Hi all, I am trying to use cbq to limit the traffic of an interface. I want all traffic from local addresses to pass through unlimted, all web-traffic limited to 500kbit and the rest limited to 250kbit. The 500kbit and the 250kbit traffic should be allowed to borrow from each other, but not from the unlimited local addresses. Here''s the setup: # 1:0 cbq # / | \ # / | \ # / | \ # 1:1 1:2 1:3 # | | | # | | | # 2:0 3:0 4:0 sfq # # local Web rest # unl. LIMIT1 LIMIT2 I made 1:1 isolated but 1:2 and 1:3 still borrow from it. bounded however works as expected. Did I miss something or is the isolated option broken? btw: I tried it with a 2.4.10 and a 2.4.19 kernel. here are the commands I tried: ---------------------------------------------------------------------- # IP to route through 1:1 LOCALIP=192.168.0.0/24 # Limit of 1:2 LIMIT1=500kbit # Limit of 1:3 LIMIT2=250kbit # Interface to limit IFACE=eth1 # 1:0 cbq qdisc tc qdisc add dev $IFACE root handle 1:0 cbq bandwidth 100Mbit \ avpkt 1000 # 1:1 cbq class; unlimited tc class add dev $IFACE parent 1:0 classid 1:1 cbq \ bandwidth 100Mbit rate 100Mbit maxburst 20 avpkt 1000 isolated # 1:2 cbq class; limited to $LIMIT1 tc class add dev $IFACE parent 1:0 classid 1:2 cbq \ bandwidth 100Mbit rate $LIMIT1 maxburst 20 avpkt 1000 # 1:3 cbq class; limited to $LIMIT2 tc class add dev $IFACE parent 1:0 classid 1:3 cbq \ bandwidth 100Mbit rate $LIMIT2 maxburst 20 avpkt 1000 # 2:0, 3:0 sfq tc qdisc add dev $IFACE parent 1:1 handle 2:0 sfq tc qdisc add dev $IFACE parent 1:2 handle 3:0 sfq tc qdisc add dev $IFACE parent 1:3 handle 4:0 sfq # everything from $LOCALIP goes to 1:1 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip src $LOCALIP flowid 1:1 # port 80 to 1:2 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip sport 80 0xffff flowid 1:2 # port 443 to 1:2 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip sport 443 0xffff flowid 1:2 # everything else to 1:3 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip src 0.0.0.0/0 flowid 1:3 ---------------------------------------------------------------------- So far.. - Clemens - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Answer on the subject : Not. I tried the isolated paramter in some cbq scripts and I had some strange results : http://www.docum.org/stef.coene/qos/tests/cbq/classes.html In short : don''t use isolated if you want to avoid problems. Stef On Friday 01 November 2002 21:15, Clemens Resanka wrote:> Hi all, > > I am trying to use cbq to limit the traffic of an interface. > > I want all traffic from local addresses to pass through unlimted, all > web-traffic limited to 500kbit and the rest limited to 250kbit. The > 500kbit and the 250kbit traffic should be allowed to borrow from each > other, but not from the unlimited local addresses. > > Here''s the setup: > > # 1:0 cbq > # / | \ > # / | \ > # / | \ > # 1:1 1:2 1:3 > # | | | > # | | | > # 2:0 3:0 4:0 sfq > # > # local Web rest > # unl. LIMIT1 LIMIT2 > > I made 1:1 isolated but 1:2 and 1:3 still borrow from it. bounded > however works as expected. > > Did I miss something or is the isolated option broken? > > btw: I tried it with a 2.4.10 and a 2.4.19 kernel. > > here are the commands I tried: > ---------------------------------------------------------------------- > > # IP to route through 1:1 > LOCALIP=192.168.0.0/24 > > # Limit of 1:2 > LIMIT1=500kbit > > # Limit of 1:3 > LIMIT2=250kbit > > # Interface to limit > IFACE=eth1 > > # 1:0 cbq qdisc > tc qdisc add dev $IFACE root handle 1:0 cbq bandwidth 100Mbit \ > avpkt 1000 > > # 1:1 cbq class; unlimited > tc class add dev $IFACE parent 1:0 classid 1:1 cbq \ > bandwidth 100Mbit rate 100Mbit maxburst 20 avpkt 1000 isolated > > # 1:2 cbq class; limited to $LIMIT1 > tc class add dev $IFACE parent 1:0 classid 1:2 cbq \ > bandwidth 100Mbit rate $LIMIT1 maxburst 20 avpkt 1000 > > # 1:3 cbq class; limited to $LIMIT2 > tc class add dev $IFACE parent 1:0 classid 1:3 cbq \ > bandwidth 100Mbit rate $LIMIT2 maxburst 20 avpkt 1000 > > # 2:0, 3:0 sfq > tc qdisc add dev $IFACE parent 1:1 handle 2:0 sfq > tc qdisc add dev $IFACE parent 1:2 handle 3:0 sfq > tc qdisc add dev $IFACE parent 1:3 handle 4:0 sfq > > # everything from $LOCALIP goes to 1:1 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ > match ip src $LOCALIP flowid 1:1 > # port 80 to 1:2 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ > match ip sport 80 0xffff flowid 1:2 > # port 443 to 1:2 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ > match ip sport 443 0xffff flowid 1:2 > # everything else to 1:3 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ > match ip src 0.0.0.0/0 flowid 1:3 > > ---------------------------------------------------------------------- > > > > So far.. > > - Clemens - > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/-- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
In the filter sequence, would not all packets match the first filter and hence go thro'' that only? Should the filter chain be modified to have the $LOCALIP source last so that packets not coming from sport 80 and 443 will only reach that filter as intended. What does rest mean in 4:0 when it would anyway match 2:0? The match or filter conditions do not look different at all. If my understanding is wrong, I''d like to know the correct one. Mohan -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Clemens Resanka Sent: Saturday, November 02, 2002 1:45 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] how does <<isolated>> work?? Hi all, I am trying to use cbq to limit the traffic of an interface. I want all traffic from local addresses to pass through unlimted, all web-traffic limited to 500kbit and the rest limited to 250kbit. The 500kbit and the 250kbit traffic should be allowed to borrow from each other, but not from the unlimited local addresses. Here''s the setup: # 1:0 cbq # / | \ # / | \ # / | \ # 1:1 1:2 1:3 # | | | # | | | # 2:0 3:0 4:0 sfq # # local Web rest # unl. LIMIT1 LIMIT2 I made 1:1 isolated but 1:2 and 1:3 still borrow from it. bounded however works as expected. Did I miss something or is the isolated option broken? btw: I tried it with a 2.4.10 and a 2.4.19 kernel. here are the commands I tried: ---------------------------------------------------------------------- # IP to route through 1:1 LOCALIP=192.168.0.0/24 # Limit of 1:2 LIMIT1=500kbit # Limit of 1:3 LIMIT2=250kbit # Interface to limit IFACE=eth1 # 1:0 cbq qdisc tc qdisc add dev $IFACE root handle 1:0 cbq bandwidth 100Mbit \ avpkt 1000 # 1:1 cbq class; unlimited tc class add dev $IFACE parent 1:0 classid 1:1 cbq \ bandwidth 100Mbit rate 100Mbit maxburst 20 avpkt 1000 isolated # 1:2 cbq class; limited to $LIMIT1 tc class add dev $IFACE parent 1:0 classid 1:2 cbq \ bandwidth 100Mbit rate $LIMIT1 maxburst 20 avpkt 1000 # 1:3 cbq class; limited to $LIMIT2 tc class add dev $IFACE parent 1:0 classid 1:3 cbq \ bandwidth 100Mbit rate $LIMIT2 maxburst 20 avpkt 1000 # 2:0, 3:0 sfq tc qdisc add dev $IFACE parent 1:1 handle 2:0 sfq tc qdisc add dev $IFACE parent 1:2 handle 3:0 sfq tc qdisc add dev $IFACE parent 1:3 handle 4:0 sfq # everything from $LOCALIP goes to 1:1 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip src $LOCALIP flowid 1:1 # port 80 to 1:2 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip sport 80 0xffff flowid 1:2 # port 443 to 1:2 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip sport 443 0xffff flowid 1:2 # everything else to 1:3 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip src 0.0.0.0/0 flowid 1:3 ---------------------------------------------------------------------- So far.. - Clemens - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, The filters work as expected. tc -s qdisc shows traffic for all 3 qdiscs. The first filter rule only applies to all packets coming from 192.168.0.0/24. All other packets are divided to 1:2 and 1:3. At Sat, 2 Nov 2002 08:00:56 +0530, S Mohan wrote:> > In the filter sequence, would not all packets match the first filter and > hence go thro'' that only? Should the filter chain be modified to have > the $LOCALIP source last so that packets not coming from sport 80 and > 443 will only reach that filter as intended. What does rest mean in 4:0 > when it would anyway match 2:0? The match or filter conditions do not > look different at all. > > If my understanding is wrong, I''d like to know the correct one. > > Mohan > > -----Original Message----- > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] > On Behalf Of Clemens Resanka > Sent: Saturday, November 02, 2002 1:45 AM > To: lartc@mailman.ds9a.nl > Subject: [LARTC] how does <<isolated>> work?? > > > Hi all, > > I am trying to use cbq to limit the traffic of an interface. > > I want all traffic from local addresses to pass through unlimted, all > web-traffic limited to 500kbit and the rest limited to 250kbit. The > 500kbit and the 250kbit traffic should be allowed to borrow from each > other, but not from the unlimited local addresses. > > Here''s the setup: > > # 1:0 cbq > # / | \ > # / | \ > # / | \ > # 1:1 1:2 1:3 > # | | | > # | | | > # 2:0 3:0 4:0 sfq > # > # local Web rest > # unl. LIMIT1 LIMIT2 > > I made 1:1 isolated but 1:2 and 1:3 still borrow from it. bounded > however works as expected. > > Did I miss something or is the isolated option broken? > > btw: I tried it with a 2.4.10 and a 2.4.19 kernel. > > here are the commands I tried: > ---------------------------------------------------------------------- > > # IP to route through 1:1 > LOCALIP=192.168.0.0/24 > > # Limit of 1:2 > LIMIT1=500kbit > > # Limit of 1:3 > LIMIT2=250kbit > > # Interface to limit > IFACE=eth1 > > # 1:0 cbq qdisc > tc qdisc add dev $IFACE root handle 1:0 cbq bandwidth 100Mbit \ avpkt > 1000 > > # 1:1 cbq class; unlimited > tc class add dev $IFACE parent 1:0 classid 1:1 cbq \ > bandwidth 100Mbit rate 100Mbit maxburst 20 avpkt 1000 isolated > > # 1:2 cbq class; limited to $LIMIT1 > tc class add dev $IFACE parent 1:0 classid 1:2 cbq \ > bandwidth 100Mbit rate $LIMIT1 maxburst 20 avpkt 1000 > > # 1:3 cbq class; limited to $LIMIT2 > tc class add dev $IFACE parent 1:0 classid 1:3 cbq \ > bandwidth 100Mbit rate $LIMIT2 maxburst 20 avpkt 1000 > > # 2:0, 3:0 sfq > tc qdisc add dev $IFACE parent 1:1 handle 2:0 sfq > tc qdisc add dev $IFACE parent 1:2 handle 3:0 sfq > tc qdisc add dev $IFACE parent 1:3 handle 4:0 sfq > > # everything from $LOCALIP goes to 1:1 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip > src $LOCALIP flowid 1:1 > # port 80 to 1:2 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip > sport 80 0xffff flowid 1:2 > # port 443 to 1:2 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip > sport 443 0xffff flowid 1:2 > # everything else to 1:3 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip > src 0.0.0.0/0 flowid 1:3 > > ---------------------------------------------------------------------- > > > > So far.. > > - Clemens - > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/So far.. - Clemens - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/