Hi everybody,
I have a network that only uses terminal services.
Look at the diagram.
20 machines running WinXP <-> LinuxFW-1 <-> 1Mbit link dedicated
fiber link <–> LinuxFW-2 <–> Terminal Server
I’d like to give the maximum priority for bandwidth to terminal services (port
3389).
I’ve changed the CBQ script from LARTC site to suite my needs, but every time I
run it my connections to 3389 becomes slower. Without TC the connections are
faster and better.
I can’t afford to loose more time trying to reinvent the wheel. I’ve read all
documentations and I still can’t make a good traffic control for my needs.
1) Does anyone have something like that?
2) Where should I put the traffic control? In LinuxFW-1 or LinuxFW-2?
3) Is my script changes right?
Here comes the script. Thanks a lot.
---- cut ---
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
DOWNLINK=850
UPLINK=850
DEV=eth2
# clean existing down- and uplink qdiscs, hide errors
/sbin/tc qdisc del dev $DEV root 2> /dev/null > /dev/null
/sbin/tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
###### uplink
# install root CBQ
/sbin/tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
# main class
/sbin/tc class add dev $DEV parent 1: classid 1:1 cbq rate 1000kbit \
allot 1500 prio 5 bounded isolated
# high prio class 1:10:
/sbin/tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \
allot 1600 prio 1 avpkt 1000
# prioridade para o TS
/sbin/tc class add dev $DEV parent 1:1 classid 1:11 cbq rate 1000kbit \
allot 1600 prio 1 avpkt 1000
# bulk and default class 1:20 - gets slightly less traffic,
# and a lower priority:
/sbin/tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[7*$UPLINK/10]kbit
\
allot 32000 prio 2 avpkt 1000
# both get Stochastic Fairness:
/sbin/tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
/sbin/tc qdisc add dev $DEV parent 1:11 handle 11: sfq perturb 10
/sbin/tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
# start filters
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
/sbin/tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
# Coloca a porta do TS como interativa
/sbin/tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip sport 3389 0xff flowid 1:11
/sbin/tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip dport 3389 0xff flowid 1:11
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
/sbin/tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
/sbin/tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
# rest is ''non-interactive'' ie ''bulk'' and
ends up in 1:20
/sbin/tc filter add dev $DEV parent 1: protocol ip prio 13 u32 \
match ip dst 0.0.0.0/0 flowid 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
/sbin/tc qdisc add dev $DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that''s
# coming in too fast:
/sbin/tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
Thanks a lot.
On Tue, 2005-10-25 at 14:33 -0200, Thiago Lima - lst wrote:> Hi everybody, > > I have a network that only uses terminal services. > > Look at the diagram. > > 20 machines running WinXP <-> LinuxFW-1 <-> 1Mbit link dedicated fiber link <–> LinuxFW-2 <–> Terminal Server > > I’d like to give the maximum priority for bandwidth to terminal services (port 3389). > > I’ve changed the CBQ script from LARTC site to suite my needs, but every time I run it my connections to 3389 becomes slower. Without TC the connections are faster and better. > > I can’t afford to loose more time trying to reinvent the wheel. I’ve read all documentations and I still can’t make a good traffic control for my needs. > > 1) Does anyone have something like that?I have such a network running Citrix.> 2) Where should I put the traffic control? In LinuxFW-1 or LinuxFW-2? > 3) Is my script changes right?First: do you have a perfomance problem when running without any traffic control: according to my experience, each connection runs OK with ~20-30 kilobit/sec? If you don''t have problems, don''t fix them. Second, do you use any other services from the Windows server on the other side: DHCP, DNS, WINS, file shareing (e.g. roaming profiles, home directories) profiles, databases (SQL server), Internet connections etc? If you have any of those (especially the ones for name resolution) you must take those in account also. -- Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: J.Kraaijeveld@Askesis.nl web: www.askesis.nl
