ADSL Bandwidth Management HOWTO §@ªÌ:Dan Singletary dvsing@sonicspike.net ĶªÌ:³¯±Ó¼C expns@yahoo.com _________________________________________________________________ ³o¥÷¤åÀÉ´yz¦p¦ó±N Linux ³]©w¦¨¾Ö¦³±a¼eºÞ²z¥\¯àªº¸ô¥Ñ¾¹,¦³®Ä¦aºÞ²zADSL ©M¨ä¥¦bandwidth ³]³Æ(cable modem, ISDN, µ¥µ¥) _________________________________________________________________ 1. ¤¶²Ð * 1.1 ¤åÀɪº³Ì·sª©¥» * 1.2 ¶l¥ó¦Cªí * 1.3 Án©ú * 1.4 ´¼¼z°]²£Åv©M³\¥i * 1.5 ¤ÏõX»P×¥¿ 2. I´º * 2.1 ¥²n±ø¥ó * 2.2 §G§½ * 2.3 Packet Queues(¼Æ¾Ú¥]¶¤¦C) 3. ¤u§@ì²z * 3.1 Throttling Outbound Traffic with Linux HTB(¨Ï¥ÎHTB±±¨î¥X¯¸³q °T) * 3.2 Priority Queuing with HTB(¨Ï¥Î HTB ³]©w¶¤¦CÀu¥ýÅv) * 3.3 ¨Ï¥Îiptables ¹º¤À¥X¯¸ªº³q°T * 3.4 ÁÙ¥i¥H¦A«õ±¸¤@¤U * 3.5 Attempting to Throttle Inbound Traffic(±±¨î¤J¯¸ªº³q°T) * 3.6 ¬°¤°»ò¤J¯¸ªº³q°T¨î¬Ý°_¨Ó¤£«ç»ò¼Ë 4. °õ¦æ * 4.1 Caveats * 4.2 Script: myshaper 5. ´ú¸Õ 6. OK It Works!! Now What? _________________________________________________________________ 1. ¤¶²Ð ¤åÀɪº¥Ø¦a¬O´£¨Ñ¤@Ó¥i¦æªº¤èªkºÞ²zADSL(cable mode)¥X¯¸ªº³q«H. 1.1 ¤åÀɪº³Ì·sª©¥» ±z¥i¥H¦b [1]http://www.tldp.org §ä¨ì³o¥÷¤åÀɪº³Ì·sª©¥». 1.2 ¶l¥ó¦Cªí ¦³ÃöADSL Bandwidth Manage ªº°ÝÃD©M«H®§½Ðq¾\: [2]jared.sonicspike.net 1.3 Án©ú ¦pªG±Ä¥Î¤F³o¥÷HOWTO·í¤¤ªº¤èªk¦Ó¹ï³]³Æ©Î³y¦¨¥ô¦ó¹k¥¢,µL½×¬O§@ªÌ, ´²§GªÌ ©Î¹ï³o¥÷HOWTO¦³°^Ämªº¤H³£±N©Úµ´©Ó¾á¥ô¦ó³d¥ô. 1.4 ´¼¼z°]²£Åv©M³\¥i ¦¹HOWTOªº´¼¼z°]²£Åv¬°Dan Singletary©Ò¦³: This document is copyright 2002 by Dan Singletary, and is released under the terms of the GNU Free Documentation License, which is hereby incorporated by reference. 1.5 ¤ÏõX»P×¥¿ ¦pªG±z¹ïHOWTO¦³¤°»ò°ÝÃD©Î¬Ýªk,½Ð¦b¦³ªÅªº®ÉÔµ¹§@ªÌ ¨Óe-mail:dvsing@sonicspike.net 2. I´º 2.1 ¥²n±ø¥ó nÂI: ³o¨Ç¤èªk¾¨ºÞ¨S¦³¦b¨ä¥¦ªºµo¦æª©¤¤¸ÕÅç¹L,§Ú·Q¥¦¥¿±`¤u§@¤j·§¨S¤°»ò °ÝÃD.¤U±¬O¹B¦æªºÀô¹Ò: * Red Hat Linux 7.3 * 2.4.18-5 §¹¥þ¤ä«ù QoS ªº®Ö¤ßª©¥» (¼Ò²Õ¤]¥i¥H) ¥]§t¥H¤Uªºpatches ( ¸É¤B)(¥i¯à·|³Ì²×¥[¤J¨ì³Ì·sªº®Ö¤ß·í¤¤): * HTB queue - [3]http://luxik.cdi.cz/~devik/qos/htb/ ª`·N: Mandrake( °Ò¼wµÜ§J8.1, 8.2)ªº®Ö¤ß¦Û 2.4.18-3 °_´N¦³¤FHTB ªº patches. * IMQ device - [4]IMQ device - http://luxik.cdi.cz/~patrick/imq/ * iptables ª©¥»v1.2.6a ©Î§ó·sªº(version of iptables distributed with Red Hat 7.3 is missing the length module) Note: Previous versions of this document specified a method of bandwidth control that involved patching the existing sch_prio queue. It was found later that this patch was entirely unnecessary. Regardless, the newer methods outlined in this document will give you better results (although at the writing of this document 2 kernel patches are now necessary. :) Happy patching.) 2.2 §G§½ ¤ÆÁc¬°Â²,©Ò¦³ªº³]©w¨Ì·Ó¤U±³oÓ§G§½¶i¦æ: ______________________________________________________________ <-- 128kbit/s -------------- <-- 10Mbit --> Internet <--------------------> | ADSL Modem | <-------------------- 1.5Mbit/s --> -------------- | | eth0 V ----------------- | | | Linux Router | | | ----------------- | .. | eth1..ethN | | V V Local Network ______________________________________________________________ 2.3 Packet Queues(¼Æ¾Ú¥]¶¤¦C) Packet Queues¬O¤@Ó®e¾¹, ·í¼Æ¾Ú¤£¯à³Qºôµ¸³]³Æ¥ß¬J°e¨«ªº®ÉÔ, Packet Queues t³d¼È®É¦¬¯d¥¦Ì. °£«D³Q³]©w¦¨¥t¥~¤@ºØ¤è¦¡,§_«h¼Æ¾Ú¥]¬O«ö FIFO (first in, first out ³Ì¦¶i¤JQueuesªº¼Æ¾Ú±N³Q³Ì§Öµo°e¨«) ¶i¦æ±Æ¶¤. The Upstream(¦V¤W¶Ç¿é) ADSLªº±a¼e¥Ñ¤£¹ïºÙªº 1.5Mbit/s downstream(¦V¤U¶Ç¿é)©M128kbit/sec upstream(¦V¤W¶Ç¿é)²Õ¦¨. Linux ¸ô¥Ñ¾¹(¥D¾÷)¦PADSL modemªº³sµ²³t²v ¦b10Mbits/s¥ª¥k.¦pªG Linux ¸ô¥Ñ¾¹¦P Local Network(¥»¦aºôµ¸) ªº³sµ²³t²v ¤]¦b10Mbits/s¥ª¥k,¸ô¥Ñ¾¹©MLocal Network(¥»¦aºôµ¸)ªºQueues(¶¤¦C)´N¤£·| ¦s¦b.¦ý¥H10Mbits/s¨ì¹FADSL modemªº¼Æ¾Ú¥]«on¥H128kbit/sec ¶Ç¿é ¨ìInternet.¦]¦¹¼Æ¾Ú¥]±N¦bADSL modem§Î¦¨Queues,ADSL modem±N¤£¯àÀ³¥I¦Ó²£ ¥Í¼Æ¾Ú¥]¥á¥¢²{¶H. TCP´N¬O¥Î¨Ó±±¨îÃþ¦ü³o¼Ëªº±¡ªp,¥¦½Õ¾ã¶Ç¿éµ¡¤fªº¤j¤p¥H ¹F¨ì§Q¥Î±a¼eªº³Ì¨Î®ÄªG. TCP±±¨îQueues(¶¤¦C)¥H§Q¥Î±a¼e. ¸û¤jªºFIFO Queues±N©µªø¼Æ¾Ú¥]ªº¶Ç°e®É ¶¡. ¥t¤@ºØ¦PFIFO¦³ÂI¬Û¦üªºQueues(¶¤¦C)¬O n-band priority queue, ¥¦¨ú¥NFIFO ¥u¦³¤@Ó¶¤¦Cªº°µªk, ¼Æ¾Ú¥]¤À¯Å§O±Æ¥X¦hÓFIFO Queues(¶¤¦C), ¨C¤@ ÓQueues³£¦³Àu¥ý¯Å§Oªº³]©w, Á`¬O±q¯Å§O°ªªºQueues±N¼Æ¾Údequeued(¥X¦C). ¨Ï¥Î³oºØ¤èªk,FTP©Mtelnet¦P®É¤W¸ü¼Æ¾Ú¥]ªº®ÉÔ, telnetªº¼Æ¾Ú¥]±N±o¨ì§ó°ª ªºÀu¥ý¯Å§O.³æ¿Wªºtelnet¼Æ¾Ú¥]±N³Q¥ß¬Jµo°e. Linux ¨Ï¥Î¤@ºØ·sªºQueues: Hierarchical Token Bucket (HTB Ķ¬°¤À¯Å«¬¦¡ ªº¶¤¦C®e¾¹). ¥¦¦³ÂI¹³n-band priority queue, ¦ýn-band priority queue¦b ¨CӯŧO¤¤¥u¦³¨î¼Æ¾Ú³q°Tªº¯à¤O. HTB¦³¤@¶µ§ó¥[¥ý¶iªº¥\¯à:¦b¤w¦³ªº¯Å§O ¤§¤W¯à°÷«Ø¥ß¤@Ó·sªº¯Å§O³q°T.§ó¦hªº¸ê°T½Ð°Ñ·Ó: [5] http://www.lartc.org/ The Downstream(¦V¤U¶Ç¿é) ±qInternetµo°e¦ÜADSL modemªº¼Æ¾Ú¥]¤J¯¸©M¼Æ¾Ú¥]¥X¯¸ªºQueues¤j¦Ü¬Û¦P. ¤£ ºÞ«ç¼Ë, queue ·|¶°¦b±zªºISP¨º¸Ì. ¦]¬°³o¼Ë±z¤j·§¤£¯àª½±µ±±¨î¼Æ¾Ú¥]¦p¦ó ±Æ¶¤©Î¥HþºØ§Î¦¡¤À°tÀu¥ýÅv. ¥u¦³¤@ºØ¤èªk¨ÓÁYµu³o¸Ìªº¤ÏÀ³®É¶¡:´Á±æ¦V±z µo°e¼Æ¾Ú¥]ªº®ÉÔ¤£n¤Ó§Ö. ¤£©¯ªº¬O,±zµLªkª½±µ±±¨î¼Æ¾Ú¥]ªº¨ì¹F³t«×. ³o ¸Ì¦³¤@¨Ç¤èªk±Nµo°eªÌªº³t«×´îºC: * ¬G·N±N¤J¯¸¼Æ¾Ú¥]¥á±ó. TCP is designed to take full advantage of the available bandwidth while also avoiding congestion of the link. This means that during a bulk data transfer TCP will send more and more data until eventually a packet is dropped. TCP detects this and reduces it's transmission window. This cycle continues throughout the transfer and assures data is moved as quickly as possible. * ¾ÞÁaadvertised receive window(¼s§i±µ¦¬µ¡)- During a TCP transfer, the receiver sends back a continuous stream of acknowledgment (ACK) packets. Included in the ACK packets is a window size advertisement which states the maximum amount of unacknowledged data the receiver should send. By manipulating the window size of outbound ACK packets we can intentionally slow down the sender. At the moment there is no (free) implementation for this type of flow-control on Linux (however I may be working on one!). 3. ¤u§@ì²z ¦³´XÓ¨BÆJ¥i¥HÀu¤Æupstream bandwidth(¦V¤W¶Ç¿éªº±a¼e).²Ä¤@¬O±NLinux¸ô¥Ñ ¾¹¦ÜADSL modemªº¶Ç¿é±a¼e°§C¨ì ADSL modem¦ÜInternetªº±a¼e¥H¤U.¦b Linux ¸ô¥Ñ¾¹§Î¦¨¼Æ¾Ú¥]¶¤¦C. ²Ä¤G,¦b¸ô¥Ñ¾¹³]©w¶¤¦CªºÀu¥ýÅv©M²Õ´¤èªk. §Ú̱N±qtelnet , ¦h¤H³s½u¹CÀ¸¥H¤Î¥æ¤¬³nÅé¨Ó¦Ò¬d¶¤¦CªºÀu¥ýÅv. ¨Ï¥Î HTB ±±¨î¶¤¦C,§ÚÌ¥i¥H¦P®É³]©w±a¼e±±¨î©M¶¤¦CÀu¥ýÅv,¨Ã¥BÀu¥ý¯Å§O¤£ ·|¬Û¤¬¨î¬ù. ²Ä¤T,³]©w¨¾¤õÀð¨Ï¥Îfwmark°Ï¤À¼Æ¾Ú¥]ªº¦¸§Ç. 3.1 Throttling Outbound Traffic with Linux HTB(¨Ï¥ÎHTB±±¨î¥X¯¸³q°T) §Ú̱N¨Ï¥ÎHTP±±¨î¼Æ¾Ú¥]¨ì¹F ADSL modem ªº³t²v, ¬°¤FÁYµu¤ÏÀ³®É¶¡,§ÚÌ¥² »Ý«OÃÒ¤£¦b ADSL modem §Î¦¨þ©È¬O¥u¦³¤@Ӽƾڥ]ªº¶¤¦C. Note: previous claims in this section (originally named N-band priority queuing) were later found to be incorrect. It actually WAS possible to classify packets into the individual bands of the priority queue by only using the fwmark field, however it was poorly documented at the writing of version 0.1 of this document 3.2 Priority Queuing with HTB(¨Ï¥Î HTB ³]©w¶¤¦CÀu¥ýÅv) ²{¦b,§Ṳ́´¤£ª¾¦p¦ó§¹µ½©Ê¯à, §ÚÌ¥u¬O±N¶¤¦C±qADSL modem Âಾ¨ìLinux¸ô ¥Ñ¾¹¤W¦Ó¤x. ¦pªG²{¦b¦³100Ó ¼Æ¾Ú¥]ªº´¶³q¶¤¦C¥X²{¦b·í«eªº³]©w¤¤,§Ú±N¤£ ´±·Q¹³¥¦ªºµ²ªG, ¦ý³o¥u¬O¤@®Éªº¦M¾÷¦Ó¤x. HTB·í¤¤¨CÓ¬Û¾Fªº¶¤¦C¥i¥H¤À°t¨ì¤@ÓÀu¥ýÅv.