测试带宽管理

192.168.88.55上安装rh9,内核版本为2.4.20-8,下载http://www.linux-ip.net/traffic-control/iproute-2.4.7-7.i386.rpm,执行rpm -Uvh iproute-2.4.7-7.i386.rpmtc被安装到/sbin/路径下。

Tc需要内核的支持,内核文件应该有如下段:

#

# QoS and/or fair queueing

#

CONFIG_NET_SCHED=y

CONFIG_NETLINK=y

CONFIG_RTNETLINK=y

CONFIG_NET_SCH_CBQ=y

CONFIG_NET_SCH_CSZ=y

CONFIG_NET_SCH_PRIO=y

CONFIG_NET_SCH_RED=y

CONFIG_NET_SCH_SFQ=y

CONFIG_NET_SCH_TEQL=y

CONFIG_NET_SCH_TBF=y

CONFIG_NET_SCH_GRED=y

CONFIG_NET_SCH_DSMARK=y

CONFIG_NET_SCH_INGRESS=y

CONFIG_NET_QOS=y

CONFIG_NET_ESTIMATOR=y

CONFIG_NET_CLS=y

CONFIG_NET_CLS_TCINDEX=y

CONFIG_NET_CLS_ROUTE4=y

CONFIG_NET_CLS_ROUTE=y

CONFIG_NET_CLS_FW=y

CONFIG_NET_CLS_U32=y

CONFIG_NET_CLS_RSVP=y

CONFIG_NET_CLS_RSVP6=y

CONFIG_NET_CLS_POLICE=y

make menuconfig后,选择Networking options --à中选择Qos….--->确保这部分都选成*

 

 

服务器端安装ftpd,并且存在/home/tangp/fw3/packages.tgz文件,

执行:ls -l packages.tgz

显示:-rw-r--r--    1 root     root     43001096  9ÔÂ 15 15:01 packages.tgz

 

在客户端执行:

get packages.tgz

显示:

200 PORT command successful. Consider using PASV.

150 Opening BINARY mode data connection for packages.tgz (43001096 bytes).

226 File send OK.

ftp: 43001096 bytes received in 3.73Seconds 11513.01Kbytes/sec.

 

在服务器端执行:

/sbin/tc qdisc del dev eth0 root handle 10:

/sbin/tc qdisc add dev eth0 root handle 10:0 cbq bandwidth 10Mbit avpkt 10000

/sbin/tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate 10Mbit allot 1514 avpkt 10000

/sbin/tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 10Mbit rate 8Mbit avpkt 10000 bounded

/sbin/tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15

/sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst 192.168.88.50 flowid 10:100

 

在客户端执行:

get packages.tgz

显示:

200 PORT command successful. Consider using PASV.

150 Opening BINARY mode data connection for packages.tgz (43001096 bytes).

226 File send OK.

ftp: 43001096 bytes received in 18.56Seconds 2317.24Kbytes/sec.

 

可以看见tc确实产生了作用,但是不准确。

 

其他的试验:

1)最简单的添加方法:

/sbin/tc qdisc add dev eth0 root handle 10: htb

/sbin/tc class add dev eth0 parent 10:0 classid 10:100 htb rate 20mbit20000kbps

/sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 2 u32 match ip dst 192.168.88.51 flowid 10:100

只有三行,就添加成功了。下面附htb的用法:

class add ... htb rate R1 burst B1 [prio P][slot S][pslot PS][ceil R2][cburst B2][mtu MTU][quantum Q]

default  minor id of class to which unclassified packets are sent {0}

r2q      DRR quantums are computed as rate in Bps/r2q {10}

debug    string of 16 numbers each 0-3 {0}

rate     rate allocated to this class (class can still borrow)

burst    max bytes burst which can be accumulated during idle period {computed}

ceil     definite upper class rate (no borrows) {rate}

cburst   burst but for ceil {computed}

mtu      max packet size we create rate map for {1600}

prio     priority of leaf; lower are served first {0}

quantum  how much bytes to serve from leaf at once {use r2q}

 

2)试验显示。执行

/sbin/tc qdisc show

/sbin/tc class show

/sbin/tc filter show

都没有什么可用的结果,所以应当将上面的命令放到配置文件中,通过上面的配置文件显示已经划分的带宽。

 

3)试验句柄名称。执行

/sbin/tc qdisc add dev eth0 root handle 11: htb

/sbin/tc class add dev eth0 parent 11:0 classid 11:100 htb rate 20mbit

/sbin/tc filter add dev eth0 parent 11:0 protocol ip prio 2 u32 match ip dst 192.168.88.51 flowid 11:100

这样每个网卡就可以有自己的句柄名称了,如LAN111LAN212WAN121DMZ131

 

4)试验网段。执行

/sbin/tc qdisc add dev eth0 root handle 10: htb

/sbin/tc class add dev eth0 parent 10:0 classid 10:100 htb rate 20mbit20000kbps

/sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 2 u32 match ip dst 192.168.88.0/24 flowid 10:100

可见目标地址可以是网段J

 

5)试验端口。执行

/sbin/tc qdisc del dev eth0 root handle 10:

/sbin/tc qdisc add dev eth0 root handle 10: htb

/sbin/tc class add dev eth0 parent 10: classid 10:100 htb rate 2000kbps

/sbin/tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 match ip sport 20 0xffff flowid 10:100

成功

 

6)在做一个超级试验!!!!执行:

/sbin/tc qdisc del dev eth0 root handle 10:

/sbin/tc qdisc add dev eth0 root handle 10: htb

/sbin/tc class add dev eth0 parent 10: classid 10:100 htb rate 2000kbps

/sbin/tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 match ip src 192.168.88.5 match ip sport 20 0xffff match ip dst 192.168.88.51 match ip protocol 6 0xff flowid 10:100

含义是从192.168.88.5192.168.88.51并且端口是20ftp传输端口)的tcp包,遵从10:100规则。试验成功!!

你可能感兴趣的:(防火墙)