-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. I don''t know if this subject has been treated before. Anyway, this is my question: I have implemented a traffic control / advanced router server using iproute2 and tc (using htb). For all my outgoing tc policies, all it''s ok (all the traffic goes out using eth0, and therefore I''m able to catch it using the corresponfing tc filter). However, the incoming traffic has to be treated in eth1, which has several virtual ifaces (eth1:0, eth1:1, eth1:2 and so on). Even I have introduced all the tc rules correctly, the kernel is not matching any filter rule and there is no way to match any destination into any queue discipline. Anyone knows some way to implement that ? Here are my tc rules: tc qdisc add dev eth0 root handle 1: htb default 99 # Root class tc class add dev eth0 parent 1: classid 1:1 htb rate 3256kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit ## tc class add dev eth0 parent 1:1 classid 1:11 htb rate 128kbit ceil 128kbit ## tc class add dev eth0 parent 1:1 classid 1:12 htb rate 90kbit ceil 128kbit ## ... an so on tc class add dev eth0 parent 1:1 classid 1:99 htb rate 1024kbit ceil 3256kbit # tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 213.???.???.??? flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 213.???.???.??? flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 62..???.???.??? flowid 1:11 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 213..???.???.??? flowid 1:12 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 213.229.188.143 flowid 1:13 ... and so on - --> this is tha part that works correctly :-) # Root class tc class add dev eth1 parent 1: classid 1:1 htb rate 3256kbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit ## tc class add dev eth1 parent 1:1 classid 1:11 htb rate 128kbit ceil 128kbit ## tc class add dev eth1 parent 1:1 classid 1:12 htb rate 90kbit ceil 128kbit ## ... an so on tc class add dev eth1 parent 1:1 classid 1:99 htb rate 1024kbit ceil 3256kbit # tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 213.???.???.??? flowid 1:10 tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 213.???.???.??? flowid 1:10 tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 62..???.???.??? flowid 1:11 tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 213..???.???.??? flowid 1:12 tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 213.229.188.143 flowid 1:13 ... and so on - --> This part doesn''t match any filter rule !!!!! I think the possible problems could be: tc doesn''t match virtual interfaces, as the tc definition says eth1, not eth1:?. I have tried to define tc filter rules using eth1:?, but tc doen''t likes that. Anyone has been implemented an scenario similar than this ? Any help will be appreciated !! Regards Enric Ramos enric@helpdeskit.net -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPqmmLyu+yQzF8Lq8EQKZhwCg7xTocqm/RjEcaUScp2m4WX+k5HwAnjok NPzvrkoSIl4B4izx2p5T3yhp =P1Vy -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
We are just starting to research this stuff - I expect this mailing list to save my bacon many times :) I''d like to hear some ideas on how people test their setups. It seems to me that the ideal testing rig would be two computers, one on either side the router. Have one computer open up some number of connections with various procol characteristics to the other and start blasting data through each connection. Have the other computer display the rate at which data is being received for each connection in a really cool graphical way. Does anyone here actually have the tools to do this? I would be terribly grateful if anyone could point me in the right direction. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 25 April 2003 23:57, Patrick Turley wrote:> We are just starting to research this stuff - I expect this mailing list > to save my bacon many times :) > > I''d like to hear some ideas on how people test their setups. It seems to > me that the ideal testing rig would be two computers, one on either side > the router. Have one computer open up some number of connections with > various procol characteristics to the other and start blasting data > through each connection. Have the other computer display the rate at > which data is being received for each connection in a really cool > graphical way. > > Does anyone here actually have the tools to do this? I would be terribly > grateful if anyone could point me in the right direction.I have some scripts. You can find them on www.docum.org. They don''t look really cool, but they can show you what''s going on in real-time. I have a script that uses iptables counters. An other uses the tc counters. They are both shell scripts and I use them to automate my tests. I also have some scripts to store the tc counters in a rrd database so you can graph long term statistics. And I have written a java applet so you can see real-time graphs. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Saturday 26 April 2003 03:07, Jannes Faber wrote:> I''ve been using TC and HTB for a while now (almost a year). Took a while to > get it running, but it''s ok now (playing CounterStrike on one PC while two > others are using DirectConnect and Emule are fully using the upstream and > downstream).Do you mind sending my some more information? I can add this is an example setup to my faq.> Anyway, until recently I was doing it all blind, using iptraf for some > rough indication of some total values, but that was about it. So I decided > it was time to make some graphs. So I made a simple perl script (ahum... > actually I ripped apart a script made by Stef and added my own stuff) using > rrdtool to store and display all the data.Thx :) But if you wrote the script in perl, why don''t you use the rrdtool perl library''s? Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Enric Ramos Mas wrote:> I have implemented a traffic control / advanced router server using > iproute2 and tc (using htb). For all my outgoing tc policies, all > it''s ok (all the traffic goes out using eth0, and therefore I''m able > to catch it using the corresponfing tc filter). > > However, the incoming traffic has to be treated in eth1, which has > several virtual ifaces (eth1:0, eth1:1, eth1:2 and so on). > Even I have introduced all the tc rules correctly, the kernel is not > matching any filter rule and there is no way to match any destination > into any queue discipline. > > Anyone knows some way to implement that ?I''m also very interested about this question as I have similiar link configuration. One question about classes on eth0: do leaf rates (1:10 - 1:??) sum up to 3256kbit (parent rate)? I have to split 1040 kbit for 700 users and HTB manual advices a) that children rates should sum up to parent rate b) that the rate should not be less than 4kbit I expect that I should go by the b) rule, as used rates will never sum up over 1040kbit (there will never be 700 users using this link at the same time). Am I right? Szymon Miotk _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 28 April 2003 10:45, Szymon Miotk wrote:> Enric Ramos Mas wrote: > > I have implemented a traffic control / advanced router server using > > iproute2 and tc (using htb). For all my outgoing tc policies, all > > it''s ok (all the traffic goes out using eth0, and therefore I''m able > > to catch it using the corresponfing tc filter). > > > > However, the incoming traffic has to be treated in eth1, which has > > several virtual ifaces (eth1:0, eth1:1, eth1:2 and so on). > > Even I have introduced all the tc rules correctly, the kernel is not > > matching any filter rule and there is no way to match any destination > > into any queue discipline. > > > > Anyone knows some way to implement that ? > > I''m also very interested about this question as I have similiar link > configuration. > One question about classes on eth0: do leaf rates (1:10 - 1:??) sum up > to 3256kbit (parent rate)? > I have to split 1040 kbit for 700 users and HTB manual advices > a) that children rates should sum up to parent rate > b) that the rate should not be less than 4kbitThis is the first time I hear about this rule. You can have a problem with quantum if you have a low rate. But you can overrule quantum when you add a htb class (rule : quantum > MTU).> I expect that I should go by the b) rule, as used rates will never sum > up over 1040kbit (there will never be 700 users using this link at the > same time). > Am I right?Yes. The problem is that the parent rate is not respected. So if each class is sending, it will exceed the parent rate. This can be "bad" because you send more data then your router/modem can handle so it''s possible that you your shaping will not be that perfect. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello Szymon,>> However, the incoming traffic has to be treated in eth1, which has >> several virtual ifaces (eth1:0, eth1:1, eth1:2 and so on). >> Even I have introduced all the tc rules correctly, the kernel is notYou can''t create a htb qdisc for the incoming bandwidth. A way to implement it, is using a virtual imq device, or use a ingress qdisc (not classful). Fabian _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/