Re: [LARTC] Bridge with Traffic shaping
> I think I caused unnecessary alarm. There was actually > a network cable connecting my router and hub behind the linux > box that does the shaping, duh :-) I forgot to pull it out once I > move some servers around causing very little traffic to go through > the box doing the shaping. :) > This seems to be working now. Are there tools that I can test this > with. Traffic seems to go through all classes now and there is good > amount of borrowed and lended packets on all classes. I have some scripts that generate graphs based on the output of tc. See www.docum.org under "gui". There is a link to an example setup that monitors my internet connection at home. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bridge with Traffic shaping
Hi Stef I think I caused unnecessary alarm. There was actually a network cable connecting my router and hub behind the linux box that does the shaping, duh :-) I forgot to pull it out once I move some servers around causing very little traffic to go through the box doing the shaping. On Mon, 2002-07-29 at 14:54, Stef Coene wrote: > > If I understand correctly I can shape incoming traffic by setting > > up a qdisc on eth0 and filters that match any of the ip addresses > > in my public subnet sitting behind the linux box that currently does > > the traffic shaping. > But all traffic coming on eth0 is leaving eht1 and vice versa. So shaping > incoming traffic on eth0 is the same as shaping outgoing traffic on eth1. This seems to be working now. Are there tools that I can test this with. Traffic seems to go through all classes now and there is good amount of borrowed and lended packets on all classes. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bridge with Traffic shaping
does not HTB only shape on outgoing traffic? unless you start doing some ingress queues? - Original Message - From: "Stef Coene" <[EMAIL PROTECTED]> To: "Roché Compaan" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, July 29, 2002 5:54 AM Subject: Re: [LARTC] Bridge with Traffic shaping > If I understand correctly I can shape incoming traffic by setting > up a qdisc on eth0 and filters that match any of the ip addresses > in my public subnet sitting behind the linux box that currently does > the traffic shaping. But all traffic coming on eth0 is leaving eht1 and vice versa. So shaping incoming traffic on eth0 is the same as shaping outgoing traffic on eth1. > No packets seem to match any of the other classes although tcpdump > confirms that there are definitely traffic destined for the ip addresses > mentioned in my filters. Mhh. It should work. I will think about it tonight. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bridge with Traffic shaping
> If I understand correctly I can shape incoming traffic by setting > up a qdisc on eth0 and filters that match any of the ip addresses > in my public subnet sitting behind the linux box that currently does > the traffic shaping. But all traffic coming on eth0 is leaving eht1 and vice versa. So shaping incoming traffic on eth0 is the same as shaping outgoing traffic on eth1. > No packets seem to match any of the other classes although tcpdump > confirms that there are definitely traffic destined for the ip addresses > mentioned in my filters. Mhh. It should work. I will think about it tonight. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Bridge with Traffic shaping
> what kinda bridge are you using? > bridge-nf? if you are it says it only supports iptables, you would have to > mark the packets then use filter to put the marked packets into > teh correct > queue for managing Yes I'm using bridge-nf, but as far as I understand bridge-nf doesn't require iptables for shaping - you only need to patch your kernel if you _want_ to use iptables. I am in any case not using "fw" but using "u32" which should match anything in a packet header. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bridge with Traffic shaping
what kinda bridge are you using? bridge-nf? if you are it says it only supports iptables, you would have to mark the packets then use filter to put the marked packets into teh correct queue for managing - Original Message - From: "Roché Compaan" <[EMAIL PROTECTED]> To: "Stef Coene" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, July 28, 2002 10:27 PM Subject: RE: [LARTC] Bridge with Traffic shaping > On Saturday 27 July 2002 19:56, Roché Compaan wrote: > > Hi, > > > > I am fairly new to routing and traffic control but I with the > > help of the lartc howto I managed to setup a bridge with htb > > traffic control. The traffic shapping does not seem to work > > as I expected and I would really appreciate if somebody > > can tell my why this is the case. > > > > My setup: > > I have a DSL router connecting a /28 network to the internet. > > I put a linux box with 2 ethernet cards between my router and > > the rest of the subnet. I set up the linux box as an ethernet > > bridge where the 2 ethernet cards has no ip address and the > > bridge has an ip address. I patched the kernel with the IMQ > > patch so that I can shape incoming traffic. eth0 is connected > > to the router and eth1 is connect to the rest of the public > > subnet. I have an iptables rule that routes all traffic on eth1 > > to the imq device. > If you put all incoming traffic on eth1 in the imq device, why > don't you use > the outgoing traffic on eth0 do the same shaping? All traffic > entering the > box on eth1 leaves the box on eth0. That way you don't need the > imq device. If I understand correctly I can shape incoming traffic by setting up a qdisc on eth0 and filters that match any of the ip addresses in my public subnet sitting behind the