On Fri, 30 Jan 2009, C. Jon Larsen wrote: > > Open source you can do a custom setup with IPTables and iproute2, but it > > will take some work to get the same kind of features and management > > interface. LARTC is a good reference for this kind of topic: > > http://lartc.org/. Also I'm not sure if someone has built this into any > > of the firewall specific linux distros yet, so you may want to explore > > those a little. > > The scripts below will set max bandwidth on an interface to 60mbit, and setup > a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a > physical server to limit bandwidth to a virtual server(s) on the physical > server. Should work just as well on a dual-armed router/firewall shaping > devices behind it. You would just create more classes (1:11, 1:12, etc) for > more clients/ips to shape and you might want to knock the ceiling on the > default (1:30) class down to guarantee the bandwidth to the 1:10, > 1:11...classes. > > tc qdisc add dev eth0 root handle 1: htb default 30 > > tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k > tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k > tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit burst > 150k > > tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 > tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10 > > ## limit a.b.c.d to 3mbit/sec: > U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32" > $U32 match ip src a.b.c.d/32 flowid 1:10 > $U32 match ip dst a.b.c.d/32 flowid 1:10 > > tc -s -d qdisc show dev eth0
tcng - Traffic Control Next Generation (http://tcng.sourceforge.net/) provides a configuration language that abstracts the gnarliness above. Chris