¦b¤£¦Pªº¯Å§O·í¤¤³]©w¤£¦PªºÃþ «¬.¦Û±q§ÚÌ¥i¥H¬°¨CӯŧO³]©w¤@ӳ̤p«OÃÒÈ, §ÚÌ´N¾Ö¦³¤F±±¨î¼Æ¾Ú¥]ªº ¥X¦C©Mµo°e¦¸§Ç¯à¤O. HTB¥i¥H«Ü¦n¦a°µ¨ì³oÂI¨Ã¥B¤£·|ÅýÀu¥ý¯Å¬Û¤¬¨î¬ù.. ³]©w¤F¯Å§O¥H«á,§Ų́ϥιLÂo¾¹±N³q«H¶i¦æ¯Å§O¹º¤À.¦³´XºØ¤èªk¥i¥H¹ê²{,¦ý §ÚÌ¥u¤¶²Ð±`¥Îªºiptables/ipchains. §Ú̱N¨Ï¥Îiptables³]©w¤@¨Ç³W«h±N¤£ ¦Pªº³q«H¹º¤J¨ì¤£¦Pªº¯Å§O·í¤¤. 3.3 ¨Ï¥Îiptables ¹º¤À¥X¯¸ªº³q°T Note: originally this document used ipchains to classify packets. The newer iptables is now used. ³o¸Ì¦³¤@Ó²³æªº´yz,¥X¯¸ªº¼Æ¾Ú¥]¦p¦ó±q0x00ªºµ¥¯Å¶}©l,¹º¤J4Ó¤£¦Pªºµ¥ ¯Å·í¤¤: * ±N©Ò¦³¼Æ¾Ú¥]ªº¯Å§O³]¬°0x03,³o¬O³Ì§Cªº¯Å§O. * ±NICMPªº¼Æ¾Ú¥]¯Å§O³]¬°0x00, ·QÅýpingªº¤ÏÀ³§ó§Ö,´N¥²»Ý±o¨ì³Ì°ª¯Å§O ªºÀu¥ýÅv. * ±N©Ò¦³µo©¹¥Ø¼ÐºÝ¤f¬°25ªº¼Æ¾Ú¥]¯Å§O³]©w¬°0x03,¦pªG¦³½Öµo°eªºe-mail ±a¦³¤@ӫܤjªºªþ¥ó, §Ú̪º³q°T´N·|¹³³´¤Jªh¿A¤@¼Ë¤o¨BÃø¦æ, ·íµM,§Ú ̨䣷Q¨º¼Ë. * ±N©Ò¦³µo©¹¹CÀ¸ªA°È¾¹ªº¼Æ¾Ú¥]¯Å§O³]©w¬°0x02,³o±Nµ¹¹CÀ¸¤@Ó¾A¤¤ªº¤Ï À³®É¶¡. but will keep them from swamping out the system applications that require low latency. * ±N©Ò¦³µo©¹¥Ø¼ÐºÝ¤f¬°1024©Î§ó§Cªº¼Æ¾Ú¥]¯Å§O³]©w¬°0x01,ªí¥Ü µ¹telnet,SSHµ¥Ãþ«¬ªº¨t²ÎªA°È´£¨ÑÀu¥ýÅv. FtpªººÝ¤f¤]¦b³oÓ½d³ò¤§¤º. ±N¥ô¦ó"¸û¤p"ªº¼Æ¾Ú¥]¯Å§O³]©w¬°0x02,Outbound ACK packets from inbound downloads should be sent promptly to assure efficient downloads. This is possible using the iptables length module. ·íµM,¥¦ÁÙ¥i¥H¨Ì¾Ú±zªº»Ý¨D¨Ó³]©w. 3.4 ÁÙ¥i¥H¦A«õ±¸¤@¤U n¥[§Ö¤ÏÀ³±z¦Ü¤Ön°µ¨â¥ó¥H¤Wªº¨Æ±¡. º¥ý, ±N³Ì¤j¶Ç¿é³æ¤¸(MTU)³]©w ¦b1500bytes¥H¤U, °§C³oÓÈ´N·|ÁYµu¥§¡µ¥«Ý®É¶¡, ³o·|´î»´ºôµ¸ªºt¸ü(«ì ´_¤F¹ê»Ú¥i¥Îªº§]¦R¶q),¦]¬°¨CӼƾڥ]¤¤¦³40bytesªºIP©MTCP¸ê°T. ¥t¥~¥[§Ö ¤ÏÀ³ªº¤èªk¬O±N¶¤¦Cªø«×ÁYµu¦Ü100¥H¤U,³o¥i¥H¬Ù¥hADSL10¬í¬Û·í©ó²MªÅ¤@ Ó1500byteMTUªº®É¶¡. 3.5 Attempting to Throttle Inbound Traffic(±±¨î¤J¯¸ªº³q°T) ³q¹L¨Ï¥Î Intermediate Queuing Device (IMQ)¶¤¦C¤¤¶¡¥ó, §ÚÌ¥i¥H¹³³B²z¥X ¯¸¼Æ¾Ú¥]¤@¼Ë±N¤J¯¸¼Æ¾Ú¥]°e¤J¶¤¦C·í¤¤. ³oӮרҤ¤ªº¼Æ¾Ú¥]Àu¥ýÅv«D±`² ³æ. ±N¤£ÄÝ©óTCP½d³ò¤ºªº³q°T¯Å§O³]©w¬° 0x00, ÄÝ©óTCP½d³ò¤ºªº³q°T¯Å§O³] ©w¬° 0x01, ¤]¥i¥H±N"¸û¤p"ªºTCP¼Æ¾Ú¥]³q°T¯Å§O³]©w¬° 0x00,§Ú̱N§â¼Ð·Ç ªºFIFO¶¤¦C¯Å§O³]©w¬° 0x00 , §Ú̧âRandom Early Drop (RED) ¶¤¦C¯Å§O³]©w ¬°0x01 RED±N¦b¼Æ¾Ú¥]¬Ý°_¨Ó¥¢¥h±±¨îªº®ÉÔ(¶¤¦C±Nn·¸¥X), ´îºC¶Ç¿é©Î±N¼Æ ¾Ú¥]¥á±ó. §Ú̱N³Ì¤j¤Æ¤J¯¸³t²v(³t²v¤p©ó¹ê»Ú¯à°÷¹F¨ìªº).We'll also rate-limit both classes to some maximum inbound rate which is less than your true inbound speed over the ADSL modem. 3.6 ¬°¤°»ò¤J¯¸ªº³q°T¨î¬Ý°_¨Ó¤£«ç»ò¼Ë §ÚÌ¥²»Ý¨î¤J¯¸ªº³q°T,¥H¨¾¤îISPªº¶¤¦C¹¡©M, ³o¼Ë¬Û·í©ó½w½Ä5¬íªº¼Æ¾Ú, °ÝÃD¬O²{¦b°ß¤@ªº±±¨î³~®|¬O±N¼Æ¾Ú¥]¥á±ó.