Home page logo
/

nanog logo nanog mailing list archives

RE: Shaping on a large scale
From: "Bruce Grobler" <bruce () yoafrica com>
Date: Sat, 31 Jan 2009 00:21:38 +0200

Hi,

Thanks for all the comments!, do you know of any web frontends for these
apps? (don't want to go reinventing the wheel) Something that preferably
uses a mysql backend.

Regards,

Bruce Grobler
Yo! Africa - Network Engineer
Cell : 0912364532 Skype: bruce.grobler 

-----Original Message-----
From: Chris Caputo [mailto:ccaputo () alt net] 
Sent: Friday, January 30, 2009 9:54 PM
To: C. Jon Larsen
Cc: Scott Berkman; nanog () nanog org
Subject: RE: Shaping on a large scale 

On Fri, 30 Jan 2009, C. Jon Larsen wrote:
Open source you can do a custom setup with IPTables and iproute2, but it
will take some work to get the same kind of features and management
interface.  LARTC is a good reference for this kind of topic:
http://lartc.org/.  Also I'm not sure if someone has built this into any
of the firewall specific linux distros yet, so you may want to explore
those a little.

The scripts below will set max bandwidth on an interface to 60mbit, and
setup
a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a
physical server to limit bandwidth to a virtual server(s) on the physical
server. Should work just as well on a dual-armed router/firewall shaping
devices behind it.  You would just create more classes (1:11, 1:12, etc)
for
more clients/ips to shape and you might want to knock the ceiling on the
default (1:30) class down to guarantee the bandwidth to the 1:10,
1:11...classes.

tc qdisc add dev eth0 root handle 1: htb default 30

tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit
burst
150k

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

## limit a.b.c.d to 3mbit/sec:
U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32"
$U32 match ip src  a.b.c.d/32 flowid 1:10
$U32 match ip dst  a.b.c.d/32 flowid 1:10

tc -s -d qdisc show dev eth0

tcng - Traffic Control Next Generation (http://tcng.sourceforge.net/) 
provides a configuration language that abstracts the gnarliness above.

Chris



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault