I'm just-so-fresh to the list, so hello everyone.
I'm having a realy hard time with setting up very simple bandwidth
management. What I am trying to do is setup a 10Mbit interface to send
at only 1920kbit to most of the network (to make sure it hardly ever
tops 2mbit). I did succeed with the ingress traffic... With egress
however, I get very odd results at different speeds.
With HTB:
If i try to throttle at 0.5mbit for example, a windows box on 1mbit ADSL
line is capable of downloading at ~64k from the box i'm limiting, while
a bsd box on a 4mbit DSL line happily downloads at ~200k. Limiting to
2mbit looks like there are no results at all
With TBF:
The dowloads from the limited box are always ~5k, at least to what I've
observed with different configurations (even with limits at 2mbit).
I'm doing all of that directly on the Internet with public IPs.
I think I've read all the TLDP and LARTC to no results, so would greatly
appreciate any help with strictly cutting the bandwidth ath ~1920kbit.
What am I missing?
The scrips I've tried (or tried their variants):
#tc qdisc add dev eth0 root handle 1: htb default 20
#tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
#tc class add dev eth0 parent 1:1 classid 1:10 htb rate 9.5mbit
#tc class add dev eth0 parent 1:1 classid 1:20 htb rate 0.5mbit
#tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
#tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
#tc filter add dev eth0 parent 1: protocol ip u32 match ip dst
a.b.c.d/24 flowid 1:10
#tc qdisc add dev eth0 root tbf rate 0.5mbit burst 5kb latency 70ms
peakrate 1mbit minburst 1540
(yes that does 0.5mbit limiting, but it would be a start...)
#tc qdisc add dev eth0 root handle 1: htb default 20
#tc class add dev eth0 parent 1: classid 1:1 htb rate 1920kbit
#tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit prio 1
#tc class add dev eth0 parent 1:1 classid 1:20 htb rate 1792kbit prio 2
#tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
#tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
#tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip tos
0x10 0xff flowid 1:10
#tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip
protocol 1 0xff flowid 1:10
I use the latest iproute2 from the gentoo portage, marked as stable on
amd64:
sys-apps/iproute2-2.6.16.20060323/
I manually setup to NIC at server boot, with:
#!/bin/sh
mii-tool -F 10baseT-FD eth0
(but I had the same problems before I did that when the box was in a
private LAN)
The server details are:
(serenity:~) # uname -a89zx
Linux serenity 2.6.18-gentoo-r4 #1 SMP Mon Jan 15 12:33:56 CET 2007
x86_64 Intel(R) Pentium(R) D CPU 3.00GHz GenuineIntel GNU/Linux
(this is genkernel generated)
(serenity:~) # grep -i config_hz
/etc/kernels/kernel-config-x86_64-2.6.18-gentoo-r4
# CONFIG_HZ_100 is not set
CONFIG_HZ_250=y
# CONFIG_HZ_1000 is not set
CONFIG_HZ=250
(serenity:~) # lspci | grep -i ether
05:04.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5714
Gigabit Ethernet (rev a3)
05:04.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5714
Gigabit Ethernet (rev a3)
(serenity:~) # lsmod
Module Size Used by
sch_sfq 7424 0
sch_htb18944 1
act_police 8480 1
cls_u32 9480 2
sch_ingress 5248 1
sch_tbf 8320 0
ipt_LOG 8192 1
xt_limit4352 1
xt_state3840 1
ip_conntrack 53092 1 xt_state
xt_tcpudp 4864 5
iptable_filter 4736 1
iptable_mangle 4480 0
ip_tables 22312 2 iptable_filter,iptable_mangle
x_tables 18824 5
ipt_LOG,xt_limit,xt_state,xt_tcpudp,ip_tables
(serenity:~) # iptables -nL
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/00.0.0.0/0
ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:20
flags:0x17/0x02
ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:21
flags:0x17/0x02
ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:22
flags:0x17/0x02
ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:80
flags:0x17/0x02
ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp
dpts:2:20100 flags:0x17/0x02
ACCEPT all -- 0.0.0.0/00.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp type 8
LOGall -- 0.0.0.0/00.0.0.0/0 limit: avg
3/hour burst 5 LOG flags 0 level 4 prefix `iptables-IN-policy: '
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
(the mangle tables are empty)
Regards,
--
Roman Skuła (http://roman.skula.com)
___
LARTC mailing