Heya all.
I've been searching oven google and over this forum for threads with examples on howto *give* userfor example a pipe
128Kbit (ceil 160?) (download) to let's say 0.0.0.0/0 and 100kbit upload, BUT:
give him 500kbit to destination in file $local_nets (I think we should mark them?) and 250 to upload to this destination hosts...


So what I'm doing at the beggining is marking the host which should be used as local_nets:

(in my situation local nets are the nets which are close to me and to/from which bandwith limits should be other than to/from *all* hosts)

while read local_address
do
#for download?
$IPT -t mangle -A POSTROUTING -s $local_address -j MARK --set-mark 4
$IPT -t mangle -A POSTROUTING -s $local_address -j RETURN

#for upload?
$IPT -t mangle -A PREROUTING -s $local_address -j MARK --set-mark 5
$IPT -t mangle -A PREROUTING -s $local_address -j RETURN

done < /etc/shaping/local_nets

$IPT -t mangle -A POSTROUTING -j MARK --set-mark 3

So download packets are marked as '4' and upload packets are marked as '5'

Since I wanna do download/upload shaping, I came up that I need IMQ ( i've compiled it into kernel)

now I *forward* packets to IMQ devices:
$IPT -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 0
$IPT -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1

eth0 - local interface
eth1 - external interface

and here is a STOP for me.

I can't figure out those "parrent" classid tags in shaping....
I know I should use tc+htb (people say it's a bit easier)
but I can't construct the HTB rules....

Could someone post such example with for example 4 IP addresses configured?

lets assume that max speed would be :
in - 500kbit
out - 300kbit for *all*

and:
*local traffic * would be :
in - 1000kbit
out - 700kbit


as en example:
ip 192.168.1.1 gets from 128-160 and *local traffic* of 200-300
upload: 80-90 140-200

ip 192.168.1.2gets from 140-160 and *local traffic* of 240-300
upload: 90-100 160-200

ip 192.168.1.3 gets from 128-128 and *local traffic* of 200-300
upload: 64-90 150-200

ip 192.168.1.4 gets from 100-100 and *local traffic* of 100-200
upload: 40-60 50-100



I know that it should take you lots of time to make such script(s) but maybe some of you have them, and will be able to share?
Looking at your shared examples I could use a script to generate TC rules

After fixing my script up to the end I'd be able to share the script (+ list of commands which were made to patch the kernel, and configuration itself, so linux users could use this script wider)

Thanking You all in advance LInuxquestions.org members

Jarek

Well, you'll need (at least) two classes per user, one for local, and one for generic traffic. If you want to impose a limit on both (e.g. user is only allowed to take 500kbit in total, not 500 local + 128 generic = 628kbit), you'll have to add a parent class, so the local class and generic class can borrow from each other (distribute load).

This does not look right. Just because you add a rule in Postrouting, doesn't mean it's download, same for Prerouting and upload. Go to www.docum.org and have a look at the KPTD.

So I take it that you're talking about a standalone machine, not a router? The above iptables rules make even less sense then.

Looks like a router after all. Why else need two eth devices? You don't need IMQ in this case - you can shape upload on eth1 and download on eth0. (Can't shape download for the local machine this way then, though).

There aren't many examples around for network differenciation. I don't know any. In either case, you'll have to whip up a solution for your personal needs, so it's imperative that you familiarize yourself with HTB. www.lartc.org is a good starting point.

Hang on, does that mean we're actually talking about LAN traffic here? Why would you want to shape that? Or is it a VLAN that actually goes out over the net? This complicates things, because not only have to account for traffic inside the VLAN tunnel, but also the 'outside' VLAN packets as well, which take up bandwidth after all.

Sorry, it seems I don't have a good grasp on your network situation after all.

I only have one script, for setting up shaping on a router for LAN clients, you can check it out here: http://www.metamorpher.de/fairnat/ - it's one of the most complicated bash scripts I've ever written. The commands aren't very easy to copy though, because the rates and everything actually gets calculated by the script and passed to bash functions as parameters.

Hello,
Thanks for your reply.


Yes it should be like: 500 local + 128 generic = 628kbit
thanks, I'll do. but after researching during these days it made me understand those classes, and those "parrent" and what do they do. I also found one script which I'm *rewriting* at the moment...

Soz for not writing at the beggining, it is a router running NAT and supposed to shape a traffic for:
LAN_nets (are the PC in the LAN (here users are connected to 100mbit link)
local_nets (which means these IP subnets are in my country)
and all other (mean any other IP space not matching those above.

thanks for clearing this up. but if I wanna make different pipes to lan? or I just need 3rd class here?

btw, on the internet there are lots of examples like :
-j IMQ --todev 0
-j IMQ --todev 1
and so on...
what if I for example do shaping like:
LAN_nets download --todev 0
LAN_nets upload --todev 1

local_nets download --todev 2
local_nets upload --todev 3

0/0 download --todev 4
0/0 upload --todev 5
and do shaping on those IMQ devices?

Or even with those LAN, LOCAL and 0/0 nets it is possible with only eth0, eth1 and with 3 classes per user?


seems so..

so You're the author of this script?
grats
It'll be good to have as an example and copy some strings.

I also recompile kernel with:
Btw, what hardware do I need for such job?
(CPU/RAM)
There will be ~300 users (some are NAT'ed some just routed (they get PUBLIC IP)


Thanks once again for sharing your knowledge.


Jarek

Hi,

sorry for late reply, I find it hard to watch my own posts in this forum...

So you're shaping on a router. You don't need IMQ for that, even if you have some distinction for different networks - but you have to find a way to represent that structure in your HTB class tree on your LAN device. I've never worked with MANs (my provider offers one speed only, no matter wether the IP is in my country or not), so I can't tell you which way is best to handle them.

About your suggestion to create many IMQ devices, one for each network and up/download: I'm not sure it's a good idea. This way you have to create a lot of HTB qdiscs, which don't know about each other, so they won't respect dependencies (like making sure that local LAN traffic never uses up 100% of interface bandwidth, unnecessarily interfering with internet traffic).

About the hardware you need -- I have absolutely no idea. My home router for 5 people was a PII or some such machine. We couldn't find anything older . Even with not too simple shaping setup, the machine was idle 97% at all times. Complete overkill.

Unless you have an awful lot of filter rules, I guess any machine should do.