Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: hb55047 on August 16, 2004, 07:42:00 PM
-
i searched the forums and while i saw a couple of ways to limit bandwith i didnt see any that could help me. I would like to limit the total bandwith for one lan ip. This computer is connected to the same switch as the other computers so i cannot limit it by the nic on the sme box. what i am looking for is something similar to whats built into clarkconnect where you specify the ip and the limit without having to specify extensions or anything else. Any help would be greatly appreciated.
-
Do a search for qos or cbq. Yes you can limit the user at the nic, AFAIK that is how all bandwidth limiting is done.
HTH
-
This should get you started...
wget http://sme-solutions.com.au/sme/cbq.init
wget http://sme-solutions.com.au/sme/cbq-256.eth0_down
Copy "cbq.init" to /sbin and set permissions to "755"
Copy "cbq-256.eth0_down" to /etc/sysconfig/cbq
The file "cbq-256.eth0_down" looks like this
DEVICE=eth0,100Mbit,10Mbit
RATE=256Kbit
WEIGHT=25Kbit
PRIO=5
RULE=192.168.0.100
Change "RATE" to what you want to shape the traffic to.
Change "WEIGHT" to 10% of "RATE"
Change "RULE" to the ip of the PC you want to manage traffic to.
Also change the name of the file to reflect the rate (easier to manage when you have multiple rules)
NOTE: this will shape _ALL_ traffic
There is some nice examples at the beginning of the cbq.init file.
Run cbq.init
# /sbin/cbq.init start
Good luck
Shane
-
thank you both, i read the information provided. i realized what i originally wanted is next to impossible.
With the layout of:
internet->sme server->switch->4 pcs
i was hoping to limit one of those pcs while the others on the same network would not be affected. I think i might add another nic to the server and put that pc on it since it connects wirelessly and i would like to make it more secure. Just out of curiousity since i havent tried it yet, i was planning put the wap on its own network with dhcp. i wanted it being totally isolated from the wan and lan but be able to vpn into the lan and go through that to the internet. does this sound possible by just adding a nic and the necessary network info?
-
There is nothing hard about and it is definately possible. Just use static ip for the pc you want to shape. It just works...
-
lol oh ok i think i misunderstood. in the document i only saw networks in the samples didnt realize that a single ip could be substituted. thank you very much
-
Run cbq.init
# /sbin/cbq.init start
Good luck
Shane
when i run this command it says permission denied, but if i run
"cbq start"
it does something, is this ok to run the program, and will this restart itself everytime i restart the esmith box
-
Run cbq.init
# /sbin/cbq.init start
Good luck
Shane
when i run this command it says permission denied, but if i run
"cbq start"
it does something, is this ok to run the program, and will this restart itself everytime i restart the esmith box
You didn't set the permisions for cbq.init
cbq.init is just a later/better version of the script as I understand, so you can run either. It's up to you...
Add the command to your etc/rc.d/rc.local file
eg: /sbin/cbq.init start
or /sbin/cbq start
Depending in what script you wish to use.
Shane
-
You didn't set the permisions for cbq.init
cbq.init is just a later/better version of the script as I understand, so you can run either. It's up to you...
Add the command to your etc/rc.d/rc.local file
eg: /sbin/cbq.init start
or /sbin/cbq start
Depending in what script you wish to use.
Shane
and how do i set the permissions to "755"?
-
I would set this at...
chown root.root /sbin/cbq.init
then change permissions by typing...
chmod 755 /sbin/cbq.init
HTH
-
I just found this gui for cbq. http://freshmeat.net/projects/cbqinit-gui/ It is programmed i perl. I don't know much about programming. But I seem to remember that contribs are also programmed i perl. Is it difficult to make some changes so we can get a working gui for cbq under the server-manager?
/Carsten
-
When I try to start cbq.init I get:
**CBQ: failed to compile CBQ configuration!
I I type "cbq.init start" agian it seems to start. But how can I be sure? I have tried testing but it seems like it does not work.
/Carsten
-
Hi,
Have you tried to install eneo-qos_cbq-0.1-05en.noarch.rpm?
You will be able to control bandwidth via server manager panel. :-)
Regards
John
-
Yes I have tried the eneo contrib. But it is very limited in the constructions of the rules. You can only limit bandwidth and really nothing more. Unfortuanatly that does not satisfy my needs.
/Carsten
-
I thought CBQ was already installed on e-smith (5.6).
So you should make a file in /etc/sysconfig/cbq (like cbq-1024.server-client)
with the following contents:
DEVICE=eth0,100Mbit,10Mbit #my internal network card
RATE=10Kbit
WEIGHT=1Kbit
PEAK=12Kbit
PRIO=6
RULE=192.168.100.120
Now you should be able to start cbq with: 'cbq start'. If you have multiple shaperfiles in /etc/sysconfig/cbq, you can individually start cbq-1024.server-client by adding the filename behind start, eg: 'cbq start cbq-1024.server-client'.
Remember that the only direction you can shape traffic, is outbound of a networkcard. This config file now shapes all outbound traffic, for 192.168.100.120, to 10Kbit (1KB/s). Eg. The client .120 can now download at a maximum of 1 KB/s. His upload is still my full upload capacity, but because your computer wants to know if his transmitted packets did arrive, this download-limiter also limits his upload.
You can limit the upload of the client by shape the traffic of you server's outbound card (eth1). So you should make another file (cbq-1024.client-server) with the correct changes. The problem here is that if you are use NAT, the NAT translation comes before CBQ. So there is only 1 ip-adres (your external one) that is available for shaping. This would mean that you could only shape traffic for all you clients. To overcome this you can let iptables (your firewall) to 'mark' packets coming out of the client (.120) and the shape the traffic on this mark. (instead of the ip-adres)
I don't remeber the excact rule for the firewall, but it should look like this:
iptables --table mangle -A POSTROUTING --out-interface eth1 --source 192.168.100.120 -j MARK --set-mark 1
the cbq-config file should look like this:
DEVICE=eth1,10Mbit,1Mbit #my external network card
RATE=10Kbit
WEIGHT=1Kbit
PEAK=12Kbit
PRIO=6
MARK=1 #Same number as you gave iptables
You can then test if there are serveral 'virtual network cards': ./tc -s flter show dev eth1
It whould return something like this:
filter parent 1: protocol ip pref 200 fw
filter parent 1: protocol ip pref 200 fw handle 0x2 classid 1:1280
With this command: ./tc -s class show dev eth1
you can see if any data is going through the slower data-channel. It should return something like this:
class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
Sent 12300615 bytes 14751 pkts (dropped 0, overlimits 0)
borrowed 0 overactions 0 avgidle 624 undertime 0
class cbq 1:1280 parent 1: leaf 1280: rate 150Kbit (bounded) prio 6
Sent 4189511 bytes 5771 pkts (dropped 291, overlimits 1975)
backlog 16p
borrowed 0 overactions 587 avgidle 39805 undertime 0
-
Thank you for your reply. It helped me alot. I figure out the stuff about starting cbq. Only I wanted the newer version. So I replaced the old one with a new version calling it cbq instead of cbq.init. Then it worked.
I did not know about the NAT problem. It gives me quite a problem because I want to make sure that 1 ip adress gets all the bandwidth it needs, when there is trafic to it. And it needs to be both upload and download. So I guess that I will have to try the MASK suggestion. I can not see anyother posibilities.
I thought that adding a "," at the end of the RULE address would do the trick. But some testing proved me wrong.
Thanks again. I will try your suggestion and give some feedback.
/Carsten
I forgot to mention, that I am using SME 6. I case it makes any difference.
-
Hi everybody
I must say that the marking of packets works like charm. It limit my upload on the specific ip address.
That leaves only two questions:
1. Is the marking funktion very cpu demanding?
2. Can you remove the marks again?
/Carsten
-
Hi everybody
I must say that the marking of packets works like charm. It limit my upload on the specific ip address.
That leaves only two questions:
1. Is the marking funktion very cpu demanding?
2. Can you remove the marks again?
/Carsten
Nice to hear!
1. I don't know, but the time I used it, no high CPU usage occured.
2. You can remove the complete line ofcourse. Or may there exists '--del-mark'. I'm not sure.
-
Finally I have make it work on my SME 6.0.1 server.
For upload shaping I used the mark option in iptables.
The files look like this:
FILE1
-------------------------------------------
This file is called cbq-80.eth0_down
-------------------------------------------
DEVICE=eth0,100Mbit,10Mbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
RULE=10.38.1.10
------------------------------------------
FILE2
------------------------------------------
This file is called cbq-80.eth1_up
------------------------------------------
DEVICE=eth1,100Mbit,10Mbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
MARK=10
------------------------------------------
For marking packets in iptables I've used this command:
iptables --table mangle -A POSTROUTING --out-interface eth1 --source 10.38.1.10 -j MARK --set-mark 10
The problem is when I put more than 1 RULE or MARK in one of these 2 files the 80Kbit bandwidth is shared to those IP's, not each one of them take
80Kbit bandwidth.
If you can tell me what is wrong I will much appreciate.
Best regards,
Sebastian
-
And when you make 2 seperate files? So:
------------------------------------------
This file is called cbq-80.client1-eth1_up
------------------------------------------
DEVICE=eth1,100Mbit,10Mbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
MARK=10
------------------------------------------
And
------------------------------------------
This file is called cbq-80.cleint2-eth1_up
------------------------------------------
DEVICE=eth1,100Mbit,10Mbit
RATE=80Kbit
WEIGHT=8Kbit
PRIO=5
MARK=11
------------------------------------------
The problem with CBQ is that it is static. So the RATE is the max for this class and unused bandwidth is unused. Another traffic-shaper is HTB which is able to lend and borrow unused bandwidth from different classes. Unfortunately HTB isn't compiled in the SME-kernel.
-
I've maked separate files for each IP and MARK.
But it's the same.
I would like each ip in range 10.38.1.10 - 10.38.1.45 to have their download bandwidth limited to 80kbps and upload bandwidth limited to 80kbps, like that:
10.38.1.10 download 80kbps, upload 80kbps
10.38.1.11 download 80kbps, upload 80kbps
10.38.1.12 download 80kbps, upload 80kbps
......
10.38.1.45 download 80kbps, upload 80kbps
But if I put all ip's in one file or each ip in a separate file they all get shared 80kbps bandwidth (80kbps divided to 36 for each of them). The same is happening for download an for upload shaper.
As I read on different forums I have to declare some classes to CBQ with parents and childs, but I don't understand how this can be done.
I have the following config:
SME server 6.0.1 server-gateway mode
eth1 external nic (Internet)
eth0 internal nic (LAN)
1024/1024 kbps internet bandwidth
internal network 10.38.1.0/24
Please help me with this if you can.
Best regards,
Sebastian