[LARTC] class exceeds its ceil

[LARTC] class exceeds its ceil

[Ratel]

Hi,

I have a setup like this:

   class 1:1 rate 7600kbit  (on a imq device)
        |
        |\class 1:10 rate 100kbit ceil 5600kbit prio 7 (here goes p2p 
traffic)
         \class 1:12 rate 7500kbit ceil 7600kbit
            |
            |\class 1:121 rate 3100 ceil 7500kbit prio 0
            |\class 1:122 rate 2200 ceil 7500kbit prio 2
             \class 1:123 rate 2200 ceil 7500kbit prio 3 (default)

My problem is: the 1:10 class consumes the whole bandwidth.
This is caused by a massive p2p traffic. I've read similar posts on this 
list, and I can't use the solution proposed by Stef Coene here:  
http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html. I match p2p 
packets with both ipp2p and layer7 filters and mark them with iptables 
MARK. I can easily block p2p traffic, but when I allow it - it exceeds 
its ceil and reaches the rate of my internet link, which is unacceptable.
I need to allow other classes to borrow bandwidth from a p2p class, but 
I do not want to allow a p2p class to borrow bandwidth from other 
classes. Is there a way to achieve it ? maybe I should redesign 
something in the above diagram.

W

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] class exceeds its ceil

[Andreas Klauer]

On Tuesday 27 December 2005 13:33, Ratel wrote:
> I need to allow other classes to borrow bandwidth from a p2p class, but 
> I do not want to allow a p2p class to borrow bandwidth from other 
> classes. Is there a way to achieve it ? maybe I should redesign 
> something in the above diagram.

Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil, 
but you say you don't want it to borrow bandwidth from other classes. 
However, to go over the 100kbit rate, it _has_ to borrow.

So, if you don't want it to borrow like you said, the solution would 
be to set the ceil of the P2P class to 100kbit as well. The other
classes will still be able to borrow from it if the P2P class is not
using it's bandwidth.

If this does somehow not seem to be what you want, please restate 
your requirements. :-)

Kind regards,
Andreas Klauer
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] class exceeds its ceil

[Jody Shumaker]

Ratel wrote:

> it exceeds its ceil and reaches the rate of my internet link


What are you basing this on? the P2P app or tc -s class show dev ---- ?  
Are you using thee CONNTRACK module?  It's simple to block P2P without 
CONNTRACK but if you want to shape it, you need it. Otherwise you'll 
only be marking the first packets for p2p connections, and not the rest.

- Jody

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] class exceeds its ceil

[Ratel]

Jody Shumaker wrote:

> Andreas Klauer wrote:
>
>Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil, 
>but you say you don't want it to borrow bandwidth from other classes. 
>However, to go over the 100kbit rate, it _has_ to borrow.
>
Oh yes, my mistake - I've confused ceil with rate. Anyway, the thing I 
wanted to achieve was to allow
p2p class to use even 5600kbit of my bandwidth, but without guarantees 
like rate. So guarantee a minimum bandwidth to a class - about 100kbit, 
but allow it to reach 5600kbit or more e.g. when there's no other trafic 
present. (Now I know I did it wrong)

>So, if you don't want it to borrow like you said, the solution would 
>be to set the ceil of the P2P class to 100kbit as well. The other
>classes will still be able to borrow from it if the P2P class is not
>using it's bandwidth.
>  
>
Are you sure? In my previous post I was refering to this example 
http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html
which says this class won't be able to exchange any bandwidth at all.

> Jody Shumaker wrote:
> What are you basing this on? the P2P app or tc -s class show dev ---- ?

I simply block p2p traffic for some time and see that bandwidth usage 
(according to iptraf) falls down to ~20% of total link's "capacity" + 
classes that are supposed to send p2p traffic send nothing. (I also get 
feedback that indeed p2p apps aren't working) After allowing p2p 
through, bandwidth usage jumps to ~100% of the total available bandwidth.

> Are you using thee CONNTRACK module?  It's simple to block P2P without 
> CONNTRACK but if you want to shape it, you need it. Otherwise you'll 
> only be marking the first packets for p2p connections, and not the rest.

I am aware of that, but didn't you mean CONNMARK target (module)?

W

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] class exceeds its ceil

[Jody Shumaker]

[-- Attachment #1.1: Type: text/plain, Size: 4352 bytes --]

On 12/27/05, Ratel <ratel@post.pl> wrote:
>
> Jody Shumaker wrote:
>
> > Andreas Klauer wrote:
> >
> >Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil,
> >but you say you don't want it to borrow bandwidth from other classes.
> >However, to go over the 100kbit rate, it _has_ to borrow.
> >
> Oh yes, my mistake - I've confused ceil with rate. Anyway, the thing I
> wanted to achieve was to allow
> p2p class to use even 5600kbit of my bandwidth, but without guarantees
> like rate. So guarantee a minimum bandwidth to a class - about 100kbit,
> but allow it to reach 5600kbit or more e.g. when there's no other trafic
> present. (Now I know I did it wrong)



I believe you did this portion correctly. ceil is the hard limit, the rate
is the guarentee.  Class will use up to its rate, then after that it will
borrow up to its ceil. What confused him was that you said you didn't want
p2p to borrow from the other classes.  If its to go above 100kbit, it has to
borrow.  However it should never borrow guarenteed rate bandwidth they are
using.

>So, if you don't want it to borrow like you said, the solution would
> >be to set the ceil of the P2P class to 100kbit as well. The other
> >classes will still be able to borrow from it if the P2P class is not
> >using it's bandwidth.
> >
> >
> Are you sure? In my previous post I was refering to this example
> http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html
> which says this class won't be able to exchange any bandwidth at all.



And in that example, rate and ceil are set to the same value, which means it
will use up to its rate and never try to borrow more. You seem to want it to
be able to borrow, but not up to the full connection, only up to ~75%. Also,
that email is partially incorrect.  Nothing done in that email will prevent
lending from the 1:40 to the 1:2 class and subclasses.  However, I don't
think this is a problem for you. If no p2p, then what is wrong with lending
the 100kbit.

> Jody Shumaker wrote:
> > What are you basing this on? the P2P app or tc -s class show dev ---- ?
>
> I simply block p2p traffic for some time and see that bandwidth usage
> (according to iptraf) falls down to ~20% of total link's "capacity" +
> classes that are supposed to send p2p traffic send nothing. (I also get
> feedback that indeed p2p apps aren't working) After allowing p2p
> through, bandwidth usage jumps to ~100% of the total available bandwidth.
>
> > Are you using thee CONNTRACK module?  It's simple to block P2P without
> > CONNTRACK but if you want to shape it, you need it. Otherwise you'll
> > only be marking the first packets for p2p connections, and not the rest.
>
> I am aware of that, but didn't you mean CONNMARK target (module)?
>
> W


Oops :)  yeah I meant CONNMARK.  It sounds like your htb classes are setup
perfectly fine, you should really check the tc statistics and see how things
are actually being classified. I'm using CONNMARK like this to mark p2p:

iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j ACCEPT

iptables -t mangle -A PREROUTING -m ipp2p --bit --edk --kazaa --gnu --dc -j
MARK --set-mark ${MARKP2P}
iptables -t mangle -A PREROUTING -p tcp --dport 3010 -j MARK --set-mark
${MARKP2P}

iptables -t mangle -A PREROUTING -p tcp -m mark --mark ${MARKP2P} -j
CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT


Personally, I don't have much experience with IMQ and have only been shaping
upload, but I've done something similar and it works fine. I cap P2P to only
95% of the upload (used to be 85%) and give it a guarenteed rate of only
4kbit.  It will use its full 95%, but as soon as I use something else, i'll
use 100% of the line and as much as possible for the non P2P traffic.
http://webpages.charter.net/falconx/eth1-50-tc-cumulative.png
This image shows how this ends up working in reality for me, orange is P2P,
blue is default, and red is priority.


I'm not sure on the exact command to use for an imq, but possibly something
like `tc -s class show dev imq0`? However from what I know right now, it
seems like you've setup things very similar to how I have for upload which I
know works.

- Jody

[-- Attachment #1.2: Type: text/html, Size: 5252 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] class exceeds its ceil

[Andreas Klauer]

On Tuesday 27 December 2005 23:34, Jody Shumaker wrote:
> Also, that email is partially incorrect. Nothing done in that email 
> will prevent lending from the 1:40 to the 1:2 class and subclasses.

The way I see it, the email is correct.

A class that has the same rate and ceil will never borrow, simply because 
it does not have to. As for lending, that will happen only if one of it 
siblings wants to borrow bandwidth. As for children classes, they are 
restricted by their parent. They cannot take bandwidth from outsiders, 
unless their parent borrows it for them.

That does not help the original poster in any way, however.
Sorry for this useless message. ;-)

Regards,
Andreas Klauer
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc