SKFREE

StarOS™ Podpora - CBQ a StarOS

Mich(at)l - 25.09.2005 - 16:09
Post subject: CBQ a StarOS
zakladam novy thread--- lebo v niektorych threadoch sa sponina CBQ.
Pre cbq by bol potrebny zvlastny manual... a kedze v manualy k StarOS sa o nom nezmienuje(len okrajovo), tak zakladam tento thread.

a hned mam aj prvu otazku...(problem?)

potreboval by som qotovanie nastavit takto:
**************************************************
scenar1:
je pat uzivatelov
maju 1024kbps do/512kbps up linku
garant rychlost napr. 33kbps do/ 16kbps up
max. rychlost neobmedzene

tj. pri pripojeny 1uziv.= vyuziva celu ruru
ked sa pripoji druhy uziv. = delia sa o nu na 1/2
ked sa pripoja vsetci uziv. = delia sa o nu na 1/5

to ze sa delia presnym dielom je dolezite.... nie ze niekto sa pripoji vycucne celu linku a ostatnym ostanu len ich garanty...
**************************************************
scenar2:
je X uzivatelov
maju 1024kbps do/512kbps up linku

prvy("pausal64") garant rychlost napr. 66kbps do/ 32kbps up
druhy("pausal128") garant rychlost napr. 33kbps do/ 16kbps up
treti("pausal512") garant rychlost napr. 6,6kbps do/ 8kbps up
max. rychlost neobmedzene ale zavisi od toho kto ma aky vysoky program

tj. pri pripojeny 1uziv64.= vyuziva celu ruru
ked sa pripoji druhy uziv64. = delia sa o nu na 1/2
ale ked sa pripoji treti uziv 128= tak sa delia:
50% tretiemu, 25% prvemu,25%druhemu

ak sa pripoji stvrty uziv.128 = tak sa delia:
33%tretiemu, 33%stvrtemu, 16,5% prvemu, 16,5%druhemu
--az do vtedy pokial nepridu az na garant

da sa to vypočcitat podla vzorca:
R1+R2+...+Rn/Rmax=X

Rc/X=Y

kde:
najvyssi pausal=128
stredny pausal= 64
najnizsi pausal= 32
pomer rychlosti= 4:2:1
R1,R2 až Rn= su rychlosti pouzivatelov pripojenych v danej chvili
Rmax= rychlost pouzivatela s najvyssou pripojovacou rychlostou, pripojeneho v danej chvili.
Rc= celkova sirka kanala (1024)
Y= rychlost pre pouzivatelov s najvyssim pausalom pripojenych v danej chvili

ostatne rychlosti sa dopocitavaju stylom:
ak je Rmax =128
potom pausal 64 bude mat rychlost Y/2
a pausal 32 bude mat rychlost Y/4

v podstateje prepocitavenie rychlosti je urobene tak aby pomery rychlosti medzi jednotlivimi pausalmy ostali nezmene.


ohaldom tohoto scenaram mam otazku ako sa zachova CBQ ak je uz tolko uzivatelov ze kanal je uz 100% vytazeny(a vsetci maju uz len minimalnu garantovanu rychlost) a pripoji sa este dalsi uzivatel ktory ma tiez nejaky garant??
**************************************************
dakujem za rady urcite pomozu nielen mne....

PS: to MGX myslim ze taketo scenare by si mohol dat aj do manualu...myslim ze su vyuzitelne...
5gigac - 25.09.2005 - 21:36
Post subject:
si to riadne prekombinoval Laughing ak sa ti tam pripoji 100ludi naraz, vsetci sa podelia bez ohladu ako to mas nastavene, proste bude mala linka pre vsetkych tak sa to podeli
Mich(at)l - 25.09.2005 - 21:40
Post subject:
to 5gigac: ako prekombinoval, podla mna je to dost standartne...uplne normalne...
upozornujem tie cisla som si vymyslel(sak ak si vsimnete tak v jednom a v druhom scenary nemusia sediet...resp. v prvej a druhej casti druheho scenara)
inak dik za pomoc toto by ma bez teba asi ani nenapadlo...
Mich(at)l - 26.09.2005 - 18:22
Post subject:
to mi nikto nevie poradit????
mgx - 27.09.2005 - 10:58
Post subject: neboj
ahoj, urcite ti napisem ten config, len ti tu nechcem pisat teraz blbosti Smile.

Vcera mi odisiel notebookovy HDD (nastastie som si spravil backup v piatok), takze sa davam dokopy. Konfigy ti tento tyzden skusim napisat (pre tvoje scenare) aj to zahrnut do manualu.

Milan
Mich(at)l - 27.09.2005 - 18:04
Post subject:
OK, takyto support ako sa tu pre StarOS vytvara sa mi paci...

ale ak niekto mozete s cistym svedomim povedat ze take cqb ako som popisal a "porovnicoval"Smile ... je zleee... tak kludne napiste svoj nazor, lebo mne osobne velmy vyhovuje.

MGX dik...
Mich(at)l - 27.09.2005 - 22:07
Post subject:
prepacte, bol preklep v subjecte uz som ho opravil
mgx - 28.09.2005 - 21:17
Post subject:
slubeny dodatok (casom to hodim aj do manualu, len tam musim este podopisovat daco).

Bandwith Management – nastavenie rýchlosti pre používateľov

Pre prevádzkovanie wireless sietí je veľmi dôležitý tzv. Bandwidth Management - riadenie rýchlosti toku dát. Aj keď súčasné najmodernejšie WiFi siete 803.11g majú šírku pásma teoreticky 54Mb/s, je to menej ako polovica oproti rýchlemu ethernetu Fast100Mb. Ethernet ako protokol umožnuje len spoločný prístup k zdieľanému médiu, tzn. že všetci uživatelia majú "rovnakú" prenosovú rýchlosť a rovnakú "prioritu", čo je však dnes v rozpore s požiadavkami na služby moderných komunikačných sietí, umožnujúcich prenos nielen dát, ale aj hlasu a videa v reálnom čase. Jeden používateľ je preto schopný zahltiť sieť takým spôsobom, že obmedzuje všetkých ostatných používateľov, preto je nutné zaviesť bandwith management skoro na každej WiFi sieti.

Služba Bandwith management tvorí jednu z najdôležitejších služieb pre podporu kvality siete, ktoré označujeme ako QoS = Quality of Service. Linuxové jadro 2.4.x v súčasnosti podporuje viac typov "bandwith managementu", najčastejšie pomocou úpravy kernelu a definície určitých tried a front, do ktorých klienti patria a podľa ktorých im potom jadro alebo OS prideľuje danú prenosovú rýchlosť a kapacitu. StarOS 2.x podporuje bandwith management typu CBQ (Class-Based Queueing).

Podrobné informácie o CBQ: http://www.icir.org/floyd/cbq.html

StarOS podporuje jazyk CBQ verzie 1.2 s nasledujúcimi príkazmi. Rýchlosti sa udávajú v celých číslach s príponou K alebo M (kilo, mega).

# Class Based Queuing language v1.2
#
# Syntax of commands:
#
#
# device <device> bw <speed>
# definuje maximálnu priepustnosť daného zariadenia
#
#
# pipe <pipe_no> bw <pipe_speed> [parent <pipe_no>]
# vytvorí rúru s danou rýchlosťou
#
#
# shape {all|tcp|udp} to pipe <pipe_no> from
# {any|ip[{/bits|:mask}]} [sport] to
# {any|ip[{/bits|:mask}]} [dport] out via <device>
# Tento príkaz zabezpečí, aby dáta, ktoré vyhovujú danej podmienke boli
# smerované do danej rúry
#
# Pre tých, ktorí chcú len nastaviť rýchlosť downloadu a uploadu pre svojich
# klientov, môžu použiť nasledujúce 2 príklady:
#
# bi-pipe [ignored] <bi-pipe_no> bw <rx_speed> <tx_speed> [parent <bi-pipe_no>]
#
# qshape [ignored] <bi-pipe_no> [bw <rx_speed> <tx_speed>]
# {any|ip[{/bits|:mask}]} on <dev_with_client>
#


Príklady z praxe CBQ

Zvyknite si používať aliasy, napr. pre interfaces. Aliasy výrazne zvyšujú prehľadnosť a použiteľnosť Vašich skriptov.

Definujme si napr. Alias net pre ethernet kartu pripojenú do siete ISP a wlan1 pre wifi kartu (v režime AP), ku ktorej sa pripájajú naši ťažko platiaci zákazníci Smile

# definujme si aliasy
#
client = wlan1
net = ether1

Ku hodnotám aliasov potom pristupujeme pomocou znaku dolár, za ktorým nasleduje meno aliasu (napr. $client).

Komentáre v skripte začínajú znakom mriežka (#) a sú do konca riadku ignorované.

Príklad komentára:

# toto je komentar


Získali sme prvého zákazníka (joe1) a chceme mu prideliť rýchlosť 128kb pre download a 64kb pre upload. Zákazníkovi sme pridelili IP 192.168.10.1, pripája sa na wifi rozhranie označené ako $client, čo je alias na wlan1.

#priklad 1
# Shape a client IP of 192.168.10.1 to 128k download, and 56k upload

qshape joe-user 100 bw 128k 56k 192.168.10.1 on $client

# koniec prikladu 1

Lacno ste nakúpili napr. ADSL linku s 512K downloadom a 128K uploadom a chcete ju “rozdeliť” medzi Vašich nových klientov.

Pzn. ADSL linka nie je symetrická a často ani garantovaná, takže takéto pokusy veľmi nedoporučujeme, ak nechcete aby Vás Vaši klienti naháňali po meste s vidlami. Investujte do pripojenia s garantovanými parametrami Smile

# priklad cislo 2 – zdielanie rychlosti (ADSL)
# vytvorime hlavnu ruru (100) s parametrami nasej linky ku providerovi (ADSL)
#
# linka ku providerovi (ADSL)

bi-pipe 100 bw 512k 128k

# urobime si alias pre download 128kb, upload 56kb ktory bude patriť do rury čislo 100 (ADSL)

128k_56k = "bw 128k 56k parent 100"
# a pridelime rychlost jednotlivym uzivatelom

qshape joe-user1 101 $128k_56k 192.168.10.1 on $client
qshape joe-user2 102 $128k_56k 192.168.10.2 on $client
qshape joe-user3 103 $128k_56k 192.168.10.3 on $client
qshape joe-user4 104 $128k_56k 192.168.10.4 on $client
qshape joe-user5 105 $128k_56k 192.168.10.5 on $client
qshape joe-user6 106 $128k_56k 192.168.10.6 on $client
qshape joe-user7 107 $128k_56k 192.168.10.7 on $client
# koniec prikladu 2

Samozrejme, môžeme aj ďalších používateľov pripojiť už k existujúcej rúre, napr. Pod rúru číslo 104 dáme pomalého janka.

## tento uzivatel bude zdielat rychlost s uzivatelom joe-user4
qshape pomaly-janko 108 bw 56k 56k parent 104 192.168.10.8 on $client

Každý z týchto používateľov bude mať minimálne garantovanú rýchlosť 128K/56K (okrem pomaleho janka) a ich rýchlosť nikdy neprekročí 512K/128K.
Samozrejme, ak by začali surfovať všetci naraz, ich rýchlosť by bola 512/pocet_naraz_surfujucich. Skrátka, kde nič nie je, ani čert neberie Smile.

Nasleduje konfigurácia pre Vačšieho providera Smile, ktorým sa určite čoskoro stanete:

# definujeme aliasy pre každé rozhranie (predpokladajme ETHERNET)
net = ether1
client = ether4

mail = 50
pipe $mail bw 128K

str = 40
pipe $str bw 100M

# SMTP – odosielanie emailov
shape tcp to pipe $mail from 192.168.1.0/24 to any 25 out via $net
shape tcp to pipe $mail from any to 192.168.1.0/24 25 in via $net

# POP3 – citanie emailov na porte 110
shape tcp to pipe $mail from 192.168.1.0/24 to any 110 out via $net
shape tcp to pipe $mail from any to 192.168.1.0/24 110 in via $net

shape tcp to pipe $mail from 192.168.113.0/24 to any 110 out via $net
shape tcp to pipe $mail from any to 192.168.113.0/24 110 in via $net

shape tcp to pipe $mail from 192.168.114.0/24 to any 110 out via $net
shape tcp to pipe $mail from any to 192.168.114.0/24 110 in via $net

# ziskajme udaje o prenose dat z nasho FTP servera (192.168.1.79)
shape tcp to pipe $str from 192.168.1.79 to any out via $net
shape tcp to pipe $str from any to 192.168.1.79 in via $net

# nastavme si nejake rychlosti “programy”
proxy = 5
30K = "bw 33K 33K"
56K = "bw 70K 70K"
56Klo = "bw fb 70K fb 70K"
100K = "bw 100K 100K"
196K = "bw 150K 150K"
10K = "bw 10K 10K"
PHONE = "bw 56K 56K"
DIS = "bw 4K 4K"
SCH512 = "bw 512K 512K"
SCH256 = "bw 256K 256K"

# vysokorychlostni pouzivatelia

512K = "$56K share 80,110 pipe $proxy"
512Klo = "$56Klo share 80,110 pipe $proxy"

# zdielana proxy pipe pre vysokorychlostnych pouzivatelov

pipe $proxy bw 512K

#
# nazov_uziv. rura rychlost IP zariadenie
#
qshape johnies 101 $30K 10.10.11.245 on $client
qshape canoe 102 $30K 192.168.113.18 on $client
qshape tdeuling 103 $30K 192.168.113.149 on $client
qshape jzahn 104 $512K 192.168.113.146 on $client
qshape cmhva 105 $56Klo 192.168.113.27 on $client
qshape kendori 106 $512K 192.168.114.58 on $client
qshape dakota 107 $512K 192.168.113.156 on $client
qshape dmoore 108 $512K 192.168.113.186 on $client
qshape dloseth 109 $512Klo 192.168.114.5 on $client
qshape llarix 110 $512K 192.168.113.177 on $client
qshape acarson 111 $512K 192.168.113.30 on $client
qshape jepetrie 112 $512K 192.168.113.188 on $client
qshape dbeeson 113 $512Klo 192.168.113.185 on $client
qshape chang 114 $30K 192.168.113.148 on $client
qshape gremlin 115 $30K 192.168.113.172 on $client
qshape slocan 116 $512K 192.168.113.25 on $client
qshape starbent 117 $56K 192.168.113.152 on $client
#qshape 118 $30K 192.168.113.xxx on $client
qshape info 119 $512K 192.168.113.179 on $client
qshape library 120 $512K 192.168.113.48/28 on $client
qshape yhl 121 $512K 192.168.113.32/28 on $client
qshape nicki 122 $512K 192.168.114.60 on $client
qshape firebase 123 $512K 192.168.113.104/29 on $client
qshape village 124 $512K 192.168.1.160/28 on $client
qshape blackman 125 $56K 192.168.113.252 on $client
#qshape 126 $30K 192.168.113.xxx on $client
qshape mickelson 127 $DIS 192.168.113.173 on $client
qshape redbaron 128 $30K 192.168.113.171 on $client
qshape rlanz 129 $56K 10.10.11.231 on $client
qshape dream 130 $30K 10.10.11.253 on $client
qshape jdechka 131 $512K 192.168.113.28 on $client
qshape stremel 132 $DIS 192.168.113.190 on $client
qshape psmith 133 $30K 192.168.113.189 on $client
qshape mpseney 134 $30K 192.168.113.132 on $client

qshape cali 135 $30K 192.168.113.174 on $client
qshape ambulance 136 $56K 192.168.113.17 on $client
qshape tammyvan 137 $30K 192.168.113.159 on $client
qshape sentinel 138 $56K 192.168.113.96/29 on $client
qshape silvio 139 $512K 192.168.113.168 on $client
qshape relax 140 $30K 192.168.113.182 on $client
qshape vsc 141 $30K 192.168.113.155 on $client
qshape bodenham 142 $30K 192.168.113.158 on $client
qshape pines 143 $30K 192.168.113.180 on $client
qshape gerdar 144 $30K 192.168.113.157 on $client
qshape bartmuir 145 $30K 192.168.113.24 on $client
qshape hrblock 146 $512K 192.168.113.178 on $client
qshape neola 147 $30K 192.168.113.181 on $client
qshape mleblanc 148 $56Klo 192.168.113.170 on $client
qshape dndodin 149 $512Klo 10.10.11.246 on $client

