On 4/3/11 8:37 PM, Bob Smith wrote: > ok i have searched google and the FAQ to the best of my ability i > apologize in advance if i missed this somewhere.
> i am following an example from the web and in my tcclasses file on the > rate column there is this '60*full/100' please help me understand this > because i cannot make sense of it! In your Google search, you apparently failed to find the Shorewall "Complex Traffic Shaping" Documentation at http://www.shorewall.net/traffic_shaping.htm an did not look at the output of 'man shorewall-tcclasses'. Both indicate that this means 60% of of the bandwidth defined for the interface > > other examples just have the mbit or kbit specified here but tc does not > seem to follow it? That is because you tune your configuration by adjusting the rates in tcdevices and the ammount allowed for each class then gets changed automatically. > > basically i have a 30mbit connection to the internet 30 down that is 6 up. > and i am trying to use tcdevices/tcrules/tcclasses in shorewall to > prioritize bandwidth, so with what i have enabled i can do a bandwidth > test of 15/4.8 from http://speakeasy.net/speedtest if i take the files > out i get 27/6 so here is tcdevices : > eth0 - 6mbit > eth1 - 100mbit > and here is the tcclasses file : > eth1 1 10*full/100 full 1 > tcp-ack,tos-minimize-delay > eth1 2 5*full/100 full 2 > eth1 3 5*full/100 full 3 > eth1 4 30*full/100 full 4 > eth1 5 50*full/100 full 5 default Very bizarre configuration. - You have defined both eth0 and eth1 in the tcdevices file yet you have no classes defined for eth0. Why don't you start with one of the configurations in the above article that only deal with the WAN interface and get that working first. Besides, given that you have defined the bandwidth of eth1 to be 100mb (and your downlink is only 30mb), there will never be any queuing on eth1 and hence traffic shaping on that interface does little if anything. - The sum of the *guaranteed* rates is .1 + .5 + .5 + .3 + .3 = 170% of the full bandwidth of eth1. The URL above clearly warns that the sum of the guaranteed rates must not exceed the full rate or the thing doesn't work at all. In fact, current versions of Shorewall would fail to start with that configuration. > and last the tcrules file: > 2 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 > <http://0.0.0.0/0> tcp 20,21,22,3389,1723 > 1 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 > <http://0.0.0.0/0> udp 5160 > 3 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 > <http://0.0.0.0/0> udp 53 > 4 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 > <http://0.0.0.0/0> tcp 110,80,443 > eth0 is the wan interface and eth1 is the lan. Again, referring to http://www.shorewall.net/traffic_shaping.htm, you must pay close attention to the direction of traffic flow. You have specified all of the ports as DEST PORTS so that means that the clients are out on the web and the servers are on your LAN. That is likely to be backwards from reality. > > any input would be greatly appreciated especially if it helps me! > i know that rule 4 covers http (and i think my speedtest) if i > understand correctly the 30*full/100 basically means 30% of the > connection which is 30mbit, but if that is right then why do i only get > 15mbit on my speedtest? I'm surprised that your configuration does anything to slow down traffic. Are you sure that you wouldn't be better off using Simple Traffic shaping? I designed and wrote Shorewall and that's what I use on an internet link similar to yours. It meets my needs perfectly (and tests at speedtest.net closely track my configuration). If you have another occasion to post regarding traffic shaping issues, we really ask that you include the output of 'shorewall dump' with your report. The dump should be collected while the configuration is under load so that we can see the behavior of each of your classes. See http://www.shorewall.net/support.htm#guidelines Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
