Hello list,
I discover strange behaviour of shaping traffic that i setup from
Shorewall-4.0.2.
I know that this is not Shorewall problem but may be somebody from list
can help me
or explain this situation.
I have follow interfaces in 'tcdevices' files:
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
#
$EXT_IF 500kbit 248kbit
$INT1_IF 500mbit 500mbit
$INT2_IF 500mbit 500mbit
$DMZ_IF 500mbit 500mbit
follow rules in 'tcrules' file for tested interface (INT1_IF):
31:F $EXT_IF $INT1_IF:$ADM_IP all
32:F $EXT_IF $INT1_IF:$PRV_IP all
33:F $EXT_IF $INT1_IF:$MY_NET all
and follow traffic classes in 'tcclasses':
$INT1_IF 31 70kbit 250kbit 2
$INT1_IF 32 50kbit 250kbit 3
$INT1_IF 33 50kbit 250kbit 4
$INT1_IF 30 10mbit 10mbit 5 default
Then when i test bandwidth for default class i have such
result:
lpc:~ # wget -v http://192.168.5.3:80/file.xyz
--16:33:59-- http://192.168.5.3/file.xyz
=> `file.xyz.18'
Connecting to 192.168.5.3:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 102,400,000 (98M) [chemical/x-xyz]
4% [====> ... ] 4,720,189 1.04M/s ETA 01:27
But when i increase default class RATE and CEIL i get very
strange results:
$INT1_IF 31 70kbit 250kbit 2
$INT1_IF 32 50kbit 250kbit 3
$INT1_IF 33 50kbit 250kbit 4
$INT1_IF 30 100mbit 100mbit 5 default
lpc:~ # wget -v http://192.168.5.3:80/file.xyz
--16:34:17-- http://192.168.5.3/file.xyz
=> `file.xyz.19'
Connecting to 192.168.5.3:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 102,400,000 (98M) [chemical/x-xyz]
5% [=====> ... ] 5,693,245 473.91K/s ETA 02:27
I hope to get increase bandwidth at 10 times but have decrease
on half.
From 'tc' output i see that traffic flow go through default class
with correct 'rate' and 'ceil' parameters (class htb 2:130
parent 2:1 leaf
130):
# shorewall show tc
Device eth0:
qdisc htb 2: r2q 10 default 130 direct_packets_stat 0 ver 3.17
Sent 6110261 bytes 4077 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: ----------------
Sent 242226 bytes 4210 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 131: parent 2:131 limit 128p quantum 1514b flows 128/1024
perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 132: parent 2:132 limit 128p quantum 1514b flows 128/1024
perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 133: parent 2:133 limit 128p quantum 1514b flows 128/1024
perturb 10sec
Sent 4009 bytes 39 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 130: parent 2:130 limit 128p quantum 1514b flows 128/1024
perturb 10sec
Sent 6106252 bytes 4038 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
class htb 2:132 parent 2:1 leaf 132: prio 3 quantum 1500 rate 50000bit
ceil 500000bit burst 1662b/8 mpu 0b overhead 0b cburst 2225b/8 mpu 0b
overhead 0b leve
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 265920 ctokens: 35600
class htb 2:1 root rate 500000Kbit ceil 500000Kbit burst 626562b/8 mpu 0b
overhead 0b cburst 626562b/8 mpu 0b overhead 0b level 7
Sent 6110261 bytes 4077 pkt (dropped 0, overlimits 0 requeues 0)
rate 763776bit 63pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 10025 ctokens: 10025
class htb 2:133 parent 2:1 leaf 133: prio 4 quantum 1500 rate 50000bit
ceil 500000bit burst 1662b/8 mpu 0b overhead 0b cburst 2225b/8 mpu 0b
overhead 0b leve
Sent 4009 bytes 39 pkt (dropped 0, overlimits 0 requeues 0)
rate 496bit 0pps backlog 0b 0p requeues 0
lended: 39 borrowed: 0 giants: 0
tokens: 242880 ctokens: 33296
class htb 2:130 parent 2:1 leaf 130: prio 5 quantum 5000 rate 100000Kbit
ceil 100000Kbit burst 126600b/8 mpu 0b overhead 0b cburst 126600b/8 mpu 0b
overhead
Sent 6106252 bytes 4038 pkt (dropped 0, overlimits 0 requeues 0)
rate 763280bit 63pps backlog 0b 0p requeues 0
lended: 4038 borrowed: 0 giants: 0
tokens: 10125 ctokens: 10125
class htb 2:131 parent 2:1 leaf 131: prio 2 quantum 1500 rate 70000bit
ceil 500000bit burst 1687b/8 mpu 0b overhead 0b cburst 2225b/8 mpu 0b
overhead 0b leve
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 192800 ctokens: 35600
When i stop Shorewall i get full speed for my network (different IP
so as i use DNAT in Shorewall):
lpc:~ # wget -v http://172.16.254.10:80/file.xyz
--16:50:57-- http://172.16.254.10/file.xyz
=> `file.xyz.20'
Connecting to 172.16.254.10:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 102,400,000 (98M) [chemical/x-xyz]
25% [===========================> ... ] 25,843,613 11.20M/s
Thank you for any help and advises.
