linux traffic shaping

linuxtolinux — Fri, 06 Oct 2006 09:00:34 GMT

Hi all,
I am very new to traffic control.
I read the lartc howto and I am curently using the script in ch15 (cookbook) with some restrictions:
I excluded the ingress section and i implemented the rest on both interfaces of my firewall.(eth0 the internet interface and eth1 the LAN interface)all i need is to separate between ssh and other traffic with ssh hghi priority.find below the script use on eth1
(ssh priority one and all other 2)
##################################### Egress on eth1:the LAN interface #######################################

DEV=eth1

# install root HTB, point default traffic to 1:20
$TC qdisc add dev $DEV root handle 1: htb default 20
# shape everything at $UPLINK speed - this prevents huge queues in your DSL modem which destroy latency:
$TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
# high prio class 1:10:
$TC class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit burst 6k prio 1
# bulk & default class 1:20 - gets slightly less traffic and a lower priority:
$TC class add dev $DEV parent 1:1 classid 1:20 htb rate 64kbit ceil ${UPLINK}kbit burst 3k prio 2

# both get Stochastic Fairness:
$TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
$TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
$TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip dport 22 0xffff flowid 1:10
$TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip sport 22 0xffff flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we can do measurements & impress our friends:
$TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets of the download in the interactive class:
$TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# rest is .non-interactive. ie .bulk. and ends up in 1:20
###################################################################################

the same on eth0 with DEV=eth0

I tried the script on my lab using one pc as firewall with 2 eth one connected to my lan and the athor to a pc simulated as internet and everything worked fine.
When implemented on my real fw connected to the internet I didn't get the desired result that i got in the test.(the ssh or scp doesn't get the 1rst priority ....)
I am somewhat confused .Please any help?

Regards

topic linux traffic shaping in Operating System - Linux

linux traffic shaping