Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
I found thing which causes this problem. tc filter add dev imq1 protocol ip parent 2:0 pref 4 u32 match ip src ... match ip dst ... flowid 2:$q If parent is 2:0 then I can make many filers But if I use 2:x (other class, x is diffrent that root number) I'll have only limited number of filters. You must set PRIO (= PREF)!... Will someone write patch? ;P It is very important problem! Filters in classes is being better working... (this is my opinion) when you have 5000 filters grouped in classes... (Or any volunteer to teach me how to write patches :P) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
Konrad wrote: We have an error talking to the kernel loops: 684 filters: 4788 classes: 2052 What's wrong? I need more filters :/ I have 2.6.11.11 kernel with new iproute2, u32 match mark support and IMQ (AB)... Everyone can make theoretically 0x (65535) classes and qdiscs on one device. And I think this is true, but I can't add more filters then 4775! :( --- v=1; cnt=0; tc qdisc add dev imq0 root handle 1:0 htb while : [ $v -le 11000 ]; do Loops for ever with the colon after while for me. qu0=`printf "%x\n" $v` qu1=`printf "%x\n" $v` So qu0 = qu1 which makes tc filter add dev imq0 protocol ip parent 1:$qu0 pref 5 u32 match ip dst 192.168.0.5 flowid 1:$qu1 illogical. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
gypsy wrote: Your script must specify a prio. It cannot be 0 and all filters must be given the same value; I use 'prio 5'. OK, but in my script sometimes I need diferent prio in filters. It's very strange problem, because I haven't always limited number of filters. Sometimes I can make more than 32k filters, in other time I can only 6000 :/ Maybe you right... but how can I use more filters, and different prio? -- Konrad Cempura /Lenthir/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
Konrad wrote: > > Szymon Miotk wrote: > > > I have P4 3.0 GHz, 1 GB RAM. > > I have 3500 potential users (top load about 800 users, average 400). I > > have 3 interfaces (2 WAN + 1 LAN), so I have 10500 queues total (3500 on > > each interface). > > The traffic is 24Mbit max, average 20Mbit. > > OK... What's wrong? > > I can only use 4775 filters :/ Konrad, Your script must specify a prio. It cannot be 0 and all filters must be given the same value; I use 'prio 5'. Google "LARTC please document this" for the tail end of the thread from which this comes. It will NEVER get fixed, I think. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
ty (and incomplete) script will set the default policy (-P) of the FORWARD chain to DROP all traffic that is to be forwarded and not handled by any other rule. Once the default policy has been set it flushes (-F) the FORWARD chain to make sure that there were not any old rules lingering arround that could mess things up. The next six rules are in place to explicietly allow just the two machines from three subnets (in this example) to pass traffic through the FORWARD chain on out to a different network. Any traffic that is not explicietly handled by the six rules to allow traffic to be forwarded will meat the last rule which will reject the traffic with a message saying that there is no route to the destination thus making the computers think that they are icolated. As someone else pointed out if you are new to the Linux community you might be better off served by finding someone in your area with more experience at hardening a box and a firewall to help you in this endevor. Or if you are not new to unix or firewalling, just Linux and you need to acclimate your self with the Linux syntax and methodology you will probably be ok. Either way it would probably be worth your time to skim some of the HOW-TOs that are out there, namely the NetFilter HOW-TO as you are asking questions that are answered in it. Grant. . . . -- Message: 4 Date: Thu, 2 Jun 2005 21:22:19 +0200 From: Alberto Torres <[EMAIL PROTECTED]> Subject: [LARTC] iproute + xml To: lartc@mailman.ds9a.nl Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Hello there, i am continuing with the development of the iproute GUI. I was wondering if there is a xml parser for the set up of the queues. I have been searching but i cant find any... anyone? -- Message: 5 Date: Thu, 02 Jun 2005 20:32:25 +0100 From: Andy Furniss <[EMAIL PROTECTED]> Subject: Re: [LARTC] HTB on loopback gives a bit rate multiplied by 8 To: Kiruthika Selvamani <[EMAIL PROTECTED]> Cc: lartc@mailman.ds9a.nl Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Kiruthika Selvamani wrote: >Hi Andy, >Thanks for the suggestion. I changed the MTU to 1500 and it started >working. Is this because HTB shapes traffic based on packet rate >rather than bit rate? How does it use the rate lookup tables? It's not based on packet rate as such, the lookup tables are for the time delay for different packet lengths at the different rates. There is one for each rate and ceil pre calculated for efficiency. Each table has 256 slots so the mtu is needed to fill it efficiently, with normal mtu each slot is 8 bytes apart. If you had told htb the mtu of lo (16436) then each slot would have been calculated to cover a bigger range of bytes. I suppose the giants counter is a warning that these packets are not being shaped properly as they are too big. I suppose devik decided to do this in preference to calculating the delay for every giant so it didn't slow things down too much. Personally I am glad he didn't just use the interface mtu, as my dsl ppp0 gets one of 32k - it never sees a packet bigger than 1500 though, so if htb used 32k the shaping of small packets would be too innacurate. Andy. -- Message: 6 Date: Thu, 2 Jun 2005 16:07:31 -0600 From: "Spencer" <[EMAIL PROTECTED]> Subject: [LARTC] How many (htb) tc classes and qdiscs are too many? To: Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain;charset="iso-8859-1" We have a Linux box that is acting as the gateway to the internet for about 400 people, typically there are not more then 50 of them using the internet at any given time. We would like to provide different levels of access to different users. For example 128kbps to some users and 256kbps to others. We have considered creating a class and qdisc for each user (using htb) however we don't know how much overhead creating 50-200 classes and qdiscs would involve, would this put too much strain on the Linux box? Is it better to create fewer classes and qdisc and assign multiple users to each? I haven't been able to find any test on maximum effect number of qdiscs, but it could be I have just been looking in the wrong place. If any one has any ideas or could point me in the right direction it would be greatly appreciated. Spencer -- Message: 7 Date: Thu, 02 Jun 2005 17:20:44 -0700 From: Stephen Hemminger <[EMAIL PROTECTED]> Subject: [LARTC] Re: [PATCH] Support module autoloading in iproute2 To: [EMAIL PROTECTED] Cc: lartc@mailman.ds9a.nl Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Use module aliases and the kernel will do the autoloading. M
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
Szymon Miotk wrote: I have P4 3.0 GHz, 1 GB RAM. I have 3500 potential users (top load about 800 users, average 400). I have 3 interfaces (2 WAN + 1 LAN), so I have 10500 queues total (3500 on each interface). The traffic is 24Mbit max, average 20Mbit. OK... What's wrong? I can only use 4775 filters :/ This is a reslts of my small script... loops: 674 filters: 4718 classes: 2022 loops: 675 filters: 4725 classes: 2025 loops: 676 filters: 4732 classes: 2028 loops: 677 filters: 4739 classes: 2031 loops: 678 filters: 4746 classes: 2034 loops: 679 filters: 4753 classes: 2037 loops: 680 filters: 4760 classes: 2040 loops: 681 filters: 4767 classes: 2043 loops: 682 filters: 4774 classes: 2046 RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel loops: 683 filters: 4781 classes: 2049 RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel RTNETLINK answers: File exists We have an error talking to the kernel loops: 684 filters: 4788 classes: 2052 What's wrong? I need more filters :/ I have 2.6.11.11 kernel with new iproute2, u32 match mark support and IMQ (AB)... Everyone can make theoretically 0x (65535) classes and qdiscs on one device. And I think this is true, but I can't add more filters then 