Greetings all!
I''ve been tinkering around with several traffic shaping scripts based
on the Wondershaper, and have met with limited success. The basic
rate limiting is working great but for some reason everything is being
dumped into the default bucket instead of being processed through the
proper filter. I downloaded the mailinglist archive and tried several of the
rememdies suggested in there but have had no luck.
Let me describe my setup. Redhat 9 box with two NIC''s. eth1 is
connected to the LAN, eth0 is on the WAN side and connects to the
Internet through PPPoE. I am doing MASQ''ing for the 3 PC''s
inside the
LAN, so I think I have to mark packets using iptables and the filter
based on the mark, right?
Here''s my current scripts (I''m using Shorewall)
---tcrules---
#MARK SOURCE DEST PROTO PORT(S) CLIENT PORT(S)
1 eth0 0.0.0.0 tcp 6346,6881:6899
1 eth0 0.0.0.0 tcp - 6346,6881:6899
---end tcrules---
---tcstart---
#Read parameters from shorewall configuration file, if you want to run the file
#outside of Shorewall (like "tcstart status")
#. /etc/shorewall/shorewall.conf
if [ -z "$TC_DEV" -o -z "$TC_UPLINK" -o -z
"$TC_DOWNLINK" ]
then
echo "tcstart (Wonder Shaper) not configured."
echo "Set TC_DOWNLINK, TC_UPLINK and TC_DEV in
shorewall.conf"
exit
fi
if [ "$1" = "status" ]
then
tc -s qdisc ls dev $TC_DEV
tc -s class ls dev $TC_DEV
exit
fi
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
tc qdisc del dev $TC_DEV ingress 2> /dev/null > /dev/null
if [ "$1" = "stop" ]
then
exit
fi
###### uplink ######
# install root HTB, point default traffic to 1:20:
tc qdisc add dev $TC_DEV root handle 1: htb default 20
# shape everything at $TC_UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${TC_UPLINK}kbit burst
6k
# high prio class 1:10:
tc class add dev $TC_DEV parent 1:1 classid 1:10 htb rate ${TC_UPLINK}kbit burst
6k prio 1
# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate $[9*$TC_UPLINK/10]kbit
ceil ${TC_UPLINK}kbit burst 6k prio 2
tc class add dev $TC_DEV parent 1:1 classid 1:30 htb rate $[$TC_UPLINK/10]kbit
ceil $[9*$TC_UPLINK/10]kbit burst 6k prio 2
# all get Stochastic Fairness:
tc qdisc add dev $TC_DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $TC_DEV parent 1:30 handle 30: sfq perturb 10
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $TC_DEV parent 1: protocol ip prio 10 u32 match ip tos 0x10
0xff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $TC_DEV parent 1: protocol ip prio 10 u32 match ip protocol 1
0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $TC_DEV parent 1: protocol ip prio 5 u32 match ip protocol 6
0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at
33 flowid 1:10
# rest is ''non-interactive'' ie ''bulk'' and
ends up in 1:20
# some traffic however suffers a worse fate
tc filter add dev $TC_DEV parent 1: protocol ip prio 11 handle 1 fw flowid 1:30
# rest is ''non-interactive'' ie ''bulk'' and
ends up in 1:20
tc filter add dev $TC_DEV parent 1: protocol ip prio 18 u32 flowid 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $TC_DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that''s
# coming in too fast:
tc filter add dev $TC_DEV parent ffff: protocol ip prio 50 u32 match ip src
0.0.0.0/0 police rate ${TC_DOWNLINK}kbit burst 10k drop flowid :1
---end tcstart---
the TC_UPLINK, TC_DOWNLINK and TC_DEV variables are defined in
shorewall.conf. TC_UPLINK=90 , TC_DOWNLINK=1500, and TC_DEV=eth0 (the
WAN NIC)
Almost forgot the status results!
/etc/shorewall/tcstart status
qdisc ingress ffff: ----------------
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
qdisc sfq 30: quantum 1514b perturb 10sec
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
qdisc sfq 20: quantum 1514b perturb 10sec
Sent 19877428 bytes 121787 pkts (dropped 0, overlimits 0)
backlog 23p
qdisc sfq 10: quantum 1514b perturb 10sec
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
qdisc htb 1: r2q 10 default 20 direct_packets_stat 1
Sent 19877490 bytes 121788 pkts (dropped 0, overlimits 6752)
backlog 23p
class htb 1:1 root rate 100Kbit ceil 100Kbit burst 6Kb cburst 1727b
Sent 19875796 bytes 121764 pkts (dropped 0, overlimits 0)
rate 80Kbit 65pps
lended: 138 borrowed: 0 giants: 0
tokens: 170496 ctokens: -112128
class htb 1:10 parent 1:1 leaf 10: prio 1 rate 100Kbit ceil 100Kbit burst 6Kb
cburst 1727b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 393216 ctokens: 110592
class htb 1:20 parent 1:1 leaf 20: prio 2 rate 90Kbit ceil 100Kbit burst 6Kb
cburst 1727b
Sent 19879670 bytes 121790 pkts (dropped 0, overlimits 0)
rate 10232bps 65pps backlog 26p
lended: 121626 borrowed: 138 giants: 0
tokens: 143962 ctokens: -112128
class htb 1:30 parent 1:1 leaf 30: prio 2 rate 10Kbit ceil 90Kbit burst 6Kb
cburst 1714b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 3932160 ctokens: 121955
As you can see, everything is going into the 1:20 bucket and nothing into
the 1:10 or 1:30. This was run while pinging a couple of servers and
3 or 4 torrents running at the same time.
Thanks so much! I have to say, this has been a learning experience! :\
--
Best regards,
Scott mailto:sgagon@thevision.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/