ADSL Bandwidth Management HOWTO by Dan Singletary (inspirational books for students TXT) π
-----
3.5. Attempting to Throttle Inbound Traffic
By using the Intermediate Queuing Device (IMQ), we can run all incoming packets through a queue in the same way that we queue outbound packets. Packet priority is much simpler in this case. Since we can only (attempt to) control inbound TCP traffic, we'll put all non-TCP traffic in the 0x00 class, and all TCP traffic in the 0x01 class. We'll also place "small" TCP packets in the 0x00 class since these are most likely ACK packets for outbound data that has already been sent. We'll set up a standard FIFO queue on the 0x00 class, and we'll set up a Random Early Drop (RED) queue on the 0x01 class. RED is better than a FIFO (tail-drop) queue at controlling TCP because it will drop packets before the queue overflows in an attempt to slow down transfers that look like they're about to get out of control. We'll also rate-limit bot
Read free book Β«ADSL Bandwidth Management HOWTO by Dan Singletary (inspirational books for students TXT) πΒ» - read online or download for free at americanlibrarybooks.com
- Author: Dan Singletary
- Performer: -
Read book online Β«ADSL Bandwidth Management HOWTO by Dan Singletary (inspirational books for students TXT) πΒ». Author - Dan Singletary
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --set-mark 21 # DNS name resolution (small packets)
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport ssh -j MARK --set-mark 22 # secure shell
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport ssh -j MARK --set-mark 22 # secure shell
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport telnet -j MARK --set-mark 22 # telnet (ew...)
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport telnet -j MARK --set-mark 22 # telnet (ew...)
iptables -t mangle -A MYSHAPER-OUT -p ipv6-crypt -j MARK --set-mark 24 # IPSec - we don't know what the payload is though...
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport http -j MARK --set-mark 25 # Local web server
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK --set-mark 21 # small packets (probably just ACKs)
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26 # redundant- mark any unmarked packets as 26 (low prio)
Done with outbound shaping ##############################################echo "Outbound shaping added to $DEV. Rate: ${RATEUP}Kbit/sec."
uncomment following line if you only want upstream shaping. exit ############################################## Inbound Shaping (limits total bandwidth to RATEDN) make sure imq module is loadedmodprobe imq numdevs=1
ip link set imq0 up
add qdisc - default low-prio class 1:21tc qdisc add dev imq0 handle 1: root htb default 21
add main rate limit classestc class add dev imq0 parent 1: classid 1:1 htb rate ${RATEDN}kbit
add leaf classes - TCP traffic in 21, non TCP traffic in 20tc class add dev imq0 parent 1:1 classid 1:20 htb rate $[$RATEDN/2]kbit ceil ${RATEDN}kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:21 htb rate $[$RATEDN/2]kbit ceil ${RATEDN}kbit prio 1
attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ insures that within each class connections will be treated (almost) fairly.tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev imq0 parent 1:21 handle 21: red limit 1000000 min 5000 max 100000 avpkt 1000 burst 50
filter traffic into classes by fwmark - here we direct traffic into priority class according to the fwmark set on the packet (we set fwmark with iptables later). Note that above we've set the default priority class to 1:26 so unmarked packets (or packets marked with unfamiliar IDs) will be defaulted to the lowest priority class.tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
add MYSHAPER-IN chain to the mangle table in iptables - this sets up the table we'll use to filter and mark packets.iptables -t mangle -N MYSHAPER-IN
iptables -t mangle -I PREROUTING -i $DEV -j MYSHAPER-IN
add fwmark entries to classify different types of traffic - Set fwmark from 20-26 according to desired class. 20 is highest prio.iptables -t mangle -A MYSHAPER-IN -p ! tcp -j MARK --set-mark 20 # Set non-tcp packets to highest priority
iptables -t mangle -A MYSHAPER-IN -p tcp -m length --length :64 -j MARK --set-mark 20 # short TCP packets are probably ACKs
iptables -t mangle -A MYSHAPER-IN -p tcp --dport ssh -j MARK
Comments (0)