Re: [LARTC] htb not hard limiting correctly
On Sun, 21 Sep 2003, Abraham van der Merwe wrote: I am not sure, but I think if you classify your packet in PREROUTING chain it will works fine Hi! This morning one of our major links died and suddenly I was streaming 1mbit of traffic through 256kbit (one of our backup links), but it just doesn't work. The client is still doing in the region of 350kbit/s (the link capacity is 512kbit). Here is my config: snip -- snip -- snip tc qdisc add dev eth1 root handle 1: htb default 4 r2q 5 tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth1 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth1 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth1 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth1 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth1 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth1 handle 4: parent 1:4 sfq perturb 10 limit 84 tc qdisc add dev eth0 root handle 1: htb default 4 r2q 5 tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth0 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth0 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth0 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth0 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth0 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth0 handle 4: parent 1:4 sfq perturb 10 limit 84 snip -- snip -- snip I'm tagging packets with the netfilter CLASSIFY patch. I've got a user-defined chain in the mangle table and I redirect all traffic from the POSTROUTING chain into that and add rules like this: iptables -t mangle -N qos iptables -t mangle -A POSTROUTING -j qos and then these rules for the ftc rules above: snip -- snip -- snip iptables -t mangle -A qos -o eth1 -d 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth1 -d 66.8.28.32/27 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.32/27 -j CLASSIFY --set-class 1:3 snip -- snip -- snip The class which is not shaping correctly is 1:3 - it has a rate of 64kbit and a ceil of 256kbit so it should be limited to 256kbit even if there is 512kbit of traffic available. Any ideas what I did wrong or is this a bug? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] htb not hard limiting correctly
Hi Mahmoud @2003.09.22_11:44:01_+0200 (a) You can't put it in PREROUTING - the CLASSIFY patch don't allow that: from net/ipv4/netfilter/ipt_CLASSIFY.c: snip -- snip -- snip if (hook_mask ~(1 NF_IP_POST_ROUTING)) { printk(KERN_ERR CLASSIFY: only valid in POST_ROUTING.\n); return 0; } snip -- snip -- snip Would you mind telling me why you suggested PREROUTING? (b) I discovered some serious problems in my ruleset below which I fixed in the meantime (Notice all the qdiscs have the same major id - they're supposed to be unique for each qdisc, i.e. the sfq qdisc's and the two htb qdisc's should have different major numbers) (c) One thing I discovered as well is that if all traffic goes through one of our backup links, the line is so congested that I still get around double the traffic incoming on the qos box itself. If I check on a box behind it you can see that that class is shaped correctly, the requests are just flooding in at such a pace that it still eats up twice the bandwidth! I am not sure, but I think if you classify your packet in PREROUTING chain it will works fine Hi! This morning one of our major links died and suddenly I was streaming 1mbit of traffic through 256kbit (one of our backup links), but it just doesn't work. The client is still doing in the region of 350kbit/s (the link capacity is 512kbit). Here is my config: snip -- snip -- snip tc qdisc add dev eth1 root handle 1: htb default 4 r2q 5 tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth1 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth1 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth1 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth1 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth1 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth1 handle 4: parent 1:4 sfq perturb 10 limit 84 tc qdisc add dev eth0 root handle 1: htb default 4 r2q 5 tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth0 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth0 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth0 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth0 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth0 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth0 handle 4: parent 1:4 sfq perturb 10 limit 84 snip -- snip -- snip I'm tagging packets with the netfilter CLASSIFY patch. I've got a user-defined chain in the mangle table and I redirect all traffic from the POSTROUTING chain into that and add rules like this: iptables -t mangle -N qos iptables -t mangle -A POSTROUTING -j qos and then these rules for the ftc rules above: snip -- snip -- snip iptables -t mangle -A qos -o eth1 -d 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth1 -d 66.8.28.32/27 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.32/27 -j CLASSIFY --set-class 1:3 snip -- snip -- snip The class which is not shaping correctly is 1:3 - it has a rate of 64kbit and a ceil of 256kbit so it should be limited to 256kbit even if there is 512kbit of traffic available. Any ideas what I did wrong or is this a bug? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Regards Abraham But Officer, I stopped for the last one, and it was green! ___ Abraham vd Merwe - Frogfoot Networks CC 9 Kinnaird Court, 33 Main Street, Newlands, 7700 Phone: +27 21 686 1665 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/ Email: [EMAIL PROTECTED]
[LARTC] htb not hard limiting correctly
Hi! This morning one of our major links died and suddenly I was streaming 1mbit of traffic through 256kbit (one of our backup links), but it just doesn't work. The client is still doing in the region of 350kbit/s (the link capacity is 512kbit). Here is my config: snip -- snip -- snip tc qdisc add dev eth1 root handle 1: htb default 4 r2q 5 tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth1 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth1 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth1 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth1 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth1 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth1 handle 4: parent 1:4 sfq perturb 10 limit 84 tc qdisc add dev eth0 root handle 1: htb default 4 r2q 5 tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth0 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth0 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth0 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth0 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth0 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth0 handle 4: parent 1:4 sfq perturb 10 limit 84 snip -- snip -- snip I'm tagging packets with the netfilter CLASSIFY patch. I've got a user-defined chain in the mangle table and I redirect all traffic from the POSTROUTING chain into that and add rules like this: iptables -t mangle -N qos iptables -t mangle -A POSTROUTING -j qos and then these rules for the ftc rules above: snip -- snip -- snip iptables -t mangle -A qos -o eth1 -d 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth1 -d 66.8.28.32/27 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.32/27 -j CLASSIFY --set-class 1:3 snip -- snip -- snip The class which is not shaping correctly is 1:3 - it has a rate of 64kbit and a ceil of 256kbit so it should be limited to 256kbit even if there is 512kbit of traffic available. Any ideas what I did wrong or is this a bug? -- Regards Abraham Bernard Shaw is an excellent man; he has not an enemy in the world, and none of his friends like him either. -- Oscar Wilde ___ Abraham vd Merwe - Frogfoot Networks CC 9 Kinnaird Court, 33 Main Street, Newlands, 7700 Phone: +27 21 686 1665 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/ Email: [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/