LARTC - Feb 2005 - DSCP, ToS and Egress

I''m successfully using HTB + GRED to shape traffic based on the DSCP
field. I
would like to strip the DSCP and possibly replace it with normal ToS bits on
egress traffic leaving my network. Leaving DSCP set is pointless, and could
potentially cause problems with some ISPs that use DSCP internally I suppose.
Setting ToS bits would seem ideal as most networks still honor it to varying
degrees.

The problem is I can see no way of doing this. Since DSCP is needed in the
qdiscs for shaping, it can''t be mangled with iptables. According to the
packet
flow diagram, there doesn''t appear to be any other opportunity to
mangle the
packets in this manor. Will I need to insert another router in the chain just
to do this? :(

-- 
Dan-
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Tue, 15 Feb 2005, Dan Cox wrote:
> I''m successfully using HTB + GRED to shape traffic based on the
DSCP field. I
> would like to strip the DSCP and possibly replace it with normal ToS bits
on
> egress traffic leaving my network. Leaving DSCP set is pointless, and could
> potentially cause problems with some ISPs that use DSCP internally I
suppose.
> Setting ToS bits would seem ideal as most networks still honor it to
varying
> degrees.
>
> The problem is I can see no way of doing this. Since DSCP is needed in the
> qdiscs for shaping, it can''t be mangled with iptables. According
to the packet
> flow diagram, there doesn''t appear to be any other opportunity to
mangle the
> packets in this manor. Will I need to insert another router in the chain
just
> to do this? :(
You can clone the GRED qdisc code and modify it to overwrite the DSCP 
bits.
>
> -- 
> Dan-
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
---
Catalin(ux aka Dino) BOIE
catab at deuroconsult.ro
http://kernel.umbrella.ro/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

You can try with IMQ, which probably is not wanted for a production
server. You can also mark the pachets which have some DSCP bits, then
use u32 with the mark match (Probably Catalin''s implementation), i
think it is even in some latest 2.6 kernels, also don''t forget to use
a new iproute2 :)


On Wed, 16 Feb 2005 11:12:46 +0200 (EET), Catalin(ux aka Dino) BOIE
<util@deuroconsult.ro> wrote:
> On Tue, 15 Feb 2005, Dan Cox wrote:
> 
> > I''m successfully using HTB + GRED to shape traffic based on
the DSCP field. I
> > would like to strip the DSCP and possibly replace it with normal ToS
bits on
> > egress traffic leaving my network. Leaving DSCP set is pointless, and
could
> > potentially cause problems with some ISPs that use DSCP internally I
suppose.
> > Setting ToS bits would seem ideal as most networks still honor it to
varying
> > degrees.
> >
> > The problem is I can see no way of doing this. Since DSCP is needed in
the
> > qdiscs for shaping, it can''t be mangled with iptables.
According to the packet
> > flow diagram, there doesn''t appear to be any other
opportunity to mangle the
> > packets in this manor. Will I need to insert another router in the
chain just
> > to do this? :(
> 
> You can clone the GRED qdisc code and modify it to overwrite the DSCP
> bits.
> 
> >
> > --
> > Dan-
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
> 
> ---
> Catalin(ux aka Dino) BOIE
> catab at deuroconsult.ro
> http://kernel.umbrella.ro/
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 

-- 
Bla bla
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I thought I could use IMQ, but it appears the packets entering the IMQ device
happen last, just like normal device qdiscs. Meaning, you can''t send 
packets to
IMQ, then return to iptables for more mangling :/
Also, can''t use MARK because I''m already using it for traffic
prioritization
across 32 levels, and CLASSIFY is no good for this since it only works on a
leaf class.

I know I can sort traffic with filters, but I don''t think it''s
possible to do
any packet matching and mangling with them? I may have to just modify the
source code :/

Dan-

Quoting George Alexandru Dragoi <waruiinu@gmail.com>:
> You can try with IMQ, which probably is not wanted for a production
> server. You can also mark the pachets which have some DSCP bits, then
> use u32 with the mark match (Probably Catalin''s implementation), i
> think it is even in some latest 2.6 kernels, also don''t forget to
use
> a new iproute2 :)
>
>
> On Wed, 16 Feb 2005 11:12:46 +0200 (EET), Catalin(ux aka Dino) BOIE
> <util@deuroconsult.ro> wrote:
>> On Tue, 15 Feb 2005, Dan Cox wrote:
>>
>> > I''m successfully using HTB + GRED to shape traffic based
on the
>> DSCP field. I
>> > would like to strip the DSCP and possibly replace it with normal 
>> ToS bits on
>> > egress traffic leaving my network. Leaving DSCP set is pointless, 
>> and could
>> > potentially cause problems with some ISPs that use DSCP internally
>> I suppose.
>> > Setting ToS bits would seem ideal as most networks still honor it 
>> to varying
>> > degrees.
>> >
>> > The problem is I can see no way of doing this. Since DSCP is
needed in the
>> > qdiscs for shaping, it can''t be mangled with iptables.
According
>> to the packet
>> > flow diagram, there doesn''t appear to be any other
opportunity to
>> mangle the
>> > packets in this manor. Will I need to insert another router in the
>> chain just
>> > to do this? :(
>>
>> You can clone the GRED qdisc code and modify it to overwrite the DSCP
>> bits.
>>
>> >
>> > --
>> > Dan-
>> > _______________________________________________
>> > LARTC mailing list / LARTC@mailman.ds9a.nl
>> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/
>> >
>>
>> ---
>> Catalin(ux aka Dino) BOIE
>> catab at deuroconsult.ro
>> http://kernel.umbrella.ro/
>> _______________________________________________
>> LARTC mailing list / LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>
>
>
> --
> Bla bla
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Tue, 15 Feb 2005, Dan Cox wrote:

>> I''m successfully using HTB + GRED to shape traffic based on
the DSCP field.
>
I am investigationg WHY HTB + GRED does not work on my test beds. In 
SuSe 9.1 , 9.2 and Debian testing with 2.6.8 and 2.4.27 i face LOTS of 
problems (actually GRED works partially).

Can you sent me your scripts and mention the version''s of the kernel
and
iproute2 you are currently using?

Thanks in advance for your time,
Antonios Chalkiopoylos

My only working configuration is vanilla kernel 2.4.20 (patched with HTB)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I would post my scripts but they''re around several thousand lines,
intertwined
with lots of variable substitution and generate about 300 qdiscs and 
classes so
I don''t think it would be easy to follow :)

I''m using stock Fedora Core 3 packages for kernel (2.6.10), iptables
and
iproute2 (2.6.9) with the QNET patchset applied
(http://kem.p.lodz.pl/~peter/qnet/). I''ve also done this under Gentoo
with the
same stock kernels, packages and patches.

Basically, I sort traffic into several different HTB classes based on 
protocol,
then I have 4 levels of priority subclasses under each protocol, with yet
another 4 levels of subpriorities under those. IPTables helps here by MARKing
the packets so I know which priority subclass to sort them into. Then I use an
HTB + diffserv combo on these leaf priority subclasses to apply GRED for
AF1-AF4 and apply RED for BE (not using EF yet).

Here is an organizational snippet with 1 protocol priority level:
|root DSMARK qdisc
|root DSMARK bit mask filters
|HTB main qdisc
|HTB main class
|HTB main filters (sort based on protocol into subs)
  |HTB UDP Protocol Subclass
  |HTB UDP Protocol Subclass filters (sort based on MARK value into subs)
   |HTB UDP Priority 1 Subclass
   |HTB UDP Priority 1 filters (apply DSMARK bit mask for sorting into subs)
    |HTB AF1 Class
     |GRED qdisc
    |HTB AF2 Class
     |GRED qdisc
    |HTB AF3 Class
     |GRED qdisc
    |HTB AF4 Class
     |GRED qdisc
    |HTB BE Class
     |RED qdisc

There''s a great site with lots of examples and info:
http://www.opalsoft.net/qos/DS.htm

Hope that helps-
Dan-

Quoting Antonios Halkiopoulos <alg0@iit.demokritos.gr>:
> On Tue, 15 Feb 2005, Dan Cox wrote:
>
>
>>> I''m successfully using HTB + GRED to shape traffic based
on the DSCP field.
>>
>
> I am investigationg WHY HTB + GRED does not work on my test beds. In 
> SuSe 9.1 , 9.2 and Debian testing with 2.6.8 and 2.4.27 i face LOTS 
> of problems (actually GRED works partially).
>
> Can you sent me your scripts and mention the version''s of the
kernel
> and iproute2 you are currently using?
>
> Thanks in advance for your time,
> Antonios Chalkiopoylos
>
> My only working configuration is vanilla kernel 2.4.20 (patched with HTB)
>


-- Dan-

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Dan Cox wrote:
> I would post my scripts but they''re around several thousand lines,
> intertwined
> with lots of variable substitution and generate about 300 qdiscs and 
> classes so
> I don''t think it would be easy to follow :)
I am still interested, just post them to my personal email only so that 
you won''t flood lartc list.
> I''m using stock Fedora Core 3 packages for kernel (2.6.10),
iptables and
> iproute2 (2.6.9) with the QNET patchset applied
> (http://kem.p.lodz.pl/~peter/qnet/). I''ve also done this under
Gentoo
> with the same stock kernels, packages and patches.
I will check as soon as possible
 
>    |HTB AF1 Class
>     |GRED qdisc
>    |HTB AF2 Class
>     |GRED qdisc
>    |HTB AF3 Class
>     |GRED qdisc
>    |HTB AF4 Class
>     |GRED qdisc
>    |HTB BE Class
>     |RED qdisc

This is the part i am most interested in. I guess GRED for AF1 (for 
example) takes care of AF11 , AF12, AF13 and AF14. If so please sent me 
your scripts.

I will generate UDP traffic with mgen to test the kernels i am currently 
using.

Thanks for your time,
Antonios Chalkiopoulos
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I''ve attached my diffserv automagic generator script because I think 
it''s pretty
useful. Any feedback appreciated. After sourcing this into your scripts you
basically feed it the following information to have it auto generate 
the needed
classes and qdiscs based on formulas I''ve found on the net. This should
be
called to attach itself to a leaf class when you are already done sorting
traffic into generic priority queues, etc. Note that I''ve ripped this
out of a
much larger script, but it should work as is.

Here''s an example of the arguments the ''diffserv''
function takes:
# -----------------------------------------------
# PARENT:   Parent Class ID
# DEV:      Target Device
# RATE:     Parent Rate                 (kbit)
# CEIL:     Parent Ceiling              (kbit)
# AVPKT:    Average Packet Size         (bytes)
# LATENCY:  Target Latency              (milliseconds)
# QUANTUM:  Device MTU (normally)       (bytes)
# MTU:      Maximum Transmission Unit   (bytes)
# MPU:      Minimum Packet Unit         (bytes)
# OVERHEAD: Packet Overhead             (bytes)
# -----------------------------------------------

The most common problem someone will run into with this script is not 
being able
to guarantee a low enough latency. It takes a certain amount of 
bandwidth (rate)
to guarantee a target latency based on the average packet size (of course!).

Dan -

Quoting Antonios Halkiopoulos <alg0@iit.demokritos.gr>:
> Dan Cox wrote:
>
>> I would post my scripts but they''re around several thousand
lines,
>> intertwined
>> with lots of variable substitution and generate about 300 qdiscs and 
>> classes so
>> I don''t think it would be easy to follow :)
>
> I am still interested, just post them to my personal email only so 
> that you won''t flood lartc list.
>
>> I''m using stock Fedora Core 3 packages for kernel (2.6.10),
iptables and
>> iproute2 (2.6.9) with the QNET patchset applied
>> (http://kem.p.lodz.pl/~peter/qnet/). I''ve also done this under
>> Gentoo with the same stock kernels, packages and patches.
>
> I will check as soon as possible
>
>
>>    |HTB AF1 Class
>>     |GRED qdisc
>>    |HTB AF2 Class
>>     |GRED qdisc
>>    |HTB AF3 Class
>>     |GRED qdisc
>>    |HTB AF4 Class
>>     |GRED qdisc
>>    |HTB BE Class
>>     |RED qdisc
>
>
> This is the part i am most interested in. I guess GRED for AF1 (for 
> example) takes care of AF11 , AF12, AF13 and AF14. If so please sent 
> me your scripts.
>
> I will generate UDP traffic with mgen to test the kernels i am 
> currently using.
>
> Thanks for your time,
> Antonios Chalkiopoulos
>


-- Dan-

I''ve added a few more helper functions for a more complete
demonstration. I''ve
also added some suggested default values (see script).
Here''s an example usage for a 100mbit LAN:

# Load the functions into the environment
#
source diffserv.sh
#
# Set device queue length and MTU
#
init_device eth1 10 1500
#
# Clear the device qdiscs
#
reset_qdisc eth1
#
# Create the root DSMARK qdisc & filters.
#
init_classifier eth1 10:
#
# Now create our main HTB qdisc
# We attach to the parent DSMARK qdisc (10:) and give ourselves a handle of 1:
#
qdisc eth1 "parent 10: handle 1: htb default 1 r2q 1"
#
# Now we create our leaf HTB + GRED classes and qdiscs to perform diffserv
# Note that this will create HTB classes underneath the HTB qdisc (1:)
#
diffserv 1: eth1 100000 100000 1000 10 1500 1500 64 0

In a more complex setup, you can insert additional levels of HTB classes under
the HTB qdisc and then call ''diffserv'' on those leaf classes,
but remember to
add additional filters (can NOT use iptables CLASSIFY target) or traffic will
never reach those classes. ''diffserv'' assumes traffic has
already made
it as far
as its parent qdisc (or class) and attaches it''s filters there.

Dan-

I was just looking at your QoS Script. Did you ever notice that no
packets will be put into gred dp3 ? 

I was using a similar script based on AF examples on the web and
apparently in the gred qdisc now when you declare 3 dps they are
numbered 0,1,2 and not 1,2,3.

This line in gred_enqueue in sch_gred.c will prevent packets that you
have given a tcindex of 113,123,133,143 of being put in the right dp. 
They will get put into the default dp.

if ( ((skb->tc_index&0xf) > (t->DPs -1)) ||
!(q=t->tab[skb-
>tc_index&0xf])) {
This isnt a bug in the code either as I found out. 

You could take the -1 out of this line or else use gred DP0 , DP1, DP2
and change your tcindex classifiers to 110,111,112

Jonathan

On Fri, 2005-02-18 at 11:25 -0600, Dan Cox wrote:
> I''ve added a few more helper functions for a more complete
demonstration. I''ve
> also added some suggested default values (see script).
> Here''s an example usage for a 100mbit LAN:
> 
> # Load the functions into the environment
> #
> source diffserv.sh
> #
> # Set device queue length and MTU
> #
> init_device eth1 10 1500
> #
> # Clear the device qdiscs
> #
> reset_qdisc eth1
> #
> # Create the root DSMARK qdisc & filters.
> #
> init_classifier eth1 10:
> #
> # Now create our main HTB qdisc
> # We attach to the parent DSMARK qdisc (10:) and give ourselves a handle of
1:
> #
> qdisc eth1 "parent 10: handle 1: htb default 1 r2q 1"
> #
> # Now we create our leaf HTB + GRED classes and qdiscs to perform diffserv
> # Note that this will create HTB classes underneath the HTB qdisc (1:)
> #
> diffserv 1: eth1 100000 100000 1000 10 1500 1500 64 0
> 
> In a more complex setup, you can insert additional levels of HTB classes
under
> the HTB qdisc and then call ''diffserv'' on those leaf
classes, but remember to
> add additional filters (can NOT use iptables CLASSIFY target) or traffic
will
> never reach those classes. ''diffserv'' assumes traffic has
already made
> it as far
> as its parent qdisc (or class) and attaches it''s filters there.
> 
> Dan-
>