All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Prioritizing on a Bridge doesn't seen to work correct, ingress
@ 2004-04-19 12:58 Thomas Reiß
  2004-04-19 23:32 ` [LARTC] Prioritizing on a Bridge doesn't seen to work correct, Damion de Soto
  0 siblings, 1 reply; 2+ messages in thread
From: Thomas Reiß @ 2004-04-19 12:58 UTC (permalink / raw)
  To: lartc

Hi there,

i tried to setup up a Linuxbridge for prioritize some interactive (Citrix / https) Traffic to 1.2.3.4 on my ADSL Link, but i think it work not correct.

Overview:

Router <->Linux Bridge<->internal Net
              eth1                  eth0

This is my Script (with friendly support from the Linux Advanced Routing & Traffic control Howto)

#!/bin/sh
#
# ADSL 1500/160kbit Down/Upload

UPLOAD\x140
#DOWNLOAD\x1130
DOWNLOAD\x1330

## IP Adresses TKH = internal, SAD = external
# internel Host
TKH=1.2.3.4
# external Partner
SAD=5.6.7.8
## create QDISK
tc qdisc add dev eth1 root handle 1: htb default 11

## create UPload Class
tc class add dev eth1 parent 1: classid 1:1 htb rate ${UPLOAD}kbit ceil ${UPLOAD}kbit

# Upload Interaktive and "Connection beginn" Class
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 30kbit ceil ${UPLOAD}kbit prio 0 burst 4k quantum 6000

# Upload Webclass und Default
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 70kbit ceil 100kbit prio 1 burst 2k quantum 1500

# Upload SMTP Class
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 20kbit ceil 100kbit prio 2 quantum 1500

#  Handle Mapping
tc qdisc add dev eth1 parent 1:11 handle 120: sfq perturb 10
tc qdisc add dev eth1 parent 1:12 handle 130: sfq perturb 10

#
## Einstellung der Prioritäten der einzelnen Klassen und für den Einsatz mit IP Tables
#

# Mark Mapping
tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12

# Set Mark's to right Packes
# You can start marking packets adding rules to the PREROUTING chain in the mangle table.

iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p icmp -j RETURN

#A good idea is to prioritize packets to begin tcp connections, those with SYN flag set:
iptables -t mangle -I PREROUTING -p tcp  -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p tcp  -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN

# We have done a -j RETURN so packets don't traverse all rules. Icmp packets won't match other rules below RETURN. Keep that in mind. Now we can start adding more rules, lets do proper TOS handling:
iptables -t mangle -A PREROUTING  -p tcp -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING  -p tcp -m tos --tos Minimize-Delay -j RETURN
iptables -t mangle -A PREROUTING  -p tcp -m tos --tos Minimize-Cost -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING  -p tcp -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -A PREROUTING  -p tcp -m tos --tos Maximize-Throughput -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING  -p tcp -m tos --tos Maximize-Throughput -j RETURN

# high prio Citrix / https Connections

iptables -t mangle -A PREROUTING -p tcp -d ${SAD} --dport 443 -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p tcp -d ${SAD} --sport 443 -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p tcp -d ${SAD} --dport 443 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -d ${SAD} --sport 443 -j RETURN

# low SMTP Connections

iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 0x3

#
# Dowloadbegrenzung
# extra qdisc
tc qdisc add dev eth1 handle ffff: ingress
# filtere/bremSE alles was zu schnell kommt
tc filter add dev eth1 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${DOWNLOAD}kbit burst 10k drop flowid :1

So my Problems are:

1)  a big Download becomes  never more than ~ 100kbit (the most times it will be much lower). Why that ?
- Should it not have the speed of the Download Rate from the ingress qdisq ?
- The ingress qdisq counter show 0 Packets send. Why isn't this work ?

2) when the Download run break's interactivity on the Citrix Clients, can anybody explain me why ?
- Citrix Clients should have the highest Priority, and counter of the Classes 1:10, 1:11 and 1:12 show different Values.
So i think the mangling with iptables should work.

3) when big E-Mail's go out of our Network, it break's interactivity on the Citrix Clients, can anybody explain me why ?

Here some minor Infos:
- Debian Woody Backport Kernel 2.6.2
- htb Version 3.15

I think i do something wrong, but can please anybody point my to the right direction ?
Thank You
Thomas

 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] Prioritizing on a Bridge doesn't seen to work correct,
  2004-04-19 12:58 [LARTC] Prioritizing on a Bridge doesn't seen to work correct, ingress Thomas Reiß
@ 2004-04-19 23:32 ` Damion de Soto
  0 siblings, 0 replies; 2+ messages in thread
From: Damion de Soto @ 2004-04-19 23:32 UTC (permalink / raw)
  To: lartc



Thomas Reiß wrote:

> i tried to setup up a Linuxbridge for prioritize some interactive (Citrix / https) Traffic to 1.2.3.4 on my ADSL Link, but i think it work not correct.
---snip----
> 1)  a big Download becomes  never more than ~ 100kbit (the most times it will be much lower). Why that ?
> - Should it not have the speed of the Download Rate from the ingress qdisq ?
> - The ingress qdisq counter show 0 Packets send. Why isn't this work ?
---snip---
> I think i do something wrong, but can please anybody point my to the right direction ?
I couldn't make ingress policing work with bridges either.
I just changed to egress shaping on both interfaces (since it's a gateway router).

I vaguely recall someone else discussing this on the list recently - can't remember 
what the result was though.


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-04-19 23:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-19 12:58 [LARTC] Prioritizing on a Bridge doesn't seen to work correct, ingress Thomas Reiß
2004-04-19 23:32 ` [LARTC] Prioritizing on a Bridge doesn't seen to work correct, Damion de Soto

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.