1shorewall-tcclasses(5)                                  shorewall-tcclasses(5)
2
3
4

NAME

6       tcclasses - Shorewall file to define HTB classes
7

SYNOPSIS

9       /etc/shorewall/tcclasses
10

DESCRIPTION

12       A note on the rate/bandwidth definitions used in this file:
13
14       · don't  use  a space between the integer value and the unit: 30kbit is
15         valid while 30 kbit is NOT.
16
17       · you can use one of the following units:
18
19         kpbs   Kilobytes per second.
20
21         mbps   Megabytes per second.
22
23         kbit   Kilobits per second.
24
25         mbit   Megabits per second.
26
27         bps or number
28                Bytes per second.
29
30       · if you want the values to be calculated for you depending on the out‐
31         put  bandwidth setting defined for an interface in tcdevices, you can
32         use expressions like the following:
33
34         full/3 causes the bandwidth to be calculated as 1/3 of the full  out‐
35                going speed that is defined.
36
37         full*9/10
38                will set this bandwidth to 9/10 of the full bandwidth
39
40       DO NOT add a unit to the rate if it is calculated !
41
42       The columns in the file are as follows.
43
44       INTERFACE — interface
45              Name  of  interface.  Each  interface may be listed only once in
46              this file. You may NOT specify  the  name  of  an  alias  (e.g.,
47              eth0:0) here; see ⟨http://www.shorewall.net/FAQ.htm#faq18⟩
48
49              You  may  NOT  specify wildcards here, e.g. if you have multiple
50              ppp interfaces, you need to put them all in here!
51
52              Please note that you can only use interface names in  here  that
53              have a bandwidth defined in the shorewall-tcdevices
54              ⟨shorewall-tcdevices.html⟩ (5) file
55
56       MARK — value
57              The mark value which is an integer in the range 1-255.  You  set
58              mark  values  in  the shorewall-tcrules ⟨shorewall-tcrules.html⟩
59              (5) file, marking the traffic you want to fit in the classes de‐
60              fined in here.
61
62              You can use the same marks for different interfaces.
63
64       RATE — rate
65              The  minimum  bandwidth  this class should get, when the traffic
66              load rises. If the sum of the rates in this column  exceeds  the
67              INTERFACE's  OUT-BANDWIDTH, then the OUT-BANDWIDTH limit may not
68              be honored.
69
70       CEIL — rate
71              The maximum bandwidth this class is allowed to use when the link
72              is  idle.  Useful  if  you have traffic which can get full speed
73              when more needed services (e.g. ssh) are not used.
74
75              You can use the value full in here for setting the maximum band‐
76              width to the defined output bandwidth of that interface.
77
78       PRIORITY — priority
79              The  priority  in  which  classes will be serviced by the packet
80              shaping scheduler and also the priority in  which  bandwidth  in
81              excess of the rate will be given to each class.
82
83              Higher  priority  classes  will experience less delay since they
84              are serviced first. Priority values are  serviced  in  ascending
85              order (e.g. 0 is higher priority than 1).
86
87              Classes may be set to the same priority, in which case they will
88              be serviced as equals.
89
90       OPTIONS (Optional) — [option[,option]...]
91              A comma-separated list of options including the following:
92
93              default
94                     This is the default class for that  interface  where  all
95                     traffic should go, that is not classified otherwise.
96
97                     Note
98
99                     You  must define default for exactly one class per inter‐
100                     face.
101
102              tos=0xvalue[/0xmask] (mask defaults to 0xff)
103                     This lets you define a  classifier  for  the  given  val‐
104                     ue/mask   combination   of  the  IP  packet's  TOS/Prece‐
105                     dence/DiffSrv octet (aka the TOS byte). Please note  that
106                     classifiers  override all mark settings, so if you define
107                     a classifer for a class, all  traffic  having  that  mark
108                     will go in it regardless of any mark set on the packet by
109                     a firewall/mangle filter.
110
111              tos-tosname
112                     Aliases for the following TOS octet value and mask encod‐
113                     ings. TOS encodings of the "TOS byte" have been deprecat‐
114                     ed in favor of diffserve classes, but programs like  ssh,
115                     rlogin, and ftp still use them.
116
117                             tos-minimize-delay       0x10/0x10
118                             tos-maximize-throughput  0x08/0x08
119                             tos-maximize-reliability 0x04/0x04
120                             tos-minimize-cost        0x02/0x02
121                             tos-normal-service       0x00/0x1e
122                     Note
123
124                     Each of these options is only valid for ONE class per in‐
125                     terface.
126
127              tcp-ack
128                     If defined, causes a tc filter to be  created  that  puts
129                     all tcp ack packets on that interface that have a size of
130                     <=64 Bytes to go in this class. This is useful for speed‐
131                     ing  up  downloads.  Please note that the size of the ack
132                     packets is limited to 64 bytes because we want only pack‐
133                     ets WITHOUT payload to match.
134
135                     Note
136
137                     This option is only valid for ONE class per interface.
138

EXAMPLES

140       Example 1:
141              Suppose  you  are  using PPP over Ethernet (DSL) and ppp0 is the
142              interface for this. You have 4 classes here, the first  you  can
143              use  for  voice  over IP traffic, the second interactive traffic
144              (e.g.  ssh/telnet but not scp), the third will be  for  all  un‐
145              classified  traffic,  and  the forth is for low priority traffic
146              (e.g.  peer-to-peer).
147
148              The voice traffic in the first class will be guaranteed a  mini‐
149              mum  of 100kbps and always be serviced first (because of the low
150              priority number, giving less delay) and will be  granted  excess
151              bandwidth  (up  to 180kbps, the class ceiling) first, before any
152              other traffic. A single VOIP stream, depending upon codecs,  af‐
153              ter  encapsulation, can take up to 80kbps on a PPOE/DSL link, so
154              we pad a little bit just in case. (TOS byte values 0xb8 and 0x68
155              are  DiffServ  classes  EF and AFF3-1 respectively and are often
156              used by VOIP devices).
157
158              Interactive traffic (tos-minimum-delay) and TCP acks  (and  ICMP
159              echo  traffic  if you use the example in tcrules) and any packet
160              with a mark of 2 will be guaranteed 1/4 of the  link  bandwidth,
161              and may extend up to full speed of the link.
162
163              Unclassified  traffic and packets marked as 3 will be guaranteed
164              1/4th of the link bandwidth, and may extend to the full speed of
165              the link.
166
167              Packets  marked  with 4 will be treated as low priority packets.
168              (The tcrules example marks p2p traffic as such.) If the link  is
169              congested,  they're only guaranteed 1/8th of the speed, and even
170              if the link is empty, can only expand to 80% of  link  bandwidth
171              just as a precaution in case there are upstream queues we didn't
172              account for. This is the last class to get additional  bandwidth
173              and the last to get serviced by the scheduler because of the low
174              priority.
175
176                      #INTERFACE  MARK  RATE    CEIL      PRIORITY    OPTIONS
177                      ppp0        1     100kbit 180kbit   1           tos=0x68/0xfc,tos=0xb8/0xfc
178                      ppp0        2     full/4  full      2           tcp-ack,tos-minimize-delay
179                      ppp0        3     full/4  full      3           default
180                      ppp0        4     full/8  full*8/10 4
181

FILES

183       /etc/shorewall/tcclasses
184

SEE ALSO

186       ⟨http://shorewall.net/traffic_shaping.htm⟩
187
188       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
189       blacklist(5),  shorewall-hosts(5),  shorewall-interfaces(5), shorewall-
190       ipsec(5),  shorewall-maclist(5),  shorewall-masq(5),  shorewall-nat(5),
191       shorewall-netmap(5),  shorewall-params(5),  shorewall-policy(5), shore‐
192       wall-providers(5),   shorewall-proxyarp(5),   shorewall-route_rules(5),
193       shorewall-routestopped(5),    shorewall-rules(5),    shorewall.conf(5),
194       shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),  shore‐
195       wall-tunnels(5), shorewall-zones(5)
196
197
198
199                                  19 May 2008           shorewall-tcclasses(5)