|
Previous
|
Content |
Next
|
|
|
3.5. Edge31-cb-tables |
|
 |
|
|
In the original distribution this example was implemented
using ipchains. Our version is implemented using the new Linux's
firewall packet filter tool iptables. The modify example's script is
as follows: |
|
| |
#!/bin/bash
####################### Ingress side ########################
iptables -t mangle -A INPUT -i eth2 -s 0/0 -j MARK --set-mark 2
iptables -t mangle -A INPUT -i eth2 -s 10.2.0.0/24 -j MARK --set-mark 1
tc qdisc add dev eth2 handle ffff: ingress
tc filter add dev eth2 parent ffff: protocol ip prio 4 handle 1 fw \
police rate 1500kbit burst 90k continue flowid 4:1
tc filter add dev eth2 parent ffff: protocol ip prio 5 handle 1 fw \
police rate 1500kbit burst 90k continue flowid 4:2
tc filter add dev eth2 parent ffff: protocol ip prio 6 handle 1 fw \
police rate 1000kbit burst 60k drop flowid 4:3
tc filter add dev eth2 parent ffff: protocol ip prio 6 handle 2 fw \
police rate 1000kbit burst 60k drop flowid 4:4
######################## Egress side ########################
tc qdisc add dev eth1 handle 1:0 root dsmark indices 64
tc class change dev eth1 classid 1:1 dsmark mask 0x3 value 0x88
tc class change dev eth1 classid 1:2 dsmark mask 0x3 value 0x90
tc class change dev eth1 classid 1:3 dsmark mask 0x3 value 0x98
tc class change dev eth1 classid 1:4 dsmark mask 0x3 value 0x0
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 1 tcindex classid 1:1
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 2 tcindex classid 1:2
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 3 tcindex classid 1:3
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 4 tcindex classid 1:4 |
|
|
|
|
|
|
Let's start by the egress side because is easy. Leaving packets are
assigned to four DS classes: AF41, AF42, AF43
and BE, which will correspond to tcindex value of 1,
2, 3 and 4, respectively. |
|
In the ingress side iptables is used to mark packets from network
10.2/24 as fw 1. Rest of packets are marked as fw 2. These
packets (not coming from network 10.2/24) are marked as
best-effort (BE) when leaving the router using the tcindex 4
rule with a police rate/burst of 1000kbps/60KB. |
| Packets coming from network 10.2/24 are assigned to DS class
AF41 with the tcindex 1 rule with a police rate/burst
of 1500kbps/90KB; next 1500kbps/90KB are assigned to DS
class AF42 with tcindex 2 rule; and next 1000kbps/60KB
are asigned to DS class AF43 with tcindex rule 3. |
|
|
As you see this example is even simpler than the previous one. |
|
Okay, it's time to continue with Edge32-cb-tables. |
|
|
|
|
|
Previous
|
Content |
Next
|
