C'est un peu long a expliquer ... Donc la config simplifie ... # Clear config tc qdisc del dev eth0 root handle 1 tc qdisc del dev eth1 root handle 1
# Setup HTB queueing discipline on physical interfaces tc qdisc add dev eth0 root handle 1: htb default 9999 tc qdisc add dev eth1 root handle 1: htb default 9999 # Set default for unclassified packets to 1M each direction tc class add dev eth0 parent 1:0 classid 1:9999 htb rate 100000kbit ceil 100000kbit burst 16k prio 9999 tc class add dev eth1 parent 1:0 classid 1:9999 htb rate 100000kbit ceil 100000kbit burst 16k prio 9999 # # eth0 - filter egress trafic on SRC MAC # Step 1, build 1st level hash table using last byte in MAC address as lookup key # Step 2, build 2nd level hash tables using 2nd to last byte in MAC address as lookup key # # See http://www.docum.org/docum.org/faq/cache/62.html for info regards matching L2 header using negative offsets # tc filter add dev eth0 parent 1:0 prio 5 protocol 802.1q u32 tc filter add dev eth0 parent 1:0 prio 5 handle 2: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 800:: match ip src 0.0.0.0/0 hashkey mask 0x000000ff at -8 link 2: tc filter add dev eth0 parent 1:0 prio 5 handle 200: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 2:0 match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at -8 link 200: tc filter add dev eth0 parent 1:0 prio 5 handle 201: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 2:1 match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at -8 link 201: tc filter add dev eth0 parent 1:0 prio 5 handle 202: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 2:2 match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at -8 link 202: tc filter add dev eth0 parent 1:0 prio 5 handle 203: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 2:3 match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at -8 link 203: tc filter add dev eth0 parent 1:0 prio 5 handle 204: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 2:4 match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at -8 link 204: tc filter add dev eth0 parent 1:0 prio 5 handle 205: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 2:5 match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at -8 link 205: tc filter add dev eth0 parent 1:0 prio 5 handle 206: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 2:6 match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at -8 link 206: tc filter add dev eth0 parent 1:0 prio 5 handle 207: protocol 802.1q u32 divisor 256 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 2:7 match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at -8 link 207: ... # # eth1 - filter ingress trafic on SRC MAC # Step 1, build 1st level hash table using last byte in MAC address as lookup key # Step 2, build 2nd level hash tables using 2nd to last byte in MAC address as lookup key # # See http://www.docum.org/docum.org/faq/cache/62.html for info regards matching L2 header using negative offsets # tc filter add dev eth1 parent 1:0 prio 5 protocol 802.1q u32 tc filter add dev eth1 parent 1:0 prio 5 handle 2: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 800:: match ip src 0.0.0.0/0 hashkey mask 0x00ff0000 at -12 link 2: tc filter add dev eth1 parent 1:0 prio 5 handle 200: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 2:0 match ip src 0.0.0.0/0 hashkey mask 0xff000000 at -12 link 200: tc filter add dev eth1 parent 1:0 prio 5 handle 201: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 2:1 match ip src 0.0.0.0/0 hashkey mask 0xff000000 at -12 link 201: tc filter add dev eth1 parent 1:0 prio 5 handle 202: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 2:2 match ip src 0.0.0.0/0 hashkey mask 0xff000000 at -12 link 202: tc filter add dev eth1 parent 1:0 prio 5 handle 203: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 2:3 match ip src 0.0.0.0/0 hashkey mask 0xff000000 at -12 link 203: tc filter add dev eth1 parent 1:0 prio 5 handle 204: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 2:4 match ip src 0.0.0.0/0 hashkey mask 0xff000000 at -12 link 204: tc filter add dev eth1 parent 1:0 prio 5 handle 205: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 2:5 match ip src 0.0.0.0/0 hashkey mask 0xff000000 at -12 link 205: tc filter add dev eth1 parent 1:0 prio 5 handle 206: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 2:6 match ip src 0.0.0.0/0 hashkey mask 0xff000000 at -12 link 206: tc filter add dev eth1 parent 1:0 prio 5 handle 207: protocol 802.1q u32 divisor 256 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 2:7 match ip src 0.0.0.0/0 hashkey mask 0xff000000 at -12 link 207: ... # Create a queue for each customer and assign their devices to it # filtered client 1 - 2Mb tc class add dev eth0 parent 1:0 classid 1:1000 htb rate 2097152 ceil 2097152 burst 16k prio 5 tc class add dev eth1 parent 1:0 classid 1:1000 htb rate 2097152 ceil 2097152 burst 16k prio 5 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 220:12 match u32 0xb88d1214 0xffffffff at -8 match u16 0x3dae 0xffff at -4 flowid 1:1000 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 220:12 match u32 0x12143dae 0xffffffff at -12 match u16 0xb88d 0xffff at -14 flowid 1:1000 # filtered client - 10 Mb ( 2 MAC ) tc class add dev eth0 parent 1:0 classid 1:1131 htb rate 10240000 ceil 10240000 burst 16k prio 5 tc class add dev eth1 parent 1:0 classid 1:1131 htb rate 10240000 ceil 10240000 burst 16k prio 5 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 237:7b match u32 0x68967b25 0xffffffff at -8 match u16 0x2659 0xffff at -4 flowid 1:1131 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 237:7b match u32 0x7b252659 0xffffffff at -12 match u16 0x6896 0xffff at -14 flowid 1:1131 tc filter add dev eth0 protocol 802.1q parent 1:0 prio 5 u32 ht 340:c4 match u32 0x68a3c48c 0xffffffff at -8 match u16 0x5166 0xffff at -4 flowid 1:1131 tc filter add dev eth1 protocol 802.1q parent 1:0 prio 5 u32 ht 340:c4 match u32 0xc48c5166 0xffffffff at -12 match u16 0x68a3 0xffff at -14 flowid 1:1131 .... beaucoup beaucoup plus .. Thomas On 7 Jun 2013, at 14:03, Antoine Durant <antoine.duran...@yahoo.fr> wrote: > Pas bête... Et comment cela se présente t'il ? > > Peux-tu expliquer plus en détail la configuration STP ? > > Merci > > > ________________________________ > De : Thomas Mangin <thomas.man...@exa-networks.co.uk> > À : frnog-ow...@frnog.org; Antoine Durant <antoine.duran...@yahoo.fr> > Cc : "frnog-t...@frnog.org" <frnog-t...@frnog.org> > Envoyé le : Vendredi 7 juin 2013 14h34 > Objet : Re: [FRnOG] [TECH] trafic shaping sur linux > > > Pour une solution on nous limitons environ 1000 clients a quelques Mb chacun > avec TC (pas d'IGP ou EGP sur la machine, juste une passerelle "transparente") > Nous utilisons une hash lookup table de deux niveaux sur les adresses MAC. > > Facile : seulement une fois que tu as un script qui génère la configuration > Fiable: oui, si les règles sont bien conçues. > > Thomas > > On 7 Jun 2013, at 09:58, Antoine Durant <antoine.duran...@yahoo.fr> wrote: > >> Bonjour, >> >> Une petite question concernant le trafic shaping avec TC sous Linux... >> >> Parmi-vous, est-ce que vous implantez le trafic shaping sur vos routeurs BGP >> (quagga par exemple) ? >> Facile en mettre en œuvre, fiable ? Cela bouffe t’il beaucoup de ressource >> machine ? >> >> Je pense utiliser tc qdisc/tc class couplé à iptables (mangle/POSTROUTING) >> avec CLASSIFY afin de matcher sur mes classid du tc class. >> >> J’attends vos retours d’expérience avec impatience et voir même quelque >> petit exemple de config si vous en avez sous la main… >> A++ >> --------------------------- >> Liste de diffusion du FRnOG >> http://www.frnog.org/ >> > > > --------------------------- > Liste de diffusion du FRnOG > http://www.frnog.org/ > --------------------------- > Liste de diffusion du FRnOG > http://www.frnog.org/ > --------------------------- Liste de diffusion du FRnOG http://www.frnog.org/