4775! :( --- v=1; cnt=0; tc qdisc add dev imq0 root handle 1:0 htb while : [ $v -le 11000 ]; do qu0=`printf "%x\n" $v` qu1=`printf "%x\n" $v` qu2=`printf "%x\n" $((v+1))` qu3=`printf "%x\n" $((v+2))` tc class add dev imq0 parent 1:0 classid 1:$qu1 htb rate 1000Mbit ceil 1000Mbit quantum 1500 tc class add dev imq0 parent 1:$qu1 classid 1:$qu2 htb rate 1kbit ceil 1kbit prio 1 quantum 1500 tc class add dev imq0 parent 1:$qu1 classid 1:$qu3 htb rate 1kbit ceil 1kbit prio 2 quantum 1500 tc qdisc add dev imq0 parent 1:$qu2 sfq tc qdisc add dev imq0 parent 1:$qu3 sfq tc filter add dev imq0 protocol ip parent 1:$qu0 pref 5 u32 match ip dst 192.168.0.5 flowid 1:$qu1 tc filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 6 0xff match ip sport 80 0x flowid 1:$qu2 tc filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 6 0xff match ip dport 80 0x flowid 1:$qu2 tc filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 17 0xff match ip sport 53 0x flowid 1:$qu2 tc filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 17 0xff match ip dport 53 0x flowid 1:$qu2 tc filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 1 0xff flowid 1:$qu2 tc filter add dev imq0 protocol ip parent 1:$qu1 pref 7 u32 match ip dst 192.168.0.5 flowid 1:$qu3 let "v=v+3" let "cnt=cnt+1" echo "loops: $cnt filters: $((cnt*7)) classes: $((cnt*3))" done ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
Spencer wrote: We have a Linux box that is acting as the gateway to the internet for about 400 people, typically there are not more then 50 of them using the internet at any given time. We would like to provide different levels of access to different users. For example 128kbps to some users and 256kbps to others. We have considered creating a class and qdisc for each user (using htb) however we don't know how much overhead creating 50-200 classes and qdiscs would involve, would this put too much strain on the Linux box? Is it better to create fewer classes and qdisc and assign multiple users to each? I haven't been able to find any test on maximum effect number of qdiscs, but it could be I have just been looking in the wrong place. If any one has any ideas or could point me in the right direction it would be greatly appreciated. I have P4 3.0 GHz, 1 GB RAM. I have 3500 potential users (top load about 800 users, average 400). I have 3 interfaces (2 WAN + 1 LAN), so I have 10500 queues total (3500 on each interface). The traffic is 24Mbit max, average 20Mbit. Without u32 hashing my box run at 60-70% CPU utilization. After applying hashing the box is running with 25% top utilization, average 15%. The two thing you must remember when running a box for many users: * use iptables chains. I prefer chains of 30-40 entries. * use u32 hashing. This will greatly improve CPU utilization. About 500-1000% in my case. Szymon Miotk ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How many (htb) tc classes and qdiscs are too many?
Spencer wrote: > > Is it > better to create fewer classes and qdisc and assign multiple users to each? > I haven't been able to find any test on maximum effect number of qdiscs, but > it could be I have just been looking in the wrong place. If any one has any > ideas or could point me in the right direction it would be greatly > appreciated. > > Spencer You're not the first person to ask this. AFAIK there is no benchmark. People just do it. I suggest googling this ML for "hash", "internet cafe", "pyshaper", "PaceMaker" and whatever else that leads to. IIRC "hotel" may also be a good search word. Tomasz Paszkowski runs a HUGE script for his HFSC setup. The short answer is that, if you can create a hash that matches, you can reduce the volume of entries; but that is more a convenience than something necessary for efficiency. It takes a HELL of a lot to make Linux groan under the load. I once spent > 1 hour loading ~32K filters, but when the script finished, I could not tell they were there based on the performance of my AMD Duron 1400 CPU, 256Mb RAM equipped Linux box. The following is probably the most useful single site you'll find: http://digriz.org.uk/ -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc