ADSL Bandwidth Management HOWTO

Dan Singletary

dvsing@sonicspike.net

Fj - {

yasufumi.haga@nifty.com

Revision History                                                       
Revision 1.2         2002N 9 26            Revised by: ds         
V[OXg link ǉBx̃ZNVɏȖ_ 
B͓ ADSL pɍlA Linux ̐V[X\ QoS  
PɊւ́B                                                   
Revision 1.1         2002N 08 26           Revised by: ds         
ӏCiwEĂꂽ̕XɊӂ܂jB̕ɁAx 
̏ǉB                                                         
Revision 1.0         2002N 8 21            Revised by: ds         
ш搧̌A_Iwi̋A2.4 J[lΉB                   
Revision 0.1         2001N 8 6             Revised by: ds         
                                                                   

{ ADSL fAƎш̃foCXiP[u
fAISDNAjŁAÕgtBbNƌʓIɊǗ
́ALinux [^[ǂݒɂ΂̂ɂĉ̂
B{ŏd_Ă̂́A≺̑ш悪OaԂłAΘb
IȃgtBbN̒xጸ邱ƂłB

 

Table of Contents
1. ͂߂
   
    1.1. {̐Vo[W
    1.2. dq[ɂ铢_pXg
    1.3. Ɛӏ
    1.4. 쌠ƃCZX
    1.5. tB[hobNƒ
   
2. \m
   
    2.1. Kv
    2.2. ڑ\
    2.3. pPbgL[
   
3. e
   
    3.1. Linux HTB gāAÕgtBbN}
    3.2. HTB gD揇ʕtL[CO
    3.3. ibtables gOpPbg̕
    3.4. `[jO
    3.5. ̃gtBbN}Ă݂
   
4. 
   
    4.1. x
    4.2. XNvgFmyshaper
   
5. VL[̃eXg
6. 悵AIIŁÁH
7. {Ŏӎ

1. ͂߂

C^[lbgɐڑĂ ADSL fi邢̓P[ufj
߂AÕgtBbNǗ@Ă邱ƁAꂪ{
̖ړIłB́Ãf[^]ɊւāAADSL C̑ق
128 kbps ɐĂ邱ƂłBɁAADSL f̃pPbgL
[A̖ɗւĂ܂BpPbgL[OaԂɂȂƁA
S|ô 2b 3 b邱Ƃ̂łB͓ɁA
̑ш悪OaĂ܂ƁÃpPbgC^[lbgɏoĂ
ɗv鎞ԂAő 3 bɂȂ肤ƂƂł܂Bł
Atelnet }`v[Q[Ƃ悤ȁAΘbIȃAvP[V
䖳ɂȂĂ܂ł傤ˁB

 

1.1. {̐Vo[W

{̍ŐVł́A[hEChEEFuɂA URL: http://
www.tldp.org ŁAł{ł܂B

܂A http://www.tldp.org ɂA LDP ̃z[y[W܂߂ALinux
̗lX WWW TCg FTP TCgɂAbv[hĂ܂B

 

1.2. dq[ɂ铢_pXg

ADSL Bandwidth Management Ɋւ鎿XVɂẮA http://
jared.sonicspike.net/mailman/listinfo/adsl-qos ɂAADSL Bandwidth
Management ̃[OXgɁAЎQĉB

 

1.3. Ɛӏ

̖̕M͎QlłBȂ͉̂pǂŉB

Neither the author nor the distributors, or any other contributor of
this HOWTO are in any way responsible for physical, financial, moral or
any other type of damage incurred by following the suggestions in this
text.

{̒҂Ƃ̔zzAі{ HOWTO ɑ΂鑼̍v҂̂A
{̒ēeɏ]ʐAIAKIA`IQA
̑̂ǂ̂悤Ȏނ̔Qɑ΂ĂA@̔@킸A؂̐ӔC
͕܂B

 

1.4. 쌠ƃCZX

̖̕M͎QlłBȂ͉̂pǂŉB

This document is copyright 2002 by Dan Singletary, and is released
under the terms of the GNU Free Documentation License, which is hereby
incorporated by reference.

{̒쌠 (c) 2002  Dan Singletary LĂA GNU t[
p_񏑂̏ŌJ܂BY_񏑂̓NQƂ邱Ƃ
AYtƂ܂B

 

1.5. tB[hobNƒ

{ɂĕȂƂӌ΁A dvsing@sonicspike.net
<mailto:dvsing@sonicspike.net> ĂŁA҂܂ŉȂ\oĉB

 

2. \m

2.1. Kv

{ŊTĂ@́A Linux \ł삷͂łA
\ȊO͖mF̂܂܂łB

 E Red Hat Linux 7.3
   
 E QoS T|[gׂėLɂiW[ł\܂jÃpb
    `𓖂ĂA2.4.18-5 J[liYpb`́A₪Ă͏̃J[l
    Ɏ荞܂邩܂jB
   
      HTB L[ - http://luxik.cdi.cz/~devik/qos/htb/
       
        ӁFMandrake (8.1, 8.2) ŏoׂĂo[W 2.4.18-3 
        ~̃J[lɂ́A HTB Ɋւ铖Ypb`͊ɓĂĂƂ
        A󂯂܂B
       
      IMQ foCX - http://luxik.cdi.cz/~patrick/imq/
       
 E iptables v1.2.6a ȍ~iRed Hat 7.3 ŔzzĂo[W
    iptables ɂ́A length W[܂jB
   

ӁF{̑Oo[Wł́A sch_prio L[ɑ΂pb
`܂߂AшǗ@ڂĂ܂Bł̌Ãpb`
͂܂svƕ܂B΂肩A̕ŐĂ
V@ƁAƗǂʂɂȂ܂iƂ͂ĂA̕
̎M_ł́AJ[lpb` 2 KvɂȂĂ܂B:) pb
`΁jB                                                        

 

2.2. ڑ\

ݓȂ悤ɁA{Ńlbg[NfoCXݒɂĐG
ۂ́AׂĈȉ̃lbg[Nڑ}ɏ]܂B


                     <-- 128Kbit/s      ---------------     <--10Mbit -->           
  C^[lbg <--------------------> | ADSL f | <--------------------       
                      1.5Mbit/s -->     ---------------                     |       
                                                                            | eth0  
                                                                            V       
                                                                ------------------  
                                                                |                |  
                                                                | Linux [^[ |  
                                                                |                |  
                                                                ------------------  
                                                                 | .. | eth1..ethN  
                                                                 |    |             
                                                                 V    V             
                                                                                    
                                                             [Jlbg[N   
                                                                                    

 

2.3. pPbgL[

pPbgL[Ƃ̂́Af[^ɂ̓lbg[NfoCXɌ
ȂꍇɁÃf[^ێĂoPcłBẴpPbg
L[́Aɑ̕@g悤ɐݒ肳ĂȂA FIFOit@[X
gECAt@[XgEAEgjƂgĂ܂BꂪӖ
邩ƂƁAfoCXp̃pPbgL[SɖOaĂꍇ
ɁAԐVL[ɒuꂽpPbgốA̎_ŃL
[ɂ鑼ׂ̂ẴpPbgoĂ炾ƂƂłB

 

2.3.1. ̓`

ADSL fł́Aш͉肪ʏ 1.5Mbit/sA肪ʏ 128Kbit/s Ƃ
悤ɁAΏ̂ɂȂĂ܂B͉x̂ƂłA Linux [
^[ PC  ADSL fԂ̃C^tF[X́A 10Mbit/s ȏ
ȂĂ܂B[Jlbg[ÑC^tF[X 10Mbit/s 
A[Jlbg[NC^[lbg֑pPbǵAʃ[^
[ł́uL[CO܂vBpPbǵA[Jlbg[N
ƂƓxŁA eth0 瑗o܂BłAΌ̃pPb
g ADSL fŃL[ɗ܂BƂ̂́ApPbg 10Mbit/s 
Ă܂AoĂ̂ 128Kbit/s ɂȂłB₪Ă
ADSL f̃pPbgL[͖OaAɂĂǂȃpPbgA
ȏ͒mȂԂɗĂ܂܂B TCP ̖͂悤
vĂAKX]EBhETCY𒲐āA\ȑшtɊ
p܂B

TCP ƃpPbgL[gݍƁAш悪ƂʓIɎg悤
ȂŁApƂ FIFO L[ɂ܂f[^ʂ̂ŁAΘb
IȃgtBbN̒x債ȂƂ܂B

FIFO ɊĂ͂܂ʂ̎ނ̃L[ɁA n oh̗D揇ʂÂL
[Ƃ̂܂BpPbgׂL[Ȃ̂ł͂Ȃ
A n oh̗D揇ʂÂL[ɂ n  FIFO L[ApPbg
͂̎ނɏ]āAǂꂩɃL[CO܂BeX̃L[ɂ͗D
ʂApPbg͏ɂƂD揇ʂ̍L[o܂
B̕gƁA FTP ̃pPbg telnet ̃pPbgD揇ʂ
ႢL[ɒûŁA FTP ̃Abv[hłA telnet ̃pPbg
łL[Ɋ荞ŁAɑo܂B

{ł́AKwg[NoPbg(HTB) ƂA Linux ̐VL[
g悤ɉ܂B HTB L[͐ɏqׂ n oh̃L[Ƃ
ւ񎗂Ă܂AeNXœ]𐧌ł悤ɂȂĂ܂B
ɁÃNX̉ʂɃgtBbÑNXݒ肵ANXKw
悤ɂȂĂ܂B HTB ]ƂȂƂ̂́A{
ňׂł͂܂Bڍׂȏ http://www.lartc.org Q
ĉB

 

2.3.2. ̓]

ADSL fɑ΂̃gtBbŃAÕgtBbNƂقƂ
Ǔ@ŃL[ɗ܂ÃL[ ISP ɂ܂B̂
ApPbg̃L[CO@ƂAǂނ̃gtBbNDI
ɈƂƂɊւāAڐ䂷邱Ƃ͂炭ł܂Bx
Ⴍ}B̕@́Af[^܂荂őȂ悤ɂ邱
łBłAcOȂƂɁApPbg̓x𒼐ڐ䂷@͂
܂BłAgtBbN̑命͂炭 TCP łAM̑x
}@͂܂B

 E Ӑ}Iɓ̃pPbg𗎂Ƃ - TCP ̓Nts
    A\ȑшtɊp悤݌vĂ܂B܂AoNf
    [^̓]ATCP ͍ŏIIɃpPbg܂ŁAXƃf[^
    o܂BƁATCP ̓pPbĝoāA]EBh
    Ek܂B]ĂԂ́AƂ̃TCNJԂ
    Ałf[^̍]ۏ؂̂łB
   
 E ʒmꂽMEBhETCY𑀍삷 - TCP ̓]AM͊m
    F (ACK) pPbgԂ܂B ACK pPbgɂ́Aʒm
    ꂽEBhETCYĂ܂BɂāAMf[^̍
    ʂ𑗐Mɖ܂BłAO ACK pPbg̃EBh
    ETCY𑀍삷΁AMӐ}IɃXs[h_E邱Ƃ
    ̂łB_ł́ALinux ł̎̃t[it
    [ȁĵ͂܂iłM҂͂̋@\̎Ƃ𑱂Ǝv
    ܂IjB
   
 

3. e

̑шœKɂ́A{IȒiK܂B ADSL f
L[@𐧌䂷邱Ƃ͂łȂ̂łA܂́ApPbg
ADSL fɃL[COȂ悤ɂKv܂B̂߂ɂ
A[^[ eth0 ɑof[^ʂA ADSL f̏̑шS
̂኱߂ɗ}܂B̌ʁAeĂ鑗ox
xŃ[Jlbg[N瓞BpPbgA[^[ŃL[C
OKvoĂ܂B

