Hi everybody, I''m new to this list, so I appologize if a similar case has been covered already... I have the configuration attached below... The problem is that my traffic control doesn''t work at all... Clients from any of the private networks manage to download even with 256Kbits from the Internet... The case is stranger because if I reboot the linux box, for a few minutes the traffic shapping seems to work... I mean from a machine in subnet 192.168.1.8/29 I download with 16-20Kbits... but not always (most often I get at least 128Kbps). A second question would be who has a higher priority: a PC from a prio 8 class filtered by a prio 3 filter, or a PC from a prio 3 class filtered by a prio 8 filter? I''m open for further details if neccessary... Thank you in advance, MT ################################################ # MY ARCHITECTURE ################################################ INTERNET <--> eth0 (1.2.3.4)--SuSE 7.1 (kernel 2.2)--eth1 (192.168.0.0/16) <--> hub ################################################ # MY FIREWALL (extras) ################################################ #marking packets for traffic control ipchains -A output -p all -s 192.168.1.0/30 -m 1 ipchains -A output -p all -s 192.168.1.8/29 -m 2 ipchains -A output -p all -s 192.168.2.0/27 -m 3 ... other several subnetworks here ... marks -m 4 5 6 ################################################ # MY TRAFFIC CONTROL POLICIES ################################################ # root qdisc and class tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit cell 8 avpkt 1000 mpu 64 tc class add dev eth0 parent 1: classid 1:1 cbq bandwidth 10Mbit rate 72Kbit weight 7.2Kbit prio 8 allot 1514 maxburst 20 avpkt 1000 bounded # class for mark 1 tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate 14Kbit allot 1514 cell 8 weight 1.4Kbit prio 8 maxburst 20 avpkt 1000 split 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 8 handle 1 fw classid 1:2 # class for mark 2 tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 10Mbit rate 44Kbit allot 1514 cell 8 weight 4.4Kbit prio 3 maxburst 20 avpkt 1000 split 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 2 fw classid 1:3 # class for mark 3 tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 10Mbit rate 44Kbit allot 1514 cell 8 weight 4.4Kbit prio 8 maxburst 20 avpkt 1000 split 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 8 handle 3 fw classid 1:4 # class for marks 4, 5, 6 tc class add dev eth0 parent 1:1 classid 1:6 cbq bandwidth 10Mbit rate 28.8Kbit allot 1514 cell 8 weight 2.88Kbit prio 3 maxburst 20 avpkt 1000 split 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 4 fw classid 1:6 tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 5 fw classid 1:6 tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 6 fw classid 1:6 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I need (or would at lest live very much :) to use two Classless Queues in series. I can''t see in the HOWTO how this is done, but guess at something like: tc qdisc add dev eth0 root handle 1: sfq (etc) tc qdisk add dev eth0 parent 1: tbf (etc) Am I on the right lines here? I also have a small problem with TBF... From the HOWTO sec 9.2.2, it is surgested that a value for the ''burst'' should be: "For 10mbit/s on Intel, you need at least 10kbyte buffer if you want to reach your configured rate!" Therefore: burst => rate * (8 / 1000) However, I find using this I get stall on ftp and other common protocols, when they get above the throttle rate, with low bandwidths (eg, 64kbit/sec). -- Or I completelly fail to understand the above statement... Does any person have a better method for calculating a good value for ''buffer'' ? Regards, Ben. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Ben,
: I need (or would at lest live very much :) to use two Classless Queues
: in series.
:
: I can''t see in the HOWTO how this is done, but guess at something
like:
:
: tc qdisc add dev eth0 root handle 1: sfq (etc)
: tc qdisk add dev eth0 parent 1: tbf (etc)
:
: Am I on the right lines here?
A classless queueing discipline cannot contain another queueing
discipline.
A classful queueing discipline can contain classes and leaf queueing
disciplines.
In other words:
- a classless queueing discipline is by definition, a terminal qdisc
- a classful queueing discipline can be terminal or
- can contain a class, which can be terminal or
- can contain another queueing discipline
Does that help?
: I also have a small problem with TBF... From the HOWTO sec 9.2.2, it is
: surgested that a value for the ''burst'' should be:
:
: "For 10mbit/s on Intel, you need at least 10kbyte buffer if you want to
: reach your configured rate!"
:
: Therefore: burst => rate * (8 / 1000)
:
: However, I find using this I get stall on ftp and other common
: protocols, when they get above the throttle rate, with low bandwidths
: (eg, 64kbit/sec). -- Or I completelly fail to understand the above
: statement...
:
: Does any person have a better method for calculating a good value for
: ''buffer'' ?
I''m afraid I can''t help you on this question.
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wednesday 12 March 2003 16:49, Mugur TOMITA wrote:> Hi everybody, > > I''m new to this list, so I appologize if a similar case has been covered > already... I have the configuration attached below... > The problem is that my traffic control doesn''t work at all... > Clients from any of the private networks manage to download even with > 256Kbits from the Internet... > The case is stranger because if I reboot the linux box, for a few minutes > the traffic shapping seems to work... I mean from a machine in subnet > 192.168.1.8/29 I download with 16-20Kbits... but not always (most often I > get at least 128Kbps). > > A second question would be who has a higher priority: > a PC from a prio 8 class filtered by a prio 3 filter, or > a PC from a prio 3 class filtered by a prio 8 filter?Prio for filters is used to order the filters. Filters with lower prio are checked first. Prio for a class is something else. A class with a lower prio is allowed to send data first before the other classes. And prio 7 is the biggest prio you can specify. I found no errors in your tc rules. If you want more info about cbq (tests/docs/scripts/tips/faq/...) you can go to http://docum.org. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wednesday 12 March 2003 18:07, Ben Clewett wrote:> I need (or would at lest live very much :) to use two Classless Queues > in series. > > I can''t see in the HOWTO how this is done, but guess at something like: > > tc qdisc add dev eth0 root handle 1: sfq (etc) > tc qdisk add dev eth0 parent 1: tbf (etc) > > Am I on the right lines here?Not really. Like Martin said, some qdiscs can contain classes (htb/cbq). You can add a second qdisc on that classes. In fact, each leaf class contains a qdisc. By default this is a pfifo qdisc, but you can replace it with a classfull qdisc. And you can add a third qdisc to the classes of that second qdisc and so on. But each qdisc introduces a new queue so extra delays.> I also have a small problem with TBF... From the HOWTO sec 9.2.2, it is > surgested that a value for the ''burst'' should be: > > "For 10mbit/s on Intel, you need at least 10kbyte buffer if you want to > reach your configured rate!" > > Therefore: burst => rate * (8 / 1000) > > However, I find using this I get stall on ftp and other common > protocols, when they get above the throttle rate, with low bandwidths > (eg, 64kbit/sec). -- Or I completelly fail to understand the above > statement...The minimal burst is the amount of packets you can check between 2 updates. And this depends on the internal clock used by the kernel. Say this clock checks the rate each 1/10 second. And you have a rate of 1mbit/s. Then you need a minimal burst of 0.1mbit. If your burst is lower, say 0.05mbit, you only can send 0.05mbit each time your timer checks the tbf so you have a rate of 0.5mbit/s.> Does any person have a better method for calculating a good value for > ''buffer'' ?No. But the bigger the buffer, the more time a packet can stay in the bufffer so the deay can go up. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Stef Coene, thank you for your feed-back. I have already read docum.org... The tests proved a difference of max 20Kbps between theory and real life for cbq. In my case practically nobody is limited... In my scripts there are classes with prio 8... you say max is 7... could this be the problem? Could it be possible that on hard traffic cbq to just let pass packets? This is a stupid question I guess... Do I have a chance solving the problem by swtching to HTB? This is what MRTG says about one of my 14.4Kbps clients :-) Max In 234.4 kb/s (2.3%) Average In 76.0 kb/s (0.8%) Current In 872.0 b/s (0.0%) Any opinion on ''Traffic Shaper''? I''m considering