[LARTC] htb traffic shaping problem
Hello. I have a linux server connected to a gigabit lan, and though that lan to a 768kbps/768kbps DSL modem. I'm trying to shape my webserver running on port 80/443 down to 512kbps, while leaving all other ports alone. The current configuration script that I'm using is as follows: tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 99 tc class add dev eth0 parent 1: classid 1:1 htb rate 1000mbit ceil 1000mbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 512kbit ceil 512kbit tc qdisc add dev eth0 parent 1:10 handle 10: sfq tc class add dev eth0 parent 1:1 classid 1:99 htb rate 900mbit ceil 1000mbit tc qdisc add dev eth0 parent 1:99 handle 99: sfq tc filter add dev eth0 protocol ip parent 1: u32 match ip sport 80 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1: u32 match ip sport 443 0x flowid 1:10 1:10 seems to be getting the correct traffic from port 80 and 443 while everything else is run to 1:99. The problem is that, while 1:10 is slowing the connection down to a degree, it's nowhere near the set limit. For example: the connection will start out around 50kBps, and then suddenly bounce to over 1MBps, far exceeding it's 64kBps setting. Setting the parent down to 512kbits seems to work correctly, but it cripples the local network. Can anyone point out what I've done incorrectly, or is this a bug? Thank you. -Ryan Power ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb traffic shaping problem
Good afternoon,your configuration seems correct to me. Could you send us the output of tc -s -d class show dev eth0 during your probes?What kernel and tc versions are you using?Regards,Eric Janz Departamento de SistemasGrupo Barceló ViajesC\ 16 de Julio, 7507009 Polígono Son CastellóPalma de Mallorca - BalearesTel.: +34 971 448030Fax.: +34 971 436986Bugzilla-Redirect [EMAIL PROTECTED]Enviado por: [EMAIL PROTECTED]08/09/2006 10:02Paralartc@mailman.ds9a.nlccAsunto[LARTC] htb traffic shaping problemHello.I have a linux server connected to a gigabit lan, and though that lan to a 768kbps/768kbps DSL modem.I'm trying to shape my webserver running on port 80/443 down to 512kbps, while leaving all other ports alone. The current configuration script that I'm using is as follows:tc qdisc del dev eth0 roottc qdisc add dev eth0 root handle 1: htb default 99tc class add dev eth0 parent 1: classid 1:1 htb rate 1000mbit ceil 1000mbittc class add dev eth0 parent 1:1 classid 1:10 htb rate 512kbit ceil 512kbittc qdisc add dev eth0 parent 1:10 handle 10: sfqtc class add dev eth0 parent 1:1 classid 1:99 htb rate 900mbit ceil 1000mbittc qdisc add dev eth0 parent 1:99 handle 99: sfqtc filter add dev eth0 protocol ip parent 1: u32 match ip sport 80 0x flowid 1:10tc filter add dev eth0 protocol ip parent 1: u32 match ip sport 443 0x flowid 1:101:10 seems to be getting the correct traffic from port 80 and 443 while everything else is run to 1:99. The problem is that, while 1:10 is slowing the connection down to a degree, it's nowhere near the set limit. For example: the connection will start out around 50kBps, and then suddenly bounce to over 1MBps, far exceeding it's 64kBps setting.Setting the parent down to 512kbits seems to work correctly, but it cripples the local network.Can anyone point out what I've done incorrectly, or is this a bug?Thank you.-Ryan Power ___LARTC mailing listLARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc-- ADVERTENCIA LEGAL El contenido de este correo es confidencial y dirigido unicamente a su destinatario. Para acceder a su clausula de privacidad consulte http://www.barceloviajes.com/privacy LEGAL ADVISORY This message is confidential and intended only for the person or entity to which it is addressed. In order to read its privacy policy consult it at http://www.barceloviajes.com/privacy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Only root qdisc's stats shows overlimits
Hi, I have a bridge with debian sarge and i'm shaping traffic with HTB. I dont understand why only root qdisc's stats shows overlimits. No other class or qdisc shows overlimits. Thanks, Paolo Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, YupimMSN Compras: Haz clic aquí ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] htb traffic shaping problem
Hi, I have a similar setup here, and what I did was instead of shaping the traffic with tc, I used mod_cband on apache2 to limit concurrent connections and bandwidth. There is a very helpful reference on getting it up and running here: http://www.howtoforge.com/mod_cband_apache2_bandwidth_quota_throttling Hope that helps a bit Charlie Meyer University of Illinois at Urbana-Champaign Department of Computer Science - Undergraduate [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 08, 2006 7:40 AM To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] htb traffic shaping problem Good afternoon, your configuration seems correct to me. Could you send us the output of tc -s -d class show dev eth0 during your probes? What kernel and tc versions are you using? Regards, Eric Janz Departamento de Sistemas Grupo Barceló Viajes C\ 16 de Julio, 75 07009 Polígono Son Castelló Palma de Mallorca - Baleares Tel.: +34 971 448030 Fax.: +34 971 436986 Bugzilla-Redirect [EMAIL PROTECTED] Enviado por: [EMAIL PROTECTED] 08/09/2006 10:02 Para lartc@mailman.ds9a.nl cc Asunto [LARTC] htb traffic shaping problem Hello. I have a linux server connected to a gigabit lan, and though that lan to a 768kbps/768kbps DSL modem. I'm trying to shape my webserver running on port 80/443 down to 512kbps, while leaving all other ports alone. The current configuration script that I'm using is as follows: tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 99 tc class add dev eth0 parent 1: classid 1:1 htb rate 1000mbit ceil 1000mbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 512kbit ceil 512kbit tc qdisc add dev eth0 parent 1:10 handle 10: sfq tc class add dev eth0 parent 1:1 classid 1:99 htb rate 900mbit ceil 1000mbit tc qdisc add dev eth0 parent 1:99 handle 99: sfq tc filter add dev eth0 protocol ip parent 1: u32 match ip sport 80 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1: u32 match ip sport 443 0x flowid 1:10 1:10 seems to be getting the correct traffic from port 80 and 443 while everything else is run to 1:99. The problem is that, while 1:10 is slowing the connection down to a degree, it's nowhere near the set limit. For example: the connection will start out around 50kBps, and then suddenly bounce to over 1MBps, far exceeding it's 64kBps setting. Setting the parent down to 512kbits seems to work correctly, but it cripples the local network. Can anyone point out what I've done incorrectly, or is this a bug? Thank you. -Ryan Power ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- ADVERTENCIA LEGAL El contenido de este correo es confidencial y dirigido unicamente a su destinatario. Para acceder a su clausula de privacidad consulte http://www.barceloviajes.com/privacy LEGAL ADVISORY This message is confidential and intended only for the person or entity to which it is addressed. In order to read its privacy policy consult it at http://www.barceloviajes.com/privacy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] UIDs, virtual network inside localhost, etc. Pls, help, me.
Hello! I need assistance to solve my problem related to traffic shaping based on the user ids. The problem: each unix user (of the linux host) has to be limited with incoming channel (internet) bandwidth. Solution I want to implement: unix user1 - IP1 \ || - | gw IP, NAT |- eth interface unix userN - IPN / ^ || | |_ traffic shaper is here Each unix user sents and receives network data through dedicated IP address (which belongs to one of the aliases of the localhost interface - lo:1, lo:2 etc). All IP addresses are in the same network (for example, 192.168.5.0). One of localhost aliases acts as a gateway (192.168.5.1, for example). And to send and receive data to the actual network, (S)NAT is required. To shape the traffic, linux traffic shaper (CBQ) is used. It seems to me, this scheme looks good and real (in my case, the quantity of simultaniously connected users is less than 50). Am I right? But can anybody give me an advice how to implement it ? :-) Problems were appeared at my first step: As first step, I've tried to construct the virtual network IP1..IPN and gw IP: # ifconfig lo:1 inet 192.168.5.1 up And immediately after executing this command it is possible to ping any 192.168.5.x IP address, not only 192.168.5.1 (as I've expected). Why??? What is the problem? Thank you beforehand! -- Sincerely yours, Vitaly Repin Ice Brains Software, ltd ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Simple set up to shape traffic...
I looked and found a 'very simple' command sequence to shape traffic to a specific host. However, I 'cribbed' the command sequence from a online tutoral from 'somewhere'. I now have lost the example, and my altered sequence. the command I am getting an 'RTNETLINK' Invalid argument error from is: tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 3700kbit I don't think I used this particular set of options previously. Somehow I think I was using the sfq rather than the cbq. The goal that I have at the moment is to limit the bandwidth of data sent to a particular host. I had this working but seem to have lost a specific parameter sequence. Thanks John Clark ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Traffic shaper based on UIDs
Hi, [EMAIL PROTECTED] wrote: ... But there is no filter based on unix user id (the reason is clear for everybody -- ip packet doesn't contain this information). I've found the very interesting netfilter patches at the patch-o-matic: ... There is no need for POM patches, you may use the owner match from iptables. (see: man iptables) Am I on the right way? How can I combine the power of netfilter and traffic control systems to solve my problem? ... You might match for each user and then set a mark or even classify directly by iptables. (see man, too) Howto mark: http://lartc.org/howto/lartc.qdisc.filters.html (9.6.2, fwmark) Btw.. there is no best (classful) qdisc, this varies on your needs. Nevertheless, I'd take htb because it's relativly simple to setup (personally I like hfsc though). You may just try them out. :) Bye, Andreas. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Traffic shaper based on UIDs
Hello, Andreas! Yes, the owner match is great. But I can mark only outgoing packets this way. And as far as I know, traffic shaper needs to know who is the owner of the incoming packets to do the shaper job. And that's why it is required to patch the kernel, it seems to me. Have I misunderstood something? But I've recently sent to this mailing list another letter related to this problem. It seems to me, if each unix user would use the different IP address, it is not a problem to do the shaping. Thank you for your response. Hi, [EMAIL PROTECTED] wrote: ... But there is no filter based on unix user id (the reason is clear for everybody -- ip packet doesn't contain this information). I've found the very interesting netfilter patches at the patch-o-matic: ... There is no need for POM patches, you may use the owner match from iptables. (see: man iptables) Am I on the right way? How can I combine the power of netfilter and traffic control systems to solve my problem? ... You might match for each user and then set a mark or even classify directly by iptables. (see man, too) Howto mark: http://lartc.org/howto/lartc.qdisc.filters.html (9.6.2, fwmark) Btw.. there is no best (classful) qdisc, this varies on your needs. Nevertheless, I'd take htb because it's relativly simple to setup (personally I like hfsc though). You may just try them out. :) Bye, Andreas. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Sincerely yours, Vitaly Repin Ice Brains Software, ltd ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc