Traffic Shaping using tc

Question

I have a 1.5 Mbit/s link that i want to share with 150 users.

My setup is the following:

Linux box with 3 NICs eth0 - public ip eth1 - subnet A - 50 users (static ips) eth2 - subnet B - 100 users (via dhcp)

I am using squid as a transparent proxy on port 3128. dhcp server using ports 67 and 68.

I was creating, but I think packets are not going to the right queues

#!/bin/bash
DEV=eth0

RATE_MAIN=2048kbit 
CEIL_MAIN=2048kbit
BURST=1b
CBURST=1b

RATE_DEFAULT=1024kbit 
CEIL_DEFAULT=$CEIL_MAIN
PRIO_DEFAULT=3

RATE_P2P=1024Kbit
CEIL_P2P=$CEIL_MAIN
PRIO_P2P=4

RATE_IND=32kbit
CEIL_IND=$CEIL_DEFAULT

tc qdisc del dev $DEV root

tc qdisc add dev $DEV root handle 1: htb default 30
tc class add dev $DEV parent 1: classid 1:1 htb rate $RATE_MAIN ceil $CEIL_MAIN
tc class add dev $DEV parent 1:1 classid 1:10 htb rate $RATE_DEFAULT ceil $CEIL_MAIN burst $BURST cburst $CBURST prio $PRIO_WEB

## some other sub class for p2p other traffic
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $RATE_P2P ceil $CEIL_P2P burst $BURST cburst $CBURST prio $PRIO_P2P

$IPS_NET1=50
$IPS_NET2=100
let $IPS=$IPS_NET1+$IPS_NET2
for ((i=1; i<= $IPS; i++))
do
    let CLASSID=($i+100)
    let HANDLE=($i+100)

    tc class add dev $DEV parent 1:10 classid 1:$CLASSID htb rate $RATE_IND ceil $CEIL_IND

    tc qdisc add dev $DEV parent 1:$CLASSID handle $HANDLE: sfq perturb 10
done

## Generate IP addresses ##
IP_ADDRESSES=""

# Subnet A
BASE_IP=10.10.10.
for ((i=2; i<=$IPS_NET1+1; i++))
do
 TEMP="$BASE_IP$i"
 IP=ADDRESSES="$IP_ADDRESSES $TEMP"
done

# Subnet B
BASE_IP=192.168.0.

for ((i=2; i<=$IPS_NET2+1; i++))
do
 TEMP="$BASE_IP$i"
 IP_ADDRESSES="$IP_ADDRESSES $TEMP"
done

## FILTERS ##
j=1
U32="tc filter add dev $DEV protocol ip parent 1:0 prio $PRIO_DEFAULT u32"
for NET in $IP_ADDRESSES; do
 let CLASSID=($j+100)
 $U32_DEFAULT match ip src $NET/32 flowid 1:$CLASSID
 $U32_DEFAULT match ip dst $NET/32 flowid 1:$CLASSID
 let j=j+1
done

Can you guys help me figure out what's wrong with it?

basically I want my classes to be

1:1 (1.5 Mbit ) 1:10 (1024 Kbit) 1:20 (1024 Kbit) (200 ips each with 32 kbit)

Answer 1

I'm still getting into traffic shaping myself and found the HTB Linuxqueuing discipline manual - user guide a great read. Its examples describe almost exactly what your doing.

Answer 2

It looks like you are trying to create one class per ip address, generally that isn't done, especially when you have such a tiny amount of bandwidth to begin with.

I would try something like wondershaper first.

But 1.5 Mbit/s with 150 users? That is most likely just not going to work. You haven't said what these users are going to be doing, I hope they have locked down machines that are only allowed to run an intranet app.

Answer 3

If your link is only 1.5 MBit/s, why do you have a RATE_MAIN of 2048kbit (which is over 2 MBit/s)? If you lie at tc regarding what your absolute maximum bandwidth is, it will never be able to manage the bandwidth even close to how you configured it.

Also please note that usually 1.5 MBit/s are 1500 kbit/s and 1500000 bit/s. However, in tc 1 mbit equals 1024 kbit which equals 1048576 bit/s.

If your link is 1.5 MBit/s, your theoretical maximum is 187500 bps (in tc bps means BYTES per second, not bits per second, as we are used to) and to have effective traffic filtering, you usually need to decrease this by some realistic percentage. If there is no additional protocol overhead involved (other than TCP/IP, but this is already accounted by tc automatically), then you take maybe 90% of that. If you have a DSL line behind it (maybe with SNAP+LLC+PPPoE+AAL5+ATM), you better take only 80% of that.

Last but not least, you try to give each user a class that is 32 kbit (in tc that is 32 * 1024 kbit/s).

150 * 32 = 4800

You are aware that this is WAY OVER your line speed, are you?

If you expect HTB to work correctly and the way most people expect it to work, the sum of all child classes rates and ceilings may not exceed the rate and ceiling of its parent class. And you are way over that (1024 is the value of your parent class).