LARTC - Mar 2004 - how do you rate limit routable traffic without rate limiting LAN protocols like arps and igmp?

I''m rate limiting and prioritizing traffic upstream of a slow wan link
using htb, classic wonder shaper type stuff. I''m using the following
command for traffic that does not match any of my defined filters:

tc qdisc add dev eth0 root handle 1: htb default 50

It appears that local, non-routable traffic like arps and igmp are being
snared by this and end-up queued in the lowest priorty queue. I was
surprised that non-IP traffic would be effected by IP traffic control.
How do I prevent this local, non-routable traffic from being queued?
Since it''s local, I just want it to go at line rate. I know if I remove
the default parameter, traffic not matching any filter is sent over the
root queue, but I need to have a defined default.

All the literature I''ve seen only covers tc filters dealing with the
protocol IP. I''ve tried to filter on the arp protocol (I read this
works, but not for me), got error messages:

I''ve tried to using u32 matches with negative offsets, but no luck.
Sorta relieved that it didn''t work, cause it seemed liked a hack.

Mike

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi Michael,
> It appears that local, non-routable traffic like arps and igmp are being
> snared by this and end-up queued in the lowest priorty queue. I was
> surprised that non-IP traffic would be effected by IP traffic control.
How are you determining this?
> All the literature I''ve seen only covers tc filters dealing with
the
> protocol IP. I''ve tried to filter on the arp protocol (I read this
> works, but not for me), got error messages:
Yes, linux QoS can''t shape sub-IP ARP packets.
See the thread "[LARTC] tc filter protocol arp question"
from January this year:
http://mailman.ds9a.nl/pipermail/lartc/2004q1/thread.html


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi Damion,
>Hi Michael,
>> It appears that local, non-routable traffic like arps and igmp are 
>> being snared by this and end-up queued in the lowest priorty queue. I
>> was surprised that non-IP traffic would be effected by IP traffic 
>> control.
>How are you determining this?
I restarted the queues to clear the counts and then ping''ed an 
unused IP address on the local subnet and counted the unanswered arp 
requests using tcpdump. I then used tc to show the queue counts and saw 
the respective counts in the default queue. I changed the default queue
and 
perform the test again and saw the count appear in the new default
queue.

I''m pretty sure the counts in the default queue were arp requests.
>> All the literature I''ve seen only covers tc filters dealing
with the
>> protocol IP. I''ve tried to filter on the arp protocol (I read
this
>> works, but not for me), got error messages:
>Yes, linux QoS can''t shape sub-IP ARP packets.
>See the thread "[LARTC] tc filter protocol arp question"
>from January this year:
http://mailman.ds9a.nl/pipermail/lartc/2004q1/thread.html

I saw this thread and had the same problem, but I also came across this
link:
http://www.docum.org/stef.coene/qos/faq/cache/63.html from
stef.coene@docum.org. It says:
"Simple, just use protocol arp in your filters." But it
wasn''t so
simple. 
I''m really having the opposite problem. I''m trying not to
shape arps.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Michael A. D''Annunzio wrote:
> I know if I remove the default parameter, traffic not matching
> any filter is sent over the root queue, but I need to have a defined
> default.
Define the default for whatever you wish to have as the default class
for non-ip traffic and then filter _all_ ip traffic into a certain
class, eg:

  tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
     match ip dst 0.0.0.0/0 flowid 1:20

Or, even more modularily, use the MARK target at the end of your
iptables ruleset after all other markings:

  iptables -t mangle -A POST_ROUTING -m mark --mark 0 -j MARK --set-mark 3
  iptables -t mangle -A OUTPUT -m mark --mark 0 -j MARK --set-mark 3

And then just setup your tc to match the marks to classes:

  tc filter add dev $DEV parent 1: protocol ip prio 10 \
      handle 3 fw \
      flowid 1:30

Or a variety of other solutions.

I am not sure if this will solve your problem exactly, though - since
having problems with ARP traffic and so seems really odd.

-- Naked


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/