How to Bandwidth Limit on openSUSE (Quality of Service)

โปรแกรม Wondershaper คือ Bash script ซึ่งมีการจัดเตรียม rules สำหรับการบริหารจัดการ Bandwidth และ Traffic ของ Network ไว้แล้ว.

ระดับแรกของการทำ QoS คุณจะต้องกำหนดละเอียดต่างๆ ก่อน เช่น ลำดับความสำหรับของโปรโตคอล เป็นต้น.

[hana-code-insert name=’AdSense’ /]

ตัวอย่าง ADSL line (Head Office to Branches).

— Branche1=256kbps
Head Office=2048kbps —-
— Branche2=128kbps

# Outgoing
ICA (TCP Port 1493) HTB rate 256kbit Ceil 256kbit Prio 0
www HTB rate 125kbit Ceil 175kbit Prio 1
ssh HTB rate 100kbit Ceil 150kbit Prio 2

# Incoming
ICA (TCP Port 1493) HTB rate 125kbit Ceil 125kbit Prio 0
www HTB rate 75kbit Ceil 128kbit Prio 1
ssh HTB rate 35kbit Ceil 128kbit Prio 2

Note :  All other traffic has priority 3 with min 0% bandwidth and max 10% bandwidth.

ขั้นตอนการติดตั้ง
1. Download

//download.opensuse.org/distribution/11.1/repo/oss/suse/noarch/

2. Installation

[sourcecode]
rpm -ivh wondershaper-1.1a-349.9.noarch.rpm
[/sourcecode]

3. Configuration

[sourcecode]
vi /etc/sysconfig/wondershaper
[/sourcecode]

ตัวอย่าง ADSL 512/256Kbps.

#speed in kilobits.

WSHAPER_DEV=”eth0″           ← Interface ที่ต่อกับ Modem
WSHAPER_DOWNLINK=”512″
WSHAPER_UPLINK=”256″

4. Run Level

[sourcecode]
chkconfig wondershaper on
[/sourcecode]

5. Start wondershaper

[sourcecode]
rcwondershaper restart
[/sourcecode]

[sourcecode]
cp /usr/sbin/wshaper.htb /usr/sbin/wshaper.htb-org
[/sourcecode]

[sourcecode]
vi /usr/sbin/wshaper.htb
[/sourcecode]

6. Create my script for monitor

[sourcecode]
vi /qos-status
[/sourcecode]

พิมพ์
tc -s qdisc show dev ppp0
:wq
ppp0 คือ Interface ที่ต้องการ monitoring

[sourcecode]
chmod 744 /qos-status
[/sourcecode]

7. QoS Status

[sourcecode]
/qos-status
[/sourcecode]

เป็นอันเสร็จครับ.

Note:  For advance configuration Please configure file “/usr/sbin/wshaper.htb”

Sample Configuration:
[sourcecode]
#!/bin/sh
#
# Wonder Shaper
# please read the README before filling out these values
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be shaped.
#
# Source sysconfig file
# If you want this script to be run by ppp on connect, copy it to /etc/ppp/ip-up.d
# chmod 755 /etc/ppp/ip-up.d/wshaper.htb

if [ -f /etc/sysconfig/wondershaper ]; then
. /etc/sysconfig/wondershaper
fi

DOWNLINK="$WSHAPER_DOWNLINK"
UPLINK="$WSHAPER_UPLINK"
DEV="$WSHAPER_DEV"
export DOWNLINK UPLINK DEV

# low priority OUTGOING traffic – you can leave this blank if you want
# low priority source netmasks
NOPRIOHOSTSRC="$WSHAPER_NOPRIOHOSTSRC"

# low priority destination netmasks
NOPRIOHOSTDST="$WSHAPER_NOPRIOHOSTDST"

# low priority source ports
NOPRIOPORTSRC="$WSHAPER_NOPRIOPORTSRC"

# low priority destination ports
NOPRIOPORTDST="$WSHAPER_NOPRIOPORTDST"

# Check for QOS in the kernel
if tc -s qdisc ls dev lo > /dev/null 2>&1; then
true
else
echo "Your Kernel lacks QOS Support or you dont have the ‘tc’ tool installed" > /dev/stderr
exit 1
fi

# Check for sysconfig settings
function checkconf {
if [ -z "$DEV" ]; then
echo "Please set WSHAPER_DEV in /etc/sysconfig/wondershaper" > /dev/stderr
exit 1
elif
[ -z "$DOWNLINK" ]; then
echo "Please set WSHAPER_DOWNLINK in /etc/sysconfig/wondershaper" > /dev/stderr
exit 1
elif
[ -z "$UPLINK" ];then
echo "Please set WSHAPER_UPLINK in /etc/sysconfig/wondershaper" > /dev/stderr
exit 1
fi
}

# start|stop|status

case "$@" in
start)
checkconf
;;
status)
checkconf
tc -s qdisc ls dev $DEV
tc -s class ls dev $DEV
exit 0
;;
stop)
tc qdisc del dev $DEV root > /dev/null 2>&1
tc qdisc del dev $DEV ingress > /dev/null 2>&1
exit 0
esac

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

############
# UPLINK
############
## Root
tc qdisc add dev $DEV root handle 1:0 htb default 12
tc class add dev $DEV parent 1:0 classid 1:1 htb rate ${UPLINK}kbit ceil ${UPLINK}kbit
## SSH
tc class add dev $DEV parent 1:1 classid 1:10 htb rate $((5*$UPLINK/10))kbit ceil ${UPLINK}kbit prio 1
## Normal Traffic
tc class add dev $DEV parent 1:1 classid 1:11 htb rate $((4*$UPLINK/10))kbit ceil ${UPLINK}kbit prio 2
## Other
tc class add dev $DEV parent 1:1 classid 1:12 htb rate $((2*$UPLINK/10))kbit ceil ${UPLINK}kbit prio 3

# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

#Creates a filter that classifies SSH packets
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32\
match ip dport 22 0xfffe flowid 1:10

#Mark acknowledge packets of an established session between 40 and 100 bytes:
iptables -t mangle -A PREROUTING -p tcp –tcp-flags ALL ACK -m state –state ESTABLISHED -m length –length 40:100 -j MARK –set-mark 20

#Mark SSH packets that starts new sessions with a packet length between 40 and 68 bytes:
iptables -t mangle -A PREROUTING -p tcp –dport 22 –syn -m state –state NEW -m length –length 40:68 -j MARK –set-mark 22

tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12

#Create a filter that classifies packets based on the fwmark (20) on the packet as belonging to classid 1:10:
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:10

#Creates a filter that classifies packets based on the fwmark (22) on the packet as belonging to classid 1:10:
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:10

#Classify packets of an established session between 40 and 100 bytes:
iptables -t mangle -A POSTROUTING -p tcp –tcp-flags ALL ACK -m state –state ESTABLISHED -m length –length 40:100 -j CLASSIFY –set-class 1:10

#Classify SSH packets that starts new sessions with a packet length between 40 and 68 bytes:
iptables -t mangle -A POSTROUTING -p tcp –dport 22 –syn -m state –state NEW -m length –length 40:68 -j CLASSIFY –set-class 1:10

############
# DOWNLINK
############
tc qdisc add dev $DEV handle ffff: ingress
#tc filter add dev $DEV parent ffff: protocol ip prio 51 u32 match ip sport 80 \
# 0xffff police rate $((5*$DOWNLINK/10))kbit flowid 1:10

tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip src 192.168.1.0/24 \
match ip sport 80 0xffff flowid 1:10

############
# SFQ
############
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $DEV parent 1:12 handle 12: sfq perturb 10

[/sourcecode]