lunes, 3 de enero de 2011

CONTROL ANCHO BANDA CBQ CON UBUNTU Y COLAS

INTRODUCCION

El contexto es una conexión de Ono, conectado a un
router inhalambrico y una red local 192.168.2.0/24

El objetivo es que el servidor Web no se coma
todo el ancho de banda de salida. Y la conexión
remota ssh vaya rápida.


EJECUTARLO:

sudo bash cbq.sh start
[sudo] password for paco:
=================================================
|| CQB. Por Paco Aldarias. 12.1.09.
=================================================
|| CONTROL ANCHO BANDA SALIDA.
=================================================
|| INTERFACES Y REDES
=================================================
|| Interface unico ..............: eth0
|| IP eth0 ......................: 192.168.2.2
|| LAN ..........................: 192.168.2.0/24
|| Velocidad subida inet ........:300kbit
|| Velocidad subida lan .........: 100000kbit
=================================================
|| CONFIGURACION VEL.GARANTIZADA/MAX(CEIL):
=================================================
|| COLA 10 INET : 270kbit/300kbit 33kbytes/37kbytes
|| COLA 20 LAN : 90000kbit/100000kbit 11250kbytes/12500kbytes
|| COLA 30 ICMP : 216kbit/300kbit 27kbytes/37kbytes
|| COLA 40 SSH,ET : 189kbit/270kbit 23kbytes/33kbytes
|| COLA 50 DEFAULT : 162kbit/240kbit 20kbytes/30kbytes
|| COLA 60 SERV.WEB: 54kbit/60kbit 6kbytes/7kbytes
=================================================
|| OTROS r2q/quamtum

=================================================
|| R2QL : 1000
|| R2QLR(Entre 1500-60.000) : 102400
|| QUANTUML : 12800
|| R2QI : 200
|| R2QIR(Entre 1500-60.000) : 1536
|| QUANTUMI : 192
=================================================

EL SCRIPT
cat cbq.sh

#http://www.esdebian.org/foro/9949/mldonkey-paraliza-navegacion

#!/bin/bash

# Aclaracion:
# quantum=rate*1024/8/r2q
# rate/r2q >= quantum
# QUANTUM debe estar entre 1500 (valor del MTU) y 60000 (valor maximo del leaf QUANTUM)
# 100mbit = 12.5 mbyte / r2q = 1.2 Mbyte > 60.000
# Por Paco Aldarias


echo "================================================="
echo "|| CBQ. Por Paco Aldarias. 12.1.09."


########################################
# VARIABLES
########################################

# EN kbits
UPINET=300
UPLAN=100000
DEV=eth0
LAN="192.168.2.0/24"
IP="192.168.2.2"
ALL="0.0.0.0/0"

echo "================================================="
echo "|| CONTROL ANCHO BANDA SALIDA. "
echo "================================================="
echo "|| INTERFACES Y REDES "
echo "================================================="
echo "|| Interface unico ..............: $DEV"
echo "|| IP $DEV ......................: $IP"
echo "|| LAN ..........................: $LAN"
echo "|| Velocidad subida inet ........:${UPINET}kbit"
echo "|| Velocidad subida lan .........: ${UPLAN}kbit"


#Calculamos un 90 % de nuestra tasa de subida
RATEUPINET=$[9*$UPINET/10]
RATEUPLAN=$[9*$UPLAN/10]

RATE10=${RATEUPINET}
RATE20=${RATEUPLAN}
RATE30=$[8*$RATEUPINET/10]
RATE40=$[7*$RATEUPINET/10]
RATE50=$[6*$RATEUPINET/10]
RATE60=$[2*$RATEUPINET/10]

CEIL10=${UPINET}
CEIL20=${UPLAN}
CEIL30=$[10*$UPINET/10]
CEIL40=$[9*$UPINET/10]
CEIL50=$[8*$UPINET/10]
CEIL60=$[2*$UPINET/10]

# http://www.ecualug.org/?q=2006/12/14/comos/como_segmentar_el_ancho_de_banda_de_una_red_con_htb&page=1

# r2q=10 quantum= rate*1024/8/r2q
R2QL=1000
R2QLR=$[${UPLAN}*1024/${R2QL}] # Entre 1500 y 6000
QUANTUML=$[${UPLAN}*1024/8/${R2QL}]

R2QI=200
R2QIR=$[${UPINET}*1024/${R2QI}] # Entre 1500 y 6000
QUANTUMI=$[${UPINET}*1024/8/${R2QI}]

echo "================================================="
echo "|| CONFIGURACION VEL.GARANTIZADA/MAX(CEIL): "
echo "================================================="
echo "|| COLA 10 INET : ${RATE10}kbit/${CEIL10}kbit $[$RATE10/8]kbytes/$[$CEIL10/8]kbytes "
echo "|| COLA 20 LAN : ${RATE20}kbit/${CEIL20}kbit $[$RATE20/8]kbytes/$[$CEIL20/8]kbytes "
echo "|| COLA 30 ICMP : ${RATE30}kbit/${CEIL30}kbit $[$RATE30/8]kbytes/$[$CEIL30/8]kbytes "
echo "|| COLA 40 SSH,ET : ${RATE40}kbit/${CEIL40}kbit $[$RATE40/8]kbytes/$[$CEIL40/8]kbytes"
echo "|| COLA 50 DEFAULT : ${RATE50}kbit/${CEIL50}kbit $[$RATE50/8]kbytes/$[$CEIL50/8]kbytes"
echo "|| COLA 60 SERV.WEB: ${RATE60}kbit/${CEIL60}kbit $[$RATE60/8]kbytes/$[$CEIL60/8]kbytes"

echo "================================================="
echo "|| OTROS r2q/quamtum
"
echo "================================================="
echo "|| R2QL : ${R2QL}"
echo "|| R2QLR(Entre 1500-60.000) : ${R2QLR}"
echo "|| QUANTUML : ${QUANTUML}"
echo "|| R2QI : ${R2QI}"
echo "|| R2QIR(Entre 1500-60.000) : ${R2QIR}"
echo "|| QUANTUMI : ${QUANTUMI}"
echo "================================================="


########################################
# STATUS
########################################

if [ "$1" = "status" ]
then
exit
fi


########################################
# STATUS1
########################################

if [ "$1" = "status1" ]
then
echo "======================================="
echo "|| qdisc"
echo "======================================="

tc -s qdisc show dev $DEV

echo "======================================="
echo "|| class"
echo "======================================="


tc -s class show dev $DEV

echo "======================================="
echo "|| iptables"
echo "======================================="

iptables -t mangle -L MYSHAPER-OUT -n -v
exit
fi

########################################
# STATUS2
########################################

if [ "$1" = "status2" ]
then
watch tc -s qdisc
exit
fi

########################################
# STOP
########################################


# Reset everything to a known state (cleared)
tc qdisc del dev $DEV root 2> /dev/null > /dev/null

iptables -t mangle -D POSTROUTING -o $DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null


if [ "$1" = "stop" ]
then
echo "Shaping removed on $DEV."
exit
fi




########################################
# CONFIGURANDO COLAS
#######################
#################



# Cola padre htb
tc qdisc add dev $DEV root handle 1: htb default 10 r2q $R2QL


#Limitamos el trafico
tc class add dev $DEV parent 1: classid 1:10 htb rate ${RATEUPINET}Kbit ceil ${CEIL10}Kbit burst 6k prio 1 quantum $QUANTUMI #inet
tc class add dev $DEV parent 1: classid 1:20 htb rate ${RATEUPLAN}Kbit ceil ${CEIL20}Kbit burst 6k prio 2 quantum $QUANTUML #lan

# Repartimos el sobrante de ancho de banda equitativamente
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10


#Iniciamos iptables
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT

###########################
# Marca de paquetes
##########################

# COLA 10. INET

iptables -t mangle -A MYSHAPER-OUT -s $IP ! -d $LAN --j MARK --set-mark 1 # inet
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 1 -j CLASSIFY --set-class 1:10

# COLA 20. LAN.

iptables -t mangle -A MYSHAPER-OUT -s $LAN -d $LAN -j MARK --set-mark 2 # lan
iptables -t mangle -A MYSHAPER-OUT -o lo -j MARK --set-mark 2
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 2 -j CLASSIFY --set-class 1:20


# Clasificamos el trafico de inet

tc class add dev $DEV parent 1:10 classid 1:30 htb rate ${RATE30}Kbit ceil ${CEIL30}Kbit burst 6k prio 3 quantum $QUANTUMI # dns,icmp,router
tc class add dev $DEV parent 1:10 classid 1:40 htb rate ${RATE40}kbit ceil ${CEIL40}kbit burst 6k prio 4 quantum $QUANTUMI # ssh
tc class add dev $DEV parent 1:10 classid 1:50 htb rate ${RATE50}kbit ceil ${CEIL50}kbit burst 6k prio 5 quantum $QUANTUMI # resto
tc class add dev $DEV parent 1:10 classid 1:60 htb rate ${RATE60}kbit ceil ${CEIL60}kbit burst 6k prio 6 quantum $QUANTUMI # www


# Repartimos el sobrante de ancho de banda equitativamente
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev $DEV parent 1:50 handle 50: sfq perturb 10
tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10

# Mldonkey
tc filter add dev $DEV parent 1:10 protocol ip prio 10 u32 match ip tos 0x08 0xff flowid 1:60



########################################
# MARCANDO DE PAQUETES Y ENCOLANDO
########################################

# COLA 30. MAXIMA PRIORIDAD. MAX VELOCIDAD

iptables -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -s $LAN ! -d $LAN -j MARK --set-mark 3 # MAX PRIORIDAD
iptables -t mangle -A MYSHAPER-OUT -m tos --tos Minimize-Delay -s $LAN ! -d $LAN -j MARK --set-mark 3 # tos
iptables -t mangle -A MYSHAPER-OUT -p icmp -s $LAN ! -d $LAN -j MARK --set-mark 3 # icmp
iptables -t mangle -A MYSHAPER-OUT -s $IP -p udp --sport 27960 -j MARK --set-mark 3 # enemy
iptables -t mangle -A MYSHAPER-OUT -p udp -s $IP --dport 53 -j MARK --set-mark 3 # dns
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 3 -j CLASSIFY --set-class 1:30


# COLA 40

iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN --sport ssh -j MARK --set-mark 4 # ssh
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK --set-mark 4 # small packets (probably just ACKs)
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 4 -j CLASSIFY --set-class 1:40

# COLA 50

iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN -j MARK --set-mark 5 # Resto
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 5 -j CLASSIFY --set-class 1:50


# COLA 60. MINIMA PRIORIDAD. MIN. VELOCIDAD

iptables -t mangle -A MYSHAPER-OUT -p tcp -s $IP ! -d $LAN -j MARK --sport http --set-mark 6 # www

#f="mltcpdump.txt"
#f="ml-port.txt"
#for i in $(cat $f);do
#if [ $i -gt 1024 ];then
# echo "Marcando $i"
# iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK --dport $i --set-mark 6 # p2p
# iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --dport $i --set-mark 6 # p2p
#fi
#done

EDONKEY_PORT=4662
KAD_PORT=8443
OVERNET_PORT=5865
BITTORRENT_PORT=6882
OPENNAP_PORT=9999


iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK --dport $EDONKEY_PORT --set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --dport $(($EDONKEY_PORT + 4)) --set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK --dport $KAD_PORT --set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --dport $KAD_PORT --set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK --dport $OVERNET_PORT --set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --dport $OVERNET_PORT --set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK --dport $(($EDONKEY_PORT - 1)) --set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK --dport $BITTORRENT_PORT --set-mark 6 # p2p
iptables -t mangle -A MYSHAPER-OUT -p tcp -j MARK --dport $OPENNAP_PORT --set-mark 6 # p2p

iptables -t mangle -A MYSHAPER-OUT -m mark --mark 6 -j CLASSIFY --set-class 1:60

No hay comentarios:

Publicar un comentario