linux box that currently does the traffic shaping. Ok, I tried this but all traffic still seems to match only the default htb class. Here's my tc script: #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.53 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.54 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.55 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.51 flowid 1:11 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.52 flowid 1:11 And this is the ouput of "tc -s -d class show dev eth0": class htb 1:1 root prio 0 rate 128Kbit ceil 128Kbit burst 1753b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 1638 level 3 Sent 83954 bytes 576 pkts (dropped 0, overlimits 0) rate 30bps lended: 114 borrowed: 0 giants: 0 injects: 0 tokens: 101 ctokens: 101 class htb 1:10 parent 1:1 prio 0 rate 64Kbit ceil 128Kbit burst 1679b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 819 level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 205 ctokens: 107 class htb 1:12 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 12864 bytes 215 pkts (dropped 0, overlimits 0) rate 30bps lended: 215 borrowed: 0 giants: 0 injects: 0 tokens: 387 ctokens: 104 class htb 1:11 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 71090 bytes 361 pkts (dropped 0, overlimits 97) lended: 247 borrowed: 114 giants: 0 injects: 0 tokens: 373 ctokens: 101 No packets seem to match any of the other classes although tcpdump confirms that there are definitely traffic destined for the ip addresses mentioned in my filters. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Bridge with Traffic shaping
> On Saturday 27 July 2002 19:56, Roché Compaan wrote: > > Hi, > > > > I am fairly new to routing and traffic control but I with the > > help of the lartc howto I managed to setup a bridge with htb > > traffic control. The traffic shapping does not seem to work > > as I expected and I would really appreciate if somebody > > can tell my why this is the case. > > > > My setup: > > I have a DSL router connecting a /28 network to the internet. > > I put a linux box with 2 ethernet cards between my router and > > the rest of the subnet. I set up the linux box as an ethernet > > bridge where the 2 ethernet cards has no ip address and the > > bridge has an ip address. I patched the kernel with the IMQ > > patch so that I can shape incoming traffic. eth0 is connected > > to the router and eth1 is connect to the rest of the public > > subnet. I have an iptables rule that routes all traffic on eth1 > > to the imq device. > If you put all incoming traffic on eth1 in the imq device, why > don't you use > the outgoing traffic on eth0 do the same shaping? All traffic > entering the > box on eth1 leaves the box on eth0. That way you don't need the > imq device. If I understand correctly I can shape incoming traffic by setting up a qdisc on eth0 and filters that match any of the ip addresses in my public subnet sitting behind the linux box that currently does the traffic shaping. Ok, I tried this but all traffic still seems to match only the default htb class. Here's my tc script: #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.53 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.54 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.55 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.51 flowid 1:11 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.52 flowid 1:11 And this is the ouput of "tc -s -d class show dev eth0": class htb 1:1 root prio 0 rate 128Kbit ceil 128Kbit burst 1753b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 1638 level 3 Sent 83954 bytes 576 pkts (dropped 0, overlimits 0) rate 30bps lended: 114 borrowed: 0 giants: 0 injects: 0 tokens: 101 ctokens: 101 class htb 1:10 parent 1:1 prio 0 rate 64Kbit ceil 128Kbit burst 1679b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 819 level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 205 ctokens: 107 class htb 1:12 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 12864 bytes 215 pkts (dropped 0, overlimits 0) rate 30bps lended: 215 borrowed: 0 giants: 0 injects: 0 tokens: 387 ctokens: 104 class htb 1:11 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 71090 bytes 361 pkts (dropped 0, overlimits 97) lended: 247 borrowed: 114 giants: 0 injects: 0 tokens: 373 ctokens: 101 No packets seem to match any of the other classes although tcpdump confirms that there are definitely traffic destined for the ip addresses mentioned in my filters. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bridge with Traffic shaping
On Saturday 27 July 2002 19:56, Roché Compaan wrote: > Hi, > > I am fairly new to routing and traffic control but I with the > help of the lartc howto I managed to setup a bridge with htb > traffic control. The traffic shapping does not seem to work > as I expected and I would really appreciate if somebody > can tell my why this is the case. > > My setup: > I have a DSL router connecting a /28 network to the internet. > I put a linux box with 2 ethernet cards between my router and > the rest of the subnet. I set up the linux box as an ethernet > bridge where the 2 ethernet cards has no ip address and the > bridge has an ip address. I patched the kernel with the IMQ > patch so that I can shape incoming traffic. eth0 is connected > to the router and eth1 is connect to the rest of the public > subnet. I have an iptables rule that routes all traffic on eth1 > to the imq device. If you put all incoming traffic on eth1 in the imq device, why don't you use the outgoing traffic on eth0 do the same shaping? All traffic entering the box on eth1 leaves the box on eth0. That way you don't need the imq device. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
