Topic: Bandwidth Control (CBQ) not working for upstream

[Lightman]

Hi All
Sorry for the delay, but I takes me a while to learn how to do it.
Here it is.

I finally got the UPSTREAM bandwidth control Working with CBQ.

First, I will refresh my current setup so you know why it is done this way.

ADSL line 512 down/128 up, all my users are behind the sme.

almost 60 % of them do bulk downloads with kazaa and other progs.
no problem with the downstream, since control downstream bandwidth
with cbq is easy as shown before here.
The problem is to block outgoing traffic, I only have 128K for 8 users!,
and It takes only 1 kazaa to use the full 128K of outgoing traffic.
Also another problem was the outgoing Email.

When you send an e-mail with a large attachment, almost all the incoming
traffic stops, this will help that also.

I have 3 interfaces: eth0 (lan) eth1 bonded to the ppp0 (Cisco 677 DSL router)
my connection is PPPoE type.

SMTP and POP OUTGOING traffic, file:
_________________________________
cbq-22.mail
DEVICE=ppp0,128Kbit,12Kbit
RATE=56Kbit
WEIGHT=5Kbit
PEAK=5Kbit
PRIO=5
RULE=:110
RULE=:25
RULE=:,25

FTP OUTGOING traffic, file:
_______________________
cbq-25.ftp
DEVICE=ppp0,128Kbit,12Kbit
RATE=56Kbit
WEIGHT=5Kbit
PEAK=5Kbit
PRIO=5
RULE=:20
RULE=:21

KAZAA OUTGOING traffic, file:
_________________________
cbq-26.kazaa
DEVICE=ppp0,128Kbit,12Kbit
RATE=33Kbit            #HEHEHEHEHE
WEIGHT=3Kbit
PEAK=3Kbit
PRIO=7
RULE=:1214
RULE=:4662
RULE=:4663
RULE=:4665
RULE=:4672

That's all.
It's working now in my SME 5.5, I Hope that it could be of help

I will write a complete CBQ-SME-HOWTO this weekend and post it here.

this work couldn't be done if it wasn't for the fantastic IPTRAF tool,
great program!

see you
Lightman

[Lightman]

Hi Cyrus Bharda

First keep in mind that Outgoing traffic must be filtered in the external interfase, and because of this, it's not possible to do a per-user filtering, since only your
external IP is visible from the outside.

But you can limit by port number as I show in the previous post.

to figure it out I used iptraf, i recommend you to install it and check if you
can see the traffic in "Clear" in eth1.

Monitoring my SME with iptraf in eth1 result in a bunch of non TCP packets, only that, so it's not possible control bandwidth there (that was because i use PPPoE and probably eth1 is doing some tunneling i think).

monitoring ppp0 with the option "ip traffic monitor"=> ppp0 i was able to find out that the destination port of outgoing packet was the 1214 and 4662 (for e2k networks) so I did the configuration to limit this, It is shown in the previous post.
(RULE=:4662 and RULE=:1214) that worked great.

now I was able to do it because i had the ppp0 and I can see the traffic in clear, if you can see the traffic clear with iptraf in eth1 you will be able to do it as well.

remember to use in the interfase eth1 the speed values of your outgoing true capacity (not the lan capacity), or it will not work good (don't know why but
was what i experienced).

I hope that it helps you, let me know if it works

see you
Lightman

[KRS]

Is there anyway to get ut to work with dhcp??
and restrict the bandwith to users
like:
if im alone i get all...  
if we are 2 we split it brotherly..
if we are 10 we devide it in 10 cake-slices...
not just restrict kaza(other) trafic to limited

OFFTOPIC:
I got adsl 512 (telia sweden) so i get a diffrent ip each time i logon.
Is there any easyway to install a dns forward like: KRS.dns2go.com -> diffrent ip

[robert]

gee Im glad to read your long postings Lightman!

its hard enough to follow all of them BUT
without 'em who knows where i'd be !!

many thanks & a GREAT XMAS / NEW YEAR to you kind fellow!

Rob

[marco]

Here was my solution for using CBQ on a per IP basis:


http://www.lightningconnect.net/bridge-howto/SME56withbridge.html

[lightman]

Hi Robert

thanks a lot for your words, but I prefer to thank to all of the people
that contribute with this thread, I only started it.
take a look at the last marco's post, his idea is excellent!.

happy xmas & new year to you too.

see you
Lightman

[lightman]

Hi Marco

WOOW your Idea es Excelent!!

Thanks a lot for sharing it with us, I will build a testbed this weekend and
if all goes well I will implement it on my server, all my users in the building
will be very happy for that hehehe

now seriously that was a very clever idea, I will look also for a way to
simulate the 2 loopback cards instead of use hardware cards, just
to reduce cost and IRQ usage but even using the four cards, is a great
place to put a lan traffic monitor )

thanks a lot

Lightman

[Marco Garza]

Lightman,

If you find a way to make the bridge with a virtual device, PLEASE let me know.  To my knowledge, there is no way, but who knows!

Thanks for your work and everyone else on this thread.  Thanks for keeping your little how-to going, it has helped me in the past!

[FireWire]

Hi, could I please get some help on creating a specific CBQ for my server?

I have an SME6.0beta3 server, set up to be a webserver on port 80. I have a web page on it that has a lot of downloadable files.

I am trying to limit the speed that those files get downloaded at, but no luck. Here's what I have:

cbq-80.server
-------------
DEVICE=eth1,100Mbit,10Mbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
RULE=192.168.2.35


cbq-81.server
-------------
DEVICE=ppp0,128Kbit,12Kbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
RULE=:80

I am not sure what I should use for this case; eth0, eth1, or ppp0. Right now I have eth1 and ppp0.

Can someone please make those scripts work for me?

Thanks!

- FireWire

[FireWire]

Can I please get some help on this issue?

I made a mistake in the server version. I have SME 6.0.1 server. I need to limit the download/upload bandwidth on my server to external users.

Hi, could I please get some help on creating a specific CBQ for my server?

I have an SME6.0beta3 server, set up to be a webserver on port 80. I have a web page on it that has a lot of downloadable files.

I am trying to limit the speed that those files get downloaded at, but no luck. Here's what I have:

cbq-80.server
-------------
DEVICE=eth1,100Mbit,10Mbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
RULE=192.168.2.35


cbq-81.server
-------------
DEVICE=ppp0,128Kbit,12Kbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
RULE=:80

I am not sure what I should use for this case; eth0, eth1, or ppp0. Right now I have eth1 and ppp0.

Can someone please make those scripts work for me?

Thanks!

- FireWire

[raem]

Cyrus
The english language rpm is available
eneo-qos_cbq-0.1-05en.noarch.rpm
from
ftp://ftp.ibiblio.org/pub/linux/distributions/e-smith/contrib/eneo/RPMS/noarch/

You might also like to try
sme-QoS-1.0-6.noarch.rpm
from
http://www.e-smith.dyndns.org/

Both add nice server manager panels
Seem OK for v5.6 and 6.0
Regs
Ray

[FireWire]

IMPORTANT: Need help with the following issue. Can you guys please help?

Hi, could I please get some help on creating a specific CBQ for my server?

I have an SME6.0beta3 server, set up to be a webserver on port 80. I have a web page on it that has a lot of downloadable files.

I am trying to limit the speed that those files get downloaded at, but no luck. Here's what I have:

cbq-80.server
-------------
DEVICE=eth1,100Mbit,10Mbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
RULE=192.168.2.35


cbq-81.server
-------------
DEVICE=ppp0,128Kbit,12Kbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
RULE=:80

I am not sure what I should use for this case; eth0, eth1, or ppp0. Right now I have eth1 and ppp0.

Can someone please make those scripts work for me?

Thanks!

- FireWire

[cc_skavenger]

Firewire,
when you do an ifconfig, what interfaces do you see.  That is what your devices should be.  Now, for the interesting part:

Here is your file

cbq-81.server
-------------
DEVICE=ppp0,128Kbit,12Kbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
RULE=:80
 

What you have here says that on the ppp0 device (wan virtual device), you only want to allow 80Kbits/sec with a variance of 8Kbits out to the internet.  You have it marked as standard priority, and are trying to control port 80 traffic (you are missing the comma before the colon ( which specifies that this is the source device that you are controlling; or the wan IP).  Mind you, if you are behind this server (using it as your gateway), you will only see this same speed as your upload speed.  Any users that also use this server as a gateway will all see a total of 80Kbits/sec total upload for everyone combined on port 80.  

Your file probably hasn't worked because of the missing comma.  The line should look like this:

RULE=,:80

Remember, if you do an ifconfig and have eth0, and ppp0 then you would use ppp0 for the wan device.  If you have eth0 and eth1 you would use which ever device that is your wan device.

HTH