LARTC - Dec 2001 - How could I do this?

If I want to limit bandwidth from a lot of ip addresses( every ip has a
limit),
How could I improve performance( If I could use netfilter  to mark the
ip packet with the bandwidth assigned to 
the src ip of packet), normally, this could only be done only by: one
qdisc per ip, then there will be too many
filters to classify them based on fwmark(and u32 + hash can''t satisfy
my
demand that limit bandwidth for every ip, not for ip group),
but it try to match line by line, then if many, the performance will go
down.
Many thanks

IMHO u32 with hashes could be used for this. Other interesting
way is that CBQ & HTB allows you to set packet''s class from
priority. When priority is 0x10003 then the packet is queued
directly into 1:3 queue.
You can simly modify classifier (in fact I will do it for
HTB) to allow such selection thru fwmark.
You can then mark flows by iptables .... --set-mark 0x10003 to
assign packet into 1:3 class ..

HTH, devik

On Sat, 8 Dec 2001, yangrunhua wrote:
> If I want to limit bandwidth from a lot of ip addresses( every ip has a
> limit),
> How could I improve performance( If I could use netfilter  to mark the
> ip packet with the bandwidth assigned to 
> the src ip of packet), normally, this could only be done only by: one
> qdisc per ip, then there will be too many
> filters to classify them based on fwmark(and u32 + hash can''t
satisfy my
> demand that limit bandwidth for every ip, not for ip group),
> but it try to match line by line, then if many, the performance will go
> down.
> Many thanks
>

Ehh sorry it is a lot of writting. Look at LARTC HOWTO
12.4 section. Basicaly if you have ip A.B.C.D then you
can base hash source on D for several fixed A.B.C.
Then you will end with at most N/256+1 lookups for N
ip addresses.

devik

On Sat, 8 Dec 2001, yangrunhua wrote:
> Can you give me an example?
> Thanks.
>
> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
> On Behalf Of Martin Devera
> Sent: 2001Äę12ÔÂ8ČŐ 15:58
> To: yangrunhua
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] How could I do this?
>
> IMHO u32 with hashes could be used for this. Other interesting
> way is that CBQ & HTB allows you to set packet''s class from
> priority. When priority is 0x10003 then the packet is queued
> directly into 1:3 queue.
> You can simly modify classifier (in fact I will do it for
> HTB) to allow such selection thru fwmark.
> You can then mark flows by iptables .... --set-mark 0x10003 to
> assign packet into 1:3 class ..
>
> HTH, devik
>
> On Sat, 8 Dec 2001, yangrunhua wrote:
>
> > If I want to limit bandwidth from a lot of ip addresses( every ip has
> a
> > limit),
> > How could I improve performance( If I could use netfilter  to mark the
> > ip packet with the bandwidth assigned to
> > the src ip of packet), normally, this could only be done only by: one
> > qdisc per ip, then there will be too many
> > filters to classify them based on fwmark(and u32 + hash can''t
satisfy
> my
> > demand that limit bandwidth for every ip, not for ip group),
> > but it try to match line by line, then if many, the performance will
> go
> > down.
> > Many thanks
> >
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://ds9a.nl/2.4Routing/
>
>

On Thursday 01 January 1970 00:59, you wrote:
> If I want to limit bandwidth from a lot of ip addresses( every ip has a
> limit),
> How could I improve performance( If I could use netfilter  to mark the
> ip packet with the bandwidth assigned to
> the src ip of packet), normally, this could only be done only by: one
> qdisc per ip, then there will be too many
> filters to classify them based on fwmark(and u32 + hash can''t
satisfy my
> demand t
> hat limit bandwidth for every ip, not for ip group),
> but it try to match line by line, then if many, the performance will go
> down.
> Many thanks
I think the wrr qdisc can do this.  It creates a class for each ip it sees.  
I never tried it, but I know some people who says it''s working.

Stef


-- 

stef.coene@docum.org
 More QOS info : http://docum.org/
 Title : "Using Linux as bandwidth manager"

I only wanted to mention it as interesting possibility
but it can''t be done in O(1). However it can be simply done
in O(N^(1/M)) where M is integer > 1. You can do it by (untested):

ipchains -N sub
ipchains -A sub -s 0.0.0.1/0.0.0.255 -m +1
ipchains -A sub -s 0.0.0.2/0.0.0.255 -m +2
..
..
ipchains -A input 192.168.1.0/24 -m 0x10000 -j sub
ipchains -A input 192.168.2.0/24 -m 0x10100 -j sub
..
..

you would need 512 lines to handle 65536 adresses
in 256 lookups on average. By creating another ''-j subsub''
level then you will end up with 96 rules for 65536
addresses with 60 lookups on average.

I didn''t tested it, it is only idea. But should work.

hth, devik

On Sat, 8 Dec 2001, yangrunhua wrote:
> But how I design a filter( O(1) ) to classify based on fwmark(hash on
fwmark)?
>
> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On
Behalf Of devik
> Sent: 2001年12月8日 18:18
> To: yangrunhua
> Cc: lartc@mailman.ds9a.nl
> Subject: RE: [LARTC] How could I do this?
>
> Ehh sorry it is a lot of writting. Look at LARTC HOWTO
> 12.4 section. Basicaly if you have ip A.B.C.D then you
> can base hash source on D for several fixed A.B.C.
> Then you will end with at most N/256+1 lookups for N
> ip addresses.
>
> devik
>
> On Sat, 8 Dec 2001, yangrunhua wrote:
>
> > Can you give me an example?
> > Thanks.
> >
> > -----Original Message-----
> > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
> > On Behalf Of Martin Devera
> > Sent: 2001Äę12ÔÂ8ČŐ 15:58
> > To: yangrunhua
> > Cc: lartc@mailman.ds9a.nl
> > Subject: Re: [LARTC] How could I do this?
> >
> > IMHO u32 with hashes could be used for this. Other interesting
> > way is that CBQ & HTB allows you to set packet''s class
from
> > priority. When priority is 0x10003 then the packet is queued
> > directly into 1:3 queue.
> > You can simly modify classifier (in fact I will do it for
> > HTB) to allow such selection thru fwmark.
> > You can then mark flows by iptables .... --set-mark 0x10003 to
> > assign packet into 1:3 class ..
> >
> > HTH, devik
> >
> > On Sat, 8 Dec 2001, yangrunhua wrote:
> >
> > > If I want to limit bandwidth from a lot of ip addresses( every ip
has
> > a
> > > limit),
> > > How could I improve performance( If I could use netfilter  to
mark the
> > > ip packet with the bandwidth assigned to
> > > the src ip of packet), normally, this could only be done only by:
one
> > > qdisc per ip, then there will be too many
> > > filters to classify them based on fwmark(and u32 + hash
can''t satisfy
> > my
> > > demand that limit bandwidth for every ip, not for ip group),
> > > but it try to match line by line, then if many, the performance
will
> > go
> > > down.
> > > Many thanks
> > >
> >
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> > http://ds9a.nl/2.4Routing/
> >
> >
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
>
>

You can''t mark packet with bandwidth and suppose that
TC subsys will dynamically create shaped flows for you ;-)
See other mail I send you. devik

On Sun, 9 Dec 2001, yangrunhua wrote:
> Thanks for your answer,
> Now, I modified netfilter/iptables source,
> I can mark every packet with some number attached with it''s src
ip(such as it''s bandwidth);
> My question is: how can i limit every src ip''s bandwidth with high
effiency if I use tc?
>
> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On
Behalf Of devik
> Sent: 2001年12月8日 23:12
> To: yangrunhua
> Cc: lartc@mailman.ds9a.nl
> Subject: RE: [LARTC] How could I do this?
>
> I only wanted to mention it as interesting possibility
> but it can''t be done in O(1). However it can be simply done
> in O(N^(1/M)) where M is integer > 1. You can do it by (untested):
>
> ipchains -N sub
> ipchains -A sub -s 0.0.0.1/0.0.0.255 -m +1
> ipchains -A sub -s 0.0.0.2/0.0.0.255 -m +2
> ..
> ..
> ipchains -A input 192.168.1.0/24 -m 0x10000 -j sub
> ipchains -A input 192.168.2.0/24 -m 0x10100 -j sub
> ..
> ..
>
> you would need 512 lines to handle 65536 adresses
> in 256 lookups on average. By creating another ''-j
subsub''
> level then you will end up with 96 rules for 65536
> addresses with 60 lookups on average.
>
> I didn''t tested it, it is only idea. But should work.
>
> hth, devik
>
> On Sat, 8 Dec 2001, yangrunhua wrote:
>
> > But how I design a filter( O(1) ) to classify based on fwmark(hash on
fwmark)?
> >
> > -----Original Message-----
> > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
On Behalf Of devik
> > Sent: 2001嚴12月8旼 18:18
> > To: yangrunhua
> > Cc: lartc@mailman.ds9a.nl
> > Subject: RE: [LARTC] How could I do this?
> >
> > Ehh sorry it is a lot of writting. Look at LARTC HOWTO
> > 12.4 section. Basicaly if you have ip A.B.C.D then you
> > can base hash source on D for several fixed A.B.C.
> > Then you will end with at most N/256+1 lookups for N
> > ip addresses.
> >
> > devik
> >
> > On Sat, 8 Dec 2001, yangrunhua wrote:
> >
> > > Can you give me an example?
> > > Thanks.
> > >
> > > -----Original Message-----
> > > From: lartc-admin@mailman.ds9a.nl
[mailto:lartc-admin@mailman.ds9a.nl]
> > > On Behalf Of Martin Devera
> > > Sent: 2001Äę12ÔÂ8ČŐ 15:58
> > > To: yangrunhua
> > > Cc: lartc@mailman.ds9a.nl
> > > Subject: Re: [LARTC] How could I do this?
> > >
> > > IMHO u32 with hashes could be used for this. Other interesting
> > > way is that CBQ & HTB allows you to set packet''s
class from
> > > priority. When priority is 0x10003 then the packet is queued
> > > directly into 1:3 queue.
> > > You can simly modify classifier (in fact I will do it for
> > > HTB) to allow such selection thru fwmark.
> > > You can then mark flows by iptables .... --set-mark 0x10003 to
> > > assign packet into 1:3 class ..
> > >
> > > HTH, devik
> > >
> > > On Sat, 8 Dec 2001, yangrunhua wrote:
> > >
> > > > If I want to limit bandwidth from a lot of ip addresses(
every ip has
> > > a
> > > > limit),
> > > > How could I improve performance( If I could use netfilter 
to mark the
> > > > ip packet with the bandwidth assigned to
> > > > the src ip of packet), normally, this could only be done
only by: one
> > > > qdisc per ip, then there will be too many
> > > > filters to classify them based on fwmark(and u32 + hash
can''t satisfy
> > > my
> > > > demand that limit bandwidth for every ip, not for ip group),
> > > > but it try to match line by line, then if many, the
performance will
> > > go
> > > > down.
> > > > Many thanks
> > > >
> > >
> > >
> > > _______________________________________________
> > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> > > http://ds9a.nl/2.4Routing/
> > >
> > >
> >
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
> >
> >
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
>
>

by the way I just found that if you attach fw filter without
rules it will simply select class with classid == fwmark
(nfmark in 2.4).
devik

On Sun, 9 Dec 2001, yangrunhua wrote:
> If I can modifiy skb->prio,
> How can I use it to distribute packets directly to a class?
>
> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On
Behalf Of devik
> Sent: 2001年12月8日 23:12
> To: yangrunhua
> Cc: lartc@mailman.ds9a.nl
> Subject: RE: [LARTC] How could I do this?
>
> I only wanted to mention it as interesting possibility
> but it can''t be done in O(1). However it can be simply done
> in O(N^(1/M)) where M is integer > 1. You can do it by (untested):
>
> ipchains -N sub
> ipchains -A sub -s 0.0.0.1/0.0.0.255 -m +1
> ipchains -A sub -s 0.0.0.2/0.0.0.255 -m +2
> ..
> ..
> ipchains -A input 192.168.1.0/24 -m 0x10000 -j sub
> ipchains -A input 192.168.2.0/24 -m 0x10100 -j sub
> ..
> ..
>
> you would need 512 lines to handle 65536 adresses
> in 256 lookups on average. By creating another ''-j
subsub''
> level then you will end up with 96 rules for 65536
> addresses with 60 lookups on average.
>
> I didn''t tested it, it is only idea. But should work.
>
> hth, devik
>
> On Sat, 8 Dec 2001, yangrunhua wrote:
>
> > But how I design a filter( O(1) ) to classify based on fwmark(hash on
fwmark)?
> >
> > -----Original Message-----
> > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
On Behalf Of devik
> > Sent: 2001嚴12月8旼 18:18
> > To: yangrunhua
> > Cc: lartc@mailman.ds9a.nl
> > Subject: RE: [LARTC] How could I do this?
> >
> > Ehh sorry it is a lot of writting. Look at LARTC HOWTO
> > 12.4 section. Basicaly if you have ip A.B.C.D then you
> > can base hash source on D for several fixed A.B.C.
> > Then you will end with at most N/256+1 lookups for N
> > ip addresses.
> >
> > devik
> >
> > On Sat, 8 Dec 2001, yangrunhua wrote:
> >
> > > Can you give me an example?
> > > Thanks.
> > >
> > > -----Original Message-----
> > > From: lartc-admin@mailman.ds9a.nl
[mailto:lartc-admin@mailman.ds9a.nl]
> > > On Behalf Of Martin Devera
> > > Sent: 2001Äę12ÔÂ8ČŐ 15:58
> > > To: yangrunhua
> > > Cc: lartc@mailman.ds9a.nl
> > > Subject: Re: [LARTC] How could I do this?
> > >
> > > IMHO u32 with hashes could be used for this. Other interesting
> > > way is that CBQ & HTB allows you to set packet''s
class from
> > > priority. When priority is 0x10003 then the packet is queued
> > > directly into 1:3 queue.
> > > You can simly modify classifier (in fact I will do it for
> > > HTB) to allow such selection thru fwmark.
> > > You can then mark flows by iptables .... --set-mark 0x10003 to
> > > assign packet into 1:3 class ..
> > >
> > > HTH, devik
> > >
> > > On Sat, 8 Dec 2001, yangrunhua wrote:
> > >
> > > > If I want to limit bandwidth from a lot of ip addresses(
every ip has
> > > a
> > > > limit),
> > > > How could I improve performance( If I could use netfilter 
to mark the
> > > > ip packet with the bandwidth assigned to
> > > > the src ip of packet), normally, this could only be done
only by: one
> > > > qdisc per ip, then there will be too many
> > > > filters to classify them based on fwmark(and u32 + hash
can''t satisfy
> > > my
> > > > demand that limit bandwidth for every ip, not for ip group),
> > > > but it try to match line by line, then if many, the
performance will
> > > go
> > > > down.
> > > > Many thanks
> > > >
> > >
> > >
> > > _______________________________________________
> > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> > > http://ds9a.nl/2.4Routing/
> > >
> > >
> >
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
> >
> >
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
>
>