Shorewall is awesome! I would like to fiddle with traffic shaping to optimize my home server''s responsiveness when my kids are downloading multiple torrents. Specficially, I use VNC to connect to my remote office VPN when working from home and, of course, I browse the web from home too. When multiple torrents are downloading the responsiveness of both of these apps goes into the toilet. Even more important, I also want to make sure that Cablevision doesn''t cap my upload speed (something which they just did to me last week) because I have swamped my upload bandwidth. I have already read the excellent Shorewall traffic shaping HOWTO and I have tried to follow the WonderShaper example. I am still not clear, however, on how, exactly, to modify this to my needs. Here are some questions: 1) I have used the DSLReports speed text to measure my line speed. The number varies between tests. In tcdevices, do I want to use the smallest number that I have seen? Does the following make sense: eth1 4600kbit 1000kbit 2) Using the examples, here is my tcclasses: eth1 1 100kbit full 1 tcp-ack,tos-minimize-delay eth1 2 100kbit 200kbit 2 eth1 3 full/3 full 3 default If I understand correctly, this means that Class 1 will be the highest priority class and is guaranteed full bandwidth if it needs it, Class 2 will never get more than 200kbit of bandwidth, and Class 3 starts at 1/3 of the bandwidth, can get all of the bandwidth if it needs it, and is the default class for any packets that are not marked otherwise. Is the above correct? Are these sensible settings for what I need to accomplish? 3) Here is the tcrules that I came up with: 1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2 0.0.0.0/0 0.0.0.0/0 udp - 50001:50009 2 0.0.0.0/0 0.0.0.0/0 udp - 50011:50019 Does this make sense? Again, I gleaned these from the example but I''m not sure I understand. Why are the icmp packets in class 1? Why do they need to specify the '':P'' but nothing else does? Most importantly, I''m not certain this will accomplish my goals. By the way, here is the relevant section of my rules file to do port forwarding for my torrent downloads: DNAT net loc:192.168.0.100 tcp 50001:50009 DNAT net loc:192.168.0.101 tcp 50011:50019 Thanks for your help! ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Jake Colman wrote:> Shorewall is awesome! > > I would like to fiddle with traffic shaping to optimize my home server''s > responsiveness when my kids are downloading multiple torrents. Specficially, > I use VNC to connect to my remote office VPN when working from home and, of > course, I browse the web from home too. When multiple torrents are > downloading the responsiveness of both of these apps goes into the toilet. > Even more important, I also want to make sure that Cablevision doesn''t cap my > upload speed (something which they just did to me last week) because I have > swamped my upload bandwidth. > > I have already read the excellent Shorewall traffic shaping HOWTO and I have > tried to follow the WonderShaper example. I am still not clear, however, on > how, exactly, to modify this to my needs. > > Here are some questions: > > 1) I have used the DSLReports speed text to measure my line speed. The > number varies between tests. In tcdevices, do I want to use the smallest > number that I have seen? Does the following make sense: > > eth1 4600kbit 1000kbit > > 2) Using the examples, here is my tcclasses: > > eth1 1 100kbit full 1 tcp-ack,tos-minimize-delay > eth1 2 100kbit 200kbit 2 > eth1 3 full/3 full 3 default > > If I understand correctly, this means that Class 1 will be the highest > priority class and is guaranteed full bandwidth if it needs it, Class 2 > will never get more than 200kbit of bandwidth, and Class 3 starts at 1/3 > of the bandwidth, can get all of the bandwidth if it needs it, and is the > default class for any packets that are not marked otherwise. > > Is the above correct? Are these sensible settings for what I need to > accomplish?Looks ok to me.> > 3) Here is the tcrules that I came up with: > > 1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-request > 1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-reply > 2 0.0.0.0/0 0.0.0.0/0 udp - 50001:50009 > 2 0.0.0.0/0 0.0.0.0/0 udp - 50011:50019 > > Does this make sense?Not much -- bit torrent uses TCP and you are shaping UDP.> Again, I gleaned these from the example but I''m not > sure I understand. Why are the icmp packets in class 1?So you can accurately measure ping times.> Why do they need > to specify the '':P'' but nothing else does?Because the sample isn''t consistent. for the rules that you have, it doesn''t make any difference.> Most importantly, I''m not > certain this will accomplish my goals.It won''t until you change the protocol in your rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom, thanks for your reply but I have some follow up questions. >> 1) I have used the DSLReports speed text to measure my line speed. >> The number varies between tests. In tcdevices, do I want to use the >> smallest number that I have seen? Does the following make sense: >> >> eth1 4600kbit 1000kbit What determines the correct values to use if on multiple runs of speed testing I get different results? Do I want to use the smallest number I''ve seen or some value that is not higher than the typical number I have seen. My understanding is that shaping is more effective if I make sure the number is no larger than what I am expecting to see. Is that correct? Do these numbers seem sensible for a cable modem or is ''kbit'' incorrect? >> >> 2) Using the examples, here is my tcclasses: >> >> eth1 1 100kbit full 1 tcp-ack,tos-minimize-delay >> eth1 2 100kbit 200kbit 2 >> eth1 3 full/3 full 3 default >> >> If I understand correctly, this means that Class 1 will be the highest >> priority class and is guaranteed full bandwidth if it needs it, Class 2 >> will never get more than 200kbit of bandwidth, and Class 3 starts at >> 1/3 of the bandwidth, can get all of the bandwidth if it needs it, and >> is the default class for any packets that are not marked otherwise. >> >> Is the above correct? Are these sensible settings for what I need to >> accomplish? TE> Looks ok to me. Thanks but are these "intelligent" values? I don''t have a feel for what makes sense even if this is technically valid. Is it better for Class 2 to be specified in terms of a fraction of full bandwidth or is it better to be done with specific values? Again, my goal is to limit torrents from chewing up all my bandwidth and making sure that other internet applications work effectively. Also, how does ''rate'' related to ''ceiling''? Will the class only get the specified rate but occasional burts can reach the specified ceiling? >> >> 3) Here is the tcrules that I came up with: >> >> 1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-request >> 1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-reply >> 2 0.0.0.0/0 0.0.0.0/0 udp - 50001:50009 >> 2 0.0.0.0/0 0.0.0.0/0 udp - 50011:50019 >> >> Does this make sense? TE> Not much -- bit torrent uses TCP and you are shaping UDP. >> Most importantly, I''m not >> certain this will accomplish my goals. TE> It won''t until you change the protocol in your rules. So now my tcrules looks as follows: 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2 0.0.0.0/0 0.0.0.0/0 tcp - 50001:50009 2 0.0.0.0/0 0.0.0.0/0 tcp - 50011:50019 But does this make sense for torrents? Torrent ports are for incoming connections, no? So that constitutes download packets. So will this help the upload bandwidth? It is necessary to specify something to make my VNC sessions work better or is that simply handled by the default Class 3? Finally, I guess when all this is nailed down, setting TC_ENABLED=Internal will turn it on. Again, thanks for your help. ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Jake Colman wrote:> ... > But does this make sense for torrents? Torrent ports are for incoming > connections, no? So that constitutes download packets. So will this help > the upload bandwidth?You can only shape OUTGOING traffic. You can''t control the order or priority of incoming packets, so traffic shaping can only be used to control what you''re sending. However, most of the time this has an effect on the reverse direction: because ACKs are required for all TCP packets, if you don''t send the ACK, the other end will eventually slow down to your pace. UDP, although it doesn''t require an ACK, works in a similar way in most applications. BTW, i''ve found that BitTorrent requires both TCP and UDP to function fully - you probably want to include both protocols in your shaping rules, although with UDP it will likely have less effect.> ... > Finally, I guess when all this is nailed down, setting TC_ENABLED=Internal > will turn it on.Yep. Paul ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Paul Gear wrote:> Jake Colman wrote: >> ... >> But does this make sense for torrents? Torrent ports are for incoming >> connections, no? So that constitutes download packets. So will this help >> the upload bandwidth? > > You can only shape OUTGOING traffic. You can''t control the order or > priority of incoming packets, so traffic shaping can only be used to > control what you''re sending. > > However, most of the time this has an effect on the reverse direction: > because ACKs are required for all TCP packets, if you don''t send the > ACK, the other end will eventually slow down to your pace. UDP, > although it doesn''t require an ACK, works in a similar way in most > applications.In the case of Bittorrent though, there can also be substantial upload traffic generated -- Jake''s setup appears correct for throttling that traffic. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key