Hey A wise man said to me that Hashing filters was my solution to rock the world, and making my life alot easier. When applying 4000 rules, the system had to check them all for match. But with hassing it would only require 1-2 checks. Even though when i had read the lartc on the subject i was no less that a question mark. If anyone have played with it, and have a working, logic configuration and can tell me how it works and why i would be greatly grateful. Regards Matias Bjørling _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I have set this up using the information in http://lartc.org/howto/lartc.adv-filter.hashing.html and it works perfectly.How you design your rules depends on how you want to filter, so it is a bit difficult to supply you with a better example. Do you wish to filter per IP address? If so, I can help you: # add htb as root queueing discipline for device. This is done once tc qdisc add dev eth0 root handle 1: htb # add a class with a 100Mbit rate. This is a ''transit'' class, it does # not do any shaping, you will see down below why we need it. tc class add dev eth0 parent 1: classid 1:2 htb rate 100MBit ceil 100MBit burst 0Kbit # I create a hash table with 256 slots, call it 2: and attach it to 1:2 # which is my ''transit'' class above tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256 # Classify packets matching 192.168.4.0/24 using the last byte of the # IP address as index into the hash tc filter add dev eth0 protocol ip parent 1: u32 match ip src 192.168.4.0/24 hashkey mask 0x000000ff at 12 link 2: # The bit below happens for each distinct traffic class. Multiple IP # addresses can map into the same end class, but you can have one class # per IP address. In the example, 192.168.4.100 gets sent to a class # that shapes it down to 64Kbit. The class has it''s own htb qdisc, but # The experts may know better here # add class for network 192.168.4.100/32 tc class add dev eth0 parent 1:2 classid 1:3 htb rate 64Kbit ceil 64Kbit burst 0Kbit # Filters to allocate packets for 192.168.4.100/32 # Now this is the trickier bit. I only map one IP into class 1:3, and # here is where. I attach a filter to hash table 2 slot 0x64 to map to # class 1:3. NOTE: 64 is hex, means 100 decimal which matches IP .100 tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:64: match ip src 192.168.4.100 flowid 1:3 # you can repeat the last statement 254 times for the different IPs in # the class C. Example: IP 1 tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:1 match ip src 192.168.4.1 flowid 1:3 This is not perfect, and the average number of evaluations is n/2 + 1 where n is the number of class C networks. So on 4000 addresses you are looking at 16/2 + 1 = approx 9 evaluations vs n/2 = 2000 on your current setup (4000 = 16 class C) Gideon On Wed, 2003-05-14 at 01:17, Matias Bjørling wrote:> Hey > > A wise man said to me that Hashing filters was my solution to rock the > world, and making my life alot easier. When applying 4000 rules, the system > had to check them all for match. But with hassing it would only require 1-2 > checks. > > Even though when i had read the lartc on the subject i was no less that a > question mark. > > If anyone have played with it, and have a working, logic configuration and > can tell me how it works and why i would be greatly grateful. > > Regards > > Matias Bjørling_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hey :) I have a few questions if you have a min :)
----- Original Message -----
From: "Gideon le Grange" <gideon@adept.co.za>
To: "Matias Bjørling" <mb@nerdit.dk>
Cc: <lartc@mailman.ds9a.nl>
Sent: Wednesday, May 14, 2003 8:05 AM
Subject: Re: [LARTC] Hashing filters
I have set this up using the information in
http://lartc.org/howto/lartc.adv-filter.hashing.html and it works
perfectly.How you design your rules depends on how you want to filter,
so it is a bit difficult to supply you with a better example. Do you
wish to filter per IP address? If so, I can help you:
# add htb as root queueing discipline for device. This is done once
tc qdisc add dev eth0 root handle 1: htb
# add a class with a 100Mbit rate. This is a ''transit'' class,
it does
# not do any shaping, you will see down below why we need it.
tc class add dev eth0 parent 1: classid 1:2 htb rate 100MBit ceil
100MBit burst 0Kbit
# I create a hash table with 256 slots, call it 2: and attach it to 1:2
# which is my ''transit'' class above
tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256
# Classify packets matching 192.168.4.0/24 using the last byte of the
# IP address as index into the hash
tc filter add dev eth0 protocol ip parent 1: u32 match ip src
192.168.4.0/24 hashkey mask 0x000000ff at 12 link 2:
Do i need to specify one for every subnet im going to do?
Like 10.0.1.0, 10.0.2.0 and so on ? :)
# The bit below happens for each distinct traffic class. Multiple IP
# addresses can map into the same end class, but you can have one class
# per IP address. In the example, 192.168.4.100 gets sent to a class
# that shapes it down to 64Kbit. The class has it''s own htb qdisc, but
# The experts may know better here
# add class for network 192.168.4.100/32
tc class add dev eth0 parent 1:2 classid 1:3 htb rate 64Kbit ceil
64Kbit burst 0Kbit
Do i need to add a class for every host on one of the subnets?
# Filters to allocate packets for 192.168.4.100/32
# Now this is the trickier bit. I only map one IP into class 1:3, and
# here is where. I attach a filter to hash table 2 slot 0x64 to map to
# class 1:3. NOTE: 64 is hex, means 100 decimal which matches IP .100
tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:64: match ip src
192.168.4.100 flowid 1:3
When i have made 254 lines of thoes, then every "host" have
64kbit
each they can use until the root bandwidth have been used?, am i
right?
Why is it then that i only need one class of 192.168.4.100?, and not
for all the other hosts?
This is not perfect, and the average number of evaluations is n/2 + 1
where n is the number of class C networks. So on 4000 addresses you are
looking at 16/2 + 1 = approx 9 evaluations vs n/2 = 2000 on your current
setup (4000 = 16 class C)
Gideon
Thank you for your time :)
On Wed, 2003-05-14 at 01:17, Matias Bjørling wrote:> Hey
>
> A wise man said to me that Hashing filters was my solution to rock the
> world, and making my life alot easier. When applying 4000 rules, the
system> had to check them all for match. But with hassing it would only require
1-2> checks.
>
> Even though when i had read the lartc on the subject i was no less that a
> question mark.
>
> If anyone have played with it, and have a working, logic configuration and
> can tell me how it works and why i would be greatly grateful.
>
> Regards
>
> Matias Bjørling
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hey Can anybody tell me what i''m doing wrong, im getting crasy of this hashing filters, and the doc at lartc is too unexplained for me. Can''t get it to work # tc qdisc del dev eth0 root > /dev/null # tc qdisc add dev eth0 root handle 1: htb # tc class add dev eth0 parent 1: classid 1:2 htb rate 100MBit ceil 100MBit # tc filter add dev eth0 parent 1:2 prio 5 protocol ip u32 # tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256 // Adding a divisor # tc class add dev eth0 parent 1:2 classid 1:10 htb rate 512kbit ceil 512kbit burst 0k # tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:1: match ip src 10.0.0.1 flowid 1:10 # tc class add dev eth0 parent 1:2 classid 1:11 htb rate 512kbit ceil 512kbit burst 0k # tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:2: match ip src 10.0.0.2 flowid 1:11 # tc class add dev eth0 parent 1:2 classid 1:13 htb rate 512kbit ceil 512kbit burst 0k # tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:4: match ip src 10.0.0.4 flowid 1:13 # tc class add dev eth0 parent 1:2 classid 1:15 htb rate 512kbit ceil 512kbit burst 0k # tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:6: match ip src 10.0.0.6 flowid 1:15 // Making Hashing Filtering for Network 10.0.0.0/16 # tc filter add dev eth0 protocol ip parent 1:2 prio 5 u32 ht 800:: match ip src 10.0.0.0/16 hashkey mask 0x000000ff at 12 link 2: I know i have to set # tc filter add dev eth1 parent 1: protocol ip prio 100 match ip src 10.0.02 classid 1:2 between the class and filter where i point to the src ip. But it wont accept the config. telling me that Unknown filter "match", hence option "ip" is unparsable It''s breaking my neck soon am i''m going crazy :) If any have a working script with more than 256 hosts, i would greatly appreciate it :) Thank You Regards Matias Bjørling