Hi, i''m running a Bridge/iptables firewall, with no tc filters configured CPU utilization barely reaches 1%, i had to rate limit one particular server outgoing traffic and setup a HTB scheme like this iptables -F PREROUTING -t mangle iptables -A PREROUTING -t mangle -p tcp -s 99.99.99.99 -j MARK --set-mark 2 tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 10: htb default 10 tc class add dev eth0 parent 10: classid 10:3 htb rate 1000kbit ceil 1000kbit tc filter add dev eth0 parent 10: protocol ip prio 3 handle 2 fw classid 10:3 Now i''m seeing CPU Utilization beyond 30% and load averages of 0.79, the network total bandwidth is 20Mb/s. The server is a linux kernel 2.6.7-gentoo-r8 running on a P4 1.7 Ghz. Is this normal behaviour ? is there any error in my configuration or in my kernel config ? Thanks!
On Fri, Dec 03, 2004 at 05:41:43PM -0300, Gerardo Arceri wrote:> Hi, i''m running a Bridge/iptables firewall, with no tc filters > configured CPU utilization barely reaches 1%, i had to rate limit one > particular server outgoing traffic and setup a HTB scheme like this > > iptables -F PREROUTING -t mangle > iptables -A PREROUTING -t mangle -p tcp -s 99.99.99.99 -j MARK --set-mark 2 > tc qdisc del dev eth0 root > tc qdisc add dev eth0 root handle 10: htb default 10 > tc class add dev eth0 parent 10: classid 10:3 htb rate 1000kbit ceil > 1000kbit > tc filter add dev eth0 parent 10: protocol ip prio 3 handle 2 fw classid > 10:3Maybe this is not strictly related to the subject of the thread but, even if you tell tc, when not specified otherwise, to assign traffic to class 10 by default, I don''t see any class 10 definition. This could be not always necessary, but, as far I saw from a couple of test I made, this can lead to some problem. I''d like to understand whether what I observed is right or not. For example, let''s say you have 2000kbit of total bandwidth for output and that you are running both and http and an ftp server. Now let''s say that you have two users that want to connect to your machine and that both of them can potentially use all of your output bandwidth. One of them want to connect to the http server and the other to the ftp one. So you tell tc to assign http traffic to class 3 that can use only up to half the total output bandwidth, 1000kbit, but you don''t say anything about the ftp traffic. If both the user tries to connect at the same time they of course use the whole output bandwidth but, since there is one kind of traffic that isn''t "regulated" (it is assigned to class 10 that doesn''t exist), there is a continuos fight between the two of them and the speed at which they download is very irregular. Have I understood well? Thanks in advance. Best regards. -- Value your freedom, or you will lose it, teaches history. ``Don''t bother us with politics,'''' respond those who don''t want to learn. -- Richard M. Stallman http://www.gnu.org/philosophy/linux-gnu-freedom.html
> or example, let''s say you have 2000kbit of total > bandwidth for output and that you are running both and > http and an ftp server. > > Now let''s say that you have two users that want to connect > to your machine and that both of them can potentially use > all of your output bandwidth. One of them want to connect > to the http server and the other to the ftp one. > > So you tell tc to assign http traffic to class 3 that can > use only up to half the total output bandwidth, 1000kbit, > but you don''t say anything about the ftp traffic. > > If both the user tries to connect at the same time they of > course use the whole output bandwidth but, since there is > one kind of traffic that isn''t "regulated" (it is assigned > to class 10 that doesn''t exist), there is a continuos > fight between the two of them and the speed at which they > download is very irregular. > > > Have I understood well?Yes you have, that''s exactly my setup, i have a 100Mbps Ethernet connection to the router which has a 20Mpbs pipe to the net, I only want to limit certain ips from using too much outgoing pipe > tc qdisc del dev eth0 root > tc qdisc add dev eth0 root handle 10: htb default 10 > tc class add dev eth0 parent 10: classid 10:3 htb rate 1000kbit ceil=20 > 1000kbit > tc filter add dev eth0 parent 10: protocol ip prio 3 handle 2 fw classidI thought that by not specifying a default rate the traffice would go unshaped So tc is a game of all or nothing ? i mean, i can''t say to tc that all traffic except the one coming from X IP doesn''t get a class ? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 20 December 2004 22:43, Gerardo Arceri wrote:> > tc qdisc add dev eth0 root handle 10: htb default 10 > > tc class add dev eth0 parent 10: classid 10:3 htb rate 1000kbit ceil=20 > > 1000kbit > > tc filter add dev eth0 parent 10: protocol ip prio 3 handle 2 fw > > classid> > I thought that by not specifying a default rate the traffice would go > unshapedClass x:0 is a special class that will send all traffic unshaped. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/