Re: [LARTC] class exceeds its ceil
Jody Shumaker wrote: Andreas Klauer wrote: Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil, but you say you don't want it to borrow bandwidth from other classes. However, to go over the 100kbit rate, it _has_ to borrow. Oh yes, my mistake - I've confused ceil with rate. Anyway, the thing I wanted to achieve was to allow p2p class to use even 5600kbit of my bandwidth, but without guarantees like rate. So guarantee a minimum bandwidth to a class - about 100kbit, but allow it to reach 5600kbit or more e.g. when there's no other trafic present. (Now I know I did it wrong) So, if you don't want it to borrow like you said, the solution would be to set the ceil of the P2P class to 100kbit as well. The other classes will still be able to borrow from it if the P2P class is not using it's bandwidth. Are you sure? In my previous post I was refering to this example http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html which says this class won't be able to exchange any bandwidth at all. Jody Shumaker wrote: What are you basing this on? the P2P app or tc -s class show dev ? I simply block p2p traffic for some time and see that bandwidth usage (according to iptraf) falls down to ~20% of total link's "capacity" + classes that are supposed to send p2p traffic send nothing. (I also get feedback that indeed p2p apps aren't working) After allowing p2p through, bandwidth usage jumps to ~100% of the total available bandwidth. Are you using thee CONNTRACK module? It's simple to block P2P without CONNTRACK but if you want to shape it, you need it. Otherwise you'll only be marking the first packets for p2p connections, and not the rest. I am aware of that, but didn't you mean CONNMARK target (module)? W ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] class exceeds its ceil
Hi, I have a setup like this: class 1:1 rate 7600kbit (on a imq device) | |\class 1:10 rate 100kbit ceil 5600kbit prio 7 (here goes p2p traffic) \class 1:12 rate 7500kbit ceil 7600kbit | |\class 1:121 rate 3100 ceil 7500kbit prio 0 |\class 1:122 rate 2200 ceil 7500kbit prio 2 \class 1:123 rate 2200 ceil 7500kbit prio 3 (default) My problem is: the 1:10 class consumes the whole bandwidth. This is caused by a massive p2p traffic. I've read similar posts on this list, and I can't use the solution proposed by Stef Coene here: http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html. I match p2p packets with both ipp2p and layer7 filters and mark them with iptables MARK. I can easily block p2p traffic, but when I allow it - it exceeds its ceil and reaches the rate of my internet link, which is unacceptable. I need to allow other classes to borrow bandwidth from a p2p class, but I do not want to allow a p2p class to borrow bandwidth from other classes. Is there a way to achieve it ? maybe I should redesign something in the above diagram. W ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] strange behaviour of qos
Ed Wildgoose wrote: any idea what might be wrong ? Yep, something is queuing somewhere... Either your outbound setup allows too much outbound for the outbound connection (and if you use ADSL remember packets use more bandwidth than on ethernet). Or you aren't throttling your inbound connection enough and queuing is occuring on the ISP end of your link Ed W No, I really don't think so. The link itself is a 100%-CIR SDSL (for LANof 300+ machines). I've set up ceil(up and down) to ~95% of real bandwidth. It seems that classes exceed maximum rates (ceils) defined for them. For example : p2p class has ceil of 2.5 mbits When p2p traffic is not allowed to pass through bandwidth usage varies around 30%. Afrer allowing p2p to pass bandwidth usage quickly rises to nearly 100%. Is it possible to somehow isolate a class (as in cbq?) ?. In the archives I've found something like this (let's say): '[...] rate 2500kbit ceil 2500kbit'. This should produce something like isolated class , but for me it simply doesn't work. I'd be very grateful for any suggestions / ideas ... Ratel ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] strange behaviour of qos
Hi I have the following problem: I've created qos script which shapes traffic on outgoing interface eth1. More - less it looks like this : CUT-- #root qdisc and class for eth1 $tc qdisc add dev eth1 root handle 1:0 htb default 19 $tc class add dev eth1 parent 1:0 classid 1:1 htp ratel ${CEIL_UP}kbit ceil ${CEIL_UP}kbit #classes, qdiscs and filters for services $tc class add dev eth1 parent 1:1 classid 1:11 htb rate 90kbit ceil 150kbit prio 0 $tc class add dev eth1 parent 1:1 classid 1:12 htb rate 100kbit ceil 250kbit prio 0 $tc class add dev eth1 parent 1:1 classid 1:13 htb rate 90kbit ceil 1250kbit prio 2 $tc qdisc add dev eth1 parent 1:11 handle 111: sfq perturb 10# $tc qdisc add dev eth1 parent 1:11 handle 112: sfq perturb 10# Typical $tc qdisc add dev eth1 parent 1:11 handle 113: sfq perturb 10# $tc filter add dev eth1 parent 1:0 protocol ip prio 0 handle 1 fw classid 1:11 $tc filter add dev eth1 parent 1:0 protocol ip prio 0 handle 1 fw classid 1:12 $tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 1 fw classid 1:13 the same thing goes for imq #root qdisc and class for imq0 $tc qdisc add dev imq0 root handle 2:0 htb default 29 $tc class add dev imq0 parent 2:0 classid 2:1 htp ratel ${CEIL_DN}kbit ceil ${CEIL_DN}kbit #classes, qdiscs and filters for services $tc class add dev imq0 parent 2:1 classid 2:21 htb rate 90kbit ceil 150kbit prio 0 $tc class add dev imq0 parent 2:1 classid 2:22 htb rate 100kbit ceil 250kbit prio 0 $tc class add dev imq0 parent 2:1 classid 2:23 htb rate 90kbit ceil 1250kbit prio 2 $tc qdisc add dev imq0 parent 2:11 handle 211: sfq perturb 10# $tc qdisc add dev imq0 parent 2:11 handle 212: sfq perturb 10# $tc qdisc add dev imq0 parent 2:11 handle 213: sfq perturb 10# $tc filter add dev imq0 parent 2:0 protocol ip prio 0 handle 0xb fw classid 2:21 $tc filter add dev imq0 parent 2:0 protocol ip prio 0 handle 0xc fw classid 2:22 $tc filter add dev imq0 parent 2:0 protocol ip prio 2 handle 0xd fw classid 2:23 ---CUT There are more of these classes - up to 19 (or 29 on imq0). When I stat classes and qdiscs everything looks fine : traffic goes smoothly through every class. Class 1:11 , and 2:21 are for icmp packets only. The problem is - when I try to download some large file using http which goes through 1:13 and 2:23 classes pings rise to very high values (~350 - 600 , while normally it should be something ~5-25 ms). The situation is getting much worse when I allow p2p traffic (1:15, 2:25) to pass through. Although schedulers seem to work ,because I can browse web pages, the whole interactivity is lost and output (and input) bandwidth is consumed almost totally. my system is : 2.4.29-ow1 , additional schedulers : esfq and wrr p2p packets are `intercepted' by p2p and ipp2p modules. Other packets are marked this way : --CUT $IPTABLES -A PREROUTING -t mangle -i eth1 -j IMQ --todev 0 [...] $IPTABLES -A PREROUTING -t mangle -i eth1 -p icmp -j MARK --set-mark 0xb $IPTABLES -A POSTROUTING -t mangle -o eth1 -p icmp -j MARK --set-mark 0x1 [...] $IPTABLES -A PREROUTING -t mangle -i eth1 -m multiport --sport 80,443 -j MARK --set-mark 0xd $IPTABLES -A POSTROUTING -t mangle -o eth1 -m multiport --dport 80,443 -j MARK --set-mark 0x3 [] -CUT any idea what might be wrong ? thanks in advance Wlodek ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] unsubscribe
___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] htb problem
Thx a lot for help , I finally managed to rebuild my firewall script, for people who have same problem as I had, I can say that the problem lies in propper packet marking (iptables) , sample lines from my firewall script : iptables -t mangle -I PREROUTING -i eth0 -p tcp --dport 21 -j MARK --set-mark 2 iptables -t mangle -I PREROUTING -i eth0 -p tcp --dport 443 -j MARK --set-mark 3 it's ofcourse not the only way to mark them, http://www.docum.org/stef.coene/qos/kptd/ is very useful with that. regards, Ratel <[EMAIL PROTECTED]> - Original Message - From: "Stef Coene" <[EMAIL PROTECTED]> To: "Ratel" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, June 12, 2003 9:35 PM Subject: Re: [LARTC] htb problem > On Thursday 12 June 2003 21:21, Ratel wrote: > > Hi, > > > > I have some interesting problem with htb , I set up root class and > > sub-classess: > > > > $TC qdisc add dev eth0 root handle 1: htb > > $TC class add dev eth0 parent 1: classid 1:1 htb rate 1990kbit ceil > > 2000kbit $TC class add dev eth0 parent 1:1 classid 1:10 htb rate 190kbit > > ceil 200kbit $TC class add dev eth0 parent 1:1 classid 1:11 htb rate > > 1400kbit ceil 1600kbit > > $TC class add dev eth0 parent 1:1 classid 1:12 htb rate 1000kbit ceil > > 1500kbit > > $TC class add dev eth0 parent 1:1 classid 1:13 htb rate 1000kbit ceil > > 1500kbit > > $TC class add dev eth0 parent 1:1 classid 1:14 htb rate 1000kbit ceil > > 1200kbit > The sum of the rates of the childs should be <= rate of parent. In your case > 1400 + 1000 + 1000 + 1000 = 4400 and your parent rate is 1990. It's not > needed, but I recommend it. > > > , filters and queuing disciplines : > > #filter > > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 2 fw flowid > > 1:10 classid 1:10 > > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 3 fw flowid > > 1:11 classid 1:11 > > $TC filter add dev eth0 protocol ip parent 1:0 prio 2 handle 4 fw flowid > > 1:12 classid 1:12 > > $TC filter add dev eth0 protocol ip parent 1:0 prio 3 handle 5 fw flowid > > 1:13 classid 1:13 > > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 6 fw flowid > > 1:14 classid 1:14 > > (note the packet marking classifier) > And I also note the different prios. That's not needed. Prio determines the > order the filters are checked. In your case it doesn't matter. > > > adequate lines from firewall script : > > [...] > > # ftp > > $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state > > NEW,ESTABLISHED -t mangle -j MARK --set-mark 3 > > # ssh > > $$IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state > > NEW,ESTABLISHED -t mangle -j MARK --set-mark 2 > > # smtp > > $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state > > NEW,ESTABLISHED -t mangle -j MARK --set-mark 4 > > [...] > Mhh. Can you check with iptables -L -v -n that your packets are marked? And > can you tell us what's your setup ? I mean wich nic is connected to the > internet, what do you want to shape, is this also a firewall? And try > marking in the PREROUTING tables. > > > Stef > > -- > > [EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] htb problem
Hi, I have some interesting problem with htb , I set up root class and sub-classess: $TC qdisc add dev eth0 root handle 1: htb $TC class add dev eth0 parent 1: classid 1:1 htb rate 1990kbit ceil 2000kbit $TC class add dev eth0 parent 1:1 classid 1:10 htb rate 190kbit ceil 200kbit $TC class add dev eth0 parent 1:1 classid 1:11 htb rate 1400kbit ceil 1600kbit $TC class add dev eth0 parent 1:1 classid 1:12 htb rate 1000kbit ceil 1500kbit $TC class add dev eth0 parent 1:1 classid 1:13 htb rate 1000kbit ceil 1500kbit $TC class add dev eth0 parent 1:1 classid 1:14 htb rate 1000kbit ceil 1200kbit , filters and queuing disciplines : #filter $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 2 fw flowid 1:10 classid 1:10 $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 3 fw flowid 1:11 classid 1:11 $TC filter add dev eth0 protocol ip parent 1:0 prio 2 handle 4 fw flowid 1:12 classid 1:12 $TC filter add dev eth0 protocol ip parent 1:0 prio 3 handle 5 fw flowid 1:13 classid 1:13 $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 6 fw flowid 1:14 classid 1:14 (note the packet marking classifier) adequate lines from firewall script : [...] # ftp $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW,ESTABLISHED -t mangle -j MARK --set-mark 3 # ssh $$IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW,ESTABLISHED -t mangle -j MARK --set-mark 2 # smtp $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -t mangle -j MARK --set-mark 4 [...] #qdisc $TC qdisc add dev eth0 parent 1:10 handle 20: sfq perturb 10 $TC qdisc add dev eth0 parent 1:11 handle 30: sfq perturb 10 $TC qdisc add dev eth0 parent 1:12 handle 40: sfq perturb 10 $TC qdisc add dev eth0 parent 1:13 handle 50: sfq perturb 10 $TC qdisc add dev eth0 parent 1:14 handle 60: sfq perturb 10 the problem is - all the traffic goes only through root class '1:' #tc -s qdisc ls dev eth0 qdisc sfq 60: quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc pfifo 50: limit 5p Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc pfifo 40: limit 5p Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc pfifo 30: limit 5p Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc pfifo 20: limit 5p Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc htb 1: r2q 10 default 0 direct_packets_stat 671 Sent 392890 bytes 671 pkts (dropped 0, overlimits 0) I'd be very grateful , if you could help me with this. thanks in advance. Ratel .at. aonet.pl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/