³o¨Ç¼Æ¾Ú¥]¥H¸g±qADSL modedm¨º¸Ì ±o¨ì¤F¤@¨Ç±a¼e. ¦ý¬O³o¨Ç¼Æ¾Ú¥]«o³Q¥á±ó¤F,³o¨Ç³Q¥á±óªº¼Æ¾Ú¥]³Ì²×·|¦Y±¼ §ó¦hªº±a¼e. ·í§Ų́î³q°Tªº®ÉÔ, §Ų́î¤F¨Ó¦Û¥»¦aºôµ¸ªº¼Æ¾Ú¥]¶Ç°e¤ñ ²v. ¦]¬°¦]¬°§ÚÌ¥á±óªº¨º¨Ç¼Æ¾Ú¥]©Ò¥H¹ê»Ú¤J¯¸ªº¶Ç°e¤ñ²v¦b¦¹¤§¤W. §ÚÌ¹ê »Ú¤W¨îªº¤J¯¸¤ñADSL modem¹ê»Ú¯à¹F¨ìªº¤ñ²vÁÙn§C. ¦b¹ê»Ú·í¤¤, §Ú±N¦Û¤v ªº1.5mbit/s downstream ADSL ¨î¦b700kbit/sec ,¨Ï¥¦¯à¨Ãµo5Ó¤U¸üªº³s µ². TCP·|¸Ü¶V¦h,®ö¶O¦b¥á±ó¼Æ¾Ú¥]ªº±a¼e´N¶V¦h,¨Ã¥B¼Æ²v¤ñ±zªº¨îÁÙn§C. §ó¦nªº³~®|¨Ó±±¨îTCP³q°T¬O¾Þ§@ TCP window, ¦ý¬O³oÓ¦n¹³Â÷ÃD¤F(§Úª¾¹D¦³ ¤@ºØ...) 4. °õ¦æ 4.1 Caveats ¨îµo°e¦ÜDSL modemªº¼Æ¾Ú³t²v¤£¹³¬Ý°_¦üªº¨º»ò²³æ. ¤j¦h¼Æ DSL modems ¥H¸g¯u¥¿¦a¦b±zªºISP¹h¹D©M linux box ¤§¶¡«Ø¥ß¤F¶Ç¿é¼Æ¾Úªº¥H¤Óºô¾ô±µ. ¤j ¦h¼Æªº DSL modems ¨Ï¥ÎATM§@¬°µo°e¼Æ¾Úªº³s±µ¼h. ATM Á`¬O¥H53bytes/³æ¤¸ ªº§Î¦¡µo°e¼Æ¾Ú.³o¨Ç¼Æ¾Ú·í¤¤ªº 5bytes ¬O«H®§ÀY ,¾l¤Uªº48bytes¤~¬O¶Ç¿éªº ¼Æ¾Ú.¬J¨Ï±zµo°e1byteªº¼Æ¾Ú,¤]±N¦]¬°ATM Á`¬O¥H 53bytes/³æ¤¸ ªº§Î¦¡µo°e ¼Æ¾Ú¦Ó®ø¯Ó53bytesªº±a¼e. ³oªí¥Ü±z±Nµo°e¤@ 0 bytes ¼Æ¾Ú + 20 bytes TCP ³øÀY + 20 bytes IP ³øÀY + 18 bytes ¥H¤Óºô³øÀY ²Õ¦¨ªºTCP ACK¼Æ¾Ú¥]. ¹ê»Ú¤W,¬J¨Ï±zµo°eªº¥H¤Óºô¼Æ¾Ú¥]¥u¦³40bytesªº¦³®Ät¸ü (TCP and IP header), ³Ì¤pªº¥H¤Óºô¼Æ¾Ú¥]¦³®Ät¸ü¼Æ¾Ú¬O46bytes,©Ò¥H¥t¥~ªº6bytes¬OªÅ ªºt¸ü. ³o·N¨ýµÛ¹ê»Ú¥H¤Óºô¼Æ¾Ú¥]¥[¤W³øÀY¬O 18 + 46 = 64 bytes. ¦bATMªº ³W«h¤¤,¦pªGµo°e64bytesªº¼Æ¾Ú,±z±Nµo°e¨âÓÁ`¦@¦û¾Ú106bytes±a¼eªºATM cells(³æ¤¸). ³oªí¥Ü¨Cµo°e¤@ÓTCP ACK ¼Æ¾Ú¥], ±z·|®ö¶O±¼42bytesªº±a¼e. ¦pªG Linux pºâ DSL modem ¨Ï¥Îªº«Ê¸Ë´N¨S¤°»ò°ÝÃD¤F, ¦ý¬O, Linux ¥upºâ TCP header, IP header, ©M 14 bytes ªº MAC ¦a§}. (Linux ¤£pºâ 4 bytes ªº CRC ¦]¬°³o¬O¥Î¨Ó±±¨îµwÅé¼hªº). Linux ¤£·|±N¥H¤Óºô¼Æ¾Ú¥]ªº³Ì¤pÈpºâ ¬° 46 bytes, ¤]¤£·|¥hpºâ©T©wªº ATM ³æ¤¸ªº¤j¤p. ³o¨Ç©Ò¦³ªº³£ªí¥Ü±z¨îªº¥X¯¸±a¼e¤ñ¹ê»Ú¤Wªºn§C¤@ÂI.±z¥²»Ý§ä¨ì³Ì¾A¦X±z ¦Û¤vªº¨îÈ. ¦ý¬O·í±z¤U¸ü¤@Ó¤j¤å¥ó®Éºôµ¸ªº¤ÏÀ³®É¶¡´N·|¼Éº¦¦Ü3¬í¥H¤W. ¦]¬°Linux¦b±a¼e®ø¯Ópºâªº»~®t, ©Ò¥H³o«Ü¥iµo¥Í. I have been working on a solution to this problem for a few months and have almost settled on a solution that I will soon release to the public for further testing. The solution involves using a user-space queue instead of linux's QoS to rate-limit packets. I've basically implemented a simple HTB queue using linux user-space queues. This solution (so far) has been able to regulate outbound traffic SO WELL that even during a massive bulk download (several streams) and bulk upload (gnutella, several streams) the latency PEAKS at 400ms over my nominal no-traffic latency of about 15ms. For more information on this QoS method, subscribe to the email list for updates or check back on updates to this HOWTO. 4.2 Script: myshaper ¤U±¬O§Ú¥Î¨Ó±±¨î¦Û¤v¸ô¥Ñ¾¹ªºscript. ¥X¯¸ªº³q°T¨Ì¾ÚÃþ«¬©ñ¤J¦Ü7Ó¶¤¦C·í ¤¤. ¤J¯¸ªº³q°T©ñ¤J¦Ü¨âÓ»PTCP¼Æ¾Ú(¦pªG¤J¯¸¼Æ¾Ú¶W¥X³t²v,TCP¼Æ¾Ú¥]´N³Q¥á ±ó)¦³Ãöªº¶¤¦C¤¤(lowest priority). script ·í¤¤µ¹¥Xªº³t²v¬Ý¤W¥h¤u§@±o«Ü ¦n,³o¬O¾A¦X§Ú¦Û¤vªº³]©w,¹ï©ó±z¨Ó»¡µ²ªG¥i¯à¤£¤j¬Û¦P. ³oÓ script ¬O¦b ADSL WonderShaper ªº°ò¦¤W¼g¥X¨Óªº,½Ð°Ñ·Ó: [6]LARTC website. ______________________________________________________________ #!/bin/bash # # myshaper - DSL/Cable modem outbound traffic shaper and prioritizer. # Based on the ADSL/Cable wondershaper (www.lartc.org) # # Written by Dan Singletary (8/7/02) # # NOTE!! - This script assumes your kernel has been patched with the # appropriate HTB queue and IMQ patches available here: # (subnote: future kernels may not require patching) # # http://luxik.cdi.cz/~devik/qos/htb/ # http://luxik.cdi.cz/~patrick/imq/ # # Configuration options for myshaper: # DEV - set to ethX that connects to DSL/Cable Modem # RATEUP - set this to slightly lower than your # outbound bandwidth on the DSL/Cable Modem. # I have a 1500/128 DSL line and setting # RATEUP=90 works well for my 128kbps upstream. # However, your mileage may vary. # RATEDN - set this to slightly lower than your # inbound bandwidth on the DSL/Cable Modem. # # # Theory on using imq to "shape" inbound traffic: # # It's impossible to directly limit the rate of data that will # be sent to you by other hosts on the internet. In order to shape # the inbound traffic rate, we have to rely on the congestion avoidance # algorithms in TCP. Because of this, WE CAN ONLY ATTEMPT TO SHAPE # INBOUND TRAFFIC ON TCP CONNECTIONS. This means that any traffic that # is not tcp should be placed in the high-prio class, since dropping # a non-tcp packet will most likely result in a retransmit which will # do nothing but unnecessarily consume bandwidth. # We attempt to shape inbound TCP traffic by dropping tcp packets # when they overflow the HTB queue which will only pass them on at # a certain rate (RATEDN) which is slightly lower than the actual # capability of the inbound device. By dropping TCP packets that # are over-rate, we are simulating the same packets getting dropped # due to a queue-overflow on our ISP's side. The advantage of this # is that our ISP's queue will never fill because TCP will slow it's # transmission rate in response to the dropped packets in the assumption # that it has filled the ISP's queue, when in reality it has not. # The advantage of using a priority-based queuing discipline is # that we can specifically choose NOT to drop certain types of packets # that we place in the higher priority buckets (ssh, telnet, etc). This # is because packets will always be dequeued from the lowest priority class # with the stipulation that packets will still be dequeued from every # class fairly at a minimum rate (in this script, each bucket will deliver # at least it's fair share of 1/7 of the bandwidth). # # Reiterating main points: # * Dropping a tcp packet on a connection will lead to a slower rate # of reception for that connection due to the congestion avoidance algorith m. # * We gain nothing from dropping non-TCP packets. In fact, if they # were important they would probably be retransmitted anyways so we want to # try to never drop these packets. This means that saturated TCP connectio ns # will not negatively effect protocols that don't have a built-in retransmi t like TCP. # * Slowing down incoming TCP connections such that the total inbound rate is less # than the true capability of the device (ADSL/Cable Modem) SHOULD result i n little # to no packets being queued on the ISP's side (DSLAM, cable concentrator, etc). Since # these ISP queues have been observed to queue 4 seconds of data at 1500Kbp s or 6 megabits # of data, having no packets queued there will mean lower latency. # # Caveats (questions posed before testing): # * Will limiting inbound traffic in this fashion result in poor bulk TCP per formance? # - Preliminary answer is no! Seems that by prioritizing ACK packets (smal l <64b) # we maximize throughput by not wasting bandwidth on retransmitted packet s # that we already have. # # NOTE: The following configuration works well for my # setup: 1.5M/128K ADSL via Pacific Bell Internet (SBC Global Services) DEV=eth0 RATEUP=90 RATEDN=700 # Note that this is significantly lower than the capacity of 1500. # Because of this, you may not want to bother limiting inbound traf fic # until a better implementation such as TCP window manipulation can be used. # # End Configuration Options # if [ "$1" = "status" ] then echo "[qdisc]" tc -s qdisc show dev $DEV tc -s qdisc show dev imq0 echo "[class]" tc -s class show dev $DEV tc -s class show dev imq0 echo "[filter]" tc -s filter show dev $DEV tc -s filter show dev imq0 echo "[iptables]" iptables -t mangle -L MYSHAPER-OUT -v -x 2> /dev/null iptables -t mangle -L MYSHAPER-IN -v -x 2> /dev/null exit fi # Reset everything to a known state (cleared) tc qdisc del dev $DEV root 2> /dev/null > /dev/null tc qdisc del dev imq0 root 2> /dev/null > /dev/null iptables -t mangle -D POSTROUTING -o $DEV -j MYSHAPER-OUT 2> /dev/null > /dev/n ull iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null iptables -t mangle -D PREROUTING -i $DEV -j MYSHAPER-IN 2> /dev/null > /dev/nul l iptables -t mangle -F MYSHAPER-IN 2> /dev/null > /dev/null iptables -t mangle -X MYSHAPER-IN 2> /dev/null > /dev/null ip link set imq0 down 2> /dev/null > /dev/null rmmod imq 2> /dev/null > /dev/null if [ "$1" = "stop" ] then echo "Shaping removed on $DEV." exit fi ########################################################### # # Outbound Shaping (limits total bandwidth to RATEUP) # set queue size to give latency of about 2 seconds on low-prio packets ip link set dev $DEV qlen 30 # changes mtu on the outbound device. Lowering the mtu will result # in lower latency but will also cause slightly lower throughput due # to IP and TCP protocol overhead. ip link set dev $DEV mtu 1000 # add HTB root qdisc tc qdisc add dev $DEV root handle 1: htb default 26 # add main rate limit classes tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit # add leaf classes - We grant each class at LEAST it's "fair share" of bandwidt h. # this way no class will ever be starved by another class. Each # class is also permitted to consume all of the available ba ndwidth # if no other classes are in use. tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[$RATEUP/7]kbit ceil ${ RATEUP}kbit prio 0 tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[$RATEUP/7]kbit ceil ${ RATEUP}kbit prio 1 tc class add dev $DEV parent 1:1 classid 1:22 htb rate $[$RATEUP/7]kbit ceil ${ RATEUP}kbit prio 2 tc class add dev $DEV parent 1:1 classid 1:23 htb rate $[$RATEUP/7]kbit ceil ${ RATEUP}kbit prio 3 tc class add dev $DEV parent 1:1 classid 1:24 htb rate $[$RATEUP/7]kbit ceil ${ RATEUP}kbit prio 4 tc class add dev $DEV parent 1:1 classid 1:25 htb rate $[$RATEUP/7]kbit ceil ${ RATEUP}kbit prio 5 tc class add dev $DEV parent 1:1 classid 1:26 htb rate $[$RATEUP/7]kbit ceil ${ RATEUP}kbit prio 6 # attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ in sures that # within each class connections will be treated (almost) fairly. tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10 tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10 tc qdisc add dev $DEV parent 1:23 handle 23: sfq perturb 10 tc qdisc add dev $DEV parent 1:24 handle 24: sfq perturb 10 tc qdisc add dev $DEV parent 1:25 handle 25: sfq perturb 10 tc qdisc add dev $DEV parent 1:26 handle 26: sfq perturb 10 # filter traffic into classes by fwmark - here we direct traffic into priority class according to # the fwmark set on the packet (we set fwmark with iptables # later). Note that above we've set th e default priority # class to 1:26 so unmarked packets (or packets marked with # unfamiliar IDs) will be defaulted to the lowest priority # class. tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26 # add MYSHAPER-OUT chain to the mangle table in iptables - this sets up the tab le we'll use # to filter and mark packe ts. iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT # add fwmark entries to classify different types of traffic - Set fwmark from 2 0-26 according to # desired class. 20 is highest prio. iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 0:1024 -j MARK --set-mark 23 # Default for low port traffic iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 0:1024 -j MARK --set-mark 23 # "" iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 20 -j MARK --set-mark 26 # ftp-data port, low prio iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 5190 -j MARK --set-mark 23 # aol instant messenger iptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20 # ICMP (ping) - high prio, impress friends iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --set-mark 21 # DNS name resolution (small packets) iptables -t mangle -A MYSHAPER-OUT -p tcp --dport ssh -j MARK --set-mark 22 # secure shell iptables -t mangle -A MYSHAPER-OUT -p tcp --sport ssh -j MARK --set-mark 22 # secure shell iptables -t mangle -A MYSHAPER-OUT -p tcp --dport telnet -j MARK --set-mark 22 # telnet (ew...) iptables -t mangle -A MYSHAPER-OUT -p tcp --sport telnet -j MARK --set-mark 22 # telnet (ew...) iptables -t mangle -A MYSHAPER-OUT -p ipv6-crypt -j MARK --set-mark 24 # IPSec - we don't know what the payload is though... iptables -t mangle -A MYSHAPER-OUT -p tcp --sport http -j MARK --set-mark 25 # Local web server iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK --set- mark 21 # small packets (probably just ACKs) iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26 # redundant- mark any unmarked packets as 26 (low prio) # Done with outbound shaping # #################################################### echo "Outbound shaping added to $DEV. Rate: ${RATEUP}Kbit/sec." # uncomment following line if you only want upstream shaping. # exit #################################################### # # Inbound Shaping (limits total bandwidth to RATEDN) # make sure imq module is loaded modprobe imq numdevs=1 ip link set imq0 up # add qdisc - default low-prio class 1:21 tc qdisc add dev imq0 handle 1: root htb default 21 # add main rate limit classes tc class add dev imq0 parent 1: classid 1:1 htb rate ${RATEDN}kbit # add leaf classes - TCP traffic in 21, non TCP traffic in 20 # tc class add dev imq0 parent 1:1 classid 1:20 htb rate $[$RATEDN/2]kbit ceil ${ RATEDN}kbit prio 0 tc class add dev imq0 parent 1:1 classid 1:21 htb rate $[$RATEDN/2]kbit ceil ${ RATEDN}kbit prio 1 # attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ in sures that # within each class connections will be treated (almost) fairly. tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev imq0 parent 1:21 handle 21: red limit 1000000 min 5000 max 100 000 avpkt 1000 burst 50 # filter traffic into classes by fwmark - here we direct traffic into priority class according to # the fwmark set on the packet (we set fwmark with iptables # later). Note that above we've set th e default priority # class to 1:26 so unmarked packets (or packets marked with # unfamiliar IDs) will be defaulted to the lowest priority # class. tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21 # add MYSHAPER-IN chain to the mangle table in iptables - this sets up the tabl e we'll use # to filter and mark pa ckets. iptables -t mangle -N MYSHAPER-IN iptables -t mangle -I PREROUTING -i $DEV -j MYSHAPER-IN # add fwmark entries to classify different types of traffic - Set fwmark from 2 0-26 according to # desired class. 20 is highest prio. iptables -t mangle -A MYSHAPER-IN -p ! tcp -j MARK --set-mark 20 # Set non-tcp packets to highest priority iptables -t mangle -A MYSHAPER-IN -p tcp -m length --length :64 -j MARK --set-m ark 20 # short TCP packets are probably ACKs iptables -t mangle -A MYSHAPER-IN -p tcp --dport ssh -j MARK --set-mark 20 # secure shell iptables -t mangle -A MYSHAPER-IN -p tcp --sport ssh -j MARK --set-mark 20 # secure shell iptables -t mangle -A MYSHAPER-IN -p tcp --dport telnet -j MARK --set-mark 20 # telnet (ew...) iptables -t mangle -A MYSHAPER-IN -p tcp --sport telnet -j MARK --set-mark 20 # telnet (ew...) iptables -t mangle -A MYSHAPER-IN -m mark --mark 0 -j MARK --set-mark 21 # redundant- mark any unmarked packets as 26 (low prio) # finally, instruct these packets to go through the imq0 we set up above iptables -t mangle -A MYSHAPER-IN -j IMQ # Done with inbound shaping # #################################################### echo "Inbound shaping added to $DEV. Rate: ${RATEDN}Kbit/sec." ______________________________________________________________ 5. ´ú¸Õ ³Ì²³æªº¤èªk¬O¥Î low-priority ªº³q°T¨Ïupstream¹¡©M.³o¨Ì¾Ú±zªº¯Å§O³]©w. ¤ñ¦p,±Nping©Mtelnet³q°T³]©w¬°³ÌÀu¥ý¯Å§O(lower fwmark). ¦pªG±zÅýFTP¤W¸ü ¹¡©M upstream ªº±a¼e, ±z¥unÃö¤ßping©¹¹h¹Dªº®É¶¡(on the other side of the DSL line) ¼W¥[¤@¨Ç¼Æ¶q¦P¨S¦³¶¤¦Cªº±¡ªp¬Û¤ñ¸û.Ping ªº¤ÏÀ³¦b 100ms ¥H¤U(¨Ì¾Ú±zªº³]©w). ¦pªG¦h¥X1,2¬í ,ªí¥Ü¦³¨Ç¦a¤è¤£¹ï«l. 6. OK It Works!! Now What? ±µ¤U¨Ó, ±µ¤U¨Ó´N¨Ï¥X±z¯à·Q±o¨ìªº¦UºØªá©Û¨Ó"¨É¨ü"¥¦±a¨Óªº¦n³B§a! Now that you've successfully started to manage your bandwidth, you should start thinking of ways to use it. After all, you're probably paying for it! * Use a Gnutella client and SHARE YOUR FILES without adversely affecting your network performance * Run a web server without having web page hits slow you down in Quake References 1. http://www.tldp.org/ 2. http://jared.sonicspike.net/mailman/listinfo/adsl-qos 3. http://luxik.cdi.cz/~devik/qos/htb/ 4. http://luxik.cdi.cz/~patrick/imq/ 5. http://www.lartc.org/ 6. http://www.lartc.org/