0

I am trying to create a traffic shaping by HTB and iptables.I want to control bandwidth per IP so I create for each IP a class and I am using iptables marketing to assign individual filter to each class in other mean to each IP . I have near 11000 users in 6 different subnets and because I can not create more than 9999 classid I am using this scenario :

I create a root qdisc and assign to it 6 classes------------------------------------------------------------------------- ( classid 1:1 parent 1:0 , classid 1:2 parent 1:0 .....classid 1:6 parent 1:0 )

then assign to each class a qdisc -----------------------------------------------------------------------------------------( qdisc parent 1:1 handle 10: , qdisc parent 1:2 handle 20: , .... , qdisc parent 1:6 handle 60 )

and in final I assign every 2048 users in each subnet to these qdiscs.

qidsc with handle 10: has 2048 class (classid 10:1 to classid 10:2048)

qdisc with handle 20: has 2048 class (classid 20:1 to classid 20:2048) and ...

this is my file configuration for one subnet :

 /bin/bash
 NETCARD=eth0
 MAXBANDWIDTH=100000

 # reinit
 tc qdisc del dev $NETCARD root handle 1
 tc qdisc add dev $NETCARD root handle 1: htb default 9999

 # create the default class
 tc class add dev $NETCARD parent 1:0 classid 1:9999 htb rate $(( $MAXBANDWIDTH ))kbit ceil $((          $MAXBANDWIDTH ))kbit 

 # control bandwidth per IP
 declare -A ipctrl
 # define list of IP and bandwidth (in kilo bits per seconds) below
 x=0
 n=179
 m=0
 while [ x -lt 2048 ]do;
 ipctrl[192.168.$n.$m]="2000"
 m=expr( $m + 1 )
 if [ 256 = m ]
 then
 n=expr( $n + 1 )
 m=0
 fi
 done
 mark=0
 for ip in "${!ipctrl[@]}"
 do
 mark=$(( mark + 1 ))
 bandwidth=${ipctrl[$ip]}

 # traffic shaping rule
 tc class add dev $NETCARD parent 1:0 classid 10:$mark htb rate $(( $bandwidth ))kbit ceil $(( $bandwidth ))kbit 

 # netfilter packet marking rule
 iptables -t mangle -A FORWARD -i $NETCARD -s $ip -j CONNMARK --set-mark $mark

 # filter that bind the two
 tc filter add dev $NETCARD parent 1:0 protocol ip prio $mark handle $mark fw flowid 1:1
 tc filter add dev $NETCARD parent 10:0 protocol ip prio $mark handle $mark fw flowid 10:$mark

 echo "IP $ip is attached to mark $mark and limited to $bandwidth kbps"
 done

 #propagate netfilter marks on connections
 iptables -t mangle -A POSTROUTING -j CONNMARK --restore-mark

I am using Ubuntu Server 14.04 and I am runing it on a real server. But in real when I run it the bandwidth for each user is very very less than the bandwidth I assigned to it's class , for example if I assigned to an IP 1000 kbit,in real his bandwidth is 10kbit. What is the problem with my configuration ? is it a good configuration or plan for traffic shaping ?

samie
  • 47
  • 8
  • When you look at `iptables -t mangle -vxnL` are all of the packets being categorized by the proper marking rules? When you look at `tc -s qdisc show` do those numbers match what you are expecting for packet counts and total bytes? Have you tried --restore-mark in PREROUTING instead of POSTROUTING? – Andrew Domaszek Mar 07 '15 at 22:44
  • Additionally, at some point you will want to look at ip hashing to speed up categorization time. LARTC has an example on doing what you're trying to do. [tc filter IP Hashing](http://lartc.org/howto/lartc.adv-filter.hashing.html) – Andrew Domaszek Mar 07 '15 at 22:48

0 Answers0