Control posts in the series of Banda with HTB-Tools
- Control of Banda uncomplicated with HTB Tools
- HTB-Tools: practical examples of configuration
Originally published in http://wasare.net on 19/01/2007
The HTB-Tools is an excellent tool to aid in setting up the HTB (Hierarchical Token Bucket) for limiting use of bandwidth. As the first article on the HTB-Tools explaining the use of the tool has generated many queries and concerns of readers decided write a small supplement. Now I will give more concrete examples of specific configurations for everyday use.
IF you do not know WHAT HTB HTB-TOOLS OR FIRST READ THE ARTICLE BEFORE!
THE EXAMPLE BELOW IS A for illustrative purposes!
1. Download and Upload with different rates
Following the example of the article we assume that the customer should have the same rate of download example, but that the upload would be limited to half or 96kbps and 128kbps for upload, and guaranteed maximum, respectively.
Assuming that your LAN is the same interface eth0 we will monitor the upload / download the file creating / etc/htb/eth0-qos.cfg with the following contents:
eth1-class WAN ( bandwidth 100,000; 100,000 limit; burst 64; priority 1; WAN client ( bandwidth 100,000; 100,000 limit; burst 64; priority 1; dst (XXXX / X # ip / mask your network's WAN ); (XXXX src / X # ip / mask your network's WAN ); ); ); eth1-WAN-class customer ( bandwidth 360; limit 360; burst 8; priority 1; (client DEDICADO_1 bandwidth 360; limit 360; burst 8; priority 1; (0.0.0.0 src / 0;); dst (0.0.0.0 / 0;); ); ); default (bandwidth class 8;);
Understanding: Inside the file eth1-qos.cfg we have two special classes: eth1-WAN (WAN client) and eth1-WAN-client (DEDICADO_1 client). The class-eth1 WAN provides a limit of 100,000 kbps for traffic to its own network (src and dst). The other class eth1-WAN-client will restrict traffic to the "outside world" in both 360kbps for download (STDs) and to upload (src). What should be noticed is that the class-eth1 WAN gives priority and releases its network to any speed WAN traffic while eth1-class WAN-client limit all the rest to 360kbps. The problem occurs when you have seen on the LAN clients competing with each other and even by 360kpbs. This case is dealt with then.
2. Sharing connection to a fixed rate
A common case that can happen is you have a good connection and a customer wants a link with more dedicated server itself. Assuming you have a link to 1Mbps and the client engages 360kbps that must be shared through a client's own server (a Pentium 100 already serving). Let's consider that the interface is the WAN and LAN eth1 to eth0. On the LAN will not need any limitation, however for the WAN interface (eth1) created the following configuration file - / etc/htb/eth1-qos.cfg:
eth1-class WAN ( bandwidth 100,000; 100,000 limit; burst 64; priority 1; WAN client ( bandwidth 100,000; 100,000 limit; burst 64; priority 1; dst ( XXXX / X # ip / mask your network's WAN ); src ( XXXX / X # ip / mask your network's WAN ); ); ); Eth1-WAN-class customer ( bandwidth 360; limit 360; burst 8; priority 1; (client DEDICADO_1 bandwidth 360; limit 360; burst 8; priority 1; src ( 0.0.0.0 / 0; ); dst ( 0.0.0.0 / 0; ); ); ); ; } ; default (class bandwidth 8;);
Understanding: Inside the file eth1-qos.cfg we have two special classes: eth1-WAN (WAN client) and eth1-WAN-client (client DEDICADO_1). The class-eth1 WAN provides a limit of 100,000 kbps for traffic to its own network (src and dst). The other class eth1-WAN-client will restrict traffic to the "outside world" in both 360kbps for download (STDs) and to upload (src). This should be noted is that the class-WAN eth1 gives priority and releases its network to any speed WAN traffic while eth1-class WAN-client limit all the rest to 360kbps. The problem occurs when you have seen on the LAN clients competing with each other and even by 360kpbs. This case is dealt with then.
3. Limiting the only connections to the Internet
A case often is a gateway as we have in our network as well as share the Internet provides users of our WAN / LAN other services such as file server, FTP, etc.. If restrict traffic in accordance with the first example we control the use of the Internet link, however all other services provided by the gateway will also be "strangled", made using the network unbearable! What do you do? The second example can solve our problem in part because it limits the overall traffic only for external connections (WAN) connections and the LAN flow freely. On the other hand if we have any service running by next External / WAN and to be used from other external network will be limited to 360kbps. To resolve this problem two alternatives: 1st include the networks of where the services are accessed in the "client WAN" eth1-class WAN (example 2) or 2nd limit the traffic starting from the LAN interface (eth0), without limiting the traffic Internal. The first alternative can become a little inconvenient if customers / users outside access to various networks. The second solution is the most usual for most cases. So let's get the WAN (eth1) with the traffic and we released the control of bandwidth for LAN (eth0), we must create the following file / etc/htb/eth0-qos.cfg:
eth0-class LAN ( bandwidth 100,000; 100,000 limit; burst 32; priority 1; client LAN-LAN ( bandwidth 100,000; 100,000 limit; burst 32; priority 1; src ( XXXX / X # ip / mask your network's WAN ; # ip/máscara da sua rede LAN 192.168.0.0 / 24; # ip / mask of your LAN network ); dst ( XXXX / X # ip / mask your network's WAN ; # ip/máscara da sua rede LAN 192.168.0.0 / 24; # ip / mask of your LAN network ); ); LAN0 client-WAN ( bandwidth 360; limit 360; burst 8; priority 1; dst ( 0.0.0.0 / 0; ); src ( 0.0.0.0 / 0; ); ); ); ; } ; (Class default bandwidth 8;);
Understanding: Where the target or the source of traffic for our own network we have a rate of 100.000kbps. For all other destinations and origins (0.0.0.0 / 0) are limiting the traffic to 360kbps.
