Portál AbcLinuxu, 26. dubna 2024 05:33
/root/sbin/tc qdisc del dev eth0 root 2>/dev/null /root/sbin/tc qdisc del dev eth0 ingress 2>/dev/null /root/sbin/tc qdisc add dev eth0 root handle 1:0 htb r2q 2 /root/sbin/tc class add dev eth0 parent 1:0 classid 1:1 htb rate 100Mbit ceil 100Mbit /root/sbin/tc class add dev eth0 parent 1:1 classid 1:2 htb rate 50000kbit ceil 50000kbit /root/sbin/tc class add dev eth0 parent 1:2 classid 1:2101 htb rate 1024kbit ceil 1500kbit prio 3 /root/sbin/tc class add dev eth0 parent 1:2 classid 1:2102 htb rate 1024kbit ceil 1500kbit prio 3 # Vytvoreni sfq pravidel.. /root/sbin/tc qdisc add dev eth0 parent 1:2101 handle 2101:0 sfq perturb 15 /root/sbin/tc qdisc add dev eth0 parent 1:2102 handle 2102:0 sfq perturb 15 #iptables pravidla /sbin/iptables -t mangle -A FORWARD -s 192.168.190.0/24 -j MARK --set-mark 3 /sbin/iptables -t mangle -A FORWARD -d 192.168.190.0/24 -j MARK --set-mark 3 /sbin/iptables -t mangle -A FORWARD -s 172.16.1.254 -j MARK --set-mark 4 /sbin/iptables -t mangle -A FORWARD -d 172.16.1.254 -j MARK --set-mark 4 /root/sbin/tc filter add dev eth0 parent 1:0 protocol ip handle 3 fw flowid 1:2101 /root/sbin/tc filter add dev eth0 parent 1:0 protocol ip handle 4 fw flowid 1:2102takto shapuji na eth0 jeste to same mam na eth1. A shapuji pro asi 2000 IP adres. tady jsem poslal usek pro dve IP adresy. Nenapada nekoho jak to zefektivnit protoze zatez serveru je ve vecernich hodinach dosti zalostna :( Dekuji
-A FORWARD -d 172.16.182.0/255.255.255.0 -j pravidlo_16_182tim iptables nemusi projit 2000 radku ale jen mensi cast. Doufal jsem ze to pomuze ale nic moc vyrazne to nezlepsi :(
tc filter add dev eth0 parent 1:0 protocol ip prio 5 u32 match ip src x.x.x.x flowid 1:2Dekuji
. Pouzivas HTB na forwardovany traffic?
1.6.2007 21:48
10.12.2006 22:00
tc neumí do ifb poslat ingress.
#! /bin/bash
# definujeme cesty v systemu
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
DEV="eth0" # Zarizeni na kterem nenatujeme!
RATE="102400" # Maximalni rychlost linky v kbitech, nyni 100Mbit
IP_ADRESY_TRIDA_A="192.168.190.0/24"
IP_ADRESY_TRIDA_B="172.16.1.254"
# Smazeme vsechny root qdisc
I="1"
while true; do
if [ "`tc qdisc | grep -v 0: | cut -d \" \" -f3 | sed -n ${I}p`" ]; then
tc qdisc del dev "`tc qdisc | grep -v 0: | cut -d \" \" -f5 | sed -n ${I}p`" root &>/dev/null
tc qdisc del dev "`tc qdisc | grep -v 0: | cut -d \" \" -f5 | sed -n ${I}p`" ingress &>/dev/null
else
break
fi
i="`expr 1 + $I`"
done
#
# Deaktivuji vsechna ifb zarizeni
I="1"
while true; do
if [ "`ip link show | grep ifb | cut -d \" \" -f 2 | cut -d: -f1 | sed -n ${I}p`" != "" ]; then
ip link set "`$IP link show | grep ifb | cut -d \" \" -f 2 | cut -d: -f1 | sed -n ${I}p`" down
else
break
fi
I="`expr $I + 1`"
done
# Odstraneni modulu pro ifb
rmmod -f ifb &>/dev/null
# Zavedeni modulu pro ifb
modprobe ifb numifbs=1 &>/dev/null
# Zacatek ifb0
tc qdisc add dev $DEV ingress
tc filter add dev $DEV parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:0 action mirred egress redirect dev ifb0
# Chceme nasadit stejny QoS jak na odchozi tak na prichozi provoz na danem rozhrani
for DEV in $DEV ifb0; do
# Vytvorime root qdisc
tc qdisc add dev $DEV root handle 1:0 prio bands 3 priomap 2 2 2 2 2 2 0 0 2 2 2 2 2 2 2 2
# Ve trech zakladnich prio tridach vytvorime esfq pro nelimitovany traffic a htb pro limitovany
tc qdisc add dev $DEV parent 1:1 handle 11:0 sfq perturb 10
tc qdisc add dev $DEV parent 1:2 handle 12:0 sfq perturb 10
tc qdisc add dev $DEV parent 1:3 handle 13:0 hfsc default 111
# Zakladni hfsc tride dame plnou rychlost, dalsi budou mit rychlost sdilenou HTTP,mail, DC++,
tc class add dev $DEV parent 13:0 classid 13:1 hfsc ls m2 ${RATE}kbit ul m2 ${RATE}kbit # nastavime maximum omezovani na 100Mbit
tc class add dev $DEV parent 13:1 classid 13:111 hfsc ls m2 $[5*${RATE}/10]kbit ul m2 ${RATE}kbit # 50Mbit, strop 100Mbit
tc class add dev $DEV parent 13:1 classid 13:112 hfsc ls m2 $[${RATE}/100]kbit ul m2 $[2*${RATE}/100]kbit # 1024kbit, strop 2048kbit
tc class add dev $DEV parent 13:1 classid 13:113 hfsc ls m2 $[${RATE}/100]kbit ul m2 $[1*${RATE}/100]kbit # 1024kbit, strop 1024kbit
# V kazde tride jeste pouziji sfq
tc qdisc add dev $DEV parent 13:111 handle 111:0 sfq perturb 10
tc qdisc add dev $DEV parent 13:112 handle 112:0 sfq perturb 10
tc qdisc add dev $DEV parent 13:113 handle 113:0 sfq perturb 10
# Pro tideni paketu pouziji tc
for IP in $IP_ADRESY_TRIDA_A; do
tc filter add dev $DEV parent 13:0 protocol ip u32 match ip src $IP flowid 13:112
tc filter add dev $DEV parent 13:0 protocol ip u32 match ip dst $IP flowid 13:112
done
for IP in $IP_ADRESY_TRIDA_B; do
tc filter add dev $DEV parent 13:0 protocol ip u32 match ip src $IP flowid 13:113
tc filter add dev $DEV parent 13:0 protocol ip u32 match ip dst $IP flowid 13:113
done
done
15.12.2006 18:42
LFCIB | skóre: 19
| blog: LFCIB
| /home/lfcib
/sbin/iptables -t mangle -N D_192 /sbin/iptables -t mangle -A FORWARD -d 192.0.0.0/8 -j D_192 /sbin/iptables -t mangle -N S_192 /sbin/iptables -t mangle -A FORWARD -s 192.0.0.0/8 -j S_192 /sbin/iptables -t mangle -N D_192_168 /sbin/iptables -t mangle -A D_192 -d 192.168.0.0/16 -j D_192_168 /sbin/iptables -t mangle -N S_192_168 /sbin/iptables -t mangle -A S_192 -s 192.168.0.0/16 -j S_192_168 /sbin/iptables -t mangle -N D_192_168_1 /sbin/iptables -t mangle -A D_192_168 -d 192.168.1.0/24 -j D_192_168_1 /sbin/iptables -t mangle -N S_192_168_1 /sbin/iptables -t mangle -A S_192_168 -s 192.168.1.0/24 -j S_192_168_1 /sbin/iptables -t mangle -A D_192_168_1 -d 192.168.1.130 -j MARK --set-mark 101 /sbin/iptables -t mangle -A S_192_168_1 -s 192.168.1.130 -j MARK --set-mark 3101 /sbin/iptables -t mangle -A D_192_168_1 -d 192.168.1.131 -j MARK --set-mark 102 /sbin/iptables -t mangle -A S_192_168_1 -s 192.168.1.131 -j MARK --set-mark 3102 ...pakety tak misto 2000 po sobe jdoucoch pravidel (z nich jen JEDNO je to spravne(!!)) prochazi hierarchicky treba jen 50 pravidel a zatez CPU jde rapidne dolu! Podstatatne je, ze s pribyvajicimi pravidly nevzrusta zatez cpu linearne, ale, ehm, pomaleji. Na PD 3.4GHz shapujeme cca 120 Mbps / >24kpps pro cca 4000 ip adres a zatez CPU je kolem 75% ve spicce, 35% v prumeru. Masina je intel-only, jadro rady 2.6.20, 2×gbit lan, no imq, no ifb a je 100% stable. Sic toto reseni neni uplne idelani, tak momentalnim potrebam a zamerum vic nez vyhovuje.
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.
1.6.2007 17:08