Traffic shape s3
Traffic shape S3 Link to heading
Prerequisites Link to heading
-
IPTables firewall
-
Curl
Howto Link to heading
Script for pulling current IP ranges for AWS regions Link to heading
json_url="https://ip-ranges.amazonaws.com/ip-ranges.json"
tmpfile="/tmp/ip-ranges.json"
base="/etc/firewall"
amazon_regions="eu-central-1 us-east-1"
amazon_services="S3"
/usr/bin/curl ${json_url} -o ${tmpfile}
for region in ${amazon_regions}; do
for service in $amazon_services; do
cat ${tmpfile} | \
jq -r --arg Region "${region}" --arg Service "${service}" \
'.prefixes[] | select(.region == $Region) | select(.service == $Service) | .ip_prefix' > ${base}/${service,,}-${region,,}-iprange.txt
done
done
Traffic control script Link to heading
ext_device=eth0
ext_device_up=800Mbit
ext_device_down=800Mbit
ext_device_ingress=ifb1
s3_ext_device_up_rate="10Mbit"
tc=/usr/sbin/tc # for Debian
q=1500
modprobe ifb
modprobe sch_fq_codel
modprobe act_mirred
$tc qdisc add dev $ext_device root handle 1: htb default 11
$tc class add dev $ext_device parent 1: classid 1:1 htb rate $ext_device_up
$tc class add dev $ext_device parent 1:1 classid 1:11 htb rate $ext_device_up prio 0 quantum $q
$tc qdisc add dev $ext_device parent 1:11 fq_codel quantum $q # ecn
# s3 limit
$tc class add dev $ext_device parent 1:1 classid 1:12 htb rate $s3_ext_device_up_rate prio 0 quantum $q
$tc qdisc add dev $ext_device parent 1:12 fq_codel quantum $q ecn
for dst_net in $(cat ${s3ranges_eu}); do
$tc filter add dev $ext_device protocol ip prio 1 u32 match ip dst ${dst_net} flowid 1:12
done