LARTC - Aug 2006 - Applying the same class to multiple interfaces

Hi All,
I''m trying to do some traffic shaping on an ethernet bridge. Currently,
I have the following setup working:
 
ifconfig eth0 down
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
brctl stp br0 off
ifconfig eth0 0.0.0.0 up
ifconfig eth1 0.0.0.0 up
ifconfig br0 up

This creates a bridge consisting of eth0 and eth1. So far so good.
 
I now want to use tc to shape traffic through this bridge. By applying
the following, I am able to limit the given MAC address to 128K in each
direction:
 
tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
mpu 64
tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
mpu 64
tc class add dev eth0 parent 1:0 classid 1:1 cbq rate 128Kbit allot 1514
prio 1 avpkt 1000 bounded
tc class add dev eth1 parent 1:0 classid 1:1 cbq rate 128Kbit allot 1514
prio 1 avpkt 1000 bounded
tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:1
tc filter add dev eth1 parent 1:0 protocol ip handle 1 fw flowid 1:1
ebtables -A FORWARD -s 00:10:A4:EC:65:E8 -j mark --set-mark 1
--mark-target ACCEPT
ebtables -A FORWARD -d 00:10:A4:EC:65:E8 -j mark --set-mark 1
--mark-target ACCEPT

This works OK, but it isn''t quite what I want. I want to limit the
traffic to 128K total. ie, 128K in one direction or the other, or 64K in
each direction simultaneously, or 100K in one direction and 28K in the
other, etc...
 I can''t see anything in the tc docs which indicates that I can apply
the same class and filter to multiple interfaces at once.
I''d be happy enough with applying the same rate limit to a single
interface, but measuring both ingress and egress traffic to come up with
the lmit.
 
Ultimately, of course, I''ll be using different criteria to mark the
packets.
 
 
Regards,
             Leigh
 
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
email lsharpe@pacificwireless.com.au
web www.pacificwireless.com.au
 



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

As you probably red there is no good way to shape incoming traffic.
Shaping of incoming traffic is not recommended. This is no problem with
this because you can (this is recomended) shape outgoing traffice on
multiple interfaces.

For example if you have a client on eth0 and Internet on eth1, and you
want to shape client''s traffic both direction:

- to shape client''s incoming traffic you shape its outgoing traffic on
eth0

- to shape client''s outgoing traffic you shape its outgoing traffic on
eth1

Also, for your needs you can MARK packets with iptables on br0
interface. ebtables are more suitable for implementation of "smart
switch".

В Пнд, 28/08/2006 в 14:09 +1000, Leigh Sharpe пишет:
> Hi All,
> I''m trying to do some traffic shaping on an ethernet bridge.
> Currently, I have the following setup working:
>  
> ifconfig eth0 down
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
> brctl stp br0 off
> ifconfig eth0 0.0.0.0 up
> ifconfig eth1 0.0.0.0 up
> ifconfig br0 up
> 
> This creates a bridge consisting of eth0 and eth1. So far so good.
>  
> I now want to use tc to shape traffic through this bridge. By applying
> the following, I am able to limit the given MAC address to 128K in
> each direction:
>  
> tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
> mpu 64
> tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
> mpu 64
> tc class add dev eth0 parent 1:0 classid 1:1 cbq rate 128Kbit allot
> 1514 prio 1 avpkt 1000 bounded
> tc class add dev eth1 parent 1:0 classid 1:1 cbq rate 128Kbit allot
> 1514 prio 1 avpkt 1000 bounded
> tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:1
> tc filter add dev eth1 parent 1:0 protocol ip handle 1 fw flowid 1:1
> ebtables -A FORWARD -s 00:10:A4:EC:65:E8 -j mark --set-mark 1
> --mark-target ACCEPT
> ebtables -A FORWARD -d 00:10:A4:EC:65:E8 -j mark --set-mark 1
> --mark-target ACCEPT
> 
> This works OK, but it isn''t quite what I want. I want to limit the
> traffic to 128K total. ie, 128K in one direction or the other, or 64K
> in each direction simultaneously, or 100K in one direction and 28K in
> the other, etc...
>  I can''t see anything in the tc docs which indicates that I can
apply
> the same class and filter to multiple interfaces at once.
> I''d be happy enough with applying the same rate limit to a single
> interface, but measuring both ingress and egress traffic to come up
> with the lmit.
>  
> Ultimately, of course, I''ll be using different criteria to mark
the
> packets.
>  
>  
> Regards,
>              Leigh
>  
> Leigh Sharpe
> Network Systems Engineer
> Pacific Wireless
> Ph +61 3 9584 8966
> Mob 0408 009 502
> email lsharpe@pacificwireless.com.au
> web www.pacificwireless.com.au
>  
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-- 
Покотиленко Костик <casper@meteor.dp.ua>

I don''t actually want to shape incoming traffic. I want to limit the
bandwidth of the bridge, so that their total throughput doesn''t exceed
a particular rate.  To do this, I can’t limit on only one interface. I need to
configure it so that eth0+eth1 never exceeds the bandwidth limit.



