How to Bandwidth Limit on openSUSE (Quality of Service)

โปรแกรม Wondershaper คือ Bash script ซึ่งมีการจัดเตรียม rules สำหรับการบริหารจัดการ Bandwidth และ Traffic ของ Network ไว้แล้ว.

ระดับแรกของการทำ QoS คุณจะต้องกำหนดละเอียดต่างๆ ก่อน เช่น ลำดับความสำหรับของโปรโตคอล เป็นต้น.

ตัวอย่าง ADSL line (Head Office to Branches).

— Branche1=256kbps
Head Office=2048kbps —-
— Branche2=128kbps

# Outgoing
ICA (TCP Port 1493) HTB rate 256kbit Ceil 256kbit Prio 0
www HTB rate 125kbit Ceil 175kbit Prio 1
ssh HTB rate 100kbit Ceil 150kbit Prio 2

# Incoming
ICA (TCP Port 1493) HTB rate 125kbit Ceil 125kbit Prio 0
www HTB rate 75kbit Ceil 128kbit Prio 1
ssh HTB rate 35kbit Ceil 128kbit Prio 2

Note :  All other traffic has priority 3 with min 0% bandwidth and max 10% bandwidth.

ขั้นตอนการติดตั้ง
1. Download

//download.opensuse.org/distribution/11.1/repo/oss/suse/noarch/

2. Installation

rpm -ivh wondershaper-1.1a-349.9.noarch.rpm

3. Configuration

vi /etc/sysconfig/wondershaper

ตัวอย่าง ADSL 512/256Kbps.

#speed in kilobits.

WSHAPER_DEV=”eth0″           ← Interface ที่ต่อกับ Modem
WSHAPER_DOWNLINK=”512″
WSHAPER_UPLINK=”256″

4. Run Level

chkconfig wondershaper on

5. Start wondershaper

 rcwondershaper restart
 cp /usr/sbin/wshaper.htb /usr/sbin/wshaper.htb-org
 vi /usr/sbin/wshaper.htb

6. Create my script for monitor

 
vi /qos-status

พิมพ์
tc -s qdisc show dev ppp0
:wq
ppp0 คือ Interface ที่ต้องการ monitoring

chmod 744 /qos-status

7. QoS Status

 /qos-status

เป็นอันเสร็จครับ.

Note:  For advance configuration Please configure file “/usr/sbin/wshaper.htb”

Sample Configuration:

#!/bin/sh
#
# Wonder Shaper
# please read the README before filling out these values 
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be shaped.
#
# Source sysconfig file
# If you want this script to be run by ppp on connect, copy it to /etc/ppp/ip-up.d
# chmod 755 /etc/ppp/ip-up.d/wshaper.htb

if [ -f /etc/sysconfig/wondershaper ]; then
. /etc/sysconfig/wondershaper
fi

DOWNLINK="$WSHAPER_DOWNLINK"
UPLINK="$WSHAPER_UPLINK"
DEV="$WSHAPER_DEV"
export DOWNLINK UPLINK DEV 

# low priority OUTGOING traffic - you can leave this blank if you want
# low priority source netmasks
NOPRIOHOSTSRC="$WSHAPER_NOPRIOHOSTSRC"

# low priority destination netmasks
NOPRIOHOSTDST="$WSHAPER_NOPRIOHOSTDST"

# low priority source ports
NOPRIOPORTSRC="$WSHAPER_NOPRIOPORTSRC"

# low priority destination ports
NOPRIOPORTDST="$WSHAPER_NOPRIOPORTDST"

# Check for QOS in the kernel
if tc -s qdisc ls dev lo > /dev/null 2>&1; then
        true
else
        echo "Your Kernel lacks QOS Support or you dont have the 'tc' tool installed" > /dev/stderr
        exit 1
fi

# Check for sysconfig settings
function checkconf {
if [ -z "$DEV" ]; then
        echo "Please set WSHAPER_DEV in /etc/sysconfig/wondershaper" > /dev/stderr
        exit 1
elif
        [ -z "$DOWNLINK" ]; then
        echo "Please set WSHAPER_DOWNLINK in /etc/sysconfig/wondershaper" > /dev/stderr
        exit 1
elif
        [ -z "$UPLINK" ];then
        echo "Please set WSHAPER_UPLINK in /etc/sysconfig/wondershaper" > /dev/stderr
        exit 1
fi
}

# start|stop|status

case "[email protected]" in
	start) 
	checkconf
	;;
	status)
	checkconf
	tc -s qdisc ls dev $DEV
	tc -s class ls dev $DEV
	exit 0
	;;
	stop)
        tc qdisc del dev $DEV root    > /dev/null 2>&1
	tc qdisc del dev $DEV ingress > /dev/null 2>&1
 	exit 0
esac

# clean existing down- and uplink qdiscs, hide errors
	tc qdisc del dev $DEV root    2> /dev/null > /dev/null
	tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

############
# UPLINK
############
## Root
tc qdisc add dev $DEV root handle 1:0 htb default 12
tc class add dev $DEV parent 1:0 classid 1:1 htb rate ${UPLINK}kbit ceil ${UPLINK}kbit
## SSH
tc class add dev $DEV parent 1:1 classid 1:10 htb rate $((5*$UPLINK/10))kbit ceil ${UPLINK}kbit prio 1
## Normal Traffic
tc class add dev $DEV parent 1:1 classid 1:11 htb rate $((4*$UPLINK/10))kbit ceil ${UPLINK}kbit prio 2
## Other
tc class add dev $DEV parent 1:1 classid 1:12 htb rate $((2*$UPLINK/10))kbit ceil ${UPLINK}kbit prio 3

# ICMP (ip protocol 1) in the interactive class 1:10 so we 
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
        match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:10

#Creates a filter that classifies SSH packets
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32\
      match ip dport 22 0xfffe flowid 1:10

#Mark acknowledge packets of an established session between 40 and 100 bytes:
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ACK -m state --state ESTABLISHED -m length --length 40:100 -j MARK --set-mark 20

#Mark SSH packets that starts new sessions with a packet length between 40 and 68 bytes:
iptables -t mangle -A PREROUTING -p tcp --dport 22 --syn -m state --state NEW -m length --length 40:68 -j MARK --set-mark 22

tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12

#Create a filter that classifies packets based on the fwmark (20) on the packet as belonging to classid 1:10:
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:10

#Creates a filter that classifies packets based on the fwmark (22) on the packet as belonging to classid 1:10:
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:10

#Classify packets of an established session between 40 and 100 bytes:
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags ALL ACK -m state --state ESTABLISHED -m length --length 40:100 -j CLASSIFY --set-class 1:10

#Classify SSH packets that starts new sessions with a packet length between 40 and 68 bytes:
iptables -t mangle -A POSTROUTING -p tcp --dport 22 --syn -m state --state NEW -m length --length 40:68 -j CLASSIFY --set-class 1:10


############
# DOWNLINK 
############
tc qdisc add dev $DEV handle ffff: ingress
#tc filter add dev $DEV parent ffff: protocol ip prio 51 u32 match ip sport 80 \
#   0xffff police rate $((5*$DOWNLINK/10))kbit flowid 1:10

tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip src 192.168.1.0/24 \
  match ip sport 80 0xffff flowid 1:10

############
# SFQ
############
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $DEV parent 1:12 handle 12: sfq perturb 10

Leave a Reply

Your email address will not be published. Required fields are marked *

Please validate : * Time limit is exhausted. Please reload CAPTCHA.