Dear all,
I am trying to set up multi-user traffic control. In short, I want each
user to be hard limited to 128kbit download and 64kbit upload. On top of
that, I want interactive traffic (ICMP, ACK packets, SSH, etc) to be
prioritised to minimise latency. It sounds like it ought to be done with
a classful qdisc but I don't really know what I'm doing. I think I want
something like the following:
root class
|
+ 192.168.0.1 class
| + priority 0: SSH, ICMP, ACK, etc
| + priority 1: all other traffic
|
+ 192.168.0.2 class
+ etc
I'm not sure if it's good to have ~250 classes for the IP addresses, and
sub classes within those for the different priorities, or if all the
traffic should be rate-limited by IP first, and then sorted into a
handful of shared classes, to be dequeued.
I have taken advice from this list for the past couple of weeks and I
have a semi functional script now. However the latency suddenly jumps to
>4000ms as soon as the user starts downloading. Also my script uses
police rate to limit upload speed - but this is not particularly
effective and also not really required, as the box is able to shape
traffic in both directions. It is also a NAT box.
Related, not but strictly to do with tc, is there any way of concisely
and effectively logging connections between NATd users and external IPs?
I need to be able to maintain a log which tells me that a certain user
was connected to a certain remote host on port 1234 at a certain time
and date, for legal reasons.
I realise this is a bit of a mammoth request, but I hope someone can
help me.
Many thanks in advance,
Jonathan
------------------------
Jonathan Gazeley
ResNet | Wireless & VPN Team
Information Systems & Computing
University of Bristol
------------------------
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|