I am attempting to build a Linux replacement for our Packeteer PacketShaper using HTB.
Everyone is behind the firewall in a 10.0.0.0/8 network. Each property that we provide
service to has it's own B-class network over a full T-1 point-to-point connection.
That can then be separated into class C's.
I need to...
1. Keep the TC layout streamlined well enough that it does not kill speed/latency for
the users. With over 25 different class B networks subdivided this way, will it kill
the server/response? Should I be using MANGLE table marking? How will that work with
my extreme number of Classes? Will my hierarchical Class/Filter design flow properly
and not fall short of reaching the final Class definitions?
2. Create a dynamic default class that the remainder of the property falls in. What I
mean is... instead of a 128Kbit maximum for the entire remainder, I don't want to have
to add everyone's IP address to a filter, I would like to setup a 128Kbit class that
"each" connection at the same concurrent time can reach the maximum.
3. Use a Class/Filter per registered IP address in a database to limit speed to our
available plans. These plans are kept in a Database and can be different for each
parent class. For example; 10.10.3.0/24 available plans (n Kbits)... Plan A
(1536/1536), Plan B (1536/128), Plan C (768/128), Plan D (default) (128/64)
4. Parse the Class stats to monitor and graph with MRTG each registered IP, network
and property.
5. (Later) Build a script via PERL so that the Classes and Filters can be created "on
the fly" using a custom ODBC database connection to our customized
management/accounting database. I have this connector working properly for other uses
such as a "walled garden" authentication section in IPTABLES.
Here is an example of the inbound script I have been playing with to sample traffic.
Notice that I am trying to use Handle, ClassID and FlowIDs that are relevant to the IP
address schemes.
----------------------------------------
#!/bin/bash
TC='/sbin/tc'
# Upload
$TC qdisc del dev eth0 root
$TC qdisc add dev eth0 root handle 1: htb default 10
# 10.10.0.0/16
$TC class add dev eth0 parent 1: classid 1:10 htb rate 100Mbit
$TC filter add dev eth0 pref 10 parent 1: protocol ip u32 _
flowid 1:10 match ip src 10.10.0.0/16
$TC qdisc add dev eth0 parent 1:10 handle 10: htb default 255
# 10.10.3.0/24
$TC class add dev eth0 parent 10: classid 10:3 htb rate 8Mbit
$TC filter add dev eth0 pref 103 parent 10: protocol ip u32 _
flowid 10:3 match ip src 10.10.3.0/24
$TC qdisc add dev eth0 parent 10:3 handle 103: htb default 2
$TC class add dev eth0 parent 103: classid 103:1 htb rate 800Kbit
$TC filter add dev eth0 pref 1031 parent 103: protocol ip u32 _
flowid 103:1 match ip src 10.10.3.198/32
$TC filter add dev eth0 pref 1031 parent 103: protocol ip u32 _
flowid 103:1 match ip src 10.10.3.199/32
$TC class add dev eth0 parent 103: classid 103:2 htb rate 1000Kbit
$TC filter add dev eth0 pref 1032 parent 103: protocol ip u32 _
flowid 103:2 match ip src 10.10.3.0/24
# 10.10.4.0/24
$TC class add dev eth0 parent 10: classid 10:4 htb rate 8Mbit
$TC filter add dev eth0 pref 104 parent 10: protocol ip u32 _
flowid 10:4 match ip src 10.10.4.0/24
$TC qdisc add dev eth0 parent 10:4 handle 104: htb default 2
$TC class add dev eth0 parent 104: classid 104:1 htb rate 800Kbit
$TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
flowid 104:1 match ip src 10.10.4.198/32
$TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
flowid 104:1 match ip src 10.10.4.199/32
$TC class add dev eth0 parent 104: classid 104:2 htb rate 1000Kbit
$TC filter add dev eth0 pref 1041 parent 104: protocol ip u32 _
flowid 104:2 match ip src 10.10.4.0/24
# 10.10.0.0/16 - Remainder
$TC class add dev eth0 parent 10: classid 10:255 htb rate 8Mbit
$TC filter add dev eth0 pref 101 parent 10: protocol ip u32 _
flowid 10:1 match ip src 10.10.3.0/24
# 10.41.0.0/16
$TC class add dev eth0 parent 1: classid 1:41 htb rate 1500Kbit
$TC filter add dev eth0 pref 41 parent 1: protocol ip u32 _
flowid 1:41 match ip src 10.41.0.0/16
$TC qdisc add dev eth0 parent 1:41 handle 41: htb
$TC class add dev eth0 parent 41: classid 41:1 htb rate 1500Kbit
$TC filter add dev eth0 pref 411 parent 41: protocol ip u32 _
flowid 41:1 match ip src 10.41.1.0/24
$TC class add dev eth0 parent 41: classid 41:2 htb rate 1500Kbit
$TC filter add dev eth0 pref 412 parent 41: protocol ip u32 _
flowid 41:2 match ip src 10.41.2.0/24
$TC qdisc add dev eth0 parent 41:2 handle 412: htb default 9
$TC class add dev eth0 parent 412: classid 412:1 htb rate 1500Kbit
$TC class add dev eth0 parent 412: classid 412:2 htb rate 800Kbit
$TC class add dev eth0 parent 412: classid 412:3 htb rate 130Kbit
$TC class add dev eth0 parent 412: classid 412:9 htb rate 40Kbit
# Other
$TC class add dev eth0 parent 1: classid 1:9999 htb rate 28Kbit
$TC filter add dev eth0 pref 9999 parent 1: protocol ip u32 _
flowid 1:9999 match ip src 0.0.0.0/8
(some errors may be in here during cleanup from transfer to email)
-----------------------
Colin Vander Veen
IMNisp
Senior Engineer
http://www.imnisp.net/
-----------------------
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
