[LARTC] P2P shaping, won't work

[LARTC] P2P shaping, won't work

[Edgar]

Hello, its me again, I won't stop sending emails to this list, until I solve 
this problem, I've tried several apps to create the right htb rules (even 
made them my self), but I always get the same results, traffic gets shaped, 
but I can't use my bandwidth, and this is weird, because I should be able to, 
also I keep seeing download being limited too, and that shouldn't be 
happening, I don't think I'm the only one with this problem out there, so I 
will post here once again my configuration, to match p2p traffic and to shape 
it:

### ###
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N lay7PRE
iptables -t mangle -N lay7POST
iptables -t mangle -N ipp2pPRE
iptables -t mangle -N ipp2pPOST

### PREROUTING RULES ###
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3
iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3
iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK --save-mark
iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1
iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2
iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark

### POSTROUTING RULES ###
iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY 
--set-class 1:30
iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY 
--set-class 1:20
iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY 
--set-class 1:10

### ###
iptables -t mangle -A PREROUTING -j lay7PRE
iptables -t mangle -A POSTROUTING -j lay7POST
iptables -t mangle -A PREROUTING -j ipp2pPRE
iptables -t mangle -A POSTROUTING -j ipp2pPOST

TC RULES
tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0
tc qdisc add dev eth1 handle 2:0 parent 1:0 htb
tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps
tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps 
prio 0
tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq
tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps 
prio 1
tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq
tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps 
prio 2
tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq
tc class add dev eth1 parent 2:1 classid 2:5 htb rate 10000bps ceil 10000bps 
burst 0 cburst 0 prio 3 quantum 1500
tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq
tc class add dev eth1 parent 2:1 classid 2:6 htb rate 10000bps ceil 22000bps 
prio 1
tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq
tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift 0
tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex classid 
2:6
tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex classid 
2:4
tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex classid 
2:5
tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex classid 
2:3
tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex classid 
2:2
tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 
0 match u16 0x0 0xffc0 at 2 classid 1:5
tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 
0 match u8 0x10 0x10 at 33 classid 1:4
tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 
0 classid 1:5
tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 at 
0 classid 1:5

well, this rules are generated with tcng (tcc actually), and I see traffic 
going to the p2p rule (being 2:5), but still I'm not able to browse the web! 
nor chat nor anything, someone adviced me to create an interactive class and 
then leave the unmatched traffic go to a default class (and here'll go p2p 
traffic too), but then I'm running a squid server at home, and thus I don't 
know what port to specify to do this, anyway, I've tried already with normal 
http traffic, with layer7, I see the traffic going to the iptables chain, but 
yet it'll still won't work, p2p traffic keeps eating all my bandwidth, its 
ignoring all the priorities I have in my tc rules (being the 2:5 class the 
one with the lowest priority), I really need to get this working, and I know 
there's some ppl that has lots of more experience that me, and I'm sure you 
can help me. Thank you

EDGAR MERINO
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] P2P shaping, won't work

[Francisco Pereira]

Mensaje citado por Edgar <donvodka@gmail.com>:

> Hello, its me again, I won't stop sending emails to this list, until I solve
> 
> this problem, I've tried several apps to create the right htb rules (even 
> made them my self), but I always get the same results, traffic gets shaped, 
> but I can't use my bandwidth, and this is weird, because I should be able to,
> 
> also I keep seeing download being limited too, and that shouldn't be 
> happening, I don't think I'm the only one with this problem out there, so I 
> will post here once again my configuration, to match p2p traffic and to shape
> 
> it:
> 
> ### ###
> iptables -t mangle -F
> iptables -t mangle -X
> iptables -t mangle -N lay7PRE
> iptables -t mangle -N lay7POST
> iptables -t mangle -N ipp2pPRE
> iptables -t mangle -N ipp2pPOST
> 
> ### PREROUTING RULES ###
> iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
> iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
> iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3
> iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3
> iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK
> --save-mark
> iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1
> iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2
> iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark
> 
> ### POSTROUTING RULES ###
> iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY 
> --set-class 1:30
> iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY 
> --set-class 1:20
> iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY 
> --set-class 1:10
> 
> ### ###
> iptables -t mangle -A PREROUTING -j lay7PRE
> iptables -t mangle -A POSTROUTING -j lay7POST
> iptables -t mangle -A PREROUTING -j ipp2pPRE
> iptables -t mangle -A POSTROUTING -j ipp2pPOST
> 
> TC RULES
> tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0
> tc qdisc add dev eth1 handle 2:0 parent 1:0 htb
> tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps
> tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps 
> prio 0
> tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq
> tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps 
> prio 1
> tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq
> tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps 
> prio 2
> tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq
> tc class add dev eth1 parent 2:1 classid 2:5 htb rate 10000bps ceil 10000bps
> 
> burst 0 cburst 0 prio 3 quantum 1500
> tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq
> tc class add dev eth1 parent 2:1 classid 2:6 htb rate 10000bps ceil 22000bps
> 
> prio 1
> tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq
> tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift
> 0
> tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex
> classid 
> 2:6
> tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex
> classid 
> 2:4
> tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex
> classid 
> 2:5
> tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex
> classid 
> 2:3
> tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex
> classid 
> 2:2
> tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> 
> 0 match u16 0x0 0xffc0 at 2 classid 1:5
> tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> 
> 0 match u8 0x10 0x10 at 33 classid 1:4
> tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> 
> 0 classid 1:5
> tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0
> at 
> 0 classid 1:5
> 
> well, this rules are generated with tcng (tcc actually), and I see traffic 
> going to the p2p rule (being 2:5), but still I'm not able to browse the web!
> 
> nor chat nor anything, someone adviced me to create an interactive class and
> 
> then leave the unmatched traffic go to a default class (and here'll go p2p 
> traffic too), but then I'm running a squid server at home, and thus I don't 
> know what port to specify to do this, anyway, I've tried already with normal
> 
> http traffic, with layer7, I see the traffic going to the iptables chain, but
> 
> yet it'll still won't work, p2p traffic keeps eating all my bandwidth, its 
> ignoring all the priorities I have in my tc rules (being the 2:5 class the 
> one with the lowest priority), I really need to get this working, and I know
> 
> there's some ppl that has lots of more experience that me, and I'm sure you 
> can help me. Thank you
 
can != want != will

You may have a problem with the rate units -  bps != bit -, but i dont know the
type or rate of your internet link.
Post a detailed ascii diagram of your network. Which is the transfer rate of the
internet link?

IPP2P works very well for me.
How did you test your iptables & tc setup? In the real network or in a
controlled environment?
Did you try starting with a very basic tc setup and adding tc qdiscs, classes
and filters one by one and checking the results on every step?

Regards,
Francisco.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Miles de internautas ya utilizan el discador del Portal.
Bajatelo ahora, se instala solo!.

http://www.montevideo.com.uy/discador/setup.exe

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] P2P shaping, won't work

[Jody Shumaker]

You might want to remove the iptables CLASSIFY rules as they point to
non existent tc classes, 1:10, 1:20, and 1:30.  Also your total
combined rates  for all the subclasses of 2:1 are greater than the
rate of 2:1,  22kbps for 2:1 and 36kbps for 2:2 - 2:6.  It's best if
you keep these to add up to the root classes ceil or lower. Also
you're marking p2p data as 3 and sending it to classid 2:5.  2:5 is
tied for the highest bandwidth at 10kbps, why?  In my tc setup,  p2p
is only given a rate of 4bps, and then a ciel of about 75% of my
connection.  This way, p2p has to borrow the bandwidth from everything
else, and thus gets last grab at bandwidth.  Giving it a guarentee on
par with the second highest class, of course your connection still
seems a little swamped.

- Jody




On 7/8/05, Francisco Pereira <fpereira@lojan.com> wrote:
> Mensaje citado por Edgar <donvodka@gmail.com>:
> 
> > Hello, its me again, I won't stop sending emails to this list, until I solve
> >
> > this problem, I've tried several apps to create the right htb rules (even
> > made them my self), but I always get the same results, traffic gets shaped,
> > but I can't use my bandwidth, and this is weird, because I should be able to,
> >
> > also I keep seeing download being limited too, and that shouldn't be
> > happening, I don't think I'm the only one with this problem out there, so I
> > will post here once again my configuration, to match p2p traffic and to shape
> >
> > it:
> >
> > ### ###
> > iptables -t mangle -F
> > iptables -t mangle -X
> > iptables -t mangle -N lay7PRE
> > iptables -t mangle -N lay7POST
> > iptables -t mangle -N ipp2pPRE
> > iptables -t mangle -N ipp2pPOST
> >
> > ### PREROUTING RULES ###
> > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
> > iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
> > iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3
> > iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3
> > iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK
> > --save-mark
> > iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1
> > iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2
> > iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark
> >
> > ### POSTROUTING RULES ###
> > iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY
> > --set-class 1:30
> > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY
> > --set-class 1:20
> > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY
> > --set-class 1:10
> >
> > ### ###
> > iptables -t mangle -A PREROUTING -j lay7PRE
> > iptables -t mangle -A POSTROUTING -j lay7POST
> > iptables -t mangle -A PREROUTING -j ipp2pPRE
> > iptables -t mangle -A POSTROUTING -j ipp2pPOST
> >
> > TC RULES
> > tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0
> > tc qdisc add dev eth1 handle 2:0 parent 1:0 htb
> > tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps
> > tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps
> > prio 0
> > tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq
> > tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps
> > prio 1
> > tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq
> > tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps
> > prio 2
> > tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq
> > tc class add dev eth1 parent 2:1 classid 2:5 htb rate 10000bps ceil 10000bps
> >
> > burst 0 cburst 0 prio 3 quantum 1500
> > tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq
> > tc class add dev eth1 parent 2:1 classid 2:6 htb rate 10000bps ceil 22000bps
> >
> > prio 1
> > tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift
> > 0
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex
> > classid
> > 2:6
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex
> > classid
> > 2:4
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex
> > classid
> > 2:5
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex
> > classid
> > 2:3
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex
> > classid
> > 2:2
> > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> >
> > 0 match u16 0x0 0xffc0 at 2 classid 1:5
> > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> >
> > 0 match u8 0x10 0x10 at 33 classid 1:4
> > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> >
> > 0 classid 1:5
> > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0
> > at
> > 0 classid 1:5
> >
> > well, this rules are generated with tcng (tcc actually), and I see traffic
> > going to the p2p rule (being 2:5), but still I'm not able to browse the web!
> >
> > nor chat nor anything, someone adviced me to create an interactive class and
> >
> > then leave the unmatched traffic go to a default class (and here'll go p2p
> > traffic too), but then I'm running a squid server at home, and thus I don't
> > know what port to specify to do this, anyway, I've tried already with normal
> >
> > http traffic, with layer7, I see the traffic going to the iptables chain, but
> >
> > yet it'll still won't work, p2p traffic keeps eating all my bandwidth, its
> > ignoring all the priorities I have in my tc rules (being the 2:5 class the
> > one with the lowest priority), I really need to get this working, and I know
> >
> > there's some ppl that has lots of more experience that me, and I'm sure you
> > can help me. Thank you
> 
> can != want != will
> 
> You may have a problem with the rate units -  bps != bit -, but i dont know the
> type or rate of your internet link.
> Post a detailed ascii diagram of your network. Which is the transfer rate of the
> internet link?
> 
> IPP2P works very well for me.
> How did you test your iptables & tc setup? In the real network or in a
> controlled environment?
> Did you try starting with a very basic tc setup and adding tc qdiscs, classes
> and filters one by one and checking the results on every step?
> 
> Regards,
> Francisco.
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> Miles de internautas ya utilizan el discador del Portal.
> Bajatelo ahora, se instala solo!.
> 
> http://www.montevideo.com.uy/discador/setup.exe
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc