Hello list, I discover strange behaviour of shaping traffic that i setup from Shorewall-4.0.2. I know that this is not Shorewall problem but may be somebody from list can help me or explain this situation. I have follow interfaces in 'tcdevices' files: #INTERFACE IN-BANDWITH OUT-BANDWIDTH # $EXT_IF 500kbit 248kbit $INT1_IF 500mbit 500mbit $INT2_IF 500mbit 500mbit $DMZ_IF 500mbit 500mbit follow rules in 'tcrules' file for tested interface (INT1_IF): 31:F $EXT_IF $INT1_IF:$ADM_IP all 32:F $EXT_IF $INT1_IF:$PRV_IP all 33:F $EXT_IF $INT1_IF:$MY_NET all and follow traffic classes in 'tcclasses': $INT1_IF 31 70kbit 250kbit 2 $INT1_IF 32 50kbit 250kbit 3 $INT1_IF 33 50kbit 250kbit 4 $INT1_IF 30 10mbit 10mbit 5 default Then when i test bandwidth for default class i have such result: lpc:~ # wget -v 192.168.5.3:80/file.xyz --16:33:59-- 192.168.5.3/file.xyz => `file.xyz.18' Connecting to 192.168.5.3:80... connected. HTTP request sent, awaiting response... 200 OK Length: 102,400,000 (98M) [chemical/x-xyz] 4% [====> ... ] 4,720,189 1.04M/s ETA 01:27 But when i increase default class RATE and CEIL i get very strange results: $INT1_IF 31 70kbit 250kbit 2 $INT1_IF 32 50kbit 250kbit 3 $INT1_IF 33 50kbit 250kbit 4 $INT1_IF 30 100mbit 100mbit 5 default lpc:~ # wget -v 192.168.5.3:80/file.xyz --16:34:17-- 192.168.5.3/file.xyz => `file.xyz.19' Connecting to 192.168.5.3:80... connected. HTTP request sent, awaiting response... 200 OK Length: 102,400,000 (98M) [chemical/x-xyz] 5% [=====> ... ] 5,693,245 473.91K/s ETA 02:27 I hope to get increase bandwidth at 10 times but have decrease on half. From 'tc' output i see that traffic flow go through default class with correct 'rate' and 'ceil' parameters (class htb 2:130 parent 2:1 leaf 130): # shorewall show tc Device eth0: qdisc htb 2: r2q 10 default 130 direct_packets_stat 0 ver 3.17 Sent 6110261 bytes 4077 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 qdisc ingress ffff: ---------------- Sent 242226 bytes 4210 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 qdisc sfq 131: parent 2:131 limit 128p quantum 1514b flows 128/1024 perturb 10sec Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 qdisc sfq 132: parent 2:132 limit 128p quantum 1514b flows 128/1024 perturb 10sec Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 qdisc sfq 133: parent 2:133 limit 128p quantum 1514b flows 128/1024 perturb 10sec Sent 4009 bytes 39 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 qdisc sfq 130: parent 2:130 limit 128p quantum 1514b flows 128/1024 perturb 10sec Sent 6106252 bytes 4038 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 class htb 2:132 parent 2:1 leaf 132: prio 3 quantum 1500 rate 50000bit ceil 500000bit burst 1662b/8 mpu 0b overhead 0b cburst 2225b/8 mpu 0b overhead 0b leve Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 265920 ctokens: 35600 class htb 2:1 root rate 500000Kbit ceil 500000Kbit burst 626562b/8 mpu 0b overhead 0b cburst 626562b/8 mpu 0b overhead 0b level 7 Sent 6110261 bytes 4077 pkt (dropped 0, overlimits 0 requeues 0) rate 763776bit 63pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 10025 ctokens: 10025 class htb 2:133 parent 2:1 leaf 133: prio 4 quantum 1500 rate 50000bit ceil 500000bit burst 1662b/8 mpu 0b overhead 0b cburst 2225b/8 mpu 0b overhead 0b leve Sent 4009 bytes 39 pkt (dropped 0, overlimits 0 requeues 0) rate 496bit 0pps backlog 0b 0p requeues 0 lended: 39 borrowed: 0 giants: 0 tokens: 242880 ctokens: 33296 class htb 2:130 parent 2:1 leaf 130: prio 5 quantum 5000 rate 100000Kbit ceil 100000Kbit burst 126600b/8 mpu 0b overhead 0b cburst 126600b/8 mpu 0b overhead Sent 6106252 bytes 4038 pkt (dropped 0, overlimits 0 requeues 0) rate 763280bit 63pps backlog 0b 0p requeues 0 lended: 4038 borrowed: 0 giants: 0 tokens: 10125 ctokens: 10125 class htb 2:131 parent 2:1 leaf 131: prio 2 quantum 1500 rate 70000bit ceil 500000bit burst 1687b/8 mpu 0b overhead 0b cburst 2225b/8 mpu 0b overhead 0b leve Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 192800 ctokens: 35600 When i stop Shorewall i get full speed for my network (different IP so as i use DNAT in Shorewall): lpc:~ # wget -v 172.16.254.10:80/file.xyz --16:50:57-- 172.16.254.10/file.xyz => `file.xyz.20' Connecting to 172.16.254.10:80... connected. HTTP request sent, awaiting response... 200 OK Length: 102,400,000 (98M) [chemical/x-xyz] 25% [===========================> ... ] 25,843,613 11.20M/s Thank you for any help and advises. Shubnik Aleksandr ---------- Международные экзамены на знание языка для жизни и карьеры в школе International House, тел. 293-65-55, 293-06-68, 609-89-90, 777-73-18, ih.by ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net lists.sourceforge.net/lists/listinfo/shorewall-users
On Fri, 2007-08-24 at 17:04 +0300, alex wrote:> Hello list, > I discover strange behaviour of shaping traffic that i setup from > Shorewall-4.0.2. > I know that this is not Shorewall problem but may be somebody from list > can help meAre you using Shorewall-shell or Shorewall-perl? Are these GigE interfaces? What is the MTU of eth0? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
>> Hello list, >> I discover strange behaviour of shaping traffic that i setup from >> Shorewall-4.0.2. >> I know that this is not Shorewall problem but may be somebody from list >> can help me > > Are you using Shorewall-shell or Shorewall-perl? > Are these GigE interfaces? > What is the MTU of eth0?I am using Shorewall-perl. There are GigE interfaces but using 1000Mbit and 100Mbit switches. On local PC mtu - 1500 byte: 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:14:85:31:f2:7f brd ff:ff:ff:ff:ff:ff On server also: 5: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:18:51:64:a1:0b brd ff:ff:ff:ff:ff:ff And yet for additional info: gate / # shorewall show classifiers Shorewall 4.0.2 Clasifiers at gate - Mon Aug 27 12:00:47 EEST 2007 Device eth0: filter parent 2: protocol ip pref 1 fw filter parent 2: protocol ip pref 1 fw handle 0x1e classid 2:130 filter parent 2: protocol ip pref 1 fw handle 0x1f classid 2:131 filter parent 2: protocol ip pref 1 fw handle 0x20 classid 2:132 filter parent 2: protocol ip pref 1 fw handle 0x21 classid 2:133 Device eth1: filter parent 4: protocol ip pref 1 fw filter parent 4: protocol ip pref 1 fw handle 0x14 classid 4:120 filter parent 4: protocol ip pref 1 fw handle 0x15 classid 4:121 filter parent 4: protocol ip pref 1 fw handle 0x16 classid 4:122 filter parent 4: protocol ip pref 1 fw handle 0x17 classid 4:123 Device eth2: filter parent 1: protocol ip pref 1 fw filter parent 1: protocol ip pref 1 fw handle 0x1 classid 1:11 filter parent 1: protocol ip pref 1 fw handle 0x2 classid 1:12 filter parent 1: protocol ip pref 1 fw handle 0xa classid 1:110 filter parent 1: protocol ip pref 1 fw handle 0xb classid 1:111 filter parent 1: protocol ip pref 1 fw handle 0xc classid 1:112 filter parent 1: protocol ip pref 1 fw handle 0xd classid 1:113 filter parent 1: protocol ip pref 1 fw handle 0xe classid 1:114 filter parent 1: protocol ip pref 10 u32 filter parent 1: protocol ip pref 10 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:11 (rule hit 128036 success 96617) match 00060000/00ff0000 at 8 (success 126468 ) match 05000000/0f00ffc0 at 0 (success 99819 ) match 00100000/00ff0000 at 32 (success 96617 ) filter parent 1: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 1:11 (rule hit 31419 success 0) match 00100000/00100000 at 0 (success 0 ) Device eth3: filter parent 3: protocol ip pref 1 fw filter parent 3: protocol ip pref 1 fw handle 0x28 classid 3:140 filter parent 3: protocol ip pref 1 fw handle 0x29 classid 3:141 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
On Mon, 2007-08-27 at 12:02 +0300, alex wrote:> >> Hello list, > >> I discover strange behaviour of shaping traffic that i setup from > >> Shorewall-4.0.2. > >> I know that this is not Shorewall problem but may be somebody from list > >> can help me > > > > Are you using Shorewall-shell or Shorewall-perl? > > Are these GigE interfaces? > > What is the MTU of eth0? > > I am using Shorewall-perl. > There are GigE interfaces but using 1000Mbit and 100Mbit switches. > On local PC mtu - 1500 byte: > > 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen > 1000 > link/ether 00:14:85:31:f2:7f brd ff:ff:ff:ff:ff:ff > > On server also: > > 5: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue > link/ether 00:18:51:64:a1:0b brd ff:ff:ff:ff:ff:ff > > > And yet for additional info: > > gate / # shorewall show classifiers > Shorewall 4.0.2 Clasifiers at gate - Mon Aug 27 12:00:47 EEST 2007 > > Device eth0: > filter parent 2: protocol ip pref 1 fw > filter parent 2: protocol ip pref 1 fw handle 0x1e classid 2:130 > filter parent 2: protocol ip pref 1 fw handle 0x1f classid 2:131 > filter parent 2: protocol ip pref 1 fw handle 0x20 classid 2:132 > filter parent 2: protocol ip pref 1 fw handle 0x21 classid 2:133 > > Device eth1: > filter parent 4: protocol ip pref 1 fw > filter parent 4: protocol ip pref 1 fw handle 0x14 classid 4:120 > filter parent 4: protocol ip pref 1 fw handle 0x15 classid 4:121 > filter parent 4: protocol ip pref 1 fw handle 0x16 classid 4:122 > filter parent 4: protocol ip pref 1 fw handle 0x17 classid 4:123 > > Device eth2: > filter parent 1: protocol ip pref 1 fw > filter parent 1: protocol ip pref 1 fw handle 0x1 classid 1:11 > filter parent 1: protocol ip pref 1 fw handle 0x2 classid 1:12 > filter parent 1: protocol ip pref 1 fw handle 0xa classid 1:110 > filter parent 1: protocol ip pref 1 fw handle 0xb classid 1:111 > filter parent 1: protocol ip pref 1 fw handle 0xc classid 1:112 > filter parent 1: protocol ip pref 1 fw handle 0xd classid 1:113 > filter parent 1: protocol ip pref 1 fw handle 0xe classid 1:114 > filter parent 1: protocol ip pref 10 u32 > filter parent 1: protocol ip pref 10 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 > bkt 0 flowid 1:11 (rule hit 128036 success 96617) > match 00060000/00ff0000 at 8 (success 126468 ) > match 05000000/0f00ffc0 at 0 (success 99819 ) > match 00100000/00ff0000 at 32 (success 96617 ) > filter parent 1: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 > bkt 0 flowid 1:11 (rule hit 31419 success 0) > match 00100000/00100000 at 0 (success 0 ) > > Device eth3: > filter parent 3: protocol ip pref 1 fw > filter parent 3: protocol ip pref 1 fw handle 0x28 classid 3:140 > filter parent 3: protocol ip pref 1 fw handle 0x29 classid 3:141 > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> get.splunk.com > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > lists.sourceforge.net/lists/listinfo/shorewall-usersAlex, I can''t reproduce your results. When I increase the rate/ceiling, my download speed also increases: teastep@wookie:~/Alex$ wget mail:/pub/private/linux-2.6.18.2.tar.bz2 --08:35:58-- ftp://mail//pub/private/linux-2.6.18.2.tar.bz2 => `linux-2.6.18.2.tar.bz2.1'' Resolving mail... 206.124.146.177 Connecting to mail|206.124.146.177|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD /pub/private ... done. ==> PASV ... done. ==> RETR linux-2.6.18.2.tar.bz2 ... done. [ <=> ] 15,639,848 1.14M/s <I killed this one here but the rate was stable at 1.1xM/s> teastep@wookie:~/Alex$ wget mail:/pub/private/linux-2.6.18.2.tar.bz2 --08:36:35-- ftp://mail//pub/private/linux-2.6.18.2.tar.bz2 => `linux-2.6.18.2.tar.bz2.2'' Resolving mail... 206.124.146.177 Connecting to mail|206.124.146.177|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD /pub/private ... done. ==> PASV ... done. ==> RETR linux-2.6.18.2.tar.bz2 ... done. [ <=> ] 41,855,741 10.02M/s 08:36:40 (9.73 MB/s) - `linux-2.6.18.2.tar.bz2.2'' saved [41855741] teastep@wookie:~/Alex$ -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com