Stardotstar's Combat Survival for Geeks

Here is information I posted from my configuration in Iraq.  The Traffic Control script is intended to split the internet bandwidth 'fairly'.  In this case, this means that all voice/video/text chat is favored over surfing and downloads and that the bandwidth available to each person depends on how many people are using the system.  Additionally, there is an effort to minimize the satellite lag by throttling our bandwidth.

SugarBearNet is our satellite network here in Iraq. We have over 50 people splitting a connection from Bently Walker. We are currently at 2Mbit down and 512k up. We have a 1.8m dish.

Papabear is now the wireless router. Its a DELL desktop running Gentoo 2.6.12 r1.

Littlebear is now the wired router. It is a VIA EPIA 6000CL running Gentoo 2.6.11 r9.

Traffic Control Config

Here is my script. I’d like to give credit to just about everyone else who has posted a script. I’ve probably looked at it and used an idea or some lines of code. Here is mine. I’d like to thank Andy Furniss of the LARTC specifically. Eventually I will post links to my main resources. I tried to get IMQ working, but I head my head up my ass with multiple iptables executables in the search path, so I gave up and went with a ‘dual egress’ plan. I haven’t had time to actually watch it work, but I’ll post my results. To watch it work, I up the allowed bandwidth. Then watch the traffic using iftop, and then throttle the bandwidth and watch the speeds slow down in iftop.


#!/bin/bash
#TC script for the sugarbearnet
#by Edward R Smith www.stardotstar.org
#started clearing the mangle table on each run.
#v0.64 Simplification second try.
#v0.63 Simplification that failed miserably
#v0.61 4 Jul 05 switched to both direction egress shaping instead of IMQ
#v0.6 1 Jul 05 Added IMQ to shape ingress traffic
#v0.5 1 Jul 05 no changelog prior to this ver
#all rates in kbits

#UPSTREAM DATA
#Up in this script means 'to the isp'
UPCEIL=400
UPDEV=eth0

#DOWNSTREAM
#Down in this script means 'from the isp' Its a misnomer really since
#one connection is UP/DOWN duplex, but for shaping, data from the ISP
#gets shaped on the connection to the LAN.

DOWNCEIL=2000
DOWNDEV=eth1

#PERCLIENT NUMBERS
CLIENT_UP_CEIL=150 #pretty generous
CLIENT_UP_RATE=20 #bare minimum
CLIENT_UP_QUANTUM=2000

CLIENT_DOWN_RATE=10
CLIENT_DOWN_CEIL=1000
CLIENT_DOWN_R2Q=5 #20/5 gives 4k
CLIENT_DOWN_QUANTUM=5000

if [ "$1" = "status" ]
then
tc -s qdisc ls dev $UPDEV
tc -s class ls dev $UPDEV
tc -s qdisc ls dev $DOWNDEV
tc -s class ls dev $DOWNDEV
exit
fi

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $UPDEV root 2> /dev/null > /dev/null
tc qdisc del dev $DOWNDEV root 2> /dev/null > /dev/null
iptables -t mangle -F

if [ "$1" = "stop" ]
then
exit
fi

#CREATE TC TREE
tc qdisc add dev ${UPDEV} root handle 1: htb default 100
tc qdisc add dev ${DOWNDEV} root handle 4: htb default 400

tc class add dev ${UPDEV} parent 1: classid 1:1 htb rate ${UPCEIL}kbit ceil ${UPCEIL}kbit
tc class add dev ${DOWNDEV} parent 4: classid 4:1 htb rate ${DOWNCEIL}kbit ceil ${DOWNCEIL}kbit

#1:100 This is the default set of classes (1:100+1:9xxx) traffic that has no special priority winds up here
#All machines not in /etc/ethers will fall into 1:100, all /etc/ethers machines get a 1000 series class.
tc class add dev ${UPDEV} parent 1:1 classid 1:100 htb rate ${CLIENT_UP_RATE}kbit ceil ${CLIENT_UP_CEIL}kbit burst 6k quantum ${CLIENT_UP_QUANTUM}

#Now create a seperate class for each user
#this assumes that you want to use /etc/ethers
#and that it has valid ips in column 2
#a smart change would be regex validation as
#well as naming the class after the last 4 in the IP

nextclass=1000
for clientip in `cat /etc/ethers | awk '{ print $2 }'`;
do
tc class add dev ${UPDEV} parent 1:1 classid 1:${nextclass} htb rate ${CLIENT_UP_RATE}kbit ceil ${CLIENT_UP_CEIL}kbit quantum ${CLIENT_UP_QUANTUM}
iptables -A POSTROUTING -t mangle -o ${UPDEV} -s ${clientip} \
-j CLASSIFY --set-class 1:${nextclass}

echo "${clientip} got classid ${nextclass}"

tc qdisc add dev ${UPDEV} parent 1:${nextclass} handle ${nextclass}: sfq perturb 10
((nextclass++))
done

#1:10 REAL MINIMIZE DELAY--PINGS ACKS, SYNS
tc class add dev ${UPDEV} parent 1: classid 1:10 htb rate 80kbit ceil 80kbit burst 3k

#rules below from edseek.com/~jasonb/articles/traffic_shaping/scenarios.html
iptables -A POSTROUTING -t mangle -o ${UPDEV} \
--protocol icmp \
-j CLASSIFY --set-class 1:10
iptables -A POSTROUTING -t mangle -o ${UPDEV} \
--protocol tcp -m tcp --tcp-flags ! SYN,RST,ACK ACK \
-j CLASSIFY --set-class 1:10
iptables -A POSTROUTING -t mangle -o ${UPDEV} \
--protocol tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m length --length :128 \
-j CLASSIFY --set-class 1:10

tc qdisc add dev ${UPDEV} parent 1:10 handle 10: bfifo limit 15000

#INGRESS

#default class
tc class add dev ${DOWNDEV} parent 4:1 classid 4:400 htb rate ${CLIENT_DOWN_RATE}kbit ceil ${CLIENT_DOWN_CEIL}kbit quantum ${CLIENT_DOWN_QUANTUM}
tc qdisc add dev ${DOWNDEV} parent 4:400 handle 400: sfq perturb 10

nextclass=4000
for clientip in `cat /etc/ethers | awk '{ print $2 }'`;
do
tc class add dev ${DOWNDEV} parent 4:1 classid 4:${nextclass} htb rate ${CLIENT_DOWN_RATE}kbit ceil ${CLIENT_DOWN_CEIL}kbit quantum ${CLIENT_DOWN_QUANTUM}

iptables -A POSTROUTING -t mangle -o ${DOWNDEV} -d ${clientip} \
-j CLASSIFY --set-class 4:${nextclass}

echo "${clientip} got classid ${nextclass}"

tc qdisc add dev ${DOWNDEV} parent 4:${nextclass} handle ${nextclass}: sfq perturb 10
((nextclass++))
done