Hi
I''m looking for a quick recipe for a newbie to control http traffic in
my linux gw. My internet is overloaded already and vpn external clients
are experiencing troubles (disconnecting in peak hours).
Any suggestions ?
Regards
Guillermo
Caracas/Venezuela
On Thu, 2004-05-06 at 14:40, lartc-request@mailman.ds9a.nl
wrote:> Send LARTC mailing list submissions to
> lartc@mailman.ds9a.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.ds9a.nl/mailman/listinfo/lartc
> or, via email, send a message with subject or body ''help''
to
> lartc-request@mailman.ds9a.nl
>
> You can reach the person managing the list at
> lartc-admin@mailman.ds9a.nl
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of LARTC digest..."
>
>
> Today''s Topics:
>
> 1. Re: [Fwd: Re: [LARTC] Simple HTB setup with tcng]
(lartc@manchotnetworks.net)
> 2. tcng ingress policing question (Simon Oosthoek)
> 3. imap problems (Lars Oeschey)
> 4. Re: imap problems (Jason Boxman)
> 5. Fax Message Received (Devik)
>
> --__--__--
>
> Message: 1
> Subject: Re: [Fwd: Re: [LARTC] Simple HTB setup with tcng]
> From: "lartc@manchotnetworks.net"
<lartc@manchotnetworks.net>
> To: Clement MOREAU <clement.moreau@inventel.fr>
> Cc: LARTC Mailing List <lartc@mailman.ds9a.nl>
> Date: Wed, 05 May 2004 18:27:40 +0200
>
> hi clemment,
>
> On Wed, 2004-05-05 at 13:54, Clement MOREAU wrote:
> > Thank you for your help.
> >
> > It generates this script :
> >
> >
> >
> > tc qdisc add dev eth0 handle 1:0 root htb default 2
> -----------------------------------^^^^-^^^
>
> > tc class add dev eth0 parent 1:0 classid 1:1 htb rate 75000bps ceil \
> > 75000bps
> > tc class add dev eth0 parent 1:0 classid 1:2 htb rate 125000bps
> > tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u32 \
> > 0xa000001 0xffffffff at 12 classid 1:1
> >
> >
> > But I thought it was necessary to have a "root" htb class on
the top of
> > the hierarchy to get it working as expected. Is that true ?
> yes and it does -- all packets matching the u32 filter (in this case
10.0.0.1) will go to the 1:1 class and be limited to the 75 kilobytes per
second.
>
> cheers
>
> charles
>
>
> --__--__--
>
> Message: 2
> Date: Thu, 06 May 2004 16:16:04 +0200
> From: Simon Oosthoek <simon.oosthoek@ti-wmc.nl>
> Organization: WMC
> To: lartc@mailman.ds9a.nl
> Subject: [LARTC] tcng ingress policing question
>
> Hi all
>
> I started playing with tcng to generate my tc rules, but I have some
> difficulty implementing my rules...
>
> The script below generates an error:
> # Device eth0
>
> tc qdisc add dev eth0 ingress
> beginner.tc:2: don''t know how to build meter for this
>
>
> The script is below, I changed the real IP numbers for XXs and YYs,
> since it doesn''t really matter what they are. eth0 is the external
interface
>
> The intention is to limit the rate in most cases to 1 Mbit/s, the linux
> distr. mirror''s may cause a bit more and within the ISP
we''re not
> charged with higher rates than we agreed on.
>
> Anyone know why tcc can''t do this, or is it something I should be
doing
> in the egress part?
> (I''d prefer not to, since I have more than 2 interfaces...)
>
> TIA
>
> Simon
>
> PS, the other interfaces don''t have any queues, since this would
be
> handled by the ingress policing in this way.
