RE: Shaping on a large scale
Open source you can do a custom setup with IPTables and iproute2, but it will take some work to get the same kind of features and management interface. LARTC is a good reference for this kind of topic: http://lartc.org/. Also I'm not sure if someone has built this into any of the firewall specific linux distros yet, so you may want to explore those a little.
The scripts below will set max bandwidth on an interface to 60mbit, and setup a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a physical server to limit bandwidth to a virtual server(s) on the physical server. Should work just as well on a dual-armed router/firewall shaping devices behind it. You would just create more classes (1:11, 1:12, etc) for more clients/ips to shape and you might want to knock the ceiling on the default (1:30) class down to guarantee the bandwidth to the 1:10, 1:11...classes. tc qdisc add dev eth0 root handle 1: htb default 30 tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit burst 150k tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10 ## limit a.b.c.d to 3mbit/sec: U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32" $U32 match ip src a.b.c.d/32 flowid 1:10 $U32 match ip dst a.b.c.d/32 flowid 1:10 tc -s -d qdisc show dev eth0
-----Original Message----- From: Bruce Grobler [mailto:bruce@yoafrica.com] Sent: Friday, January 30, 2009 12:34 AM To: nanog@nanog.org Subject: Shaping on a large scale
Hi,
Does anyone know of any Shaping appliances to shape customers based on IP, allow for a quota per IP and qos mechanisms like LLQ?, This is should be something that can sit in between two border router's and support a small ISP (20000 customers), also an opensource solution would be great!
On Fri, 30 Jan 2009, C. Jon Larsen wrote:
Open source you can do a custom setup with IPTables and iproute2, but it will take some work to get the same kind of features and management interface. LARTC is a good reference for this kind of topic: http://lartc.org/. Also I'm not sure if someone has built this into any of the firewall specific linux distros yet, so you may want to explore those a little.
The scripts below will set max bandwidth on an interface to 60mbit, and setup a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a physical server to limit bandwidth to a virtual server(s) on the physical server. Should work just as well on a dual-armed router/firewall shaping devices behind it. You would just create more classes (1:11, 1:12, etc) for more clients/ips to shape and you might want to knock the ceiling on the default (1:30) class down to guarantee the bandwidth to the 1:10, 1:11...classes.
tc qdisc add dev eth0 root handle 1: htb default 30
tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit burst 150k
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
## limit a.b.c.d to 3mbit/sec: U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32" $U32 match ip src a.b.c.d/32 flowid 1:10 $U32 match ip dst a.b.c.d/32 flowid 1:10
tc -s -d qdisc show dev eth0
tcng - Traffic Control Next Generation (http://tcng.sourceforge.net/) provides a configuration language that abstracts the gnarliness above. Chris
Hi, Thanks for all the comments!, do you know of any web frontends for these apps? (don't want to go reinventing the wheel) Something that preferably uses a mysql backend. Regards, Bruce Grobler Yo! Africa - Network Engineer Cell : 0912364532 Skype: bruce.grobler -----Original Message----- From: Chris Caputo [mailto:ccaputo@alt.net] Sent: Friday, January 30, 2009 9:54 PM To: C. Jon Larsen Cc: Scott Berkman; nanog@nanog.org Subject: RE: Shaping on a large scale On Fri, 30 Jan 2009, C. Jon Larsen wrote:
Open source you can do a custom setup with IPTables and iproute2, but it will take some work to get the same kind of features and management interface. LARTC is a good reference for this kind of topic: http://lartc.org/. Also I'm not sure if someone has built this into any of the firewall specific linux distros yet, so you may want to explore those a little.
The scripts below will set max bandwidth on an interface to 60mbit, and setup a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a physical server to limit bandwidth to a virtual server(s) on the physical server. Should work just as well on a dual-armed router/firewall shaping devices behind it. You would just create more classes (1:11, 1:12, etc) for more clients/ips to shape and you might want to knock the ceiling on the default (1:30) class down to guarantee the bandwidth to the 1:10, 1:11...classes.
tc qdisc add dev eth0 root handle 1: htb default 30
tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit burst 150k
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
## limit a.b.c.d to 3mbit/sec: U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32" $U32 match ip src a.b.c.d/32 flowid 1:10 $U32 match ip dst a.b.c.d/32 flowid 1:10
tc -s -d qdisc show dev eth0
tcng - Traffic Control Next Generation (http://tcng.sourceforge.net/) provides a configuration language that abstracts the gnarliness above. Chris
participants (3)
-
Bruce Grobler
-
C. Jon Larsen
-
Chris Caputo