Life, Football, Technology and Vespas…

Linux Traffic Shaping

blockedMy setup is as follows: 3G modem -> linux (fedora) gateway/firewall -> Wireless router -> LAN

I have the requirement that I do not want a situation where one user on the LAN can hog all the internet b/w – thus making the internet unusable for the rest. My wireless router does not support network shaping, so by using the power of linux, I can shape my traffic on my gateway using tc.

Start by clearing any shaping filters / queues

# tc qdisc del dev eth0 root 2> /dev/null

Then create a root queueing discipline on the interface that you wish to shape (mine is eth0)

# tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 1000Mbit \
 avpkt 1000 cell 8

Create a class

# tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth \
1000Mbit prio 8 allot 1514 cell 8 rate 1000Mbit maxburst 20 \ 
avpkt 1000

Create a subclass of 1:1 that is rate limited to 512Kbit/s

# tc class add dev eth0 parent 1:1 classid 1:10 cbq bandwidth \
1000Mbit rate 512Kbit prio 1 allot 1514 cell 8 maxburst 20

I do not want to rate limit traffic from the LAN to the server for internal traffic so I create another sub class that is not rate limited

tc class add dev $DEV parent 1:1 classid 1:20 cbq allot 1514 avpkt 1000 \
rate 1000Mbit bandwidth 1000Mbit prio 2
tc class add dev eth0 parent 1:1 classid 1:20 cbq allot \ 1514 avpkt 1000 rate 1000Mbit bandwidth 1000Mbit prio 2

Create the filters – the first ones are to catch all locally generated traffic to the server 192.168.2.1

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 \
match ip src 192.168.2.1/32 flowid 1:20
tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 
match ip dst 192.168.2.1/32 flowid 1:20

Create a filter that rate limits traffic destined to the LAN – this would be all traffic coming from the ppp0 interface

tc filter add dev eth0 parent 1:0 protocol ip prio 2 \
u32 match ip dst 192.168.2.0/24 flowid 1:10

Voila – traffic shaped for all users. I have a 3.1Mb/s connection to the internet. A very rudimentary check with test my speed shows that I have a download speed of ±400Kbits/sec and an upload of 86Kbits/sec. I suppose that I could also add another class to limit upload speeds and match it with another filter – but for now, this works fine.

The next step is to prioritise protocols…

Advertisements

2 responses

  1. Ali

    I want to have a linux server (the my traffic shaper) in my lan as a router that can shape, control and manage the bandwidth for using of internet so everybody in my lan have limited for use of it with traffic shaper daily or monthly.
    the information of users are saved in ldap directory so traffic shaper must using the ldap server for authentication every user that request to connected to internet.
    I want to use the tc rules but i don’t kow that how to using them for limiting every body,daily or monthly.Can i need a data base?

    August 14, 2010 at 8:00 pm

    • bonoboslr

      That is a very interesting idea but I am not sure how you will be able to identify every connection based on users in LDAP. You might need to look at something like shorewall or nufw.
      nufw will allow you to create rules that will only work having been authenticated.

      August 15, 2010 at 9:45 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s