[LARTC] Qos and bandwidth control

[LARTC] Qos and bandwidth control

[Beto .]

hi everybody.
im trying to set up an QoS config, using layer7 
(http://l7-filter.sourceforge.net/) for protocol detection.
im suposing 3 clients with this configuration:
3 clients: 1.2.3.1 , 1.2.3.2 , 1.2.3.3
1.2.3.1 has 256kbit bandwidth "guaranteed"
clients 1.2.3.2 and 1.2.3.3 has 256kbit bandwith

so im marking every packet using layer7 iptables module, classifying them in 
three groups: high priority(2), medium priority(3) and low priority(4). 
Protocols (or applications) like ssh, VOIP or games suit in the high 
priority category, and P2P apps go in the low priority category. iptables 
commands are like this:

iptables -t mangle -A POSTROUTING -m layer7 --l7proto ssh -j MARK --set-mark 
2
iptables -t mangle -A POSTROUTING -m layer7 --l7proto h323 -j MARK 
--set-mark 2
iptables -t mangle -A POSTROUTING -m layer7 --l7proto directconnect -j MARK 
--set-mark 4
iptables -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j MARK 
--set-mark 4
iptables -t mangle -A POSTROUTING -m layer7 --l7proto fasttrack -j MARK 
--set-mark 4

then i use a combination of tc commands to enqueue packets on different 
classes depending on this mark.
the problem im facing is that i also have to limit client's bandwidth and im 
not sure that my solution is the best. i've searched for an example like 
this in the web but i have found nothing.

here is my little script for this config, comments will be very 
appreciatted!!!
it could have some errors. Basic protocol detection and enqueue was working 
fine, but im not sure now, with "bandwidth restrictions" additions.

#!/bin/bash
tc qdisc add dev eth0 root handle 1: htb default 8

tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit

tc class add dev eth0 parent 1:1 classid 1:2 htb rate 256kbit prio 1
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 256kbit prio 1

tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip src 
1.2.3.1/32 flowid 1:2
tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip src 
1.2.3.2/32 flowid 1:3
tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip src 
1.2.3.3/32 flowid 1:3

# classes for client 1
tc class add dev eth0 parent 1:2 classid 1:4 htb rate 200kbit
tc class add dev eth0 parent 1:2 classid 1:5 htb rate 128kbit ceil 256kbit
tc class add dev eth0 parent 1:2 classid 1:6 htb rate 20kbit ceil 256kbit

tc filter add dev eth0 protocol ip parent 1:2 prio 1 handle 2 fw flowid 1:4
tc filter add dev eth0 protocol ip parent 1:2 prio 1 handle 3 fw flowid 1:5
tc filter add dev eth0 protocol ip parent 1:2 prio 1 handle 4 fw flowid 1:6

# i need this??
tc qdisc add dev eth0 parent 1:4 handle 4: sfq perturb 10
tc qdisc add dev eth0 parent 1:5 handle 5: sfq perturb 10
tc qdisc add dev eth0 parent 1:6 handle 6: sfq perturb 10

# classes for clients 2 and 3
tc class add dev eth0 parent 1:3 classid 1:7 htb rate 200kbit
tc class add dev eth0 parent 1:3 classid 1:8 htb rate 128kbit ceil 256kbit
tc class add dev eth0 parent 1:3 classid 1:9 htb rate 20kbit ceil 256kbit

# filters for clients 2 and 3 classes
tc filter add dev eth0 protocol ip parent 1:3 prio 1 handle 2 fw flowid 1:7
tc filter add dev eth0 protocol ip parent 1:3 prio 1 handle 3 fw flowid 1:8
tc filter add dev eth0 protocol ip parent 1:3 prio 1 handle 4 fw flowid 1:9

tc qdisc add dev eth0 parent 1:7 handle 7: sfq perturb 10
tc qdisc add dev eth0 parent 1:8 handle 8: sfq perturb 10
tc qdisc add dev eth0 parent 1:9 handle 9: sfq perturb 10

thanks!

Roberto Scattini

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.latam.msn.com/

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Qos and bandwidth control

[Andreas Klauer]

On Thu, Jan 12, 2006 at 07:01:57PM +0000, Beto . wrote:
> 1.2.3.1 has 256kbit bandwidth "guaranteed"
> clients 1.2.3.2 and 1.2.3.3 has 256kbit bandwith

So I guess that means 512kbit in total?

> so im marking every packet using layer7 iptables module

I have not used layer7 so far, only IPP2P, but the basic idea of 
classifying and prioritizing should be the same.

> iptables -t mangle -A POSTROUTING -m layer7 --l7proto ssh -j MARK 
> --set-mark 2

No connmark? Does layer7 actually detect every single packet of this 
protocol, or only the first ones of a connection? In the latter case, 
you'd have to mark the connection, not just a single packet.

> the problem im facing is that i also have to limit client's bandwidth and 
> im not sure that my solution is the best. i've searched for an example like 
> this in the web but i have found nothing.

I don't know what's best either. My solution was to give every user 
a separate HTB class, to limit their bandwidth. Further prioritization 
of packets has then to be done inside this user class. Your setup 
looks like you're trying to do something similar.

> it could have some errors. Basic protocol detection and enqueue was working 
> fine, but im not sure now, with "bandwidth restrictions" additions.

The most common error with HTB classes is that the sum of the children 
class rates is not equal to the parent class rate. You got it right for 
the root class 1:1 and it's children 1:2, 1:3 (256+256Q2kbit), but 
it's wrong for the children of 1:2 (200+128+2048kbit, whereas the 
parent can only offer 256kbit in total).

Also, I don't see where in your setup the classification by user is 
taking place.

Regards,
Andreas Klauer
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc