Re: [LARTC] HTB classifying
Martin Brown has right but his answer is not full. I see at least one error in your script. I see you arew shaping on wlan0. You must know that you can only shape outgoing traffic so if your node is downloading by ftp i'ts ok, but if the node start to upload shaping on wlan0 won't work. In that case you must shape on eth0. And second thing: Because you shape towards 192.168.2.224 you can not write ...ip src 192.168.2.224/32. You must write ...ip dst 192.168.2.224. /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \ match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 Take some more reading :) Good luck. - Original Message - From: Mpourtounis Dimitris [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED] Sent: Saturday, July 24, 2004 11:39 PM Subject: Re: [LARTC] HTB classifying Ok then... BOX with 2 ifaces eth0 : 192.168.1.3/24 , NAT 192.168.2.0/24 wlan0:192.168.2.3/24 , gw 192.168.1.1(it is an adsl mode in fact) All i want to do is make sure that a)node 192.168.2.224 doesnt get more than 50 bits/sec b)its ssh,sftp (port 22) traffic is limited at 30 bits/sec and c)add more shaped nodes in my script. When i start downloading from node, its http taffic for examle is really shaped at 50. When i start downloading via sftp (port 22), its sftp traffic is really shaped at 30. But, if when there is an http as well as an sftp session at the same time, total bandwidth is at 80. Thanks in advance (and sorry for being so short, i will get used to explaining my problems briefly...) #My.notworking.script /sbin/tc qdisc add dev wlan0 root handle 1:0 htb r2q 100 /sbin/tc class add dev wlan0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev wlan0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \ match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev wlan0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 match \ ip src 192.168.2.224/32 classid 1:12 - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED]; Mpourtounis Dimitris [EMAIL PROTECTED] Sent: Friday, January 24, 2003 2:13 AM Subject: Re: [LARTC] HTB classifying OK what's the address of eth0? Is the BOX with NAT ? I think you could send a bit of your true script and describe a bit of your network especially the part when this situation is happeniing . If you really afraid of smth like hack attack change IP adressess. Although i have done so ,you are right. I should have included this too in my (e-mail) configuration... BTW,Any idea of the situation - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED]; Mpourtounis Dimitris [EMAIL PROTECTED] Sent: Friday, January 24, 2003 1:21 AM Subject: Re: [LARTC] HTB classifying Maybe it's my oversight but shoudn't you have tc qdisc add dev eth0 root handle 1:0 htb before rest of your instructions ?? I am trying to shape a client (somewhat advanced). This is my target: Client is 192.168.2.224. I would like to allow him to download with 50 bits/sec in general. But, for a specific port(say 22), i would like him to download with 30 bit/sec only. The problem is that my configuration (maybe wrong) allows him to download with 80 bit/sec. (50 generally + 30 on port 22) I thought that having classes 1:11 and 1:12 being children of a class with rate 50, 50 would be the maximum... Can htb to this? Can another queue do this? /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 classid 1:12 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB classifying
Maybe it's my oversight but shoudn't you have tc qdisc add dev eth0 root handle 1:0 htb before rest of your instructions ?? I am trying to shape a client (somewhat advanced). This is my target: Client is 192.168.2.224. I would like to allow him to download with 50 bits/sec in general. But, for a specific port(say 22), i would like him to download with 30 bit/sec only. The problem is that my configuration (maybe wrong) allows him to download with 80 bit/sec. (50 generally + 30 on port 22) I thought that having classes 1:11 and 1:12 being children of a class with rate 50, 50 would be the maximum... Can htb to this? Can another queue do this? /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 classid 1:12 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB classifying
OK what's the address of eth0? Is the BOX with NAT ? I think you could send a bit of your true script and describe a bit of your network especially the part when this situation is happeniing . If you really afraid of smth like hack attack change IP adressess. Although i have done so ,you are right. I should have included this too in my (e-mail) configuration... BTW,Any idea of the situation - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED]; Mpourtounis Dimitris [EMAIL PROTECTED] Sent: Friday, January 24, 2003 1:21 AM Subject: Re: [LARTC] HTB classifying Maybe it's my oversight but shoudn't you have tc qdisc add dev eth0 root handle 1:0 htb before rest of your instructions ?? I am trying to shape a client (somewhat advanced). This is my target: Client is 192.168.2.224. I would like to allow him to download with 50 bits/sec in general. But, for a specific port(say 22), i would like him to download with 30 bit/sec only. The problem is that my configuration (maybe wrong) allows him to download with 80 bit/sec. (50 generally + 30 on port 22) I thought that having classes 1:11 and 1:12 being children of a class with rate 50, 50 would be the maximum... Can htb to this? Can another queue do this? /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 classid 1:12 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB classifying
Ok then... BOX with 2 ifaces eth0 : 192.168.1.3/24 , NAT 192.168.2.0/24 wlan0:192.168.2.3/24 , gw 192.168.1.1(it is an adsl mode in fact) All i want to do is make sure that a)node 192.168.2.224 doesnt get more than 50 bits/sec b)its ssh,sftp (port 22) traffic is limited at 30 bits/sec and c)add more shaped nodes in my script. When i start downloading from node, its http taffic for examle is really shaped at 50. When i start downloading via sftp (port 22), its sftp traffic is really shaped at 30. But, if when there is an http as well as an sftp session at the same time, total bandwidth is at 80. Thanks in advance (and sorry for being so short, i will get used to explaining my problems briefly...) #My.notworking.script /sbin/tc qdisc add dev wlan0 root handle 1:0 htb r2q 100 /sbin/tc class add dev wlan0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev wlan0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \ match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev wlan0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 match \ ip src 192.168.2.224/32 classid 1:12 - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED]; Mpourtounis Dimitris [EMAIL PROTECTED] Sent: Friday, January 24, 2003 2:13 AM Subject: Re: [LARTC] HTB classifying OK what's the address of eth0? Is the BOX with NAT ? I think you could send a bit of your true script and describe a bit of your network especially the part when this situation is happeniing . If you really afraid of smth like hack attack change IP adressess. Although i have done so ,you are right. I should have included this too in my (e-mail) configuration... BTW,Any idea of the situation - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED]; Mpourtounis Dimitris [EMAIL PROTECTED] Sent: Friday, January 24, 2003 1:21 AM Subject: Re: [LARTC] HTB classifying Maybe it's my oversight but shoudn't you have tc qdisc add dev eth0 root handle 1:0 htb before rest of your instructions ?? I am trying to shape a client (somewhat advanced). This is my target: Client is 192.168.2.224. I would like to allow him to download with 50 bits/sec in general. But, for a specific port(say 22), i would like him to download with 30 bit/sec only. The problem is that my configuration (maybe wrong) allows him to download with 80 bit/sec. (50 generally + 30 on port 22) I thought that having classes 1:11 and 1:12 being children of a class with rate 50, 50 would be the maximum... Can htb to this? Can another queue do this? /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 classid 1:12 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB classifying
Hello Mpourtounis, : When i start downloading from node, its http taffic for examle is : really shaped at 50. When i start downloading via sftp (port 22), : its sftp traffic is really shaped at 30. But, if when there is an : http as well as an sftp session at the same time, total bandwidth is at : 80. You are missing one key piece in your understanding of HTB and that is the difference between using rate and using ceil. : /sbin/tc qdisc add dev wlan0 root handle 1:0 htb r2q 100 : /sbin/tc class add dev wlan0 parent 1: classid 1:10 htb rate 50 : : /sbin/tc class add dev wlan0 parent 1:10 classid 1:11 htb rate 30 : /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \ : match ip src 192.168.2.224/32 \ : match ip sport 80 0x classid 1:11 : : /sbin/tc class add dev wlan0 parent 1:10 classid 1:12 htb rate 50 : /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 match \ : ip src 192.168.2.224/32 classid 1:12 You have a class structure which looks roughly like this: class 1:10, rate 50 [ ceil 50 ] | +-class 1:11, rate 30 [ ceil 30 ] (rate M) \ class 1:12, rate 50 [ ceil 50 ] (rate L) Because you have specified a rate in each leaf class (1:11 and 1:12), your two leaf classes are getting the guaranteed 'rate'. You have guaranteed rate M, 30 (units???) (seems to be 37500bps with my tc) to your class 1:11. You have guaranteed rate L to your class 1:12. HTB will dequeue packets entering this class until rate without examining any other parent class. Because each class is getting its guaranteed rate, HTB is effectively transmitting (dequeuing) packets at 80 (30 + 50). I believe you wish to do the following. Note that I have used the same ratios, but have eliminated some zeroes and changed the units, but simply for readability. class 1:10, rate 500 kbps, ceil 500 kbps | +-class 1:11, rate 100 kbps, ceil 300 kbps \ class 1:12, rate 400 kbps, ceil 500 kbps Thes means that classes 1:11 and 1:12 can transmit up to rates 100 kbps and 400 kbps respectively before HTB starts to calculate borrowing. For more on the borrowing model, see [0], [1] and [2]. The rule you are unwittingly violating is this rule [3]. In short, since HTB will not check any rates or perform any shaping or borrowing until rate is met (exceeded), you must make sure that the sum of the rates of your leaf classes does not exceed the parent classes. As a final note, if you wish to limit your total outgoing bandwidth to only 50 and let HTB help a bit with the borrowing, I would recommend the following model: class 1:10, rate 50, ceil 50 | +-class 1:11, rate 10, ceil 30 \ class 1:12, rate 20, ceil 50 Best of luck, -Martin [0] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#hsharing [1] http://tldp.org/HOWTO/Traffic-Control-HOWTO/classful-qdiscs.html#qc-htb-borrowing [2] http://opalsoft.net/qos/DS-28.htm [3] http://www.docum.org/docum.org/faq/cache/13.html P.S. Just a reminder that with the command line tc, kbps means kilobytes per second. If you want to talk about kilobits per second, use kbit. -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/