LARTC - Jul 2004 - HTB classifying

Maybe it''s my oversight but shoudn''t you have "tc qdisc
add  dev eth0 root
handle 1:0 htb"  before rest of your instructions ??
> I am trying to shape a client (somewhat advanced).
>
> This is my target:
> Client is 192.168.2.224. I would like to allow him to download with
> 500000 bits/sec in general. But, for a specific port(say 22), i would
> like him to download with 300000 bit/sec only. The problem is that my
> configuration (maybe wrong) allows him to download with 800000 bit/sec.
> (500000 generally + 300000 on port 22)
> I thought that having classes 1:11 and 1:12 being children of a class
> with rate 500000, 500000 would be the maximum...
> Can htb to this? Can another queue do this?
>
> /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 500000
>
> /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 300000
> /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip
src 192.168.2.224/32 \
> match ip sport 80 0xffff classid 1:11
>
> /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 500000
> /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip
src 192.168.2.224/32 classid 1:12
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

OK what''s the address of eth0?  Is the BOX with NAT ?
I think you could send a bit of your true script and describe a bit of your
network especially the part when this situation is happeniing . If you
really afraid of smth like hack attack change IP adressess.
> Although i have done so ,you are right. I should have included this too in
> my (e-mail) configuration...
> BTW,Any idea of the situation
>
> ----- Original Message ----- 
> From: <mjoachimiak@poczta.onet.pl>
> To: "lartc" <lartc@mailman.ds9a.nl>; "Mpourtounis
Dimitris" <db@wless.gr>
> Sent: Friday, January 24, 2003 1:21 AM
> Subject: Re: [LARTC] HTB classifying
>
>
> > Maybe it''s my oversight but shoudn''t you have
"tc qdisc add  dev eth0
root
> > handle 1:0 htb"  before rest of your instructions ??
> >
> > > I am trying to shape a client (somewhat advanced).
> > >
> > > This is my target:
> > > Client is 192.168.2.224. I would like to allow him to download
with
> > > 500000 bits/sec in general. But, for a specific port(say 22), i
would
> > > like him to download with 300000 bit/sec only. The problem is
that my
> > > configuration (maybe wrong) allows him to download with 800000
bit/sec.
> > > (500000 generally + 300000 on port 22)
> > > I thought that having classes 1:11 and 1:12 being children of a
class
> > > with rate 500000, 500000 would be the maximum...
> > > Can htb to this? Can another queue do this?
> > >
> > > /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate
500000
> > >
> > > /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate
300000
> > > /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32
match
> ip
> > src 192.168.2.224/32 \
> > > match ip sport 80 0xffff classid 1:11
> > >
> > > /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate
500000
> > > /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32
match
> ip
> > src 192.168.2.224/32 classid 1:12
> > >
> > >
> > > _______________________________________________
> > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Martin Brown has right but his answer is not full.
I see at least one error in your script.
I see you arew shaping on wlan0. You must know that you can only shape
outgoing traffic so if your node is downloading by ftp i''ts ok, but if
the
node start to upload shaping on wlan0 won''t work. In that case you must
shape on eth0.
And second thing:
Because you shape towards 192.168.2.224 you can not write ...ip src
192.168.2.224/32.....
You must write ...ip dst 192.168.2.224.
>/sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \
>       match ip src 192.168.2.224/32 \
>      match ip sport 80 0xffff classid 1:11
Take some more reading :)
Good luck.
----- Original Message ----- 
From: "Mpourtounis Dimitris" <db@wless.gr>
To: "lartc" <lartc@mailman.ds9a.nl>
Sent: Saturday, July 24, 2004 11:39 PM
Subject: Re: [LARTC] HTB classifying

> Ok then...
>
> BOX with 2 ifaces
> eth0 :     192.168.1.3/24 , NAT 192.168.2.0/24
> wlan0:    192.168.2.3/24 ,
>
> gw 192.168.1.1(it is an adsl mode in fact)
>
> All i want to do is make sure that
>     a)node 192.168.2.224 doesnt get more than 500000 bits/sec
>     b)its ssh,sftp (port 22) traffic is limited at 300000 bits/sec
>
> and
>     c)add more shaped nodes in my script.
>
> When i start downloading from node, its http taffic for examle is really
> shaped
> at 500000.
> When i start downloading via sftp (port 22), its sftp traffic is really
> shaped
> at 300000.
> But, if when there is an http as well as an sftp session at the same time,
> total bandwidth
> is at 800000.
>
> Thanks in advance (and sorry for being so short, i will get used to
> explaining my problems
> briefly...)
>
>
> #My.notworking.script
> /sbin/tc qdisc add  dev wlan0 root handle 1:0 htb r2q 100
> /sbin/tc class add dev wlan0 parent 1: classid 1:10 htb rate 500000
>
> /sbin/tc class add dev wlan0 parent 1:10 classid 1:11 htb rate 300000
> /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \
>         match ip src 192.168.2.224/32 \
>         match ip sport 80 0xffff classid 1:11
>
> /sbin/tc class add dev wlan0 parent 1:10 classid 1:12 htb rate 500000
>  /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 match \
>          ip src 192.168.2.224/32 classid 1:12
>
>
>
> ----- Original Message ----- 
> From: <mjoachimiak@poczta.onet.pl>
> To: "lartc" <lartc@mailman.ds9a.nl>; "Mpourtounis
Dimitris" <db@wless.gr>
> Sent: Friday, January 24, 2003 2:13 AM
> Subject: Re: [LARTC] HTB classifying
>
>
> > OK what''s the address of eth0?  Is the BOX with NAT ?
> > I think you could send a bit of your true script and describe a bit of
> your
> > network especially the part when this situation is happeniing . If you
> > really afraid of smth like hack attack change IP adressess.
> >
> > > Although i have done so ,you are right. I should have included
this
too
> in
> > > my (e-mail) configuration...
> > > BTW,Any idea of the situation
> > >
> > > ----- Original Message ----- 
> > > From: <mjoachimiak@poczta.onet.pl>
> > > To: "lartc" <lartc@mailman.ds9a.nl>;
"Mpourtounis Dimitris"
> <db@wless.gr>
> > > Sent: Friday, January 24, 2003 1:21 AM
> > > Subject: Re: [LARTC] HTB classifying
> > >
> > >
> > > > Maybe it''s my oversight but shoudn''t you
have "tc qdisc add  dev
eth0
> > root
> > > > handle 1:0 htb"  before rest of your instructions ??
> > > >
> > > > > I am trying to shape a client (somewhat advanced).
> > > > >
> > > > > This is my target:
> > > > > Client is 192.168.2.224. I would like to allow him to
download
with
> > > > > 500000 bits/sec in general. But, for a specific
port(say 22), i
> would
> > > > > like him to download with 300000 bit/sec only. The
problem is that
> my
> > > > > configuration (maybe wrong) allows him to download with
800000
> > bit/sec.
> > > > > (500000 generally + 300000 on port 22)
> > > > > I thought that having classes 1:11 and 1:12 being
children of a
> class
> > > > > with rate 500000, 500000 would be the maximum...
> > > > > Can htb to this? Can another queue do this?
> > > > >
> > > > > /sbin/tc class add dev eth0 parent 1: classid 1:10 htb
rate 500000
> > > > >
> > > > > /sbin/tc class add dev eth0 parent 1:10 classid 1:11
htb rate
300000
> > > > > /sbin/tc filter add dev eth0 parent 1:0 protocol ip
prio 100 u32
> match
> > > ip
> > > > src 192.168.2.224/32 \
> > > > > match ip sport 80 0xffff classid 1:11
> > > > >
> > > > > /sbin/tc class add dev eth0 parent 1:10 classid 1:12
htb rate
500000
> > > > > /sbin/tc filter add dev eth0 parent 1:0 protocol ip
prio 100 u32
> match
> > > ip
> > > > src 192.168.2.224/32 classid 1:12
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://lartc.org/
> > >
> > >
> >
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I am trying to shape a client (somewhat advanced).

This is my target:
Client is 192.168.2.224. I would like to allow him to download with
500000 bits/sec in general. But, for a specific port(say 22), i would
like him to download with 300000 bit/sec only. The problem is that my 
configuration (maybe wrong) allows him to download with 800000 bit/sec.
(500000 generally + 300000 on port 22)
I thought that having classes 1:11 and 1:12 being children of a class
with rate 500000, 500000 would be the maximum...
Can htb to this? Can another queue do this?

/sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 500000

/sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 300000
/sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src
192.168.2.224/32 \
								match ip sport 80 0xffff classid 1:11

/sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 500000
/sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src
192.168.2.224/32 classid 1:12


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Ok then...

BOX with 2 ifaces
eth0 :     192.168.1.3/24 , NAT 192.168.2.0/24
wlan0:    192.168.2.3/24 ,

gw 192.168.1.1(it is an adsl mode in fact)

All i want to do is make sure that
    a)node 192.168.2.224 doesnt get more than 500000 bits/sec
    b)its ssh,sftp (port 22) traffic is limited at 300000 bits/sec

and
    c)add more shaped nodes in my script.

When i start downloading from node, its http taffic for examle is really
shaped
at 500000.
When i start downloading via sftp (port 22), its sftp traffic is really
shaped
at 300000.
But, if when there is an http as well as an sftp session at the same time,
total bandwidth
is at 800000.

Thanks in advance (and sorry for being so short, i will get used to
explaining my problems
briefly...)


#My.notworking.script
/sbin/tc qdisc add  dev wlan0 root handle 1:0 htb r2q 100
/sbin/tc class add dev wlan0 parent 1: classid 1:10 htb rate 500000

/sbin/tc class add dev wlan0 parent 1:10 classid 1:11 htb rate 300000
/sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \
        match ip src 192.168.2.224/32 \
        match ip sport 80 0xffff classid 1:11

/sbin/tc class add dev wlan0 parent 1:10 classid 1:12 htb rate 500000
 /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 match \
         ip src 192.168.2.224/32 classid 1:12



----- Original Message ----- 
From: <mjoachimiak@poczta.onet.pl>
To: "lartc" <lartc@mailman.ds9a.nl>; "Mpourtounis
Dimitris" <db@wless.gr>
Sent: Friday, January 24, 2003 2:13 AM
Subject: Re: [LARTC] HTB classifying

> OK what''s the address of eth0?  Is the BOX with NAT ?
> I think you could send a bit of your true script and describe a bit of
your
> network especially the part when this situation is happeniing . If you
> really afraid of smth like hack attack change IP adressess.
>
> > Although i have done so ,you are right. I should have included this
too
in
> > my (e-mail) configuration...
> > BTW,Any idea of the situation
> >
> > ----- Original Message ----- 
> > From: <mjoachimiak@poczta.onet.pl>
> > To: "lartc" <lartc@mailman.ds9a.nl>; "Mpourtounis
Dimitris"
<db@wless.gr>
> > Sent: Friday, January 24, 2003 1:21 AM
> > Subject: Re: [LARTC] HTB classifying
> >
> >
> > > Maybe it''s my oversight but shoudn''t you have
"tc qdisc add  dev eth0
> root
> > > handle 1:0 htb"  before rest of your instructions ??
> > >
> > > > I am trying to shape a client (somewhat advanced).
> > > >
> > > > This is my target:
> > > > Client is 192.168.2.224. I would like to allow him to
download with
> > > > 500000 bits/sec in general. But, for a specific port(say
22), i
would
> > > > like him to download with 300000 bit/sec only. The problem
is that
my
> > > > configuration (maybe wrong) allows him to download with
800000
> bit/sec.
> > > > (500000 generally + 300000 on port 22)
> > > > I thought that having classes 1:11 and 1:12 being children
of a
class
> > > > with rate 500000, 500000 would be the maximum...
> > > > Can htb to this? Can another queue do this?
> > > >
> > > > /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate
500000
> > > >
> > > > /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb
rate 300000
> > > > /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100
u32
match
> > ip
> > > src 192.168.2.224/32 \
> > > > match ip sport 80 0xffff classid 1:11
> > > >
> > > > /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb
rate 500000
> > > > /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100
u32
match
> > ip
> > > src 192.168.2.224/32 classid 1:12
> > > >
> > > >
> > > > _______________________________________________
> > > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/
> >
> >
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello Mpourtounis,

 : When i start downloading from node, its http taffic for examle is
 : really shaped at 500000. When i start downloading via sftp (port 22),
 : its sftp traffic is really shaped at 300000. But, if when there is an
 : http as well as an sftp session at the same time, total bandwidth is at
 : 800000.

You are missing one key piece in your understanding of HTB and that is the
difference between using "rate" and using "ceil".

 : /sbin/tc qdisc add  dev wlan0 root handle 1:0 htb r2q 100
 : /sbin/tc class add dev wlan0 parent 1: classid 1:10 htb rate 500000
 :
 : /sbin/tc class add dev wlan0 parent 1:10 classid 1:11 htb rate 300000
 : /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \
 :         match ip src 192.168.2.224/32 \
 :         match ip sport 80 0xffff classid 1:11
 :
 : /sbin/tc class add dev wlan0 parent 1:10 classid 1:12 htb rate 500000
 :  /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 match \
 :          ip src 192.168.2.224/32 classid 1:12

You have a class structure which looks roughly like this:


  class 1:10, rate 500000 [ ceil 500000 ]
   |
   +-class 1:11, rate 300000 [ ceil 300000 ] (rate M)
    \
     class 1:12, rate 500000 [ ceil 500000 ] (rate L)

Because you have specified a rate in each leaf class (1:11 and 1:12), your
two leaf classes are getting the guaranteed ''rate''.  You have
guaranteed
rate M, 300000 (units???) (seems to be 37500bps with my tc) to your class
1:11.  You have guaranteed rate L to your class 1:12.  HTB will dequeue
packets entering this class until rate without examining any other parent
class.  Because each class is getting its guaranteed rate, HTB is
effectively transmitting (dequeuing) packets at 800000 (300000 + 500000).

I believe you wish to do the following.  Note that I have used the same
ratios, but have eliminated some zeroes and changed the units, but simply
for readability.

  class 1:10, rate 500 kbps, ceil 500 kbps
   |
   +-class 1:11, rate 100 kbps, ceil 300 kbps
    \
     class 1:12, rate 400 kbps, ceil 500 kbps

Thes means that classes 1:11 and 1:12 can transmit up to rates 100 kbps
and 400 kbps respectively before HTB starts to calculate borrowing.  For
more on the borrowing model, see [0], [1] and [2].  The rule you are
unwittingly violating is this rule [3].

In short, since HTB will not check any rates or perform any shaping or
borrowing until rate is met (exceeded), you must make sure that the sum of
the rates of your leaf classes does not exceed the parent classes.

As a final note, if you wish to limit your total outgoing bandwidth to
only 500000 and let HTB help a bit with the borrowing, I would recommend
the following model:

  class 1:10, rate 500000, ceil 500000
   |
   +-class 1:11, rate 100000, ceil 300000
    \
     class 1:12, rate 200000, ceil 500000

Best of luck,

-Martin

  [0] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#hsharing
  [1]
http://tldp.org/HOWTO/Traffic-Control-HOWTO/classful-qdiscs.html#qc-htb-borrowing
  [2] http://opalsoft.net/qos/DS-28.htm
  [3] http://www.docum.org/docum.org/faq/cache/13.html

P.S. Just a reminder that with the command line "tc", kbps means
kilobytes
     per second.  If you want to talk about kilobits per second, use kbit.

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/