红联Linux门户
Linux帮助

linux网关之流量控制(Qos)

发布时间:2006-08-11 09:43:25来源:红联作者:zz123
  iptables+TC进行流量控制 下面是我们一个子公司的一个linux网关的Qos设置,利用iptables和TC,感觉效果很好的。

实例1:


流量控制:


防火墙上eth0连接内网,eth1连接外网线路,带宽为2.5M,目标:


1、内网用户下载占用的带宽最多为1000kbit/s 而192.168.37.167主192.168.37.168下载带宽可达到1.5Mbit/s


2、内网中的192.168.37.124和192.168.37.140的上传占用的带宽最多为1.5M,而其它用户最多为150Kbit/s


(这样的流量控制后,内网中即使有人使用bt之类的软件也不怕。因为他的上传最多只能占用150Kbit/s,下载最多1000kbit/s ^-^)


#!/bin/sh



TC="/sbin/tc"

LAN_IFACE="eth0"

INET_IFACE="eth1"

ERP1="192.168.37.167/32"

ERP2="192.168.37.168/32"

INTERNAL_LAN="192.168.37.0/24"



start(){



#################### Qos rule on eth0 ########################



#$TC qdisc add dev eth1 root tbf rate 512kbit lantency 50ms burst 1540

if [ "$LAN_IFACE" != "" ];then

$TC qdisc add dev $LAN_IFACE root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8

$TC class add dev $LAN_IFACE parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 2.5Mbit weight 3Mbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded

$TC class add dev $LAN_IFACE parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 1500kbit weight 2Mbit prio 6 allot 1514 cell 8 maxburst 20 avpkt 1000

$TC class add dev $LAN_IFACE parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 1000kbit weight 1Mbit prio 7 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded

$TC qdisc add dev $LAN_IFACE parent 1:2 handle 20: sfq

$TC qdisc add dev $LAN_IFACE parent 1:3 handle 30: sfq

$TC filter add dev $LAN_IFACE parent 1:0 protocol ip prio 2 u32 match ip dst $ERP1 flowid 1:2

$TC filter add dev $LAN_IFACE parent 1:0 protocol ip prio 2 u32 match ip dst $ERP2 flowid 1:2

$TC filter add dev $LAN_IFACE parent 1:0 protocol ip prio 4 u32 match ip dst $INTERNAL_LAN flowid 1:3

echo ""

echo ""

echo "qos rule on eth0 start ...........ok!"

echo ""

echo ""

fi



#################### Qos rule on eth1 ########################



if [ "$INET_IFACE" != "" ];then

iptables -F -t mangle

iptables -X -t mangle

iptables -Z -t mangle

iptables -A PREROUTING -t mangle -s $ERP1 -j MARK --set-mark 1

iptables -A PREROUTING -t mangle -s $ERP2 -j MARK --set-mark 1

iptables -A PREROUTING -t mangle -s 192.168.37.124/32 -j MARK --set-mark 1

iptables -A PREROUTING -t mangle -s 192.168.37.140/32 -j MARK --set-mark 1

iptables -I PREROUTING -t mangle -s $INTERNAL_LAN -j MARK --set-mark 2





$TC qdisc add dev $INET_IFACE root handle 2:0 cbq bandwidth 100Mbit avpkt 1000 cell 8

$TC class add dev $INET_IFACE parent 2:0 classid 2:1 cbq bandwidth 100Mbit rate 2Mbit weight 1Mbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded

$TC class add dev $INET_IFACE parent 2:1 classid 2:2 cbq bandwidth 100Mbit rate 1500kbit weight 150kbit prio 6 allot 1514 cell 8 maxburst 20 avpkt 1000

$TC class add dev $INET_IFACE parent 2:1 classid 2:3 cbq bandwidth 100Mbit rate 150kbit weight 20kbit prio 7 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded

$TC qdisc add dev $INET_IFACE parent 2:2 handle 20: sfq

$TC qdisc add dev $INET_IFACE parent 2:3 handle 30: sfq



$TC filter add dev $INET_IFACE parent 2:0 protocol ip prio 1 handle 1 fw classid 2:2

$TC filter add dev $INET_IFACE parent 2:0 protocol ip prio 2 handle 2 fw classid 2:3

echo ""

echo ""

echo "qos rule on eth1 start ...........ok!"

echo ""

echo ""

fi



}



stop(){



if [ "$LAN_IFACE" != "" ];then

$TC qdisc del dev $LAN_IFACE root

fi

if [ "$INET_IFACE" != "" ];then

$TC qdisc del dev $INET_IFACE root

fi

iptables -F -t mangle

iptables -X -t mangle

iptables -Z -t mangle



}



status(){

echo "show qdisc ............ "

echo ""

echo ""

echo ""

$TC -d -s qdisc

echo ""

echo ""

echo "show filter ............ "

echo ""

echo ""

if [ "$LAN_IFACE" != "" ];then

$TC -d -s filter ls dev $LAN_IFACE

fi

echo ""

echo ""

if [ "$INET_IFACE" != "" ];then

$TC -d -s filter ls dev $INET_IFACE

fi

echo ""

echo ""

echo "show class ............ "

echo ""

echo ""

if [ "$LAN_IFACE" != "" ];then

$TC -d -s class ls dev $LAN_IFACE

fi

echo ""

echo ""

if [ "$INET_IFACE" != "" ];then

$TC -d -s class ls dev $INET_IFACE

fi

echo ""

echo ""



}



case "$1" in

start)

start

;;

stop)

stop

;;

restart)

stop

start

;;

status)

status

;;

*)

echo $"Usage:$0 {start|stop|restart|status}"

exit 1

esac




实例2: 因涉及到保密性,暂不公开复杂的Qos设置。
文章评论

共有 4 条评论

  1. shengtai 于 2009-11-16 20:19:41发表:

    不错

  2. huizhi969 于 2009-11-16 10:38:07发表:

    {:2_95:}

  3. yhl79 于 2009-11-16 09:51:24发表:

    {:2_97:}

  4. super123 于 2009-06-14 22:08:59发表:

    强!!!!!!!!!!!!!!