I copied and tried to adapt to my necessities the excellent script of Pedro
Larroy, but I am inexperienced in QoS and I have doubts.
I have cablemodem to Internet 1024kbit down and 256kbit up, through eth0. The
LAN has eth1 and NAT.
I formed the band so that shaping goes by the eth1 (of the LAN) with bandwidth
maximum CEIL=768.
But I observe that the traffic sometimes accelerates and other moments stops.
Please, you they could say to me what is bad of script that I paste below???
(iptables mangle mark ports 54xxx is for emule)
Thanks for its patience.
----------paste script-------------------------------------------------
CEIL=768
#Primero borrar todas las bandas que pudiera haber
tc qdisc del dev eth1 root
#Se crea la banda principal root 1, cuyos paquetes por defecto van a la banda 1
tc qdisc add dev eth1 root handle 1: htb default 15
tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil
${CEIL}kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 270kbit ceil 270kbit prio
0
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 270kbit ceil ${CEIL}kbit
prio 1
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 68kbit ceil ${CEIL}kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 68kbit ceil ${CEIL}kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 34kbit ceil ${CEIL}kbit
prio 3
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 100kbit ceil ${CEIL}kbit
prio 1
#Se asocia la cola sfq con la banda hija
tc qdisc add dev eth1 parent 1:11 handle 110: sfq perturb 10
tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10
#Se asocian las marcas que hubiera en iptables mangle con las bandas respectivas
tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:10
tc filter add dev eth1 protocol ip parent 1:0 prio 2 handle 2 fw classid 1:11
tc filter add dev eth1 protocol ip parent 1:0 prio 3 handle 3 fw classid 1:12
tc filter add dev eth1 protocol ip parent 1:0 prio 4 handle 4 fw classid 1:13
tc filter add dev eth1 protocol ip parent 1:0 prio 5 handle 5 fw classid 1:14
tc filter add dev eth1 protocol ip parent 1:0 prio 6 handle 6 fw classid 1:15
#Se dan las reglas iptables para marcar lo que nos interesa
$IPTABLES -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -p icmp -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark
0x1
$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark
0x5
$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK
--set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN
#Esto prioriza paquetes del puerto seteado
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark
0x2
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j MARK --set-mark
0x2
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j RETURN
#Esto prioriza paquetes al comienzo de conexiones tcp con SYN flag
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
MARK --set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
RETURN
#Cierra reglas de la tabla prerouting mangle
$IPTABLES -t mangle -A PREROUTING -j MARK --set-mark 0x6
#Todo lo mismo que lo anterior, pero en OUTPUT, para trafico generado localmente
$IPTABLES -t mangle -A OUTPUT -p icmp -j MARK --set-mark 0x1
$IPTABLES -t mangle -A OUTPUT -p icmp -j RETURN
$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j RETURN
$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j RETURN
$IPTABLES -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j MARK
--set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j RETURN
#Esto prioriza paquetes del puerto seteado
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 80 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54661 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54661 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54662 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54662 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 56881 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54711 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54711 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54665 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54665 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54672 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54672 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 56881 -j RETURN
#Esto prioriza paquetes al comienzo de conexiones tcp con SYN flag
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK
--set-mark 0x1
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
RETURN
#Cierra reglas de la tabla OUTPUT mangle
$IPTABLES -t mangle -A OUTPUT -j MARK --set-mark 0x3
--------------------------end
paste----------------------------------------------
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On Wednesday 06 July 2005 16:05, Ricardo Chamorro wrote:> CEIL=768[...]> tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil > ${CEIL}kbitI don''t know if it''s the cause of your problems, but the children of this class altogether have a guaranteed rate of 810kbit, whereas the parent only has 768kbit. It''s hard to tell what HTB does in this case, so you should make sure that the children''s rates add up to the parent''s rate. Another problem could probably be that you are using a lot of SFQ qdiscs. If every single one of them can queue 128 packets, it might be too much. I reduced the SFQ queue length to 16 on my system for that reason. I also had a lot of weird thing happening due to the prio parameter of HTB. I think it''s best not to use it in the beginning and only start experimenting with that parameter when you really need it. Are you shaping upload traffic at all? You don''t really have much influence on download traffic (all HTB can do is drop packets). A shaping setup without upload shaping makes hardly any sense. Also, in your setup you limit eth1 to 768kbit in total. That''s fine as long as there is no LAN traffic on that machine. However, that''s hardly ever the case - as soon as you SSH on your machine, or use some kind of proxy (DNS caching, squid, ...), this LAN traffic will have to use the same classes as your internet download traffic, thus interfering with download speeds. HTH Andreas
----- Original Message ----- From: "Andreas Klauer" <Andreas.Klauer@metamorpher.de> To: <lartc@mailman.ds9a.nl> Sent: Wednesday, July 06, 2005 12:38 PM Subject: Re: [LARTC] Please: "judge" this script> class altogether have a guaranteed rate of 810kbit, whereas the parent > only has 768kbit.Oh Yes... thanks for your "judgment" so detailed... that went an error, when increasing one of the values I forgot to reduce it to the other class. After this correction the rate raised vertiginously. Of 4kbit of download in emule, now is 30 to 35 kb! In addition the load of www pages and pop3 works much more fast.> Another problem could probably be that you are using a lot of SFQ qdiscs. > If every single one of them can queue 128 packets, it might be too much. > I reduced the SFQ queue length to 16 on my system for that reason. > I also had a lot of weird thing happening due to the prio parameter of > HTB. > I think it''s best not to use it in the beginning and only start > experimenting with that parameter when you really need it.You think that it would be necessary to make these changes now?> Are you shaping upload traffic at all? You don''t really have much > influence > on download traffic (all HTB can do is drop packets). A shaping setup > without upload shaping makes hardly any sense.In this case what would have to add I to script? I imagine that I would have to apply all the same rules, equal these, but with the CEIL value upload (256 kbit) and pointing at the NIC eth0 (to ISP)... This is well? And the rules of iptables would be equal? That is: - t mangle PREROUTING pointing to the ports of destination (dport instead of sport)?> Also, in your setup you limit eth1 to 768kbit in total. That''s fine as > long > as there is no LAN traffic on that machine. However, that''s hardly ever > the case - as soon as you SSH on your machine, or use some kind of proxy > (DNS caching, squid, ...), this LAN traffic will have to use the same > classes as your internet download traffic, thus interfering with download > speeds.Is a router Debian (kernel to 2,4,25) that only does NAT and firewall with iptables (its "runs" in a 486 DX4100 with 96MB RAM and two HD of 1GB each one... ;-). Not squid, not samba, not bind... Nothing except router of Inet and NAT. What would have to do? Best regards Ricardo