I''m investigating other approaches to managing the very little, extremely over-used pipe we have feeding the residences of our small campus. Previously, I simply allotted them 2Mbit (there are about 100 users, some full-time users, most not), and did a number of prioritizations to improve responsiveness. I used HTB and attached ESFQ qdiscs to evenly distribute bandwidth based on IP, rather than per-session. This worked quite well until recently, where the number of users has increased and demand has gone up. One of the goals is that heavy users (basically p2p users) shouldn''t be able to ruin it for the others. The average user should never have to sit and wait for 5 seconds while google loads, or get 4000ms pings to an upstream router. One of the approaches I''m fiddling with now is creating a separate class for each IP, guaranteeing them a small portion of bandwidth, to at least keep their latency down. I''ve also introduced weekly quotas, and am significantly penalizing users who go over their quota (such as rate-limiting them to 5KB/s). It''s awfully harsh, but the proper solution (buying more bandwidth) is not my call, and so I have to make this 2Mbit work for now. Rather than rate-limiting each over-quota user to 5KB/s, I''ve been considering creating a separate, larger class, and just tossing each of the over-quota users in it to fight for the bandwidth in that class. However, the ceil for this class should depend on the number of users in it, because I must assume that each user in the class will try to use all of the allowed bandwidth in that class at all times. So what I''d like to do is provide a ceil in the HTB class that is computed based on the number of users in the class. I''ve rolled my own scripts that monitors usage of each user via iptables, so I could update those scripts to change the ceil each time a new user is added (tc class change dev ...), but I was wondering if there was a more elegant way of doing this -- that is, does HTB somehow support dynamic ceilings based on the number of users (IPs) it sees in that class? Another problem I''m having is that I can''t seem to find the right syntax for removing filters. Can anyone help with that? The most obvious doesn''t seem the work: [root@hawk ipacct]# tc filter add dev $ETH_RES protocol ip parent 2: u32 match ip dst 10.0.0.100/32 flowid 2:10 [root@hawk ipacct]# tc filter del dev $ETH_RES protocol ip parent 2: u32 match ip dst 10.0.0.100/32 flowid 2:10 RTNETLINK answers: No such file or directory Thanks much, Jason. -- Jason Tackaberry :: tack@auc.ca :: 705-949-2301 x330 Academic Computing Support Specialist Information Technology Services Algoma University College :: www.auc.ca _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
miller69@gmx.net
2004-Feb-06 16:44 UTC
Re: Dynamically changing ceil (and removing filters)
> One of the goals is that heavy users (basically p2p users) shouldn''t be > able to ruin it for the others. The average user should never have to > sit and wait for 5 seconds while google loads, or get 4000ms pings to an > upstream router.Well, again someone struggeling p2p and it''s side effects. What about not letting P2P users download anymore? There is a netfilter extension called IPP2P ( http://rnvs.informatik.uni-leipzig.de/ipp2p/ ) that can be used to drop certain P2P packets thus making down- and uploads of the supported p2p-networks almost impossible: iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p --bit --apple -j DROP If this would be an option to you give it a try and come back to me with the results. We ran such a system for about 6 weeks at a university link and found it beeing pretty stable. If you don''t want to recompile the kernel and iptables grab the source code do a make and copy the modules to the appropriate place. Look at the documentation section at the webpage and the README included in source tarball. Hope that helps. Regards, Mike -- GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...) jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
<arek@chelmnet.pl>
2004-Feb-06 22:23 UTC
RE: Dynamically changing ceil (and removing filters)
> Previously, I simply allotted them 2Mbit (there are about 100 users, > some full-time users, most not), and did a number of prioritizations to > improve responsiveness. I used HTB and attached ESFQ qdiscs to evenly > distribute bandwidth based on IP, rather than per-session. This worked > quite well until recently, where the number of users has increased and > demand has gone up.I solved that problem by measuring all clients, and give them optional average individual bandwidth. The bandwidth is calculated between different part of day /eg. 8-16, 16-24, 24-8 / and is increased or decreased by individual algorithm for each user too. All the work with network-coordination, user-problem-reporting, managing-and-controll, devices-location-access-controll, dhcp-dns-etc, /somehow CRM for ISP / does my application called SuperEdit. It works in company with 3000 PC''s over LAN''s . you can read about it /sorry for large .jpgs/ at http://nsm.pl/~arek/superedit . I have a version of that in english. Access is via www and/or with telnet/ssh - together/the_same_options http://nsm.pl/~arek/superedit/superedit-software-10.jpg - you see brief list of user with problems http://nsm.pl/~arek/superedit/superedit-users2-widok-abonenta-i-szafki-2003 -12.jpg - you see some of user fields, which we can edit, you see traffic report collected for that user from network. You see that we set there external ports, external IP addresses. Linux router can be anywhere, he is learning of that DB via special written by me bash Agent. Browse this site /download images/ then you can learn a lot. I can share my project in special cases. It is tested, and working / i organized a medium copany on it/ They have only this programm and billing program /which i intend to swap him soon too/ Arkadiusz Binder _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 06 February 2004 16:36, Jason Tackaberry wrote:> I''m investigating other approaches to managing the very little, > extremely over-used pipe we have feeding the residences of our small > campus.What wbout wrr qdisc: http://wipl-wrr.sourceforge.net/ The more you download, the slower it goes. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/