tailieunhanh - Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and filter phần 8
chúng tôi cho phép tối thiểu là 1 / 4 tổng số băng thông cho giao thông với HQ để cho $ AC $AQ $ AF = $ BW / 4 01:01 classid tỷ lệ 1:40 HTB $ {I} kbit ceil $ {BW} kbit PRIO 3 1:40 xử lý 400: pfifo hạn 5 xử lý 4 fw classid 01:40 | Chapter 7 Remote DB application developers we allow a minimum of 1 8 of total bandwidth for remote developers let RBW BW 8 AC 1 1 classid 1 30 htb rate RBW kbit ceil RBW kbit prio 2 AQ 1 30 handle 300 pfifo limit 5 AF handle 3 fw classid 1 30 traffic between HQ and this location we allow a minimum of 1 4 of total bandwidth for traffic with HQ let I BW 4 AC 1 1 classid 1 40 htb rate I kbit ceil BW kbit prio 3 AQ 1 40 handle 400 pfifo limit 5 AF handle 4 fw classid 1 40 Internet Traffic for users we allow a minimum of 1 4 of total bandwidth for internet traffic AC 1 1 classid 1 50 htb rate I kbit ceil BW kbit prio 4 AQ 1 50 handle 500 pfifo limit 5 tc filter add dev eth0 protocol ip parent 1 0 prio 5 u32 match ip src 24 flowid 1 50 This is the basic setup for QoS. More information about HTB can be found at http devik qos htb manual . Example 2 A Typical Small ISP The term typical might not be so appropriate when talking about small ISPs. We have met a lot of network administrators and we seen a lot of small ISPs and they all had different configurations. The network we are going to build in this example is not specific to any provider but rather a general one. These types of networks exist in generally with a few modifications. The network has more security breakpoints than the previous network so we ll have more complex and complicated firewalls. 191 Medium Networks Case Studies The Network Let s take the following network as an example This is a small ISP that has one internet connection an access network a server farm and the internal departments. This ISP uses Linux routers and servers. The connection from the provider comes in one interface of the Linux core router. Usually the core router should be a very stable and powerful machine because it needs to have a few network interfaces through which a significant amount of data is passed. 192 Chapter 7 Depending on how powerful the core router is we can say how many users the network
đang nạp các trang xem trước