INTRODUCCI\u00d3N<\/p>\n
El contexto es una conexi\u00f3n de Ono, conectado a un
router inhalambrico y una red local 192.168.2.0\/24<\/p>\n
El objetivo es que el servidor Web no se coma
todo el ancho de banda de salida. Y la conexi\u00f3n
remota ssh vaya r\u00e1pida.<\/p>\n
Este script en bash permite configurar el ancho de banda por servicio. Tambien permite ver que trafico hay en cada separaci\u00f3n de los servicios. Se va a crear 6 colas asociadas redes o servidios.<\/p>\n
EJECUTARLO:<\/p>\n
sudo bash cbq.sh start
[sudo] password for paco:
=================================================
|| QOS CON CQB. Por Paco Aldarias. 12.1.09.
=================================================
|| CONTROL ANCHO BANDA SALIDA.
=================================================
|| INTERFACES Y REDES
=================================================
|| Interface unico …………..: eth0
|| IP eth0 ………………….: 192.168.2.2
|| LAN ……………………..: 192.168.2.0\/24
|| Velocidad subida inet ……..:300kbit
|| Velocidad subida lan ………: 100000kbit
=================================================
|| CONFIGURACION VEL.GARANTIZADA\/MAX(CEIL):
=================================================
|| COLA 10 INET : 270kbit\/300kbit 33kbytes\/37kbytes
|| COLA 20 LAN : 90000kbit\/100000kbit 11250kbytes\/12500kbytes
|| COLA 30 ICMP : 216kbit\/300kbit 27kbytes\/37kbytes
|| COLA 40 SSH,ET : 189kbit\/270kbit 23kbytes\/33kbytes
|| COLA 50 DEFAULT : 162kbit\/240kbit 20kbytes\/30kbytes
|| COLA 60 SERV.WEB: 54kbit\/60kbit 6kbytes\/7kbytes
=================================================
|| OTROS r2q\/quamtum<\/p>\n
=================================================
|| R2QL : 1000
|| R2QLR(Entre 1500-60.000) : 102400
|| QUANTUML : 12800
|| R2QI : 200
|| R2QIR(Entre 1500-60.000) : 1536
|| QUANTUMI : 192
=================================================<\/p>\n
EL SCRIPT<\/span> #http:\/\/www.esdebian.org\/foro\/9949\/mldonkey-paraliza-navegacion<\/p>\n #!\/bin\/bash<\/p>\n # Aclaracion: echo \u00ab=================================================\u00bb ######################################## # EN kbits echo \u00ab=================================================\u00bb #Calculamos un 90 % de nuestra tasa de subida RATE10=${RATEUPINET} CEIL10=${UPINET} # http:\/\/www.ecualug.org\/?q=2006\/12\/14\/comos\/como_segmentar_el_ancho_de_banda_de_una_red_con_htb&page=1<\/p>\n # r2q=10 quantum= rate*1024\/8\/r2q R2QI=200 echo \u00ab=================================================\u00bb echo \u00ab=================================================\u00bb ######################################## if [ \u00ab$1\u00bb = \u00abstatus\u00bb ] ######################################## if [ \u00ab$1\u00bb = \u00abstatus1\u00bb ] tc -s qdisc show dev $DEV<\/p>\n echo \u00ab=======================================\u00bb tc -s class show dev $DEV<\/p>\n echo \u00ab=======================================\u00bb iptables -t mangle -L MYSHAPER-OUT -n -v ######################################## if [ \u00ab$1\u00bb = \u00abstatus2\u00bb ] ######################################## # Reset everything to a known state (cleared) iptables -t mangle -D POSTROUTING -o $DEV -j MYSHAPER-OUT 2> \/dev\/null > \/dev\/null if [ \u00ab$1\u00bb = \u00abstop\u00bb ] ######################################## # Cola padre htb #Limitamos el trafico # Repartimos el sobrante de ancho de banda equitativamente #Iniciamos iptables ########################### # COLA 10. INET<\/p>\n iptables -t mangle -A MYSHAPER-OUT -s $IP ! -d $LAN –j MARK –set-mark 1 # inet # COLA 20. LAN.<\/p>\n iptables -t mangle -A MYSHAPER-OUT -s $LAN -d $LAN -j MARK –set-mark 2 # lan # Clasificamos el trafico de inet<\/p>\n tc class add dev $DEV parent 1:10 classid 1:30 htb rate ${RATE30}Kbit ceil ${CEIL30}Kbit burst 6k prio 3 quantum $QUANTUMI # dns,icmp,router # Repartimos el sobrante de ancho de banda equitativamente # Mldonkey ######################################## # COLA 30. MAXIMA PRIORIDAD. MAX VELOCIDAD<\/p>\n iptables -t mangle -A MYSHAPER-OUT -p tcp -m tcp –tcp-flags SYN,RST,ACK ACK -s $LAN ! -d $LAN -j MARK –set-mark 3 # MAX PRIORIDAD # COLA 40<\/p>\n iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN –sport ssh -j MARK –set-mark 4 # ssh # COLA 50<\/p>\n iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN -j MARK –set-mark 5 # Resto # COLA 60. MINIMA PRIORIDAD. MIN. VELOCIDAD<\/p>\n iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN -j MARK –sport http –set-mark 6 # www<\/p>\n #f=\u00bbmltcpdump.txt\u00bb EDONKEY_PORT=4662 iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $EDONKEY_PORT –set-mark 6 # p2p iptables -t mangle -A MYSHAPER-OUT -m mark –mark 6 -j CLASSIFY –set-class 1:60<\/p>\n","protected":false},"excerpt":{"rendered":" INTRODUCCI\u00d3N El contexto es una conexi\u00f3n de Ono, conectado a unrouter inhalambrico y una red local 192.168.2.0\/24 El objetivo es que el servidor Web no se comatodo el ancho de banda de salida. Y la conexi\u00f3nremota ssh vaya r\u00e1pida. Este … Sigue leyendo
cat cbq.sh <\/p>\n
# quantum=rate*1024\/8\/r2q
# rate\/r2q >= quantum
# QUANTUM debe estar entre 1500 (valor del MTU) y 60000 (valor maximo del leaf QUANTUM)
# 100mbit = 12.5 mbyte \/ r2q = 1.2 Mbyte > 60.000
# Por Paco Aldarias<\/p>\n
echo \u00ab|| QOS con CBQ. Por Paco Aldarias. 12.1.09.\u00bb<\/p>\n
# VARIABLES
########################################<\/p>\n
UPINET=300
UPLAN=100000
DEV=eth0
LAN=\u00bb192.168.2.0\/24″
IP=\u00bb192.168.2.2″
ALL=\u00bb0.0.0.0\/0″<\/p>\n
echo \u00ab|| CONTROL ANCHO BANDA SALIDA. \u00ab
echo \u00ab=================================================\u00bb
echo \u00ab|| INTERFACES Y REDES \u00ab
echo \u00ab=================================================\u00bb
echo \u00ab|| Interface unico …………..: $DEV\u00bb
echo \u00ab|| IP $DEV ………………….: $IP\u00bb
echo \u00ab|| LAN ……………………..: $LAN\u00bb
echo \u00ab|| Velocidad subida inet ……..:${UPINET}kbit\u00bb
echo \u00ab|| Velocidad subida lan ………: ${UPLAN}kbit\u00bb<\/p>\n
RATEUPINET=$[9*$UPINET\/10]
RATEUPLAN=$[9*$UPLAN\/10]<\/p>\n
RATE20=${RATEUPLAN}
RATE30=$[8*$RATEUPINET\/10]
RATE40=$[7*$RATEUPINET\/10]
RATE50=$[6*$RATEUPINET\/10]
RATE60=$[2*$RATEUPINET\/10]<\/p>\n
CEIL20=${UPLAN}
CEIL30=$[10*$UPINET\/10]
CEIL40=$[9*$UPINET\/10]
CEIL50=$[8*$UPINET\/10]
CEIL60=$[2*$UPINET\/10]<\/p>\n
R2QL=1000
R2QLR=$[${UPLAN}*1024\/${R2QL}] # Entre 1500 y 6000
QUANTUML=$[${UPLAN}*1024\/8\/${R2QL}]<\/p>\n
R2QIR=$[${UPINET}*1024\/${R2QI}] # Entre 1500 y 6000
QUANTUMI=$[${UPINET}*1024\/8\/${R2QI}]<\/p>\n
echo \u00ab|| CONFIGURACION VEL.GARANTIZADA\/MAX(CEIL): \u00bb
echo \u00ab=================================================\u00bb
echo \u00ab|| COLA 10 INET : ${RATE10}kbit\/${CEIL10}kbit $[$RATE10\/8]kbytes\/$[$CEIL10\/8]kbytes \u00ab
echo \u00ab|| COLA 20 LAN : ${RATE20}kbit\/${CEIL20}kbit $[$RATE20\/8]kbytes\/$[$CEIL20\/8]kbytes \u00ab
echo \u00ab|| COLA 30 ICMP : ${RATE30}kbit\/${CEIL30}kbit $[$RATE30\/8]kbytes\/$[$CEIL30\/8]kbytes \u00ab
echo \u00ab|| COLA 40 SSH,ET : ${RATE40}kbit\/${CEIL40}kbit $[$RATE40\/8]kbytes\/$[$CEIL40\/8]kbytes\u00bb
echo \u00ab|| COLA 50 DEFAULT : ${RATE50}kbit\/${CEIL50}kbit $[$RATE50\/8]kbytes\/$[$CEIL50\/8]kbytes\u00bb
echo \u00ab|| COLA 60 SERV.WEB: ${RATE60}kbit\/${CEIL60}kbit $[$RATE60\/8]kbytes\/$[$CEIL60\/8]kbytes\u00bb<\/p>\n
echo \u00ab|| OTROS r2q\/quamtum
\u00ab
echo \u00ab=================================================\u00bb
echo \u00ab|| R2QL : ${R2QL}\u00bb
echo \u00ab|| R2QLR(Entre 1500-60.000) : ${R2QLR}\u00bb
echo \u00ab|| QUANTUML : ${QUANTUML}\u00bb
echo \u00ab|| R2QI : ${R2QI}\u00bb
echo \u00ab|| R2QIR(Entre 1500-60.000) : ${R2QIR}\u00bb
echo \u00ab|| QUANTUMI : ${QUANTUMI}\u00bb
echo \u00ab=================================================\u00bb<\/p>\n
# STATUS
########################################<\/p>\n
then
exit
fi<\/p>\n
# STATUS1
########################################<\/p>\n
then
echo \u00ab=======================================\u00bb
echo \u00ab|| qdisc\u00bb
echo \u00ab=======================================\u00bb<\/p>\n
echo \u00ab|| class\u00bb
echo \u00ab=======================================\u00bb<\/p>\n
echo \u00ab|| iptables\u00bb
echo \u00ab=======================================\u00bb<\/p>\n
exit
fi<\/p>\n
# STATUS2
########################################<\/p>\n
then
watch tc -s qdisc
exit
fi<\/p>\n
# STOP
########################################<\/p>\n
tc qdisc del dev $DEV root 2> \/dev\/null > \/dev\/null<\/p>\n
iptables -t mangle -F MYSHAPER-OUT 2> \/dev\/null > \/dev\/null
iptables -t mangle -X MYSHAPER-OUT 2> \/dev\/null > \/dev\/null<\/p>\n
then
echo \u00abShaping removed on $DEV.\u00bb
exit
fi<\/p>\n
# CONFIGURANDO COLAS
#######################
#################<\/p>\n
tc qdisc add dev $DEV root handle 1: htb default 10 r2q $R2QL<\/p>\n
tc class add dev $DEV parent 1: classid 1:10 htb rate ${RATEUPINET}Kbit ceil ${CEIL10}Kbit burst 6k prio 1 quantum $QUANTUMI #inet
tc class add dev $DEV parent 1: classid 1:20 htb rate ${RATEUPLAN}Kbit ceil ${CEIL20}Kbit burst 6k prio 2 quantum $QUANTUML #lan<\/p>\n
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10<\/p>\n
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT<\/p>\n
# Marca de paquetes
##########################<\/p>\n
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 1 -j CLASSIFY –set-class 1:10<\/p>\n
iptables -t mangle -A MYSHAPER-OUT -o lo -j MARK –set-mark 2
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 2 -j CLASSIFY –set-class 1:20<\/p>\n
tc class add dev $DEV parent 1:10 classid 1:40 htb rate ${RATE40}kbit ceil ${CEIL40}kbit burst 6k prio 4 quantum $QUANTUMI # ssh
tc class add dev $DEV parent 1:10 classid 1:50 htb rate ${RATE50}kbit ceil ${CEIL50}kbit burst 6k prio 5 quantum $QUANTUMI # resto
tc class add dev $DEV parent 1:10 classid 1:60 htb rate ${RATE60}kbit ceil ${CEIL60}kbit burst 6k prio 6 quantum $QUANTUMI # www<\/p>\n
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev $DEV parent 1:50 handle 50: sfq perturb 10
tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10<\/p>\n
tc filter add dev $DEV parent 1:10 protocol ip prio 10 u32 match ip tos 0x08 0xff flowid 1:60<\/p>\n
# MARCANDO DE PAQUETES Y ENCOLANDO
########################################<\/p>\n
iptables -t mangle -A MYSHAPER-OUT -m tos –tos Minimize-Delay -s $LAN ! -d $LAN -j MARK –set-mark 3 # tos
iptables -t mangle -A MYSHAPER-OUT -p icmp -s $LAN ! -d $LAN -j MARK –set-mark 3 # icmp
iptables -t mangle -A MYSHAPER-OUT -s $IP -p udp –sport 27960 -j MARK –set-mark 3 # enemy
iptables -t mangle -A MYSHAPER-OUT -p udp -s $IP –dport 53 -j MARK –set-mark 3 # dns
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 3 -j CLASSIFY –set-class 1:30<\/p>\n
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length –length :64 -j MARK –set-mark 4 # small packets (probably just ACKs)
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 4 -j CLASSIFY –set-class 1:40<\/p>\n
iptables -t mangle -A MYSHAPER-OUT -m mark –mark 5 -j CLASSIFY –set-class 1:50<\/p>\n
#f=\u00bbml-port.txt\u00bb
#for i in $(cat $f);do
#if [ $i -gt 1024 ];then
# echo \u00abMarcando $i\u00bb
# iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $i –set-mark 6 # p2p
# iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK –dport $i –set-mark 6 # p2p
#fi
#done<\/p>\n
KAD_PORT=8443
OVERNET_PORT=5865
BITTORRENT_PORT=6882
OPENNAP_PORT=9999<\/p>\n
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK –dport $(($EDONKEY_PORT + 4)) –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $KAD_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK –dport $KAD_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $OVERNET_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK –dport $OVERNET_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $(($EDONKEY_PORT – 1)) –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $BITTORRENT_PORT –set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK –dport $OPENNAP_PORT –set-mark 6 # p2p<\/p>\n