extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 19:51:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Arne's changes to the Traffic Shaping document

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2852 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-11 21:48:53 +00:00
parent 7d97b536a6
commit 4691659db4
1 changed files with 92 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
Shorewall-docs2/traffic_shaping.xml
View File

@ -57,12 +57,11 @@
<para>The support for traffic shaping and control still does not cover all <para>The support for traffic shaping and control still does not cover all
options available (and especially all algorithms that can be used to queue options available (and especially all algorithms that can be used to queue
traffic) for the Linux kernel but it should fit most needs. If you are traffic) in the Linux kernel but it should fit most needs. If you are
using your own script for traffic control and you still want to use it using your own script for traffic control and you still want to use it
rather the builtin support in the future, you will find information on how in the future, you will find information on how to do this, <link linkend="owntcstart">
to do this, <link linkend="owntcstart">later in this document</link>. But later in this document</link>. But for this to work, you will also need to
for this to work, you will also need to enable traffic shaping in the enable traffic shaping in the kernel and Shorewall as covered by the next sections.</para>
kernel and Shorewall as covered by the next sections.</para>
</section> </section>
<section> <section>
@ -71,7 +70,7 @@
<para>This section gives a brief introduction of how controlling traffic <para>This section gives a brief introduction of how controlling traffic
with the linux kernel works. Although this might be enough for configuring with the linux kernel works. Although this might be enough for configuring
it in the Shorewall configuration files, it still might be a good idea to it in the Shorewall configuration files, it still might be a good idea to
take a deeper look into the <ulink url="http://ds9a.nl/lartc">Linux take a deeper look into the <ulink url="http://lartc.org/howto/">Linux
Advanced Routing and Shaping HOWTO</ulink>. At the time of writing this, Advanced Routing and Shaping HOWTO</ulink>. At the time of writing this,
the current version is 1.0.0.</para> the current version is 1.0.0.</para>
@ -86,13 +85,13 @@
<para>For Shorewall traffic shaping we use two algorithms, one is called <para>For Shorewall traffic shaping we use two algorithms, one is called
HTB (Hierarchical Token Bucket) and SFQ (Stochastic Fairness Queuing). SFQ HTB (Hierarchical Token Bucket) and SFQ (Stochastic Fairness Queuing). SFQ
is easy to explain: it just tries to track your connections (tcp or udp is easy to explain: it just tries to track your connections (tcp or udp
streams) and balances the traffic between them. This normaly works ok. HTB streams) and balances the traffic between them. This normally works well. HTB
allows you to define a set of classes, and you can put the traffic you allows you to define a set of classes, and you can put the traffic you
want into these classes. You can define minimum and maximum bandwitdh want into these classes. You can define minimum and maximum bandwitdh
settings for those classes and order the hierachically (the less priorized settings for those classes and order them hierachically (the less priorized
classes only get bandwitdth if the more important have what they need). classes only get bandwitdth if the more important have what they need).
Shorewall builtin traffic shaping allows you to define these classes (and Shorewall builtin traffic shaping allows you to define these classes (and
their bandwidth limits), and it uses SFW inside these classes to make their bandwidth limits), and it uses SFQ inside these classes to make
sure, that different data streams are handled equally.</para> sure, that different data streams are handled equally.</para>
<para>You can only shape outgoing traffic. The reason for this is simple, <para>You can only shape outgoing traffic. The reason for this is simple,
@ -106,11 +105,12 @@
have it forwarded to the outgoing interface as fast as possible.</para> have it forwarded to the outgoing interface as fast as possible.</para>
<para>There is one exception, though. Limiting incoming traffic to a value <para>There is one exception, though. Limiting incoming traffic to a value
a bit slower than your actual line speed will avoid queuing on the other a bit slower than your actual line speed will avoid queueing on the other
end of that connection. This is mostly useful if you don't have access to end of that connection. This is mostly useful if you don't have access to
traffic control on the other side and if this other side has a faster traffic control on the other side and if this other side has a faster
network connection than you do (the line speed between the systems is the network connection than you do (the line speed between the systems is the
bottleneck, e.g. a DSL connection to you providers router). So, if you bottleneck, e.g. a DSL connection to you providers router, the router itself
is normally connected to a much faster backbone). So, if you
drop packages that are coming in too fast, the underlaying protocol might drop packages that are coming in too fast, the underlaying protocol might
recognize this and slow down the connection. TCP has a builtin mechanism recognize this and slow down the connection. TCP has a builtin mechanism
for this, UDP has not (but the protocol over UDP might recognize it , if for this, UDP has not (but the protocol over UDP might recognize it , if
@ -177,25 +177,29 @@
<title>Using builtin traffic shaping/control</title> <title>Using builtin traffic shaping/control</title>
<para>For defining bandwidths (for either devices or classes) please use <para>For defining bandwidths (for either devices or classes) please use
kbit or kbps(for Kilobytes per second) and make sure there is NO space kbit or kbps(for Kilobytes per second) and make sure there is <emphasis
between the number and the unit (100kbit not 100 kbit). You generally role="bold">NO</emphasis> space