Ԗڂ̒iḰA[^[ɗD揇ʕt̃L[COݒ肷邱
łBɂẮAtelnet }`v[Q[ƂAΘbIȃg
tBbNɗD揇ʂ悤ɐݒłL[𒲍܂B


HTB L[g΁Aǂ̗D揇ʂ̃NXÃNXƓ悤Ʉ
pPbgL[CO邱Ƃۏ؂ł邵Aш𒲐A
ɃL[COɗD揇ʂ邱Ƃł܂B̃̕o[W
 0.1 ŏqׂ@gĂAL[ɂȂ͔̂܂ 
B                                                                


čŌɁA fwmark găpPbgɗD揇ʂ^悤ɁAt@C
AEH[ݒ肵܂B

 

3.1. Linux HTB gāAÕgtBbN}

[^[EfԂ 10Mbit/s ŐڑĂ܂Af 128Kbit/s
łoł܂B̑xȏɑof[^́Af
ŃL[ɗ܂BāA[^[o ping pPbg͂
fɓ͂܂Bł̃f̃L[ɂȂ炩̃pPbg
΁A ping pPbgۂɃC^[lbgɏoĂɂ͐b
邩܂Bɂ唼 ADSL fɂ́ApPbg̎o
@L[̑傫w肷dg݂܂BłAł̍ŏ
̖ڕẂAL[ƊǗł悤ȏꏊɈڂāAɊÕp
PbgL[CO悤ɂ邱ƂłB

̏ꍇ́AHTB L[gāA ADSL fɃpPbg𑗏o鑬x
܂B̑ш 128Kbit/s ƂĂApPbg̑ox͂
኱߂ɐȂ΂Ȃ܂Bx}΁Af̃L
[ɂ́AƂpPbgȂ悤ɂKv܂B
ʂĕƂłAÕgtBbN 90kbit/s ɐ
΁A HTB ̑xgȂĂAш 95% g悤ɂȂ܂
B̑x HTB Lɂ΁A ADSL fpPbgL[CO
Ȃ悤ɂȂ܂B

 

3.2. HTB gD揇ʕtL[CO


ӁF{߂ŐɎ咣ƁiƂƂ N oh̗D揇ʕtL 
[COƂ̂́j́AɊԈĂ邱Ƃ܄
Bۂ́ApPbgD揇ʕtL[̌X̃ohɕނł
悤ɂɂ́A fwmark tB[hgȂłBł
A{̃o[W 0.1 쐬Ă鎞_ł́As[ł 
B                                                              


̎_ł́A\̕ῶ܂܂B FIFO L[ ADSL
f烋[^[ɈڂłBہAL[TCYfBtH
g 100 pPbgɐݒ肵 Linux ł́A̎_Ŗ肪Ԃ񈫉
܂BłłB

HTB L[̊eאڃNXɂ͗D揇ʂ蓖Ă邱Ƃł܂BقȂ
ނ̃gtBbNʁX̃NXɒuAꂩ炱̃NXɕʁX̗D
ʂ蓖Ă΁ApPbgođo鏇Ǘł܂B
HTB L[gƁÂ悤ȂƂ\ɂȂ邵Aǂ̃NXݍ
ɍς݂܂BƂ̂́AeNXɑ΂āAŒۏؑx𖾋Lł邩
łB̑ɁAHTB g΁A܂łȂ瑼̃NX̖gpш
gĂƁANXɎwł悤ɂȂ܂B

܂NXݒ肵AɃNXɃgtBbNzu邽߂̃tB^[
ݒ肵܂Bɂ͂@܂A{ŉ@
A fwmark ŃpPbgɈ̂ɁAe iptables/ipchains 
gp܂B̃tB^[ fwmark ɊÂāA HTB L[̃NXɃg
tBbNzu܂B΁Aiptables Ƀ}b`O[ݒ肵
AނɉăgtBbÑNXɑ邱Ƃł܂B

 

3.3. ibtables gOpPbg̕


ƂƖ{ł̓pPbg𕪗ނ̂ ipchains gĂ܂
Bł͂ƐV iptables g܂B                      


[^[ݒ肵āAΘbIȃgtBbNɗD揇ʂtŌ̒iK
At@CAEH[ݒ肵āAǂăgtBbN𕪗ނ΂
`邱ƂłBɂ́ApPbg fwmark tB[hݒ肵
B

܂ڍׂɗ炸Ał͗D揇ʂ̂ƂNX 0x00 
ȂĂl̃NXɁAÕpPbgǂނ̂ȒP
܂B

 1. SpPbg 0x03 Ƃ܂BŁApPbgׂ͂āAf
    BtHgňԗD揇ʂႢL[ɒu܂B
   
 2. ICMP pPbg 0x00 Ƃ܂B ping ɂ͒xė~
    ̂ŁÃpPbg̗D揇ʂ͈ԍȂ܂B
   
 3. ̃|[g 1024 ȉɂȂĂ邷ׂẴpPbg 0x01 Ƃ
    ܂B Telnet  SSH ƂVXeT[rXɗD揇
    ʂĂłB FTP ̐|[g͈̔͂ɓ܂A FTP
    ̃f[^]͍ʂ̃|[gōsȂ̂ŁA 0x03 ̃oĥ܂܂ɂȂ
    ܂B
   
 4. ̃|[g 25 (SMTP) ɂȂĂ邷ׂẴpPbg 0x03 Ƃ
    ܂BN傫ȓYtt@Cēdq[oĂ
    AőΘbIȃgtBbN𖄂ߐsĂق͂ȂłˁB
   
 5. }`v[Q[T[o[ɌpPbgɂ́Aׂ 0x02 Ƃ
    ܂BŃQ[}[ɑ΂x͒ႭȂ܂A
    Q[}[̃pPbgAႢxKvȃVXeAvP[V
    ߐsȂ悤ɂĂ܂B
   
