My internet connection goes like this:
Internet <-128kbps link-> Cisco Router (Public IP) <-LAN-> Linux router/server (Public IP) <-LAN-> Regular PCs (Public IPs)
The Cisco router:
- the first Public IP allocated to my institution (/29)
- is programmed to send all packets through the Linux router
The Linux router
- The second Public IP allocated to my institution
- is programmed to forward packets between the regular PCs and the Cisco router
- act as a server too (mail, web, etc.)
The regular PCs (4 of them):
- The rest of the Public IPs
- use the Linux router as the gateway
I enabled the iptables packet logging on the Linux router and sometimes and I find out that:
- Some packets are big, bigger than 20KB. Is that normal? (yes, it is normal. These are not packets, these are IP datagrams as Some Guy kindly explained)
- Too many times the transmitted data (out to the internet) was bigger than 16KB. For example in a particular second 10572 bytes went in (no problem), 63521 bytes went out (to the Cisco router). It would take 4 seconds at least to send that 64KB through the 128kbps link. Meanwhile the Linux router is sending more data to the Cisco router, clogging its buffers. Not good.
Now, how can I configure the Linux router to shape traffic in a way that:
- Keep transmission speed to the max when the traffic is between these regular PCs and the Linux server.
- Slow down traffic to the outside world to avoid clogging the “out” line, using all (or almost all) the bandwidth available (128 kbps). No more “>16KB out seconds” on the trace.
- Guarantee 24kbps out to each regular PC, 24 kbps to the Linux server at any time. (8bkps left for overhead if necessary). IOW, 5 (pseudo) “bands”, 24kbps each one.
- In case there is any PC not using its full band, fairly share the idle bandwidth among the rest of the transmitting PCs
- Give priority to certain packets (DNS lookups, control packets), take priority away from others (torrent!!!), INSIDE each band, and not affecting other bands.
I have already marked (using IP tables --set-xmark option) each outgoing packet for each PC:
- Linux router to the outside world, high prio
- Linux router to the outside world, normal prio
- Linux router to the outside world, low prio
- First regular PC to the outside world, high prio
... And so on.
Each incoming packet is also marked using this scheme starting from 16.
I’m sorry for this long question, but I have given up to set this up using the tc command, there is too little documentation about traffic shaping and I don’t know where to go next.