* [LARTC] htb and fw problems
@ 2004-08-04 9:00 Ing Isianto Istiadi
2004-08-04 11:41 ` mjoachimiak
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: Ing Isianto Istiadi @ 2004-08-04 9:00 UTC (permalink / raw)
To: lartc
Dear All,
I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and gentoo.
I have a leased-line 64 kbps.
I can see the counter works in iptables, but in the htb, it doesn't go to the right class (it always go to the default class).
Any help will be appreciated
here's my htb conf
#!/bin/bash
tc qdisc del dev eth1 root
tc qdisc add dev eth1 root handle 1: htb default 80
tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil 35kbps prio 3
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil 10kbps prio 0
tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil 11kbps prio 2
tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil 40kbps prio 1
tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil 10kbps prio 4
tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10
tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid 1:10
tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid 1:20
tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid 1:30
tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid 1:40
tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80
Here's my iptables rules*mangle
:PREROUTING ACCEPT [1061:863210]
:INPUT ACCEPT [1022:857788]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [947:201743]
:POSTROUTING ACCEPT [947:201743]
-N personal
-N others
-N personal1
#-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
-A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j personal
#-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20
-A OUTPUT -p tcp -m tcp --dport 80 -j others
-A personal -j MARK --set-mark 40
-A others -j MARK --set-mark 20
Here's my iptables -L -v -t mangle -x output
Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes)
pkts bytes target prot opt in out source destination
11105 14785525 personal tcp -- any any anywhere 192.168.1.145 tcp spt:webcache
28465 2233910 others tcp -- any any anywhere anywhere tcp dpt:www
Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes)
pkts bytes target prot opt in out source destination
Chain others (1 references)
pkts bytes target prot opt in out source destination
28465 2233910 MARK all -- any any anywhere anywhere MARK set 0x14
Chain personal (1 references)
pkts bytes target prot opt in out source destination
11105 14785525 MARK all -- any any anywhere anywhere MARK set 0x28
Chain personal1 (0 references)
pkts bytes target prot opt in out source destination
Here's my
/sbin/tc -s qdisc show dev eth1
qdisc sfq 80: limit 128p quantum 1514b perturb 10sec
Sent 386 bytes 5 pkts (dropped 0, overlimits 0)
qdisc sfq 40: limit 128p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
qdisc sfq 30: limit 128p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
qdisc sfq 20: limit 128p quantum 1514b perturb 10sec
Sent 12272 bytes 72 pkts (dropped 0, overlimits 0)
qdisc sfq 10: limit 128p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
qdisc htb 1: r2q 10 default 80 direct_packets_stat 0
Sent 12658 bytes 77 pkts (dropped 0, overlimits 0)
tc -s -d filter show dev eth1
filter parent 1: protocol ip pref 49151 fw
filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80
filter parent 1: protocol ip pref 49151 fw
filter parent 1: protocol ip pref 49151 fw handle 0x28 classid 1:40
filter parent 1: protocol ip pref 49151 fw
filter parent 1: protocol ip pref 49151 fw handle 0x1e classid 1:30
filter parent 1: protocol ip pref 49151 fw
filter parent 1: protocol ip pref 49151 fw handle 0x14 classid 1:20
filter parent 1: protocol ip pref 49152 fw
filter parent 1: protocol ip pref 49152 fw handle 0xa classid 1:10
tc -s class show dev eth1
class htb 1:1 root rate 520Kbit ceil 520Kbit burst 2264b cburst 2264b
Sent 174465 bytes 1142 pkts (dropped 0, overlimits 0)
rate 712bps 5pps
lended: 4 borrowed: 0 giants: 0
tokens: 34107 ctokens: 34107
class htb 1:10 parent 1:1 leaf 10: prio 3 rate 160Kbit ceil 280Kbit burst 1803b cburst 1957b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 90199 ctokens: 55942
class htb 1:20 parent 1:1 leaf 20: prio 0 rate 40Kbit ceil 80Kbit burst 1650b cburst 1701b
Sent 115721 bytes 990 pkts (dropped 0, overlimits 0)
rate 340bps 3pps
lended: 990 borrowed: 0 giants: 0
tokens: 320599 ctokens: 165400
class htb 1:30 parent 1:1 leaf 30: prio 2 rate 64Kbit ceil 88Kbit burst 1680b cburst 1711b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 210124 ctokens: 155635
class htb 1:40 parent 1:1 leaf 40: prio 1 rate 184Kbit ceil 320Kbit burst 1834b cburst 2008b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 79781 ctokens: 50224
class htb 1:80 parent 1:1 leaf 80: prio 4 rate 64Kbit ceil 80Kbit burst 1680b cburst 1701b
Sent 58744 bytes 152 pkts (dropped 0, overlimits 0)
rate 3Kbit 1pps
lended: 148 borrowed: 4 giants: 0
tokens: 202125 ctokens: 163799
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
@ 2004-08-04 11:41 ` mjoachimiak
2004-08-04 13:11 ` Ing Isianto Istiadi
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: mjoachimiak @ 2004-08-04 11:41 UTC (permalink / raw)
To: lartc
----- Original Message -----
From: <mjoachimiak@poczta.onet.pl>
To: "Ing Isianto Istiadi" <isianto.istiadi@adirarental.com>
Sent: Wednesday, August 04, 2004 1:40 PM
Subject: Re: [LARTC] htb and fw problems
> hi!
> your default class must not have rate grater than your desired speed rate.
> If you have 64kbps your class shoud have 60kbps or less. Without this htb
> will not work as you except!
> tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
> ----- Original Message -----
> From: "Ing Isianto Istiadi" <isianto.istiadi@adirarental.com>
> To: <lartc@mailman.ds9a.nl>
> Sent: Wednesday, August 04, 2004 11:00 AM
> Subject: [LARTC] htb and fw problems
>
>
> > Dear All,
> > I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9,
and
> gentoo.
> > I have a leased-line 64 kbps.
> > I can see the counter works in iptables, but in the htb, it doesn't go
to
> the right class (it always go to the default class).
> >
> > Any help will be appreciated
> >
> >
> > here's my htb conf
> > #!/bin/bash
> >
> > tc qdisc del dev eth1 root
> >
> > tc qdisc add dev eth1 root handle 1: htb default 80
> > tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
> > tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil
35kbps
> prio 3
> > tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil 10kbps
> prio 0
> > tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil 11kbps
> prio 2
> > tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil
40kbps
> prio 1
> > tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil 10kbps
> prio 4
> >
> > tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
> > tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
> > tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
> > tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
> > tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10
> >
> > tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid 1:10
> > tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid 1:20
> > tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid 1:30
> > tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid 1:40
> > tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80
> >
> > Here's my iptables rules*mangle
> > :PREROUTING ACCEPT [1061:863210]
> > :INPUT ACCEPT [1022:857788]
> > :FORWARD ACCEPT [0:0]
> > :OUTPUT ACCEPT [947:201743]
> > :POSTROUTING ACCEPT [947:201743]
> > -N personal
> > -N others
> > -N personal1
> > #-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
> > -A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j
> personal
> > #-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20
> > -A OUTPUT -p tcp -m tcp --dport 80 -j others
> > -A personal -j MARK --set-mark 40
> > -A others -j MARK --set-mark 20
> >
> >
> > Here's my iptables -L -v -t mangle -x output
> > Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes)
> > pkts bytes target prot opt in out source
> destination
> >
> > Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes)
> > pkts bytes target prot opt in out source
> destination
> >
> > Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes)
> > pkts bytes target prot opt in out source
> destination
> >
> > Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes)
> > pkts bytes target prot opt in out source
> destination
> > 11105 14785525 personal tcp -- any any anywhere
> 192.168.1.145 tcp spt:webcache
> > 28465 2233910 others tcp -- any any anywhere
> anywhere tcp dpt:www
> >
> > Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes)
> > pkts bytes target prot opt in out source
> destination
> >
> > Chain others (1 references)
> > pkts bytes target prot opt in out source
> destination
> > 28465 2233910 MARK all -- any any anywhere
> anywhere MARK set 0x14
> >
> > Chain personal (1 references)
> > pkts bytes target prot opt in out source
> destination
> > 11105 14785525 MARK all -- any any anywhere
> anywhere MARK set 0x28
> >
> > Chain personal1 (0 references)
> > pkts bytes target prot opt in out source
> destination
> >
> > Here's my
> >
> > /sbin/tc -s qdisc show dev eth1
> >
> > qdisc sfq 80: limit 128p quantum 1514b perturb 10sec
> > Sent 386 bytes 5 pkts (dropped 0, overlimits 0)
> > qdisc sfq 40: limit 128p quantum 1514b perturb 10sec
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > qdisc sfq 30: limit 128p quantum 1514b perturb 10sec
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > qdisc sfq 20: limit 128p quantum 1514b perturb 10sec
> > Sent 12272 bytes 72 pkts (dropped 0, overlimits 0)
> > qdisc sfq 10: limit 128p quantum 1514b perturb 10sec
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > qdisc htb 1: r2q 10 default 80 direct_packets_stat 0
> > Sent 12658 bytes 77 pkts (dropped 0, overlimits 0)
> >
> >
> > tc -s -d filter show dev eth1
> >
> > filter parent 1: protocol ip pref 49151 fw
> > filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80
> > filter parent 1: protocol ip pref 49151 fw
> > filter parent 1: protocol ip pref 49151 fw handle 0x28 classid 1:40
> > filter parent 1: protocol ip pref 49151 fw
> > filter parent 1: protocol ip pref 49151 fw handle 0x1e classid 1:30
> > filter parent 1: protocol ip pref 49151 fw
> > filter parent 1: protocol ip pref 49151 fw handle 0x14 classid 1:20
> > filter parent 1: protocol ip pref 49152 fw
> > filter parent 1: protocol ip pref 49152 fw handle 0xa classid 1:10
> >
> >
> > tc -s class show dev eth1
> >
> > class htb 1:1 root rate 520Kbit ceil 520Kbit burst 2264b cburst 2264b
> > Sent 174465 bytes 1142 pkts (dropped 0, overlimits 0)
> > rate 712bps 5pps
> > lended: 4 borrowed: 0 giants: 0
> > tokens: 34107 ctokens: 34107
> >
> > class htb 1:10 parent 1:1 leaf 10: prio 3 rate 160Kbit ceil 280Kbit
burst
> 1803b cburst 1957b
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > lended: 0 borrowed: 0 giants: 0
> > tokens: 90199 ctokens: 55942
> >
> > class htb 1:20 parent 1:1 leaf 20: prio 0 rate 40Kbit ceil 80Kbit burst
> 1650b cburst 1701b
> > Sent 115721 bytes 990 pkts (dropped 0, overlimits 0)
> > rate 340bps 3pps
> > lended: 990 borrowed: 0 giants: 0
> > tokens: 320599 ctokens: 165400
> >
> > class htb 1:30 parent 1:1 leaf 30: prio 2 rate 64Kbit ceil 88Kbit burst
> 1680b cburst 1711b
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > lended: 0 borrowed: 0 giants: 0
> > tokens: 210124 ctokens: 155635
> >
> > class htb 1:40 parent 1:1 leaf 40: prio 1 rate 184Kbit ceil 320Kbit
burst
> 1834b cburst 2008b
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > lended: 0 borrowed: 0 giants: 0
> > tokens: 79781 ctokens: 50224
> >
> > class htb 1:80 parent 1:1 leaf 80: prio 4 rate 64Kbit ceil 80Kbit burst
> 1680b cburst 1701b
> > Sent 58744 bytes 152 pkts (dropped 0, overlimits 0)
> > rate 3Kbit 1pps
> > lended: 148 borrowed: 4 giants: 0
> > tokens: 202125 ctokens: 163799
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
2004-08-04 11:41 ` mjoachimiak
@ 2004-08-04 13:11 ` Ing Isianto Istiadi
2004-08-04 13:36 ` Arno
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Ing Isianto Istiadi @ 2004-08-04 13:11 UTC (permalink / raw)
To: lartc
Dear, I have change
tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
to
tc class add dev eth1 parent 1: classid 1:1 htb rate 60kbps ceil 60kbps
still with the same result
any other tips?
On Wed, 4 Aug 2004 13:41:34 +0200
<mjoachimiak@poczta.onet.pl> wrote:
>
> ----- Original Message -----
> From: <mjoachimiak@poczta.onet.pl>
> To: "Ing Isianto Istiadi" <isianto.istiadi@adirarental.com>
> Sent: Wednesday, August 04, 2004 1:40 PM
> Subject: Re: [LARTC] htb and fw problems
>
>
> > hi!
> > your default class must not have rate grater than your desired speed rate.
> > If you have 64kbps your class shoud have 60kbps or less. Without this htb
> > will not work as you except!
> > tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
> > ----- Original Message -----
> > From: "Ing Isianto Istiadi" <isianto.istiadi@adirarental.com>
> > To: <lartc@mailman.ds9a.nl>
> > Sent: Wednesday, August 04, 2004 11:00 AM
> > Subject: [LARTC] htb and fw problems
> >
> >
> > > Dear All,
> > > I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9,
> and
> > gentoo.
> > > I have a leased-line 64 kbps.
> > > I can see the counter works in iptables, but in the htb, it doesn't go
> to
> > the right class (it always go to the default class).
> > >
> > > Any help will be appreciated
> > >
> > >
> > > here's my htb conf
> > > #!/bin/bash
> > >
> > > tc qdisc del dev eth1 root
> > >
> > > tc qdisc add dev eth1 root handle 1: htb default 80
> > > tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
> > > tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil
> 35kbps
> > prio 3
> > > tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil 10kbps
> > prio 0
> > > tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil 11kbps
> > prio 2
> > > tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil
> 40kbps
> > prio 1
> > > tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil 10kbps
> > prio 4
> > >
> > > tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
> > > tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
> > > tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
> > > tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
> > > tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10
> > >
> > > tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid 1:10
> > > tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid 1:20
> > > tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid 1:30
> > > tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid 1:40
> > > tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80
> > >
> > > Here's my iptables rules*mangle
> > > :PREROUTING ACCEPT [1061:863210]
> > > :INPUT ACCEPT [1022:857788]
> > > :FORWARD ACCEPT [0:0]
> > > :OUTPUT ACCEPT [947:201743]
> > > :POSTROUTING ACCEPT [947:201743]
> > > -N personal
> > > -N others
> > > -N personal1
> > > #-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
> > > -A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j
> > personal
> > > #-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20
> > > -A OUTPUT -p tcp -m tcp --dport 80 -j others
> > > -A personal -j MARK --set-mark 40
> > > -A others -j MARK --set-mark 20
> > >
> > >
> > > Here's my iptables -L -v -t mangle -x output
> > > Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes)
> > > pkts bytes target prot opt in out source
> > destination
> > >
> > > Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes)
> > > pkts bytes target prot opt in out source
> > destination
> > >
> > > Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes)
> > > pkts bytes target prot opt in out source
> > destination
> > >
> > > Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes)
> > > pkts bytes target prot opt in out source
> > destination
> > > 11105 14785525 personal tcp -- any any anywhere
> > 192.168.1.145 tcp spt:webcache
> > > 28465 2233910 others tcp -- any any anywhere
> > anywhere tcp dpt:www
> > >
> > > Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes)
> > > pkts bytes target prot opt in out source
> > destination
> > >
> > > Chain others (1 references)
> > > pkts bytes target prot opt in out source
> > destination
> > > 28465 2233910 MARK all -- any any anywhere
> > anywhere MARK set 0x14
> > >
> > > Chain personal (1 references)
> > > pkts bytes target prot opt in out source
> > destination
> > > 11105 14785525 MARK all -- any any anywhere
> > anywhere MARK set 0x28
> > >
> > > Chain personal1 (0 references)
> > > pkts bytes target prot opt in out source
> > destination
> > >
> > > Here's my
> > >
> > > /sbin/tc -s qdisc show dev eth1
> > >
> > > qdisc sfq 80: limit 128p quantum 1514b perturb 10sec
> > > Sent 386 bytes 5 pkts (dropped 0, overlimits 0)
> > > qdisc sfq 40: limit 128p quantum 1514b perturb 10sec
> > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > qdisc sfq 30: limit 128p quantum 1514b perturb 10sec
> > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > qdisc sfq 20: limit 128p quantum 1514b perturb 10sec
> > > Sent 12272 bytes 72 pkts (dropped 0, overlimits 0)
> > > qdisc sfq 10: limit 128p quantum 1514b perturb 10sec
> > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > qdisc htb 1: r2q 10 default 80 direct_packets_stat 0
> > > Sent 12658 bytes 77 pkts (dropped 0, overlimits 0)
> > >
> > >
> > > tc -s -d filter show dev eth1
> > >
> > > filter parent 1: protocol ip pref 49151 fw
> > > filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80
> > > filter parent 1: protocol ip pref 49151 fw
> > > filter parent 1: protocol ip pref 49151 fw handle 0x28 classid 1:40
> > > filter parent 1: protocol ip pref 49151 fw
> > > filter parent 1: protocol ip pref 49151 fw handle 0x1e classid 1:30
> > > filter parent 1: protocol ip pref 49151 fw
> > > filter parent 1: protocol ip pref 49151 fw handle 0x14 classid 1:20
> > > filter parent 1: protocol ip pref 49152 fw
> > > filter parent 1: protocol ip pref 49152 fw handle 0xa classid 1:10
> > >
> > >
> > > tc -s class show dev eth1
> > >
> > > class htb 1:1 root rate 520Kbit ceil 520Kbit burst 2264b cburst 2264b
> > > Sent 174465 bytes 1142 pkts (dropped 0, overlimits 0)
> > > rate 712bps 5pps
> > > lended: 4 borrowed: 0 giants: 0
> > > tokens: 34107 ctokens: 34107
> > >
> > > class htb 1:10 parent 1:1 leaf 10: prio 3 rate 160Kbit ceil 280Kbit
> burst
> > 1803b cburst 1957b
> > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > lended: 0 borrowed: 0 giants: 0
> > > tokens: 90199 ctokens: 55942
> > >
> > > class htb 1:20 parent 1:1 leaf 20: prio 0 rate 40Kbit ceil 80Kbit burst
> > 1650b cburst 1701b
> > > Sent 115721 bytes 990 pkts (dropped 0, overlimits 0)
> > > rate 340bps 3pps
> > > lended: 990 borrowed: 0 giants: 0
> > > tokens: 320599 ctokens: 165400
> > >
> > > class htb 1:30 parent 1:1 leaf 30: prio 2 rate 64Kbit ceil 88Kbit burst
> > 1680b cburst 1711b
> > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > lended: 0 borrowed: 0 giants: 0
> > > tokens: 210124 ctokens: 155635
> > >
> > > class htb 1:40 parent 1:1 leaf 40: prio 1 rate 184Kbit ceil 320Kbit
> burst
> > 1834b cburst 2008b
> > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > lended: 0 borrowed: 0 giants: 0
> > > tokens: 79781 ctokens: 50224
> > >
> > > class htb 1:80 parent 1:1 leaf 80: prio 4 rate 64Kbit ceil 80Kbit burst
> > 1680b cburst 1701b
> > > Sent 58744 bytes 152 pkts (dropped 0, overlimits 0)
> > > rate 3Kbit 1pps
> > > lended: 148 borrowed: 4 giants: 0
> > > tokens: 202125 ctokens: 163799
> > > _______________________________________________
> > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
2004-08-04 11:41 ` mjoachimiak
2004-08-04 13:11 ` Ing Isianto Istiadi
@ 2004-08-04 13:36 ` Arno
2004-08-04 13:41 ` Martin A. Brown
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Arno @ 2004-08-04 13:36 UTC (permalink / raw)
To: lartc
Hello,
On Wednesday 04 August 2004 11:00, Ing Isianto Istiadi wrote:
> I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and
> gentoo. I have a leased-line 64 kbps.
> I can see the counter works in iptables, but in the htb, it doesn't go to
> the right class (it always go to the default class).
>
> Any help will be appreciated
>
>
> here's my htb conf
> #!/bin/bash
>
> tc qdisc del dev eth1 root
>
> tc qdisc add dev eth1 root handle 1: htb default 80
> tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
> tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil 35kbps
> prio 3 tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil
> 10kbps prio 0 tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps
> ceil 11kbps prio 2 tc class add dev eth1 parent 1:1 classid 1:40 htb rate
> 23kbps ceil 40kbps prio 1 tc class add dev eth1 parent 1:1 classid 1:80 htb
> rate 8kbps ceil 10kbps prio 4
Well, it's just a wild guess, but do you really have a 64 k-byte/second leased
line or could it be a 64 k-bit/second line? If it's the latter you should
try:
tc class add dev eth1 parent 1: classid 1:1 htb rate 64kbit ceil 64kbit
and see if that works out.
I'd also highly recommend reading
http://www.docum.org/docum.org/faq/cache/74.html
rgds,
Arno
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
` (2 preceding siblings ...)
2004-08-04 13:36 ` Arno
@ 2004-08-04 13:41 ` Martin A. Brown
2004-08-04 13:43 ` Morten Kramer
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Martin A. Brown @ 2004-08-04 13:41 UTC (permalink / raw)
To: lartc
Dear Isianto Istiadi,
Here are your class creation statements:
: [ snip ] 1: classid 1:1 htb rate 65kbps ceil 65kbps
: [ snip ] 1:1 classid 1:10 htb rate 20kbps ceil 35kbps prio 3
: [ snip ] 1:1 classid 1:20 htb rate 5kbps ceil 10kbps prio 0
: [ snip ] 1:1 classid 1:30 htb rate 8kbps ceil 11kbps prio 2
: [ snip ] 1:1 classid 1:40 htb rate 23kbps ceil 40kbps prio 1
: [ snip ] 1:1 classid 1:80 htb rate 8kbps ceil 10kbps prio 4
You are configuring HTB to guarantee exactly 64kbps to the children
classes.
- Leaf class rate is guaranteed. HTB does not check parent classes.
This may be non-intuitive or even counter-intuitive.
- Your rates, then total 64kbps: 20 + 5 + 8 + 23 + 8 = 64
Perhaps you could try dropping the guaranteed bandwidth (sum of
rates of leaf classes) below 60kbps.
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
` (3 preceding siblings ...)
