Hackosis is an Open Blog. You Can Participate.

  • 08
  • Nov

Routing with VyattaI have recently been working with the Vyatta Linux routing platform in an attempt to replace Cisco. It seems that Vyatta will support everything that I need except for bandwidth management and traffic shaping. Luckily, newer versions on Linux have this built into the kernel.

I will show you how to use HTB to control traffic based on what IP address you are coming from. Remember that HTB only shapes outgoing traffic, but since we have at least 2 interfaces on a router - and traffic is always outgoing on one of the interfaces - we can control up and down speeds.

Lets assume that eth0 is your ‘inside’ network and eth1 is your ‘outside’ network and you are trying to limit the bandwidth to 2mbit for Traffic going to or from IP address 12.13.14.15.
 

To accomplish this we are going to start by attached the HTB algorithm to device eth0 and give it a handle of “1:” (You enter this in your bash shell btw):

tc qdisc add dev eth0 root handle 1: htb default 12

Next, add a tc class. The is like a ‘pool’ of bandwidth. Set this to whatever your interface speed is:

tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit ceil 100mbit

Now we can create classes for specific bandwidth that we are going to assign to the IP address. The first line of code will be our limit and the second is our default as specified in the first command above:

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2mbit ceil 2mbit
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 5mbit ceil 5mbit

After that, create some tc filters to match certain criteria. In our case it is IP address. The ’src’ or ‘dst’ is specific to whether this interface is outside network or inside network. Notice how the flowid matches our classid from above. In a nutshell, if the IP address matches 12.13.14.15, we are going to get 2mbit, and if it is any other IP address we will get 5mbit:

tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 12.13.14.15 flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 0.0.0.0 flowid 1:12

Those commands will get you managing bandwith on eth0. To manage bandwidth in the same manner on the internal interface (eth1), enter the above commands, only replace “eth0″ with “eth1″ and in the tc filter commands replace “dst” with “src”.

This was a quick overview and example of HTB bandwidth management filtering by IP address for tc command on Linux. If you are interested in implementing these strategies take a look at some reading material below:

HTB Manual | Linux Advanced Routing & Traffic Control HOWTO | The tc manpage

EDIT: Looks like using HTB alone is a bit primitave. If a second data stream starts, it will only get whats left of the remaining bandwidth. So we add a SFQ command in the mix. This will treat all connections equally, even from the same IP and data streams will even each other out:

tc qdisc add dev eth0 parent 1:10 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:12 handle 30: sfq perturb 10

EDIT: It also has came to my attention that all tc commands are lost on reboot. The solution:

  1. mkdir /etc/tc
  2. vi /etc/tc/start.sh

    #!/bin/sh
    #Custom tc commands to throttle bandwidth
    #All changes must be saved here, or a reboot will loose config!

    #INSIDE NETWORK:

    ENTER TC COMMANDS HERE

    #OUTSIDE NETWORK:

    ENTER TC COMMANDS HERE

  3. vi /etc/tc/stop.sh

    #!/bin/sh
    #Shutdown commands for tc traffic shaping, this is a static file

    #INSIDE NETWORK:

    tc qdisc del dev eth0 root

    #OUTSIDE NETWORK:

    tc qdisc del dev eth1 root

  4. vi /etc/init.d/tc

    #!/bin/sh
    ### BEGIN INIT INFO
    # Provides: Traffic Control
    # Required-Start: $network
    # Required-Stop: $network
    # Default-Start: 2 3 5
    # Description: tc qdisc ;p
    ### END INIT INFO

    case .$1. in
    .start.)
    /etc/tc/start.sh
    ;;
    .stop.)
    /etc/tc/stop.sh
    ;;
    *)
    echo “Usage: $0 { start | stop }”
    ;;
    esac
    exit 0

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Related Posts


Tags: , , , ,

Like this post? Subscibe to the RSS feed.


9 Comments

  1. sdey Says:
    November 9th, 2007 at 1:55 pm

    Hi Shane:
    Thank you for the configuration example of using TC on Vyatta. As you have shown, with instruments such as TC or IPTables users can do bandwidth management and DSCP packet marking today on the Vyatta router, firewall, VPN system. Vyatta over time will provide a better integrated solution through the CLI and GUI. You can also find a related Vyatta QoS application note describing a couple of typical scenarios at: http://www.vyatta.com/documentation/whitepapers.php

    Regards,
    - Sanjoy Dey

  2. Manage your bandwidth « 0ddn1x: tricks with *nix Says:
    November 12th, 2007 at 11:18 am

    [...] Manage your bandwidth Filed under: Uncategorized — 0ddn1x @ 2007-11-12 16:18:22 +0000 http://www.hackosis.com/index.php/2007/11/08/linux-router-bandwidth-management-example/ [...]

  3. shanu Says:
    November 27th, 2007 at 3:11 am

    sir,

    i have a linux server , how work a linux server as a router ,bandwith manager server plz send me related notes& links

    thanks

  4. Redundant Routing with Vyatta via VRRP and eBGP | Hackosis Says:
    December 6th, 2007 at 7:36 pm

    [...] been made to go ahead and set up redundant, auto-failover Vyatta routers. Also, check out how to throttle bandwith with the Linux kernel in Vyatta (or any other Linux with 2.4+ kernel) before I go into more [...]

  5. Ron Pass - CCNA / CCDA Says:
    December 20th, 2007 at 3:05 pm

    Howdy Shane,
    I have been working with computers/electronics/networks for about 23 years. I have recently come across the Vyatta pc/router/vpn/bandwidth_manager/firewall/etc.
    I am trying to be open minded about this concept. It seems as though you have been using and testing the software and could give some insight on a few questions I have.
    I dont understand why (other than cost) this would be a viable solution for a network whose uptime and performance is critical as opposed to using a Cisco, Juniper or other dedicated appliance whose OS is written/designed to analyze packets and get them on their way as effeciently as possible. If you have a T1 or DS3, there still needs to be some sort of interface that it will need to terminate into. Do they make CSU/DSUs for PCs? If not, you would still need to use a real router, right? I know that you COULD go this route (no pun intended). But why?

  6. Shane Says:
    December 20th, 2007 at 4:03 pm

    Ron -

    From what I know most of the original TCP/IP stack was actually developed on open source code. I would be interested to do some benchmarks, but my feeling is that a Dual Quad Core server with 4GB of RAM will out perform a Cisco 7500 any day (I could definitely br wrong on this).

    Vyatta is actually based on Debian and XORP:

    http://www.debian.org/
    http://www.xorp.org/

    See here for a Vyatta - Cisco replacement Guide:

    http://www.vyatta.com/documentation/general/Vyatta_Cisco_Replacement_Guide.pdf

    There are acually CSU/DSU cards for PCs and they are about half the price of cisco equipment:

    http://www.sangoma.com/datasheets/a108-specs

    It also allows for a more dense solution.

  7. darkstar Says:
    January 18th, 2008 at 3:28 pm

    I fully agree with Ron.

  8. Linux: Ntop — Network Monitoring On Crack | Hackosis Says:
    January 22nd, 2008 at 10:15 pm

    [...] any network administrator to analyze and plan for future growth. It is also a perfect addition to bandwidth management [...]

  9. links for 2008-02-06 « Donghai Ma Says:
    February 5th, 2008 at 11:17 pm

    [...] Linux: Router Bandwidth Management Example | Hackosis (tags: howto linux networking) [...]

Leave a Comment