Regards,
             Leigh
 
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
email lsharpe@pacificwireless.com.au
web www.pacificwireless.com.au

-----Original Message-----
From: casper@meteor.dp.ua [mailto:casper@meteor.dp.ua] 
Sent: Monday, August 28, 2006 4:26 PM
To: Leigh Sharpe
Cc: lartc
Subject: Re: [LARTC] Applying the same class to multiple interfaces

As you probably red there is no good way to shape incoming traffic.
Shaping of incoming traffic is not recommended. This is no problem with
this because you can (this is recomended) shape outgoing traffice on
multiple interfaces.

For example if you have a client on eth0 and Internet on eth1, and you
want to shape client''s traffic both direction:

- to shape client''s incoming traffic you shape its outgoing traffic on
eth0

- to shape client''s outgoing traffic you shape its outgoing traffic on
eth1

Also, for your needs you can MARK packets with iptables on br0
interface. ebtables are more suitable for implementation of "smart
switch".

÷ ðÎÄ, 28/08/2006 × 14:09 +1000, Leigh Sharpe ÐÉÛÅÔ:
> Hi All,
> I''m trying to do some traffic shaping on an ethernet bridge.
> Currently, I have the following setup working:
>  
> ifconfig eth0 down
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
> brctl stp br0 off
> ifconfig eth0 0.0.0.0 up
> ifconfig eth1 0.0.0.0 up
> ifconfig br0 up
> 
> This creates a bridge consisting of eth0 and eth1. So far so good.
>  
> I now want to use tc to shape traffic through this bridge. By applying
> the following, I am able to limit the given MAC address to 128K in
> each direction:
>  
> tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
> mpu 64
> tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
> mpu 64
> tc class add dev eth0 parent 1:0 classid 1:1 cbq rate 128Kbit allot
> 1514 prio 1 avpkt 1000 bounded
> tc class add dev eth1 parent 1:0 classid 1:1 cbq rate 128Kbit allot
> 1514 prio 1 avpkt 1000 bounded
> tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:1
> tc filter add dev eth1 parent 1:0 protocol ip handle 1 fw flowid 1:1
> ebtables -A FORWARD -s 00:10:A4:EC:65:E8 -j mark --set-mark 1
> --mark-target ACCEPT
> ebtables -A FORWARD -d 00:10:A4:EC:65:E8 -j mark --set-mark 1
> --mark-target ACCEPT
> 
> This works OK, but it isn''t quite what I want. I want to limit the
> traffic to 128K total. ie, 128K in one direction or the other, or 64K
> in each direction simultaneously, or 100K in one direction and 28K in
> the other, etc...
>  I can''t see anything in the tc docs which indicates that I can
apply
> the same class and filter to multiple interfaces at once.
> I''d be happy enough with applying the same rate limit to a single
> interface, but measuring both ingress and egress traffic to come up
> with the lmit.
>  
> Ultimately, of course, I''ll be using different criteria to mark
the
> packets.
>  
>  
> Regards,
>              Leigh
>  
> Leigh Sharpe
> Network Systems Engineer
> Pacific Wireless
> Ph +61 3 9584 8966
> Mob 0408 009 502
> email lsharpe@pacificwireless.com.au
> web www.pacificwireless.com.au
>  
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-- 
ðÏËÏÔÉÌÅÎËÏ ëÏÓÔÉË <casper@meteor.dp.ua>

Then probably you was on correct way, mark packets with ebtables and
direct them to shaping classes you need.

В Пнд, 28/08/2006 в 17:41 +1000, Leigh Sharpe пишет:
> I don''t actually want to shape incoming traffic. I want to limit
the bandwidth of the bridge, so that their total throughput doesn''t
exceed a particular rate.  To do this, I can’t limit on only one interface. I
need to configure it so that eth0+eth1 never exceeds the bandwidth limit.
> 
> 
> 
> Regards,
>              Leigh
>  
> Leigh Sharpe
> Network Systems Engineer
> Pacific Wireless
> Ph +61 3 9584 8966
> Mob 0408 009 502
> email lsharpe@pacificwireless.com.au
> web www.pacificwireless.com.au
> 
> -----Original Message-----
> From: casper@meteor.dp.ua [mailto:casper@meteor.dp.ua] 
> Sent: Monday, August 28, 2006 4:26 PM
> To: Leigh Sharpe
> Cc: lartc
> Subject: Re: [LARTC] Applying the same class to multiple interfaces
> 
> As you probably red there is no good way to shape incoming traffic.
> Shaping of incoming traffic is not recommended. This is no problem with
> this because you can (this is recomended) shape outgoing traffice on
> multiple interfaces.
> 
> For example if you have a client on eth0 and Internet on eth1, and you
> want to shape client''s traffic both direction:
> 
> - to shape client''s incoming traffic you shape its outgoing
traffic on
> eth0
> 
> - to shape client''s outgoing traffic you shape its outgoing
traffic on
> eth1
> 
> Also, for your needs you can MARK packets with iptables on br0
> interface. ebtables are more suitable for implementation of "smart
> switch".
> 
> ÷ ðÎÄ, 28/08/2006 × 14:09 +1000, Leigh Sharpe ÐÉÛÅÔ:
> > Hi All,
> > I''m trying to do some traffic shaping on an ethernet bridge.
> > Currently, I have the following setup working:
> >  
> > ifconfig eth0 down
> > brctl addbr br0
> > brctl addif br0 eth0
> > brctl addif br0 eth1
> > brctl stp br0 off
> > ifconfig eth0 0.0.0.0 up
> > ifconfig eth1 0.0.0.0 up
> > ifconfig br0 up
> > 
> > This creates a bridge consisting of eth0 and eth1. So far so good.
> >  
> > I now want to use tc to shape traffic through this bridge. By applying
> > the following, I am able to limit the given MAC address to 128K in
> > each direction:
> >  
> > tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
> > mpu 64
> > tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
> > mpu 64
> > tc class add dev eth0 parent 1:0 classid 1:1 cbq rate 128Kbit allot
> > 1514 prio 1 avpkt 1000 bounded
> > tc class add dev eth1 parent 1:0 classid 1:1 cbq rate 128Kbit allot
> > 1514 prio 1 avpkt 1000 bounded
> > tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:1
> > tc filter add dev eth1 parent 1:0 protocol ip handle 1 fw flowid 1:1
> > ebtables -A FORWARD -s 00:10:A4:EC:65:E8 -j mark --set-mark 1
> > --mark-target ACCEPT
> > ebtables -A FORWARD -d 00:10:A4:EC:65:E8 -j mark --set-mark 1
> > --mark-target ACCEPT
> > 
> > This works OK, but it isn''t quite what I want. I want to
limit the
> > traffic to 128K total. ie, 128K in one direction or the other, or 64K
> > in each direction simultaneously, or 100K in one direction and 28K in
> > the other, etc...
> >  I can''t see anything in the tc docs which indicates that I
can apply
> > the same class and filter to multiple interfaces at once.
> > I''d be happy enough with applying the same rate limit to a
single
> > interface, but measuring both ingress and egress traffic to come up
> > with the lmit.
> >  
> > Ultimately, of course, I''ll be using different criteria to
mark the
> > packets.
> >  
> >  
> > Regards,
> >              Leigh
> >  
> > Leigh Sharpe
> > Network Systems Engineer
> > Pacific Wireless
> > Ph +61 3 9584 8966
> > Mob 0408 009 502
> > email lsharpe@pacificwireless.com.au
> > web www.pacificwireless.com.au
> >  
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-- 
Покотиленко Костик <casper@meteor.dp.ua>

Leigh Sharpe wrote:
> This works OK, but it isn''t quite what I want. I want to limit the
> traffic to 128K total. ie, 128K in one direction or the other, or 64K in
> each direction simultaneously, or 100K in one direction and 28K in the
> other, etc...
>  I can''t see anything in the tc docs which indicates that I can
apply
> the same class and filter to multiple interfaces at once.
> I''d be happy enough with applying the same rate limit to a single
> interface, but measuring both ingress and egress traffic to come up with
> the lmit.
>  
> Ultimately, of course, I''ll be using different criteria to mark
the
> packets.
If there is no br traffic to be included you can do it by using one ifb 
redirecting packets from egress on eth0/1. If it''s more complicated you
may need to redirect from ingress aswell - but I don''t think ingress on
eths will not have gone through brtables to be marked.

Andy.