[LARTC] hfsc rule command problem
My hfsc rule .. tc qdisc add dev eth2 handle 1: root hfsc iptables -t mangle -N ms-all iptables -t mangle -N ms-all-chains iptables -t mangle -N ms-prerouting iptables -t mangle -A PREROUTING -j ms-prerouting iptables -t mangle -A ms-prerouting -j CONNMARK --restore-mark iptables -t mangle -A ms-prerouting -p udp --dport -j MARK --set-mark 1 iptables -t mangle -A ms-prerouting -p udp -m multiport --dports 1755,5005,1024:4443,4445:5500 -j MARK --set-mark 1 iptables -t mangle -A ms-prerouting -p tcp --dport 23 -j MARK --set-mark 1 iptables -t mangle -A ms-prerouting -p tcp -m multiport --dports 20,21,5001:5004,5006:5100 -j MARK --set-mark 2 iptables -t mangle -A ms-prerouting -p tcp --dport 80 -j MARK --set-mark 2 iptables -t mangle -A ms-prerouting -j CONNMARK --save-mark iptables -t mangle -A FORWARD -o eth2 -j ms-all iptables -t mangle -A POSTROUTING -o eth2 -j ms-all-chains tc class add dev eth2 parent 1: classid 1:1 hfsc sc m2 1kbit tc filter add dev eth2 parent 1:0 protocol all u32 match u32 0 0 classid 1:1 tc class add dev eth2 parent 1:1 classid 1:11 hfsc ls m2 3500kbit ul m2 1kbit iptables -t mangle -N ms-chain-eth2-1:11 iptables -t mangle -A ms-all-chains -m mark --mark 1 -j ms-chain-eth2-1:11 iptables -t mangle -A ms-all -o eth2 -j ms-chain-eth2-1:11 tc class add dev eth2 parent 1:11 classid 1:111 hfsc rt m1 3500kbit d 10s m2 200kbit ls m2 3500kbit ul m2 3500kbit tc qdisc add dev eth2 handle 111: parent 1:111 sfq iptables -t mangle -A ms-chain-eth2-1:11 -p udp --dport -j CLASSIFY --set-class 1:111 iptables -t mangle -A ms-chain-eth2-1:11 -p udp --dport -j RETURN tc class add dev eth2 parent 1:11 classid 1:112 hfsc rt m1 3500kbit d 10s m2 1300kbit ls m2 3500kbit ul m2 3500kbit tc qdisc add dev eth2 handle 112: parent 1:112 sfq iptables -t mangle -A ms-chain-eth2-1:11 -p udp -m multiport --dports 1755,5005,1024:4443,4445:5500 -j CLASSIFY --set-class 1:112 iptables -t mangle -A ms-chain-eth2-1:11 -p udp -m multiport --dports 1755,5005,1024:4443,4445:5500 -j RETURN tc class add dev eth2 parent 1:11 classid 1:113 hfsc rt m1 3500kbit d 10s m2 1500kbit ls m2 3500kbit ul m2 3500kkbit tc qdisc add dev eth2 handle 113: parent 1:113 sfq iptables -t mangle -A ms-chain-eth2-1:11 -p tcp --dport 23 -j CLASSIFY --set-class 1:113 iptables -t mangle -A ms-chain-eth2-1:11 -p tcp --dport 23 -j RETURN tc class add dev eth2 parent 1:11 classid 1:199 hfsc rt m1 3500kbit d 10s m2 500kbit ls m2 3500kbit ul m2 3500kbit tc qdisc add dev eth2 handle 199: parent 1:199 sfq iptables -t mangle -A ms-chain-eth2-1:11 -j CLASSIFY --set-class 1:199 iptables -t mangle -A ms-chain-eth2-1:11 -j RETURN tc class add dev eth2 parent 1:1 classid 1:12 hfsc ls m2 7500kbit ul m2 1kbit iptables -t mangle -N ms-chain-eth2-1:12 iptables -t mangle -A ms-all-chains -m mark --mark 2 -j ms-chain-eth2-1:12 iptables -t mangle -A ms-all -o eth2 -j ms-chain-eth2-1:12 tc class add dev eth2 parent 1:12 classid 1:121 hfsc ls m2 3500kbit ul m2 7500kbit tc qdisc add dev eth2 handle 121: parent 1:121 sfq iptables -t mangle -A ms-chain-eth2-1:12 -p tcp -m multiport --dports 20,21,5001:5004,5006:5100 -j CLASSIFY --set-class 1:121 iptables -t mangle -A ms-chain-eth2-1:12 -p tcp -m multiport --dports 20,21,5001:5004,5006:5100 -j RETURN tc class add dev eth2 parent 1:12 classid 1:122 hfsc ls m2 3500kbit ul m2 7500kbit tc qdisc add dev eth2 handle 122: parent 1:122 sfq iptables -t mangle -A ms-chain-eth2-1:12 -p tcp --dport 80 -j CLASSIFY --set-class 1:122 iptables -t mangle -A ms-chain-eth2-1:12 -p tcp --dport 80 -j RETURN tc class add dev eth2 parent 1:12 classid 1:299 hfsc rt m1 3500kbit d 10s m2 500kbit ls m2 500kbit ul m2 7500kbit tc qdisc add dev eth2 handle 299: parent 1:299 sfq iptables -t mangle -A ms-chain-eth2-1:12 -j CLASSIFY --set-class 1:299 iptables -t mangle -A ms-chain-eth2-1:12 -j RETURN I have got a big problem, I don’t know my rule are wrong?? My rule are like this Root Real time class Non-real time class #interior class (Voip ,MMS, Telnet, default) (HTTP FTP default) #leaf class My setting rate in each class is Real time class guarantee rate: 3500kbitmax rate: 1kbit VoIP guarantee rate: 200kbit max rate: 3500kbit MMS guarantee rate: 1300kbitmax rate: 3500kbit Telnet guarantee rate: 1500kbitmax rate: 3500kbit Defaultguarantee rate: 500kbit max rate: 3500kbit Non Real time class HTTPguarantee rate: 7500kbitmax rate: 1kbit FTP guarantee rate: 3500kbitmax rate: 7500kbit Defaultguarantee rate: 3500kbitmax rate: 7500kbit I need to input traffic with so very load to shaper about 10Mbit by traffic generator but nomatter I
[LARTC] Script for get bandwidth statistic from iptable
isearch a lot forum how to get bandwidth statistic such number of packet, total byte in each application protocol by using IPTABLES + netfilter-layer7 but i don't know which script for getting it in log file and use data after get it for plotting graph later my IPTABLES command like this iptables -t mangle -N all iptables -t mangle -A POSTROUTING -j all iptables -t mangle -A POSTROUTING -p udp --sport -j CLASSIFY --set-class 1:11 iptables -t mangle -A POSTROUTING -m layer7 --l7proto mms -j CLASSIFY --set-class 1:12 iptables -t mangle -A POSTROUTING -m layer7 --l7proto telnet -j CLASSIFY --set-class 1:13 iptables -t mangle -A POSTROUTING -m layer7 --l7proto ftp ftp-data -j CLASSIFY --set-class 1:14 iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j CLASSIFY --set-class 1:15 please advise me about perl script ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tool classify L7 packet
Please Advise me, Now I have got a problem about … Finding Tools In Linux (Opensource) that Can capture traffic packet and save it in log file or trace file. But it can classify Layer7 packet too Because I need to implement application that count number of packet in each application after packet pass through linux box which be like traffic control Please advise me. Ps. Can snort classifies Layer7 packet? Ps. I have just read on paper about ip table command they tell it has new feature is “Log” in new target so If i use iptable with layer7 filter when I classify and found layer7 packet .it will save this event to log file and i can count number of it later in log file?? Can I do that?? Thank you ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB has 2 bucket?
thank you for your reply i'm doubt about before i known , there have two bucket. my assumption is ... first bucket for keep token sending with rate guarantee and this bucket size are same as burst size and in every minute ... number of token will create at least rate token but max with burst size but after true is ... HTB have 2 bucket My assumption are true for htb technique to handle "burst traffic"??? first bucket size for keep token is burst size for handle when burst traffic coming. every minute, number of token will create at least rate token for guarantee bandwidth but max with burst sizeand support burst (i'm not sure if max token are burst size, at first time to handle burst traffic. htb will use all token in bucket but when next second??? Bucket are empty? so max bucket size may be bigger than burst size??) when class use banwidth exceed rate, class will borrow banwidth from parent class so class will use ctoken that keep in another bucket(bucket for keeping ctoken and ctoken are come from only parent' token) i don't understand when burst traffic coming how htb choose between2 bucket are use? i see picture from http://linux-ip.net/traffic-control/htb-class.png don't understand. why must checking in ctoken before token Is it true? because burst traffic will use token more than token in first Bucket. so it will skip to check ctoken. Is it max enough, it will use all token in first+bucket and ctoken in secoond Bucket because for theory htb to handle burst traffic, htb allow to sending with burst rate until average rate equal to burst threadhold, htb will change rate to rate guarantee, if use only token in first bucket to handle burst traffic i think this mechanismwill use token and among sending with burst rate if number of available token are qual or more than little bit num of rate token for guarantee bandwidth, it will change to sending with rate guarantee? (i'm not sure for my assumtion, If my assumption are wrong. can you tell me the trueth?) advise me please, thank you - Original Message From: Martin A. Brown [EMAIL PROTECTED]To: Thossapron Apinyapanha [EMAIL PROTECTED]Cc: lartc lartc lartc@mailman.ds9a.nlSent: Friday, October 13, 2006 7:56:02 PMSubject: Re: [LARTC] HTB has 2 bucket? -BEGIN PGP SIGNED MESSAGE-Hash: SHA1Greetinsg Thossapron,: in HTB use 2 bucket for manage 2 rate??? first bucket - keep : token for sending with rate second bucket - keep ctoken for : sending with ceil rate Is it true?? may be i'm misunderstand : about token/bucket thoeryYes, there are two different buckets used.One bucket is for tokens, another bucket is for ctokens.Brief picture of association of parameters:rate:burst, tokensceil:cburst, ctokensSee the upper right corner of this diagram [0].In particular, I should warn you that the SFQ qdisc in this diagram is the one which is granted the dequeue opportunity, so although packets mostly flow from left to right in this diagram, the SFQ is displayed to the left of the HTB rate/ceil buckets, even though logically this is reversed.Good luck,- -Martin[0] http://linux-ip.net/traffic-control/htb-class.png- -- Martin A. Brownhttp://linux-ip.net/-BEGIN PGP SIGNATURE-Version: GnuPG v1.4.2 (GNU/Linux)Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)iD8DBQFFL4zmHEoZD1iZ+YcRAm1mAJ42tQy4cRL88JnuwR2/YR3zrRoTOACfbLtuccrh3V/7eBzDlpRvWTgOtZs==RqAV-END PGP SIGNATURE- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB has 2 bucket?
thank you for your reply i'm doubt about before i known , there have two bucket. my assumption is ... first bucket for keep token sending with rate guarantee and this bucket size are same as burst size and in every minute ... number of token will create at least rate token but max with burst size but after true is ... HTB have 2 bucket My assumption are true for htb technique to handle "burst traffic"??? first bucket size for keep token is burst size for handle when burst traffic coming. every minute, number of token will create at least rate token for guarantee bandwidth but max with burst sizeand support burst (i'm not sure if max token are burst size, at first time to handle burst traffic. htb will use all token in bucket but when next second??? Bucket are empty? so max bucket size may be bigger than burst size??) when class use banwidth exceed rate, class will borrow banwidth from parent class so class will use ctoken that keep in another bucket(bucket for keeping ctoken and ctoken are come from only parent' token) i don't understand when burst traffic coming how htb choose between2 bucket are use? i see picture from http://linux-ip.net/traffic-control/htb-class.png don't understand. why must checking in ctoken before token Is it true? because burst traffic will use token more than token in first Bucket. so it will skip to check ctoken. Is it max enough, it will use all token in first+bucket and ctoken in secoond Bucket because for theory htb to handle burst traffic, htb allow to sending with burst rate until average rate equal to burst threadhold, htb will change rate to rate guarantee, if use only token in first bucket to handle burst traffic i think this mechanismwill use token and among sending with burst rate if number of available token are qual or more than little bit num of rate token for guarantee bandwidth, it will change to sending with rate guarantee? (i'm not sure for my assumtion, If my assumption are wrong. can you tell me the trueth?) advise me please, thank you - Original Message From: Martin A. Brown [EMAIL PROTECTED]To: Thossapron Apinyapanha [EMAIL PROTECTED]Cc: lartc lartc lartc@mailman.ds9a.nlSent: Friday, October 13, 2006 7:56:02 PMSubject: Re: [LARTC] HTB has 2 bucket? -BEGIN PGP SIGNED MESSAGE-Hash: SHA1Greetinsg Thossapron,: in HTB use 2 bucket for manage 2 rate??? first bucket - keep : token for sending with rate second bucket - keep ctoken for : sending with ceil rate Is it true?? may be i'm misunderstand : about token/bucket thoeryYes, there are two different buckets used.One bucket is for tokens, another bucket is for ctokens.Brief picture of association of parameters:rate:burst, tokensceil:cburst, ctokensSee the upper right corner of this diagram [0].In particular, I should warn you that the SFQ qdisc in this diagram is the one which is granted the dequeue opportunity, so although packets mostly flow from left to right in this diagram, the SFQ is displayed to the left of the HTB rate/ceil buckets, even though logically this is reversed.Good luck,- -Martin[0] http://linux-ip.net/traffic-control/htb-class.png- -- Martin A. Brownhttp://linux-ip.net/-BEGIN PGP SIGNATURE-Version: GnuPG v1.4.2 (GNU/Linux)Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)iD8DBQFFL4zmHEoZD1iZ+YcRAm1mAJ42tQy4cRL88JnuwR2/YR3zrRoTOACfbLtuccrh3V/7eBzDlpRvWTgOtZs==RqAV-END PGP SIGNATURE- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HFSC question??
