERS
/usr/sbin/iptables -t mangle -N SHARE_USERS



#Shaper interfaces: eth0
/usr/sbin/tc qdisc del dev eth0 root
/usr/sbin/tc qdisc add dev eth0 root handle 1: htb r2q 2

#Root class:
/usr/sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 10Mbit ceil 10Mbit

  #Class::10Mbit
  /usr/sbin/tc class add dev eth0 parent 1:1 classid 1:1001 htb rate 10Mbit ceil 10Mbit burst 2Kbit prio 0
  /usr/sbin/tc qdisc add dev eth0 parent 1:1001 handle 1001: sfq perturb 10

      #Class::all
      /usr/sbin/tc class add dev eth0 parent 1:1001 classid 1:1002 htb rate 32Kbit ceil 32Kbit burst 2Kbit prio 3
      /usr/sbin/tc qdisc add dev eth0 parent 1:1002 handle 1002: sfq perturb 10
        #/usr/sbin/iptables -t mangle -A SHARE_USERS -o eth0 --protocol tcp -s 0.0.0.0/0 --sport 80 -d 0.0.0.0/0   -m comment --comment 'Web Server' -j CLASSIFY --set-class 1:1002
        /usr/sbin/iptables -t mangle -A SHARE_USERS -o eth0 --protocol tcp -s 0.0.0.0/0  -d 0.0.0.0/0  -m owner --gid-owner clients -m comment --comment 'All Traffic' -j CLASSIFY --set-class 1:1002
        /usr/sbin/iptables -t mangle -A SHARE_USERS -o eth0 --protocol tcp -s 0.0.0.0/0  -d 0.0.0.0/0  -m owner --gid-owner users -m comment --comment 'All Traffic' -j CLASSIFY --set-class 1:1002


#Shaper interfaces: eth1
/usr/sbin/tc qdisc del dev eth1 root
/usr/sbin/tc qdisc add dev eth1 root handle 1: htb r2q 2

#Root class:
/usr/sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 100Mbit ceil 100Mbit


#IPTABLES run
/usr/sbin/iptables -t mangle -A POSTROUTING -j SHARE_USERS

My question: The rules that I have above, does it apply for all outgoing traffic in the same group or per connection? IE. If two users where making a connection to two different destinations, will both users be capped at, for example 32Kbit? Or will each user individually be capped at 32Kbit, which will create a combined traffic of 64Kbit?
Best Regards

P.S. I'm far from a networking guru

Celyr · 03-16-2012, 04:13 AM

Hi,

The limit is applied to the whole group 32Kbit for all the users (not each)

markings · 03-17-2012, 09:50 AM

Hello,

Thank you