My aim was to make traffic shaping in our office. Internet router and development server is the same computer. Local network which consist of workstations has to have 300 kbit internet access and also full 1Gbit access to development server. Development server has to have unlimited access to internet. So we have to shape only the traffic which goes from local network to internet. My local network interface is eth1, internet interface is eth0. Local network is 192.168.0.0/255.255.255.0 and development server’s IP is 192.168.0.1.
I have read some documentation on tc and iptables and wrote this scripts.
shaper.sh
#!/bin/sh # Delete root qdisc from eth1 in case that we execute this script for the second time tc qdisc del dev eth1 root # Create root qdisc tc qdisc add dev eth1 root handle 1:0 htb default 2 # Create main class with 1 Gbit traffic tc class add dev eth1 parent 1:0 classid 1:1 htb rate 1024mbit ceil 1024mbit # Create class for local network with 300 Kbit traffic tc class add dev eth1 parent 1:1 classid 1:2 htb rate 300kbit ceil 300kbit # Create class for development server again with 1 Gbit tc class add dev eth1 parent 1:1 classid 1:3 htb rate 1024mbit ceil 1024mbit # Adding qdiscs to our tree leaves tc qdisc add dev eth1 parent 1:2 sfq tc qdisc add dev eth1 parent 1:3 sfq # Route packets marked with 0x7 to 1:2 qdisc which is for local network tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 7 fw flowid 1:2 # Route packets marked with 0x8 to 1:3 qdisc which is for development server tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 8 fw flowid 1:3
And finaly we have to configure iptables to mark packets 0x7 or 0x8 acording to its source and destination
iptables_config.sh
#!/bin/sh # Create three chains for routing iptables -t mangle -N traffic_office iptables -t mangle -N traffic_office_to_server iptables -t mangle -N traffic_server # Mark traffic from local network 0x7 iptables -t mangle -A traffic_office -j MARK --set-mark 0x7 # Mark traffic from local network to dev server 0x8 iptables -t mangle -A traffic_office_to_server -j MARK --set-mark 0x8 # Mark traffic from internet to dev server 0x8 iptables -t mangle -A traffic_server -j MARK --set-mark 0x8 # Send traffic to chain traffic_server which comes from server and not going to local network iptables -t mangle -A POSTROUTING -s 192.168.0.1 -d ! 192.168.0.0/255.255.255.0 -j traffic_server # Send traffic to chain traffic_server which comes from somewhere, not from local network and goes to dev server iptables -t mangle -A POSTROUTING -s ! 192.168.0.0/255.255.255.0 -d 192.168.0.1 -j traffic_server # Send traffic to chain traffic_office which comes not from dev server and goes to local network iptables -t mangle -A POSTROUTING -s ! 192.168.0.1 -d 192.168.0.0/255.255.255.0 -j traffic_office # Send traffic to chain traffic_office which comes local network and goes not to dev server iptables -t mangle -A POSTROUTING -s 192.168.0.0/255.255.255.0 -d ! 192.168.0.1 -j traffic_office # Send traffic to chain traffic_office_to_server which comes dev server and goes to local network iptables -t mangle -A POSTROUTING -s 192.168.0.1 -d 192.168.0.0/255.255.255.0 -j traffic_office_to_server # Send traffic to chain traffic_office_to_server which comes local network and goes to dev server iptables -t mangle -A POSTROUTING -s 192.168.0.0/255.255.255.0 -d 192.168.0.1 -j traffic_office_to_server
Your right there are great opportunities but paying for one isn’t the best
Hi,
Is there a way to traffic shape 3 nic devices example
traffic shape:
eth1 60mbit
eth0 15mbit
eth2 45mbit
Jorge
Pingback: QoS – split bandwidth across all IPs during high load
Pingback: QoS - split bandwidth across all IPs during high load - Just just easy answers