    ́uׂvpPbgɂ 0x02 Ƃ܂B̃_E
    [hɑ΂O ACK pPbg͂ɑoāAIɃ_E
    [hł悤ɕۏ؂قłˁB́Aiptables 
    length W[gΉ\łB
   
AKvɉăJX^}CYĂ܂܂B

 

3.4. `[jO

xP̂߂ɂł邱ƂƓ܂B܂Aő`jbg
(mtu) fBtHg 1500 oCgɂȂ悤ɐݒł܂B̒l
΁AɃtTCYŗD揇ʂ̒ႢopPbgꍇ
AD揇ʂ̍pPbg̑o҂ώԂZȂ܂BłA
lƁAX[vbg኱ቺ邱ƂɂȂ܂BȂȂ
AepPbgɂ IP wb_[ TCP wb_[̏񂪁AŒł 40 oCg
܂܂Ă邩łB

D揇ʂ̒ႢgtBbNłAxP̂߂ɂł邱Ƃ
܂B́AL[̒fBtHg 100 邱Ƃ
B ADSL Cł́AL[̒fBtHĝ܂܂ƁA mtu 
1500 oCg̃pPbg𑗏oĂ܂̂ɁA 10 bĂ܂Ƃ
܂B

 

3.5. ̃gtBbN}Ă݂

Intermediate Queuing Device (IMQ) g΁AÕpPbgL[C
ÔƓ@ŁÃpPbgׂăL[ɓ邪ł
B̏ꍇApPbg̗D揇ʂ͂͂邩ɒPłBłi낤Ƃ
Ăĵ́A TCP ̃gtBbN𐧌䂷邱ƂłA
TCP ȊÕgtBbŃAׂ 0x00 NXɔzuA TCP gtBbN
́Aׂ 0x01 NXɔzu܂B́uׂvTCP pPbǵA
炭oς݂̊Of[^ɑ΂ ACK pPbgłA 0x00
NXɔzu܂B 0x00 NXɂ͕WI FIFO L[ݒ肵A 0x01
NXɂ Random Early Drop (RED) L[ݒ肵܂B RED  TCP 
䂷ŁA FIFO (tail-drop) L[DꂽL[łBƂ̂
AłȂȂ肻ȓ`Xs[h_E悤ƂāAL[I
[o[t[OɃpPbg𗎂ƂłBɁA 2 ̃NX
̓̍ő呬x𐧌܂B̑x ADSL f̎ۂ̓
̑xႭ܂B

 

3.5.1. ̃gtBbN𐧌ĂAقǌʂȂR

ISP ŃL[OaȂ悤ɁÃgtBbN𐧌킯
łBłƁA5 bԕ̃f[^obt@邱Ƃ܂
B́A TCP ̃gtBbN𐧌B̕@ɂāAS
ȂpPbg܂ŗĂ܂ƂłBpPbg͊ ADSL
f̑шxLĂ̂łAʂƂĂȌ̃p
PbgXs[h_E悤ƂāA Linux @ƂĂ܂̂łB
̗pPbg͌ǂ͍đAƑшĂ܂܂
BgtBbN𐧌ƁÃlbg[NŎ󂯓pPbg
x𐧌邱ƂɂȂ܂Bۂ̓̃f[^x́ApPbg
Ƃ܂Aۂ́AmɒxႭɂ́AADSL f
̎ۂ̑xȂxƒႭ}Ȃ΂ȂȂł
Bۂɂ́AɌ܂̃_E[hȂxe͈͂ɂĂ
ɂ́A ADSL ̉ 1.5Mbit/s  700kbit/s ɗƂKv܂B
TCP ZbV΂ƃpPbĝŁAш̖ʂ
傫Ȃ܂B瑬x̏͂ƒႭݒ肷Kvł傤
ˁB

 TCP ̃gtBbN𐧌䂷ƗDꂽ@́A TCP EBh
ETCY𑀍삷邱Ƃł傤A{̍쐬_ł́A Linux pɂ
it[ȁĵ͂܂iM҂͒m܂jB

 

4. 

ł́A͂܂łɂĂāA Linux őшǗ邱Ƃɂ
傤B

 

4.1. x

DSL f֑of[^́Aۂ̑x𐧌̂́AvقǊȒP
ł͂܂BقƂǂ DSL f͎ۂ̓C[TlbgubWɂ
A Linux @ ISP ̃Q[gEFCƂ̊ԂŁAf[^݂ɃubW
Ă̂łBقƂǂ DSL f́Af[^ô߁ANw
ATM gĂ܂B ATM ͏ 53 oCg̃f[^ZPʂőo
܂B̂ 5 oCg̓wb_[ŁAc 48 oCg̓f[^ɗ
pł܂Bô 1 oCgłAATM ̃Z͏ 53 oCgȂ
ŁAŜ 53 oCg̑шĂ܂܂B܂Af[^ 0 oC
g{ TCP wb_[ 20 oCg{ IP wb_[ 20 oCg{C[Tlbgw
b_[ 18 oCgƂT^I TCP  ACK pPbg𑗏oĂꍇ
ɂ܂Bɂ́AoĂC[TlbgpPbgiTCP wb_
[ IP wb_[Ȃj 40 oCgׂ̕ȂꍇłAC[Tlb
gpPbg̍Œᕉׂ 46 oCg̃f[^ɂȂAc 6 oCgɂ̓k
l܂܂B܂AC[TlbgpPbg̎ۂ̒Ƀwb_[
ƁA18 + 46 = 64 oCgɂȂƂƂłB ATM  64 oCg
o邽߂ɂ́AATM ZoA106 oCg̑шȂ
Ȃ܂B́Aǂ TCP ACK pPbgɂĂA42 oCg̑ш
QĂƂӖłB DSL fgpĂJvZɁA
Linux ӔCȂǂ̂łA Linux ӔCĂ̂́ATCP
wb_[ IP wb_[A 14 oCg MACAhXłi4 oC
g CRC ̓n[hEFAxŏ̂ŁALinux ł͂ 4 oCg
܂߂Ă܂jB Linux ł́A46 oCgƂŏC[TlbgpPbg
ɓĂȂA ATM ̌ŒTCYZlĂȂ̂łB

