forked from extern/shorewall_code
Reorganize and correct the traffic shaping article
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3117 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
921f3b58f5
commit
a7b2321b3e
@ -21,7 +21,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-12-02</pubdate>
|
||||
<pubdate>2005-12-03</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2004</year>
|
||||
@ -233,6 +233,157 @@
|
||||
url="http://www.speedcheck.arcor.de/cgi-bin/speedcheck.cgi">arcor speed
|
||||
check</ulink>). Be sure to choose a test located near you.</para>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/tcdevices</title>
|
||||
|
||||
<para>This file allows you to define the incoming and outgoing bandwidth
|
||||
for the devices you want traffic shaping to be enabled. That means, if
|
||||
you want to use traffic shaping for a device, you have to define it
|
||||
here.</para>
|
||||
|
||||
<para>Columns in the file are as follows:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>INTERFACE - Name of interface. Each interface may be listed
|
||||
only once in this file. You may NOT specify the name of an alias
|
||||
(e.g., eth0:0) here; see <ulink url="FAQ.htm#faq18">FAQ #18</ulink>.
|
||||
You man NOT specify wildcards here, e.g. if you have multiple ppp
|
||||
interfaces, you need to put them all in here!</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>IN-BANDWIDTH - The incoming Bandwidth of that interface.
|
||||
Please note that you are not able to do traffic shaping on incoming
|
||||
traffic, as the traffic is already received before you could do so.
|
||||
This Column allows you to define the maximum traffic allowed for
|
||||
this interface in total, if the rate is exceeded, the packets are
|
||||
dropped. You want this mainly if you have a DSL or Cable Connection
|
||||
to avoid queuing at your providers side. If you don't want any
|
||||
traffic to be dropped set this to a value faster than your interface
|
||||
maximum rate.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>OUT-BANDWIDTH - Specifiy the outgoing bandwidth of that
|
||||
interface. This is the maximum speed your connection can handle. It
|
||||
is also the speed you can refer as "full" if you define the tc
|
||||
classes. Outgoing traffic above this rate will be dropped.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<example>
|
||||
<title></title>
|
||||
|
||||
<para>Suppose you are using PPP over Ethernet (DSL) and ppp0 is the
|
||||
interface for this. The device has an outgoing bandwidth of 500kbit
|
||||
and an incoming bandwidth of 6000kbit</para>
|
||||
|
||||
<programlisting>#INTERFACE IN-BANDWITH OUT-BANDWIDTH
|
||||
ppp0 6000kbit 500kbit</programlisting>
|
||||
</example>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/tcclasses</title>
|
||||
|
||||
<para>This file allows you to define the actual classes that are used to
|
||||
split the outgoing traffic.</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>INTERFACE - Name of interface. Must match the name of an
|
||||
interface with an entry in
|
||||
<filename>/etc/shorewall/tcdevices</filename>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>MARK - The mark value which is an integer in the range 1-255.
|
||||
You define these marks in the tcrules file, marking the traffic you
|
||||
want to go into the queueing classes defined in here. You can use
|
||||
the same marks for different Interfaces.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>RATE - The minimum bandwidth this class should get, when the
|
||||
traffic load rises. Please note that first the classes which equal
|
||||
or a lesser priority value are served even if there are others that
|
||||
have a guaranteed bandwith but a lower priority.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>CEIL - The maximum bandwidth this class is allowed to use when
|
||||
the link is idle. Useful if you have traffic which can get full
|
||||
speed when more important services (e.g. interactive like ssh) are
|
||||
not used. You can use the value "full" in here for setting the
|
||||
maximum bandwidth to the defined output bandwidth of that
|
||||
interface.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>PRIORITY - you have to define a priority for the class.
