My internet connection goes like this:
Internet <-128kbps link-> Cisco Router (Public IP) <-LAN-> Linux router/server (Public IP) <-LAN-> Regular PCs (Public IPs)
The Cisco router:
- the first Public IP allocated to my
institution (/29) - is programmed to send all packets
through the Linux router
The Linux router
- The second Public IP allocated to my
institution - is programmed to forward packets
between the regular PCs and the Cisco
router - act as a server too (mail, web, etc.)
The regular PCs (4 of them):
- The rest of the Public IPs
- use the Linux router as the gateway
I enabled the iptables packet logging on the Linux router and sometimes and I find out that:
- Some packets are big, bigger than
20KB. Is that normal? (yes, it is normal. These are not packets, these are IP datagrams as Some Guy kindly explained) - Too many times the transmitted data
(out to the internet) was bigger than
16KB. For example in a particular
second 10572 bytes went in (no
problem), 63521 bytes went out (to
the Cisco router). It would take 4
seconds at least to send that 64KB
through the 128kbps link. Meanwhile
the Linux router is sending more data
to the Cisco router, clogging its
buffers. Not good.
Now, how can I configure the Linux router to shape traffic in a way that:
- Keep transmission speed to the max
when the traffic is between these
regular PCs and the Linux server. - Slow down traffic to the outside
world to avoid clogging the “out”
line, using all (or almost all) the
bandwidth available (128 kbps). No
more “>16KB out seconds” on the
trace. - Guarantee 24kbps out to each regular
PC, 24 kbps to the Linux server at
any time. (8bkps left for overhead
if necessary). IOW, 5 (pseudo)
“bands”, 24kbps each one. - In case there is any PC not using
its full band, fairly share the idle
bandwidth among the rest of the
transmitting PCs - Give priority to certain packets
(DNS lookups, control packets), take
priority away from others
(torrent!!!), INSIDE each band, and
not affecting other bands.
I have already marked (using IP tables –set-xmark option) each outgoing packet for each PC:
- Linux router to the outside world,
high prio - Linux router to the outside world,
normal prio - Linux router to the outside world,
low prio - First regular PC to the outside
world, high prio
… And so on.
Each incoming packet is also marked using this scheme starting from 16.
I’m sorry for this long question, but I have given up to set this up using the tc command, there is too little documentation about traffic shaping and I don’t know where to go next.
Best Answer
Assuming eth0 is a 100mbit Ethernet connection to the Cisco Router, it should be something like this (Isn’t it?):
Would get me something like this:
And for each band:
And so on.
The rules should be like this
and so on.
Any suggestion, comments, etc? (I have no experience in the field)