Shorewall Rate Limiting or QoS
Using tc directly to manage rate limiting can be tricky and a little bit complex to understand. I have found that shorewall provides an easy to use and understand interface to achieve the same purpose. The concept is based on devices, rules and classes as represented by the three files in shorewall – tcdevices, tcrules and tcclasses.
The devices basically refer to the interfaces rate limiting should happen; the rules are the different types of traffic that you wish to implement rules for. ie : all inbound http traffic should be given a certain class; And the classes define how the rating is done for that class.
In my example, I have a 10Mb/s connection to the internet that I need to share between office use, external servers such as DNS and HTTP and some other thing such as VPN access. In my /etc/shorewall/tcdevices I have specified my internet facing interface:
#INTERFACE IN-BANDWITH OUT-BANDWIDTHeth2 10mbit 10mbit
I then define some rules such as :
1 0.0.0.0/0 0.0.0.0/0 tcp 20,21,22 1 0.0.0.0/0 0.0.0.0/0 tcp - 20,21,22 2 0.0.0.0/0 0.0.0.0/0 tcp 53 2 0.0.0.0/0 0.0.0.0/0 udp 53
The above ‘tags’ the packets that match the follow rules. So as an example, all ssh traffic is tagged as 1. In my full example I have rules that make up 4 tagged ‘classes’. In the tcclasses file I have the following:
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth2 1 10*full/100 full 1 eth2 2 44*full/100 full 2 eth2 3 14*full/100 full 3 eth2 4 28*full/100 full 4 eth2 5 4*full/100 10*full/100 5
What I basically have now is the identification of the type of traffic I want to shape (done by the rules) and over which interface I want to apply the shaping (done by the devices). The classes then determines the amount of bandwidth assigned for each rule.