add $ALIAS1 dev eth0 #$IP addr add $ALIAS2 dev eth0 ################################################## # Attaching a device queue discipline to an # interface a device queue discipline is # equivalent almost to a device manager # #Attach CBQ to eth0 #Things you might need to change: # bandwidth -- the bandwidth of the eth0 device # note it must match the devices real bandwidth # allot -- it is safe to leave it at the MTU of # the device # avpkt -- the average packet size that you # suspect will be seen safe to leave at 1000 # for Ethernet with MTU of 1514 bytes # mpu -- minimum packet size # $TC qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit allot 1514 cell 8 avpkt 1000 mpu 64 ################################################## # Attaching class queue disciplines # bounded -- it is bound to the rate allocated; # can borrow even if there is a lot of idle # bandwidth just sitting there isolated -- cannot # share its bandwidth to other classes prio is the # priority assigned 0 being the highest and 7 the # lowest weight -- safer to leave at 1 # queue discipline setup. Classid 1:1 will have a # rate of 1Mbps which is bounded. # $TC class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate 1Mbit avpkt 1000 prio 5 bounded isolated allot 1514 weight 1 maxburst 21 #rate 1Mbit avpkt 1000 prio 5 bounded allot 1514 #weight 1 maxburst 21 # Classid 1:2 will have a rate of 3Mbps which is # bounded. $TC class add dev eth0 parent 1:0 classid 1:2 cbq bandwidth 10Mbit rate 3Mbit avpkt 1000 prio 5 bounded allot 1514 weight 1 maxburst 21 ################################################## # Define the filter to be attached to eth0 # Create with hash table of 256 slots with ID 1: # $TC filter add dev eth0 parent 1:0 protocol ip prio 5 handle 1: u32 divisor 256 ################################################## # define the criteria for mapping incoming packets # to classes. Add to the 5th slot of hash table a # rule to select virtual address ALIAS1 direct it # to class 1:1 # $TC filter add dev eth0 parent 1:0 prio 5 u32 ht 1:6: match ip src $ALIAS1 flowid 1:1 # Add to 6th slot of hash table rule to select # ALIAS2 direct it to class 1:2 $TC filter add dev eth0 parent 1:0 prio 5 u32 ht 1:6: match ip src $ALIAS2 flowid 1:2 ## Lookup hash table, if it is not fragmented ## frame. Use protocol as hash key # $TC filter add dev eth0 parent 1:0 prio 5 handle ::1 u32 ht 800:: match ip nofrag offset mask 0x0F00 shift 6 hashkey mask 0x00ff0000 at 8 link 1: # #some more examples of how to use u32 # Add to 4th slot of hash table rule to select # tcp/telnet to 193.233.7.75 direct it to class # 1:4 and prescribe to fall to best effort, # if traffic violates TBF (32kbit,5K) #$TC filter add dev eth1 parent 1:0 prio 5 u32 # ht 1:4: match ip dst 193.233.7.75 # match tcp dst 0x17 0xffff # flowid 1:4 # police rate 32kbit buffer 5kb/8 mpu 64 # mtu 1514 index 1 ## Add to 1st slot of hash table rule to select ## icmp to 193.233.7.75 direct it to class 1:3 ## and prescribe to fall to best effort, ## if traffic violate TBF (10kbit,5K) #$TC filter add dev eth1 parent 1:0 prio 5 u32 # ht 1:4: match ip dst 193.233.7.75 # match tcp dst 0x17 0xffff # flowid 1:4 # police rate 32kbit buffer 5kb/8 mpu 64 # mtu 1514 index 1 ## Add to 1st slot of hash table rule to select ## icmp to 193.233.7.75 direct it to class 1:3 ## and prescribe to fall to best effort, ## if traffic violate TBF (10kbit,5K) #$TC filter add dev eth1 parent 1:0 prio 5 u32 # ht 1:: sample ip protocol 1 0xff # match ip dst 193.233.7.75 flowid 1:3 # police rate 10kbit buffer 5kb/8 mpu 64 # mtu 1514 index 2 ################################################## #Look at all that we created: # echo "---- qdisc parameters ----------" $TC qdisc ls dev eth0 echo "---- Class parameters ----------" $TC class ls dev eth0 echo "---- filter parameters ----------" $TC filter ls dev eth0