[LARTC] ppp+vpn+htb

[LARTC] ppp+vpn+htb

[mail.cat-net.co.yu]

[-- Attachment #1.1: Type: text/plain, Size: 354 bytes --]

please, help, i have build vpn server (suse 9 + poptop), i have managed to implement tc htb in ip-up script, but every client has own ppp interface (ppp0, ppp1, ppp2...), and my idea is to share available bandwidth, not to limit connection, 

how to build root tc rule, when I have more then one interface?... please any one width experiance

regards

[-- Attachment #1.2: Type: text/html, Size: 855 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] ppp+vpn+htb

[Wang Jian]

Hi mail.cat-net.co.yu,

Because ppp traffic is over your real network link, you can control ppp
traffic over that physic device. But I think it have limitation, because
with this way you can't look into the ppp layer and differential
TCP/IP applications encapsulated in ppp layer.

On Wed, 6 Apr 2005 00:44:55 +0200, "mail.cat-net.co.yu" <hiphin@cat-net.co.yu> wrote:

> please, help, i have build vpn server (suse 9 + poptop), i have managed to implement tc htb in ip-up script, but every client has own ppp interface (ppp0, ppp1, ppp2...), and my idea is to share available bandwidth, not to limit connection, 
> 
> how to build root tc rule, when I have more then one interface?... please any one width experiance
> 
> regards



-- 
  lark

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] ppp+vpn+htb

[hiphin]

[-- Attachment #1.1: Type: text/plain, Size: 1129 bytes --]

Hi Wang,...

>Because ppp traffic is over your real network link, you can control ppp
>traffic over that physic device. But I think it have limitation, because
>with this way you can't look into the ppp layer and differential
>TCP/IP applications encapsulated in ppp layer

yes, that is my question, if I control eth0 only, I can not have per user 
limmiting...

can I do something simple like this:

/sbin/tc qdisc add dev eth0 root handle 1: htb default 10
/sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 256kbit

/sbin/tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 32kbit ceil \
   256kbit prio 1 burst 64kbit cburst 96kbit
/sbin/tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dest 
\
   $REMOTEIP0 folow 1:10

/sbin/tc class add dev ppp1 parent 1:1 classid 1:20 htb rate 32kbit ceil \
   256kbit prio 1 burst 64kbit cburst 96kbit
/sbin/tc filter add dev ppp1 protocol ip parent 1:0 prio 1 u32 match ip dest 
\
   $REMOTEIP1 folow 1:20

...

or IMQ must be involved...
there must be way, to do bandwidth sharing throught vpn-ppp connections

thanks 



[-- Attachment #1.2: Type: text/html, Size: 1764 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] ppp+vpn+htb

[Wang Jian]

Hi hiphin,

It seems that your network link is eth0. Then

tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: classid 1:1 htb rate 256kbit
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 32kbit ceil
256kbit prio 1

Then you can use tc filter to classify all pptp traffic to 1:2. You
don't need to specify different class for every ppp connection.

But the drawback is no fairness. Not all ppp connections can get 32kbit
assured if they want.

If you need guaranteed bandwidth for each ppp connection, try my per
flow control queue patch. You can find it in list's archive.

On Wed, 6 Apr 2005 10:08:40 +0200, "hiphin" <hiphin@cat-net.co.yu> wrote:

> Hi Wang,...
> 
> >Because ppp traffic is over your real network link, you can control ppp
> >traffic over that physic device. But I think it have limitation, because
> >with this way you can't look into the ppp layer and differential
> >TCP/IP applications encapsulated in ppp layer
> 
> yes, that is my question, if I control eth0 only, I can not have per user 
> limmiting...
> 
> can I do something simple like this:
> 
> /sbin/tc qdisc add dev eth0 root handle 1: htb default 10
> /sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 256kbit
> 
> /sbin/tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 32kbit ceil \
>    256kbit prio 1 burst 64kbit cburst 96kbit
> /sbin/tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dest 
> \
>    $REMOTEIP0 folow 1:10
> 
> /sbin/tc class add dev ppp1 parent 1:1 classid 1:20 htb rate 32kbit ceil \
>    256kbit prio 1 burst 64kbit cburst 96kbit
> /sbin/tc filter add dev ppp1 protocol ip parent 1:0 prio 1 u32 match ip dest 
> \
>    $REMOTEIP1 folow 1:20
> 
> ...
> 
> or IMQ must be involved...
> there must be way, to do bandwidth sharing throught vpn-ppp connections
> 
> thanks 
> 
> 



-- 
  lark

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] ppp+vpn+htb

[Wang Jian]

Hi hiphin,

You can also look into ESFQ. Corey Hickey releases esfq for 2.6.12-rc1.


On Wed, 06 Apr 2005 16:42:35 +0800, Wang Jian <lark@linux.net.cn> wrote:

> Hi hiphin,
> 
> It seems that your network link is eth0. Then
> 
> tc qdisc add dev eth0 root handle 1: htb default 10
> tc class add dev eth0 parent 1: classid 1:1 htb rate 256kbit
> tc class add dev eth0 parent 1:1 classid 1:2 htb rate 32kbit ceil
> 256kbit prio 1
> 
> Then you can use tc filter to classify all pptp traffic to 1:2. You
> don't need to specify different class for every ppp connection.
> 
> But the drawback is no fairness. Not all ppp connections can get 32kbit
> assured if they want.
> 
> If you need guaranteed bandwidth for each ppp connection, try my per
> flow control queue patch. You can find it in list's archive.
> 
> On Wed, 6 Apr 2005 10:08:40 +0200, "hiphin" <hiphin@cat-net.co.yu> wrote:
> 
> > Hi Wang,...
> > 
> > >Because ppp traffic is over your real network link, you can control ppp
> > >traffic over that physic device. But I think it have limitation, because
> > >with this way you can't look into the ppp layer and differential
> > >TCP/IP applications encapsulated in ppp layer
> > 
> > yes, that is my question, if I control eth0 only, I can not have per user 
> > limmiting...
> > 
> > can I do something simple like this:
> > 
> > /sbin/tc qdisc add dev eth0 root handle 1: htb default 10
> > /sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 256kbit
> > 
> > /sbin/tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 32kbit ceil \
> >    256kbit prio 1 burst 64kbit cburst 96kbit
> > /sbin/tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dest 
> > \
> >    $REMOTEIP0 folow 1:10
> > 
> > /sbin/tc class add dev ppp1 parent 1:1 classid 1:20 htb rate 32kbit ceil \
> >    256kbit prio 1 burst 64kbit cburst 96kbit
> > /sbin/tc filter add dev ppp1 protocol ip parent 1:0 prio 1 u32 match ip dest 
> > \
> >    $REMOTEIP1 folow 1:20
> > 
> > ...
> > 
> > or IMQ must be involved...
> > there must be way, to do bandwidth sharing throught vpn-ppp connections
> > 
> > thanks 
> > 
> > 
> 
> 
> 
> -- 
>   lark
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



-- 
  lark

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] ppp+vpn+htb

[hiphin]

[-- Attachment #1.1: Type: text/plain, Size: 651 bytes --]

Wang, hi, little of thinking and listen what I found logical

Q1: Is ppp interface, as only one connection on my real eth0 ?

If answare is YES, then simple SFQ on eth0 is good ?
...and main difference SFQ/ESFQ is that SFQ watching connections, and ESFQ watching host IP... 

Q2: I have 2.4.xx, kernel ESFQ is for 2.6 kernel only ?


I need to limit max bandwidth for all users and fair share, do not need to have guaranteed-minimum

mathematic is simple: N*user <= 256kbps

soo if I have one user on vpn, hi gets 256kbps
if I have 2 users on vpn downloading, both is getting max 128kbps
and soo on...

(this is too simple to be ...)

[-- Attachment #1.2: Type: text/html, Size: 1828 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] ppp+vpn+htb

[Wang Jian]

Hi hiphin,


On Wed, 6 Apr 2005 13:39:40 +0200, "hiphin" <hiphin@cat-net.co.yu> wrote:

> Wang, hi, little of thinking and listen what I found logical
> 
> Q1: Is ppp interface, as only one connection on my real eth0 ?
> 
> If answare is YES, then simple SFQ on eth0 is good ?
> ...and main difference SFQ/ESFQ is that SFQ watching connections, and ESFQ watching host IP... 
> 

You didn't tell if you use pptp, but I think you use pptp.

ppp interface in this case is a peusdo network interface, under it there
is IP connection between client and server. So your control the ip
connection's rate, and then you can control the ppp interface.

So if you want fairness amongst these interfaces, you can either enforce
fairness on connection ( 1 client only has 1 ppp connection) or enforce
fairness on host (1 client may have multiple ppp connection but you take
the client as one)


> Q2: I have 2.4.xx, kernel ESFQ is for 2.6 kernel only ?
> 
> 
> I need to limit max bandwidth for all users and fair share, do not need to have guaranteed-minimum
> 
> mathematic is simple: N*user <= 256kbps
> 
> soo if I have one user on vpn, hi gets 256kbps
> if I have 2 users on vpn downloading, both is getting max 128kbps
> and soo on...
> 
> (this is too simple to be ...)


I am not familiar with ESFQ. In my test, SFQ doesn't provide good
fairness. ESFQ should have some improvement, I think.

Any good implemented fair queue can achieve your goal.


-- 
  lark

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] ppp+vpn+htb

[Andy Furniss]

mail.cat-net.co.yu wrote:
> please, help, i have build vpn server (suse 9 + poptop), i have managed to implement tc htb in ip-up script, but every client has own ppp interface (ppp0, ppp1, ppp2...), and my idea is to share available bandwidth, not to limit connection, 
> 
> how to build root tc rule, when I have more then one interface?... please any one width experiance
> 
> regards

You may be able to do it on ethx by marking or classifying in 
forward/postrouting and hoping the marks survive encapsulation. I've 
never tried so don't know.

If that fails there is also a chance you can do it with IMQ or the dummy 
device (You will need to build a 2.6 and use a different dummy.c I don't 
think the new one is in kernel yet).

Andy.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] ppp+vpn+htb

[Peter Surda]

On Wed, Apr 06, 2005 at 01:39:40PM +0200, hiphin wrote:
> Q2: I have 2.4.xx, kernel ESFQ is for 2.6 kernel only ?
No, I've been using it in 2.4. for almost a year:
http://www.ssi.bg/~alex/esfq/
And you get unimportant minus points from me for not using google.

Bye,

Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023

-- 
                   It's not a bug, it's tradition!
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc