This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig80E766C061E0EF12E528DD37
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

### Sorry for the long mail... :-( ###

Hi folks,

I'm playing with traffic control, trying to improve network
performance, minimizing delay and privileging some hosts, in
a small local ISP, around here.

This sketch tries to show the network structure:

             +------+       +------+       +---+
Internet --- |Cisco | ----- |Linux | ----- |HUB| --- LAN
             |Router|   eth1|Box   |eth0   +---+
             +------+       +------+

Cisco is connected to Internet at 256Kbp/s and LAN runs at
100Mbp/s. Servers in LAN uses public address. Linux box
just do traffic control and packet filtering.

Main problem is a LAN mail server, which generates a lot
of traffic (SMTP in & out, POP out), causing long delays
in web and ssh connections...

So, I write a little script (attached) to try to solve this
issues.

After reading lartc.org docs again, I see that I have made
a grave mistake: filter incoming and outcoming traffic in
the same interface (I still have to fix this...).

Furthermore, script last line gives me an error: 'Unknown
filter "flowid", hence option "1:5" is unparsable'.

---
Q1: How can I solve this parser error?
Q2: Can someone point me a example to filter in/out at the
same interface? I accecpt RTFMs (with links)... :-)
Q3: Just to confirm: is internal interface (etho) the right
place to control traffic?
---

It works, but last class (1:5) doesn't receive traffic,
due parsing error at last line, as we can see:

# tc -s class show dev eth0
class cbq 1: root rate 256Kbit (bounded,isolated) prio no-transmit
 Sent 108298255 bytes 173189 pkts (dropped 0, overlimits 0)
  borrowed 141722 overactions 0 avgidle 24218 undertime 0
class cbq 1:1 parent 1: rate 51Kbit prio 1
 Sent 84552 bytes 744 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 2.85223e+06 undertime 0
class cbq 1:2 parent 1: rate 102Kbit prio 1
 Sent 1643641 bytes 14453 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 902728 undertime 0
class cbq 1:3 parent 1: rate 38Kbit prio 1
 Sent 44100 bytes 80 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 3.94254e+06 undertime 0
class cbq 1:4 parent 1: rate 38Kbit prio 2
 Sent 105178843 bytes 141913 pkts (dropped 0, overlimits 0)
  borrowed 141722 overactions 0 avgidle -3.3321e+06 undertime 3.42344e+06=

class cbq 1:5 parent 1: rate 38Kbit prio 1
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 4.07074e+06 undertime 0

---
Q4: These values at 'avgidle' and 'undertime' make sense?
Q5: There is a better way to improve performance?
Q6: Is it necessary to attach qdiscs to each final class?
There is some kind of advantage in this?
---

Thanks in advance and sorry my poor English...

Script Code:

###

# Internal Interface
IF=3D"eth0"

# Link Speed (Kbp/s)
LINK=3D256

# Percentual
WEB=3D40
SSH=3D20
MAIL=3D15
FTP=3D15
OTHER=3D15

###

# Pseudo-Macros
DEV=3D"dev $IF"
BANDWIDTH=3D"bandwidth ${LINK}kbit"
OPTIONS1=3D"avpkt 1000 cell 8 mpu 64"
OPTIONS2=3D"allot 1514 maxburst 20"
CLASS=3D"tc class add $DEV parent 1: classid"
FILTER=3D"tc filter add $DEV protocol ip parent 1: prio 1"

###

# ROOT QDISC
tc qdisc del $DEV root
tc qdisc add $DEV root handle 1: cbq $BANDWIDTH $OPTIONS1

###

# SSH CLASS
$CLASS 1:1 cbq $BANDWIDTH rate $[$SSH*$LINK/100]kbit \
  weight $[$SSH*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# WEB CLASS
$CLASS 1:2 cbq $BANDWIDTH rate $[$WEB*$LINK/100]kbit \
  weight $[$WEB*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# FTP CLASS
$CLASS 1:3 cbq $BANDWIDTH rate $[$FTP*$LINK/100]kbit \
  weight $[$FTP*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# MAIL CLASS
$CLASS 1:4 cbq $BANDWIDTH rate $[$MAIL*$LINK/100]kbit \
  weight $[$MAIL*$LINK/1000]kbit prio 2 $OPTIONS1 $OPTIONS2

# OTHER CLASS
$CLASS 1:5 cbq $BANDWIDTH rate $[$OTHER*$LINK/100]kbit \
  weight $[$OTHER*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

###

# SSH FILTER
$FILTER u32 match ip dport 22 0xffff flowid 1:1
$FILTER u32 match ip sport 22 0xffff flowid 1:1

# WEB FILTER
$FILTER u32 match ip dport 80 0xffff flowid 1:2
$FILTER u32 match ip sport 80 0xffff flowid 1:2

# FTP FILTER
$FILTER u32 match ip dport 20 0xffff flowid 1:3
$FILTER u32 match ip sport 20 0xffff flowid 1:3
$FILTER u32 match ip dport 21 0xffff flowid 1:3
$FILTER u32 match ip sport 21 0xffff flowid 1:3

# SMTP FILTER
$FILTER u32 match ip dport 25 0xffff flowid 1:4
$FILTER u32 match ip sport 25 0xffff flowid 1:4
$FILTER u32 match ip dport 110 0xffff flowid 1:4
$FILTER u32 match ip sport 110 0xffff flowid 1:4

# OTHER FILTER
$FILTER flowid 1:5

###

Best regards,

--=20

Dorneles Trem=E9a
Caxias do Sul - RS - Brasil
+55 54 9114 9312 - UIN: 2413568
X3ng Web Technology <http://www.x3ng.com.br>

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/IT d- s:->: a23 C+++ UBL++++$ P--- L++ E-- W+++
N++ o? K? w+ O M+ V-- PS+ PE- Y-- PGP++ t+ 5 X++ R+
tv+ b(++) DI+ D++ G+>+++ e++>++++ h---- r+++ y+++**
------END GEEK CODE BLOCK------


--------------enig80E766C061E0EF12E528DD37
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)

iD8DBQE94/9lRWMKWolsw8gRAnUmAKDKon45wY6fVLAlqthQXz3t1SRoUwCg3QCM
M7H+7kI8LBfoyT1p3oWV4zc=
=cj0f
-----END PGP SIGNATURE-----

--------------enig80E766C061E0EF12E528DD37--

On Wednesday 27 November 2002 00:10, Dorneles Trem=E9a wrote:
> ### Sorry for the long mail... :-( ###
>
> Hi folks,
>
> I'm playing with traffic control, trying to improve network
> performance, minimizing delay and privileging some hosts, in
> a small local ISP, around here.
>
> This sketch tries to show the network structure:
>
>              +------+       +------+       +---+
> Internet --- |Cisco | ----- |Linux | ----- |HUB| --- LAN
>
>              |Router|   eth1|Box   |eth0   +---+
>
>              +------+       +------+
>
> Cisco is connected to Internet at 256Kbp/s and LAN runs at
> 100Mbp/s. Servers in LAN uses public address. Linux box
> just do traffic control and packet filtering.
>
> Main problem is a LAN mail server, which generates a lot
> of traffic (SMTP in & out, POP out), causing long delays
> in web and ssh connections...
>
> So, I write a little script (attached) to try to solve this
> issues.
>
> After reading lartc.org docs again, I see that I have made
> a grave mistake: filter incoming and outcoming traffic in
> the same interface (I still have to fix this...).
>
> Furthermore, script last line gives me an error: 'Unknown
> filter "flowid", hence option "1:5" is unparsable'.
>
> ---
> Q1: How can I solve this parser error?
> $FILTER flowid 1:5
You have to match something.  Try this :
$FILTER  u32 match ip src 0/0 flowid 1:5

> Q2: Can someone point me a example to filter in/out at the
> same interface? I accecpt RTFMs (with links)... :-)
> Q3: Just to confirm: is internal interface (etho) the right
> place to control traffic?
You can only shape outgoing traffic with htb or cbq (or you have to use t=
he=20
imq device).  But why not shaping on eth0 _and_ eth1?  Shaping on eth0 is=
 for=20
the traffic that goes to the LAN.  Shaping on eth1 is done for the traffi=
c=20
that goes to the internet.  You have a dedicated shaping box this can=20
perfectly be done.  And it's the best solution.
Shaping incoming traffic can be done, but why if you can shape on both=20
interfaces ??

> Q4: These values at 'avgidle' and 'undertime' make sense?
I think so.  They are used for internal cbq calculations and I have no id=
ea=20
what happens if you change them.

> Q5: There is a better way to improve performance?
Yes.  You add all the class directly to the qdisc and you use the wrong=20
bandwidth parameter.  Bandwidth parameter =3D NIC bandwidth, so 10mbit or=
=20
100mbit.  To share the same bandwidth, you have to add 1 bounded class to=
 the=20
qdisc with rate =3D link bandwidth.  All the other classes are attached t=
o this=20
class (each bandwidth =3D NIC bandwidth).

> Q6: Is it necessary to attach qdiscs to each final class?
No, but the default qdisc is a simple one.  Don't forget that each class =
has=20
always 1 qdisc attached to it, even if you don't add one.

> There is some kind of advantage in this?
If you add a sfq qdisc, data streams within 1 class will get better balan=
ced.

> Thanks in advance and sorry my poor English...
Mine is not better :)

Stef

--=20

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net