All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] tc/htb QoS script
@ 2005-05-08 14:27 Ulrich Pöschl
  2005-05-11 22:26 ` Andy Furniss
  0 siblings, 1 reply; 2+ messages in thread
From: Ulrich Pöschl @ 2005-05-08 14:27 UTC (permalink / raw)
  To: lartc

hello folks,

this is my first post to that list. so I hope I am not completely OT 
here :-)

reading the (excellent!) lartc and then writing my own qos-script I have 
still some open questions which I will try to formulate now:

- "Now we can optionally attach queuing disciplines to the leaf classes. 
If none is specified the default is pfifo." - I can't find info about 
Pfifo. is it the same as pfifo_fast?
what happenes when I do not add queuing disciplines to the leaf classes? 
only the filters?


- can a class burst above the ceil-parameter when there is NO other 
traffic on the line at that moment?

- what happens when a packet passing trough the filters can be matched 
by two filters? f.e. I have a "general" type of WWW-port 80 filter and 
another WWW-port 80 filter to a certain subnet. is it like a cisco ACL? 
the first hit is applied?

- is hardware a criteria? i want to shape a pretty full 2048/2048 line 
and use an old server with 2 NICs at the moment. 128 MB ram, but gnome 
running.. :) could I create a bottleneck by doing so?


- question concerning the script (below):
it is quite simple. I want to filter any traffic going to an "SAP" 
subnet. (where we have the SAP-system) and WWW as well as email
i apply it to interface eth0 and eth1 (which are part of an ethernet 
bridge br0).
as there are all servers on one side of the bridge and I want it to be 
"plug and play"-like I apply the same script to both interfaces.

The setup is like this:
[Manchester] (~250 Clients) ---> Transparent QoS-Bridge ----> ROUTER 
-------- FR WAN 2 Mbit ------> [AT/Vienna] (Mailserver, Proxy, SAP)

- and: will my script work as expected with that setup? :)

thanks in advance and kind regards,

Ulrich




#!/bin/sh
#
############ Configuration part ##############
         
DEVICE=$1       # interface (eth0 / eth1)

Bandwidth 48kbit  # rate of WAN - line / remember you can't ceil this 
or you'll experience latency. 75-80% of ceil is a good place to start.

rateSAP\x1024kbit
ceilSAP 48kbit
prioSAP=1

rateEMAILQ2kbit
ceilEMAILv8kbit
prioEMAIL=3

rateWEBv8kbit
ceilWEB\x1024kbit
prioWEB=2

rateBulkQ2kbit
ceilBULKv8kbit
prioBULK=4

rateVIEMON02Q2kbit
ceilVIEMON02€0kbit
prioVIEMON02=1


VIEMON02="172.24.69.34"

SAPNET="172.24.64.0/24"

PROXY="172.24.69.21/32"

MAILSERVER="172.24.69.23/32"

TCCLASS="tc class add dev $DEVICE"
TCQDISC="tc qdisc add dev $DEVICE"


############ End of configuration part ##############



#####################################

# Delete any old rules #
tc qdisc del root dev $DEVICE

# root qdisc /  qdisc = queueing discipline #
tc qdisc add dev $DEVICE root handle 1: htb default 16

# ceil hier eigentlich redundant - da es
$TCCLASS parent 1: classid 1:1 htb rate $Bandwidth ceil $Bandwidth

# child qdiscs (like child nodes on a tree) #
$TCCLASS parent 1:1 classid 1:11 htb rate $rateEMAIL ceil $ceilEMAIL 
prio $prioEMAIL

$TCCLASS parent 1:1 classid 1:12 htb rate $rateSAP ceil $ceilSAP prio 
$prioSAP

$TCCLASS parent 1:1 classid 1:13 htb rate $rateWEB ceil $ceilWEB prio 
$prioWEB

$TCCLASS parent 1:1 classid 1:14 htb rate $rateVIEMON02 ceil 
$ceilVIEMON02 prio $prioVIEMON02


$TCCLASS parent 1:1 classid 1:16 htb rate $rateBulk ceil $ceilBULK prio 
$prioBULK

########################################################################################################
# To continue let's add a pfifo queuing discipline to each of the 
service classes;

$TCQDISC parent 1:11 handle 110: pfifo limit 10
$TCQDISC parent 1:12 handle 120: pfifo limit 10
$TCQDISC parent 1:13 handle 130: pfifo limit 10
$TCQDISC parent 1:14 handle 140: pfifo limit 10

# BULK
$TCQDISC parent 1:16 handle 160: sfq perturb 20


########################################################################################################
# Filter definitions for traffic matching
########################################################################################################


############### SAP ##############
# all SAP-systems are in the same subnet - all traffic from/to that 
subnet is business-critical

tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match 
ip src $SAPNET flowid 1:12
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match 
ip dst $SAPNET flowid 1:12

# A little tweaking.... :-)
# match icmp echo request
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match 
ip icmp_type 0x08 0xff flowid 1:12
# match icmp echo reply
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioSAP u32 match 
ip icmp_type 0x00 0xff flowid 1:12




############### WEB ###############
# Web-surfing only possible via $PROXY-Server

tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 match 
ip src $PROXY flowid 1:13
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 match 
ip dst $PROXY flowid 1:13
#tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioWEB u32 
match ip dport 80 flowid 1:13


############### EMAIL ################

tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioEMAIL u32 
match ip src $MAILSERVER flowid 1:11
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioEMAIL u32 
match ip dst $MAILSERVER flowid 1:11




#####################################
############ VIEMON02 ###############
#                                   #
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioVIEMON02 u32 
match ip src $VIEMON02/32 flowid 1:14
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioVIEMON02 u32 
match ip dst $VIEMON02/32 flowid 1:14

#####################################
######### Bulk / Default ############
#                                   #

tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioBULK u32 
match ip src 0.0.0.0/0 flowid 1:16
tc filter add dev $DEVICE protocol ip parent 1:0 prio $prioBULK u32 
match ip dst 0.0.0.0/0 flowid 1:16

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] tc/htb QoS script
  2005-05-08 14:27 [LARTC] tc/htb QoS script Ulrich Pöschl
@ 2005-05-11 22:26 ` Andy Furniss
  0 siblings, 0 replies; 2+ messages in thread
From: Andy Furniss @ 2005-05-11 22:26 UTC (permalink / raw)
  To: lartc

Ulrich Pöschl wrote:
> hello folks,
> 
> this is my first post to that list. so I hope I am not completely OT 
> here :-)
> 
> reading the (excellent!) lartc and then writing my own qos-script I have 
> still some open questions which I will try to formulate now:
> 
> - "Now we can optionally attach queuing disciplines to the leaf classes. 
> If none is specified the default is pfifo." - I can't find info about 
> Pfifo. is it the same as pfifo_fast?
> what happenes when I do not add queuing disciplines to the leaf classes? 
> only the filters?

pfifo = packet fifo it's just a first in first out not as clever as 
pfifo fast. If you don't add a queue to a leaf you get a long pfifo - 
limit set by htb rather than you.

> - can a class burst above the ceil-parameter when there is NO other 
> traffic on the line at that moment?

You can specify burst and cburst for htb in your scipt if you want - if 
you don't htb chooses them for you from rate/ceil.

See them with tc -s -d class ls devX.

> 
> - what happens when a packet passing trough the filters can be matched 
> by two filters? f.e. I have a "general" type of WWW-port 80 filter and 
> another WWW-port 80 filter to a certain subnet. is it like a cisco ACL? 
> the first hit is applied?

Yes use prio to order filters and remember 1 is highest not 0.

> 
> - is hardware a criteria? i want to shape a pretty full 2048/2048 line 
> and use an old server with 2 NICs at the moment. 128 MB ram, but gnome 
> running.. :) could I create a bottleneck by doing so?

Probably be OK as long as you don't have thousands of tests per packet.

> 
> 
> - question concerning the script (below):
> it is quite simple. I want to filter any traffic going to an "SAP" 
> subnet. (where we have the SAP-system) and WWW as well as email
> i apply it to interface eth0 and eth1 (which are part of an ethernet 
> bridge br0).
> as there are all servers on one side of the bridge and I want it to be 
> "plug and play"-like I apply the same script to both interfaces.
> 
> The setup is like this:
> [Manchester] (~250 Clients) ---> Transparent QoS-Bridge ----> ROUTER 
> -------- FR WAN 2 Mbit ------> [AT/Vienna] (Mailserver, Proxy, SAP)
> 
> - and: will my script work as expected with that setup? :)
> 
> thanks in advance and kind regards,
> 
> Ulrich
> 
> 
> 
> 
> #!/bin/sh
> #
> ############ Configuration part ##############
>         DEVICE=$1       # interface (eth0 / eth1)
> 
> Bandwidth 48kbit  # rate of WAN - line / remember you can't ceil this 
> or you'll experience latency. 75-80% of ceil is a good place to start.

Your rates and ceils seem to ignore this comment :-)

Remember rates are guaranteed prio only affects sharing of what's spare.

Rest looks OK but I often miss things - test, test, test is the best way.

Andy.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-05-11 22:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-08 14:27 [LARTC] tc/htb QoS script Ulrich Pöschl
2005-05-11 22:26 ` Andy Furniss

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.