changing the shaping tool... MT On Wednesday 12 March 2003 16:49, Mugur TOMITA wrote:> Hi everybody, > > I''m new to this list, so I appologize if a similar case has been covered > already... I have the configuration attached below... > The problem is that my traffic control doesn''t work at all... > Clients from any of the private networks manage to download even with > 256Kbits from the Internet... > The case is stranger because if I reboot the linux box, for a few minutes > the traffic shapping seems to work... I mean from a machine in subnet > 192.168.1.8/29 I download with 16-20Kbits... but not always (most often I > get at least 128Kbps). > > A second question would be who has a higher priority: > a PC from a prio 8 class filtered by a prio 3 filter, or > a PC from a prio 3 class filtered by a prio 8 filter?Prio for filters is used to order the filters. Filters with lower prio are checked first. Prio for a class is something else. A class with a lower prio is allowed to send data first before the other classes. And prio 7 is the biggest prio you can specify. I found no errors in your tc rules. If you want more info about cbq (tests/docs/scripts/tips/faq/...) you can go to http://docum.org. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wednesday 12 March 2003 22:28, Mugur TOMITA wrote:> Stef Coene, thank you for your feed-back. I have already read > docum.org... The tests proved a difference of max 20Kbps between > theory and real life for cbq.That''s because cbq has to guess the conditions on the link and it uses some averages. Like packet size.> In my case practically nobody is limited... > In my scripts there are classes with prio 8... you say max is 7... > could this be the problem?No. If you do tc -s -d class show dev eth0 you propably see prio 7 for the prio 8 classes.> Could it be possible that on hard traffic cbq to just let pass > packets? This is a stupid question I guess... > Do I have a chance solving the problem by swtching to HTB?Yes and no :) htb is easier to understand/implement, there are no obscure options. But if your problem is setup related, reimplementing the rules in htb can create the same problem. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Here is my output... no prio 7... ######### # OUTPUT ######### linux:~ # tc -s -d class show dev eth0 class cbq 1: root rate 10Mbit cell 8b mpu 64b (bounded,isolated) prio no-transmit/8 weight 10Mbit allot 1514b level 2 ewma 5 avpkt 1000b maxidle 23us Sent 59862492 bytes 453121 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 605 undertime 0 class cbq 1:1 parent 1: rate 72Kbit cell 8b (bounded) prio no-transmit/8 weight 921bps allot 1514b level 1 ewma 5 avpkt 1000b maxidle 95565us Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 2.5052e+06 undertime 0 class cbq 1:2 parent 1:1 rate 14Kbit cell 8b (bounded) prio no-transmit/8 weight 179bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 494285us split 1: Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 1.29574e+07 undertime 0 class cbq 1:3 parent 1:1 rate 14Kbit cell 8b (bounded) prio no-transmit/8 weight 179bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 494285us split 1: Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 1.29574e+07 undertime 0 class cbq 1:4 parent 1:1 rate 44Kbit cell 8b (bounded) prio no-transmit/8 weight 563bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 156810us split 1: Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 4.11072e+06 undertime 0 class cbq 1:6 parent 1:1 rate 3686bps cell 8b (bounded) prio 3/3 weight 368bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 239956us split 1: Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 6.29031e+06 undertime 0 class cbq 1:8 parent 1:1 rate 64Kbit cell 8b prio 1/1 weight 819bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 107595us split 1: Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 2.82057e+06 undertime 0 linux:~ #>> Could it be possible that on hard traffic cbq to just let pass >> packets? This is a stupid question I guess... >> Do I have a chance solving the problem by swtching to HTB? >Yes and no :) >htb is easier to understand/implement, there are no obscure options. But if >your problem is setup related, reimplementing the rules in htb can create the >same problem.There isn''t much of a setup... I just take my private network on eth1, masquerade it and shape it over eth0... Don''t know what to say... take a look at the output, maybe you''ll find something wrong. Don''t mind the origninal numbering (of the classes and packet marking) I used in my first message as I changed it for easier reading... anyway, i''m attaching my original shaping script to this message. One more question: I always use weight = rate / 10. Why does weight has these strange values in my output? Thank you for your support, Mugur ############################################################# # REAL FILE (this is the one that generated the above output) ############################################################# tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit cell 8 avpkt 1000 mpu 64 tc class add dev eth0 parent 1: classid 1:1 cbq bandwidth 10Mbit rate 72Kbit weight 7.2Kbit prio 8 allot 1514 maxburst 20 avpkt 1000 bounded tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate 14Kbit allot 1514 cell 8 weight 1.4Kbit prio 8 maxburst 20 avpkt 1000 split 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 8 handle 7 fw classid 1:2 tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 10Mbit rate 14Kbit allot 1514 cell 8 weight 1.4Kbit prio 8 maxburst 20 avpkt 1000 split 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 8 handle 3 fw classid 1:3 tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 10Mbit rate 44Kbit allot 1514 cell 8 weight 4.4Kbit prio 8 maxburst 20 avpkt 1000 split 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 8 handle 5 fw classid 1:4 tc class add dev eth0 parent 1:1 classid 1:6 cbq bandwidth 10Mbit rate 28.8Kbit allot 1514 cell 8 weight 2.88Kbit prio 3 maxburst 20 avpkt 1000 split 1:0 boun ded tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 2 fw classid 1:6 tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 6 fw classid 1:6 tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 8 fw classid 1:6 tc class add dev eth0 parent 1:1 classid 1:8 cbq bandwidth 10Mbit rate 64Kbit allot 1514 cell 8 weight 6.4Kbit prio 1 maxburst 20 avpkt 1000 split 1:0 tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 4 fw classid 1:8 1Help 2UnWrap 3Quit 4Hex 5Line 6RxSrch 7Search 8Raw 9Unform 10Quit _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wednesday 12 March 2003 23:30, Mugur TOMITA wrote:> Here is my output... no prio 7...Mh. I tested it with htb and there is only prio 0-7.> ######### > # OUTPUT > ######### > linux:~ # tc -s -d class show dev eth0 > class cbq 1: root rate 10Mbit cell 8b mpu 64b (bounded,isolated) prio > no-transmit/8 weight 10Mbit allot 1514b level 2 ewma 5 avpkt 1000b maxidle > 23us > Sent 59862492 bytes 453121 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 605 undertime 0 > class cbq 1:1 parent 1: rate 72Kbit cell 8b (bounded) prio no-transmit/8 > weight 921bps allot 1514b level 1 ewma 5 avpkt 1000b maxidle 95565us > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 2.5052e+06 undertime 0 > class cbq 1:2 parent 1:1 rate 14Kbit cell 8b (bounded) prio no-transmit/8 > weight 179bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 494285us > split 1: > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 1.29574e+07 undertime 0 > class cbq 1:3 parent 1:1 rate 14Kbit cell 8b (bounded) prio no-transmit/8 > weight 179bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 494285us > split 1: > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 1.29574e+07 undertime 0 > class cbq 1:4 parent 1:1 rate 44Kbit cell 8b (bounded) prio no-transmit/8 > weight 563bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 156810us > split 1: > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 4.11072e+06 undertime 0 > class cbq 1:6 parent 1:1 rate 3686bps cell 8b (bounded) prio 3/3 weight > 368bps allot 1514b level 0 ewma 5 avpkt 1000b maxidle 239956us > split 1: > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 6.29031e+06 undertime 0 > class cbq 1:8 parent 1:1 rate 64Kbit cell 8b prio 1/1 weight 819bps allot > 1514b level 0 ewma 5 avpkt 1000b maxidle 107595us > split 1: > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 2.82057e+06 undertime 0 > linux:~ # > > >Yes and no :) > >htb is easier to understand/implement, there are no obscure options. But > > if your problem is setup related, reimplementing the rules in htb can > > create the same problem. > There isn''t much of a setup... I just take my private network on eth1, > masquerade it and shape it over eth0...I mean the shaping setup (classes, filters, ...).> Don''t know what to say... take a look at the output, maybe you''ll find > something wrong.All sent counters are 0 execpt for the root class. So I''m quit sure that your filters are not working.> One more question: I always use weight = rate / 10. > Why does weight has these strange values in my output?I don''t know. Like I said, I use htb.> > ############################################################# > # REAL FILE (this is the one that generated the above output) > ############################################################# > tc qdisc del dev eth0 root > tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit cell 8 avpkt 1000 > mpu 64 tc class add dev eth0 parent 1: classid 1:1 cbq bandwidth 10Mbit > rate 72Kbit weight 7.2Kbit prio 8 allot 1514 maxburst 20 avpkt 1000 > bounded > > tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate > 14Kbit allot 1514 cell 8 weight 1.4Kbit prio 8 maxburst 20 avpkt 1000 split > 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 8 handle 7 > fw classid 1:2 > > tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 10Mbit rate > 14Kbit allot 1514 cell 8 weight 1.4Kbit prio 8 maxburst 20 avpkt 1000 split > 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 8 handle 3 > fw classid 1:3 > > tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 10Mbit rate > 44Kbit allot 1514 cell 8 weight 4.4Kbit prio 8 maxburst 20 avpkt 1000 split > 1:0 bounded tc filter add dev eth0 parent 1:0 protocol ip prio 8 handle 5 > fw classid 1:4 > > tc class add dev eth0 parent 1:1 classid 1:6 cbq bandwidth 10Mbit rate > 28.8Kbit allot 1514 cell 8 weight 2.88Kbit prio 3 maxburst 20 avpkt 1000 > split 1:0 boun ded > tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 2 fw classid > 1:6 tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 6 fw > classid 1:6 tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 8 > fw classid 1:6 > > tc class add dev eth0 parent 1:1 classid 1:8 cbq bandwidth 10Mbit rate > 64Kbit allot 1514 cell 8 weight 6.4Kbit prio 1 maxburst 20 avpkt 1000 split > 1:0 tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 4 fw > classid 1:8Euh. You don''t have any filters? How do you redirect traffic to a class? You need some filters to do so. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> > tc class add dev eth0 parent 1:1 classid 1:8 cbq bandwidth 10Mbit rate > > 64Kbit allot 1514 cell 8 weight 6.4Kbit prio 1 maxburst 20 avpkt 1000 split > > 1:0 tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 4 fw > > classid 1:8 > Euh. You don''t have any filters? How do you redirect traffic to a class? > You need some filters to do so.The filters are there... if you take a closer look you''ll that my copy/paste was falty... But I can tell you I solved the problem. I attched my solution below. Stef, you are right, my filters are not working... In fact I don''t konow what I did wrong: for marking packets depending on their source I used ipchains -A output -p all -s 192.168.1.0/30 -m 1 tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1: cbq bandwidth 10Mbit cell 8 avpkt 300 mpu 64 tc class add dev eth1 parent 1: classid 1:1 cbq bandwidth 10Mbit rate 72Kbit weight 7.2Kbit prio 7 allot 1514 maxburst 20 avpkt 300 bounded isolated tc class add dev eth1 parent 1:1 classid 1:3 cbq bandwidth 10Mbit rate 64Kbit weight 6.4Kbit prio 6 allot 1514 bounded isolated ip route add 192.168.1.8/29 via 192.168.1.1 realm 1 tc filter add dev eth1 parent 1:0 protocol ip prio 1 route to 1 classid 1:3 tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate 14Kbit allot 1514 cell 8 weight 1.4Kbit prio 7 maxburst 20 avpkt 300 split 1:0 bounded isolated ip route add 192.168.3.8/29 via 192.168.3.1 realm 2 tc filter add dev eth1 parent 1:0 protocol ip prio 7 route to 2 classid 1:2 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
The filters are there... if you take a closer look you''ll that my
copy/paste was falty...
But I can tell you I solved the problem. I attched my solution below.
Stef, you are right, my filters are not working...
In fact I don''t konow what I did wrong:
for marking packets depending on their source I used
ipchains -A output -p all -s 192.168.1.0/30 -m 1
and the filters look like
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:8
Could it be the fact that I made the marking on the output chains and
not on the input chain?