|
||||
packets in a class with a higher priority (=lesser value) are
|
||||
handled before less priorized onces. You can just define the mark
|
||||
value here also, if you are increasing the mark values with lesser
|
||||
priority.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>OPTIONS - A comma-separated list of options including the
|
||||
following:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>default - this is the default class for that interface
|
||||
where all traffic should go, that is not classified
|
||||
otherwise.</para>
|
||||
|
||||
<note>
|
||||
<para>defining default for exactly <emphasis
|
||||
role="bold">one</emphasis> class per interface is
|
||||
mandatory!</para>
|
||||
</note>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>tos-<tosname> - this lets you define a filter for
|
||||
the given <tosname> which lets you define a value of the
|
||||
Type Of Service bits in the ip package which causes the package
|
||||
to go in this class. Please note, that this filter overrides all
|
||||
mark settings, so if you define a tos filter for a class all
|
||||
traffic having that mark will go in it regardless of the mark on
|
||||
the package. You can use the following for this option:
|
||||
tos-minimize-delay (16) tos-maximize-throughput (8)
|
||||
tos-maximize-reliability (4) tos-minimize-cost (2)
|
||||
tos-normal-service (0)</para>
|
||||
|
||||
<note>
|
||||
<para>Each of this options is only valid for <emphasis
|
||||
role="bold">one</emphasis> class per interface.</para>
|
||||
</note>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>tcp-ack - if defined causes an tc filter to be created
|
||||
that puts all tcp ack packets on that interface that have an
|
||||
size of <=64 Bytes to go in this class. This is useful for
|
||||
speeding up downloads. Please note that the size of the ack
|
||||
packets is limited to 64 bytes as some applications (p2p for
|
||||
example) use to make every package an ack package which would
|
||||
cause them all into here. We want only packets WITHOUT payload
|
||||
to match, so the size limit. Bigger packets just take their
|
||||
normal way into the classes.</para>
|
||||
|
||||
<note>
|
||||
<para>This option is only valid for <emphasis
|
||||
role="bold">class</emphasis> per interface.</para>
|
||||
</note>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/tcrules</title>
|
||||
|
||||
@ -349,159 +500,6 @@
|
||||
</example>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/tcdevices</title>
|
||||
|
||||
<para>This file allows you to define the incoming and outgoing bandwidth
|
||||
for the devices you want traffic shaping to be enabled. That means, if
|
||||
you want to use traffic shaping for a device, you have to define it
|
||||
here.</para>
|
||||
|
||||
<para>Columns in the file are as follows:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>INTERFACE - Name of interface. Each interface may be listed
|
||||
only once in this file. You may NOT specify the name of an alias
|
||||
(e.g., eth0:0) here; see <ulink url="FAQ.htm#faq18">FAQ #18</ulink>.
|
||||
You man NOT specify wildcards here, e.g. if you have multiple ppp
|
||||
interfaces, you need to put them all in here!</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>IN-BANDWIDTH - The incoming Bandwidth of that interface.
|
||||
Please note that you are not able to do traffic shaping on incoming
|
||||
traffic, as the traffic is already received before you could do so.
|
||||
This Column allows you to define the maximum traffic allowed for
|
||||
this interface in total, if the rate is exceeded, the packets are
|
||||
dropped. You want this mainly if you have a DSL or Cable Connection
|
||||
to avoid queuing at your providers side. If you don't want any
|
||||
traffic to be dropped set this to a value faster than your interface
|
||||
maximum rate.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>OUT-BANDWIDTH - Specifiy the outgoing bandwidth of that
|
||||
interface. This is the maximum speed your connection can handle. It
|
||||
is also the speed you can refer as "full" if you define the tc
|
||||
classes. Outgoing traffic above this rate will be dropped.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<example>
|
||||
<title></title>
|
||||
|
||||
<para>Suppose you are using PPP over Ethernet (DSL) and ppp0 is the
|
||||
interface for this. The device has an outgoing bandwidth of 500kbit
|
||||
and an incoming bandwidth of 6000kbit</para>
|
||||
|
||||
<programlisting>#INTERFACE IN-BANDWITH OUT-BANDWIDTH
|
||||
ppp0 6000kbit 500kbit</programlisting>
|
||||
</example>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/tcclasses</title>
|
||||
|
||||
<para>This file allows you to define the actual classes that are used to
|
||||
split the outgoing traffic.</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>INTERFACE - Name of interface. Each interface may be listed
|
||||
only once in this file. You may NOT specify the name of an alias
|
||||
(e.g., eth0:0) here; see <ulink url="FAQ.htm#faq18">FAQ #18</ulink>.