Shubnik Aleksandr
----------
Международные экзамены на знание языка для жизни и карьеры
в школе International House, тел. 293-65-55, 293-06-68, 609-89-90,
777-73-18, http://www.ih.by
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
On Fri, 2007-08-24 at 17:04 +0300, alex wrote:> Hello list, > I discover strange behaviour of shaping traffic that i setup from > Shorewall-4.0.2. > I know that this is not Shorewall problem but may be somebody from list > can help meAre you using Shorewall-shell or Shorewall-perl? Are these GigE interfaces? What is the MTU of eth0? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
>> Hello list, >> I discover strange behaviour of shaping traffic that i setup from >> Shorewall-4.0.2. >> I know that this is not Shorewall problem but may be somebody from list >> can help me > > Are you using Shorewall-shell or Shorewall-perl? > Are these GigE interfaces? > What is the MTU of eth0?I am using Shorewall-perl. There are GigE interfaces but using 1000Mbit and 100Mbit switches. On local PC mtu - 1500 byte: 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:14:85:31:f2:7f brd ff:ff:ff:ff:ff:ff On server also: 5: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:18:51:64:a1:0b brd ff:ff:ff:ff:ff:ff And yet for additional info: gate / # shorewall show classifiers Shorewall 4.0.2 Clasifiers at gate - Mon Aug 27 12:00:47 EEST 2007 Device eth0: filter parent 2: protocol ip pref 1 fw filter parent 2: protocol ip pref 1 fw handle 0x1e classid 2:130 filter parent 2: protocol ip pref 1 fw handle 0x1f classid 2:131 filter parent 2: protocol ip pref 1 fw handle 0x20 classid 2:132 filter parent 2: protocol ip pref 1 fw handle 0x21 classid 2:133 Device eth1: filter parent 4: protocol ip pref 1 fw filter parent 4: protocol ip pref 1 fw handle 0x14 classid 4:120 filter parent 4: protocol ip pref 1 fw handle 0x15 classid 4:121 filter parent 4: protocol ip pref 1 fw handle 0x16 classid 4:122 filter parent 4: protocol ip pref 1 fw handle 0x17 classid 4:123 Device eth2: filter parent 1: protocol ip pref 1 fw filter parent 1: protocol ip pref 1 fw handle 0x1 classid 1:11 filter parent 1: protocol ip pref 1 fw handle 0x2 classid 1:12 filter parent 1: protocol ip pref 1 fw handle 0xa classid 1:110 filter parent 1: protocol ip pref 1 fw handle 0xb classid 1:111 filter parent 1: protocol ip pref 1 fw handle 0xc classid 1:112 filter parent 1: protocol ip pref 1 fw handle 0xd classid 1:113 filter parent 1: protocol ip pref 1 fw handle 0xe classid 1:114 filter parent 1: protocol ip pref 10 u32 filter parent 1: protocol ip pref 10 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:11 (rule hit 128036 success 96617) match 00060000/00ff0000 at 8 (success 126468 ) match 05000000/0f00ffc0 at 0 (success 99819 ) match 00100000/00ff0000 at 32 (success 96617 ) filter parent 1: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 1:11 (rule hit 31419 success 0) match 00100000/00100000 at 0 (success 0 ) Device eth3: filter parent 3: protocol ip pref 1 fw filter parent 3: protocol ip pref 1 fw handle 0x28 classid 3:140 filter parent 3: protocol ip pref 1 fw handle 0x29 classid 3:141 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Mon, 2007-08-27 at 12:02 +0300, alex wrote:> >> Hello list, > >> I discover strange behaviour of shaping traffic that i setup from > >> Shorewall-4.0.2. > >> I know that this is not Shorewall problem but may be somebody from list > >> can help me > > > > Are you using Shorewall-shell or Shorewall-perl? > > Are these GigE interfaces? > > What is the MTU of eth0? > > I am using Shorewall-perl. > There are GigE interfaces but using 1000Mbit and 100Mbit switches. > On local PC mtu - 1500 byte: > > 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen > 1000 > link/ether 00:14:85:31:f2:7f brd ff:ff:ff:ff:ff:ff > > On server also: > > 5: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue > link/ether 00:18:51:64:a1:0b brd ff:ff:ff:ff:ff:ff > > > And yet for additional info: > > gate / # shorewall show classifiers > Shorewall 4.0.2 Clasifiers at gate - Mon Aug 27 12:00:47 EEST 2007 > > Device eth0: > filter parent 2: protocol ip pref 1 fw > filter parent 2: protocol ip pref 1 fw handle 0x1e classid 2:130 > filter parent 2: protocol ip pref 1 fw handle 0x1f classid 2:131 > filter parent 2: protocol ip pref 1 fw handle 0x20 classid 2:132 > filter parent 2: protocol ip pref 1 fw handle 0x21 classid 2:133 > > Device eth1: > filter parent 4: protocol ip pref 1 fw > filter parent 4: protocol ip pref 1 fw handle 0x14 classid 4:120 > filter parent 4: protocol ip pref 1 fw handle 0x15 classid 4:121 > filter parent 4: protocol ip pref 1 fw handle 0x16 classid 4:122 > filter parent 4: protocol ip pref 1 fw handle 0x17 classid 4:123 > > Device eth2: > filter parent 1: protocol ip pref 1 fw > filter parent 1: protocol ip pref 1 fw handle 0x1 classid 1:11 > filter parent 1: protocol ip pref 1 fw handle 0x2 classid 1:12 > filter parent 1: protocol ip pref 1 fw handle 0xa classid 1:110 > filter parent 1: protocol ip pref 1 fw handle 0xb classid 1:111 > filter parent 1: protocol ip pref 1 fw handle 0xc classid 1:112 > filter parent 1: protocol ip pref 1 fw handle 0xd classid 1:113 > filter parent 1: protocol ip pref 1 fw handle 0xe classid 1:114 > filter parent 1: protocol ip pref 10 u32 > filter parent 1: protocol ip pref 10 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 > bkt 0 flowid 1:11 (rule hit 128036 success 96617) > match 00060000/00ff0000 at 8 (success 126468 ) > match 05000000/0f00ffc0 at 0 (success 99819 ) > match 00100000/00ff0000 at 32 (success 96617 ) > filter parent 1: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 > bkt 0 flowid 1:11 (rule hit 31419 success 0) > match 00100000/00100000 at 0 (success 0 ) > > Device eth3: > filter parent 3: protocol ip pref 1 fw > filter parent 3: protocol ip pref 1 fw handle 0x28 classid 3:140 > filter parent 3: protocol ip pref 1 fw handle 0x29 classid 3:141 > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-usersAlex, I can''t reproduce your results. When I increase the rate/ceiling, my download speed also increases: teastep@wookie:~/Alex$ wget mail:/pub/private/linux-2.6.18.2.tar.bz2 --08:35:58-- ftp://mail//pub/private/linux-2.6.18.2.tar.bz2 => `linux-2.6.18.2.tar.bz2.1'' Resolving mail... 206.124.146.177 Connecting to mail|206.124.146.177|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD /pub/private ... done. ==> PASV ... done. ==> RETR linux-2.6.18.2.tar.bz2 ... done. [ <=> ] 15,639,848 1.14M/s <I killed this one here but the rate was stable at 1.1xM/s> teastep@wookie:~/Alex$ wget mail:/pub/private/linux-2.6.18.2.tar.bz2 --08:36:35-- ftp://mail//pub/private/linux-2.6.18.2.tar.bz2 => `linux-2.6.18.2.tar.bz2.2'' Resolving mail... 206.124.146.177 Connecting to mail|206.124.146.177|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD /pub/private ... done. ==> PASV ... done. ==> RETR linux-2.6.18.2.tar.bz2 ... done. [ <=> ] 41,855,741 10.02M/s 08:36:40 (9.73 MB/s) - `linux-2.6.18.2.tar.bz2.2'' saved [41855741] teastep@wookie:~/Alex$ -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/