Hello, there''s a problem I''ve had for several months now, and
I''ve never
been able to find an answer to it. I''ll try to explain as quick as
possible:
I have a server that controlls my home network, it provides internet
to them also (NAT) and I would like to provide QoS by shaping traffic. I
have a p2p server here (running mldonkey), since only that machine is
serving p2p and anyone can connect to it to download linux distros ( :)
) my attemp here was to limit bandwidth for that machine. I''ve
partially
done this, I''ve written some HTB rules and I''ve nested ESFQ
leafs within
htb classes. At first it seems like it works, but then two problems
arise: 1) Web latency (partially solved by increasing burst size, but
still happens) and 2) download seems affected a lot in the p2p server.
I believe HTB is doing it''s work, but the one that is failing to do
so correctly is ESFQ, since I see upload limitted to the rate I specify.
I''m using ESFQ since it can control traffic by ip, instead of doing it
by flows (like classic sfq). I tried using RED too, but I haven''t been
able to find much documentation for it, so I guess I might be doing RED
stuff wrong (I''ll include my RED rule too, in case anyone can help with
it). So I''ll post the script I''m using to shape traffic, hope
you ppl
can help me out.
#!/bin/sh
### Upload Link ###
DEV=eth0
### Modify $DEV''s queue and MTU ###
ip link set dev $DEV qlen 50
ip link set dev $DEV mtu 1500
### iptables mangle table cleanup ###
iptables -t mangle -F
iptables -t mangle -X
## ROOT QDISC cleanup in $DEV
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
#tc qdisc del dev $HDEV root 2> /dev/null > /dev/null
P2P_IP=192.168.0.100
SSH_PORT=9000
### CLASSES ###
SSH=1:10
P2P=1:20
DEF=1:30
HTTP=1:40
iptables -t mangle -A POSTROUTING -s $P2P_IP -o $DEV -j CLASSIFY
--set-class $P2P
iptables -t mangle -A OUTPUT -o $DEV -p tcp --sport $SSH_PORT -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -o $DEV -s ! $P2P_IP -p tcp -m length
--length :64 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -o $DEV -m mark --mark 1 -j CLASSIFY
--set-class $SSH
iptables -t mangle -A OUTPUT -o $DEV -m mark --mark 1 -j TOS --set-tos
Minimize-Delay
iptables -t mangle -A POSTROUTING -o $DEV -s ! $P2P_IP -p tcp -m
multiport --destination-ports 80,445,7777,7778,8080 -j MARK --set-mark 2
iptables -t mangle -A POSTROUTING -o $DEV -m mark --mark 2 -j CLASSIFY
--set-class $HTTP
iptables -t mangle -A POSTROUTING -o $DEV -m mark --mark 2 -j TOS
--set-tos Maximize-Throughput
MAX_RATE=30kbps
P2P_UP=10kbps
## HTB CLASSES ##
tc qdisc add dev $DEV root handle 1: htb default 30
tc class add dev $DEV parent 1: classid 1:1 htb rate $MAX_RATE burst 15k
tc class add dev $DEV parent 1:1 classid $P2P htb rate 3kbps ceil
$P2P_UP burst 0 prio 2 quantum 1600
tc class add dev $DEV parent 1:1 classid $SSH htb rate 5kbps ceil
$MAX_RATE burst 0 prio 0 quantum 1600
tc class add dev $DEV parent 1:1 classid $HTTP htb rate 10kbps ceil
$MAX_RATE burst 15k prio 0 quantum 1600
tc class add dev $DEV parent 1:1 classid $DEF htb rate 5kbps ceil
$MAX_RATE burst 0 prio 1 quantum 1600
### ESFQ LEAFS ###
tc qdisc add dev $DEV parent $SSH handle 10: esfq perturb 10 hash ctorigdst
tc qdisc add dev $DEV parent $DEF handle 30: esfq perturb 10 hash classic
tc qdisc add dev $DEV parent $P2P handle 20: esfq perturb 10 hash
ctorigdst depth 256
tc qdisc add dev $DEV parent $HTTP handle 40: esfq perturb 10 hash classic
## RED rule used instead of ESFQ one for $P2P class ##
#tc qdisc add dev $DEV parent $P2P handle 20: red min 1600 max 6400
burst 5 limit 6k avpkt 1000
Edgar wrote:> Hello, there''s a problem I''ve had for several months now, and I''ve never > been able to find an answer to it. I''ll try to explain as quick as > possible: > > I have a server that controlls my home network, it provides internet > to them also (NAT) and I would like to provide QoS by shaping traffic. I > have a p2p server here (running mldonkey), since only that machine is > serving p2p and anyone can connect to it to download linux distros ( :) > ) my attemp here was to limit bandwidth for that machine. I''ve partially > done this, I''ve written some HTB rules and I''ve nested ESFQ leafs within > htb classes. At first it seems like it works, but then two problems > arise: 1) Web latency (partially solved by increasing burst size, but > still happens)Possibly too close to egress rate or need to shape/police ingress or maybe prio dns lookups aswell. and 2) download seems affected a lot in the p2p server. You need to prio acks/small packets for P2P aswell or they may get delayed too much in the queue. You could also raise it''s ceil a bit.> I believe HTB is doing it''s work, but the one that is failing to do > so correctly is ESFQ, since I see upload limitted to the rate I specify. > I''m using ESFQ since it can control traffic by ip, instead of doing it > by flows (like classic sfq). I tried using RED too, but I haven''t been > able to find much documentation for it, so I guess I might be doing RED > stuff wrong (I''ll include my RED rule too, in case anyone can help with > it). So I''ll post the script I''m using to shape traffic, hope you ppl > can help me out. > > #!/bin/sh > > ### Upload Link ### > DEV=eth0 > > ### Modify $DEV''s queue and MTU ### > ip link set dev $DEV qlen 50*sfq still defaults to 128 I think - use limit parameter to reduce> ip link set dev $DEV mtu 1500 > > ### iptables mangle table cleanup ### > iptables -t mangle -F > iptables -t mangle -X > > ## ROOT QDISC cleanup in $DEV > tc qdisc del dev $DEV root 2> /dev/null > /dev/null > tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null > #tc qdisc del dev $HDEV root 2> /dev/null > /dev/null > > P2P_IP=192.168.0.100 > SSH_PORT=9000 > > ### CLASSES ### > SSH=1:10 > P2P=1:20 > DEF=1:30 > HTTP=1:40 > > iptables -t mangle -A POSTROUTING -s $P2P_IP -o $DEV -j CLASSIFY > --set-class $P2P > iptables -t mangle -A OUTPUT -o $DEV -p tcp --sport $SSH_PORT -j MARK > --set-mark 1 > iptables -t mangle -A POSTROUTING -o $DEV -s ! $P2P_IP -p tcp -m length > --length :64 -j MARK --set-mark 1 > iptables -t mangle -A OUTPUT -o $DEV -m mark --mark 1 -j CLASSIFY > --set-class $SSH > iptables -t mangle -A OUTPUT -o $DEV -m mark --mark 1 -j TOS --set-tos > Minimize-Delay > iptables -t mangle -A POSTROUTING -o $DEV -s ! $P2P_IP -p tcp -m > multiport --destination-ports 80,445,7777,7778,8080 -j MARK --set-mark 2 > iptables -t mangle -A POSTROUTING -o $DEV -m mark --mark 2 -j CLASSIFY > --set-class $HTTP > iptables -t mangle -A POSTROUTING -o $DEV -m mark --mark 2 -j TOS > --set-tos Maximize-ThroughputThe tos won''t make any difference> > MAX_RATE=30kbps > P2P_UP=10kbps > ## HTB CLASSES ## > > tc qdisc add dev $DEV root handle 1: htb default 30Arp will go to default - it''s better to use iptables/a filter to catch other ip traffic.> tc class add dev $DEV parent 1: classid 1:1 htb rate $MAX_RATE burst 15k > tc class add dev $DEV parent 1:1 classid $P2P htb rate 3kbps ceil > $P2P_UP burst 0 prio 2 quantum 1600From memory burst 10 gave a smaller burst than 0 when I tested. tc -s -d class ls $DEV will show bursts used.> tc class add dev $DEV parent 1:1 classid $SSH htb rate 5kbps ceil > $MAX_RATE burst 0 prio 0 quantum 1600I would give ssh some burst> tc class add dev $DEV parent 1:1 classid $HTTP htb rate 10kbps ceil > $MAX_RATE burst 15k prio 0 quantum 1600 > tc class add dev $DEV parent 1:1 classid $DEF htb rate 5kbps ceil > $MAX_RATE burst 0 prio 1 quantum 1600 > > ### ESFQ LEAFS ### > tc qdisc add dev $DEV parent $SSH handle 10: esfq perturb 10 hash ctorigdst > tc qdisc add dev $DEV parent $DEF handle 30: esfq perturb 10 hash classic > tc qdisc add dev $DEV parent $P2P handle 20: esfq perturb 10 hash > ctorigdst depth 256 > tc qdisc add dev $DEV parent $HTTP handle 40: esfq perturb 10 hash classic > > > ## RED rule used instead of ESFQ one for $P2P class ## > #tc qdisc add dev $DEV parent $P2P handle 20: red min 1600 max 6400 > burst 5 limit 6k avpkt 1000 > > > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >