LARTC - Feb 2002 - Problems with HTB

Hi folks

I''ve read Advanced Routing HOWTO and decided to implement some concepts
on a network I manage. I am trying to set up a simple HTB-based traffic
shaping with four classes on my firewall machine (2.4.17 HTB patch
applied. iproute2 compiled with HTB patch, PH_ECHO line removed).
Firewall box has two interfaces: eth0 - 172.18.200.1/24 and eth1 - to
Internet.

Class 1:10 and 1:12 has a 76 kbps rate (max of 256 kbps).
Class 1:11 has a 54 kbps rate (max of 256 kpbs).
Class 1:13 has a 50 kbps rate (max of 256).

Filters are quite simple:

Traffic from IPs 172.18.200.223 to 172.18.200.226 should go to class
1:10. Traffic from IPs 172.18.200.2 and 172.18.200.4 should go to class
1:11. Traffic from IP 172.18.200.232 should go to class 1:12. All other
traffic must follow 1:13.

The problem is also simple: nothing is being filtered. All traffic
follow 1:13. I''m quite frustrated and really don''t know what
could be
wrong. I''ve talked to a few fellows at #lartc on Open Projects, but it
also didn''t work.

This is what I am using for creation of this scenario:

tc qdisc add dev eth0 root handle 1: htb default 13

tc class add dev eth0 parent 1: classid 1:1 htb rate 256kbit ceil 2mbit
burst 15k

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 76kbit ceil
256kbit burst 15k

tc class add dev eth0 parent 1:1 classid 1:11 htb rate 54kbit ceil
256kbit burst 15k

tc class add dev eth0 parent 1:1 classid 1:12 htb rate 76kbit ceil 
256kbit burst 15k

tc class add dev eth0 parent 1:1 classid 1:13 htb rate 50kbit ceil
256kbit burst 15k

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:11 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:12 handle 30: sfq perturb 10
tc qdisc add dev eth0 parent 1:13 handle 40: sfq perturb 10

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src
172.18.200.223 flowid 1:10

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src
172.18.200.224 flowid 1:10

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src
172.18.200.225 flowid 1:10

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src
172.18.200.226 flowid 1:10

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src
172.18.200.2 flowid 1:11

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src
172.18.200.4 flowid 1:11

tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src
172.18.200.232 flowid 1:12
-- 
Sellaro

Agente Livre - Linux Community (www.agentelivre.org)

PGP Key ID: 3ADF8645
PGP Key Fingerprint: 6AB0 D60B 69B5 B3F9 4553  2242 A1D0 17C0 3ADF 8645

> applied. iproute2 compiled with HTB patch, PH_ECHO line removed).
> Firewall box has two interfaces: eth0 - 172.18.200.1/24 and eth1 - to
> Internet.
>[snip] 
> Traffic from IPs 172.18.200.223 to 172.18.200.226 should go to class
> 1:10. Traffic from IPs 172.18.200.2 and 172.18.200.4 should go to class
> 1:11. Traffic from IP 172.18.200.232 should go to class 1:12. All other
> traffic must follow 1:13.
> 
> The problem is also simple: nothing is being filtered. All traffic
> follow 1:13. I''m quite frustrated and really don''t know
what could be
probably you have wrong idea. htb sits on eth0. Traffic from
172.18.200.232 enters FROM eth0 and qos is not aplied to the
incoming traffic.
So what direction you''d like to shape, your_net to internet or reverse
?
If internet->your_net then simple replace "src" in your tc filter
add
by "dst"....
devik