|
Previous
|
Content |
Next
|
|
|
3.6. Edge32-cb-tables |
|
 |
|
|
Again, in the original distribution this example was implemented
using ipchains. Our version is implemented using the new Linux's
firewall packet filter tool iptables. The modify example's script is
as follows: |
|
| |
#! /bin/sh -x
iptables -t mangle -A INPUT -i eth2 -s 0/0 -j MARK --set-mark 2
iptables -t mangle -A INPUT -i eth2 -s 10.2.0.0/24 -j MARK --set-mark 1
tc qdisc add dev eth2 handle ffff: ingress
tc filter add dev eth2 parent ffff: protocol ip prio 1 handle 1 fw \
police rate 1500kbit burst 90k \
continue flowid :1
tc filter add dev eth2 parent ffff: protocol ip prio 2 handle 1 fw \
police rate 500kbit burst 90k \
continue flowid :1
tc filter add dev eth2 parent ffff: protocol ip prio 3 handle 1 fw \
police rate 1500kbit burst 90k \
continue flowid :2
tc filter add dev eth2 parent ffff: protocol ip prio 4 handle 1 fw \
police rate 500kbit burst 90k \
continue flowid :2
tc filter add dev eth2 parent ffff: protocol ip prio 5 handle 1 fw \
police rate 500kbit burst 90k \
continue flowid :3
tc filter add dev eth2 parent ffff: protocol ip prio 6 handle 1 fw \
police rate 500kbit burst 90k \
drop flowid :3
tc filter add dev eth2 parent ffff: protocol ip prio 7 handle 2 fw \
police rate 1500kbit burst 90k \
drop flowid :4
######################## Egress side ########################
tc qdisc add dev eth1 handle 1:0 root dsmark indices 64 |
|
|
|
|
tc class change dev eth1 classid 1:1 dsmark mask 0x3 value 0x88
tc class change dev eth1 classid 1:2 dsmark mask 0x3 value 0x90
tc class change dev eth1 classid 1:3 dsmark mask 0x3 value 0x98
tc class change dev eth1 classid 1:4 dsmark mask 0x3 value 0x0
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 1 tcindex classid 1:1
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 2 tcindex classid 1:2
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 3 tcindex classid 1:3
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 4 tcindex classid 1:4 |
|
|
The egress side is the same as previous example. Leaving packets are
assigned to four DS classes: AF41, AF42, AF43
and BE, which will correspond to tcindex value of 1,
2, 3 and 4, respectively. |
| In the ingress side traffic is divided into two blocks: traffic
coming from the network 10.2/24 and traffic coming from any other
network. Traffic from any other network, except network 10.2/24, is
marked as best-effort by using the last rule of the filter chain (prio7),
up to a maximum rate/burst of 1500kbps/90KB. Traffic coming
from these networks, but violating this setting, is dropped. |
|
|
Traffic from network 10.2/24 is conditioned using a 3-level
hierarchy. Level-1 (tcindex 1) is marked as DS
class AF41. Level-2 (tcindex 2) is marked as DS
class AF42. Level-3 (tcindex 3) is marked as DS
class AF42. Rest of this traffic is dropped. The rate/burst
settings are combo (formed each by 2-chained rules) as follows: |
|
Level-1 (prio1 + prio2) is 1500kbps/90KB +
500kbps/90KB. |
|
Level-2 (prio3 + prio4) is 1500kbps/90KB +
500kbps/90KB. |
|
Level-3 (prio5 + prio6) is 500kbps/90KB +
500kbps/90KB. |
|
Well, this example is over. Next one will be Edge32-cb-u32 |
|
|
|
|
|
Previous
|
Content |
Next
|
