On 2/19/07, Salatiel Filho <salatiel.filho@gmail.com> wrote:> Well , thanks to imq all my client machines are now shaped and > everything is great ... > But now i have a doubt , is there a way to shape the traffic that goes > to the route [doing a wget from the router for example ]? > > > I have a PREROUTING IMQ0 and a POSTROUTING IMQ1 , everything is > working like i`d expect but i`d like to be able to shape download from > the router in the same htb qdisc provide by IMQ1. is there a way ? > > -- > []''s > Salatiel > > "O maior prazer do inteligente é bancar o idiota > diante de um idiota que banca o inteligente". >no ideas ? -- []''s Salatiel "O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente". -- []''s Salatiel "O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente".
Salatiel Filho wrote:> On 2/19/07, Salatiel Filho <salatiel.filho@gmail.com> wrote: > >> Well , thanks to imq all my client machines are now shaped and >> everything is great ... >> But now i have a doubt , is there a way to shape the traffic that goes >> to the route [doing a wget from the router for example ]? >> >> >> I have a PREROUTING IMQ0 and a POSTROUTING IMQ1 , everything is >> working like i`d expect but i`d like to be able to shape download from >> the router in the same htb qdisc provide by IMQ1. is there a way ? >> >> -- >> []''s >> Salatiel >> >> "O maior prazer do inteligente é bancar o idiota >> diante de um idiota que banca o inteligente". >> > > no ideas ?Assuming 2.6 You need to use the prerouting imq, but unless you are doing nat and need to seperate local/forwarded you can use ifb and save patching. If you really need imq you will need to check first imq option in kernel config is set to A. Andy.
On 3/22/07, Andy Furniss <lists@andyfurniss.entadsl.com> wrote:> Salatiel Filho wrote: > > On 2/19/07, Salatiel Filho <salatiel.filho@gmail.com> wrote: > > > >> Well , thanks to imq all my client machines are now shaped and > >> everything is great ... > >> But now i have a doubt , is there a way to shape the traffic that goes > >> to the route [doing a wget from the router for example ]? > >> > >> > >> I have a PREROUTING IMQ0 and a POSTROUTING IMQ1 , everything is > >> working like i`d expect but i`d like to be able to shape download from > >> the router in the same htb qdisc provide by IMQ1. is there a way ? > >> > >> -- > >> []''s > >> Salatiel > >> > >> "O maior prazer do inteligente é bancar o idiota > >> diante de um idiota que banca o inteligente". > >> > > > > no ideas ? > > Assuming 2.6 > > You need to use the prerouting imq, but unless you are doing nat and > need to seperate local/forwarded you can use ifb and save patching.Where can i read about IFB ? I try to google but i can not find too much info. maybe i am looking for the wrong words. Maybe this is the solution, cause i would like to put both local traffic and forwarded traffic in the same htb queue.> > If you really need imq you will need to check first imq option in kernel > config is set to A.If i put after NAT in prerouting , how can i shape upload by IP ?> > Andy. > >-- []''s Salatiel "O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente". -- []''s Salatiel "O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente".
Salatiel Filho wrote:> Where can i read about IFB ? I try to google but i can not find too > much info. maybe i am looking for the wrong words. Maybe this is the > solution, cause i would like to put both local traffic and forwarded > traffic in the same htb queue.It''s quite new, it was designed as a replacement for imq, but doesn''t quite do everything it can. Here''s howto send all ip incoming on eth0 to ifb - it''s called intermediate functional block in kernel config. IP=/sbin/ip TC=/sbin/tc $TC qdisc del dev ifb0 root &>/dev/null $TC qdisc del dev eth0 ingress &>/dev/null $IP link set ifb0 down &>/dev/null if [ "$1" = "stop" ] then echo "stopping" exit fi modprobe ifb $TC qdisc add dev eth0 ingress $IP link set ifb0 up tc filter add dev eth0 parent ffff: \ protocol ip prio 10 u32 match u32 0 0 \ flowid 1:0 \ action mirred egress redirect dev ifb0 Then just add tc rules on ifb like any other device.> >> >> If you really need imq you will need to check first imq option in kernel >> config is set to A. > > If i put after NAT in prerouting , how can i shape upload by IP ?I use iptables to mark unnatted addresses then shape on the real interface using the marks with a filter to catch the rest (ie traffic from shaping box to wan) If you use IMQ then it''s postrouting for egress - so you can use the second option to choose whether it hooks before/after NAT. ie. AB would hook after prerouting (de)nat but before postrouting nat. Andy.
On Thursday 22 March 2007 22:54, Andy Furniss wrote:> Salatiel Filho wrote: > > Where can i read about IFB ? I try to google but i can not find too > > much info. maybe i am looking for the wrong words. Maybe this is the > > solution, cause i would like to put both local traffic and forwarded > > traffic in the same htb queue. > > It''s quite new, it was designed as a replacement for imq, but doesn''t > quite do everything it can. > > Here''s howto send all ip incoming on eth0 to ifb - it''s called > intermediate functional block in kernel config. > > IP=/sbin/ip > TC=/sbin/tc > > $TC qdisc del dev ifb0 root &>/dev/null > $TC qdisc del dev eth0 ingress &>/dev/null > $IP link set ifb0 down &>/dev/null > > if [ "$1" = "stop" ] > then > echo "stopping" > exit > fi > > modprobe ifb > $TC qdisc add dev eth0 ingress > $IP link set ifb0 up > > tc filter add dev eth0 parent ffff: \ > protocol ip prio 10 u32 match u32 0 0 \ > flowid 1:0 \ > action mirred egress redirect dev ifb0 > > Then just add tc rules on ifb like any other device.Sorry i''m new to ifb, this means that i can match netfilter MARKs on the ifb device with tc...? Couse i''m not ussing ifb cause i read somewhere that it is not possible to match netfilter MARKs, but never tested myself... -- Luciano
On 3/22/07, Andy Furniss <lists@andyfurniss.entadsl.com> wrote:> Salatiel Filho wrote: > > > Where can i read about IFB ? I try to google but i can not find too > > much info. maybe i am looking for the wrong words. Maybe this is the > > solution, cause i would like to put both local traffic and forwarded > > traffic in the same htb queue. > > It''s quite new, it was designed as a replacement for imq, but doesn''t > quite do everything it can. > > Here''s howto send all ip incoming on eth0 to ifb - it''s called > intermediate functional block in kernel config. > > IP=/sbin/ip > TC=/sbin/tc > > $TC qdisc del dev ifb0 root &>/dev/null > $TC qdisc del dev eth0 ingress &>/dev/null > $IP link set ifb0 down &>/dev/null > > if [ "$1" = "stop" ] > then > echo "stopping" > exit > fi > > modprobe ifb > $TC qdisc add dev eth0 ingress > $IP link set ifb0 up > > tc filter add dev eth0 parent ffff: \ > protocol ip prio 10 u32 match u32 0 0 \ > flowid 1:0 \ > action mirred egress redirect dev ifb0 > > Then just add tc rules on ifb like any other device. > > > > > >> > >> If you really need imq you will need to check first imq option in kernel > >> config is set to A. > > > > If i put after NAT in prerouting , how can i shape upload by IP ? > > I use iptables to mark unnatted addresses then shape on the real > interface using the marks with a filter to catch the rest (ie traffic > from shaping box to wan) > > If you use IMQ then it''s postrouting for egress - so you can use the > second option to choose whether it hooks before/after NAT. > ie. AB would hook after prerouting (de)nat but before postrouting nat. > > > Andy.Hi Andy , thanks again , but i am not understanding very well how to do it [still newbie in this]. Let`s try to change to some real code here. This is part of my setup to shape download: eth0 = EXTIF eth1 = LOCALIF # SHAPE DOWNLOAD to LOCALNET NOT COMING FROM THE ROUTER ITSELF [samba for example] iptables -t mangle -s ! 192.168.254.254 -A POSTROUTING -o eth1 -j IMQ --todev 1 tc qdisc add dev imq1 root handle 1: htb default 3 r2q 1 // DOWNLOAD SHAPER ROOT tc class add dev imq1 parent 1: classid 1:1 htb rate 2048kbit quantum 1500 //KNOWN TRAFFIC GOES HERE tc class add dev imq1 parent 1: classid 1:3 htb rate 8kbit quantum 1500 // DEFAULT CLASS VERYYYYY SLOWWWWWWW # First class 1Mb shaped tc class add dev imq1 parent 1:1 classid 1:2 htb rate 1024kbit quantum 1500 # Known ips tc class add dev imq1 parent 1:2 classid 1:101 htb rate 100kbit ceil 900kbit prio 0 quantum 1500 tc qdisc add dev imq1 parent 1:101 handle 101: sfq perturb 5 tc filter add dev imq1 parent 1: protocol ip handle 101 fw flowid 1:101 iptables -t mangle -I POSTROUTING -o eth1 -d 192.168.254.101 -j MARK --set-mark 101 .... and a few others like this above ... Well , that work great , but how can i shape downloads in the own router. wget http://blahblahblah ....as a leaf of 1:2 like i did for the others ? using iptables mark ... Some code here would help :)> > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >-- []''s Salatiel "O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente".
Luciano Ruete wrote:>>Then just add tc rules on ifb like any other device. > > > Sorry i''m new to ifb, this means that i can match netfilter MARKs on the ifb > device with tc...? > Couse i''m not ussing ifb cause i read somewhere that it is not possible to > match netfilter MARKs, but never tested myself... >It should work - maybe you read about tc actions setting marks, which is in the origional examples for dummy/ifb. This may well fail unless you are lucky as the tc actions code sometimes gets out of sync with the netfilter code. Andy.
Salatiel Filho wrote:> > Hi Andy , thanks again , but i am not understanding very well how to > do it [still newbie in this]. Let`s try to change to some real code > here. This is part of my setup to shape download: > > eth0 = EXTIF > eth1 = LOCALIF > > # SHAPE DOWNLOAD to LOCALNET NOT COMING FROM THE ROUTER ITSELF [samba > for example] > iptables -t mangle -s ! 192.168.254.254 -A POSTROUTING -o eth1 -j IMQ > --todev 1If you shape your wan - eth0 using ifb on ingress or imq from prerouting then you do not need any rules on eth1, the wan traffic will already be shaped. If you do not plan on seperating users or interactive traffic from bulk traffic, it would actually be much nicer to use a policer for ingress wan traffic. Policing doesn''t buffer traffic just drops it when a virtual buffer is full, so you won''t be delaying interactive traffic by queuing with bulk. When you shape ingress wan, however you do it, you will need to sacrifice about 20% of your bandwidth, possibly more depending on needs/traffic/wan speed. Shaping from the wrong end of the bottleneck is better than doing nothing, but you can''t do it perfectly.> > tc qdisc add dev imq1 root handle 1: htb default 3 r2q 1 // > DOWNLOAD SHAPER ROOT > tc class add dev imq1 parent 1: classid 1:1 htb rate 2048kbit quantum > 1500 //KNOWN TRAFFIC GOES HERE > tc class add dev imq1 parent 1: classid 1:3 htb rate 8kbit quantum > 1500 // DEFAULT CLASS VERYYYYY SLOWWWWWWWIf this were eth rather than imq you would be sending arp to a slow class - not nice. Andy.
On 3/24/07, Andy Furniss <lists@andyfurniss.entadsl.com> wrote:> > Salatiel Filho wrote: > > > > > Hi Andy , thanks again , but i am not understanding very well how to > > do it [still newbie in this]. Let`s try to change to some real code > > here. This is part of my setup to shape download: > > > > eth0 = EXTIF > > eth1 = LOCALIF > > > > # SHAPE DOWNLOAD to LOCALNET NOT COMING FROM THE ROUTER ITSELF [samba > > for example] > > iptables -t mangle -s ! 192.168.254.254 -A POSTROUTING -o eth1 -j IMQ > > --todev 1 > > If you shape your wan - eth0 using ifb on ingress or imq from prerouting > then you do not need any rules on eth1, the wan traffic will already be > shaped. > > If you do not plan on seperating users or interactive traffic from bulk > traffic, it would actually be much nicer to use a policer for ingress > wan traffic. Policing doesn''t buffer traffic just drops it when a > virtual buffer is full, so you won''t be delaying interactive traffic by > queuing with bulk. > > When you shape ingress wan, however you do it, you will need to > sacrifice about 20% of your bandwidth, possibly more depending on > needs/traffic/wan speed. Shaping from the wrong end of the bottleneck is > better than doing nothing, but you can''t do it perfectly. > > > > > tc qdisc add dev imq1 root handle 1: htb default 3 r2q 1 // > > DOWNLOAD SHAPER ROOT > > tc class add dev imq1 parent 1: classid 1:1 htb rate 2048kbit quantum > > 1500 //KNOWN TRAFFIC GOES HERE > > tc class add dev imq1 parent 1: classid 1:3 htb rate 8kbit quantum > > 1500 // DEFAULT CLASS VERYYYYY SLOWWWWWWW > > If this were eth rather than imq you would be sending arp to a slow > class - not nice. > > Andy. > >I was finally able to shape the router itself :) , i changed IMQ default behaviour to AFTER NAT in Prerouting and BEFORE NAT in Postrouting. I do not know if my setup is common , but i have some like this: DOWNLOAD LINK [1024K] -> HTB PEOPLE [500k-1024ceil] guy1 [100k-1000ceil] guy2 [100k-1000ceil] guy3 [100k-1000ceil] guy4 [100k-1000ceil] guy5 [100k-1000kceil] ROUTER[512k-1000ceil] -> router and P2P BOX 24/7 [Before be able to shape the router , i need to hard limit the download speed to not eat all bandwidth, now i can let it borrow if there is available bandwidth in the parent (DOWNLOAD LINK)] -> I really need this 512k rate guaranteed in the router. DEFAULT[8k-8k] -> In theory should not be used by anyone :) But now i have a doubt , when a packet gets in too htb it will be queued , right ? If it is, is there a way to drop it if it is over the ceil limit ? I really do not want packets being queued `cause probably wiill delay the interactive traffic. Despite that , my setup is working great , that is just a doubt :) -- []''s Salatiel "O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente". _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc