LARTC - May 2004 - Newbie STILL trying to limit bandwidth - is this script wrong?

My previous message 
(http://mailman.ds9a.nl/pipermail/lartc/2004q2/012285.html) didn''t
generate
any replies, so I thought I''d try posting what I''ve done
trying to solve my
own problem, in hopes that someone will take pity and show me if/where
I''m
going wrong.

Just to recap, I''m trying to accomplish this on my server, which
streams
RealAudio files and allows HTTP downloads of large files.

1) SSH connections (port 22) (i.e. me connecting remotely) should get all 
the bandwidth they can consume (highest priority).

2) RealAudio streaming clients (port 554) should get all the bandwidth left 
after #1 that they can consume.

3) Web downloaders (port 80) should get all the bandwidth left after #1 and 
#2 that they can consume (lowest priority).

I''ve tried adapting an existing tcng script into this:
---------------------------------------------------------------------
#include "fields.tc"
#include "ports.tc"

#define INTERFACE  eth0

dev INTERFACE {
    egress {

        class ( <$ssh> ) if tcp_sport == 22 ;
        class ( <$audio> ) if tcp_sport == 554 || tcp_sport == 7070 ;
        class ( <$web> ) if tcp_sport == 80 ;
        class ( <$other> ) if 1 ;

        htb () {
            class ( rate 600kbps, ceil 600kbps ) {
                $ssh = class ( rate  64kbps, ceil 128kbps ) { sfq; } ;
                $audio = class ( rate 128kbps, ceil 128kbps ) { sfq; } ;
                $web = class ( rate 256kbps, ceil 512kbps ) { sfq; } ;
                $other = class ( rate 128kbps, ceil 384kbps ) { sfq; } ;
            }
        }
    }
}
---------------------------------------------------------------------
which creates the follow tc commands:
---------------------------------------------------------------------

tc qdisc add dev eth0 handle 1:0 root dsmark indices 8 default_index 0
tc qdisc add dev eth0 handle 2:0 parent 1:0 htb
tc class add dev eth0 parent 2:0 classid 2:1 htb rate 75000bps ceil 75000bps
tc class add dev eth0 parent 2:1 classid 2:2 htb rate 8000bps ceil 16000bps
tc qdisc add dev eth0 handle 3:0 parent 2:2 sfq
tc class add dev eth0 parent 2:1 classid 2:3 htb rate 16000bps ceil 16000bps
tc qdisc add dev eth0 handle 4:0 parent 2:3 sfq
tc class add dev eth0 parent 2:1 classid 2:4 htb rate 32000bps ceil 64000bps
tc qdisc add dev eth0 handle 5:0 parent 2:4 sfq
tc class add dev eth0 parent 2:1 classid 2:5 htb rate 16000bps ceil 48000bps
tc qdisc add dev eth0 handle 6:0 parent 2:5 sfq
tc filter add dev eth0 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift 
0
tc filter add dev eth0 parent 2:0 protocol all prio 1 handle 4 tcindex 
classid 2:5
tc filter add dev eth0 parent 2:0 protocol all prio 1 handle 3 tcindex 
classid 2:4
tc filter add dev eth0 parent 2:0 protocol all prio 1 handle 2 tcindex 
classid 2:3
tc filter add dev eth0 parent 2:0 protocol all prio 1 handle 1 tcindex 
classid 2:2
tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 1:0:0 u32 
divisor 1
tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff 
at 9 offset at 0 mask 0f00 shift 6 eat link 1:0:0
tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 1:0:1 u32 ht 
1:0:0 match u16 0x16 0xffff at 0 classid 1:1
tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 2:0:0 u32 
divisor 1
tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff 
at 9 offset at 0 mask 0f00 shift 6 eat link 2:0:0
tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 2:0:1 u32 ht 
2:0:0 match u16 0x22a 0xffff at 0 classid 1:2
tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 3:0:0 u32 
divisor 1
tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff 
at 9 offset at 0 mask 0f00 shift 6 eat link 3:0:0
tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 3:0:1 u32 ht 
3:0:0 match u16 0x1b9e 0xffff at 0 classid 1:2
tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 4:0:0 u32 
divisor 1
tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff 
at 9 offset at 0 mask 0f00 shift 6 eat link 4:0:0
tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 4:0:1 u32 ht 
4:0:0 match u16 0x50 0xffff at 0 classid 1:3
tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 
at 0 classid 1:4

I''ve tried loading them into tc, but I''m not really sure if
it''s working or
not.  The only way I could think to test it was to get a friend (in another 
state) to trying download 3 files via HTTP, which would normally cause my 
SSH sessions to slow to a crawl.  The 3 downloads started, and it still 
seemed like the latency in my SSH sessions was high (i.e. it didn''t
appear
that they had any priority over the HTTP downloads).

So am I totally on the wrong track here?  Or am I on the right track but 
just needing some tweaks to my script?

Thanks to anyone who can help - I need it!

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE 
download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Monday 24 May 2004 18:37, George Adams wrote:
> My previous message
> (http://mailman.ds9a.nl/pipermail/lartc/2004q2/012285.html) didn''t
generate
> any replies, so I thought I''d try posting what I''ve done
trying to solve my
> own problem, in hopes that someone will take pity and show me if/where
I''m
> going wrong.
>
> Just to recap, I''m trying to accomplish this on my server, which
streams
> RealAudio files and allows HTTP downloads of large files.
>
> 1) SSH connections (port 22) (i.e. me connecting remotely) should get all
> the bandwidth they can consume (highest priority).
>
> 2) RealAudio streaming clients (port 554) should get all the bandwidth left
> after #1 that they can consume.
>
> 3) Web downloaders (port 80) should get all the bandwidth left after #1 and
> #2 that they can consume (lowest priority).
>
> I''ve tried adapting an existing tcng script into this:
I had little success using TCNG, although it was a nice tool to use and the 
ruleset is easy and straight forward.

I am having considerable, nearly out-of-the-box success using IPTables with 
the CLASSIFY extension (for 2.4 and 2.6) and a few raw `tc` commands to 
create the actual shaping classes.

<snip>
>         class ( <$ssh> ) if tcp_sport == 22 ;
>         class ( <$audio> ) if tcp_sport == 554 || tcp_sport == 7070 ;
>         class ( <$web> ) if tcp_sport == 80 ;
>         class ( <$other> ) if 1 ;
           ^^^^^^^^^^^^^
You grab those with IPTables and CLASSIFY, or if you really must, you can just 
use the MARK target and some extra `tc` filters to catch those marks.
>         htb () {
>             class ( rate 600kbps, ceil 600kbps ) {
>                 $ssh = class ( rate  64kbps, ceil 128kbps ) { sfq; } ;
>                 $audio = class ( rate 128kbps, ceil 128kbps ) { sfq; } ;
>                 $web = class ( rate 256kbps, ceil 512kbps ) { sfq; } ;
>                 $other = class ( rate 128kbps, ceil 384kbps ) { sfq; } ;
>             }
>         }
Not too bad:

tc qdisc add dev eth0 root handle 1: htb default 90
tc class add dev eth0 parent 1: classid 1:1 htb rate 600kbit ceil 600kbit


tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit
...
tc class add dev eth0 parent 1:1 classid 1:90 htb rate 8kbit ceil 64kbit

SFQ for each:

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 20
...
tc qdisc add dev eth0 parent 1:90 handle 90: sfq perturb 20

Replace ''eth0'' with your actual Internet facing interface.

<snip tcc output>
> I''ve tried loading them into tc, but I''m not really sure
if it''s working or
> not.  The only way I could think to test it was to get a friend (in another
> state) to trying download 3 files via HTTP, which would normally cause my
> SSH sessions to slow to a crawl.  The 3 downloads started, and it still
> seemed like the latency in my SSH sessions was high (i.e. it
didn''t appear
> that they had any priority over the HTTP downloads).
SSH is a lot of fun, and it doesn''t flag things like tunnels or `scp`
with the
TOS flags that it should, so bear in mind without tweaks you will suffer if 
you perform any of those activities while using any SSH terminal sessions.

Here''s a rule to match all outbound packets trying to hit port 80 (i.e.
HTTP
requests by me to external sites):

$IPTABLES -t mangle -A POSTROUTING -o $LOCALIF -p tcp --dport 80 \
  -j CLASSIFY --set-class 1:20

Classify simply assigns it to the correct class, which will be whatever you 
define.  I believe it only works in the POSTROUTING chain, however.
> So am I totally on the wrong track here?  Or am I on the right track but
> just needing some tweaks to my script?
>
> Thanks to anyone who can help - I need it!
Enjoy.

-- 

Jason Boxman
Perl Programmer / *NIX Systems Administrator
Shimberg Center for Affordable Housing | University of Florida
http://edseek.com/ - Linux and FOSS stuff

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/