-----Mensagem original----- De: Joost Kraaijeveld [mailto:J.Kraaijeveld@Askesis.nl] Enviada em: terça-feira, 25 de outubro de 2005 16:41 Para: Thiago Lima - lst Cc: lartc@mailman.ds9a.nl Assunto: Re: [LARTC] Terminal Services and traffic control. On Tue, 2005-10-25 at 14:33 -0200, Thiago Lima - lst wrote:> Hi everybody, > > I have a network that only uses terminal services. > > Look at the diagram. > > 20 machines running WinXP <-> LinuxFW-1 <-> 1Mbit link dedicatedfiber link <> LinuxFW-2 <> Terminal Server> > Id like to give the maximum priority for bandwidth to terminalservices (port 3389).> > Ive changed the CBQ script from LARTC site to suite my needs, butevery time I run it my connections to 3389 becomes slower. Without TC the connections are faster and better.> > I cant afford to loose more time trying to reinvent the wheel. Iveread all documentations and I still cant make a good traffic control for my needs.> > 1) Does anyone have something like that?I have such a network running Citrix. As far as I know, Citrix is more optimized for long distance setups.> 2) Where should I put the traffic control? In LinuxFW-1 or LinuxFW-2? > 3) Is my script changes right?First: do you have a perfomance problem when running without any traffic control: according to my experience, each connection runs OK with ~20-30 kilobit/sec? If you don''t have problems, don''t fix them. Yes I have problems without traffic control. For instance, when someone transfers a file between the networks TS sessions become slow. Even open outlook becomes unusable. Second, do you use any other services from the Windows server on the other side: DHCP, DNS, WINS, file shareing (e.g. roaming profiles, home directories) profiles, databases (SQL server), Internet connections etc? If you have any of those (especially the ones for name resolution) you must take those in account also. I have a file server running into another server. TS users use those files for work. But therere basically excel and word files. Tks Joost. -- Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: J.Kraaijeveld@Askesis.nl web: www.askesis.nl
On Tue, 2005-10-25 at 17:00 -0200, Thiago Lima - lst wrote:> As far as I know, Citrix is more optimized for long distance setups.Mmmm. This is what the Citrix marketing department wants to believe you anyway.> First: do you have a perfomance problem when running without any traffic > control: according to my experience, each connection runs OK with ~20-30 > kilobit/sec? If you don''t have problems, don''t fix them. > > Yes I have problems without traffic control. For instance, when > someone transfers a file between the networks TS sessions become slow. Even > open outlook becomes unusable.Do you mean by that: user copies a file from his client to the TS session (or the other way around)? Or do you mean that the user copies a file in the TS session from directory to directory in the TS session? If the latter, are the directries local to the TS server or are they actually mounted shares? If so, on which side of the link are the shares?> Second, do you use any other services from the Windows server on the > other side: DHCP, DNS, WINS, file shareing (e.g. roaming profiles, home > directories) profiles, databases (SQL server), Internet connections etc? > If you have any of those (especially the ones for name resolution) you > must take those in account also. > > I have a file server running into another server. TS users use those > files for work. But there’re basically excel and word files.OK, but are the files in the TS session or on the client computer? Is the location of the fileserver on the side of the TS server or on the side of the clients? -- Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: J.Kraaijeveld@Askesis.nl web: www.askesis.nl
-----Mensagem original----- De: Joost Kraaijeveld [mailto:J.Kraaijeveld@Askesis.nl] Enviada em: quarta-feira, 26 de outubro de 2005 07:30 Para: Thiago Lima - lst Cc: lartc@mailman.ds9a.nl Assunto: Re: RES: [LARTC] Terminal Services and traffic control. On Tue, 2005-10-25 at 17:00 -0200, Thiago Lima - lst wrote:> As far as I know, Citrix is more optimized for long distance setups.Mmmm. This is what the Citrix marketing department wants to believe you anyway.> First: do you have a perfomance problem when running without any traffic > control: according to my experience, each connection runs OK with ~20-30 > kilobit/sec? If you don''t have problems, don''t fix them. > > Yes I have problems without traffic control. For instance, when > someone transfers a file between the networks TS sessions become slow.Even> open outlook becomes unusable.Do you mean by that: user copies a file from his client to the TS session (or the other way around)? Or do you mean that the user copies a file in the TS session from directory to directory in the TS session? If the latter, are the directries local to the TS server or are they actually mounted shares? If so, on which side of the link are the shares?> Second, do you use any other services from the Windows server on the > other side: DHCP, DNS, WINS, file shareing (e.g. roaming profiles, home > directories) profiles, databases (SQL server), Internet connections etc? > If you have any of those (especially the ones for name resolution) you > must take those in account also. > > I have a file server running into another server. TS users use those > files for work. But there''re basically excel and word files.OK, but are the files in the TS session or on the client computer? Is the location of the fileserver on the side of the TS server or on the side of the clients? The files are in the file server, with stands right next to the TS (connected by gigabit Ethernet). My problem is to make connections from my office to TS with maximum priority. There''s some other traffic in the 1Mbit link. TS port should have maxixum priority and flow.