Hi, I am fairly new to routing and traffic control but I with the help of the lartc howto I managed to setup a bridge with htb traffic control. The traffic shapping does not seem to work as I expected and I would really appreciate if somebody can tell my why this is the case. My setup: I have a DSL router connecting a /28 network to the internet. I put a linux box with 2 ethernet cards between my router and the rest of the subnet. I set up the linux box as an ethernet bridge where the 2 ethernet cards has no ip address and the bridge has an ip address. I patched the kernel with the IMQ patch so that I can shape incoming traffic. eth0 is connected to the router and eth1 is connect to the rest of the public subnet. I have an iptables rule that routes all traffic on eth1 to the imq device. I started with a very simple htb setup to make testing easier: #!/bin/bash tc qdisc del dev imq0 root ip link set imq0 down tc qdisc add dev imq0 root handle 1: htb default 12 tc class add dev imq0 parent 1: classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev imq0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev imq0 parent 1:1 classid 1:11 htb rate 32kbit ceil 128kbit tc class add dev imq0 parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit tc filter add dev imq0 protocol ip parent 1:0 prio 1 u32 \ match ip dst 196.44.35.53 flowid 1:10 tc filter add dev imq0 protocol ip parent 1:0 prio 1 u32 \ match ip dst 196.44.35.54 flowid 1:10 tc filter add dev imq0 protocol ip parent 1:0 prio 1 u32 \ match ip dst 196.44.35.55 flowid 1:10 tc filter add dev imq0 protocol ip parent 1:0 prio 1 u32 \ match ip dst 196.44.35.51 flowid 1:11 tc filter add dev imq0 protocol ip parent 1:0 prio 1 u32 \ match ip dst 196.44.35.52 flowid 1:11 iptables -F iptables -X iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 ip link set imq0 up My problem is that all traffic seems to go through the default htb class although there are lots of traffic matching the other 2 classes. root@griet root # tc -d -s class show dev imq0 class htb 1:1 root prio 0 rate 128Kbit ceil 128Kbit burst 1753b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 1638 level 3 Sent 13194 bytes 147 pkts (dropped 0, overlimits 0) rate 7bps lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 101 ctokens: 101 class htb 1:10 parent 1:1 prio 0 rate 64Kbit ceil 128Kbit burst 1679b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 819 level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 205 ctokens: 107 class htb 1:11 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 400 ctokens: 107 class htb 1:12 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 13194 bytes 147 pkts (dropped 0, overlimits 0) rate 7bps lended: 147 borrowed: 0 giants: 0 injects: 0 tokens: 373 ctokens: 101 Any help would be greatly appreciated. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Saturday 27 July 2002 19:56, Roché Compaan wrote:> Hi, > > I am fairly new to routing and traffic control but I with the > help of the lartc howto I managed to setup a bridge with htb > traffic control. The traffic shapping does not seem to work > as I expected and I would really appreciate if somebody > can tell my why this is the case. > > My setup: > I have a DSL router connecting a /28 network to the internet. > I put a linux box with 2 ethernet cards between my router and > the rest of the subnet. I set up the linux box as an ethernet > bridge where the 2 ethernet cards has no ip address and the > bridge has an ip address. I patched the kernel with the IMQ > patch so that I can shape incoming traffic. eth0 is connected > to the router and eth1 is connect to the rest of the public > subnet. I have an iptables rule that routes all traffic on eth1 > to the imq device.If you put all incoming traffic on eth1 in the imq device, why don''t you use the outgoing traffic on eth0 do the same shaping? All traffic entering the box on eth1 leaves the box on eth0. That way you don''t need the imq device. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> On Saturday 27 July 2002 19:56, Roché Compaan wrote: > > Hi, > > > > I am fairly new to routing and traffic control but I with the > > help of the lartc howto I managed to setup a bridge with htb > > traffic control. The traffic shapping does not seem to work > > as I expected and I would really appreciate if somebody > > can tell my why this is the case. > > > > My setup: > > I have a DSL router connecting a /28 network to the internet. > > I put a linux box with 2 ethernet cards between my router and > > the rest of the subnet. I set up the linux box as an ethernet > > bridge where the 2 ethernet cards has no ip address and the > > bridge has an ip address. I patched the kernel with the IMQ > > patch so that I can shape incoming traffic. eth0 is connected > > to the router and eth1 is connect to the rest of the public > > subnet. I have an iptables rule that routes all traffic on eth1 > > to the imq device.