Hi, Thanks for all the comments!, do you know of any web frontends for these apps? (don't want to go reinventing the wheel) Something that preferably uses a mysql backend. Regards, Bruce Grobler Yo! Africa - Network Engineer Cell : 0912364532 Skype: bruce.grobler -----Original Message----- From: Chris Caputo [mailto:ccaputo@alt.net] Sent: Friday, January 30, 2009 9:54 PM To: C. Jon Larsen Cc: Scott Berkman; nanog@nanog.org Subject: RE: Shaping on a large scale On Fri, 30 Jan 2009, C. Jon Larsen wrote:

...

Open source you can do a custom setup with IPTables and iproute2, but it will take some work to get the same kind of features and management interface. LARTC is a good reference for this kind of topic: http://lartc.org/. Also I'm not sure if someone has built this into any of the firewall specific linux distros yet, so you may want to explore those a little.

The scripts below will set max bandwidth on an interface to 60mbit, and setup a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a physical server to limit bandwidth to a virtual server(s) on the physical server. Should work just as well on a dual-armed router/firewall shaping devices behind it. You would just create more classes (1:11, 1:12, etc) for more clients/ips to shape and you might want to knock the ceiling on the default (1:30) class down to guarantee the bandwidth to the 1:10, 1:11...classes.

tc qdisc add dev eth0 root handle 1: htb default 30

tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit burst 150k

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

## limit a.b.c.d to 3mbit/sec: U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32" $U32 match ip src a.b.c.d/32 flowid 1:10 $U32 match ip dst a.b.c.d/32 flowid 1:10

tc -s -d qdisc show dev eth0

tcng - Traffic Control Next Generation (http://tcng.sourceforge.net/) provides a configuration language that abstracts the gnarliness above. Chris