Robert
emil.konev na atlas.cz
Pátek Červenec 7 10:24:51 CEST 2006
Pátek Červenec 7 10:24:51 CEST 2006
- Předchozí příspěvek: tc, QoS, priority
- Následující příspěvek: Mrs. Tracy Blok
- Zprávy tříděné podle: [ data ] [ vlákna ] [ subjektu ] [ autora ]
ja vychazel z techto dvou scriptu 1. ### Configuration START SPEED="2048" ### Configuration STOP presne tohle na vas ceka. SPEED je rychlost jakou muzou pres vas router tect data. Zpravidla se uvadi rychlost vaseho pripojeni do site CZF. Co ktery script dela: qosclear -vycisti aktualni nastaveni QoS qos-stat - vypise aktualni konfiguraci QoS qos_base -nastavuje QoS. Takze tenhle script spoustejte treba pri startu pocitace Nezapomente si skript pro nastaveni QoS pridat do runlevelu A tady jsou otisky verze z 28.3.02 23:37: qos-stat ------------------------------------------------------------- echo "Existing configuration:" ### Configuration START ### Configuration STOP FACES="`ip l l | grep "^[0-9]" | grep -vE "(sit|gre|ipip|tun|dummy|lo)" | sed "s/^[0-9]*: \([^:]*\).*/\1/g"`" for FACE in ${FACES} ; do echo "Configuration for:" echo ${FACE} tc -s -d qdisc show dev ${FACE} tc -s -d class show dev ${FACE} done ------------------------------------------------------------ qosclear ----------------------------------------------------------- echo "Applying QOS rules" # Set global variables IPTABLES="iptables" TC="/sbin/tc" ### Configuration START ### Configuration STOP FACES="`ip l l | grep "^[0-9]" | grep -vE "(sit|gre|ipip|tun|dummy|lo)" | sed "s/^[0-9]*: \([^:]*\).*/\1/g"`" echo "Remove Qdisc root classes" for FACE in ${FACES} ; do $TC qdisc del dev ${FACE} root &>/dev/null done echo "Remove IPTables packed mangling, set defaults" $IPTABLES -t mangle -F INPUT $IPTABLES -t mangle -F OUTPUT $IPTABLES -t mangle -F PREROUTING $IPTABLES -t mangle -F POSTROUTING $IPTABLES -t mangle -F FORWARD $IPTABLES -t mangle -P INPUT ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P POSTROUTING ACCEPT $IPTABLES -t mangle -P FORWARD ACCEPT -------------------------------------------------------------------------------- qos_base --------------------------------------------------------------------------------- #!/bin/sh echo "Applying QOS rules" echo "-Set global variables" IPTABLES="/sbin/iptables" TC="/sbin/tc" ### Configuration START # $SPEED must be /2 SPEED="2048" ### Configuration STOP FACES="`ip l l | grep "^[0-9]" | grep -vE "(sit|gre|ipip|tun|dummy|lo|teql)" | sed "s/^[0-9]*: \([^:]*\).*/\1/g"`" STOCHASIS="sfq perturb 10" echo "-Remove Qdisc root classes" for FACE in ${FACES} ; do $TC qdisc del dev ${FACE} root &>/dev/null done echo "-Remove IPTables packed mangling, set defaults" $IPTABLES -t mangle -F INPUT $IPTABLES -t mangle -F OUTPUT $IPTABLES -t mangle -F PREROUTING $IPTABLES -t mangle -F POSTROUTING $IPTABLES -t mangle -F FORWARD $IPTABLES -t mangle -P INPUT ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P POSTROUTING ACCEPT $IPTABLES -t mangle -P FORWARD ACCEPT echo "-Trafic Marking" for FACE in ${FACES} ; do # SSH $IPTABLES -t mangle -A OUTPUT -p tcp --sport 22 -o ${FACE} -j MARK --set-mark 1 $IPTABLES -t mangle -A OUTPUT -p tcp --dport 22 -o ${FACE} -j MARK --set-mark 1 $IPTABLES -t mangle -A FORWARD -p tcp --sport 22 -o ${FACE} -j MARK --set-mark 1 $IPTABLES -t mangle -A FORWARD -p tcp --dport 22 -o ${FACE} -j MARK --set-mark 1 # interactive UDP aplication, suported: Half-Life $IPTABLES -t mangle -A FORWARD -p udp --sport 27015 -o ${FACE} -j MARK --set-mark 10 $IPTABLES -t mangle -A FORWARD -p udp --dport 27015 -o ${FACE} -j MARK --set-mark 10 # Ping $IPTABLES -t mangle -A FORWARD -p icmp -o ${FACE} -j MARK --set-mark 20 # Routing, suported: OSPF $IPTABLES -t mangle -A FORWARD -p ospf -o ${FACE} -j MARK --set-mark 30 $IPTABLES -t mangle -A FORWARD -p tcp --sport 179 -o ${FACE} -j MARK --set-mark 30 $IPTABLES -t mangle -A FORWARD -p tcp --dport 179 -o ${FACE} -j MARK --set-mark 30 # Huge data transfer, suported: FTP, HTTP, HTTPS, alt. HTTP $IPTABLES -t mangle -A OUTPUT -p tcp --sport 20 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A OUTPUT -p tcp --dport 20 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --sport 20 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --dport 20 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A OUTPUT -p tcp --sport 21 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A OUTPUT -p tcp --dport 21 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --sport 21 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --dport 21 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A OUTPUT -p tcp --sport 80 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A OUTPUT -p tcp --dport 80 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --sport 80 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --dport 80 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --sport 443 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --dport 443 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A OUTPUT -p tcp --sport 8080 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A OUTPUT -p tcp --dport 8080 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --sport 8080 -o ${FACE} -j MARK --set-mark 40 $IPTABLES -t mangle -A FORWARD -p tcp --dport 8080 -o ${FACE} -j MARK --set-mark 40 # email: SMTP,IMAP, IMAPS, POP3, POP3S $IPTABLES -t mangle -A FORWARD -p tcp --sport 110 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --dport 110 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --sport 143 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --dport 143 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --sport 25 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --dport 25 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --sport 993 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --dport 993 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --sport 995 -o ${FACE} -j MARK --set-mark 50 $IPTABLES -t mangle -A FORWARD -p tcp --dport 995 -o ${FACE} -j MARK --set-mark 50 done echo "-Create HTB classes" for FACE in ${FACES} ; do $TC qdisc add dev ${FACE} root handle 1: htb default 30 $TC class add dev ${FACE} parent 1: classid 1:1 htb rate ${SPEED}kbit ceil ${SPEED}kbit burst 10k $TC class add dev ${FACE} parent 1:1 classid 1:11 htb rate 64kbit ceil 256kbit burst 2k prio 1 # SSH class $TC class add dev ${FACE} parent 1:1 classid 1:110 htb rate 64kbit ceil $((${SPEED}/4))kbit burst 2k prio 2 # interactive class $TC class add dev ${FACE} parent 1:1 classid 1:120 htb rate 32kbit ceil 128kbit burst 1k prio 4 # ping class $TC class add dev ${FACE} parent 1:1 classid 1:130 htb rate 32kbit ceil 64kbit burst 1k prio 1 # routing class $TC class add dev ${FACE} parent 1:1 classid 1:140 htb rate 32kbit ceil $((${SPEED}/2))kbit burst 5k prio 3 # data transfer class $TC class add dev ${FACE} parent 1:1 classid 1:150 htb rate 128kbit ceil $((${SPEED}/2))kbit burst 5k prio 2 # email class $TC class add dev ${FACE} parent 1:1 classid 1:30 htb rate 32kbit ceil $((${SPEED}/2))kbit burst 2k prio 5 # nonsuported trafic class done echo "-Add stochasic fairness to HTB classes" for FACE in ${FACES} ; do $TC qdisc add dev ${FACE} parent 1:11 handle 111: $STOCHASIS # SSH sub-classes $TC qdisc add dev ${FACE} parent 1:110 handle 1101: $STOCHASIS # interactive sub-classes $TC qdisc add dev ${FACE} parent 1:120 handle 1201: $STOCHASIS # ping sub-classes $TC qdisc add dev ${FACE} parent 1:130 handle 1301: $STOCHASIS # routing sub-classes $TC qdisc add dev ${FACE} parent 1:140 handle 1401: $STOCHASIS # data transfer sub-classes $TC qdisc add dev ${FACE} parent 1:150 handle 1501: $STOCHASIS # email sub-classes $TC qdisc add dev ${FACE} parent 1:30 handle 301: $STOCHASIS # nonsuported trafic class done echo "-Redirect marked services to HTB classes" for FACE in ${FACES} ; do $TC filter add dev ${FACE} parent 1:0 protocol ip handle 1 fw flowid 1:11 # SSH $TC filter add dev ${FACE} parent 1:0 protocol ip handle 10 fw flowid 1:110 # interactive $TC filter add dev ${FACE} parent 1:0 protocol ip handle 20 fw flowid 1:120 # ping $TC filter add dev ${FACE} parent 1:0 protocol ip handle 30 fw flowid 1:130 # routing $TC filter add dev ${FACE} parent 1:0 protocol ip handle 40 fw flowid 1:140 # data transfer $TC filter add dev ${FACE} parent 1:0 protocol ip handle 50 fw flowid 1:150 # email done 2. #!/bin/sh # # GameScript This script establishes policy routing and traffic # control rules to minimize latency for game packets # in the presence of other traffic. # # Besides this script, there is one other thing that must be done. # Assuming that iproute2 is already installed, edit the file # /etc/iproute2/rt_tables and add the following line at the bottom: # "100 Small_MTU" # *********************************************************************** # DEFINES * # *********************************************************************** # Change these values as required to reflect your setup # Addresses and Interfaces LAN_IP_RANGE="192.168.1.0/24" LAN_IP="192.168.0.1" LAN_INTERFACE="eth0" LOCALHOST_IP="127.0.0.1/32" INTERNET_IP_RANGE="123.123.123.0/24" INTERNET_IP="123.123.123.123" INTERNET_GATEWAY="123.123.123.1" INTERNET_INTERFACE="eth1" # Executables IPTABLES="/sbin/iptables" TC="/sbin/tc" IP="/sbin/ip" # Information used to identify game traffic. # add more as required HOST1="192.168.0.2" HOST1_GAME_PORT="3724" # Packet marks (arbitrary) GAME_PACKET="1" # For traffic shaping: # # The numbers below were arrived at by test on a DSL # line with nominal line speeds of 128 kbit up and # 1400 kbit down. Actual measured throughput was # about 90 kbit up and 1150 kbit down. # # A note regarding MTU: Standard ethernet MTU is 1500 # bytes, which which resulted in unacceptable single # packet xmit waits of 1500 x 8 / 90,000 = 133 msec. # Lowering the interface MTU changes the MTU in both # directions, which helped uplink latency but hurt # downlink throughput. Lowering the interface MTU to # 256 bytes resulted in a downlink throughput of less # than 500kbit. An interface MTU in the 400 - 500 byte # range provided an acceptable compromise, with single # packet xmit times of about 40 msec and downlink speeds # of about 700kbit. However, leaving the interface MTU # at 1500 bytes and setting a lower per-route MTU that # only affected non-game uplink traffic was the best # solution. An uplink MTU smaller than 256 bytes would # help latency even more, but tc and/or htb don't seem # to like mtu's below 256 and, besides, 256 results in a max # single packet xmit wait of around 25 msec, with # even better average behavior. STD_MTU="1500" TC_MTU="256" TC_MSS=$(( $STD_MTU - 40 )) TC_UPLINK_RATE="90" TC_DOWNLINK_RATE="1000" TC_GAME_RATE="30" TC_GAME_CEIL=$TC_UPLINK_RATE TC_OTHER_RATE=$(( $TC_UPLINK_RATE - $TC_GAME_RATE )) TC_OTHER_CEIL=$(( $TC_UPLINK_RATE - $TC_GAME_RATE )) # ********************************************************************* # RULES * # ********************************************************************* case "$1" in start) # *************************************************************** # MANGLE Table PREROUTING Chain * # *************************************************************** # Firewall packet marking TCP game traffic from Host1 $IPTABLES --table mangle \ --append PREROUTING \ --protocol TCP \ --in-interface $LAN_INTERFACE \ --source $HOST1 \ --source-port $HOST1_GAME_PORT \ --jump MARK \ --set-mark $GAME_PACKET # Firewall packet marking UDP game traffic from Host1 $IPTABLES --table mangle \ --append PREROUTING \ --protocol UDP \ --in-interface $LAN_INTERFACE \ --source $HOST1 \ --source-port $HOST1_GAME_PORT \ --jump MARK \ --set-mark $GAME_PACKET # Firewall packet marking TCP game traffic to Host1 $IPTABLES --table mangle \ --append PREROUTING \ --protocol TCP \ --in-interface $INTERNET_INTERFACE \ --destination $HOST1 \ --destination-port $HOST1_GAME_PORT \ --jump MARK \ --set-mark $GAME_PACKET # Firewall packet marking UDP game traffic to Host1 $IPTABLES --table mangle \ --append PREROUTING \ --protocol UDP \ --in-interface $INTERNET_INTERFACE \ --destination $HOST1 \ --destination-port $HOST1_GAME_PORT \ --jump MARK \ --set-mark $GAME_PACKET # *************************************************************** # Policy Routing * # *************************************************************** # Delete any existing / old rules. $IP rule del priority 4000 2> /dev/null $IP rule del priority 5000 2> /dev/null # Flush the alternate routing table and routing cache $IP route flush table Small_MTU 2> /dev/null $IP route flush cache # Duplicate the normal routing table except lower the MTU of the # default route. $IP route add $LOCALHOST_IP dev lo table Small_MTU $IP route add $LAN_IP_RANGE dev $LAN_INTERFACE src $LAN_IP \ table Small_MTU proto static $IP route add $INTERNET_IP_RANGE dev $INTERNET_INTERFACE \ src $INTERNET_IP table Small_MTU proto static $IP route add default via $INTERNET_GATEWAY mtu $TC_MTU \ advmss $TC_MSS table Small_MTU proto static # Game traffic continues to go to the main routing table with # so that it can take advantage of larger uplink packet sizes. $IP rule add fwmark $GAME_PACKET priority 4000 table main # Now start referring non-game traffic to the new routing table $IP rule add from 0/0 priority 5000 table Small_MTU $IP route flush cache # *************************************************************** # Uplink Traffic Control * # *************************************************************** # Egress bandwidth shaping and scheduling are performed to ensure # that packets are never queued in the ADSL modem, and that game # packets, if present, take priority over all other traffic. # First delete any previous traffic control rules $TC qdisc del dev $INET_IFACE root 2> /dev/null $TC qdisc del dev $INET_IFACE ingress 2> /dev/null # Now establish the HTB root discipline $TC qdisc add dev $INTERNET_INTERFACE root handle 1:0 \ htb default 11 r2q 1 # Now establish the root class $TC class add dev $INTERNET_INTERFACE parent 1:0 classid 1:1 \ htb rate $TC_UPLINK_RATE"kbit" ceil $TC_UPLINK_RATE"kbit" \ burst 6k cburst 6k # Add leaf class for game traffic $TC class add dev $INTERNET_INTERFACE parent 1:1 classid 1:10 \ htb rate $TC_GAME_RATE"kbit" ceil $TC_GAME_CEIL"kbit" \ prio 1 burst 6k cburst 6k # Add leaf class for non-game traffic. Note that non-game # traffic is capped at about 67% of the available uplink # bandwidth, both for rate and ceiling. This was done # to ensure that sufficient bandwidth (tokens) is always # available for game packets when they arrive. $TC class add dev $INTERNET_INTERFACE parent 1:1 classid 1:11 \ htb rate $TC_OTHER_RATE"kbit" ceil $TC_OTHER_CEIL"kbit" \ prio 2 mtu $TC_MTU # Add fifo queueing discipline for game traffic $TC qdisc add dev $INTERNET_INTERFACE parent 1:10 handle 10: \ pfifo limit 25 # Add prio queueing discipline for non-game traffic to provide # standard TOS priority queueing. $TC qdisc add dev $INTERNET_INTERFACE parent 1:11 handle 11: \ prio # Add sfq queueing discipline for minimize-delay traffic $TC qdisc add dev $INTERNET_INTERFACE parent 11:1 handle 111: \ sfq perturb 5 # Add sfq queueing discipline for best-effort traffic $TC qdisc add dev $INTERNET_INTERFACE parent 11:2 handle 112: \ sfq perturb 5 # Add sfq queueing discipline for maximize-throughput traffic $TC qdisc add dev $INTERNET_INTERFACE parent 11:3 handle 113: \ sfq perturb 5 # Now filter game traffic to leaf 1:10 as first priority $TC filter add dev $INTERNET_INTERFACE parent 1:0 \ protocol ip prio 1 handle $GAME_PACKET fw flowid 1:10 # Empty ack packets are assigned directly to the minimize- # delay queue. $TC filter add dev $INTERNET_INTERFACE parent 11:0 protocol ip \ prio 3 u32 match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 11:1 # The remaining traffic defaults to htb leaf 1:11 # ************************************************************** # Downlink Traffic Control (Ingress Policing) * # ************************************************************** # Downlink traffic is limited to about 85% of actual downlink # capability to prevent upstream queueing. # First establish an ingress qdisc $TC qdisc add dev $INTERNET_INTERFACE handle ffff: ingress # Incoming game traffic is not policed $TC filter add dev $INTERNET_INTERFACE parent ffff: \ protocol ip prio 1 handle $GAME_PACKET fw flowid :1 # Filter everything else to that qdisc and drop packets # that exceed the bandwidth limit $TC filter add dev $INTERNET_INTERFACE parent ffff: \ protocol ip prio 3 u32 match ip src 0.0.0.0/0 \ police rate $TC_DOWNLINK_RATE"kbit" burst 3k drop \ flowid :1 ;; stop) # Remove any uplink throttling $TC qdisc del dev $INTERNET_INTERFACE root 2> /dev/null $TC qdisc del dev $INTERNET_INTERFACE ingress 2> /dev/null # Remove policy routing $IP rule del priority 5000 2> /dev/null $IP rule del priority 4000 2> /dev/null $IP route flush table Small_MTU 2> /dev/null $IP route flush cache ;; restart) $0 stop sleep 3 $0 start ;; *) echo "Usage: ./$0 start|stop|restart}" exit 1 esac exit 0 Robert