> If you put all incoming traffic on eth1 in the imq device, why > don''t you use > the outgoing traffic on eth0 do the same shaping? All traffic > entering the > box on eth1 leaves the box on eth0. That way you don''t need the > imq device.If I understand correctly I can shape incoming traffic by setting up a qdisc on eth0 and filters that match any of the ip addresses in my public subnet sitting behind the linux box that currently does the traffic shaping. Ok, I tried this but all traffic still seems to match only the default htb class. Here''s my tc script: #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.53 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.54 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.55 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.51 flowid 1:11 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.52 flowid 1:11 And this is the ouput of "tc -s -d class show dev eth0": class htb 1:1 root prio 0 rate 128Kbit ceil 128Kbit burst 1753b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 1638 level 3 Sent 83954 bytes 576 pkts (dropped 0, overlimits 0) rate 30bps lended: 114 borrowed: 0 giants: 0 injects: 0 tokens: 101 ctokens: 101 class htb 1:10 parent 1:1 prio 0 rate 64Kbit ceil 128Kbit burst 1679b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 819 level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 205 ctokens: 107 class htb 1:12 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 12864 bytes 215 pkts (dropped 0, overlimits 0) rate 30bps lended: 215 borrowed: 0 giants: 0 injects: 0 tokens: 387 ctokens: 104 class htb 1:11 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 71090 bytes 361 pkts (dropped 0, overlimits 97) lended: 247 borrowed: 114 giants: 0 injects: 0 tokens: 373 ctokens: 101 No packets seem to match any of the other classes although tcpdump confirms that there are definitely traffic destined for the ip addresses mentioned in my filters. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
what kinda bridge are you using? bridge-nf? if you are it says it only supports iptables, you would have to mark the packets then use filter to put the marked packets into teh correct queue for managing ----- Original Message ----- From: "Roché Compaan" <roche@upfrontsystems.co.za> To: "Stef Coene" <stef.coene@docum.org>; <lartc@mailman.ds9a.nl> Sent: Sunday, July 28, 2002 10:27 PM Subject: RE: [LARTC] Bridge with Traffic shaping> On Saturday 27 July 2002 19:56, Roché Compaan wrote: > > Hi, > > > > I am fairly new to routing and traffic control but I with the > > help of the lartc howto I managed to setup a bridge with htb > > traffic control. The traffic shapping does not seem to work > > as I expected and I would really appreciate if somebody > > can tell my why this is the case. > > > > My setup: > > I have a DSL router connecting a /28 network to the internet. > > I put a linux box with 2 ethernet cards between my router and > > the rest of the subnet. I set up the linux box as an ethernet > > bridge where the 2 ethernet cards has no ip address and the > > bridge has an ip address. I patched the kernel with the IMQ > > patch so that I can shape incoming traffic. eth0 is connected > > to the router and eth1 is connect to the rest of the public > > subnet. I have an iptables rule that routes all traffic on eth1 > > to the imq device.> If you put all incoming traffic on eth1 in the imq device, why > don''t you use > the outgoing traffic on eth0 do the same shaping? All traffic > entering the > box on eth1 leaves the box on eth0. That way you don''t need the > imq device.If I understand correctly I can shape incoming traffic by setting up a qdisc on eth0 and filters that match any of the ip addresses in my public subnet sitting behind the linux box that currently does the traffic shaping. Ok, I tried this but all traffic still seems to match only the default htb class. Here''s my tc script: #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbit ceil 128kbit tc class add dev eth0 parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.53 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.54 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.55 flowid 1:10 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.51 flowid 1:11 tc filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 196.xx.yy.52 flowid 1:11 And this is the ouput of "tc -s -d class show dev eth0": class htb 1:1 root prio 0 rate 128Kbit ceil 128Kbit burst 1753b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 1638 level 3 Sent 83954 bytes 576 pkts (dropped 0, overlimits 0) rate 30bps lended: 114 borrowed: 0 giants: 0 injects: 0 tokens: 101 ctokens: 101 class htb 1:10 parent 1:1 prio 0 rate 64Kbit ceil 128Kbit burst 1679b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 819 level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 injects: 0 tokens: 205 ctokens: 107 class htb 1:12 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 12864 bytes 215 pkts (dropped 0, overlimits 0) rate 30bps lended: 215 borrowed: 0 giants: 0 injects: 0 tokens: 387 ctokens: 104 class htb 1:11 parent 1:1 prio 0 rate 32Kbit ceil 128Kbit burst 1638b/8 mpu 0b cburst 1753b/8 mpu 0b quantum 409 level 0 Sent 71090 bytes 361 pkts (dropped 0, overlimits 97) lended: 247 borrowed: 114 giants: 0 injects: 0 tokens: 373 ctokens: 101 No packets seem to match any of the other classes although tcpdump confirms that there are definitely traffic destined for the ip addresses mentioned in my filters. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> what kinda bridge are you using? > bridge-nf? if you are it says it only supports iptables, you would have to > mark the packets then use filter to put the marked packets into > teh correct > queue for managingYes I''m using bridge-nf, but as far as I understand bridge-nf doesn''t require iptables for shaping - you only need to patch your kernel if you _want_ to use iptables. I am in any case not using "fw" but using "u32" which should match anything in a packet header. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> If I understand correctly I can shape incoming traffic by setting > up a qdisc on eth0 and filters that match any of the ip addresses > in my public subnet sitting behind the linux box that currently does > the traffic shaping.But all traffic coming on eth0 is leaving eht1 and vice versa. So shaping incoming traffic on eth0 is the same as shaping outgoing traffic on eth1.> No packets seem to match any of the other classes although tcpdump > confirms that there are definitely traffic destined for the ip addresses > mentioned in my filters.Mhh. It should work. I will think about it tonight. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
does not HTB only shape on outgoing traffic? unless you start doing some ingress queues? ----- Original Message ----- From: "Stef Coene" <stef.coene@docum.org> To: "Roché Compaan" <roche@upfrontsystems.co.za>; <lartc@mailman.ds9a.nl> Sent: Monday, July 29, 2002 5:54 AM Subject: Re: [LARTC] Bridge with Traffic shaping> If I understand correctly I can shape incoming traffic by setting > up a qdisc on eth0 and filters that match any of the ip addresses > in my public subnet sitting behind the linux box that currently does > the traffic shaping.But all traffic coming on eth0 is leaving eht1 and vice versa. So shaping incoming traffic on eth0 is the same as shaping outgoing traffic on eth1.> No packets seem to match any of the other classes although tcpdump > confirms that there are definitely traffic destined for the ip addresses > mentioned in my filters.Mhh. It should work. I will think about it tonight. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Stef I think I caused unnecessary alarm. There was actually a network cable connecting my router and hub behind the linux box that does the shaping, duh :-) I forgot to pull it out once I move some servers around causing very little traffic to go through the box doing the shaping. On Mon, 2002-07-29 at 14:54, Stef Coene wrote:> > If I understand correctly I can shape incoming traffic by setting > > up a qdisc on eth0 and filters that match any of the ip addresses > > in my public subnet sitting behind the linux box that currently does > > the traffic shaping. > But all traffic coming on eth0 is leaving eht1 and vice versa. So shaping > incoming traffic on eth0 is the same as shaping outgoing traffic on eth1.This seems to be working now. Are there tools that I can test this with. Traffic seems to go through all classes now and there is good amount of borrowed and lended packets on all classes. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> I think I caused unnecessary alarm. There was actually > a network cable connecting my router and hub behind the linux > box that does the shaping, duh :-) I forgot to pull it out once I > move some servers around causing very little traffic to go through > the box doing the shaping.:)> This seems to be working now. Are there tools that I can test this > with. Traffic seems to go through all classes now and there is good > amount of borrowed and lended packets on all classes.I have some scripts that generate graphs based on the output of tc. See www.docum.org under "gui". There is a link to an example setup that monitors my internet connection at home. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/