HPE Community
Operating System - Linux
1819928 Members
3031 Online
109607 Solutions
New Discussion

linux traffic shaping

 
linuxtolinux
Frequent Advisor

‎10-06-2006 02:00 AM

‎10-06-2006 02:00 AM

linux traffic shaping

Hi all,
I am very new to traffic control.
I read the lartc howto and I am curently using the script in ch15 (cookbook) with some restrictions:
I excluded the ingress section and i implemented the rest on both interfaces of my firewall.(eth0 the internet interface and eth1 the LAN interface)all i need is to separate between ssh and other traffic with ssh hghi priority.find below the script use on eth1
(ssh priority one and all other 2)
##################################### Egress on eth1:the LAN interface #######################################

DEV=eth1

# install root HTB, point default traffic to 1:20
$TC qdisc add dev $DEV root handle 1: htb default 20
# shape everything at $UPLINK speed - this prevents huge queues in your DSL modem which destroy latency:
$TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
# high prio class 1:10:
$TC class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit burst 6k prio 1
# bulk & default class 1:20 - gets slightly less traffic and a lower priority:
$TC class add dev $DEV parent 1:1 classid 1:20 htb rate 64kbit ceil ${UPLINK}kbit burst 3k prio 2

# both get Stochastic Fairness:
$TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
$TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
$TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip dport 22 0xffff flowid 1:10
$TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip sport 22 0xffff flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we can do measurements & impress our friends:
$TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets of the download in the interactive class:
$TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# rest is .non-interactive. ie .bulk. and ends up in 1:20
###################################################################################

the same on eth0 with DEV=eth0

I tried the script on my lab using one pc as firewall with 2 eth one connected to my lan and the athor to a pc simulated as internet and everything worked fine.
When implemented on my real fw connected to the internet I didn't get the desired result that i got in the test.(the ssh or scp doesn't get the 1rst priority ....)
I am somewhat confused .Please any help?

Regards
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.