Tag Archives: FreeBSD && Linux

在FreeBSD NAT网关服务器中使用iftop查看各个内网电脑的流量

昨天下午网速很慢,用systat -if查看发现流量1.7MB每秒,肯定是有人在下迅雷了,但是使用netstat无法查询都nat服务器后面内网各个电脑的流量,很是尴尬。后来还是人工查找后发现了“凶手”。

后来在网上发现了iftop这个不错的工具,具体位置在

/usr/ports/net-mgmt/iftop

然后安装:

make install clean

安装好了以后就可以在bash中敲出iftop来观察内网流量了。
iftop

默认界面跟top命令差不多,显示的信息有点杂乱,不过有几个命令可以改善显示结果:

s键             Hide source host,可以直接显示每个内网ip的流量

<(>)键      根据每个ip的流量排序(正序或者倒序)

FreeBSD网关使用PF来控制内部网络流量分配

营业部内部原来使用的是一个廉价家用路由器,共享使用一条10MB光纤共享上网。但是经常上网速度时快时慢,并且老板后来吩咐说他觉得自己网速慢,想要把他的网速分的快一些。家用路由器没有这个功能,所以自己装了台FreeBSD作为网关,共享上网。制作网关过程可以参看这里。但是没有介绍如果使用ALTQ来控制内部流量分配。后来参阅了OpenBSD的pf(pf是原本在OpenBSD上面,后来被移植到了FreeBSD上面)说明,pf有三种流量优先方法:

  1. Class Based Queueing
  2. Priority Queueing
  3. Random Early Detection

要求:Boss的带宽必须保证,员工的带宽也不能慢,客户经理室的电脑经常下载电影,看视频,所以要限制一下,并且降低客户经理室的网络包优先级。

Class Based Queueing(CBQ)

Class Based Queueing (CBQ) is a queueing algorithm that divides a network connection's bandwidth among multiple queues or classes. Each queue then has traffic assigned to it based on source or destination address, port number, protocol, etc. A queue may optionally be configured to borrow bandwidth from its parent queue if the parent is being under-utilized. Queues are also given a priority such that those containing interactive traffic, such as SSH, can have their packets processed ahead of queues containing bulk traffic, such as FTP.

CBQ可以用来控制网络中分给某给工作站的网络带宽.给某个网卡上分一个父带宽,下面可以划分很多子queue.
[cc lang=”java”]
Root Queue (10Mbps)
UserA (4Mbps, priority 1)
UserB (3Mbps, priority 1)
UserC (3Mbps, priority 1)
[/php]

配置文件为:
[cc lang=”java”]
ext_if=”bge0″
int_if=”rl0″
routerip=”192.168.1.1″

internal_net=”192.168.1.0/24″
ext_addr=”222.85.***.***”

NoRouteIPs = “{127.0.0.0}”
Danger_port=”{445 135 139 593 5554 9995 9996}”
ssh_port=”2223″ #更改ssh默认端口22
loop=”lo0″

boss = “192.168.1.64,192, 168.1.201”
core = “192.168.1.62, 192.168.1.68, 192.168.1.57”

altq on $int_if cbq bandwidth 10Mb queue{other_in,boss_in,core_in,www}

queue other_in bandwidth 4Mb cbq(default)
queue boss_in bandwidth 3Mb cbq(borrow)
queue core_in bandwidth 3Mb cbq(borrow)

nat on $ext_if from $internal_net to any -> ($ext_if)

block quick on $int_if inet proto tcp from any to any port $Danger_port
block quick on $ext_if inet proto tcp from any to any port $Danger_port
block in quick on $ext_if inet proto tcp from any to any port $ssh_port #取消外部IP访问ssh

pass in all
pass out all
pass out quick on $int_if proto {tcp,udp} from any to {$boss} queue boss_in
pass out quick on $int_if proto {tcp,udp} from any to {$core} queue core_in
pass out quick on $int_if proto {tcp,udp} from any to any queue other_in
[/php]

这种方式话分的带宽是固定的,一个人(或者组)分了那么多就固定那么多了,除非使用borrow关键词.但是我测试了borrow后发现还是单个用户的那么多带宽,并没有能从父队列借出一丁点带宽来.

试用结果:单位原有的带宽是10Mb的,如果不是高峰期下载的话,每个人用迅雷能下载到1.7MB左右.使用CBQ限速后,每个人最高只能下载到自己所分的带宽,效率不太高.

Priority Queueing (PRIQ)

Priority Queueing (PRIQ) assigns multiple queues to a network interface with each queue being given a priority level. A queue with a higher priority is always processed ahead of a queue with a lower priority. If two or more queues are assigned the same priority then those queues are processed in a round-robin fashion.

PRIQ可以用来分配某种网络优先权.比如说你想让SSH的优先权高于FTP,这样SSH就不会出现命令延时的问题了.
[cc lang=”java”]
Root Queue (2Mbps)
Queue A (priority 1)
Queue B (priority 2)
Queue C (priority 3)[/php]

PRIQ能够比较高效的利用带宽资源.如果不是拥挤的情况下,每个人都可以使用最高的带宽,但是如果优先级高得人的queue比优先级低的人有优先权,这样就既能保证boss的速度,又能不影响大家的速度.

Random Early Detection

Random Early Detection (RED) is a congestion avoidance algorithm. Its job is to avoid network congestion by making sure that the queue doesn't become full. It does this by continually calculating the average length (size) of the queue and comparing it to two thresholds, a minimum threshold and a maximum threshold. If the average queue size is below the minimum threshold then no packets will be dropped. If the average is above the maximum threshold then all newly arriving packets will be dropped. If the average is between the threshold values then packets are dropped based on a probability calculated from the average queue size. In other words, as the average queue size approaches the maximum threshold, more and more packets are dropped. When dropping packets, RED randomly chooses which connections to drop packets from. Connections using larger amounts of bandwidth have a higher probability of having their packets dropped.

RED这种方式暂时还没有研究.

参考:PF: Packet Queueing and Prioritization