[TriLUG] bandwidth provisioning using Linux or BSD?
jonc at nc.rr.com
jonc at nc.rr.com
Sat Jul 19 23:27:05 EDT 2008
Here is something I wrote a couple of years back. We used it for some clients running Linux firewalls and it fine for limiting TCP bandwidth - but giving UDP (VoIP Voice packets) as much bandwidth as they need.
I recommend reading the Advanced Routing Doc for Linux TC.
http://www.trilug.org/~jonc/QoS/BWshaper.txt
# http://www.linuxforum.com/linux-advanced-routing/lartc.ratelimit.single.html
# Commands to add rate limiting for TCP in Linux
# These commands must be run as root
#
# eth0 = firewall's external network card (attached to internet)
# 10mbit = speed of external network card
# 300kbit = max TCP upload speed
# Create a Class based queue
# Set normal interface speed (10Mb) for use in calculations
tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 10mbit
# Create a 300Kb class
tc class add dev eth0 parent 1: classid 1:1 cbq rate 300kbit allot 1500 prio 5 bounded isolated
# Tell which traffic should use the shaped class
# Protocol 6 = TCP
tc filter add dev eth0 parent 1: protocol ip prio 16 u32 match ip protocol 6 0xff flowid 1:1
# ... to match a single ip address
# ... match ip dst 195.96.96.97 flowid 1:1
#
# Note: FeatureTel Soho customers need to rate-limit all traffic except
# voice traffic. All their Voice traffic goes to our Voice Proxy
# Firewall at 216.134.205.166. So they would use:
# ... match ip dst ! 216.134.205.166 flowid 1:1
# If it breaks everything, back out by using:
# tc qdisc del dev eth0 root
===
BTW: we don't use this any more - we switched most of our clients over to OpenBSD and PF as it was much easier to implement and it is readily available on Application devices (like the Snap Gear 300 firewall/router).
Jon Carnes
FeatureTel
---- Aaron Joyner <aaron at joyner.ws> wrote:
> You can readily do all this with OpenBSD's pf or Linux's iptables/tc.
> The former is relatively easy, the latter a good bit more complicated.
> Both do the job, but I suspect since you're asking about competitors
> to a specific product (which I know nothing about), I assume you're
> expecting an http or at least ncurses style guided interface. Neither
> of my suggestions have this, although there are possibly wrappers
> around them, I'm not familiar with any of them. If you need
> suggestions with pf or tc, ask away!
>
> Aaron S. Joyner
>
>
> On Fri, Jul 18, 2008 at 8:24 AM, Greg Brown <gwbrown1 at gmail.com> wrote:
> > Hey all. I'm in search for a Packeteer-like device that is OSS, or that is
> > commercial yet runs on a Linux or BSD box (OSS greatly preferred). Like a
> > Packeteer I'd like to be able to define slices of available bandwidth to
> > specific IP addresses (X meg guaranteed to device x.x.x.x with Y burst if
> > bandwidth is available, etc) - and the complicated thing here is I'd like to
> > use IPv6 for host addresses. But the the IPv6 thing aside I'd like to know
> > what the OSS competitors to Packeteer are and if you have used any I'd like
> > to know what you thought of the product.
> >
> > Greg
> > --
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG
mailing list