Hi,
On Die, 02 Aug 2005, Stephan Balmer wrote:
> Thanks for answering. Unfortunately, your links didn't show me a solution to
> my problem. To illustrate what I'm after, consider two hosts on my network:
> host A with 1 download and host B with 9 downloads. With a setup like yours,
> host B would get 9/10 of the available bandwidth, but I want the rate to be
> fifty-fifty.
The problem is a simple one. Your Router/Firewall sits on the end of a
connection, the other router on the other side of the connection has to decide which packages
to send, and how fast.
On your side you can only try to manage your upstream bandwidth.
BUT, there is a trick with TCP, look for ingres filters these try to
manipulate the tcp connection to regulate the incoming bandwidth.
> So I'm still looking for another solution besides either creating lots of
> filters and classes or going back to FreeBSD. (consider this a threat ;-))
> Thinking of it, this would be a nice time to try out Debian GNU/kFreeBSD.
its not a kernel problem, its a practical problem :-)
and for the record.. here are mine rules.. like written above, i only try to
regulate my upstream, but its enough for my users.
#!/bin/sh
echo 16384 >/proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 16384 >/proc/sys/net/ipv4/ip_conntrack_max
dev=ppp0
tc qdisc del dev $dev root
tc qdisc add dev $dev root handle 1: htb default 30 r2q 1000
# my whole upstream
tc class add dev $dev parent 1: classid 1:1 htb rate 384kbit ceil 384kbit
# ultra fast
tc class add dev $dev parent 1:1 classid 1:9 htb rate 370kbit ceil 370kbit prio 100 burst 60000
# realtime
tc class add dev $dev parent 1:1 classid 1:10 htb rate 210kbit ceil 210kbit prio 10 burst 30000
# bulk
tc class add dev $dev parent 1:1 classid 1:20 htb rate 110kbit ceil 200kbit prio 0
# adding some randomness for more fairness
tc qdisc add dev $dev parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $dev parent 1:20 handle 20: sfq perturb 10
# here some filters..
# dns
tc filter add dev $dev protocol ip parent 1:0 u32 match ip dport 53 0xffff flowid 1:9
tc filter add dev $dev protocol ip parent 1:0 u32 match ip protocol 17 0xff flowid 1:9
# ntp
tc filter add dev $dev protocol ip parent 1:0 u32 match ip dport 123 0xffff flowid 1:9
### schnell
# openvpn
tc filter add dev $dev protocol ip parent 1:0 u32 match ip dst x.x.x.x match ip protocol 17 0xff flowid 1:10
### normal
# http
tc filter add dev $dev protocol ip parent 1:0 u32 match ip dport 80 0xffff flowid 1:20
# ssh
tc filter add dev $dev protocol ip parent 1:0 u32 match ip dport 22 0xffff flowid 1:20
--
Dipl.-Inf. Univ. Florian Reitmeir http://net.multi24.com/
Josef-Schweinester-Str.1 Tel: +43 526 266166
6412 St. Georgen / Austria Fax: +43 526 266166 -10
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment