D''Annunzio, Michael A
2004-Mar-02 02:29 UTC
how do you rate limit routable traffic without rate limiting LAN protocols like arps and igmp?
I''m rate limiting and prioritizing traffic upstream of a slow wan link using htb, classic wonder shaper type stuff. I''m using the following command for traffic that does not match any of my defined filters: tc qdisc add dev eth0 root handle 1: htb default 50 It appears that local, non-routable traffic like arps and igmp are being snared by this and end-up queued in the lowest priorty queue. I was surprised that non-IP traffic would be effected by IP traffic control. How do I prevent this local, non-routable traffic from being queued? Since it''s local, I just want it to go at line rate. I know if I remove the default parameter, traffic not matching any filter is sent over the root queue, but I need to have a defined default. All the literature I''ve seen only covers tc filters dealing with the protocol IP. I''ve tried to filter on the arp protocol (I read this works, but not for me), got error messages: I''ve tried to using u32 matches with negative offsets, but no luck. Sorta relieved that it didn''t work, cause it seemed liked a hack. Mike _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Damion de Soto
2004-Mar-02 02:59 UTC
Re: how do you rate limit routable traffic without rate limiting LAN protocols like arps and igmp?
Hi Michael,> It appears that local, non-routable traffic like arps and igmp are being > snared by this and end-up queued in the lowest priorty queue. I was > surprised that non-IP traffic would be effected by IP traffic control.How are you determining this?> All the literature I''ve seen only covers tc filters dealing with the > protocol IP. I''ve tried to filter on the arp protocol (I read this > works, but not for me), got error messages:Yes, linux QoS can''t shape sub-IP ARP packets. See the thread "[LARTC] tc filter protocol arp question" from January this year: http://mailman.ds9a.nl/pipermail/lartc/2004q1/thread.html -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
D''Annunzio, Michael A
2004-Mar-02 05:48 UTC
RE: how do you rate limit routable traffic without rate limiting LAN protocols like arps and igmp?
Hi Damion,>Hi Michael,>> It appears that local, non-routable traffic like arps and igmp are >> being snared by this and end-up queued in the lowest priorty queue. I>> was surprised that non-IP traffic would be effected by IP traffic >> control. >How are you determining this?I restarted the queues to clear the counts and then ping''ed an unused IP address on the local subnet and counted the unanswered arp requests using tcpdump. I then used tc to show the queue counts and saw the respective counts in the default queue. I changed the default queue and perform the test again and saw the count appear in the new default queue. I''m pretty sure the counts in the default queue were arp requests.>> All the literature I''ve seen only covers tc filters dealing with the >> protocol IP. I''ve tried to filter on the arp protocol (I read this >> works, but not for me), got error messages:>Yes, linux QoS can''t shape sub-IP ARP packets. >See the thread "[LARTC] tc filter protocol arp question" >from January this year:http://mailman.ds9a.nl/pipermail/lartc/2004q1/thread.html I saw this thread and had the same problem, but I also came across this link: http://www.docum.org/stef.coene/qos/faq/cache/63.html from stef.coene@docum.org. It says: "Simple, just use protocol arp in your filters." But it wasn''t so simple. I''m really having the opposite problem. I''m trying not to shape arps. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Nuutti Kotivuori
2004-Mar-02 09:58 UTC
Re: how do you rate limit routable traffic without rate limiting LAN protocols like arps and igmp?
Michael A. D''Annunzio wrote:> I know if I remove the default parameter, traffic not matching > any filter is sent over the root queue, but I need to have a defined > default.Define the default for whatever you wish to have as the default class for non-ip traffic and then filter _all_ ip traffic into a certain class, eg: tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \ match ip dst 0.0.0.0/0 flowid 1:20 Or, even more modularily, use the MARK target at the end of your iptables ruleset after all other markings: iptables -t mangle -A POST_ROUTING -m mark --mark 0 -j MARK --set-mark 3 iptables -t mangle -A OUTPUT -m mark --mark 0 -j MARK --set-mark 3 And then just setup your tc to match the marks to classes: tc filter add dev $DEV parent 1: protocol ip prio 10 \ handle 3 fw \ flowid 1:30 Or a variety of other solutions. I am not sure if this will solve your problem exactly, though - since having problems with ARP traffic and so seems really odd. -- Naked _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/