|
Previous
|
Content |
Next
|
|
|
|
|
Again, in the original distribution this example was implemented
using ipchains. Our version is implemented using the new Linux's
firewall packet filter tool iptables. The modify example's script is
as follows: |
|
| |
#! /bin/sh
####################### Ingress side ########################
tc qdisc add dev eth2 handle ffff: ingress
tc filter add dev eth2 parent ffff: protocol ip prio 1 u32 \
match ip src 10.2.0.0/24 police rate 1000kbit burst 90k \
continue flowid :1
tc filter add dev eth2 parent ffff: protocol ip prio 2 u32 \
match ip src 10.2.0.0/24 police rate 1000kbit burst 15k \
continue flowid :1
tc filter add dev eth2 parent ffff: protocol ip prio 3 u32 \
match ip src 10.2.0.0/24 police rate 1000kbit burst 90k \
continue flowid :2
tc filter add dev eth2 parent ffff: protocol ip prio 4 u32 \
match ip src 10.2.0.0/24 police rate 500kbit burst 90k \
continue flowid :2
tc filter add dev eth2 parent ffff: protocol ip prio 5 u32 \
match ip src 10.2.0.0/24 police rate 1000kbit burst 90k \
continue flowid :3
tc filter add dev eth2 parent ffff: protocol ip prio 6 u32 \
match ip src 10.2.0.0/24 police rate 500kbit burst 15k \
drop flowid :3
tc filter add dev eth2 parent ffff: protocol ip prio 7 u32 \
match ip src 0/0 police rate 1000kbit burst 90k \
drop flowid :4
######################## Egress side ########################
tc qdisc add dev eth1 handle 1:0 root dsmark indices 64
tc class change dev eth1 classid 1:1 dsmark mask 0x3 value 0x88
tc class change dev eth1 classid 1:2 dsmark mask 0x3 value 0x90
tc class change dev eth1 classid 1:3 dsmark mask 0x3 value 0x98
tc class change dev eth1 classid 1:3 dsmark mask 0x3 value 0x0
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 1 tcindex classid 1:1
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 2 tcindex classid 1:2
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 3 tcindex classid 1:3
tc filter add dev eth1 parent 1:0 protocol ip prio 1 \
handle 4 tcindex classid 1:4 |
|
|
|
|
|
|
The egress side is the exactly same as previous example. Leaving packets are
assigned to four DS classes: AF41, AF42, AF43
and BE, which will correspond to tcindex value of 1,
2, 3 and 4, respectively. |
| If you are a little observant soon you will discover that this example is
almost the same as the previous one. This time the classification is done by
using the u32 classifier instead of iptables as was done in
the last example. Some little differences in the commited/peak rate
and burst, i.e., they use 1000kbps/90KB here and they used
1500kbps/90KB there. The networks are the same. Traffic from network
10.2/24 will be treated different from traffic of rest of networks. In
this example the network classification is done by using the u32
classifier, but the classification results are the same. |
|
|
I'm going to be lazy and will give you as home work to compare both examples
and analize similarities and differences. |
|
For not losing more time our next example will be afcbq that we rename as
afhtb. |
|
|
|
|
|
Previous
|
Content |
Next
|
