LARTC - Mar 2003 - [LONG] Weird problem with HTB using htb.init

This is a long message. Please use a monospace font :)

I''m trying to shape the traffic between my LAN and the Internet. My
link is an
ADSL 512/128 line. The network is shaped like this:

       LAN                     GATEWAY                 ROUTER
 ------------------          -------------          ------------
|  192.168.0.1/16  | <----> | 192.168.0.1 | <----> | 10.0.0.138 |
<--> INET
 ------------------          -------------          ------------

NAT/PAT/MASQ occurs in two places. From gateway to router (192.168.0.1/16 -> 
10.0.0.1/8) and from router to net. I''ve put the shaper in my gateway
and am
trying to shape both incoming & outgoing traffic by placing shapers at both 
eth0 (download) & eth1 (upload). This to keep my connection usable while
i''m
running emule or other mass downloader/p2p programs.

What i''m trying to do is shape every upload to max 90kbit/s but give
priority
to HTTP,SSH,TELNET,POP3,SMTP,DNS & low priority to everything else. The same
thing for the downloads but this time for 450kbit/s.

What happens is emule works as normal but HTTP gives lots of timeouts on 
connecting, and even when it connects, it continues to timeout on the images 
of the pages for example. But i''ve been able to determine by listening
to a
shoutcast stream that uses port 80 that once the connection is made it stays 
stable. So the problem seems to be establishing new connections. I dont know 
if the other protocols dont suffer from this problem or they have larger 
timeouts.

I''ve changed every htb.init option i could think of and i couldnt fix
it. If
someone has an idea please say something.

Thanks.

Attached are the commands generated by htb.ini compile & the list from 
htb.init list & htb.init stats.


The class files on eth1 (upload) are:
-------------/-------------

root@sentinel:/etc/sysconfig/htb# ls eth1*
eth1  eth1-2.root  eth1-2:10.high  eth1-2:20.normal  eth1-2:30.low

root@sentinel:/etc/sysconfig/htb# cat eth1
DEFAULT=30
R2Q=1

root@sentinel:/etc/sysconfig/htb# cat eth1-2.root
# root class for outgoing traffic
RATE=90Kbit
LEAF=sfq

root@sentinel:/etc/sysconfig/htb# cat eth1-2\:10.high
# class for outgoing high priority traffic
RATE=30Kbit
CEIL=prate
#BURST=15k
LEAF=sfq

# HTTP
RULE=*:80
# SSH
RULE=*:22
# TELNET
RULE=*:23
# SMTP
RULE=*:25
# DNS
RULE=*:53
# POP3
RULE=*:110

root@sentinel:/etc/sysconfig/htb# cat eth1-2\:20.normal
# class for outgoing normal traffic
RATE=30Kbit
CEIL=prate
# BURST=15k
LEAF=sfq

# IRC
RULE=*:6667

root@sentinel:/etc/sysconfig/htb# cat eth1-2\:30.low
# default class for unclassified traffic
RATE=20Kbit
CEIL=prate
# BURST=15k
LEAF=sfq

# EMULE
RULE=*:3000
RULE=*:3000,
RULE=*:3010
RULE=*:3010,
RULE=*:4662
RULE=*:4662,
--------------/-------------------

The class files for eth0 download:
-------------/--------------------

root@sentinel:/etc/sysconfig/htb# ls eth0*
eth0  eth0-2.root  eth0-2:10.high  eth0-2:20.normal  eth0-2:30.low

root@sentinel:/etc/sysconfig/htb# cat eth0
DEFAULT=30
R2Q=10

root@sentinel:/etc/sysconfig/htb# cat eth0-2.root
# root class for outgoing traffic
RATE=450Kbit
#BURST=15k
LEAF=sfq

root@sentinel:/etc/sysconfig/htb# cat eth0-2\:10.high
# class for outgoing high priority traffic
RATE=150Kbit
CEIL=prate
#BURST=15k
LEAF=sfq

# HTTP
RULE=*:80,
# SSH
RULE=*:22,
# TELNET
RULE=*:23,
# SMTP
RULE=*:25,
# DNS
RULE=*:53,
# POP3
RULE=*:110,

root@sentinel:/etc/sysconfig/htb# cat eth0-2\:20.normal
# class for outgoing normal traffic
RATE=150Kbit
CEIL=prate
# BURST=15k
LEAF=sfq

# IRC
RULE=*:6667,

root@sentinel:/etc/sysconfig/htb# cat eth0-2\:30.low
# class for low priority traffic
RATE=150Kbit
CEIL=prate
# BURST=15k
LEAF=sfq

# EMULE
RULE=*:3000,
RULE=*:3010,
RULE=*:4662,
RULE=*:3000
RULE=*:3010
RULE=*:4662
--------------------/-------------------

On Sunday 16 March 2003 21:52, Ricardo Jorge da Fonseca Marques Ferreira 
wrote:
> This is a long message. Please use a monospace font :)
>
> I''m trying to shape the traffic between my LAN and the Internet.
My link is
> an ADSL 512/128 line. The network is shaped like this:
>
>        LAN                     GATEWAY                 ROUTER
>  ------------------          -------------          ------------
>
> |  192.168.0.1/16  | <----> | 192.168.0.1 | <----> | 10.0.0.138
| <--> INET
>
>  ------------------          -------------          ------------
>
> NAT/PAT/MASQ occurs in two places. From gateway to router (192.168.0.1/16
> -> 10.0.0.1/8) and from router to net. I''ve put the shaper in
my gateway
> and am trying to shape both incoming & outgoing traffic by placing
shapers
> at both eth0 (download) & eth1 (upload). This to keep my connection
usable
> while i''m running emule or other mass downloader/p2p programs.
>
> What i''m trying to do is shape every upload to max 90kbit/s but
give
> priority to HTTP,SSH,TELNET,POP3,SMTP,DNS & low priority to everything
> else. The same thing for the downloads but this time for 450kbit/s.
>
> What happens is emule works as normal but HTTP gives lots of timeouts on
> connecting, and even when it connects, it continues to timeout on the
> images of the pages for example. But i''ve been able to determine
by
> listening to a shoutcast stream that uses port 80 that once the connection
> is made it stays stable. So the problem seems to be establishing new
> connections. I dont know if the other protocols dont suffer from this
> problem or they have larger timeouts.
I executed your script on my router and I had no http timeouts.  Everything 
went fine.
> I''ve changed every htb.init option i could think of and i couldnt
fix it.
> If someone has an idea please say something.
You have a sfq qdisc attached to your parent class.  That''s not
possible.  You
can add the sfq qdisc, but if you add a child class, the sfq qdisc is 
removed.
> Thanks.
>
> Attached are the commands generated by htb.ini compile & the list from
> htb.init list & htb.init stats.
I looked at your tc stats, and I found it strange that you have negative 
tokens and ctokens.  But I don''t think this is causing the http
timeouts.
If you have these timeouts, is your link havely used?  If yes, you can try to 
prorize ACKS/SYN packets.  

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Sunday 16 March 2003 22:13, Stef Coene wrote:
>
> You have a sfq qdisc attached to your parent class.  That''s not
possible.
> You can add the sfq qdisc, but if you add a child class, the sfq qdisc is
> removed.
Hmm, i removed it. Still timeouts, but it wouldnt matter as it would be 
removed anyway.
> I looked at your tc stats, and I found it strange that you have negative
> tokens and ctokens.  But I don''t think this is causing the http
timeouts.
> If you have these timeouts, is your link havely used?  If yes, you can try
> to prorize ACKS/SYN packets.
I''ve seen it happening when i''m limiting emule traffic to
150kbit/s download &
30kbit/s upload and the emule program itself showed it was not above those 
limits through its graphs. One thing with emule is it creates ALOT of 
connections. I have alot of downloads on queue and some of those have more 
than 1500 sources. Could it be that the huge number of connections is 
confusing some part of Linux QoS ?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Sunday 16 March 2003 23:29, Ricardo Jorge da Fonseca Marques Ferreira 
wrote:
> On Sunday 16 March 2003 22:13, Stef Coene wrote:
> > You have a sfq qdisc attached to your parent class.  That''s
not possible.
> > You can add the sfq qdisc, but if you add a child class, the sfq qdisc
is
> > removed.
>
> Hmm, i removed it. Still timeouts, but it wouldnt matter as it would be
> removed anyway.
>
> > I looked at your tc stats, and I found it strange that you have
negative
> > tokens and ctokens.  But I don''t think this is causing the
http timeouts.
> > If you have these timeouts, is your link havely used?  If yes, you can
> > try to prorize ACKS/SYN packets.
>
> I''ve seen it happening when i''m limiting emule traffic to
150kbit/s
> download & 30kbit/s upload and the emule program itself showed it was
not
> above those limits through its graphs. One thing with emule is it creates
> ALOT of connections. I have alot of downloads on queue and some of those
> have more than 1500 sources. Could it be that the huge number of
> connections is confusing some part of Linux QoS ?
Mhh.  It can be.  If you add a sfq qdisc, each connection will create a new 
entry in the hash key.  But I don''t know what happens if the hash key
is
full.  If all other connections end up in 1 hash key, it''s possible
that you
get timeouts.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Monday 17 March 2003 17:25, Stef Coene wrote:
> Mhh.  It can be.  If you add a sfq qdisc, each connection will create a new
> entry in the hash key.  But I don''t know what happens if the hash
key is
> full.  If all other connections end up in 1 hash key, it''s
possible that
> you get timeouts.
Hmmm, i closed emule and started an upload using all my UP bandwidth & a 
download using roughly what emule used. They all fall into the same classes 
that emule traffic did. I get no timeouts this way. If the number of 
connections is the problem, is there anyway to prevent this ?

Thanks
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Could it be a problem of port mapping? Emule, edonkey and other use free
ports and are not specific about which port they use. If they try to use
some ports blocked for inward traffic, timeouts are logical. I may be
wrong here as I do not know the exact set up.

Mohan

-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
On Behalf Of Ricardo Jorge da Fonseca Marques Ferreira
Sent: Tuesday, March 18, 2003 4:28 AM
To: Stef Coene; lartc@mailman.ds9a.nl
Subject: Re: [LARTC] [LONG] Weird problem with HTB using htb.init


On Monday 17 March 2003 17:25, Stef Coene wrote:
> Mhh.  It can be.  If you add a sfq qdisc, each connection will create 
> a new entry in the hash key.  But I don''t know what happens if the
> hash key is full.  If all other connections end up in 1 hash key,
it''s
> possible that you get timeouts.
Hmmm, i closed emule and started an upload using all my UP bandwidth & a

download using roughly what emule used. They all fall into the same
classes 
that emule traffic did. I get no timeouts this way. If the number of 
connections is the problem, is there anyway to prevent this ?

Thanks
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Tuesday 18 March 2003 02:20, S Mohan wrote:
> Could it be a problem of port mapping? Emule, edonkey and other use free
> ports and are not specific about which port they use. If they try to use
> some ports blocked for inward traffic, timeouts are logical. I may be
> wrong here as I do not know the exact set up.
>
I dont think so, because i experience timeouts with protocols like http,smtp, 
etc which have standard ports. Emule doesnt timeout or if it does i dont get 
notified about it.

It must be because of the large connection numbers.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/