ƂAigpĂlXȎނ̃JvZlłp
PbgXPW[܂ł́jȎш́Aۂ̑шeʂ
኱߂ɐȂ΂ȂȂƂ킩܂Bg̑ш
łl{ĂƎvĂA傫ȃt@C_E[h
ƁAx 3 bȏɒˏオn߂邱Ƃ悭܂B͂Ă
A ACK pPbgшALinux vZႢĂ邩ł
B

̖̉AM҂͉J̊ԂƌĂ܂Aقڃh
܂BɃeXgsȂ߂ɁAʂɃ[X܂
B̕@ł́ALinux ̑xpPbgɑ΂ QoS ̑ɁA[U
[ԂɂL[g܂B{Iɂ Linux ̃[U[ԂɂL
[gāA HTB L[܂Bi܂ł̂Ƃj̕@g
ƁAÕgtBbNȂ肤܂łĂ̂ŁAʂ̃o
Nf[^́iɐ́j_E[hignutella pāAɐ
́jAbv[h̍ŒłA 15ms ƂAgtBbN̖Ԃ̂
Ȓxẑ́A 400ms őłB QoS ̕@Ɋւ
ׂɁA[OXgɎQčXV󂯎邩A邢͂
HOWTO ̍XV󋵂`FbNĉB

 

4.2. XNvgFmyshaper

̃XǵAM҂ Linux [^[őшǗ̂ɎgĂ
XNvgłB̃XNvgł́A{ŃJo[l̂
gĂ܂BÕgtBbŃAނɉĎ̃L[̂ǂ
ɔzu܂B̃gtBbŃAx߂ĂꍇɁA
TCP pPbgŏɗƂ悤ɂȂĂiD揇ʂԒႢjA
̃L[ɔzu܂B̃XNvgŎw肵Ă鑬x́AM҂̍\
ł͂܂悤łAǎ҂̊F̌ʂ͈Ⴄ܂B


̃XNvǵAƂ LARTC website <http://www.lartc.org> Ʉ
A ADSL Wonder Shaper ɂ̂łB                    


#!/bin/bash                                                                                                                                              
#                                                                                                                                                        
# myshaper - DSL/P[u fpOgtBbNVF[p  D揇ʕt                                                                             
#             ADSL/Cable wondershaper (www.lartc.org)                                                                                                
#                                                                                                                                                        
# Dan Singletary  (8/7/02)                                                                                                                             
#                                                                                                                                                        
# ӁII - {XNvǵAȉ̃TCg痘pł                                                                                                  
#            HTB L[ IMQ ̓K؂ȃpb`J[l                                                                                                 
#            Ă邱ƂOłB                                                                                                                
#            ĩJ[lł́Apb`͕svɂȂ邩܂j                                                                                    
#                                                                                                                                                        
#       http://luxik.cdi.cz/~devik/qos/htb/                                                                                                              
#       http://luxik.cdi.cz/~patrick/imq/                                                                                                                
#                                                                                                                                                        
# myshaper pݒIvV                                                                                                                              
#  DEV    - DSL/P[u fƐڑfoCX ethX ɐݒ肷                                                                                      
#  RATEUP - DSL/P[u f̊OшA̒l኱߂                                                                                      
#           ݒ肷B                                                                                                                                   
#           M҂̃C 1500/128 ŁARATEUP=90 ɂƁA                                                                                             
#            128kbps ł͂܂삵܂B                                                                                                          
#           łF͈̂Ⴄ܂B                                                                                                     
#  RATEDN - DSL/P[u f̓̑шA኱߂                                                                                          
#           ݒ肵܂B                                                                                                                                 
#                                                                                                                                                        
#                                                                                                                                                        
#  imq gē̃gtBbNXɂ闝_                                                                                                    
#                                                                                                                                                        
#    C^[lbg̑̃zXg瑗of[^̑xA                                                                                          
#  ڐ邱Ƃ͕s\łB̃gtBbN̑x                                                                                            
#  ɂ́ATCP tsASYɗ邵܂B                                                                                            
#  ̂߁AułȂ̂ TCP RlNVœ̃g                                                                                             
#  tBbNXɂĂ݂邱ƂłBv܂ tcp ȊO                                                                                           
#  gtBbN͂ǂłD揇ʂ̍NXɔzuƂ                                                                                            
#  ƂłBƂ̂́Atcp ȊÕpPbg𗎂ƂĂ                                                                                                  
#  ܂ƁAʂƂĂ͂ԂđsȂāAPɕsvɑш                                                                                        
#  Ă܂ƂȂĂ܂łB                                                                                                              
#    HTB L[I[o[t[ہAtcp pPbg𗎂ƂāA                                                                                          
#   TCP ̃gtBbNĂ݂܂B̃L[́Aۂ                                                                                       
#  ̃foCXo鑬x኱߂̏̑x (RATEDN) ŁA                                                                                
#  pPbgʂłB̑xz TCP pPbg𗎂                                                                                           
#  ƂŁAISP ̃L[I[o[t[Ă邹ŁA                                                                                          
#  pPbgĂ悤ɁA悤ƂĂ܂B                                                                                                
#  ̂悤ɂ闘_́AISP ̃L[ۂɂ͖tɂ͂Ȃ                                                                                          
#  ȂǂAtɂȂ悤Ɍ΃pPbgA                                                                                  
#   TCP ]x𗎂Ƃ̂ŁAISP ̃L[ĖOa                                                                                     
#  ȂƂłB                                                                                                                                      
#    D揇ʂɊÂL[COgƁAD揇ʂ                                                                                            
#  oPciNXjɔzuÃpPbgisshAtelnetAXj                                                                                 
#  ́uƂȂvƂImɂłƂ_܂B                                                                                        
#  ȂƂ΁ApPbg͂ǂ̃NXAŒ̑x                                                                                            
#  ɃfL[ƂɂȂĂAɗD揇ʂƂႢ                                                                                
#  NXo邩łBĩXNvgł́Ae                                                                                              
#  oPc͍ŒłAш̎̈ƂȊ蓖ĂŔz                                                                                            
#  ܂jB                                                                                                                                            
#                                                                                                                                                        
#  dvȓ_JԂ܂B                                                                                                                              
#   ڑ tcp pPbg𗎂ƂƁAtsASYɂāA                                                                                    
#     M̑xቺ邱ƂɂȂ܂B                                                                                                             
#   TCP ȊÕpPbg𗎂ƂĂÂ͂܂B                                                                                     
#     ̃pPbgdvȂ̂Aǂ݂̂炭đ                                                                                     
#     傤Bł炱pPbg͂ėƂȂ悤ɂ                                                                                     
#     Kv܂B΁ATCP RlNVOaĂ                                                                                         
#     TCP ̂悤ɍđ̎dg݂ȂvgRɑ΂āAe                                                                                           
#     yڂƂ͂܂B                                                                                                                         
#   ̑xŜAۂɃfoCXiADSL f/P[ufj                                                                                   
#     o鑬xႭ悤ɁA TCP RlNV                                                                                          
#     Xs[h_EƁAʂƂ ISP ̃L[iDSLAMAP[                                                                                   
#     uڑAXjɂ͂قƂǃpPbgȂȂu͂łvB                                                                                   
#     ISP ̃L[ɂ́A1500Kbps 4b̃f[^A܂ 6 Krb                                                                                    
#     g̃f[^Ă̂킩܂BłpPbgL[                                                                                   
#     ɗȂ΁Ax͒ቺ邱ƂɂȂ܂B                                                                                                     
#                                                                                                                                                        
#  ӁieXgOɎオ^jF                                                                                                                  
#    ̂œ̃gtBbN𐧌ƁATCP ̃oN]̐\                                                                              
#      ȂĂ܂̂ł͂ȂH                                                                                                                  
#      - ̓́AȂƂ͂ȂAłBi64 oCg̏j                                                                                 
#        ACK pPbgɗD揇ʂ΁ApPbg̍đŎĂ                                                                                  
#        ȂĂAX[vbgőɂȂ܂B                                                                                              
#                                                                                                                                                        
                                                                                                                                                         
# ӁF̐ݒ́AM҂̊ł͂܂@\Ă܂F                                                                                                 
# 1.5M/128K ADSL iPacific Bell Internet (SBC Global Services) oRj                                                                                    
                                                                                                                                                         
DEV=eth0                                                                                                                                                 
RATEUP=90                                                                                                                                                
RATEDN=700  # ̒l 1500 (1.5Mbps) Ƃeʂ肩ȂႢƂɒӂĉB                                                                     
            # ̂߁ATCP EBhE𑀍삷ƂAƗDꂽ                                                                                   
            # ̂Ďg悤ɂȂ܂ŁA킴킴̃gtBbN                                                                         
            # 𐧌Kv͂Ȃ܂B                                                                                                       
                                                                                                                                                         
#                                                                                                                                                        
# ݒIvV̏I                                                                                                                                   
#                                                                                                                                                        
                                                                                                                                                         
if [ "$1" = "status" ]                                                                                                                                   
then                                                                                                                                                     
        echo "[qdisc]"                                                                                                                                   
        tc -s qdisc show dev $DEV                                                                                                                        
        tc -s qdisc show dev imq0                                                                                                                        
        echo "[class]"                                                                                                                                   
        tc -s class show dev $DEV                                                                                                                        
        tc -s class show dev imq0                                                                                                                        
        echo "[filter]"                                                                                                                                  
        tc -s filter show dev $DEV                                                                                                                       
        tc -s filter show dev imq0                                                                                                                       
        echo "[iptables]"                                                                                                                                
        iptables -t mangle -L MYSHAPER-OUT -v -x 2> /dev/null                                                                                            
        iptables -t mangle -L MYSHAPER-IN -v -x 2> /dev/null                                                                                             
        exit                                                                                                                                             
fi                                                                                                                                                       
                                                                                                                                                         
# ׂĂm̏ԂɃZbgiNAj                                                                                                         
tc qdisc del dev $DEV root    2> /dev/null > /dev/null                                                                                                   
tc qdisc del dev imq0 root 2> /dev/null > /dev/null                                                                                                      
iptables -t mangle -D POSTROUTING -o $DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null                                                                       
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null                                                                                              
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null                                                                                              
iptables -t mangle -D PREROUTING -i $DEV -j MYSHAPER-IN 2> /dev/null > /dev/null                                                                         
iptables -t mangle -F MYSHAPER-IN 2> /dev/null > /dev/null                                                                                               
iptables -t mangle -X MYSHAPER-IN 2> /dev/null > /dev/null                                                                                               
ip link set imq0 down 2> /dev/null > /dev/null                                                                                                           
rmmod imq 2> /dev/null > /dev/null                                                                                                                       
                                                                                                                                                         
if [ "$1" = "stop" ]                                                                                                                                     
then                                                                                                                                                     
        echo "Shaping removed on $DEV."                                                                                                                  
        exit                                                                                                                                             
fi                                                                                                                                                       
                                                                                                                                                         
###########################################################                                                                                              
#                                                                                                                                                        
# ÕXiшŜ RATEUP ɐj                                                                                                       
                                                                                                                                                         
# D揇ʂႢpPbgł́Ax 2 bɂȂ悤ɁA                                                                                                
# L[TCYݒ肷B                                                                                                                               
ip link set dev $DEV qlen 30                                                                                                                             
                                                                                                                                                         
# OfoCX mtu ύXBmtu ƒx͒ቺ邪A                                                                                  
# IP  TCP ̃vgRI[o[wbĥ߁AX[vbg͎኱ቺ                                                                                     
# 邱ƂɂȂB                                                                                                                                       
ip link set dev $DEV mtu 1000                                                                                                                            
                                                                                                                                                         
# HTB  root qdisc ǉ                                                                                                                               
tc qdisc add dev $DEV root handle 1: htb default 26                                                                                                      
                                                                                                                                                         
# vȑxNXǉ                                                                                                                             
tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit                                                                                       
                                                                                                                                                         
# [tNXǉ - uŒłvшuɕvƂeNXɔF߂B                                                                        
#                      ΁Aǂ̃NX̃NX̂ŃL[ɂȂ                                                                        
#                      Ƃ͂ĂȂB̂ǂ̃NXgpȂAgш                                                                        
#                      ׂ͂ĎgĂǂB                                                                                                            
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[$RATEUP/7]kbit ceil ${RATEUP}kbit prio 0                                                        
tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[$RATEUP/7]kbit ceil ${RATEUP}kbit prio 1                                                        
tc class add dev $DEV parent 1:1 classid 1:22 htb rate $[$RATEUP/7]kbit ceil ${RATEUP}kbit prio 2                                                        
tc class add dev $DEV parent 1:1 classid 1:23 htb rate $[$RATEUP/7]kbit ceil ${RATEUP}kbit prio 3                                                        
tc class add dev $DEV parent 1:1 classid 1:24 htb rate $[$RATEUP/7]kbit ceil ${RATEUP}kbit prio 4                                                        
tc class add dev $DEV parent 1:1 classid 1:25 htb rate $[$RATEUP/7]kbit ceil ${RATEUP}kbit prio 5                                                        
tc class add dev $DEV parent 1:1 classid 1:26 htb rate $[$RATEUP/7]kbit ceil ${RATEUP}kbit prio 6                                                        
                                                                                                                                                         
# qdisc  [tNXɐڑ - eD揇ʂ̃NX SFQ BSFQ Ă΁AeNX                                                              
#                               RlNViقƂǁjɈƂۏ؂B                                                                   
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10                                                                                              
tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10                                                                                              
tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10                                                                                              
tc qdisc add dev $DEV parent 1:23 handle 23: sfq perturb 10                                                                                              
tc qdisc add dev $DEV parent 1:24 handle 24: sfq perturb 10                                                                                              
tc qdisc add dev $DEV parent 1:25 handle 25: sfq perturb 10                                                                                              
tc qdisc add dev $DEV parent 1:26 handle 26: sfq perturb 10                                                                                              
                                                                                                                                                         
# fwmark ŁAtB^NXɐU蕪 - ŃpPbgɃZbg fwmark ɏ]āA                                                             
#                                           D揇ʂ̕tNXɐU蕪ifwmark ͂ƂŁA                                                        
#                                           iptables găZbgjBɁAfBtHg                                                          
#                                           D揇ʂ̃NX 1  26 ܂łƂ̂ŁA}[LO                                                
#                                           pPbgi邢͌Ȃ ID ̃pPbgj́A                                                             
#                                           fBtHgňԗD揇ʂ̒ႢNXɓB                                                               
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20                                                                            
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21                                                                            
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22                                                                            
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23                                                                            
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24                                                                            
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25                                                                            
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26                                                                            
                                                                                                                                                         
# A MYSHAPER-OUT  iptables  mangle e[uɒǉ - Ńe[uݒ肵ApPbg                                                          
#                                                            tB^[ƃ}[LOɎgB                                                              
iptables -t mangle -N MYSHAPER-OUT                                                                                                                       
iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT                                                                                                
                                                                                                                                                         
# fwmark GgǉāAgtBbN̎ނƂɕ - KvȃNXɏ]āAfwmark  20                                                           
#                                                            26 ɐݒB20 ō̗D揇ʁB                                                        
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 0:1024 -j MARK --set-mark 23 # ʃ|[g̃gtBbNpfBtHg                                  
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 0:1024 -j MARK --set-mark 23 # ""                                                                      
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 20 -j MARK --set-mark 26     # ftp ̃f[^|[gBD揇ʂ͒Ⴂ                                      
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 5190 -j MARK --set-mark 23   # aol ̃CX^g}l[W                                            
iptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20               # ICMP (ping) - D揇ʂ͍AFlɈۂÂ悤                    
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --set-mark 21                # DNS OipPbg͏j                                        
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport ssh -j MARK --set-mark 22    # secure shell                                                            
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport ssh -j MARK --set-mark 22    # secure shell                                                            
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport telnet -j MARK --set-mark 22 # telnet (ew...)                                                          
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport telnet -j MARK --set-mark 22 # telnet (ew...)                                                          
iptables -t mangle -A MYSHAPER-OUT -p ipv6-crypt -j MARK --set-mark 24         # IPSec - ׂǂȂ̂͒mȂ񂾂 ...                        
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport http -j MARK --set-mark 25   # [J̃EFuT[o[                                                
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK --set-mark 21 # ܂܂pPbgiԂ ACK j                         
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26      # 璷 - }[LOpPbǵAȂł 26iD揇ʂ͒Ⴂj        
                                                                                                                                                         
# ÕXI                                                                                                                                   
#                                                                                                                                                        
####################################################                                                                                                     
                                                                                                                                                         
echo "Outbound shaping added to $DEV.  Rate: ${RATEUP}Kbit/sec."                                                                                         
                                                                                                                                                         
# ̃gtBbNXɂ̂Ƃ́Aȉ̍s̃Rg͂ƁB                                                                       
# exit                                                                                                                                                   
                                                                                                                                                         
####################################################                                                                                                     
#                                                                                                                                                        
# ̃XiшŜ RATEDN ɐj                                                                                                       
                                                                                                                                                         
