Hi, I have a setup like this: class 1:1 rate 7600kbit (on a imq device) | |\class 1:10 rate 100kbit ceil 5600kbit prio 7 (here goes p2p traffic) \class 1:12 rate 7500kbit ceil 7600kbit | |\class 1:121 rate 3100 ceil 7500kbit prio 0 |\class 1:122 rate 2200 ceil 7500kbit prio 2 \class 1:123 rate 2200 ceil 7500kbit prio 3 (default) My problem is: the 1:10 class consumes the whole bandwidth. This is caused by a massive p2p traffic. I''ve read similar posts on this list, and I can''t use the solution proposed by Stef Coene here: http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html. I match p2p packets with both ipp2p and layer7 filters and mark them with iptables MARK. I can easily block p2p traffic, but when I allow it - it exceeds its ceil and reaches the rate of my internet link, which is unacceptable. I need to allow other classes to borrow bandwidth from a p2p class, but I do not want to allow a p2p class to borrow bandwidth from other classes. Is there a way to achieve it ? maybe I should redesign something in the above diagram. W
On Tuesday 27 December 2005 13:33, Ratel wrote:> I need to allow other classes to borrow bandwidth from a p2p class, but > I do not want to allow a p2p class to borrow bandwidth from other > classes. Is there a way to achieve it ? maybe I should redesign > something in the above diagram.Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil, but you say you don''t want it to borrow bandwidth from other classes. However, to go over the 100kbit rate, it _has_ to borrow. So, if you don''t want it to borrow like you said, the solution would be to set the ceil of the P2P class to 100kbit as well. The other classes will still be able to borrow from it if the P2P class is not using it''s bandwidth. If this does somehow not seem to be what you want, please restate your requirements. :-) Kind regards, Andreas Klauer
Ratel wrote:> it exceeds its ceil and reaches the rate of my internet linkWhat are you basing this on? the P2P app or tc -s class show dev ---- ? Are you using thee CONNTRACK module? It''s simple to block P2P without CONNTRACK but if you want to shape it, you need it. Otherwise you''ll only be marking the first packets for p2p connections, and not the rest. - Jody
Jody Shumaker wrote:> Andreas Klauer wrote: > >Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil, >but you say you don''t want it to borrow bandwidth from other classes. >However, to go over the 100kbit rate, it _has_ to borrow. >Oh yes, my mistake - I''ve confused ceil with rate. Anyway, the thing I wanted to achieve was to allow p2p class to use even 5600kbit of my bandwidth, but without guarantees like rate. So guarantee a minimum bandwidth to a class - about 100kbit, but allow it to reach 5600kbit or more e.g. when there''s no other trafic present. (Now I know I did it wrong)>So, if you don''t want it to borrow like you said, the solution would >be to set the ceil of the P2P class to 100kbit as well. The other >classes will still be able to borrow from it if the P2P class is not >using it''s bandwidth. > >Are you sure? In my previous post I was refering to this example http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html which says this class won''t be able to exchange any bandwidth at all.> Jody Shumaker wrote: > What are you basing this on? the P2P app or tc -s class show dev ---- ?I simply block p2p traffic for some time and see that bandwidth usage (according to iptraf) falls down to ~20% of total link''s "capacity" + classes that are supposed to send p2p traffic send nothing. (I also get feedback that indeed p2p apps aren''t working) After allowing p2p through, bandwidth usage jumps to ~100% of the total available bandwidth.> Are you using thee CONNTRACK module? It''s simple to block P2P without > CONNTRACK but if you want to shape it, you need it. Otherwise you''ll > only be marking the first packets for p2p connections, and not the rest.I am aware of that, but didn''t you mean CONNMARK target (module)? W
On 12/27/05, Ratel <ratel@post.pl> wrote:> > Jody Shumaker wrote: > > > Andreas Klauer wrote: > > > >Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil, > >but you say you don''t want it to borrow bandwidth from other classes. > >However, to go over the 100kbit rate, it _has_ to borrow. > > > Oh yes, my mistake - I''ve confused ceil with rate. Anyway, the thing I > wanted to achieve was to allow > p2p class to use even 5600kbit of my bandwidth, but without guarantees > like rate. So guarantee a minimum bandwidth to a class - about 100kbit, > but allow it to reach 5600kbit or more e.g. when there''s no other trafic > present. (Now I know I did it wrong)I believe you did this portion correctly. ceil is the hard limit, the rate is the guarentee. Class will use up to its rate, then after that it will borrow up to its ceil. What confused him was that you said you didn''t want p2p to borrow from the other classes. If its to go above 100kbit, it has to borrow. However it should never borrow guarenteed rate bandwidth they are using.>So, if you don''t want it to borrow like you said, the solution would > >be to set the ceil of the P2P class to 100kbit as well. The other > >classes will still be able to borrow from it if the P2P class is not > >using it''s bandwidth. > > > > > Are you sure? In my previous post I was refering to this example > http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html > which says this class won''t be able to exchange any bandwidth at all.And in that example, rate and ceil are set to the same value, which means it will use up to its rate and never try to borrow more. You seem to want it to be able to borrow, but not up to the full connection, only up to ~75%. Also, that email is partially incorrect. Nothing done in that email will prevent lending from the 1:40 to the 1:2 class and subclasses. However, I don''t think this is a problem for you. If no p2p, then what is wrong with lending the 100kbit.> Jody Shumaker wrote: > > What are you basing this on? the P2P app or tc -s class show dev ---- ? > > I simply block p2p traffic for some time and see that bandwidth usage > (according to iptraf) falls down to ~20% of total link''s "capacity" + > classes that are supposed to send p2p traffic send nothing. (I also get > feedback that indeed p2p apps aren''t working) After allowing p2p > through, bandwidth usage jumps to ~100% of the total available bandwidth. > > > Are you using thee CONNTRACK module? It''s simple to block P2P without > > CONNTRACK but if you want to shape it, you need it. Otherwise you''ll > > only be marking the first packets for p2p connections, and not the rest. > > I am aware of that, but didn''t you mean CONNMARK target (module)? > > WOops :) yeah I meant CONNMARK. It sounds like your htb classes are setup perfectly fine, you should really check the tc statistics and see how things are actually being classified. I''m using CONNMARK like this to mark p2p: iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j ACCEPT iptables -t mangle -A PREROUTING -m ipp2p --bit --edk --kazaa --gnu --dc -j MARK --set-mark ${MARKP2P} iptables -t mangle -A PREROUTING -p tcp --dport 3010 -j MARK --set-mark ${MARKP2P} iptables -t mangle -A PREROUTING -p tcp -m mark --mark ${MARKP2P} -j CONNMARK --save-mark iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT Personally, I don''t have much experience with IMQ and have only been shaping upload, but I''ve done something similar and it works fine. I cap P2P to only 95% of the upload (used to be 85%) and give it a guarenteed rate of only 4kbit. It will use its full 95%, but as soon as I use something else, i''ll use 100% of the line and as much as possible for the non P2P traffic. http://webpages.charter.net/falconx/eth1-50-tc-cumulative.png This image shows how this ends up working in reality for me, orange is P2P, blue is default, and red is priority. I''m not sure on the exact command to use for an imq, but possibly something like `tc -s class show dev imq0`? However from what I know right now, it seems like you''ve setup things very similar to how I have for upload which I know works. - Jody _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On Tuesday 27 December 2005 23:34, Jody Shumaker wrote:> Also, that email is partially incorrect. Nothing done in that email > will prevent lending from the 1:40 to the 1:2 class and subclasses.The way I see it, the email is correct. A class that has the same rate and ceil will never borrow, simply because it does not have to. As for lending, that will happen only if one of it siblings wants to borrow bandwidth. As for children classes, they are restricted by their parent. They cannot take bandwidth from outsiders, unless their parent borrows it for them. That does not help the original poster in any way, however. Sorry for this useless message. ;-) Regards, Andreas Klauer