Traffic shaping box, tips.

[Hagforce]

Hello!.

We got a 30mb SDSL connection with 500+ clients behind it.
Some is using mutch bandwith for bittorrent, and other bandwith consuming things

I been locking at dedicated traffic shaping boxes, but they come at a high cost.

Anybody know ift here is any easy to manage traffic shaping software for linux.

Wil a powerful linux box be enough for this network?, or wil it just slow everything down?.


Well, if enybody got experience with this, or know links to how to`s etc I`m very interested.

Thank you in advance.

[falko]

I think you can do this with iptables.

If you want to limit bandwidth for Apache, have a look here: http://www.howtoforge.com/mod_cband_...ota_throttling

[opyrt]

Hello Hagforce.

I'm facing the same problem, although to a much smaller scale. I've made a script that really improves the performance on my SDSL link, but I really don't know if this is the right way to do it. I am no iptables guru, I just know that this works for me. Maybe you can use this as a guide on how to set up something similar?

This is the shellscript I run on my linux based firewall/router:

#!/bin/sh

set_ipt () {

## Set up base tables for interfaces.

iptables -t mangle -F POSTROUTING

for DEVICE in eth0 eth1; do
# Check if the table is defined.
iptables -t mangle -n -L SH${DEVICE}-OUT > /dev/null 2>&1
if [ $? != 0 ]; then
# No. Create the table.
iptables -t mangle -N SH${DEVICE}-OUT
else
# Yes. Empty the table.
iptables -t mangle -F SH${DEVICE}-OUT
fi
iptables -t mangle -I POSTROUTING -o ${DEVICE} -j SH${DEVICE}-OUT
done
}

## Bandwidth to limit to.
## Should be approx. 10-15% lower than max bandwidth on the link.
## (This is in kilobit)

MAINRATE=1900

for DEVICE in eth0 eth1; do
# Set up basequeues on the interfaces and change queuelenght.
ifconfig $DEVICE txqueuelen 100
tc qdisc del dev $DEVICE root sfq perturb 10 >/dev/null 2>&1
tc qdisc del dev $DEVICE root >/dev/null 2>&1

# If the script was started with the stop parameter,
# let's stop here. This will result in all traffic
# shaping to be turned off.
if [ "$1" = "stop" ]; then continue; fi

# Add HTB root queue discipline.
tc qdisc add dev ${DEVICE} root handle 1: htb default 22

# Add main limit class.
tc class add dev ${DEVICE} parent 1: classid 1:1 htb rate ${MAINRATE}kbit

# Set up classes.
tc class add dev ${DEVICE} parent 1:1 classid 1:20 htb rate $(($MAINRATE/4))kbit ceil ${MAINRATE}kbit prio 0
tc class add dev ${DEVICE} parent 1:1 classid 1:21 htb rate $(($MAINRATE/4))kbit ceil ${MAINRATE}kbit prio 1
tc class add dev ${DEVICE} parent 1:1 classid 1:22 htb rate $(($MAINRATE/4))kbit ceil ${MAINRATE}kbit prio 2
tc class add dev ${DEVICE} parent 1:1 classid 1:23 htb rate $(($MAINRATE/4))kbit ceil ${MAINRATE}kbit prio 3

# Queues for wach class.
tc qdisc add dev ${DEVICE} parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev ${DEVICE} parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev ${DEVICE} parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev ${DEVICE} parent 1:23 handle 23: sfq perturb 10

# Limit traffic to the classes based on tagging from iptables.
tc filter add dev ${DEVICE} parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev ${DEVICE} parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev ${DEVICE} parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev ${DEVICE} parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23

set_ipt

iptables -t mangle -A SH${DEVICE}-OUT -p tcp -m length --length :64 -j MARK --set-mark 20 # Small packages
iptables -t mangle -A SH${DEVICE}-OUT -p udp -j MARK --set-mark 20 # UDP packages
# iptables -t mangle -A SH${DEVICE}-OUT -p icmp -j MARK --set-mark 21 # ICMP packages (ping)
iptables -t mangle -A SH${DEVICE}-OUT -p tcp --sport 22 -j MARK --set-mark 20 # SSH
# iptables -t mangle -A SH${DEVICE}-OUT -p tcp --sport 23 -j MARK --set-mark 21 # TELNET
iptables -t mangle -A SH${DEVICE}-OUT -p tcp --sport 21 -j MARK --set-mark 21 # FTP Control
done

## END ##