could use mbit or mbps or just Bytes, but i suggest to use kbit, as values between the number and the unit (it is 100kbit <emphasis role="bold">not</emphasis>
lether than 1 are not supported (NO 0.5mbit).</para> 100 kbit). Using mbit, mbps or a raw number (which means bytes) could be used,
but note that only integer numbers are supported (0.5 is <emphasis role="bold">not
valid</emphasis>).</para>
<para>To properly configure the settings for your devices you might need <para>To properly configure the settings for your devices you might need
to find out, the real up- and downstream rates you have. This is to find out, the real up- and downstream rates you have. This is
especially the case, if you are using a DSL connection or one of another especially the case, if you are using a DSL connection or one of another
type that do not have a guaranteed bandwidth. There are several online type that do not have a guaranteed bandwidth.Don't trust the
tools that help you find out, try ..... Don't trust the values your values your provider tells you for this, especially measuring the real
provider tells you for this, especially measuring the real download speed download speed is important! There are several online
is important!</para> tools that help you find out, search for "dsl speed test" on google (For Germany you
can use <ulink url="http://www.speedcheck.arcor.de/cgi-bin/speedcheck.cgi">arcor speed
check</ulink>). Be sure to choose a test located near you. </para>
<section> <section>
<title>/etc/shorewall/tcrules</title> <title>/etc/shorewall/tcrules</title>
<para>The fwmark classifier provides a convenient way to classify <para>The fwmark classifier provides a convenient way to classify
packets for traffic shaping. The /etc/shorewall/tcrules file provides a packets for traffic shaping. The <quote>/etc/shorewall/tcrules</quote> file
means for specifying these marks in a tabular fashion.</para> is used for specifying these marks in a tabular fashion.</para>
<para>Normally, packet marking occurs in the PREROUTING chain before any <para>Normally, packet marking occurs in the PREROUTING chain before any
address rewriting takes place. This makes it impossible to mark inbound address rewriting takes place. This makes it impossible to mark inbound
@ -473,19 +477,25 @@ ppp0 6000kbit 500kbit</programlisting>
that this is just an 1:1 replacement doing exactly what wondershaper that this is just an 1:1 replacement doing exactly what wondershaper
should do. You are free to change it...</para> should do. You are free to change it...</para>
<para>tcclasses file</para> <section>
<title>tcdevices file</title>
<programlisting>#INTERFACE IN-BANDWITH OUT-BANDWIDTH
ppp0 5000kbit 500kbit</programlisting>
</section>
<section>
<title>tcclasses file</title>
<programlisting>#INTERFACE MARK RATE CEIL PRIORITY OPTIONS <programlisting>#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
ppp0 1 full full 1 tcp-ack,tos-minimize-delay ppp0 1 full full 1 tcp-ack,tos-minimize-delay
ppp0 2 9*full/10 9*full/10 2 default ppp0 2 9*full/10 9*full/10 2 default
ppp0 3 8*full/10 8*full/10 2</programlisting> ppp0 3 8*full/10 8*full/10 2</programlisting>
<para>tcdevices file</para> </section>
<programlisting>#INTERFACE IN-BANDWITH OUT-BANDWIDTH <section>
ppp0 5000kbit 500kbit</programlisting> <title>tcrules file</title>
<para>tcrules file</para>
<programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT USER <programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
# PORT(S) # PORT(S)
@ -500,11 +510,13 @@ ppp0 5000kbit 500kbit</programlisting>
add these hosts to tcrules and set the mark to 3 (true if you use the add these hosts to tcrules and set the mark to 3 (true if you use the
example configuration files).</para> example configuration files).</para>
<para>Setting hosts to low priority</para> </section>
<section>
<title>Setting hosts to low priority</title>
<para>lets assume the following settings from you old wondershaper <para>lets assume the following settings from your old wondershaper
script (don't assume these example values are really useful, they are script (don't assume these example values are really useful, they are
only used for demonstrating):</para> only used for demonstrating ;-):</para>
<programlisting> <programlisting>
# low priority OUTGOING traffic - you can leave this blank if you want # low priority OUTGOING traffic - you can leave this blank if you want
@ -530,6 +542,56 @@ NOPRIOPORTDST="6662 6663" </programlisting>
3 0.0.0.0/0 0.0.0.0/0 udp - 6662,6663 3 0.0.0.0/0 0.0.0.0/0 udp - 6662,6663
3 0.0.0.0/0 0.0.0.0/0 tcp 6662,6663 3 0.0.0.0/0 0.0.0.0/0 tcp 6662,6663
3 0.0.0.0/0 0.0.0.0/0 tcp - 6662,6663</programlisting> 3 0.0.0.0/0 0.0.0.0/0 tcp - 6662,6663</programlisting>
</section>
</section>
<section>
<title>A simple setup</title>
<para>This is a simple setup for people sharing an internet connection
and using different computers for this. It just basically shapes
between 2 hosts which have the ip addresses 192.168.2.23 and
192.168.2.42</para>
<section>
<title>tcdevices file</title>
<programlisting>#INTERFACE IN-BANDWITH OUT-BANDWIDTH
ppp0 6000kbit 700kbit</programlisting>
<para>We have 6mbit down and 700kbit upstream.</para>
</section>
<section>
<title>tcclasses file</title>
<programlisting>#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
ppp0 1 10kbit 50kbit 1 tcp-ack
ppp0 2 300kbit full 2
ppp0 3 300kbit full 2
ppp0 4 90kbit 200kbit 3 default</programlisting>
<para>We add a class for tcp ack packets with highest priority, so
that downloads are fast. The following 2 classes share most
of the bandwidth between the 2 hosts, if the connection is idle,
they may use full speed. As the hosts should be treated equally
they have the same priority. The last class is for the remaining traffic.</para>
</section>
<section>
<title>tcrules file</title>
<programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
# PORT(S)
1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
2:P 192.168.2.23 0.0.0.0/0 all
3:P 192.168.2.42 0.0.0.0/0 all</programlisting>
<para>We mark icmp ping and replies so they will go into the fast
interactive class and set a mark for each host.</para>
</section>
</section> </section>
</section> </section>
</section> </section>