MT
###############
#PROBLEM SOLVED
###############
tc qdisc del dev eth1 root
tc qdisc add dev eth1 root handle 1: cbq bandwidth 10Mbit cell 8 avpkt 300 mpu
64
tc class add dev eth1 parent 1: classid 1:1 cbq bandwidth 10Mbit rate 72Kbit
weight 7.2Kbit prio 7 allot 1514 maxburst 20 avpkt 300 bounded isolated
tc class add dev eth1 parent 1:1 classid 1:3 cbq bandwidth 10Mbit rate 64Kbit
weight 6.4Kbit prio 6 allot 1514 bounded isolated
ip route add 192.168.1.8/29 via 192.168.1.1 realm 1
tc filter add dev eth1 parent 1:0 protocol ip prio 1 route to 1 classid 1:3
tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate 14Kbit
allot 1514 cell 8 weight 1.4Kbit prio 7 maxburst 20 avpkt 300 split 1:0 bounded
isolated
ip route add 192.168.3.8/29 via 192.168.3.1 realm 2
tc filter add dev eth1 parent 1:0 protocol ip prio 7 route to 2 classid 1:2
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thursday 13 March 2003 22:01, Mugur TOMITA wrote:> The filters are there... if you take a closer look you''ll that my > copy/paste was falty... > > But I can tell you I solved the problem. I attched my solution below. > Stef, you are right, my filters are not working... > In fact I don''t konow what I did wrong: > for marking packets depending on their source I used > ipchains -A output -p all -s 192.168.1.0/30 -m 1 > and the filters look like > tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw > classid 1:8 Could it be the fact that I made the marking on the output > chains and not on the input chain?Yes. If you nat, the source address is rewritten to the address of your firewall. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Indeed, I use transparent proxy, redirecting everything on port 80 to 3128, on the same machine. To make sure it''s clear, the scenario is simple: client enters eth1 on port 80, gets redirected to port 3128... I mark the packet depending on its source and than I apply a tc filter to direct it to the right tc class. In this case how should I mark the packets in order to be able to aply filters by handle? Mugur On Thursday 13 March 2003 22:01, Mugur TOMITA wrote:> The filters are there... if you take a closer look you''ll that my > copy/paste was falty... > > But I can tell you I solved the problem. I attched my solution below. > Stef, you are right, my filters are not working... > In fact I don''t konow what I did wrong: > for marking packets depending on their source I used > ipchains -A output -p all -s 192.168.1.0/30 -m 1 > and the filters look like > tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw > classid 1:8 Could it be the fact that I made the marking on the output > chains and not on the input chain?Yes. If you nat, the source address is rewritten to the address of your firewall. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Sunday 16 March 2003 09:26, Mugur TOMITA wrote:> Indeed, I use transparent proxy, redirecting everything on port 80 to > 3128, on the same machine. To make sure it''s clear, the scenario is > simple: client enters eth1 on port 80, gets redirected to port 3128... > I mark the packet depending on its source and than I apply a tc filter > to direct it to the right tc class. > > In this case how should I mark the packets in order to be able to aply > filters by handle?If you mark packets when they enter eth1 and they are redirected to squid, the mark is lost and can''t be used to filter with tc when they leave the box again. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> > Indeed, I use transparent proxy, redirecting everything on port 80 to > > 3128, on the same machine. To make sure it''s clear, the scenario is > > simple: client enters eth1 on port 80, gets redirected to port 3128... > > I mark the packet depending on its source and than I apply a tc filter > > to direct it to the right tc class. > > > > In this case how should I mark the packets in order to be able to aply > > filters by handle? >If you mark packets when they enter eth1 and they are redirected to squid, >the >mark is lost and can''t be used to filter with tc when they leave the box >again.Hi, A solution to filter tcp packets by source address after packets go through squid could be to let squid mark the packets, for example, with the DSCP mark: acl asdrubal src 192.168.1.2 tcp_outgoing_dscp 0xb8 asdrubal At the QoS egress, packets would be put in the wright traffic classes using dsmark. Does this makes any sense? I am currently doing that, though I am still looking for a more generic approach ... Regards, Joana Urbano