Re: [LARTC] P2P shaping, won't work

From: Jody Shumaker <jody.shumaker@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] P2P shaping, won't work
Date: Fri, 08 Jul 2005 13:59:31 +0000	[thread overview]
Message-ID: <2af43649050708065930b163b6@mail.gmail.com> (raw)
In-Reply-To: <200507080136.53843.donvodka@gmail.com>

You might want to remove the iptables CLASSIFY rules as they point to
non existent tc classes, 1:10, 1:20, and 1:30.  Also your total
combined rates  for all the subclasses of 2:1 are greater than the
rate of 2:1,  22kbps for 2:1 and 36kbps for 2:2 - 2:6.  It's best if
you keep these to add up to the root classes ceil or lower. Also
you're marking p2p data as 3 and sending it to classid 2:5.  2:5 is
tied for the highest bandwidth at 10kbps, why?  In my tc setup,  p2p
is only given a rate of 4bps, and then a ciel of about 75% of my
connection.  This way, p2p has to borrow the bandwidth from everything
else, and thus gets last grab at bandwidth.  Giving it a guarentee on
par with the second highest class, of course your connection still
seems a little swamped.

- Jody

On 7/8/05, Francisco Pereira <fpereira@lojan.com> wrote:
> Mensaje citado por Edgar <donvodka@gmail.com>:
> 
> > Hello, its me again, I won't stop sending emails to this list, until I solve
> >
> > this problem, I've tried several apps to create the right htb rules (even
> > made them my self), but I always get the same results, traffic gets shaped,
> > but I can't use my bandwidth, and this is weird, because I should be able to,
> >
> > also I keep seeing download being limited too, and that shouldn't be
> > happening, I don't think I'm the only one with this problem out there, so I
> > will post here once again my configuration, to match p2p traffic and to shape
> >
> > it:
> >
> > ### ###
> > iptables -t mangle -F
> > iptables -t mangle -X
> > iptables -t mangle -N lay7PRE
> > iptables -t mangle -N lay7POST
> > iptables -t mangle -N ipp2pPRE
> > iptables -t mangle -N ipp2pPOST
> >
> > ### PREROUTING RULES ###
> > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
> > iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
> > iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3
> > iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3
> > iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK
> > --save-mark
> > iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1
> > iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2
> > iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark
> >
> > ### POSTROUTING RULES ###
> > iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY
> > --set-class 1:30
> > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY
> > --set-class 1:20
> > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY
> > --set-class 1:10
> >
> > ### ###
> > iptables -t mangle -A PREROUTING -j lay7PRE
> > iptables -t mangle -A POSTROUTING -j lay7POST
> > iptables -t mangle -A PREROUTING -j ipp2pPRE
> > iptables -t mangle -A POSTROUTING -j ipp2pPOST
> >
> > TC RULES
> > tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0
> > tc qdisc add dev eth1 handle 2:0 parent 1:0 htb
> > tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps
> > tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps
> > prio 0
> > tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq
> > tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps
> > prio 1
> > tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq
> > tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps
> > prio 2
> > tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq
> > tc class add dev eth1 parent 2:1 classid 2:5 htb rate 10000bps ceil 10000bps
> >
> > burst 0 cburst 0 prio 3 quantum 1500
> > tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq
> > tc class add dev eth1 parent 2:1 classid 2:6 htb rate 10000bps ceil 22000bps
> >
> > prio 1
> > tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift
> > 0
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex
> > classid
> > 2:6
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex
> > classid
> > 2:4
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex
> > classid
> > 2:5
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex
> > classid
> > 2:3
> > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex
> > classid
> > 2:2
> > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> >
> > 0 match u16 0x0 0xffc0 at 2 classid 1:5
> > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> >
> > 0 match u8 0x10 0x10 at 33 classid 1:4
> > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at
> >
> > 0 classid 1:5
> > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0
> > at
> > 0 classid 1:5
> >
> > well, this rules are generated with tcng (tcc actually), and I see traffic
> > going to the p2p rule (being 2:5), but still I'm not able to browse the web!
> >
> > nor chat nor anything, someone adviced me to create an interactive class and
> >
> > then leave the unmatched traffic go to a default class (and here'll go p2p
> > traffic too), but then I'm running a squid server at home, and thus I don't
> > know what port to specify to do this, anyway, I've tried already with normal
> >
> > http traffic, with layer7, I see the traffic going to the iptables chain, but
> >
> > yet it'll still won't work, p2p traffic keeps eating all my bandwidth, its
> > ignoring all the priorities I have in my tc rules (being the 2:5 class the
> > one with the lowest priority), I really need to get this working, and I know
> >
> > there's some ppl that has lots of more experience that me, and I'm sure you
> > can help me. Thank you
> 
> can != want != will
> 
> You may have a problem with the rate units -  bps != bit -, but i dont know the
> type or rate of your internet link.
> Post a detailed ascii diagram of your network. Which is the transfer rate of the
> internet link?
> 
> IPP2P works very well for me.
> How did you test your iptables & tc setup? In the real network or in a
> controlled environment?
> Did you try starting with a very basic tc setup and adding tc qdiscs, classes
> and filters one by one and checking the results on every step?
> 
> Regards,
> Francisco.
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> Miles de internautas ya utilizan el discador del Portal.
> Bajatelo ahora, se instala solo!.
> 
> http://www.montevideo.com.uy/discador/setup.exe
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc