[LARTC] Please: judge this script
I copied and tried to adapt to my necessities the
excellent script of Pedro Larroy, but I am inexperienced in QoS and I have
doubts.
I havecablemodem to Internet 1024kbit down
and 256kbit up,througheth0. The LAN haseth1 and NAT.
I formed the band so that shaping goes by
theeth1 (of the LAN) with bandwidth maximum CEIL=768.
But I observe that the trafficsometimes
acceleratesand other momentsstops.
Please, you they could say to me what is bad of
script that I pastebelow??? (iptables mangle mark ports 54xxx is for
emule)
Thanks for its patience.
--paste
script-
CEIL=768
#Primero borrar todas las bandas que pudiera
haber
tc qdisc del dev eth1 root
#Se crea la banda principal root 1, cuyos paquetes
por defecto van a la banda 1
tc qdisc add dev eth1 root handle 1: htb default
15
tc class add dev eth1 parent 1: classid 1:1 htb
rate ${CEIL}kbit ceil ${CEIL}kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb
rate 270kbit ceil 270kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:11 htb
rate 270kbit ceil ${CEIL}kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:12 htb
rate 68kbit ceil ${CEIL}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb
rate 68kbit ceil ${CEIL}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:14 htb
rate 34kbit ceil ${CEIL}kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:15 htb
rate 100kbit ceil ${CEIL}kbit prio 1
#Se asocia la cola sfq con la banda
hija
tc qdisc add dev eth1 parent 1:11 handle 110: sfq
perturb 10
tc qdisc add dev eth1 parent 1:12 handle 120: sfq
perturb 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq
perturb 10
tc qdisc add dev eth1 parent 1:14 handle 140: sfq
perturb 10
tc qdisc add dev eth1 parent 1:15 handle 150: sfq
perturb 10
#Se asocian las marcas que hubiera en iptables
mangle con las bandas respectivas
tc filter add dev eth1 protocol ip parent 1:0 prio
1 handle 1 fw classid 1:10
tc filter add dev eth1 protocol ip parent 1:0 prio
2 handle 2 fw classid 1:11
tc filter add dev eth1 protocol ip parent 1:0 prio
3 handle 3 fw classid 1:12
tc filter add dev eth1 protocol ip parent 1:0 prio
4 handle 4 fw classid 1:13
tc filter add dev eth1 protocol ip parent 1:0 prio
5 handle 5 fw classid 1:14
tc filter add dev eth1 protocol ip parent 1:0 prio
6 handle 6 fw classid 1:15
#Se dan las reglas iptables para marcar lo que nos
interesa
$IPTABLES -t mangle -A PREROUTING -p icmp -j MARK
--set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -p icmp -j
RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Minimize-Delay -j MARK --set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Minimize-Delay -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Minimize-Cost -j MARK --set-mark 0x5
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Minimize-Cost -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Maximize-Throughput -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Maximize-Throughput -j RETURN
#Esto prioriza paquetes del puerto
seteado
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp
--sport 80 -j MARK --set-mark 0x2$IPTABLES -t mangle -A PREROUTING -p tcp -m
tcp --sport 80 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp
--sport 80 -j MARK --set-mark 0x2$IPTABLES -t mangle -A PREROUTING -p udp -m
udp --sport 80 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp
--sport 54661 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp
-m tcp --sport 54661 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m
tcp --sport 54662 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p
tcp -m tcp --sport 54662 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp
-m tcp --sport 56881 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING
-p tcp -m tcp --sport 56881 -j RETURN$IPTABLES -t mangle -A PREROUTING -p
tcp -m tcp --sport 54711 -j MARK --set-mark 0x6$IPTABLES -t mangle -A
PREROUTING -p tcp -m tcp --sport 54711 -j RETURN$IPTABLES -t mangle -A
PREROUTING -p udp -m udp --sport 54665 -j MARK --set-mark 0x6$IPTABLES -t
mangle -A PREROUTING -p udp -m udp --sport 54665 -j RETURN$IPTABLES -t
mangle -A PREROUTING -p udp -m udp --sport 54672 -j MARK --set-mark
0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j
RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j MARK
--set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881
-j RETURN
#Esto prioriza paquetes al comienzo de conexiones
tcp con SYN flag
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp
--tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1$IPTABLES -t mangle -A
PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
#Cierra reglas de la tabla prerouting
mangle
$IPTABLES -t mangle -A PREROUTING -j MARK
--set-mark 0x6
#Todo lo mismo que lo anterior, pero en OUTPUT,
para trafico generado localmente
$IPTABLES -t mangle -A OUTPUT -p
Re: [LARTC] Please: judge this script
On Wednesday 06 July 2005 16:05, Ricardo Chamorro wrote:
CEIL=768
[...]
tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil
${CEIL}kbit
I don't know if it's the cause of your problems, but the children of this
class altogether have a guaranteed rate of 810kbit, whereas the parent
only has 768kbit. It's hard to tell what HTB does in this case, so you
should make sure that the children's rates add up to the parent's rate.
Another problem could probably be that you are using a lot of SFQ qdiscs.
If every single one of them can queue 128 packets, it might be too much.
I reduced the SFQ queue length to 16 on my system for that reason.
I also had a lot of weird thing happening due to the prio parameter of HTB.
I think it's best not to use it in the beginning and only start
experimenting with that parameter when you really need it.
Are you shaping upload traffic at all? You don't really have much influence
on download traffic (all HTB can do is drop packets). A shaping setup
without upload shaping makes hardly any sense.
Also, in your setup you limit eth1 to 768kbit in total. That's fine as long
as there is no LAN traffic on that machine. However, that's hardly ever
the case - as soon as you SSH on your machine, or use some kind of proxy
(DNS caching, squid, ...), this LAN traffic will have to use the same
classes as your internet download traffic, thus interfering with download
speeds.
HTH
Andreas
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Please: judge this script
- Original Message - From: Andreas Klauer [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Sent: Wednesday, July 06, 2005 12:38 PM Subject: Re: [LARTC] Please: judge this script class altogether have a guaranteed rate of 810kbit, whereas the parent only has 768kbit. Oh Yes... thanks for your judgment so detailed... that went an error, when increasing one of the values I forgot to reduce it to the other class. After this correction the rate raised vertiginously. Of 4kbit of download in emule, now is 30 to 35 kb! In addition the load of www pages and pop3 works much more fast. Another problem could probably be that you are using a lot of SFQ qdiscs. If every single one of them can queue 128 packets, it might be too much. I reduced the SFQ queue length to 16 on my system for that reason. I also had a lot of weird thing happening due to the prio parameter of HTB. I think it's best not to use it in the beginning and only start experimenting with that parameter when you really need it. You think that it would be necessary to make these changes now? Are you shaping upload traffic at all? You don't really have much influence on download traffic (all HTB can do is drop packets). A shaping setup without upload shaping makes hardly any sense. In this case what would have to add I to script? I imagine that I would have to apply all the same rules, equal these, but with the CEIL value upload (256 kbit) and pointing at the NIC eth0 (to ISP)... This is well? And the rules of iptables would be equal? That is: - t mangle PREROUTING pointing to the ports of destination (dport instead of sport)? Also, in your setup you limit eth1 to 768kbit in total. That's fine as long as there is no LAN traffic on that machine. However, that's hardly ever the case - as soon as you SSH on your machine, or use some kind of proxy (DNS caching, squid, ...), this LAN traffic will have to use the same classes as your internet download traffic, thus interfering with download speeds. Is a router Debian (kernel to 2,4,25) that only does NAT and firewall with iptables (its runs in a 486 DX4100 with 96MB RAM and two HD of 1GB each one... ;-). Not squid, not samba, not bind... Nothing except router of Inet and NAT. What would have to do? Best regards Ricardo ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Please: Judge this script
I copied and tried to adapt to my necessities the
excellent script of Pedro Larroy, but I am inexperienced in QoS and I have
doubts. I havecablemodem to Internet 1024kbit down and 256kbit
up,througheth0. The LAN haseth1 and NAT.
I formed the band so that shaping goes by
theeth1 (of the LAN) with bandwidth maximum CEIL=768.
But I observe that the trafficsometimes
acceleratesand other momentsstops.
Please, you they could say to me what is bad of
script that I pastebelow???
Thanks for its patience.
--paste
script-
CEIL=768
#Primero borrar todas las bandas que pudiera
haber
tc qdisc del dev eth1 root
#Se crea la banda principal root 1, cuyos paquetes
por defecto van a la banda 1
tc qdisc add dev eth1 root handle 1: htb default
15
tc class add dev eth1 parent 1: classid 1:1 htb
rate ${CEIL}kbit ceil ${CEIL}kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb
rate 270kbit ceil 270kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:11 htb
rate 270kbit ceil ${CEIL}kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:12 htb
rate 68kbit ceil ${CEIL}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb
rate 68kbit ceil ${CEIL}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:14 htb
rate 34kbit ceil ${CEIL}kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:15 htb
rate 100kbit ceil ${CEIL}kbit prio 1
#Se asocia la cola sfq con la banda
hija
tc qdisc add dev eth1 parent 1:11 handle 110: sfq
perturb 10
tc qdisc add dev eth1 parent 1:12 handle 120: sfq
perturb 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq
perturb 10
tc qdisc add dev eth1 parent 1:14 handle 140: sfq
perturb 10
tc qdisc add dev eth1 parent 1:15 handle 150: sfq
perturb 10
#Se asocian las marcas que hubiera en iptables
mangle con las bandas respectivas
tc filter add dev eth1 protocol ip parent 1:0 prio
1 handle 1 fw classid 1:10
tc filter add dev eth1 protocol ip parent 1:0 prio
2 handle 2 fw classid 1:11
tc filter add dev eth1 protocol ip parent 1:0 prio
3 handle 3 fw classid 1:12
tc filter add dev eth1 protocol ip parent 1:0 prio
4 handle 4 fw classid 1:13
tc filter add dev eth1 protocol ip parent 1:0 prio
5 handle 5 fw classid 1:14
tc filter add dev eth1 protocol ip parent 1:0 prio
6 handle 6 fw classid 1:15
#Se dan las reglas iptables para marcar lo que nos
interesa
$IPTABLES -t mangle -A PREROUTING -p icmp -j MARK
--set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -p icmp -j
RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Minimize-Delay -j MARK --set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Minimize-Delay -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Minimize-Cost -j MARK --set-mark 0x5
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Minimize-Cost -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Maximize-Throughput -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -m tos --tos
Maximize-Throughput -j RETURN
#Esto prioriza paquetes del puerto
seteado
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp
--sport 80 -j MARK --set-mark 0x2$IPTABLES -t mangle -A PREROUTING -p tcp -m
tcp --sport 80 -j RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp
--sport 80 -j MARK --set-mark 0x2$IPTABLES -t mangle -A PREROUTING -p udp -m
udp --sport 80 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp
--sport 54661 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p tcp
-m tcp --sport 54661 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp -m
tcp --sport 54662 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p
tcp -m tcp --sport 54662 -j RETURN$IPTABLES -t mangle -A PREROUTING -p tcp
-m tcp --sport 56881 -j MARK --set-mark 0x6$IPTABLES -t mangle -A PREROUTING
-p tcp -m tcp --sport 56881 -j RETURN$IPTABLES -t mangle -A PREROUTING -p
tcp -m tcp --sport 54711 -j MARK --set-mark 0x6$IPTABLES -t mangle -A
PREROUTING -p tcp -m tcp --sport 54711 -j RETURN$IPTABLES -t mangle -A
PREROUTING -p udp -m udp --sport 54665 -j MARK --set-mark 0x6$IPTABLES -t
mangle -A PREROUTING -p udp -m udp --sport 54665 -j RETURN$IPTABLES -t
mangle -A PREROUTING -p udp -m udp --sport 54672 -j MARK --set-mark
0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j
RETURN$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j MARK
--set-mark 0x6$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881
-j RETURN
#Esto prioriza paquetes al comienzo de conexiones
tcp con SYN flag
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp
--tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1$IPTABLES -t mangle -A
PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
#Cierra reglas de la tabla prerouting
mangle
$IPTABLES -t mangle -A PREROUTING -j MARK
--set-mark 0x6
#Todo lo mismo que lo anterior, pero en OUTPUT,
para trafico generado localmente
$IPTABLES -t mangle -A OUTPUT -p icmp -j MARK
--set-mark 0x1
$IPTABLES -t mangle
