[LARTC] Complex Traffic shaping setup
Hi! I have the following setup using iproute2: | Root | | | === | Box Level 1 | | === | | === | Box Level 2 | | === | | | === | Users | === | | === | User 1 | | === | | === | User 2 | | === | | === | User 3 | === I am using HTB for each node, simply because it supports burst mode. There are box level classes (top level classes) that might limit bandiwdth based on protocols (http, smtp etc) Then there are users classes which rate limit each user to a specific rate. Each Box Level and User Classes have associated Qdiscs as well. The issue is that HTB seems to be rate limiting only if I attach filters at the root (1:). Since classification for box level classes may also match more specific user filters are well, one of the two things happen: 1. If the prio of the filters for Box level is higher or equal than that of Users, packets are only sent to the box level class, and since the rate at box level class is generally higher, the user starts exceeding his limit. 2. If the prio of the User filter is higher, packets matching the user filter are never sent to the Box level classes, making the box level rate for a particular protocol exceed the required for all users put together. Is there a solutions to this issue? I am unable to really find a solution since filters can only be applied to the root! Thanks in advance! Padam Singh. begin:vcard fn:Padam Singh n:Singh;Padam org:Inventum Technologies Pvt. Ltd. adr:SDA Commercial Complex;;C-17;New Delhi;Delhi;110016;India email;internet:[EMAIL PROTECTED] title:Sr. Solutions Architect tel;work:+91-11-55650222 tel;fax:+91-11-26518800 x-mozilla-html:TRUE url:http://www.inventum.cc version:2.1 end:vcard
Re: [LARTC] Complex Traffic shaping setup
I'm not sure if you have to use different prio for filters (With fw this is a must). Depends on your setup. With htb, everything is attached with parent as root qdisc. On Fri, 18 Feb 2005 18:27:26 +0530, Padam J Singh [EMAIL PROTECTED] wrote: Hi! I have the following setup using iproute2: | Root | | | === | Box Level 1 | | === | | === | Box Level 2 | | === | | | === |Users| === | | === |User 1 | | === | | === |User 2 | | === | | === | User 3 | === I am using HTB for each node, simply because it supports burst mode. There are box level classes (top level classes) that might limit bandiwdth based on protocols (http, smtp etc) Then there are users classes which rate limit each user to a specific rate. Each Box Level and User Classes have associated Qdiscs as well. The issue is that HTB seems to be rate limiting only if I attach filters at the root (1:). Since classification for box level classes may also match more specific user filters are well, one of the two things happen: 1. If the prio of the filters for Box level is higher or equal than that of Users, packets are only sent to the box level class, and since the rate at box level class is generally higher, the user starts exceeding his limit. 2. If the prio of the User filter is higher, packets matching the user filter are never sent to the Box level classes, making the box level rate for a particular protocol exceed the required for all users put together. Is there a solutions to this issue? I am unable to really find a solution since filters can only be applied to the root! Thanks in advance! Padam Singh. -- Bla bla ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] lartc on bridge, help
I'm new on this mailing list, reading it for last 4 weeks, ... Need help please... I want to implement tc rules on br0 witch is build of wlan0, wlan0wds0, wlan0wds1? I did something but it doesn't do good job, it doesn't give constant flow ... any idea, please if someone already have experiance... OS: Suse 9.0 myshaper - #! /bin/sh . /etc/rc.status rc_reset case $1 in stop) tc qdisc del dev br0 root rc_status -v ;; *) tc qdisc del dev br0 root tc qdisc add dev br0 root handle 1: htb r2q 1 tc class add dev br0 parent 1: classid 1:1 htb rate 230kbit tc class add dev br0 parent 1:1 classid 1:10 htb rate 50kbit ceil 128kbit burst 20k tc class add dev br0 parent 1:1 classid 1:11 htb rate 70kbit ceil 128kbit burst 20k tc class add dev br0 parent 1:1 classid 1:12 htb rate 110kbit ceil 192kbit burst 20k # class for wireless users tc class add dev br0 parent 1:12 classid 1:21 htb rate 8kbit ceil 64kbit tc class add dev br0 parent 1:12 classid 1:22 htb rate 8kbit ceil 64kbit tc class add dev br0 parent 1:12 classid 1:23 htb rate 8kbit ceil 64kbit tc class add dev br0 parent 1:12 classid 1:24 htb rate 8kbit ceil 64kbit tc class add dev br0 parent 1:12 classid 1:25 htb rate 8kbit ceil 64kbit tc class add dev br0 parent 1:12 classid 1:26 htb rate 8kbit ceil 64kbit tc class add dev br0 parent 1:12 classid 1:27 htb rate 8kbit ceil 64kbit tc class add dev br0 parent 1:12 classid 1:28 htb rate 8kbit ceil 64kbit echo kreiram filtere # filter networks tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.0.0/24 flowid 1:10 tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.1.0/24 flowid 1:11 # filteri wireless users tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.2.2 flowid 1:21 tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.2.3 flowid 1:22 tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.2.4 flowid 1:23 tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.2.5 flowid 1:24 tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.2.6 flowid 1:25 tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.2.7 flowid 1:26 tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.2.8 flowid 1:27 tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.2.9 flowid 1:28 rc_status -v ;; esac - regards ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] DSCP, ToS and Egress
I've added a few more helper functions for a more complete demonstration. I've also added some suggested default values (see script). Here's an example usage for a 100mbit LAN: # Load the functions into the environment # source diffserv.sh # # Set device queue length and MTU # init_device eth1 10 1500 # # Clear the device qdiscs # reset_qdisc eth1 # # Create the root DSMARK qdisc filters. # init_classifier eth1 10: # # Now create our main HTB qdisc # We attach to the parent DSMARK qdisc (10:) and give ourselves a handle of 1: # qdisc eth1 parent 10: handle 1: htb default 1 r2q 1 # # Now we create our leaf HTB + GRED classes and qdiscs to perform diffserv # Note that this will create HTB classes underneath the HTB qdisc (1:) # diffserv 1: eth1 10 10 1000 10 1500 1500 64 0 In a more complex setup, you can insert additional levels of HTB classes under the HTB qdisc and then call 'diffserv' on those leaf classes, but remember to add additional filters (can NOT use iptables CLASSIFY target) or traffic will never reach those classes. 'diffserv' assumes traffic has already made it as far as its parent qdisc (or class) and attaches it's filters there. Dan- diffserv.sh Description: Bourne shell script
Re: [LARTC] Complex Traffic shaping setup
I'm not sure if you have to use different prio for filters (With fw this is a must). Depends on your setup. With htb, everything is attached with parent as root qdisc. On Fri, 18 Feb 2005 18:27:26 +0530, Padam J Singh [EMAIL PROTECTED] wrote: Hi! I have the following setup using iproute2: | Root | | | === | Box Level 1 | | === | | === | Box Level 2 | | === | | | === | Users | === | | === | User 1 | | === | | === | User 2 | | === | | === | User 3 | === I am using HTB for each node, simply because it supports burst mode. There are box level classes (top level classes) that might limit bandiwdth based on protocols (http, smtp etc) Then there are users classes which rate limit each user to a specific rate. Each Box Level and User Classes have associated Qdiscs as well. The issue is that HTB seems to be rate limiting only if I attach filters at the root (1:). Since classification for box level classes may also match more specific user filters are well, one of the two things happen: 1. If the prio of the filters for Box level is higher or equal than that of Users, packets are only sent to the box level class, and since the rate at box level class is generally higher, the user starts exceeding his limit. 2. If the prio of the User filter is higher, packets matching the user filter are never sent to the Box level classes, making the box level rate for a particular protocol exceed the required for all users put together. Is there a solutions to this issue? I am unable to really find a solution since filters can only be applied to the root! Thanks in advance! Padam Singh. The filters get attached to the root, then use the flowid to determine the destination priority on the HTB. tc class add dev $e parent 10:1 classid 10:10 htb rate $citrix ceil $nonVoipRate tc class add dev $e parent 10:1 classid 10:20 htb rate $video ceil $nonVoipRate tc filter add dev $e protocol ip parent 10: prio 1 u32 match ip src $CONNECTRIA1/32 flowid 10:10 tc filter add dev $e protocol ip parent 10: prio 1 u32 match ip sport 1720 0x flowid 10:20 tc filter add dev $e protocol ip parent 10: prio 1 u32 match ip dport 1720 0x flowid 10:20 etc... -Ron
Re: [LARTC] lartc on bridge, help
On Fri, 18 Feb 2005 18:05:22 +0100 hiphin [EMAIL PROTECTED] wrote: I'm new on this mailing list, reading it for last 4 weeks, ... Need help please... I want to implement tc rules on br0 witch is build of wlan0, wlan0wds0, br0 is only used for local traffic, not bridged traffic and doesn't have a queue (normally). Traffic that goes through the bridge needs to be controlled on the output bound device (wlan0) not the local bridge device (br0). If you want to get advanced you can also control it on the inbound side but it is harder. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] smoothwall
Im new in this area of Linux, getting tired of others. I have got the free smoothwall firewall running betwen my wireless 802.11b network and a satellite link. Smotthwall does not do traffic control. I would like to get traffic control in the box. Any ideas scripts??? Hugonik ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Fedora
Sorry if is a silly question im getting into Linux... I have Fedora with the minimum requeriments to make a router, firewall and traffic control in a box. How can I get the tc information running from booting??? ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IPROUTE2: How to verify installation?
On Fri, 18 Feb 2005 00:26:47 + Andy Furniss [EMAIL PROTECTED] wrote: Samuel Díaz García wrote: Hi guys, I download and install the last iproute2 package. I done: 1) ./configure 2) make 3) make install When I do ip -V, it return: ip utility, iproute2-ss020116 ¿Is IPROUTE2 correctly installed on my system? Thanks You may have an older one installed as well. Do a whereis tc or ip - It may say /sbin/tc /usr/sbin/tc the latter is likely to be the new one, but the one in sbin will be used unless you get rid of it or give full paths. I integrated a patch from one of the distro's that put the iproute2 utilities in /usr/sbin. Now I regret it now because of the possibility for error the change introduced, but moving it back would be worse. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Route away packets addressed to the machine itself w/iproute and Netfilter
I have a box with only 1 IP (lets say 10.0.0.1) which has an ipip tunnel to another machine (lets say 10.2.0.1)(different networks) i wan't all packets coming to 10.0.0.1 destination port 80 be routed thru the tunnel device and be answered by 10.2.0.2 (which has an interface configured with 10.0.0.1). It works if the incoming ip address is not configured on the receiving machine (but is configured to be arpproxied) but not with the "main" ip address. This is what i did to test on 10.0.0.1 ifconfig eth0: main interface tunnel2: ipip tunnel interface to 10.2.0.2 /etc/iproute/rt_tables added: 100 myroute iptables -A PREROUTING -t mangle -d 10.0.0.1 -p tcp --dport 80 -j MARK --set-mark 99 ip route add table test dev tunnel2 ip rule add fwmark 99 table test in 10.0.0.2 ifconfig eth0:101 10.0.0.1 netmask 255.255.255.255 What i'm doing wrong ? Thanks!