Re: [LARTC] htb not hard limiting correctly
On Sun, 21 Sep 2003, Abraham van der Merwe wrote: I am not sure, but I think if you classify your packet in PREROUTING chain it will works fine Hi! This morning one of our major links died and suddenly I was streaming 1mbit of traffic through 256kbit (one of our backup links), but it just doesn't work. The client is still doing in the region of 350kbit/s (the link capacity is 512kbit). Here is my config: snip -- snip -- snip tc qdisc add dev eth1 root handle 1: htb default 4 r2q 5 tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth1 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth1 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth1 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth1 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth1 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth1 handle 4: parent 1:4 sfq perturb 10 limit 84 tc qdisc add dev eth0 root handle 1: htb default 4 r2q 5 tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth0 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth0 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth0 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth0 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth0 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth0 handle 4: parent 1:4 sfq perturb 10 limit 84 snip -- snip -- snip I'm tagging packets with the netfilter CLASSIFY patch. I've got a user-defined chain in the mangle table and I redirect all traffic from the POSTROUTING chain into that and add rules like this: iptables -t mangle -N qos iptables -t mangle -A POSTROUTING -j qos and then these rules for the ftc rules above: snip -- snip -- snip iptables -t mangle -A qos -o eth1 -d 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth1 -d 66.8.28.32/27 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.32/27 -j CLASSIFY --set-class 1:3 snip -- snip -- snip The class which is not shaping correctly is 1:3 - it has a rate of 64kbit and a ceil of 256kbit so it should be limited to 256kbit even if there is 512kbit of traffic available. Any ideas what I did wrong or is this a bug? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] htb not hard limiting correctly
Hi Mahmoud @2003.09.22_11:44:01_+0200
(a) You can't put it in PREROUTING - the CLASSIFY patch don't allow that:
from net/ipv4/netfilter/ipt_CLASSIFY.c:
snip -- snip -- snip
if (hook_mask ~(1 NF_IP_POST_ROUTING)) {
printk(KERN_ERR CLASSIFY: only valid in POST_ROUTING.\n);
return 0;
}
snip -- snip -- snip
Would you mind telling me why you suggested PREROUTING?
(b)
I discovered some serious problems in my ruleset below which I fixed in the
meantime (Notice all the qdiscs have the same major id - they're supposed to
be unique for each qdisc, i.e. the sfq qdisc's and the two htb qdisc's
should have different major numbers)
(c)
One thing I discovered as well is that if all traffic goes through one of
our backup links, the line is so congested that I still get around double
the traffic incoming on the qos box itself. If I check on a box behind it
you can see that that class is shaped correctly, the requests are just
flooding in at such a pace that it still eats up twice the bandwidth!
I am not sure, but I think if you classify your packet in PREROUTING chain
it will works fine
Hi!
This morning one of our major links died and suddenly I was streaming 1mbit
of traffic through 256kbit (one of our backup links), but it just doesn't
work. The client is still doing in the region of 350kbit/s (the link
capacity is 512kbit). Here is my config:
snip -- snip -- snip
tc qdisc add dev eth1 root handle 1: htb default 4 r2q 5
tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit
tc class add dev eth1 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1
tc qdisc add dev eth1 handle 2: parent 1:2 sfq perturb 10 limit 84
tc class add dev eth1 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3
tc qdisc add dev eth1 handle 3: parent 1:3 sfq perturb 10 limit 42
tc class add dev eth1 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2
tc qdisc add dev eth1 handle 4: parent 1:4 sfq perturb 10 limit 84
tc qdisc add dev eth0 root handle 1: htb default 4 r2q 5
tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1
tc qdisc add dev eth0 handle 2: parent 1:2 sfq perturb 10 limit 84
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3
tc qdisc add dev eth0 handle 3: parent 1:3 sfq perturb 10 limit 42
tc class add dev eth0 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2
tc qdisc add dev eth0 handle 4: parent 1:4 sfq perturb 10 limit 84
snip -- snip -- snip
I'm tagging packets with the netfilter CLASSIFY patch. I've got a
user-defined chain in the mangle table and I redirect all traffic from the
POSTROUTING chain into that and add rules like this:
iptables -t mangle -N qos
iptables -t mangle -A POSTROUTING -j qos
and then these rules for the ftc rules above:
snip -- snip -- snip
iptables -t mangle -A qos -o eth1 -d 66.8.28.92/30 -j CLASSIFY --set-class 1:2
iptables -t mangle -A qos -o eth1 -d 66.8.28.160/27 -j CLASSIFY --set-class 1:2
iptables -t mangle -A qos -o eth1 -d 168.210.55.0/24 -j CLASSIFY --set-class 1:2
iptables -t mangle -A qos -o eth1 -d 168.210.54.80/29 -j CLASSIFY --set-class 1:2
iptables -t mangle -A qos -o eth1 -d 168.210.56.0/24 -j CLASSIFY --set-class 1:3
iptables -t mangle -A qos -o eth1 -d 66.8.28.32/27 -j CLASSIFY --set-class 1:3
iptables -t mangle -A qos -o eth0 -s 66.8.28.92/30 -j CLASSIFY --set-class 1:2
iptables -t mangle -A qos -o eth0 -s 66.8.28.160/27 -j CLASSIFY --set-class 1:2
iptables -t mangle -A qos -o eth0 -s 168.210.55.0/24 -j CLASSIFY --set-class 1:2
iptables -t mangle -A qos -o eth0 -s 168.210.54.80/29 -j CLASSIFY --set-class 1:2
iptables -t mangle -A qos -o eth0 -s 168.210.56.0/24 -j CLASSIFY --set-class 1:3
iptables -t mangle -A qos -o eth0 -s 66.8.28.32/27 -j CLASSIFY --set-class 1:3
snip -- snip -- snip
The class which is not shaping correctly is 1:3 - it has a rate of 64kbit
and a ceil of 256kbit so it should be limited to 256kbit even if there is
512kbit of traffic available.
Any ideas what I did wrong or is this a bug?
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--
Regards
Abraham
But Officer, I stopped for the last one, and it was green!
___
Abraham vd Merwe - Frogfoot Networks CC
9 Kinnaird Court, 33 Main Street, Newlands, 7700
Phone: +27 21 686 1665 Cell: +27 82 565 4451
Http: http://www.frogfoot.net/ Email: [EMAIL PROTECTED]
[LARTC] htb not hard limiting correctly
Hi! This morning one of our major links died and suddenly I was streaming 1mbit of traffic through 256kbit (one of our backup links), but it just doesn't work. The client is still doing in the region of 350kbit/s (the link capacity is 512kbit). Here is my config: snip -- snip -- snip tc qdisc add dev eth1 root handle 1: htb default 4 r2q 5 tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth1 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth1 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth1 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth1 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth1 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth1 handle 4: parent 1:4 sfq perturb 10 limit 84 tc qdisc add dev eth0 root handle 1: htb default 4 r2q 5 tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit tc class add dev eth0 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1 tc qdisc add dev eth0 handle 2: parent 1:2 sfq perturb 10 limit 84 tc class add dev eth0 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3 tc qdisc add dev eth0 handle 3: parent 1:3 sfq perturb 10 limit 42 tc class add dev eth0 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2 tc qdisc add dev eth0 handle 4: parent 1:4 sfq perturb 10 limit 84 snip -- snip -- snip I'm tagging packets with the netfilter CLASSIFY patch. I've got a user-defined chain in the mangle table and I redirect all traffic from the POSTROUTING chain into that and add rules like this: iptables -t mangle -N qos iptables -t mangle -A POSTROUTING -j qos and then these rules for the ftc rules above: snip -- snip -- snip iptables -t mangle -A qos -o eth1 -d 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth1 -d 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth1 -d 66.8.28.32/27 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.92/30 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 66.8.28.160/27 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.55.0/24 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.54.80/29 -j CLASSIFY --set-class 1:2 iptables -t mangle -A qos -o eth0 -s 168.210.56.0/24 -j CLASSIFY --set-class 1:3 iptables -t mangle -A qos -o eth0 -s 66.8.28.32/27 -j CLASSIFY --set-class 1:3 snip -- snip -- snip The class which is not shaping correctly is 1:3 - it has a rate of 64kbit and a ceil of 256kbit so it should be limited to 256kbit even if there is 512kbit of traffic available. Any ideas what I did wrong or is this a bug? -- Regards Abraham Bernard Shaw is an excellent man; he has not an enemy in the world, and none of his friends like him either. -- Oscar Wilde ___ Abraham vd Merwe - Frogfoot Networks CC 9 Kinnaird Court, 33 Main Street, Newlands, 7700 Phone: +27 21 686 1665 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/ Email: [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
