[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments on Setup
I've got a T1 connection to the Internet, and I'm trying to limit one of
our customers from sucking up all our bandwidth. I've come up with the
following script which seems to work fine in a test area of 4 or 5
machines, but I'm wondering if there is anything I should be looking out
for when I put it on the full network, with thousands of IP connections
going through it instead of just the 10-20 I have going in my tests. Any
comments would be appreciated.
BTW: eth1 is the interface that leads to a CISCO 2500 router with the T1,
there is a similar script running on eth0 to limit outgoing bandwidth. All
that is changed is that the dst's in the filters are changed to src's and
IFACE=eth0
#!/bin/bash
IFACE=eth1
TC=/usr/local/sbin/tc
BANDWIDTH=192kbps
THR_BW=40kbps
REST_RATE=152kbps
ESTIMATOR="est 500msec 2s"
AVPKT=1000
DEV="dev $IFACE"
$TC qdisc add $DEV handle 10:0 root cbq bandwidth 10Mbit avpkt $AVPKT
# Add in base class that contains all our bandwidth
$TC class add $DEV parent 10:0 classid 10:1 cbq \
bandwidth 10Mbit rate $BANDWIDTH allot 1514 avpkt $AVPKT \
bounded isolated
$TC qdisc add $DEV parent 10:1 pfifo limit 20
# Add in throttled network
$TC class add $DEV parent 10:1 classid 10:20 $ESTIMATOR cbq \
bandwidth 10Mbit rate $THR_BW avpkt $AVPKT allot 1514 borrow
$TC qdisc add $DEV parent 10:20 pfifo limit 20
# Anything coming out of the 10.1.2.0 network is throttled
$TC filter add $DEV parent 10:0 proto ip prio 1 u32 \
match ip dst 10.1.2.0/24 classid 10:20
# Add in default We use borrow, even though there should be no remaining
# bandwidth, just in case we messed up the REST_RATE calc
$TC class add $DEV parent 10:1 classid 10:10 $ESTIMATOR cbq \
bandwidth 10Mbit rate $REST_RATE avpkt $AVPKT allot 1514 \
borrow defmap 1
$TC qdisc add $DEV parent 10:10 pfifo limit 50
$TC filter add $DEV parent 10:0 proto ip prio 5 u32 \
match ip dst any classid 10:10