Topic: Limiting bandwith for 1 lan ip

[hb55047]

i searched the forums and while i saw a couple of ways to limit bandwith i didnt see any that could help me.  I would like to limit the total bandwith for one lan ip. This computer is connected to the same switch as the other computers so i cannot limit it by the nic on the sme box. what i am looking for is something similar to whats built into clarkconnect where you specify the ip and the limit without having to specify extensions or anything else. Any help would be greatly appreciated.

[cc_skavenger]

Do a search for qos or cbq.  Yes you can limit the user at the nic, AFAIK that is how all bandwidth limiting is done.

HTH

[shanen]

This should get you started...

wget http://sme-solutions.com.au/sme/cbq.init
wget http://sme-solutions.com.au/sme/cbq-256.eth0_down

Copy "cbq.init" to /sbin and set permissions to "755"
Copy "cbq-256.eth0_down" to /etc/sysconfig/cbq

The file "cbq-256.eth0_down" looks like this

DEVICE=eth0,100Mbit,10Mbit
RATE=256Kbit
WEIGHT=25Kbit
PRIO=5
RULE=192.168.0.100

Change "RATE" to what you want to shape the traffic to.
Change "WEIGHT" to 10% of "RATE"
Change "RULE" to the ip of the PC you want to manage traffic to.
Also change the name of the file to reflect the rate (easier to manage when you have multiple rules)

NOTE: this will shape _ALL_ traffic
There is some nice examples at the beginning of the cbq.init file.


Run cbq.init
# /sbin/cbq.init start

Good luck

Shane

[hb55047]

thank you both, i read the information provided. i realized what i originally wanted is next to impossible.  
With the layout of:
 internet->sme server->switch->4 pcs
i was hoping to limit one of those pcs while the others on the same network would not be affected. I think i might add another nic to the server and put that pc on it since it connects wirelessly and i would like to make it more secure. Just out of curiousity since i havent tried it yet, i was planning put the wap on its own network with dhcp. i wanted it being totally isolated from the wan and lan but be able to vpn into the lan and go through that to the internet. does this sound possible by just adding a nic and the necessary network info?

[shanen]

There is nothing hard about and it is definately possible. Just use static ip for the pc you want to shape. It just works...

[hb55047]

lol oh ok i think i misunderstood. in the document i only saw networks in the samples didnt realize that a single ip could be substituted. thank you very much

[Doso]

Run cbq.init
# /sbin/cbq.init start

Good luck

Shane

when i run this command it says permission denied, but if i run

"cbq start"

it does something, is this ok to run the program, and will this restart itself everytime i restart the esmith box

[shanen]

Run cbq.init
# /sbin/cbq.init start

Good luck

Shane

when i run this command it says permission denied, but if i run

"cbq start"

it does something, is this ok to run the program, and will this restart itself everytime i restart the esmith box

You didn't set the permisions for cbq.init
cbq.init is just a later/better version of the script as I understand, so you can run either. It's up to you...
Add the command to your etc/rc.d/rc.local file
eg: /sbin/cbq.init start
or /sbin/cbq start
Depending in what script you wish to use.

Shane

[Doso]

You didn't set the permisions for cbq.init
cbq.init is just a later/better version of the script as I understand, so you can run either. It's up to you...
Add the command to your etc/rc.d/rc.local file
eg: /sbin/cbq.init start
or /sbin/cbq start
Depending in what script you wish to use.

Shane

and how do i set the permissions to "755"?

[byte]

I would set this at...

chown root.root /sbin/cbq.init

then change permissions by typing...

chmod 755 /sbin/cbq.init

HTH

[lajgaard]

I just found this gui for cbq. http://freshmeat.net/projects/cbqinit-gui/ It is programmed i perl. I don't know much about programming. But I seem to remember that contribs are also programmed i perl. Is it difficult to make some changes so we can get a working gui for cbq under the server-manager?

/Carsten

[lajgaard]

When I try to start cbq.init I get:

**CBQ: failed to compile CBQ configuration!

I I type "cbq.init start" agian it seems to start. But how can I be sure? I have tried testing but it seems like it does not work.

/Carsten

[jsk]

Hi,

Have you tried to install eneo-qos_cbq-0.1-05en.noarch.rpm?
You will be able to control bandwidth via server manager panel.

Regards
John

[lajgaard]

Yes I have tried the eneo contrib. But it is very limited in the constructions of the rules. You can only limit bandwidth and really nothing more. Unfortuanatly that does not satisfy my needs.

/Carsten

[Appesteijn]

I thought CBQ was already installed on e-smith (5.6).

So you should make a file in /etc/sysconfig/cbq (like cbq-1024.server-client)
with the following contents:

DEVICE=eth0,100Mbit,10Mbit #my internal network card
RATE=10Kbit
WEIGHT=1Kbit
PEAK=12Kbit
PRIO=6
RULE=192.168.100.120

Now you should be able to start cbq with: 'cbq start'. If you have multiple shaperfiles in /etc/sysconfig/cbq, you can individually start cbq-1024.server-client by adding the filename behind start, eg: 'cbq start cbq-1024.server-client'.

Remember that the only direction you can shape traffic, is outbound of a networkcard. This config file now shapes all outbound traffic, for 192.168.100.120, to 10Kbit (1KB/s). Eg. The client .120 can now download at a maximum of 1 KB/s. His upload is still my full upload capacity, but because your computer wants to know if his transmitted packets did arrive, this download-limiter also limits his upload.

You can limit the upload of the client by shape the traffic of you server's outbound card (eth1). So you should make another file (cbq-1024.client-server) with the correct changes. The problem here is that if you are use NAT, the NAT translation comes before CBQ. So there is only 1 ip-adres (your external one) that is available for shaping. This would mean that you could only shape traffic for all you clients. To overcome this you can let iptables (your firewall) to 'mark' packets coming out of the client (.120) and the shape the traffic on this mark. (instead of the ip-adres)
I don't remeber the excact rule for the firewall, but it should look like this:
iptables --table mangle -A POSTROUTING --out-interface eth1 --source 192.168.100.120 -j MARK --set-mark 1

the cbq-config file should look like this:

DEVICE=eth1,10Mbit,1Mbit #my external network card
RATE=10Kbit
WEIGHT=1Kbit
PEAK=12Kbit
PRIO=6              
MARK=1               #Same number as you gave iptables

You can then test if there are serveral 'virtual network cards': ./tc -s flter show dev eth1
It whould return something like this:

filter parent 1: protocol ip pref 200 fw
filter parent 1: protocol ip pref 200 fw handle 0x2 classid 1:1280

With this command: ./tc -s class show dev eth1
you can see if any data is going through the slower data-channel. It should return something like this:

class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
Sent 12300615 bytes 14751 pkts (dropped 0, overlimits 0)
borrowed 0 overactions 0 avgidle 624 undertime 0
class cbq 1:1280 parent 1: leaf 1280: rate 150Kbit (bounded) prio 6
Sent 4189511 bytes 5771 pkts (dropped 291, overlimits 1975)
backlog 16p
borrowed 0 overactions 587 avgidle 39805 undertime 0