2004-08-04 13:41 ` Martin A. Brown
@ 2004-08-04 13:43 ` Morten Kramer
2004-08-04 14:15 ` Ing Isianto Istiadi
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Morten Kramer @ 2004-08-04 13:43 UTC (permalink / raw)
To: lartc
only short answer test
sorry
----- Original Message -----
From: "Ing Isianto Istiadi" <isianto.istiadi@adirarental.com>
To: <lartc@mailman.ds9a.nl>
Sent: Wednesday, August 04, 2004 3:11 PM
Subject: Re: [LARTC] htb and fw problems
> Dear, I have change
> tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
> to
> tc class add dev eth1 parent 1: classid 1:1 htb rate 60kbps ceil 60kbps
> still with the same result
> any other tips?
>
> On Wed, 4 Aug 2004 13:41:34 +0200
> <mjoachimiak@poczta.onet.pl> wrote:
>
> >
> > ----- Original Message -----
> > From: <mjoachimiak@poczta.onet.pl>
> > To: "Ing Isianto Istiadi" <isianto.istiadi@adirarental.com>
> > Sent: Wednesday, August 04, 2004 1:40 PM
> > Subject: Re: [LARTC] htb and fw problems
> >
> >
> > > hi!
> > > your default class must not have rate grater than your desired speed
rate.
> > > If you have 64kbps your class shoud have 60kbps or less. Without this
htb
> > > will not work as you except!
> > > tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil
65kbps
> > > ----- Original Message -----
> > > From: "Ing Isianto Istiadi" <isianto.istiadi@adirarental.com>
> > > To: <lartc@mailman.ds9a.nl>
> > > Sent: Wednesday, August 04, 2004 11:00 AM
> > > Subject: [LARTC] htb and fw problems
> > >
> > >
> > > > Dear All,
> > > > I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables
v1.2.9,
> > and
> > > gentoo.
> > > > I have a leased-line 64 kbps.
> > > > I can see the counter works in iptables, but in the htb, it doesn't
go
> > to
> > > the right class (it always go to the default class).
> > > >
> > > > Any help will be appreciated
> > > >
> > > >
> > > > here's my htb conf
> > > > #!/bin/bash
> > > >
> > > > tc qdisc del dev eth1 root
> > > >
> > > > tc qdisc add dev eth1 root handle 1: htb default 80
> > > > tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil
65kbps
> > > > tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil
> > 35kbps
> > > prio 3
> > > > tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil
10kbps
> > > prio 0
> > > > tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil
11kbps
> > > prio 2
> > > > tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil
> > 40kbps
> > > prio 1
> > > > tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil
10kbps
> > > prio 4
> > > >
> > > > tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
> > > > tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
> > > > tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
> > > > tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
> > > > tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10
> > > >
> > > > tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid
1:10
> > > > tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid
1:20
> > > > tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid
1:30
> > > > tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid
1:40
> > > > tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid
1:80
> > > >
> > > > Here's my iptables rules*mangle
> > > > :PREROUTING ACCEPT [1061:863210]
> > > > :INPUT ACCEPT [1022:857788]
> > > > :FORWARD ACCEPT [0:0]
> > > > :OUTPUT ACCEPT [947:201743]
> > > > :POSTROUTING ACCEPT [947:201743]
> > > > -N personal
> > > > -N others
> > > > -N personal1
> > > > #-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
> > > > -A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j
> > > personal
> > > > #-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20
> > > > -A OUTPUT -p tcp -m tcp --dport 80 -j others
> > > > -A personal -j MARK --set-mark 40
> > > > -A others -j MARK --set-mark 20
> > > >
> > > >
> > > > Here's my iptables -L -v -t mangle -x output
> > > > Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes)
> > > > pkts bytes target prot opt in out source
> > > destination
> > > >
> > > > Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes)
> > > > pkts bytes target prot opt in out source
> > > destination
> > > >
> > > > Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes)
> > > > pkts bytes target prot opt in out source
> > > destination
> > > >
> > > > Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes)
> > > > pkts bytes target prot opt in out source
> > > destination
> > > > 11105 14785525 personal tcp -- any any anywhere
> > > 192.168.1.145 tcp spt:webcache
> > > > 28465 2233910 others tcp -- any any anywhere
> > > anywhere tcp dpt:www
> > > >
> > > > Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes)
> > > > pkts bytes target prot opt in out source
> > > destination
> > > >
> > > > Chain others (1 references)
> > > > pkts bytes target prot opt in out source
> > > destination
> > > > 28465 2233910 MARK all -- any any anywhere
> > > anywhere MARK set 0x14
> > > >
> > > > Chain personal (1 references)
> > > > pkts bytes target prot opt in out source
> > > destination
> > > > 11105 14785525 MARK all -- any any anywhere
> > > anywhere MARK set 0x28
> > > >
> > > > Chain personal1 (0 references)
> > > > pkts bytes target prot opt in out source
> > > destination
> > > >
> > > > Here's my
> > > >
> > > > /sbin/tc -s qdisc show dev eth1
> > > >
> > > > qdisc sfq 80: limit 128p quantum 1514b perturb 10sec
> > > > Sent 386 bytes 5 pkts (dropped 0, overlimits 0)
> > > > qdisc sfq 40: limit 128p quantum 1514b perturb 10sec
> > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > qdisc sfq 30: limit 128p quantum 1514b perturb 10sec
> > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > qdisc sfq 20: limit 128p quantum 1514b perturb 10sec
> > > > Sent 12272 bytes 72 pkts (dropped 0, overlimits 0)
> > > > qdisc sfq 10: limit 128p quantum 1514b perturb 10sec
> > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > qdisc htb 1: r2q 10 default 80 direct_packets_stat 0
> > > > Sent 12658 bytes 77 pkts (dropped 0, overlimits 0)
> > > >
> > > >
> > > > tc -s -d filter show dev eth1
> > > >
> > > > filter parent 1: protocol ip pref 49151 fw
> > > > filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80
> > > > filter parent 1: protocol ip pref 49151 fw
> > > > filter parent 1: protocol ip pref 49151 fw handle 0x28 classid 1:40
> > > > filter parent 1: protocol ip pref 49151 fw
> > > > filter parent 1: protocol ip pref 49151 fw handle 0x1e classid 1:30
> > > > filter parent 1: protocol ip pref 49151 fw
> > > > filter parent 1: protocol ip pref 49151 fw handle 0x14 classid 1:20
> > > > filter parent 1: protocol ip pref 49152 fw
> > > > filter parent 1: protocol ip pref 49152 fw handle 0xa classid 1:10
> > > >
> > > >
> > > > tc -s class show dev eth1
> > > >
> > > > class htb 1:1 root rate 520Kbit ceil 520Kbit burst 2264b cburst
2264b
> > > > Sent 174465 bytes 1142 pkts (dropped 0, overlimits 0)
> > > > rate 712bps 5pps
> > > > lended: 4 borrowed: 0 giants: 0
> > > > tokens: 34107 ctokens: 34107
> > > >
> > > > class htb 1:10 parent 1:1 leaf 10: prio 3 rate 160Kbit ceil 280Kbit
> > burst
> > > 1803b cburst 1957b
> > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > lended: 0 borrowed: 0 giants: 0
> > > > tokens: 90199 ctokens: 55942
> > > >
> > > > class htb 1:20 parent 1:1 leaf 20: prio 0 rate 40Kbit ceil 80Kbit
burst
> > > 1650b cburst 1701b
> > > > Sent 115721 bytes 990 pkts (dropped 0, overlimits 0)
> > > > rate 340bps 3pps
> > > > lended: 990 borrowed: 0 giants: 0
> > > > tokens: 320599 ctokens: 165400
> > > >
> > > > class htb 1:30 parent 1:1 leaf 30: prio 2 rate 64Kbit ceil 88Kbit
burst
> > > 1680b cburst 1711b
> > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > lended: 0 borrowed: 0 giants: 0
> > > > tokens: 210124 ctokens: 155635
> > > >
> > > > class htb 1:40 parent 1:1 leaf 40: prio 1 rate 184Kbit ceil 320Kbit
> > burst
> > > 1834b cburst 2008b
> > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > lended: 0 borrowed: 0 giants: 0
> > > > tokens: 79781 ctokens: 50224
> > > >
> > > > class htb 1:80 parent 1:1 leaf 80: prio 4 rate 64Kbit ceil 80Kbit
burst
> > > 1680b cburst 1701b
> > > > Sent 58744 bytes 152 pkts (dropped 0, overlimits 0)
> > > > rate 3Kbit 1pps
> > > > lended: 148 borrowed: 4 giants: 0
> > > > tokens: 202125 ctokens: 163799
> > > > _______________________________________________
> > > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://lartc.org/
> > >
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
` (4 preceding siblings ...)
2004-08-04 13:43 ` Morten Kramer
@ 2004-08-04 14:15 ` Ing Isianto Istiadi
2004-08-04 14:31 ` zoop
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Ing Isianto Istiadi @ 2004-08-04 14:15 UTC (permalink / raw)
To: lartc
Ok,
here's my new htb config
#!/bin/bash
tc qdisc del dev eth1 root
tc qdisc add dev eth1 root handle 1: htb default 80 debug 3333333
tc class add dev eth1 parent 1: classid 1:1 htb rate 60kbit ceil 60kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbit ceil 65kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 10kbit ceil 15kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:30 htb rate 5kbit ceil 11kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:40 htb rate 20kbit ceil 23kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:80 htb rate 5kbit ceil 10kbit prio 4
tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10
tc filter add dev eth1 parent 1:0 protocol ip handle 1 fw flowid 1:10
tc filter add dev eth1 parent 1:0 protocol ip handle 2 fw flowid 1:20
tc filter add dev eth1 protocol ip parent 1:0 handle 3 fw flowid 1:30
tc filter add dev eth1 parent 1:0 protocol ip handle 4 fw flowid 1:40
tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80
whith the same effect.
Thanks for pointing out the parent's rate. it's my mistakes ^_^
> > > > > Here's my iptables rules*mangle
> > > > > :PREROUTING ACCEPT [1061:863210]
> > > > > :INPUT ACCEPT [1022:857788]
> > > > > :FORWARD ACCEPT [0:0]
> > > > > :OUTPUT ACCEPT [947:201743]
> > > > > :POSTROUTING ACCEPT [947:201743]
> > > > > -N personal
> > > > > -N others
> > > > > -N personal1
> > > > > #-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
> > > > > -A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j
> > > > personal
> > > > > #-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20
> > > > > -A OUTPUT -p tcp -m tcp --dport 80 -j others
> > > > > -A personal -j MARK --set-mark 40
> > > > > -A others -j MARK --set-mark 20
> > > > >
> > > > >
> > > > > Here's my iptables -L -v -t mangle -x output
> > > > > Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes)
> > > > > pkts bytes target prot opt in out source
> > > > destination
> > > > >
> > > > > Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes)
> > > > > pkts bytes target prot opt in out source
> > > > destination
> > > > >
> > > > > Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes)
> > > > > pkts bytes target prot opt in out source
> > > > destination
> > > > >
> > > > > Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes)
> > > > > pkts bytes target prot opt in out source
> > > > destination
> > > > > 11105 14785525 personal tcp -- any any anywhere
> > > > 192.168.1.145 tcp spt:webcache
> > > > > 28465 2233910 others tcp -- any any anywhere
> > > > anywhere tcp dpt:www
> > > > >
> > > > > Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes)
> > > > > pkts bytes target prot opt in out source
> > > > destination
> > > > >
> > > > > Chain others (1 references)
> > > > > pkts bytes target prot opt in out source
> > > > destination
> > > > > 28465 2233910 MARK all -- any any anywhere
> > > > anywhere MARK set 0x14
> > > > >
> > > > > Chain personal (1 references)
> > > > > pkts bytes target prot opt in out source
> > > > destination
> > > > > 11105 14785525 MARK all -- any any anywhere
> > > > anywhere MARK set 0x28
> > > > >
> > > > > Chain personal1 (0 references)
> > > > > pkts bytes target prot opt in out source
> > > > destination
> > > > >
> > > > > Here's my
> > > > >
> > > > > /sbin/tc -s qdisc show dev eth1
> > > > >
> > > > > qdisc sfq 80: limit 128p quantum 1514b perturb 10sec
> > > > > Sent 386 bytes 5 pkts (dropped 0, overlimits 0)
> > > > > qdisc sfq 40: limit 128p quantum 1514b perturb 10sec
> > > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > > qdisc sfq 30: limit 128p quantum 1514b perturb 10sec
> > > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > > qdisc sfq 20: limit 128p quantum 1514b perturb 10sec
> > > > > Sent 12272 bytes 72 pkts (dropped 0, overlimits 0)
> > > > > qdisc sfq 10: limit 128p quantum 1514b perturb 10sec
> > > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > > qdisc htb 1: r2q 10 default 80 direct_packets_stat 0
> > > > > Sent 12658 bytes 77 pkts (dropped 0, overlimits 0)
> > > > >
> > > > >
> > > > > tc -s -d filter show dev eth1
> > > > >
> > > > > filter parent 1: protocol ip pref 49151 fw
> > > > > filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80
> > > > > filter parent 1: protocol ip pref 49151 fw
> > > > > filter parent 1: protocol ip pref 49151 fw handle 0x28 classid 1:40
> > > > > filter parent 1: protocol ip pref 49151 fw
> > > > > filter parent 1: protocol ip pref 49151 fw handle 0x1e classid 1:30
> > > > > filter parent 1: protocol ip pref 49151 fw
> > > > > filter parent 1: protocol ip pref 49151 fw handle 0x14 classid 1:20
> > > > > filter parent 1: protocol ip pref 49152 fw
> > > > > filter parent 1: protocol ip pref 49152 fw handle 0xa classid 1:10
> > > > >
> > > > >
> > > > > tc -s class show dev eth1
> > > > >
> > > > > class htb 1:1 root rate 520Kbit ceil 520Kbit burst 2264b cburst
> 2264b
> > > > > Sent 174465 bytes 1142 pkts (dropped 0, overlimits 0)
> > > > > rate 712bps 5pps
> > > > > lended: 4 borrowed: 0 giants: 0
> > > > > tokens: 34107 ctokens: 34107
> > > > >
> > > > > class htb 1:10 parent 1:1 leaf 10: prio 3 rate 160Kbit ceil 280Kbit
> > > burst
> > > > 1803b cburst 1957b
> > > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > > lended: 0 borrowed: 0 giants: 0
> > > > > tokens: 90199 ctokens: 55942
> > > > >
> > > > > class htb 1:20 parent 1:1 leaf 20: prio 0 rate 40Kbit ceil 80Kbit
> burst
> > > > 1650b cburst 1701b
> > > > > Sent 115721 bytes 990 pkts (dropped 0, overlimits 0)
> > > > > rate 340bps 3pps
> > > > > lended: 990 borrowed: 0 giants: 0
> > > > > tokens: 320599 ctokens: 165400
> > > > >
> > > > > class htb 1:30 parent 1:1 leaf 30: prio 2 rate 64Kbit ceil 88Kbit
> burst
> > > > 1680b cburst 1711b
> > > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > > lended: 0 borrowed: 0 giants: 0
> > > > > tokens: 210124 ctokens: 155635
> > > > >
> > > > > class htb 1:40 parent 1:1 leaf 40: prio 1 rate 184Kbit ceil 320Kbit
> > > burst
> > > > 1834b cburst 2008b
> > > > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > > > > lended: 0 borrowed: 0 giants: 0
> > > > > tokens: 79781 ctokens: 50224
> > > > >
> > > > > class htb 1:80 parent 1:1 leaf 80: prio 4 rate 64Kbit ceil 80Kbit
> burst
> > > > 1680b cburst 1701b
> > > > > Sent 58744 bytes 152 pkts (dropped 0, overlimits 0)
> > > > > rate 3Kbit 1pps
> > > > > lended: 148 borrowed: 4 giants: 0
> > > > > tokens: 202125 ctokens: 163799
> > > > > _______________________________________________
> > > > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://lartc.org/
> > > >
> > >
> > > _______________________________________________
> > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> > >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
` (5 preceding siblings ...)
2004-08-04 14:15 ` Ing Isianto Istiadi
@ 2004-08-04 14:31 ` zoop
2004-08-04 14:44 ` Ing Isianto Istiadi
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: zoop @ 2004-08-04 14:31 UTC (permalink / raw)
To: lartc
it looks like you might have a problem with your marking with the FW.
>#-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
>-A OUTPUT -p tcp -m tcp --dport 80 -j others
>-A personal -j MARK --set-mark 40
>-A others -j MARK --set-mark 20
From Looking at this I see the first commented link that as the mark in hex, Don't
all the marks need to be written this way? 0x80 0x40 0x20 ?
This is just a guess I don't really know.
Ing Isianto Istiadi (isianto.istiadi@adirarental.com) wrote:
>
>Dear All,
>I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and gentoo.
>I have a leased-line 64 kbps.
>I can see the counter works in iptables, but in the htb, it doesn't go to the right
class (it always go to the default class).
>
>Any help will be appreciated
>
>
>here's my htb conf
>#!/bin/bash
>
>tc qdisc del dev eth1 root
>
>tc qdisc add dev eth1 root handle 1: htb default 80
>tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
>tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil 35kbps prio 3
>tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil 10kbps prio 0
>tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil 11kbps prio 2
>tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil 40kbps prio 1
>tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil 10kbps prio 4
>
>tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
>tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
>tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
>tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
>tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10
>
>tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid 1:10
>tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid 1:20
>tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid 1:30
>tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid 1:40
>tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80
>
>Here's my iptables rules*mangle
>:PREROUTING ACCEPT [1061:863210]
>:INPUT ACCEPT [1022:857788]
>:FORWARD ACCEPT [0:0]
>:OUTPUT ACCEPT [947:201743]
>:POSTROUTING ACCEPT [947:201743]
>-N personal
>-N others
>-N personal1
>#-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
>-A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j personal
>#-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20
>-A OUTPUT -p tcp -m tcp --dport 80 -j others
>-A personal -j MARK --set-mark 40
>-A others -j MARK --set-mark 20
>
>
>Here's my iptables -L -v -t mangle -x output
>Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes)
> pkts bytes target prot opt in out source destination
>
>Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes)
> pkts bytes target prot opt in out source destination
>
>Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes)
> pkts bytes target prot opt in out source destination
>
>Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes)
> pkts bytes target prot opt in out source destination
> 11105 14785525 personal tcp -- any any anywhere
192.168.1.145 tcp spt:webcache
> 28465 2233910 others tcp -- any any anywhere anywhere
tcp dpt:www
>
>Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes)
> pkts bytes target prot opt in out source destination
>
>Chain others (1 references)
> pkts bytes target prot opt in out source destination
> 28465 2233910 MARK all -- any any anywhere anywhere
MARK set 0x14
>
>Chain personal (1 references)
> pkts bytes target prot opt in out source destination
> 11105 14785525 MARK all -- any any anywhere anywhere
MARK set 0x28
>
>Chain personal1 (0 references)
> pkts bytes target prot opt in out source destination
>
>Here's my
>
>/sbin/tc -s qdisc show dev eth1
>
>qdisc sfq 80: limit 128p quantum 1514b perturb 10sec
> Sent 386 bytes 5 pkts (dropped 0, overlimits 0)
>qdisc sfq 40: limit 128p quantum 1514b perturb 10sec
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>qdisc sfq 30: limit 128p quantum 1514b perturb 10sec
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>qdisc sfq 20: limit 128p quantum 1514b perturb 10sec
> Sent 12272 bytes 72 pkts (dropped 0, overlimits 0)
>qdisc sfq 10: limit 128p quantum 1514b perturb 10sec
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>qdisc htb 1: r2q 10 default 80 direct_packets_stat 0
> Sent 12658 bytes 77 pkts (dropped 0, overlimits 0)
>
>
>tc -s -d filter show dev eth1
>
>filter parent 1: protocol ip pref 49151 fw
>filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80
>filter parent 1: protocol ip pref 49151 fw
>filter parent 1: protocol ip pref 49151 fw handle 0x28 classid 1:40
>filter parent 1: protocol ip pref 49151 fw
>filter parent 1: protocol ip pref 49151 fw handle 0x1e classid 1:30
>filter parent 1: protocol ip pref 49151 fw
>filter parent 1: protocol ip pref 49151 fw handle 0x14 classid 1:20
>filter parent 1: protocol ip pref 49152 fw
>filter parent 1: protocol ip pref 49152 fw handle 0xa classid 1:10
>
>
>tc -s class show dev eth1
>
>class htb 1:1 root rate 520Kbit ceil 520Kbit burst 2264b cburst 2264b
> Sent 174465 bytes 1142 pkts (dropped 0, overlimits 0)
> rate 712bps 5pps
> lended: 4 borrowed: 0 giants: 0
> tokens: 34107 ctokens: 34107
>
>class htb 1:10 parent 1:1 leaf 10: prio 3 rate 160Kbit ceil 280Kbit burst 1803b
cburst 1957b
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> lended: 0 borrowed: 0 giants: 0
> tokens: 90199 ctokens: 55942
>
>class htb 1:20 parent 1:1 leaf 20: prio 0 rate 40Kbit ceil 80Kbit burst 1650b
cburst 1701b
> Sent 115721 bytes 990 pkts (dropped 0, overlimits 0)
> rate 340bps 3pps
> lended: 990 borrowed: 0 giants: 0
> tokens: 320599 ctokens: 165400
>
>class htb 1:30 parent 1:1 leaf 30: prio 2 rate 64Kbit ceil 88Kbit burst 1680b
cburst 1711b
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> lended: 0 borrowed: 0 giants: 0
> tokens: 210124 ctokens: 155635
>
>class htb 1:40 parent 1:1 leaf 40: prio 1 rate 184Kbit ceil 320Kbit burst 1834b
cburst 2008b
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> lended: 0 borrowed: 0 giants: 0
> tokens: 79781 ctokens: 50224
>
>class htb 1:80 parent 1:1 leaf 80: prio 4 rate 64Kbit ceil 80Kbit burst 1680b
cburst 1701b
> Sent 58744 bytes 152 pkts (dropped 0, overlimits 0)
> rate 3Kbit 1pps
> lended: 148 borrowed: 4 giants: 0
> tokens: 202125 ctokens: 163799
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
--
When dealing with a slow pipe, never underestimate the throughput of the postal system.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
` (6 preceding siblings ...)
2004-08-04 14:31 ` zoop
@ 2004-08-04 14:44 ` Ing Isianto Istiadi
2004-08-04 23:40 ` mjoachimiak
2004-08-05 2:27 ` Ing Isianto Istiadi
9 siblings, 0 replies; 11+ messages in thread
From: Ing Isianto Istiadi @ 2004-08-04 14:44 UTC (permalink / raw)
To: lartc
On Wed, 04 Aug 2004 14:31:06 +0000
zoop@lone.ath.cx wrote:
> it looks like you might have a problem with your marking with the FW.
That's what I thought, but I can't troubleshoot any other way.
I tried both ways 0x80, 80 to the same affect.
The strange problem is if I omitted the source ip part, so
iptables -A OUTPUT -p tcp -t mangle --dport www -j MARK --set-mark 40
it works
I'm out of my head
^_^
>
> From Looking at this I see the first commented link that as the mark in hex, Don't
> all the marks need to be written this way? 0x80 0x40 0x20 ?
>
> This is just a guess I don't really know.
>
>
> Ing Isianto Istiadi (isianto.istiadi@adirarental.com) wrote:
> >
> >Dear All,
> >I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and gentoo.
> >I have a leased-line 64 kbps.
> >I can see the counter works in iptables, but in the htb, it doesn't go to the right
> class (it always go to the default class).
> >
> >Any help will be appreciated
> >
> >
> >here's my htb conf
> >#!/bin/bash
> >
> >tc qdisc del dev eth1 root
> >
> >tc qdisc add dev eth1 root handle 1: htb default 80
> >tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
> >tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil 35kbps prio 3
> >tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil 10kbps prio 0
> >tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil 11kbps prio 2
> >tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil 40kbps prio 1
> >tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil 10kbps prio 4
> >
> >tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
> >tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
> >tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
> >tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
> >tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10
> >
> >tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid 1:10
> >tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid 1:20
> >tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid 1:30
> >tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid 1:40
> >tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80
> >
> >Here's my iptables rules*mangle
> >:PREROUTING ACCEPT [1061:863210]
> >:INPUT ACCEPT [1022:857788]
> >:FORWARD ACCEPT [0:0]
> >:OUTPUT ACCEPT [947:201743]
> >:POSTROUTING ACCEPT [947:201743]
> >-N personal
> >-N others
> >-N personal1
> >#-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
> >-A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j personal
> >#-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20
> >-A OUTPUT -p tcp -m tcp --dport 80 -j others
> >-A personal -j MARK --set-mark 40
> >-A others -j MARK --set-mark 20
> >
> >
> >Here's my iptables -L -v -t mangle -x output
> >Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes)
> > pkts bytes target prot opt in out source destination
> >
> >Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes)
> > pkts bytes target prot opt in out source destination
> >
> >Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes)
> > pkts bytes target prot opt in out source destination
> >
> >Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes)
> > pkts bytes target prot opt in out source destination
> > 11105 14785525 personal tcp -- any any anywhere
> 192.168.1.145 tcp spt:webcache
> > 28465 2233910 others tcp -- any any anywhere anywhere
> tcp dpt:www
> >
> >Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes)
> > pkts bytes target prot opt in out source destination
> >
> >Chain others (1 references)
> > pkts bytes target prot opt in out source destination
> > 28465 2233910 MARK all -- any any anywhere anywhere
> MARK set 0x14
> >
> >Chain personal (1 references)
> > pkts bytes target prot opt in out source destination
> > 11105 14785525 MARK all -- any any anywhere anywhere
> MARK set 0x28
> >
> >Chain personal1 (0 references)
> > pkts bytes target prot opt in out source destination
> >
> >Here's my
> >
> >/sbin/tc -s qdisc show dev eth1
> >
> >qdisc sfq 80: limit 128p quantum 1514b perturb 10sec
> > Sent 386 bytes 5 pkts (dropped 0, overlimits 0)
> >qdisc sfq 40: limit 128p quantum 1514b perturb 10sec
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >qdisc sfq 30: limit 128p quantum 1514b perturb 10sec
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >qdisc sfq 20: limit 128p quantum 1514b perturb 10sec
> > Sent 12272 bytes 72 pkts (dropped 0, overlimits 0)
> >qdisc sfq 10: limit 128p quantum 1514b perturb 10sec
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >qdisc htb 1: r2q 10 default 80 direct_packets_stat 0
> > Sent 12658 bytes 77 pkts (dropped 0, overlimits 0)
> >
> >
> >tc -s -d filter show dev eth1
> >
> >filter parent 1: protocol ip pref 49151 fw
> >filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80
> >filter parent 1: protocol ip pref 49151 fw
> >filter parent 1: protocol ip pref 49151 fw handle 0x28 classid 1:40
> >filter parent 1: protocol ip pref 49151 fw
> >filter parent 1: protocol ip pref 49151 fw handle 0x1e classid 1:30
> >filter parent 1: protocol ip pref 49151 fw
> >filter parent 1: protocol ip pref 49151 fw handle 0x14 classid 1:20
> >filter parent 1: protocol ip pref 49152 fw
> >filter parent 1: protocol ip pref 49152 fw handle 0xa classid 1:10
> >
> >
> >tc -s class show dev eth1
> >
> >class htb 1:1 root rate 520Kbit ceil 520Kbit burst 2264b cburst 2264b
> > Sent 174465 bytes 1142 pkts (dropped 0, overlimits 0)
> > rate 712bps 5pps
> > lended: 4 borrowed: 0 giants: 0
> > tokens: 34107 ctokens: 34107
> >
> >class htb 1:10 parent 1:1 leaf 10: prio 3 rate 160Kbit ceil 280Kbit burst 1803b
> cburst 1957b
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > lended: 0 borrowed: 0 giants: 0
> > tokens: 90199 ctokens: 55942
> >
> >class htb 1:20 parent 1:1 leaf 20: prio 0 rate 40Kbit ceil 80Kbit burst 1650b
> cburst 1701b
> > Sent 115721 bytes 990 pkts (dropped 0, overlimits 0)
> > rate 340bps 3pps
> > lended: 990 borrowed: 0 giants: 0
> > tokens: 320599 ctokens: 165400
> >
> >class htb 1:30 parent 1:1 leaf 30: prio 2 rate 64Kbit ceil 88Kbit burst 1680b
> cburst 1711b
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > lended: 0 borrowed: 0 giants: 0
> > tokens: 210124 ctokens: 155635
> >
> >class htb 1:40 parent 1:1 leaf 40: prio 1 rate 184Kbit ceil 320Kbit burst 1834b
> cburst 2008b
> > Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> > lended: 0 borrowed: 0 giants: 0
> > tokens: 79781 ctokens: 50224
> >
> >class htb 1:80 parent 1:1 leaf 80: prio 4 rate 64Kbit ceil 80Kbit burst 1680b
> cburst 1701b
> > Sent 58744 bytes 152 pkts (dropped 0, overlimits 0)
> > rate 3Kbit 1pps
> > lended: 148 borrowed: 4 giants: 0
> > tokens: 202125 ctokens: 163799
> >_______________________________________________
> >LARTC mailing list / LARTC@mailman.ds9a.nl
> >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
>
> --
> When dealing with a slow pipe, never underestimate the throughput of the postal system.
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
` (7 preceding siblings ...)
2004-08-04 14:44 ` Ing Isianto Istiadi
@ 2004-08-04 23:40 ` mjoachimiak
2004-08-05 2:27 ` Ing Isianto Istiadi
9 siblings, 0 replies; 11+ messages in thread
From: mjoachimiak @ 2004-08-04 23:40 UTC (permalink / raw)
To: lartc
>>I can see the counter works in iptables, but in the htb, it doesn't go to
the right class
Please write what commands do you use to see "the counter" and what counter
do you mean? I think counter for ip packets isn't it?
You can try to see my problem in LARTC archive: "HTB 3.13 please help".
In my opinion you have bad configured packet marking.
See my configuration of packet marking. I included it with archive posts in
"HTB 3.13 please help"
----------------------------------------------------------------------------
---------------------
> Dear All,
> I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and
gentoo.
> I have a leased-line 64 kbps.
> I can see the counter works in iptables, but in the htb, it doesn't go to
the right class (it always go to the default class).
>
> Any help will be appreciated
>
>
> here's my htb conf
> #!/bin/bash
>
> tc qdisc del dev eth1 root
>
> tc qdisc add dev eth1 root handle 1: htb default 80
> tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps
> tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil 35kbps
prio 3
> tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil 10kbps
prio 0
> tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil 11kbps
prio 2
> tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil 40kbps
prio 1
> tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil 10kbps
prio 4
>
> tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
> tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
> tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
> tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10
>
> tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid 1:10
> tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid 1:20
> tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid 1:30
> tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid 1:40
> tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80
>
> Here's my iptables rules*mangle
> :PREROUTING ACCEPT [1061:863210]
> :INPUT ACCEPT [1022:857788]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [947:201743]
> :POSTROUTING ACCEPT [947:201743]
> -N personal
> -N others
> -N personal1
> #-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
> -A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j
personal
> #-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20
> -A OUTPUT -p tcp -m tcp --dport 80 -j others
> -A personal -j MARK --set-mark 40
> -A others -j MARK --set-mark 20
>
>
> Here's my iptables -L -v -t mangle -x output
> Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes)
> pkts bytes target prot opt in out source
destination
>
> Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes)
> pkts bytes target prot opt in out source
destination
>
> Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes)
> pkts bytes target prot opt in out source
destination
>
> Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes)
> pkts bytes target prot opt in out source
destination
> 11105 14785525 personal tcp -- any any anywhere
192.168.1.145 tcp spt:webcache
> 28465 2233910 others tcp -- any any anywhere
anywhere tcp dpt:www
>
> Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes)
> pkts bytes target prot opt in out source
destination
>
> Chain others (1 references)
> pkts bytes target prot opt in out source
destination
> 28465 2233910 MARK all -- any any anywhere
anywhere MARK set 0x14
>
> Chain personal (1 references)
> pkts bytes target prot opt in out source
destination
> 11105 14785525 MARK all -- any any anywhere
anywhere MARK set 0x28
>
> Chain personal1 (0 references)
> pkts bytes target prot opt in out source
destination
>
> Here's my
>
> /sbin/tc -s qdisc show dev eth1
>
> qdisc sfq 80: limit 128p quantum 1514b perturb 10sec
> Sent 386 bytes 5 pkts (dropped 0, overlimits 0)
> qdisc sfq 40: limit 128p quantum 1514b perturb 10sec
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> qdisc sfq 30: limit 128p quantum 1514b perturb 10sec
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> qdisc sfq 20: limit 128p quantum 1514b perturb 10sec
> Sent 12272 bytes 72 pkts (dropped 0, overlimits 0)
> qdisc sfq 10: limit 128p quantum 1514b perturb 10sec
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> qdisc htb 1: r2q 10 default 80 direct_packets_stat 0
> Sent 12658 bytes 77 pkts (dropped 0, overlimits 0)
>
>
> tc -s -d filter show dev eth1
>
> filter parent 1: protocol ip pref 49151 fw
> filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80
> filter parent 1: protocol ip pref 49151 fw
> filter parent 1: protocol ip pref 49151 fw handle 0x28 classid 1:40
> filter parent 1: protocol ip pref 49151 fw
> filter parent 1: protocol ip pref 49151 fw handle 0x1e classid 1:30
> filter parent 1: protocol ip pref 49151 fw
> filter parent 1: protocol ip pref 49151 fw handle 0x14 classid 1:20
> filter parent 1: protocol ip pref 49152 fw
> filter parent 1: protocol ip pref 49152 fw handle 0xa classid 1:10
>
>
> tc -s class show dev eth1
>
> class htb 1:1 root rate 520Kbit ceil 520Kbit burst 2264b cburst 2264b
> Sent 174465 bytes 1142 pkts (dropped 0, overlimits 0)
> rate 712bps 5pps
> lended: 4 borrowed: 0 giants: 0
> tokens: 34107 ctokens: 34107
>
> class htb 1:10 parent 1:1 leaf 10: prio 3 rate 160Kbit ceil 280Kbit burst
1803b cburst 1957b
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> lended: 0 borrowed: 0 giants: 0
> tokens: 90199 ctokens: 55942
>
> class htb 1:20 parent 1:1 leaf 20: prio 0 rate 40Kbit ceil 80Kbit burst
1650b cburst 1701b
> Sent 115721 bytes 990 pkts (dropped 0, overlimits 0)
> rate 340bps 3pps
> lended: 990 borrowed: 0 giants: 0
> tokens: 320599 ctokens: 165400
>
> class htb 1:30 parent 1:1 leaf 30: prio 2 rate 64Kbit ceil 88Kbit burst
1680b cburst 1711b
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> lended: 0 borrowed: 0 giants: 0
> tokens: 210124 ctokens: 155635
>
> class htb 1:40 parent 1:1 leaf 40: prio 1 rate 184Kbit ceil 320Kbit burst
1834b cburst 2008b
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> lended: 0 borrowed: 0 giants: 0
> tokens: 79781 ctokens: 50224
>
> class htb 1:80 parent 1:1 leaf 80: prio 4 rate 64Kbit ceil 80Kbit burst
1680b cburst 1701b
> Sent 58744 bytes 152 pkts (dropped 0, overlimits 0)
> rate 3Kbit 1pps
> lended: 148 borrowed: 4 giants: 0
> tokens: 202125 ctokens: 163799
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [LARTC] htb and fw problems
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
` (8 preceding siblings ...)
2004-08-04 23:40 ` mjoachimiak
@ 2004-08-05 2:27 ` Ing Isianto Istiadi
9 siblings, 0 replies; 11+ messages in thread
From: Ing Isianto Istiadi @ 2004-08-05 2:27 UTC (permalink / raw)
To: lartc
On Thu, 5 Aug 2004 01:40:48 +0200
> Please write what commands do you use to see "the counter" and what counter
> do you mean? I think counter for ip packets isn't it?
I'm using iptables -L -v -x -t mangle
and look for my rule. My assumptions is that if the counter is counting up in the iptables rules, then the iptable rules catches the packet, and it should mark the catched packet with whatever marking I put. Is it correct (my assumptions)?
I've read your archieve before, I asked but I can't find any solutions since (in my case I really want to limit per ip for web only).
Thanks
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2004-08-05 2:27 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-04 9:00 [LARTC] htb and fw problems Ing Isianto Istiadi
2004-08-04 11:41 ` mjoachimiak
2004-08-04 13:11 ` Ing Isianto Istiadi
2004-08-04 13:36 ` Arno
2004-08-04 13:41 ` Martin A. Brown
2004-08-04 13:43 ` Morten Kramer
2004-08-04 14:15 ` Ing Isianto Istiadi
2004-08-04 14:31 ` zoop
2004-08-04 14:44 ` Ing Isianto Istiadi
2004-08-04 23:40 ` mjoachimiak
2004-08-05 2:27 ` Ing Isianto Istiadi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.