3

Requirements:

There is an arbitrary number of users per group. Bandwidth for any particular group is 1000kbps. Bandwidth for each user in a group is 70 kbps. At any time no user should not consume bandwidth more than 70kbps. I am using tc & iptables & ipset.

ipset -L slowips

Name: slowips
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 240
References: 3
Members:
172.16.79.3
172.16.79.4

IPTABLES:

iptables -t mangle -I POSTROUTING -m set --match-set slowips dst -j CLASSIFY --set-class 1:12

My script for TC :

#!/bin/bash
tc qdisc del dev eth0 root
tc qdisc del dev eth1 root

tc qdisc add dev eth0 parent root handle 1: hfsc default 11
tc class add dev eth0 parent 1: classid 1:1 hfsc sc rate 1000kbps ul rate 1000kbps
tc class add dev eth0 parent 1:1 classid 1:11 hfsc sc rate 1000kbps ul rate 1000kbps
tc class add dev eth0 parent 1:1 classid 1:12 hfsc sc rate 70kbps ul rate 70kbps

tc qdisc add dev eth0 parent 1:11 handle 11:1 pfifo
tc qdisc add dev eth0 parent 1:12 handle 12:1 pfifo

With the above setup, single user gets 70kbps bandwidth, when another user logs in, the 70 kbps bandwidth is divided between them. What I actually want is for newly logged in user to get 70kbps bandwidth, as slab is 1000kbps.

techiek7
  • 41
  • 5
  • My initial answer didn't address your question properly. Maybe nftables flow table indexed by the meta skuid selector? This isn't iptables, but iptables' limit and hashlimit don't allow for user based selection. – Andrew Domaszek Mar 30 '17 at 20:34

0 Answers0