From: "Eduardo Fernández" <eduardo@cmusanjuan.com>
To: lartc@vger.kernel.org
Subject: [LARTC] Packet loss with htb+sfq+l7filter
Date: Mon, 15 Nov 2004 14:52:21 +0000 [thread overview]
Message-ID: <1100530341.2796.19.camel@laserite> (raw)
Hi all!
I'm trying to shape traffic in a dorm's network (4 mbit symmetrical
internet link, about 200 computers, heavy p2p usage). The router is a
p4xeon running linux 2.6.9 with the qnet patches
(http://kem.p.lodz.pl/~peter/qnet/). When I activate ip_forward I get
>20% packet loss and a lot of duplicates. Any ideas? I attach my shaping
script.
Thank you very much in advance,
Eduardo
router:~# cat htb.new
#!/bin/sh
IFOUT=eth0
IFIN=eth2
# cleaning
tc qdisc del dev $IFOUT root &>/dev/null
tc qdisc del dev $IFOUT ingress &>/dev/null
# link's capacity
CEILP0
# 1:10 interactive traffic with the highest prio (dns, ssh...)
# 1:20 interactive traffic with lower prio (radios, vcn, x11...)
# 1:30 bulk (http, ftp, cvs...)
# 1:40 the rest (p2p mostly)
tc qdisc add dev $IFOUT root handle 1: htb default 40
tc class add dev $IFOUT parent 1: classid 1:1 htb rate ${CEIL}kbps ceil
${CEIL}kbps
tc class add dev $IFOUT parent 1:1 classid 1:10 htb rate 80kbps ceil
80kbps prio 0
tc class add dev $IFOUT parent 1:1 classid 1:20 htb rate 10kbps ceil
100kbps prio 1
tc class add dev $IFOUT parent 1:1 classid 1:30 htb rate 400kbps ceil
${CEIL}kbps prio 2
tc class add dev $IFOUT parent 1:1 classid 1:40 htb rate 10kbps ceil
${CEIL}kbps prio 3
tc qdisc add dev $IFOUT parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $IFOUT parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $IFOUT parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $IFOUT parent 1:40 handle 40: sfq perturb 10
tc filter add dev $IFOUT parent 1:0 protocol ip prio 1 handle 1 fw
classid 1:10
tc filter add dev $IFOUT parent 1:0 protocol ip prio 2 handle 2 fw
classid 1:20
tc filter add dev $IFOUT parent 1:0 protocol ip prio 3 handle 3 fw
classid 1:30
tc filter add dev $IFOUT parent 1:0 protocol ip prio 4 handle 4 fw
classid 1:40
NF="/usr/local/sbin/iptables -t mangle -A PREROUTING "
NFl7="/usr/local/sbin/iptables -t mangle -A POSTROUTING -m layer7 "
/usr/local/sbin/iptables -F -t mangle
# by tos
$NF -p icmp -j MARK --set-mark 0x1
$NF -p icmp -j RETURN
$NF -m tos --tos 0x8 -j MARK --set-mark 0x3 #scp
$NF -m tos --tos 0x8 -j RETURN
$NF -m tos --tos Minimize-Cost -j MARK --set-mark 0x1
$NF -m tos --tos Minimize-Cost -j RETURN
$NF -m tos --tos Maximize-Throughput -j MARK --set-mark 0x4
$NF -m tos --tos Maximize-Throughput -j RETURN
$NF -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
$NF -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
# by layer 7
$NFl7 --l7proto http -j MARK --set-mark 0x3
$NFl7 --l7proto http -j RETURN
$NFl7 --l7proto ftp -j MARK --set-mark 0x3
$NFl7 --l7proto ftp -j RETURN
$NFl7 --l7proto skype -j MARK --set-mark 0x2
$NFl7 --l7proto skype -j RETURN
$NFl7 --l7proto msnmessenger -j MARK --set-mark 0x1
$NFl7 --l7proto msnmessenger -j RETURN
$NFl7 --l7proto msn-filetransfer -j MARK --set-mark 0x3
$NFl7 --l7proto msn-filetransfer -j RETURN
$NFl7 --l7proto jabber -j MARK --set-mark 0x1
$NFl7 --l7proto jabber -j RETURN
$NFl7 --l7proto smtp -j MARK --set-mark 0x3
$NFl7 --l7proto smtp -j RETURN
$NFl7 --l7proto pop3 -j MARK --set-mark 0x3
$NFl7 --l7proto pop3 -j RETURN
$NFl7 --l7proto ssh -j MARK --set-mark 0x2
$NFl7 --l7proto ssh -j RETURN
$NFl7 --l7proto dns -j MARK --set-mark 0x1
$NFl7 --l7proto dns -j RETURN
$NFl7 --l7proto telnet -j MARK --set-mark 0x2
$NFl7 --l7proto telnet -j RETURN
$NFl7 --l7proto cvs -j MARK --set-mark 0x3
$NFl7 --l7proto cvs -j RETURN
$NFl7 --l7proto irc -j MARK --set-mark 0x1
$NFl7 --l7proto irc -j RETURN
$NFl7 --l7proto yahoo -j MARK --set-mark 0x1
$NFl7 --l7proto yahoo -j RETURN
$NFl7 --l7proto counterstrike -j MARK --set-mark 0x1
$NFl7 --l7proto counterstrike -j RETURN
$NFl7 --l7proto rstp -j MARK --set-mark 0x2
$NFl7 --l7proto rstp -j RETURN
$NFl7 --l7proto live365 -j MARK --set-mark 0x2
$NFl7 --l7proto live365 -j RETURN
$NFl7 --l7proto h323 -j MARK --set-mark 0x2
$NFl7 --l7proto h323 -j RETURN
$NFl7 --l7proto quake-halflife -j MARK --set-mark 0x1
$NFl7 --l7proto quake-halflife -j RETURN
$NFl7 --l7proto rdp -j MARK --set-mark 0x2
$NFl7 --l7proto rdp -j RETURN
$NFl7 --l7proto rlogin -j MARK --set-mark 0x2
$NFl7 --l7proto rlogin -j RETURN
$NFl7 --l7proto shoutcast -j MARK --set-mark 0x2
$NFl7 --l7proto shoutcast -j RETURN
$NFl7 --l7proto validcertssl -j MARK --set-mark 0x3
$NFl7 --l7proto validcertssl -j RETURN
$NFl7 --l7proto vnc -j MARK --set-mark 0x2
$NFl7 --l7proto vnc -j RETURN
$NFl7 --l7proto x11 -j MARK --set-mark 0x2
$NFl7 --l7proto x11 -j RETURN
# end
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2004-11-15 14:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-15 14:52 Eduardo Fernández [this message]
2004-11-15 22:29 ` [LARTC] Packet loss with htb+sfq+l7filter mjoachimiak
2004-11-15 22:30 ` Eduardo Fernández
2004-11-15 22:37 ` Eicke Friedrich
2004-11-15 23:03 ` Eduardo Fernández
2004-11-16 15:41 ` Andy Furniss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1100530341.2796.19.camel@laserite \
--to=eduardo@cmusanjuan.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.