qshape kmtf 150 $DIS 10.10.11.235 on $client

qshape margowil 151 $30K 192.168.113.26 on $client
qshape tjl 152 $30K 192.168.113.250 on $client
qshape rogde 153 $30K 192.168.113.161 on $client
qshape rogde 153 192.168.113.112/29 on $client
qshape gsmmcolm 154 $30K 192.168.113.165 on $client
qshape wbrown 155 $DIS 192.168.113.150 on $client
qshape nbarr 156 $30K 192.168.113.147 on $client
qshape threevms 157 $30K 192.168.113.23 on $client
qshape jforman 158 $30K 192.168.113.22 on $client
qshape petep 159 $30K 192.168.113.154 on $client
qshape logrwife 160 $30K 192.168.113.145 on $client
qshape swiftcrk 161 $30K 192.168.113.142 on $client
qshape mjwhite 162 $30K 192.168.113.21 on $client
qshape hotel 163 $30K 192.168.113.144 on $client
qshape felmark 164 $30K 192.168.113.20 on $client
qshape dcoder 165 $56K 192.168.114.59 on $client

qshape gholdings 166 $30K 192.168.113.76 on $client
qshape fishing 167 $30K 192.168.113.143 on $client
qshape applejen 168 $30K 192.168.113.175 on $client
qshape mikews 169 $30K 192.168.113.140 on $client
qshape holidayinn 170 $512K 192.168.113.141 on $client
qshape danegirl 171 $30K 192.168.113.19 on $client
qshape johnfam4 172 $30K 10.10.11.251 on $client
qshape gmckirdy 173 $30K 10.10.11.248 on $client
qshape jgbruce 174 $30K 192.168.114.57 on $client
qshape zenon 175 $30K 192.168.113.15 on $client
qshape kelly 176 $30K 192.168.113.138 on $client
qshape audrey 177 $512K 192.168.1.195 on ether2
qshape valesport 178 $30K 192.168.1.20 on $client
qshape mouse&bear 179 $30K 192.168.113.137 on $client
qshape banjoboy 180 $30K 192.168.113.136 on $client
qshape creda 181 $512K 192.168.113.187 on $client
qshape aclabbe 182 $56K 192.168.113.135 on $client
qshape wrsmith 183 $30K 192.168.113.140 on $client
qshape werbowsky 184 $30K 192.168.113.16 on $client
qshape headwaters 185 $30K 192.168.113.14 on $client
qshape blacky 186 $30K 192.168.113.134 on $client
qshape bisonboyko 187 $30K 192.168.113.133 on $client
qshape vegreg 188 $30K 10.10.11.254 on $client

qshape hathaway 189 $DIS 192.168.113.13 on $client

qshape gcpiper 190 $30K 10.10.11.252 on $client
qshape antoniuk 191 $30K 192.168.113.12 on $client
qshape drmartens 192 $30K 10.10.11.249 on $client
qshape michaelhab 193 $30K 192.168.113.164 on $client
qshape mail 194 $30K 10.10.11.247 on $client
qshape duke 195 $512K 10.10.253.0/24 on $client
qshape insurance 196 $512K 10.10.252.0/24 on $client
qshape iga168 197 $512K 10.10.254.0/24 on $client
qshape jin 198 $512K 10.10.11.241 on $client
qshape dyson 199 $512K 10.10.11.240 on $client
qshape roadrunner 200 $30K 10.10.11.239 on $client
qshape kandc 201 $56K 10.10.11.238 on $client
qshape dfsmith 202 $30K 10.10.11.237 on $client
qshape katerina 203 $512K 10.10.11.236 on $client
qshape lee 204 $DIS 192.168.113.169 on $client
qshape rudi 205 $30K 192.168.113.11 on $client
qshape daveauto 206 $30K 10.10.11.233 on $client
qshape sblom 207 $30K 192.168.113.10 on $client
qshape countrywide 208 $56K 10.10.11.232 on $client
qshape insurance 209 $196K 10.10.11.243 on $client

# Shared CPE and Routed subnet to same queue.
qshape duke 210 $196K 10.10.11.244 on $client
qshape duke 210 10.10.153.0/24 on $client

qshape russell 211 $196K 192.168.1.194 on ether2
qshape roxie 212 $30K 10.10.248.0/24 on $client
qshape twinpeaks 213 $56K 10.10.247.0/24 on $client
qshape canadian 214 $30K 10.10.11.229 on $client
qshape stomper 215 $30K 192.168.113.167 on $client
qshape dellmobile 216 $512Klo 10.10.13.254 on $client

# wifi zakaznici
qshape squirt 300 $30K 192.168.114.254 on $client
qshape khristopher 301 $30K 192.168.114.253 on $client
qshape iga 302 $512K 192.168.114.252 on $client
qshape bellmtn 303 $30K 192.168.114.251 on $client
qshape dsdcomputer 304 $512K 192.168.114.250 on $client
qshape wingie 305 $30K 192.168.114.249 on $client
qshape waiheki 306 $30K 192.168.114.248 on $client
qshape parlette 307 $30K 192.168.114.247 on $client
qshape seney 308 $512K 192.168.114.246 on $client
qshape squarelog 309 $30K 192.168.114.245 on $client
qshape pluta 310 $30K 192.168.114.244 on $client
qshape mgouin 311 $30K 192.168.114.243 on $client
qshape outofsquare 312 $30K 192.168.114.242 on $client
qshape mccarty 313 $30K 192.168.114.241 on $client
qshape ridenhide 314 $30K 192.168.114.240 on $client
qshape runtz 315 $30K 192.168.114.239 on $client
qshape spiders 316 $56K 192.168.114.238 on $client
qshape mcbvil 317 $100K 192.168.114.237 on $client
qshape marshbros 318 $30K 192.168.114.236 on $client
qshape sheilalewis 319 $56K 192.168.114.235 on $client
qshape nelson 320 $30K 192.168.114.234 on $client
qshape powerhouse 321 $56K 192.168.114.233 on $client
qshape trccedar 322 $30K 192.168.114.232 on $client
qshape shuwara 323 $30K 192.168.114.231 on $client
qshape mfi 324 $30K 192.168.114.230 on $client
qshape duke 325 $30K 192.168.114.229 on $client
qshape WHOTHIS 326 $30K 192.168.114.228 on $client
qshape marshall 327 $30K 192.168.114.227 on $client
qshape hickerty 328 $30K 192.168.114.226 on $client


qshape mcboffice 249 $512K 192.168.114.125 on $client
qshape testw 251 $512K 192.168.113.6 on $client
qshape tests 252 $512K 192.168.114.6 on $client

# skoly
qshape VSBT 500 $SCH256 10.10.13.66 on $client
qshape VES 501 $SCH512 10.10.13.67 on $client
qshape VSS 502 $SCH512 10.10.13.68 on $client
qshape MES 503 $SCH512 192.168.114.200 on $client
qshape MHS 504 $SCH512 192.168.114.201 on $client
qshape DUN 505 $SCH256 192.168.114.202 on $client

qshape store 698 bw fb 512K fb 512K 10.10.250.0/24 on $client

# Apcka a ine neobmedzovane zariadenia (routery)
qshape webworld 699 bw 11M 11M 192.168.113.132 on $client
qshape webworld 699 192.168.196.0/24 on $client
qshape webworld 699 192.168.113.130 on $client
qshape webworld 699 192.168.113.64 on $client
qshape webworld 699 192.168.114.1 on $client
qshape webworld 699 192.168.113.1 on $client
qshape webworld 699 192.168.1.19 on $client
qshape webworld 699 192.168.1.16 on $client
qshape webworld 699 192.168.1.10 on $client
qshape webworld 699 192.168.1.224/27 on $client
qshape webworld 699 192.168.1.0/25 on $client
qshape webworld 699 192.168.1.192/29 on $client
qshape webworld 699 192.168.1.209/28 on $client
qshape webworld 699 10.10.13.15 on $client

qshape mcbsquid 700 bw 11M 11M 192.168.114.97 on $client
qshape mcbAP1 700 192.168.114.98 on $client
qshape mcbAP 700 192.168.114.193 on $client
qshape lucilINF 700 192.168.114.196 on $client
qshape LucilAP 700 192.168.114.197 on $client
qshape mcbModems 700 192.168.114.110 on $client
qshape mcbModems 700 192.168.114.111 on $client
qshape mcbModems 700 192.168.114.112 on $client
qshape mcbModems 700 192.168.114.113 on $client
qshape mcbModems 700 192.168.114.114 on $client
qshape mcbModems 700 192.168.114.115 on $client
qshape mcbModems 700 192.168.114.116 on $client
qshape mcbModems 700 192.168.114.117 on $client

# vsetkym ostatnym, ktorych tu nemame dame 30K/30K rychlost. Aby si aspon trosku
# posurfovali
qshape Class1 800 bw 30K 30K 192.168.1.0/24 on $client
qshape Class113 800 192.168.113.0/24 on $client
qshape Class113 800 192.168.114.0/24 on $client
qshape Class11 800 10.10.11.0/24 on $client
qshape Class13 800 10.10.13.0/24 on $client
Názvy zariadení môžu byť:

ether1, ether2, ether3 = ethernetové karty
wlan1, wlan2,wlan3 = pcmcia wifi karty
wpci1,wpci2,wpci3 = PCI wifi karty

Pre definíciu VLAN tagu použite formát"device:tag_no", takže napr.
VLAN tag 67 na ether1 zapíšeme ako ether1:67

Upozornenie: Hodnoty rúr môžu byť v intervale 2-7999, a 9000-9999.
Hodnoty medzi 8000 a 8999 sú rezervované pre dynamické pridelovanie PPPoE používateľom.
Mich(at)l - 01.10.2005 - 21:40
Post subject:
MGX dakujem...normalne tomu zacinam chapat...

ak to spravne chapem tak v priklade 3

ma napr.
qshape johnies 101 $30K 10.10.11.245 on $client
rychlost:
30K = "bw 33K 33K"

kedze nad sebou nema rodica tak 33K je max. aj min.? --celkom mi to nieje jasne...-- kde si vlastne v priklade 3 zadefinujes celkovu sirku tvojej rury??

kdez to pri takejto konfiguracii:
bi-pipe 100 bw 512k 128k

128k_56k = "bw 128k 56k parent 100"

qshape joe-user1 101 $128k_56k 192.168.10.1 on $client
je to uplne jasne....
Mich(at)l - 01.10.2005 - 21:45
Post subject:
a tiez mi nieje celkom jasne ak osa delia napr. tieto routre:

qshape webworld 699 bw 11M 11M 192.168.113.132 on $client
qshape webworld 699 192.168.196.0/24 on $client
qshape webworld 699 192.168.113.130 on $client

nechapem preto lebo nikde nieje povedane co to spravy ked pouzijem tu istu ruru... v tomto pripade teda 699???
mgx - 02.10.2005 - 19:15
Post subject: odpoved
ak dana rura nema definovaneho parenta, tak podla mojich easy skusenosti s CBQ (ak mas chut, doporucujem nastudovat oficialnu dokumentacia) tak potom rychlost je z hora determinovana len rychlostou zariadenia, pricom garantovana rychlost je dana minimom.

tzn.
MIN<AKT_RYCHLOST<MAX<ZARIADENIE

podla mna sa to sprava nasledovne:

tzn. ze ak tam bude len 1 toto pravidlo rychlost daneho uzivatela bude stale rovnaka, a to AKT_RYCHLOST=MIN=MAX v pripade, ze MIN a MAX su rovnake

Co tak vyskusat si to?

Mgx

PS: momentalne som mimo CBQ systemu, inak by som ti napisal otestovany config. ale try yourself.
Mich(at)l - 06.10.2005 - 18:44
Post subject:
ja by som to aj vyskusal sam ale ako to mam testnut... a vieruvyhodne namerat ze ci to fakt pekne rozdeluje...??

a pokusal som sa citat aj ofic. dokumentaciu... ale pri mojej nie az tak genialnej anglictine .... a mestami skoro uplne odlisnim direktivam (od tych co su uvedene tu)---som to tak akosi docasne vzdal...
mgx - 06.10.2005 - 18:48
Post subject:
na zmeranie tam mas nieco, comu sa hovori CBQ report Smile skus pohladat v menu Smile
Mich(at)l - 06.10.2005 - 18:56
Post subject:
OKI....---momentalne ale na tom nemam nic(nikoho) zavesene
ale este mi nikto nepovedal co ked

qshape webworld1 699 bw 11M 11M 192.168.113.132 on $client
qshape webworld2 699 192.168.196.0/24 on $client
qshape webworld3 699 192.168.113.130 on $client

pouzijem tu istu ruru???
v tomto pripade co uvadzam... sa rozdelia takto??:
1/3 z 11M webworld1
1/3 z 11M webworld2
1/3 z 11M webworld3

toto je posladna vec co mi k tomu co potrebujem celkom nesedi...
mgx - 07.10.2005 - 09:25
Post subject: odpoved
qshape webworld1 699 bw 11M 11M 192.168.113.132 on $client

#hovori to, ze klient 192.168.1.1 pojde garant rychlostou 11M/11M

qshape webworld2 699 192.168.196.0/24 on $client

#hovori, ze klienti 192.168.196.0/24 budu zaradovani do rury 699 a ich #rychlost bude zdielana + zhora odmedzena rychlostou rury 699 (ta je dana nejakym pravidlom??? nevidim ho)

qshape webworld3 699 192.168.113.130 on $client

#hovori, ze klienti 192.168.113.130 budu zaradovani do rury 699 a ich #rychlost bude zdielana + zhora odmedzena rychlostou rury 699

pouzijem tu istu ruru???

ano. cislo 699 je u vsetkych rovnake. ale pouzitie rovnakej rury neznamena rovnaku rychlost Smile

v tomto pripade co uvadzam... sa rozdelia takto??:
1/3 z 11M webworld1
1/3 z 11M webworld2
1/3 z 11M webworld3

Odpoved je teoreticky ano, ak chces zdielat v systeme 1/3, tak podla mna lepsi postup je:

Originally Posted by theo
How can i shape between 10.12.10.1 to 10.12.10.255 to 1mbit up , 1mbit down using 1 line cbq rule?



client = "wpci1"
bi-pipe 1000 3M 3M
qshape 1 parent 1000 10.12.10.1 on $client
qshape 2 parent 1000 10.12.10.2 on $client
qshape 3 parent 1000 10.12.10.3 on $client

ten rozdeli vsetkych 3 s priblizne 1/3

ak chces dat kazdemu presne 1mb, tak staci spravit takto:

client = "wpci1"
bi-pipe 1000 3M 3M
qshape 1 bw 1024K 1024K parent 1000 10.12.10.1 on $client
qshape 2 bw 1024K 1024K parent 1000 10.12.10.2 on $client
qshape 3 bw 1024K 1024K parent 1000 10.12.10.3 on $client

I think this'll do it using the Range feaure... Of course, you don't need to use parent, but if you're giving 1Mbit to every user, you'll want to have some overall agregate limit (like 3M) if you have a lot of wireless users on there.
- 10.10.2005 - 17:21
Post subject:
Pootreboval bych poradit.Potrebuju povolit ve firewallu (StarOs) port 10000!Přečetl jsem manual ale pořad nic a proto jsem ho cely opsal.mam tam někde chybu?

net = ether1
client = wlan1

#
ldeny tcp from any to any 708 in via $net # Hotspot web proxyserver,make sure $net is correct if
# Using hotspot servis.
ldeny tcp from any to any 8080 in via $net # Disable access to primary proxy serverfrom outside world.

# Some important firewall rules that will prevent infection of Windows system using RPC buffer overruns.
deny tcp from any to any 135 in via $net # RPC port, used by many worms to infect Windows systems
deny udp from any to any 135 in via $net # RPC port, used bz many worms to infect windows system

# It is recommended to uncomment the following 6 rules to prevent access to MS Windows file shares.
# deny tcp from any to any 137 in via $net # NetBios (TCP)
# deny udp from any to any 137 in via $net # NetBios (UDP)
# deny tcp from any to any 138 in via $net # NetBios (TCP)
# deny tcp from any to any 138 in via $net # NetBIos (UDP)
# deny tcp from any to any 445 in via $net # Windows 2000/XP NetBios over TCP/IP
# deny tcp from any to any 445 in via $net # Windows 2000/XP NetBios over TCP/IP

# To allow a specific IP access to the reports, change the admin_ip below.

admin_ip = "!127.0.0.1" # ie. 64.124.65.19. or 64.124.65.0/24 for the entire class ´0´

ldeny tcp from ! $admin_ip to any 791 in # CBQ Report
ldeny tcp from ! $admin_ip to any 792 in # Firewall and NAT Report
ldeny tcp from ! $admin_ip to any 793 in # W/LAN Device statistics
ldeny tcp from ! $admin_ip to any 794 in # System ARP Table
ldeny tcp from ! $admin_ip to any 795 in # Active Routing Table
ldeny tcp from ! $admin_ip to any 800 in # IP Accounting collection
ldeny tcp from ! $admin_ip to any 801 in # Results from previous IP Accounting collection

# Firewall samples
# # Only allow www hosting on a specific server, and disable for restof clients
# allow tcp from any to 192.168.1.15 80 in via $net
#
# # Forward all www traffic from the clients to proxy server.(transparent proxy)
# forward tcp to 1.2.3.4 8080 from 192.168.1.0/24 to any 80 out via $net
#
# deny tcp from any to any 80 in via $net # Disable www hosting (except for server listed above)
# deny tcp from any to any 8888 in via $net # Disable napster hosting
# deny tcp from any to any 8080 in via $net # Internal Proxy
# deny tcp from any to any 1080 in via $net # Socks Server
# deny tcp from any to any 666 in # Satan trojan (disable to/from clients)
# deny tcp from any to any 37337 in # Used bz manz trojans (disable to/from clients)
Ajfel - 10.10.2005 - 21:52
Post subject:
Nemas tam prece nikde ani zminku o tom portu.
Do promenne admin_ip zadej ip nebo rozsah ip, ze kterych ma byt pristup na port povolen
a pridej radek:
ldeny tcp from ! $admin_ip to any 10000 in
potrebujes k tomu stejne ale jeste HDD v masine na ktere ti bezi ten staros, jinak ti nepojede hotspot, kvuli kteremu to pravdepodobne chces.
Ajfel - 10.10.2005 - 21:57
Post subject:
net = ether1
client = wlan1

#
ldeny tcp from any to any 708 in via $net # Hotspot web proxy server, make sure $net is correct if
# using hotspot service.
ldeny tcp from any to any 8080 in via $net # Disable access to primary proxy server from outside world.

# Some important firewall rules that will prevent infection of Windows systems using RPC buffer overruns.
deny tcp from any to any 135 in via $net # RPC port, used by many worms to infect Windows systems
deny udp from any to any 135 in via $net # RPC port, used by many worms to infect Windows systems

# It is recommended to uncomment the following 6 rules to prevent access to MS Windows file shares.
# deny tcp from any to any 137 in via $net # NetBios (TCP)
# deny udp from any to any 137 in via $net # NetBios (UDP)
# deny tcp from any to any 138 in via $net # NetBios (TCP)
# deny udp from any to any 138 in via $net # NetBios (UDP)
# deny tcp from any to any 445 in via $net # Windows 2000/XP NetBios over TCP/IP
# deny udp from any to any 445 in via $net # Windows 2000/XP NetBios over TCP/IP

# To allow a specific IP access to the reports, change the admin_ip below.

admin_ip = "10.0.0.0/8" # ie. 64.124.65.19 or 64.124.65.0/24 for the entire class 'C'

ldeny tcp from ! $admin_ip to any 791 in # CBQ Report
ldeny tcp from ! $admin_ip to any 792 in # Firewall and NAT Report
ldeny tcp from ! $admin_ip to any 793 in # W/LAN Device statistics
ldeny tcp from ! $admin_ip to any 794 in # System ARP Table
ldeny tcp from ! $admin_ip to any 795 in # Active Routing Table
ldeny tcp from ! $admin_ip to any 800 in # IP Accounting collection
ldeny tcp from ! $admin_ip to any 801 in # Results from previous IP Accounting collection

ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.
mgx - 10.10.2005 - 22:06
Post subject:
doporucujem nahradit riadok

ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.

riadkom

#ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.

a konfiguraciu ulozit a staros restartnut Smile

mgx
Ajfel - 10.10.2005 - 22:18
Post subject: Proc ?
mgx wrote: ›doporucujem nahradit riadok

ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.

riadkom

#ldeny tcp from ! $admin_ip to any 10000 in # web-based radius user manager.

a konfiguraciu ulozit a staros restartnut Smile

mgx

Ja to mam bez krizku a funguje mi to, mas nejaky duvod, o kterem bych nevedel, proc tam ten komentovaci krizek ma byt ?
mgx - 11.10.2005 - 09:31
Post subject: sorry
aha, mea culpa.

bol som v tom, ze ti to nefunguje vobec Smile

takze, ak mas dobre nastavenu premennu $admin_ip,
tak ten riadok tam nechaj Smile

jeho zakomentovanie sposobi pristup do admin konzoly aj z inej IP, ako je $admin_ip
- 11.10.2005 - 12:54
Post subject:
diky za radu,ja to teda pujdu zkusit a chci se jeste az povolim ten port 10000 tak ( u wrabu) kdyz dam v prohlizeni ip adresu toho wrabu a :10000 tak jestli mi naskoci web management nebo jestli semusi taky nekde povolit.Diky!
- 11.10.2005 - 12:55
Post subject:
diky za radu,ja to teda pujdu zkusit a chci se jeste az povolim ten port 10000 tak ( u wrabu) kdyz dam v prohlizeni ip adresu toho wrabu a :10000 tak jestli mi naskoci web management nebo jestli semusi taky nekde povolit.Diky!
- 11.10.2005 - 12:56
Post subject:
v prohlizeci
mgx - 11.10.2005 - 13:06
Post subject:
v prehliadaci sa to povolovat nemusi

staci napisat:

http://<ip_adresa_wrapu>:10000

tzn.

napr

http://192.168.1.1:10000
Ajfel - 11.10.2005 - 13:31
Post subject:
Jestli to chceš provozovat na wrapu, tak asi nepochodíš, protože hotspot využívá Radius a ten zase potřebuje HDD, takže asi nepochodíš, ale to poznáš.
- 11.10.2005 - 13:35
Post subject:
aha tak to mi nikdo nerekl!A k cemu je tam potreba Radius?
Ajfel - 11.10.2005 - 13:39
Post subject:
K rozpoznávání klientů a k dalším věcem Surprised)
matt - 17.11.2005 - 20:38
Post subject: CBQ
Kde by som mohol najst vsetky pouzitelne prikazy pre bandwidth management a firewall, prip. vysvetlenie alebo priklady, co spravi napr. bw, fb, ... v qshape ... dik

matt
Mich(at)l - 17.11.2005 - 20:59
Post subject: CBQ
matt wrote: ›Kde by som mohol najst vsetky pouzitelne prikazy pre bandwidth management a firewall, prip. vysvetlenie alebo priklady, co spravi napr. bw, fb, ... v qshape ... dik

matt


ved sa to nachadza priamo v tomto threade co sa tyka CBQ:
from MGX: "Podrobné informácie o CBQ: http://www.icir.org/floyd/cbq.html "
matt - 17.11.2005 - 21:45
Post subject:
To: Mich(at)l

Dik za odkaz, ale ten som nasiel uz skor, neviem, ci uz nevidim, ale vsetky pdfka som presiel a nic take, co by som potreboval, som nenasiel... Crying or Very sad
kongo - 09.02.2006 - 11:57
Post subject:
Prosil by som Vas o radu. Uz sa s tym trapim 3 dni a stale nic. Chcem rozbehat AP.
- jedna sa o wifi zariadenie, cize half-duplex. Neviem ako ho zadefinovat. (bw 3M 3M) ???
- zavesit na neho klientov s max bw 1M 1M a z toho obedzit sambu(445) a ftp(21) na 256k

Isto taketo riesenie viaceri z vas pouzivate, tak by som Vas prosil o pomoc. Dik
mgx - 09.02.2006 - 15:27
Post subject:
ak ide o starOS, aku verziu.
ak o StarOS nejde, prosim zalozit novy thread a nerobit bordel v cleneni!!!

Mgx
kongo - 09.02.2006 - 19:03
Post subject:
mgx wrote: ›ak ide o starOS, aku verziu.
ak o StarOS nejde, prosim zalozit novy thread a nerobit bordel v cleneni!!!

Mgx


StarOS™ v2.10.0
admin - 10.02.2006 - 09:22
Post subject:
1. ano
2. sambu chces obmedzit na jedneho klienta 256kb alebo spolu bandwith pre vsetkych na 256kb?
Chalan - 10.02.2006 - 11:13
Post subject:
ak je to half duplex a zadam napr bw 1536kbps 1536kbps ako sa to bude delit pri full zatazi? UP aj Down pojde max 1,5mbit (768up/768down) alebo sa to zrata a zatazi spoj na 3mbit (1,5up/1,5down)?
kongo - 10.02.2006 - 20:27
Post subject:
admin wrote: ›1. ano
2. sambu chces obmedzit na jedneho klienta 256kb alebo spolu bandwith pre vsetkych na 256kb?

Ano, 256kb celkovy bw pre sambu + celkovy bw 256kb pre ftp. Dalej by jeden user mohol dispovat max. bw 1Mb pre ostatne sluzby. Celkova kapacita by bola dana bw 3M 3M ako som minule pisal.
Dik.
kongo - 10.02.2006 - 20:31
Post subject:
Mozno som to blbo napisal, ale neviem co by bolo najrozumnejsie riesenie. Vela userov na wifi stale prenasa medzi sebou velke subory (filmy), na ukor ktorych musia druhi useri trpiet(paket loss).
mgx - 17.02.2006 - 14:22
Post subject: riesenie je jednoduche
riesenia:

1. bud zakazat, aby sa wifi useri medzi sebou videli (velmi jednoduche a ucinne - volba InterRelayBSS)

2. zakazat prenos cez WINDOWS SHARING (mozu potom zdielat data cez hamatchi a podobne vpn siete).

3. obmedzit prenos cez WINDOWS SHARING
vavri - 10.03.2006 - 13:23
Post subject:
Zdravim.
Zajimalo by me, jak presne se vyhodnocuji pravidla v CBQ.
Snazil jsem se udelat skript pro rychlost do netu 1M/s, rychlost do lokalniho FTP 5M/s

###Priklad:
# zs1
bi-pipe 10 bw 5000k 5000k

speed_zs1 = "bw fb 1000k fb 1000k parent 10"
hispeed_zs1 = "bw 2500k 2500k parent 10"
fullspeed_zs1 = "bw 5000k 5000k parent 10"

# infrastruktura
qshape ftpko 100 $hispeed_zs1 192.168.20.10 on $zs1

qshape xxx 200 $speed_zs1 192.168.14.101 on $zs1
###konec prikladu
Pokud bude 192.168.14.101 komunikovat do netu, je to jasny.
Jak to ale bude, pokud by chtel ip 14.101 komunikovat s nasim FTP serverem (192.168.20.10)? Bude se komunikace sypat do pipe 100 nebo 200?

Nakonec by me jeste zajimalo, jestli se v tech pravidlech rozlisuje zdrojova a cilova adresa?

diky za reakce.
All times are GMT
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits