Simple queues scenario

UsRb · August 24, 2007, 10:24am

I have following scenario on my network. My question is: why can’t I use simple queues on MT 1 for each user on network to shape internet bandwidth? I’m using web proxy on MT 1, and MT2 and MT3 as child proxies.

sergejs · August 24, 2007, 10:41am

Do you use masquearde on MT2 and MT3 ?
If you are using src-nat, then entire networks that are behind these routers at MT1 are represented as 10.19.1.2.
It is obvious that it is not enough to set limitations for all users.
If you have proper routing and two communication is possible between MT1/MT2/MT3 networks, then you can add ‘queue simple’ at MT1.

UsRb · August 24, 2007, 11:02am

I am using masquerade only on MT1, but for whole 10.19.0.0/16 subnet. Routing is RIP on all 3 MT’s and traffic can get anywhere from any host. Also, connection tracking can see every source host going toward internet direction and back.
Right now there is queue tree setup on MT1, but shaping is not working very well.

sergejs · August 24, 2007, 11:20am

Probably there are problems with queue tree configuration, as it should work.
What kind of problems do you have and which configuration you are using on MT1 ?

UsRb · August 24, 2007, 12:31pm

This is my configuration on MT1. I am using web proxy also!

Interface

NAME TYPE RX-RATE TX-RATE MTU

0 R Switch-vojna ether 0 0 1500 - 10.19.20.0/24
1 R AP-Pavlovec ether 0 0 1500 - 10.19.40.0/24
2 R Internet ether 0 0 1500 - 10.19.10.0/24
3 R Veza-lug wlan 0 0 1500 - 10.19.1.1
4 R Veza-centar wlan 0 0 1500 - 10.19.30.0/24
5 R T-com pppoe-out 0 0 1480 - public IP (by provider) - on Internet interface

Mangle

0 ;;; Download i upload
chain=forward src-address=10.19.0.0/16 action=mark-connection
new-connection-mark=upload_konekcije passthrough=yes

1 chain=forward src-address=10.19.0.0/16 protocol=tcp
connection-mark=upload_konekcije action=mark-packet
new-packet-mark=paketi_upload passthrough=yes

2 chain=forward dst-address=10.19.0.0/16 action=mark-connection
new-connection-mark=download_konekcije passthrough=yes

3 chain=forward dst-address=10.19.0.0/16 protocol=tcp
connection-mark=download_konekcije action=mark-packet
new-packet-mark=download_paketi passthrough=yes

4 ;;; P2p
chain=forward src-address=10.19.0.0/16 dst-address=!10.19.0.0/16
p2p=all-p2p action=mark-packet new-packet-mark=p2p_up passthrough=yes

5 chain=forward src-address=!10.19.0.0/16 dst-address=10.19.0.0/16
p2p=all-p2p action=mark-packet new-packet-mark=p2p_down passthrough=yes
6 ;;; Lokalna mre a
chain=forward src-address=10.19.0.0/16 dst-address=10.19.0.0/16
action=mark-connection new-connection-mark=lokalni_promet
passthrough=yes

7 ;;; FTP
chain=forward connection-type=ftp action=mark-connection
new-connection-mark=ftp_konekcija passthrough=no

8 chain=forward connection-mark=lokalni_promet action=mark-packet
new-packet-mark=lokalni_promet passthrough=yes

9 chain=postrouting src-address=10.0.0.0/8 dst-address=!10.0.0.0/8
connection-mark=ftp_konekcija action=mark-packet
new-packet-mark=upload_high passthrough=no

10 chain=prerouting src-address=10.0.0.0/8 dst-address=!10.0.0.0/8
connection-mark=ftp_konekcija action=mark-packet
new-packet-mark=upload_high passthrough=no

11 ;;; Igre
chain=forward src-address=10.19.0.0/16 dst-address=!10.19.0.0/16
protocol=tcp dst-port=3724 action=mark-packet
new-packet-mark=upload_high passthrough=no

12 chain=forward src-address=10.19.0.0/16 protocol=udp dst-port=28960
action=mark-packet new-packet-mark=upload_high passthrough=no

13 chain=forward src-address=10.19.0.0/16 protocol=tcp dst-port=28960
action=mark-packet new-packet-mark=upload_high passthrough=no

14 chain=forward src-address=10.19.0.0/16 dst-address=!10.19.0.0/16
protocol=tcp dst-port=6112 action=mark-packet
new-packet-mark=upload_high passthrough=no

15 chain=forward src-address=10.19.0.0/16 dst-address=!10.19.0.0/16
protocol=udp dst-port=6112 action=mark-packet
new-packet-mark=upload_high passthrough=no

16 ;;; Mail
chain=forward src-address=10.19.0.0/16 dst-address=!10.19.0.0/16
protocol=tcp dst-port=25 action=mark-packet new-packet-mark=upload_mail
passthrough=no

17 chain=forward src-address=!10.19.0.0/16 dst-address=10.19.0.0/16
protocol=tcp src-port=110 action=mark-packet
new-packet-mark=download_mail passthrough=no

Queue tree

0 name="p2p_160k" parent=Download packet-mark=p2p_down limit-at=100000
queue=PCQ_download priority=8 max-limit=160000 burst-limit=0
burst-threshold=0 burst-time=0s

1 name="Download" parent=global-out packet-mark="" limit-at=0
queue=PCQ_download priority=1 max-limit=5000000 burst-limit=0
burst-threshold=0 burst-time=0s

2 name="Upload" parent=T-com packet-mark="" limit-at=0 queue=PCQ_upload
priority=2 max-limit=500000 burst-limit=0 burst-threshold=0
burst-time=0s

3 name="Download_korisnici" parent=Download packet-mark=download_paketi
limit-at=500000 queue=PCQ_download priority=1 max-limit=3000000
burst-limit=0 burst-threshold=0 burst-time=0s

4 name="Upload_korisnici" parent=Upload packet-mark=paketi_upload
limit-at=60000 queue=PCQ_upload priority=4 max-limit=70000 burst-limit=0
burst-threshold=0 burst-time=0s

5 name="P2p_20k" parent=Upload packet-mark=p2p_up limit-at=0
queue=PCQ_upload priority=8 max-limit=20000 burst-limit=0
burst-threshold=0 burst-time=0s

6 name="Igre" parent=Upload packet-mark=upload_high limit-at=100000
queue=PCQ_upload priority=1 max-limit=130000 burst-limit=0
burst-threshold=0 burst-time=0s

7 name="Mail_up" parent=Upload packet-mark=upload_mail limit-at=40000
queue=PCQ_upload priority=2 max-limit=60000 burst-limit=0
burst-threshold=0 burst-time=0s

8 name="Mail_down" parent=Download packet-mark=download_mail limit-at=15000>
queue=PCQ_download priority=2 max-limit=200000 burst-limit=0
burst-threshold=0 burst-time=0s