# imq W[[hꂽƂmF                                                                                                                 
                                                                                                                                                         
modprobe imq numdevs=1                                                                                                                                   
                                                                                                                                                         
ip link set imq0 up                                                                                                                                      
                                                                                                                                                         
# qdisc ǉ - fBtHg̒ʗD揇ʃNX 1  21                                                                                                
                                                                                                                                                         
tc qdisc add dev imq0 handle 1: root htb default 21                                                                                                      
                                                                                                                                                         
# vȑxNXǉ                                                                                                                             
tc class add dev imq0 parent 1: classid 1:1 htb rate ${RATEDN}kbit                                                                                       
                                                                                                                                                         
# [tNXǉ - TCP  21 ɁATCP ȊO 20ɁAꂼU蕪B                                                                                   
#                                                                                                                                                        
tc class add dev imq0 parent 1:1 classid 1:20 htb rate $[$RATEDN/2]kbit ceil ${RATEDN}kbit prio 0                                                        
tc class add dev imq0 parent 1:1 classid 1:21 htb rate $[$RATEDN/2]kbit ceil ${RATEDN}kbit prio 1                                                        
                                                                                                                                                         
# qdisc [tNXɐڑ - eD揇ʂ̃NX SFQ BSFQ Ă΁AeNX                                                               
#                               RlNViقƂǁjɈƂۏ؂B                                                                   
tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10                                                                                              
tc qdisc add dev imq0 parent 1:21 handle 21: red limit 1000000 min 5000 max 100000 avpkt 1000 burst 50                                                   
                                                                                                                                                         
# fwmark ŁAtB^NXɐU蕪 - ŃpPbgɃZbg fwmark ɏ]āA                                                             
#                                           D揇ʂ̕tNXɐU蕪ifwmark ͂ƂŁA                                                        
#                                           iptables găZbgjBɁAfBtHg                                                          
#                                           D揇ʂ̃NX 1  26 ܂łƂ̂ŁA}[LO                                                
#                                           pPbgi邢͌Ȃ ID ̃pPbgj́A                                                             
#                                           fBtHgňԗD揇ʂ̒ႢNXɓB                                                               
                                                                                                                                                         
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20                                                                            
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21                                                                            
                                                                                                                                                         
# A MYSHAPER-IN  iptables  mangle e[uɒǉ - Ńe[uݒ肵ApPbg                                                           
#                                                            tB^[ƃ}[LOɎgB                                                              
iptables -t mangle -N MYSHAPER-IN                                                                                                                        
iptables -t mangle -I PREROUTING -i $DEV -j MYSHAPER-IN                                                                                                  
                                                                                                                                                         
# fwmark GgǉāAgtBbN̎ނƂɕ - KvȃNXɏ]āAfwmark  20                                                           
#                                                            26 ɐݒB20 ō̗D揇ʁB                                                        
                                                                                                                                                         
iptables -t mangle -A MYSHAPER-IN -p ! tcp -j MARK --set-mark 20              # tcp ȊÕpPbg̗D揇ʂōɂ                                 
iptables -t mangle -A MYSHAPER-IN -p tcp -m length --length :64 -j MARK --set-mark 20 # Z TCP pPbǵAԂ ACK                                  
iptables -t mangle -A MYSHAPER-IN -p tcp --dport ssh -j MARK --set-mark 20    # secure shell                                                             
iptables -t mangle -A MYSHAPER-IN -p tcp --sport ssh -j MARK --set-mark 20    # secure shell                                                             
iptables -t mangle -A MYSHAPER-IN -p tcp --dport telnet -j MARK --set-mark 20 # telnet (ew...)                                                           
iptables -t mangle -A MYSHAPER-IN -p tcp --sport telnet -j MARK --set-mark 20 # telnet (ew...)                                                           
iptables -t mangle -A MYSHAPER-IN -m mark --mark 0 -j MARK --set-mark 21              # 璷 - }[LOpPbǵAȂł 26iD揇ʂ͒Ⴂj 
                                                                                                                                                         
# ŌɁÃpPbgɐݒ肵 imq0 ʂ悤wB                                                                                       
iptables -t mangle -A MYSHAPER-IN -j IMQ                                                                                                                 
                                                                                                                                                         
# ̃XI                                                                                                                                   
#                                                                                                                                                        
####################################################                                                                                                     
                                                                                                                                                         
echo "Inbound shaping added to $DEV.  Rate: ${RATEDN}Kbit/sec."                                                                                          

 

5. VL[̃eXg

VݒeXgԊȒPȕ@́AD揇ʂ̒ႢgtBbNŏ
̓`OaԂɂ邱ƂłB͗D揇ʂǂݒ肵ɂ
ĈĂ܂B΁Atelnet ̃gtBbN ping ̃gtBb
N̗D揇ʂA̍ʃ|[giFTP̓]ɎgẮAXj̃g
tBbN荂ifwmark jƂ܂傤B FTP ̃Abv[
hJnāȂшOaƁAQ[gEFCiDSL C̑[
j܂łɂ ping ̎Ԃ̑AD揇ʕtL[COgĂ
ȂɔׂāA킸Ȃ̂ɋCÂ͂łB ping ̎Ԃ 100ms 
̂́Aݒ̎dł́Aʂ̂ƂłA1 bȂ 2 b
ȂAԂ񂿂Ɠ삵ĂȂƂɂȂ܂B

 

6. 悵AIIŁÁH

AшǗ܂n܂܂ˁB́A̎gln߂ĉ
BǁA̐ӔC͊Fɂ̂ł傤I

 E ̃lbg[N̐\Ɉe^ɁA Gnutella ̃NCA
    ggāAũt@CLv悤B
   
 E EFuy[WqbgĂAQuake xȂȂEFuT[o[
    点悤B
   
 

7. {Ŏӎ

ZɂAJF vWFNg̊Flɂ͂܂BɁASeiji
Kaneko ɂ́AMdȃAhoCX܂B̏؂āA
\グ܂B