1. HFSC have 4 curve such sc, rc, ls, uland 1.1 In leaf class can specify rc for guarantee service (bandwidth and delay) and If want to sharing fairness exceess service, we must specify ls and ul curve too (ls curve with paramater m2 specify at lease sharing bandwidth in that class will receive and ul curve mean maximum bandwidth in that class will receive) so i'm doubt .. about if i specify sc curve in leaf class too, what 's it mean?? rc, ls, ul + sc - what's it mean? rc + sc - what's it mean? In interior class can't specify rc curve but we can specify ls curve for doing link-sharing criterion and can sharing fairness excess service too. but so if i specify sc curve in leaf class too, what 's it mean?? like how different if i specify "ls, ul andsc" and "ls, ul"??? In root class, what is it mean if i specify sc - what's it mean? ls+ul- what's it mean? 1.2 so can i conclude ls, ul, rc are subset 's sc curve. and in each curve we can calculate banwidth and delay bound .? because all 4 curve have same parameter such m1 ,d , m2 2.i read a lot of HFSC paper about paramter (m1,d,m2) some paper tell me ... d is interval time (first will sending with m1 rate but after interval d parameter, it will change rate to m2) but some paper tell me .. d is delay bound in that class (first will sending with m1 rate but when after exceed delay bound, it will change rate to m2) what 's it true?? 2.1 if d are interval time so how HFSC calculate delay? 2.2 Is it true? - "delay bound calculation from service curve" 3. this is my big problem with HFSC thoery ... in HFSC has 2 criterion such real time and link-sharing criterion so when packet coming in traffic control linux box hfsc will checking eligible time in each packege If eligible time t (i'm don't understand how eligble working or how it classify eligible package or not?) or it's package that dangerouse for exceed deadline time so it manage package with "real time criterion" and choosing package with lowest deadline time for dequeue but if it's not, it will manage with "link sharing criterion" and choosing package with lowest vertual time (this is a big don't unstand why choose lowest vertual time? because it's mean class with have lowest will choose to dequeue and what about another class that vertual time are now low?? how it can manage??? and i don't understand why must choose lowest not max vertual time? Is it relative with fairness excess service all class? 4. my lab... i found bandwidth allocation by HFSC comparation with HTB ... found At first time that class starting up, HFSC will receive banwidth nearly upperlimit rate nomatter in that time have a lot class active (it's like can send with burst rate in HTB) so comparation with HTB, At first time that class starting up, HTB receive bandwidth not peak like burst but it use interval time for increase bandwidth until start with rate and then with ceil. 5. i read a lot of HTB 's tc command case, with try to test burst situation , i don't know why burst parameter their specify not much like 12kbit (but rate and ceil rate are so different from 12kbit such 200kbit so i will follow them,, but after plot graph i don't see burst characteristic at first time class active ... Is i'm wrong to use burst paramter value 12 kbit it's too small? are 5. from my lab ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB has 2 bucket?
in HTB use 2 bucket for manage 2 rate??? first bucket - keep token for sending with rate second bucket - keep ctoken for sending with ceil rate Is it true?? may be i'm misunderstand about token/bucket thoery___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] please reply as soon as you can about HFSC bandwidth
I have important question about bandwidth allocation statistic show when i'm use "tc -s -d class ls dev eth2" At first, before testing I think "work" parameter from this command are real bandwidth in each class but when i'm calculate this parameter ... it's too big number ... like it's not a bandwidth rate and it's may be some number that i don't know what 's it?If "work" and "rtwork" are bandwidth in each class but it must have specific method to calculate ... So how to do it??I'm doubt about "rtwork" value along my test. It have a same number ... i don't know what is it mean??? and why don't "work" value in each time when i'm use "tc -s -d class ls dev eth2" .. it have a same number in all class but next time that value are change to another number what is it mean???[EMAIL PROTECTED]:~$ tc -s -d class ls dev eth2 class hfsc 1: root Sent 0 bytes 0 pkts (dropped 0, overlimits 0) period 3223398930 work 14505631817980074884 bytes rtwork 14544911558267371524 b ytes level 3377421952 class hfsc 1:11 parent 1:1 leaf 11: rt m1 12000bit d 100.0ms m2 20bit ls m1 0bit d 0us m2 20bit ul m1 0bit d 0us m2 35bit Sent 252678 bytes 3405 pkts (dropped 0, overlimits 0) period 3223398930 work 14505631817980074884 bytes rtwork 14544911558267371524 b ytes level 3377421952thank youraku All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HFSC parameter
My problem with HFSC tc command is ... tc command's HFSC have a lot parameter with 4 curve typeSC curve - umax dmax rateLS curve - umax dmax rateRT curve - umax dmax rateUL curve - umax dmax rateso i'dont know which parameter are appropriate for my test casesuch real time class which curve are appropriate and good working result.my assumption about umax,dmax,rate ... this is truefirst, HFSC will doing with "umax" rate but after delay exceed "dmax" rate,HFSC will change rate to "rate" Can everybody tell me all 12 parameter ,what does it meanthank youraku All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB and HFSC, tc command question
I have a lot question about tc-command because now i'm doing research to compare performance between HTB and HFSC so i'm doubt a lot thing and your reply are so very helpful me ... my question is 1. I'm use opensource (Mastershaper) for help to config traffic control but when i'm try to config HTB,I'm doubt about in each chain must identify fallback service level and If i'm don't specify it,it willunable to contain pipe. Every traffic and if traffic not matched in chain's pipe can only use the fallbackservice level Is it only true definition in HTB tc command?? or it's only a creative function from developer?? ps. in Mastershaper represent interior class as pipe and leaf class as chain In HFSC tc command fter i read HFSC paper , i'm doubt in Service curve declaration like this | SC := [ [ m1 BPS ] [ d SEC ] m2 BPS | | m1 : slope of first segment - umax | d : x-coordinate of intersection - dmax | m2 : slope of second segment - rate2. In all leaf class must specify rt (realtime service curve) ??? and Is it important to specifysc (Service curve) in all leaf class ?? and in all leaf class must specify link-sharing (ls) too??because i think after read HFSC theory about by default All leaf class(Service class)will use Link-sharing critirion for allocation bandwidth from Service curve (My assumtion think this calculation bandwidth is "m1" or "umax" -total bandwidth that can send at ceil rate??) and when total delay are exceed to "demax" or "d" - it mean it time for HFSC to manage QoS to guarantee bandwidth and delayin each leaf class by use Real-time Criterion so bandwidth rate will change to "m2" or bandwidth ratethat guarantee QoS in eache leaf classIs it true??? i fear may be misunderstand in HFSC theory,example in my test lab ,i have leaf class 3 type such real-time ,data ,defaultCan i specify - real-time leaf class - rt (for guatantee delay and bw) ,ls (by default when not exceed max delay)- data lead class - ls (by default and not delay sensitive so delay are not important) 3. I'm doubt in How to declaration ls, and ul about .. in thoery it a type of service curve that notrelative with real-criterion, so Delay may be not important for consider Is it true when declaration, parameter in each service curve may be link this?ls [ umax BPS, rate BPS]ul [ umax BPS, rate BPS]and Is it important to declaration all of three parameter (umax,demax,rate) If three parameterare important to setting traffic control4. I'm try to search HFSC command example, it have a lot case but i'm doubt in service curve (sc) declarationsometime declaration in root class, interior class, in leaf classso I'm not sure to understand about ls -calculate bandwidth for interior class,root class and rt - calculate bandwidth for leaf class and what about service curve(sc)??? it's specify only in root class???5. Is it true?? In root class, or interior class will doing with only Link-sharing criterion, so can specify declarationonly link-sharing -ls(umax, dmax, rate) and Upperlimit -ls(umanx,dmax,rate)it's not important to declaration real-time curve (rt) because in HFSC theory will use real-time criterion only Leaf class6. In HFSC, upper limit are bandwidth rate that guarantee maximum bandwidth rate in each class as ceil in HTB??? 6. I'm doubt about priority in HFSC, in HFSC paper telling about in support priority but in HFSC tc-commandit not specify priority in each class, So In HFSC how to manage priority class link HTB Thank you for all reply, it's so very helpful to me alot.which all will suggest or advise me about in something i'm misunderstand raku All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] how to create burst traffic
some body can advise me about how to create burst traffic two type is 1. ICMP burst traffic (i need to create general and normal data burst traffic but i don't have any idea to do it) 2. Real time traffic (i think may create by open real-time streaming with a big file from real-time server but i don't sure it will work!)thank youraku Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc