hello folks,
this is my first post to that list. so I hope I am not completely OT
here :-)
reading the (excellent!) lartc and then writing my own qos-script I have
still some open questions which I will try to formulate now:
- "Now we can optionally attach queuing disciplines to the leaf classes.
If none is specified the default is pfifo." - I can''t find info
about
Pfifo. is it the same as pfifo_fast?
what happenes when I do not add queuing disciplines to the leaf classes?
only the filters?
- can a class burst above the ceil-parameter when there is NO other
traffic on the line at that moment?
- what happens when a packet passing trough the filters can be matched
by two filters? f.e. I have a "general" type of WWW-port 80 filter and
another WWW-port 80 filter to a certain subnet. is it like a cisco ACL?
the first hit is applied?
- is hardware a criteria? i want to shape a pretty full 2048/2048 line
and use an old server with 2 NICs at the moment. 128 MB ram, but gnome
running.. :) could I create a bottleneck by doing so?
- question concerning the script (below):
it is quite simple. I want to filter any traffic going to an "SAP"
subnet. (where we have the SAP-system) and WWW as well as email
i apply it to interface eth0 and eth1 (which are part of an ethernet
bridge br0).
as there are all servers on one side of the bridge and I want it to be
"plug and play"-like I apply the same script to both interfaces.
The setup is like this:
[Manchester] (~250 Clients) ---> Transparent QoS-Bridge ----> ROUTER
-------- FR WAN 2 Mbit ------> [AT/Vienna] (Mailserver, Proxy, SAP)
- and: will my script work as expected with that setup? :)
thanks in advance and kind regards,
Ulrich
#!/bin/sh
#
############ Configuration part ##############
DEVICE=$1 # interface (eth0 / eth1)
Bandwidth=2048kbit # rate of WAN - line / remember you can''t ceil this
or you''ll experience latency. 75-80% of ceil is a good place to start.
rateSAP=1024kbit
ceilSAP=2048kbit
prioSAP=1
rateEMAIL=512kbit
ceilEMAIL=768kbit
prioEMAIL=3
rateWEB=768kbit
ceilWEB=1024kbit
prioWEB=2
rateBulk=512kbit
ceilBULK=768kbit
prioBULK=4
rateVIEMON02=512kbit
ceilVIEMON02=800kbit
prioVIEMON02=1
VIEMON02="172.24.69.34"
SAPNET="172.24.64.0/24"
PROXY="172.24.69.21/32"
MAILSERVER="172.24.69.23/32"
TCCLASS="tc class add dev $DEVICE"
TCQDISC="tc qdisc add dev $DEVICE"
############ End of configuration part ##############
#####################################
# Delete any old rules #
tc qdisc del root dev $DEVICE
# root qdisc / qdisc = queueing discipline #
tc qdisc add dev $DEVICE root handle 1: htb default 16
# ceil hier eigentlich redundant - da es
$TCCLASS parent 1: classid 1:1 htb rate $Bandwidth ceil $Bandwidth
# child qdiscs (like child nodes on a tree) #
$TCCLASS parent 1:1 classid 1:11 htb rate $rateEMAIL ceil $ceilEMAIL
prio $prioEMAIL
$TCCLASS parent 1:1 classid 1:12 htb rate $rateSAP ceil $ceilSAP prio
$prioSAP
$TCCLASS parent 1:1 classid 1:13 htb rate $rateWEB ceil $ceilWEB prio
$prioWEB
$TCCLASS parent 1:1 classid 1:14 htb rate $rateVIEMON02 ceil
$ceilVIEMON02 prio $prioVIEMON02
$TCCLASS parent 1:1 classid 1:16 htb rate $rateBulk ceil $ceilBULK prio
$prioBULK
########################################################################################################
# To continue let''s add a pfifo queuing discipline to each of the
service classes;
$TCQDISC parent 1:11 handle 110: pfifo limit 10
$TCQDISC parent 1:12 handle 120: pfifo limit 10
$TCQDISC parent 1:13 handle 130: pfifo limit 10
$TCQDISC parent 1:14 handle 140: pfifo limit 10
# BULK
$TCQDISC parent 1:16 handle 160: sfq perturb 20
########################################################################################################
# Filter definitions for traffic matching
########################################################################################################
############### SAP ##############
# all SAP-systems are in the same subnet - all traffic from/to that
subnet is business-critical
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match
ip src $SAPNET flowid 1:12
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match
ip dst $SAPNET flowid 1:12
# A little tweaking.... :-)
# match icmp echo request
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match
ip icmp_type 0x08 0xff flowid 1:12
# match icmp echo reply
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match
ip icmp_type 0x00 0xff flowid 1:12
############### WEB ###############
# Web-surfing only possible via $PROXY-Server
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 match
ip src $PROXY flowid 1:13
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 match
ip dst $PROXY flowid 1:13
#tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32
match ip dport 80 flowid 1:13
############### EMAIL ################
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioEMAIL u32
match ip src $MAILSERVER flowid 1:11
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioEMAIL u32
match ip dst $MAILSERVER flowid 1:11
#####################################
############ VIEMON02 ###############
# #
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioVIEMON02 u32
match ip src $VIEMON02/32 flowid 1:14
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioVIEMON02 u32
match ip dst $VIEMON02/32 flowid 1:14
#####################################
######### Bulk / Default ############
# #
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioBULK u32
match ip src 0.0.0.0/0 flowid 1:16
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioBULK u32
match ip dst 0.0.0.0/0 flowid 1:16
Ulrich Pöschl wrote:> hello folks, > > this is my first post to that list. so I hope I am not completely OT > here :-) > > reading the (excellent!) lartc and then writing my own qos-script I have > still some open questions which I will try to formulate now: > > - "Now we can optionally attach queuing disciplines to the leaf classes. > If none is specified the default is pfifo." - I can''t find info about > Pfifo. is it the same as pfifo_fast? > what happenes when I do not add queuing disciplines to the leaf classes? > only the filters?pfifo = packet fifo it''s just a first in first out not as clever as pfifo fast. If you don''t add a queue to a leaf you get a long pfifo - limit set by htb rather than you.> - can a class burst above the ceil-parameter when there is NO other > traffic on the line at that moment?You can specify burst and cburst for htb in your scipt if you want - if you don''t htb chooses them for you from rate/ceil. See them with tc -s -d class ls devX.> > - what happens when a packet passing trough the filters can be matched > by two filters? f.e. I have a "general" type of WWW-port 80 filter and > another WWW-port 80 filter to a certain subnet. is it like a cisco ACL? > the first hit is applied?Yes use prio to order filters and remember 1 is highest not 0.> > - is hardware a criteria? i want to shape a pretty full 2048/2048 line > and use an old server with 2 NICs at the moment. 128 MB ram, but gnome > running.. :) could I create a bottleneck by doing so?Probably be OK as long as you don''t have thousands of tests per packet.> > > - question concerning the script (below): > it is quite simple. I want to filter any traffic going to an "SAP" > subnet. (where we have the SAP-system) and WWW as well as email > i apply it to interface eth0 and eth1 (which are part of an ethernet > bridge br0). > as there are all servers on one side of the bridge and I want it to be > "plug and play"-like I apply the same script to both interfaces. > > The setup is like this: > [Manchester] (~250 Clients) ---> Transparent QoS-Bridge ----> ROUTER > -------- FR WAN 2 Mbit ------> [AT/Vienna] (Mailserver, Proxy, SAP) > > - and: will my script work as expected with that setup? :) > > thanks in advance and kind regards, > > Ulrich > > > > > #!/bin/sh > # > ############ Configuration part ############## > DEVICE=$1 # interface (eth0 / eth1) > > Bandwidth=2048kbit # rate of WAN - line / remember you can''t ceil this > or you''ll experience latency. 75-80% of ceil is a good place to start.Your rates and ceils seem to ignore this comment :-) Remember rates are guaranteed prio only affects sharing of what''s spare. Rest looks OK but I often miss things - test, test, test is the best way. Andy.