> =============================> script:
> =============================>
> dev eth0 {
> ingress {
> $police_isp = SLB( cbs 100kB, cir 50000 kbps );
> $police_mirror = SLB( cbs 20kB, cir 2000 kbps );
> $police_other = SLB( cbs 10kB, cir 1000 kbps );
>
> class(<>) if (ip_src == XXX.XXX.XXX.XXX || /* external host */
> ip_src == YYY.YYY.YYY.YYY ) && /* backup
traffic */
> SLB_ok($police_isp);
> class(<>) if ( ip_src == host("host.mirror.one") ||
> ip_src == host("host.mirror.two") )
&&
> SLB_ok($police_mirror);
> class(<>) if SLB_ok($police_other);
> }
>
> egress {
> class(<$isp>) if ip_src == XXX.XXX.XXX.XXX /* external host */
> if ip_src == YYY.YYY.YYY.YYY; /* backup traffic */
> class(<$other>) if 1;
>
> htb () {
> class ( rate 100000 kbps ) {
>
> $isp = class ( prio 2, rate 50000 kbps )
> { sfq ( perturb 5 sec ); };
>
> $other = class ( prio 1, rate 1000 kbps )
> { sfq ( perturb 10 sec ); };
>
> }
> }
> }
> }
>
> dev eth3 {
> ingress {
> $policer = SLB( cbs 10kB, cir 500 kbps );
> class ( <> ) if SLB_ok( $policer );
> drop if 1;
> }
> egress {
> }
> }
>
>
> --__--__--
>
> Message: 3
> From: "Lars Oeschey" <oeschey@web.de>
> To: <lartc@mailman.ds9a.nl>
> Date: Thu, 6 May 2004 17:15:24 +0200
> Subject: [LARTC] imap problems
>
> Hi,
>
> I''m really new to traffic shaping and try to implement the
wshaper.htb
> script.
> I have a linux box that serves as vdr, mldonkey, samba, apache and
> mailserver (imap), connected to my LAN with 100mbit. I''m connected
to
> the inet via adsl with a hardware router/firewall, got 384k downlink 64k
> uplink. When I have mldonkey running, imap (via Outlook) gets *very*
> slow (mails with attachments take 5-10mins to show), and even ssh to the
> linux-box gets sluggish. I tried to put imap into the wshaper script,
> did I do something wrong?
>
> Here''s the script:
>
> ----------------snip-------------------------
>
> #!/bin/bash
> # Wonder Shaper
> # please read the README before filling out these values
> #
> # Set the following values to somewhat less than your actual download
> # and uplink speed. In kilobits. Also set the device that is to be
> shaped.
>
> DOWNLINK=300
> UPLINK=50
> DEV=eth0
>
> # low priority OUTGOING traffic - you can leave this blank if you want
> # low priority source netmasks
> NOPRIOHOSTSRC>
> # low priority destination netmasks
> NOPRIOHOSTDST>
> # low priority source ports
> NOPRIOPORTSRC="4661 4662 4665 4881 4882"
>
> # low priority destination ports
> NOPRIOPORTDST="4661 4662 4665 4881 4882"
>
>
> # Now remove the following two lines :-)
>
> #echo Please read the documentation in ''README'' first
> #exit
>
> if [ "$1" = "status" ]
> then
> tc -s qdisc ls dev $DEV
> tc -s class ls dev $DEV
> exit
> fi
>
>
> # clean existing down- and uplink qdiscs, hide errors
> tc qdisc del dev $DEV root 2> /dev/null > /dev/null
> tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
>
> if [ "$1" = "stop" ]
> then
> exit
> fi
>
>
> ###### uplink
>
> # install root HTB, point default traffic to 1:20:
>
> tc qdisc add dev $DEV root handle 1: htb default 20
>
> # shape everything at $UPLINK speed - this prevents huge queues in your
> # DSL modem which destroy latency:
>
> tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst
> 6k
>
> # high prio class 1:10:
>
> tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
> burst 6k prio 1
>
> # bulk & default class 1:20 - gets slightly less traffic,
> # and a lower priority:
>
> tc class add dev $DEV parent 1:1 classid 1:20 htb rate
> $[9*$UPLINK/10]kbit \
> burst 6k prio 2
>
> tc class add dev $DEV parent 1:1 classid 1:30 htb rate
> $[8*$UPLINK/10]kbit \
> burst 6k prio 2
>
> # all get Stochastic Fairness:
> tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
> tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
>
> # TOS Minimum Delay (ssh, NOT scp) in 1:10:
>
> tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
> match ip tos 0x10 0xff flowid 1:10
>
> # ICMP (ip protocol 1) in the interactive class 1:10 so we
> # can do measurements & impress our friends:
> tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
> match ip protocol 1 0xff flowid 1:10
>
> # To speed up downloads while an upload is going on, put ACK packets in
> # the interactive class:
>
> tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
> match ip protocol 6 0xff \
> match u8 0x05 0x0f at 0 \
> match u16 0x0000 0xffc0 at 2 \
> match u8 0x10 0xff at 33 \
> flowid 1:10
>
> # Neues von Lars
>
> tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
> match ip dport 143 0xffff flowid 1:10
>
> tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
> match ip sport 143 0xffff flowid 1:10
>
> tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
> match ip dport 3128 0xffff flowid 1:10
>
> tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
> match ip sport 3128 0xffff flowid 1:10
>
> tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
> match ip dport 80 0xffff flowid 1:10
>
> tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
> match ip sport 80 0xffff flowid 1:10
>
> # rest is ''non-interactive'' ie ''bulk''
and ends up in 1:20
>
> # some traffic however suffers a worse fate
> for a in $NOPRIOPORTDST
> do
> tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
> match ip dport $a 0xffff flowid 1:30
> done
>
> for a in $NOPRIOPORTSRC
> do
> tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \
> match ip sport $a 0xffff flowid 1:30
> done
>
> for a in $NOPRIOHOSTSRC
> do
> tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
> match ip src $a flowid 1:30
> done
>
> for a in $NOPRIOHOSTDST
> do
> tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \
> match ip dst $a flowid 1:30
> done
>
> # rest is ''non-interactive'' ie ''bulk''
and ends up in 1:20
>
> tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
> match ip dst 0.0.0.0/0 flowid 1:20
>
>
> ########## downlink #############
> # slow downloads down to somewhat less than the real speed to prevent
> # queuing at our ISP. Tune to see how high you can set it.
> # ISPs tend to have *huge* queues to make sure big downloads are fast
> #
> # attach ingress policer:
>
> tc qdisc add dev $DEV handle ffff: ingress
>
> # filter *everything* to it (0.0.0.0/0), drop everything that''s
> # coming in too fast:
>
> tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src
> \
> 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
> ---------------------------snip-----------------------------------------
> ----
>
> --
> visit The C.O.R.E. http://www.the-core.net
>
>
> --__--__--
>
> Message: 4
> From: Jason Boxman <jasonb@edseek.com>
> Reply-To: jasonb@edseek.com
> Organization: The Vortex
> To: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] imap problems
> Date: Thu, 6 May 2004 12:27:20 -0400
>
> On Thursday 06 May 2004 11:15, Lars Oeschey wrote:
> > Hi,
> >
> > I''m really new to traffic shaping and try to implement the
wshaper.htb
> > script.
> > I have a linux box that serves as vdr, mldonkey, samba, apache and
> > mailserver (imap), connected to my LAN with 100mbit. I''m
connected to
> > the inet via adsl with a hardware router/firewall, got 384k downlink
64k
> > uplink. When I have mldonkey running, imap (via Outlook) gets *very*
> > slow (mails with attachments take 5-10mins to show), and even ssh to
the
> > linux-box gets sluggish. I tried to put imap into the wshaper script,
> > did I do something wrong?
>
> Something I''ve found with mldonkey, if you''re running
with Overnet enabled, is
> it likes to use tons of ports, so simply specifying 4662 for the Edonkey
> network itself won''t catch any of your Overnet traffic.
I''m looking into
> using IPP2P to resolve this.
>
> <snip>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