4. Conclusion
The dual-Tools HTB HTB and give joy to any network administrator! @;)
![[FSF Associate Member]](http://tutolivre.net/midia/fsf-6487.png "[FSF Associate Member]"){kind=small}
11 Comments
Friend wanted his help ... I have a link to full Internet dedicated to 1mb and must take this link and split into two portfolios:
512K for a VoIP server with features below:
IP 10.0.1.4
interface eth0
and the remainder for the entire network.
recalling that use a server with debian etch 4.0 installed + + iptables squid that has the network settings:
eth0 internal network: 10.0.1.254
eth1 wan Embratel: 200.254.xx
if you can help me I would be very grateful.
Fernando,
what is the difficulty? failed to install the HTB-tools? or did not understand the text?
to doing a job on control of band where I quote the HTB Tools. One question:
"He controls only band to link with the Internet and can also control bandwidth on the LAN, type a user can not send much data and overloading the router to your internal network?
Grateful.
ANDRE,
works exactly as I explained in the article. He controls the traffic regardless of origin and destination, according to the settings implemented. This article on practical examples I was just trying to get clarification on some points of the control band. One thing in all this is fact: the limit is more efficient (work) to download and must always be done at the interface where the traffic is generated.
wasare, tells me something. In the latter type of configuration exposed here when you put "XXXX / X # ip / mask its WAN network" is talking the gateway where a modem or routed the ip hot?
rogério,
This IP is the plate of the machine where is the control of bandwidth. Is this the IP WAN interface.
Exactly what I thought. Thank you, congratulations on this tutorial and a little sorry the question obvious. A hug
Hello,
I want a better explanation for this>>>>
must always be done at the interface where the traffic is generated.
I was a little confused ...
Thank you,
Mauricio,
The control should always be applied to the interface where the traffic is originated, for example your LAN is on eth0 and origin of the downloads are clients of the LAN then the rules must be made for eth0 considering their customers as dst (Distin) and goes to upload their customers are the src (source, source) of traffic.
Indeed the phrase may have been really confusing. The right would say that the control should be applied at the interface where your network (logic) is connected, that is the interface that is part of the network where you want to control the traffic. The ideal is to observe good examples for improving understanding.
wasare,
In my case, I have two different scenarios, see if you can help me.
Case 1 - Firewall office:
In this firewall got 3 network cards, two are links to the providers and one is my LAN, see:
Net Virtua eth0 Link (1 IP public at 12Mbits - default gateway)
eth1 link LAN (IP 10.2.20.0/24 with 100Mbits)
eth2 link Embratel (8 IP in public 1Mbit)
I have no schedule LoadBalance links with the two.
The default gateway is always the Virtua eth0, the LP's Embratel has only static routes for some networks via one interface, but when the Net (eth0) is off the air, I manually change the default gateway for eth2.
My question is how to correctly adjust the QoS in eth1 (Download customers) and I have two links with different providers? And also how to adjust the upload this case ... a class for each provider? Where in the Settings eth1?
Case 2 - Firewall in DataCenter:
This firewall has 3 network cards, but two are internal and a link with the DataCenter. A peculiarity of this case is that of an internal interfaces has hot networks (public IP) routed to it, and other internal interface with the networks only cold (IP 192,168, 172.16 ...). See:
eth0 Link DataCenter (8 IP public with 10MB / s default gw)
Hot eth1 LAN (IP public 200.123.xy GigaLAN, is the network gateway firewall hot ago)
Cold eth2 LAN (IP 192.168.1.1 GigaLAN invalid, is the gateway of the network behind the firewall cold)
In this case, setting up QoS correctly? Limiting only when it comes to download from the Internet, for example, does not want to limit the traffic between the interfaces eth1 eth2, only eth0 -> ETH [1 | 2] ... In the firewall also have Proxy, but I already saw it as no-limit so in the QoS in your article.
I will also have aliases of interfaces, for example, in eth1: 0 I will have another network, 200.124.xy/26, and eth2: 0 192.168.2.0/24, which of course I will also restrict them in the HTB.
I appreciate any light!
My congratulations by the article, here was the only place where I found the solution "Limiting the only connections to the Internet! Yes, firewalls have always my services and they also were limited by QoS, despite the network be 100Mbits on the LAN ...
Thank you,
Thiago
Thiago,
You have an unusual arrangement and, to my examples. I particularly never need any more planned setup like yours. In practice settings in ethX-qos.cfg will affect the networks / IP that are in the interface ethX. In fact I do not know for sure if the HTB-tools would be sufficient in this case, or if the use of native commands for manipulating the HTB necessary.
Sorry can not help more.
Submit a Comment