[LARTC] unexpected drop
Hello everybody, I have a Linux router with an ethernet adapter and a ADSL device.My router has a GRE tunnel connected to a remote IP address. Using "tc" I have configured 3 different classes:1. 290kbit rate (used for Voip Services)2. 180kbit rate (used for GRE tunnel)3. 80kbit rate (for generic data traffic) For each class, using "iperf", I send some data from a PC (connected attraverso eth0 device)to a remote destination. The remote destination is the GRE tunnel terminator. The data traffic test is different for each class:1. 240kbit, 60byte packet size, UDP protocol2. 200kbit, 250byte packet size, UDP protocol3. 80kbit, 235byte packet size, UDP protocol In this way I got a lot of dropped packets on each class, while my expected results wasa many drop packages only on the second class. Can someone help me? Thank all you, roberto This is the class configuration script:iptables -t mangle -A PREROUTING -m dscp --dscp 40 -j MARK --set-mark 100iptables -t mangle -A PREROUTING -m dscp --dscp 40 -j ACCEPTiptables -t mangle -A PREROUTING -d 11.11.11.250 -j DSCP --set-dscp 16iptables -t mangle -A PREROUTING -d 11.11.11.250 -j MARK --set-mark 200iptables -t mangle -A PREROUTING -d 11.11.11.250 -j ACCEPTiptables -t mangle -A PREROUTING -j DSCP --set-dscp 0iptables -t mangle -A PREROUTING -j MARK --set-mark 300iptables -t mangle -A PREROUTING -j ACCEPT tc qdisc add dev atm0 root handle 1: cbq bandwidth 500Kbit avpkt 500tc qdisc add dev tadsl0 root handle 1: cbq bandwidth 500Kbit avpkt 500 tc class add dev atm0 classid 1:1 parent 1: cbq bandwidth 500Kbit rate 500Kbit avpkt 400 prio 1 allot 500 tc class add dev atm0 classid 1:2 parent 1:1 cbq bandwidth 500Kbit rate 290Kbit avpkt 400 prio 1 allot 500 bounded isolatedtc filter add dev atm0 parent 1:0 protocol ip prio 1 handle 100 fw flowid 1:2tc qdisc add dev atm0 parent 1:2 pfifo limit 10 tc class add dev atm0 classid 1:3 parent 1:1 cbq bandwidth 500Kbit rate 180Kbit avpkt 400 prio 2 bounded isolated allot 500tc filter add dev atm0 parent 1:0 protocol ip prio 2 handle 200 fw flowid 1:3tc qdisc add dev atm0 parent 1:3 handle 20: sfq perturb 5 tc class add dev atm0 classid 1:4 parent 1:1 cbq bandwidth 500Kbit rate 80Kbit avpkt 400 prio 3 bounded isolated allot 500tc filter add dev atm0 parent 1:0 protocol ip prio 3 handle 300 fw flowid 1:4tc qdisc add dev atm0 parent 1:4 handle 30: sfq perturb 5 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] routing decision based on sorce port
There is a small, but important issue with outgoing packets policy routing. Locally originating packets don't hit PREROUTING chain of mangle table (http://www.faqs.org/docs/iptables/traversingoftables.html), so you generally can't policy route such traffic. -- DO4-UANIC ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Sharing a DSL between 40 subnets with htb
I have a network with around 40 /24 subnets that shares a common DSL, this cries out for shaping so here I am trying to make it work as my first tc project. I have managed to cargocult some snippets from this list and tried to come up with a config, but there are a few things that I'd really like some input on: 1) Are the NAT'ed addresses available in the PREROUTING table of eth0? 2) If not then can I have the iptable --set-mark stuff in the tables for one interface and use the mark in tc on another interface? 3) Is it possible to filter on the routing table in stead of the --set-mark? so all traffic going to a certain router gets filtered into the same htb? 4) Does this look at all sane? Note: I didn't generate the 40 classes for this example. #!/bin/sh -x #This is a generated traffic shaper script that is supposed to evenly #share out a common DSL line between a number of subnets on: #eth0: The DSL line. #eth1: The 10.48.0.0/12 net, which contains 20 user subnets. #eth2: The 10.16.0.0/12 net, which contains the server net. #ath0: The 10.32.0.0/12 net, which contains 20 user subnets. #Root htb that all the traffic is going to go through: tc qdisc add dev eth0 root handle 1: htb default 0x42 tc class add dev eth0 parent 1: classid 1:1 htb rate 700kbit burst 6k #Default class for everything not matched by the firewall rules: tc class add dev eth0 parent 1:1 classid 1:42 htb rate 600kbit\ burst 15k prio 0 tc qdisc add dev eth0 parent 1:42 handle 42: sfq perturb 20 #Have the bucket that traffic gets dropped into #be determined by the firewall mark #btw: --set-mark 0xbabeface maps to class id babe:face tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw #Start the table for classifying traffic: iptables -t mangle -N to-dsl #Hook up the classification table to the interface iptables -t mangle -A PREROUTING -o eth0 -j to-dsl #Here are all the buckets for the user subnets #Adding subnet: 10.16.0.0/24 iptables -t mangle -A to-dsl -s 10.16.0.0/24\ -j MARK --set-mark 0x11000 tc class add dev eth0 parent 1:1 classid 1:1000\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:1000 sfq perturb 20 #Adding subnet: 10.32.0.0/24 iptables -t mangle -A to-dsl -s 10.32.0.0/24\ -j MARK --set-mark 0x12000 tc class add dev eth0 parent 1:1 classid 1:2000\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:2000 sfq perturb 20 #Adding subnet: 10.32.1.0/24 iptables -t mangle -A to-dsl -s 10.32.1.0/24\ -j MARK --set-mark 0x12001 tc class add dev eth0 parent 1:1 classid 1:2001\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:2001 sfq perturb 20 #Adding subnet: 10.32.2.0/24 iptables -t mangle -A to-dsl -s 10.32.2.0/24\ -j MARK --set-mark 0x12002 tc class add dev eth0 parent 1:1 classid 1:2002\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:2002 sfq perturb 20 #Adding subnet: 10.32.3.0/24 iptables -t mangle -A to-dsl -s 10.32.3.0/24\ -j MARK --set-mark 0x12003 tc class add dev eth0 parent 1:1 classid 1:2003\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:2003 sfq perturb 20 #Adding subnet: 10.48.0.0/24 iptables -t mangle -A to-dsl -s 10.48.0.0/24\ -j MARK --set-mark 0x13000 tc class add dev eth0 parent 1:1 classid 1:3000\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:3000 sfq perturb 20 #Adding subnet: 10.48.1.0/24 iptables -t mangle -A to-dsl -s 10.48.1.0/24\ -j MARK --set-mark 0x13001 tc class add dev eth0 parent 1:1 classid 1:3001\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:3001 sfq perturb 20 #Adding subnet: 10.48.2.0/24 iptables -t mangle -A to-dsl -s 10.48.2.0/24\ -j MARK --set-mark 0x13002 tc class add dev eth0 parent 1:1 classid 1:3002\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:3002 sfq perturb 20 #Adding subnet: 10.48.3.0/24 iptables -t mangle -A to-dsl -s 10.48.3.0/24\ -j MARK --set-mark 0x13003 tc class add dev eth0 parent 1:1 classid 1:3003\ htb rate 600kbit burst 15k prio 10 tc qdisc add dev eth0 parent 1:3003 sfq perturb 20 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc