shape dropbox on linux router with tc and iptables

1

Another machine on my LAN is uploading to Dropbox and saturating my internet connection's upload bandwidth. When that happens my pings to 8.8.8.8 take 3000-6000ms. When dropbox is not uploading my pings to 8.8.8.8 are 45ms.

I'm trying to simply slow down and de-prioritize forwarded traffic to/from Dropbox on my linux router.

I've tried 2 slightly different guides and have not had any success with either. I think one factor that makes it confusing is that the Dropbox traffic seems to speed up and slow down every minute or two. I don't have access to the machine doing the Dropbox uploads so I can't see why the traffic is high for a few mins, then low for a few seconds, oscillating. Maybe it's uploading many files and there is a pause between each file.

I've made 3 attempts based on 3 slightly different guides online.

It's my understanding that 1:30 is the lowest priority traffic class, which is what I want Dropbox to be.

Update: I adapted this slightly to shape a download that I ran from my own computer. The rate-limiting worked as expected. However now I must test uploading.

Attempt 1

#!/bin/bash
tc qdisc add dev br0 root handle 1:0 htb default 1
tc class add dev br0 parent 1:0 classid 1:30 htb rate 64kbps ceil 128kbps prio 0
tc filter add dev br0 parent 1:0 prio 0 protocol ip handle 30 fw flowid 1:30
iptables -I FORWARD -t mangle -s 162.125.0.0/16,199.47.216.0/22,108.160.160.0/20,205.189.0.0/24,64.124.102.192/29,209.99.70.0/24,45.58.64.0/20,208.185.144.160/27 -j MARK --set-mark 30
iptables -I FORWARD -t mangle -d 162.125.0.0/16,199.47.216.0/22,108.160.160.0/20,205.189.0.0/24,64.124.102.192/29,209.99.70.0/24,45.58.64.0/20,208.185.144.160/27 -j MARK --set-mark 30

iptables-save -c shows the relevant traffic is being marked

[145:212599] -A FORWARD -d 162.125.0.0/16 -j MARK --set-xmark 0x1e/0xffffffff
[72:2880] -A FORWARD -s 162.125.0.0/16 -j MARK --set-xmark 0x1e/0xffffffff

Attempt 2

#!/bin/bash
#tc qdisc add dev br0 root handle 1: htb
#tc class add dev br0 parent 1: classid 1:30 htb rate 32kbps ceil 64kbps
#tc filter add dev br0 parent 1: prio 0 protocol ip handle 30 fw flowid 1:30
#iptables -I FORWARD -t mangle -s 162.125.0.0/16,199.47.216.0/22,108.160.160.0/20,205.189.0.0/24,64.124.102.192/29,209.99.70.0/24,45.58.64.0/20,208.185.144.160/27 -j MARK --set-mark 30
#iptables -I FORWARD -t mangle -d 162.125.0.0/16,199.47.216.0/22,108.160.160.0/20,205.189.0.0/24,64.124.102.192/29,209.99.70.0/24,45.58.64.0/20,208.185.144.160/27 -j MARK --set-mark 30

Attempt 3

tc qdisc add dev br0 root handle 1: htb default 1
#Second add a class (bucket) with bandwidth restrictions
tc class add dev br0 parent 1: classid 1:30 htb rate 512kbit
#Then add a filter to force packets through the class
tc filter add dev br0 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:30
iptables -I FORWARD -t mangle -s 162.125.0.0/16,199.47.216.0/22,108.160.160.0/20,205.189.0.0/24,64.124.102.192/29,209.99.70.0/24,45.58.64.0/20,208.185.144.160/27 -j MARK --set-mark 0x1
iptables -I FORWARD -t mangle -d 162.125.0.0/16,199.47.216.0/22,108.160.160.0/20,205.189.0.0/24,64.124.102.192/29,209.99.70.0/24,45.58.64.0/20,208.185.144.160/27 -j MARK --set-mark 0x1
traffic-shaping
qos
tc
htb
asked on Server Fault Apr 8, 2017 by Josh • edited Apr 8, 2017 by Josh

1 Answer

1

If you got it working for download side of traffic, then your config is good. Traffic shaping works only for egress traffic. This is because shaping controls the send buffers of the interface and it has no effect on the receiving side (ingress traffic).

There are two possible solutions: one is to use IFB (mentioned in linked post), or to configure egress shaping on another interface (non-facing to your clients). To clarify the second point:

Clients <=> (download limit) [Server] (upload limit) <=> [Edge router]

You want to shape traffic on "Server" by applying download and upload limits on different interfaces as shown. Uploaded data is egress traffic to second interface (non-facing) your clients.

Here are similar posts: post1, and post2.

answered on Server Fault Apr 8, 2017 by Khaled • edited May 23, 2017 by Community

User contributions licensed under CC BY-SA 3.0