June 12, 2007
Finally I setup QoS @home
This morning I was uploading by scp Macaco - Ingravitto for soraya and all my http, ssh and im connections felt down, very annoying. It was time to setup quality of service at my home server.
It has been a very easy task and with a few lines in your firewall script you can get aceptable results:
# qos
# add new htb handler on eth0, default for traffic is 20
tc qdisc add dev eth0 root handle 1: htb default 20
# root class
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit ceil 100mbit
# ethernet class 1:10
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 99mbit ceil 100mbit
# internet. be carefull, this is the upload queue!
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 60kbps ceil 60kbps
# we use this class for the bulk traffic
tc class add dev eth0 parent 1:11 classid 1:20 htb rate 20kbps ceil 60kbps
# high priority internet traffic
tc class add dev eth0 parent 1:11 classid 1:21 htb rate 40kbps ceil 60kbps
# mldonkey's class
tc class add dev eth0 parent 1:11 classid 1:22 htb rate 20kbps ceil 40kbps
## sfq for beneath these classes
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev eth0 parent 1:22 handle 22: sfq perturb 10
# high priority (small packets), used for ACKs
iptables -A POSTROUTING -t mangle -o eth0 -p tcp -m length --length :64 -j MARK --set-mark 21
# ssh, imaps, https and im traffic
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --dport 22 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --dport 46814 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --dport 46822 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --dport 993 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --dport 1863 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --dport 5190 -j MARK --set-mark 21
# mldonkey
#iptables -A OUTPUT -t mangle -o eth0 -m owner --uid-owner 1000 -j MARK --set-mark 22
# at the end, mark all traffic that is for the local LAN to be put into 10
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --sport 2728 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o eth0 -p udp --sport 2728 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --sport 4662 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o eth0 -p udp --sport 4666 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --sport 6881 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --sport 6882 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o eth0 -p tcp --sport 6998 -j MARK --set-mark 22
# flow handling (after marking)
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
These lines define 3 classes for internet upload: bulk traffic (http and so on), high priority (ssh, https, imaps and im) and p2p from mldonkey. HTB for each one (defines a max bandwith usage and how much can borrow from other classes) and SFQ inside in order to give the same oportunity to every connection in the class.
With this little script you can see a top-like view of class usage:
16:11:05 up 19 days, 4:09, 2 users, load average: 0.00, 0.00, 0.00
Interval Cumulated Total
Dev Classid Tokens Ctokens Rate Speed Send Send
-------------------------------------------------------------------------
eth0 1:1 3983 3983 269.40KB 33.12KB/s 17.35MB 340.34MB
eth0 1:10 4228 4227 0B 0B/s 0B 0B
eth0 1:11 -33312 -33312 269.82KB 33.12KB/s 17.35MB 340.34MB
eth0 1:20 82740 30310 4.25KB 140B/s 346.53KB 6.88MB
eth0 1:21 43418 30310 1000B 45B/s 132.36KB 89.18MB
eth0 1:22 -13924 -66144 264.56KB 30.04KB/s 16.88MB 244.29