|
||||
You man NOT specify wildcards here, e.g. if you have multiple ppp
|
||||
interfaces, you need to put them all in here!</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>MARK - The mark value which is an integer in the range 1-255.
|
||||
You define these marks in the tcrules file, marking the traffic you
|
||||
want to go into the queueing classes defined in here. You can use
|
||||
the same marks for different Interfaces.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>RATE - The minimum bandwidth this class should get, when the
|
||||
traffic load rises. Please note that first the classes which equal
|
||||
or a lesser priority value are served even if there are others that
|
||||
have a guaranteed bandwith but a lower priority.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>CEIL - The maximum bandwidth this class is allowed to use when
|
||||
the link is idle. Useful if you have traffic which can get full
|
||||
speed when more important services (e.g. interactive like ssh) are
|
||||
not used. You can use the value "full" in here for setting the
|
||||
maximum bandwidth to the defined output bandwidth of that
|
||||
interface.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>PRIORITY - you have to define a priority for the class.
|
||||
packets in a class with a higher priority (=lesser value) are
|
||||
handled before less priorized onces. You can just define the mark
|
||||
value here also, if you are increasing the mark values with lesser
|
||||
priority.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>OPTIONS - A comma-separated list of options including the
|
||||
following:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>default - this is the default class for that interface
|
||||
where all traffic should go, that is not classified
|
||||
otherwise.</para>
|
||||
|
||||
<note>
|
||||
<para>defining default for exactly <emphasis
|
||||
role="bold">one</emphasis> class per interface is
|
||||
mandatory!</para>
|
||||
</note>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>tos-<tosname> - this lets you define a filter for
|
||||
the given <tosname> which lets you define a value of the
|
||||
Type Of Service bits in the ip package which causes the package
|
||||
to go in this class. Please note, that this filter overrides all
|
||||
mark settings, so if you define a tos filter for a class all
|
||||
traffic having that mark will go in it regardless of the mark on
|
||||
the package. You can use the following for this option:
|
||||
tos-minimize-delay (16) tos-maximize-throughput (8)
|
||||
tos-maximize-reliability (4) tos-minimize-cost (2)
|
||||
tos-normal-service (0)</para>
|
||||
|
||||
<note>
|
||||
<para>Each of this options is only valid for <emphasis
|
||||
role="bold">one</emphasis> class per interface.</para>
|
||||
</note>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>tcp-ack - if defined causes an tc filter to be created
|
||||
that puts all tcp ack packets on that interface that have an
|
||||
size of <=64 Bytes to go in this class. This is useful for
|
||||
speeding up downloads. Please note that the size of the ack
|
||||
packets is limited to 64 bytes as some applications (p2p for
|
||||
example) use to make every package an ack package which would
|
||||
cause them all into here. We want only packets WITHOUT payload
|
||||
to match, so the size limit. Bigger packets just take their
|
||||
normal way into the classes.</para>
|
||||
|
||||
<note>
|
||||
<para>This option is only valid for <emphasis
|
||||
role="bold">class</emphasis> per interface.</para>
|
||||
</note>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>ppp devices</title>
|
||||
|
||||
@ -518,7 +516,7 @@ ppp0 6000kbit 500kbit</programlisting>
|
||||
|
||||
<programlisting>#! /bin/sh
|
||||
|
||||
/sbin/shorewall restart</programlisting>
|
||||
/sbin/shorewall refresh</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
|
Loading…
Reference in New Issue
Block a user