[LARTC] TC using vlan interface

[LARTC] TC using vlan interface

[Luciano]

Hi all,

Is it possible to use TC (HTB) in vlan interfaces ?
Where can I find more documentation ?

Thanks a lot

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] TC using vlan interface

[Torsten Luettgert]

On Thu, 2006-06-22 at 11:28 -0300, Luciano wrote:
> Hi all,
> 
> Is it possible to use TC (HTB) in vlan interfaces ?
> Where can I find more documentation ?

Yes, that is possible. VLAN interfaces are really
different from the physical interface they reside
on, kernel-wise.

For example, if you put a 1 MBit HTB on eth0,
but no qdisc on VLAN device eth0.1, traffic through
eth0.1 won't be throttled at all. I suspect the same
goes for iptables rules (but didn't try that yet).

For documentation, see the LARTC howto and the docs
on the HTB home page. There are also some ready-made
shaping scripts which can help you understanding how
all this works.

Regards,
Torsten

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] TC using vlan interface

[Radu Oprisan]

Torsten Luettgert wrote:
> On Thu, 2006-06-22 at 11:28 -0300, Luciano wrote:
>   
>> Hi all,
>>
>> Is it possible to use TC (HTB) in vlan interfaces ?
>> Where can I find more documentation ?
>>     
>
> Yes, that is possible. VLAN interfaces are really
> different from the physical interface they reside
> on, kernel-wise.
>
> For example, if you put a 1 MBit HTB on eth0,
> but no qdisc on VLAN device eth0.1, traffic through
> eth0.1 won't be throttled at all. I suspect the same
> goes for iptables rules (but didn't try that yet).
>
>   
Let me explain...
Due to the fact that vlan id's add some 4 bytes to the header of the 
packet, tc filter does not work properly unless you feed it with an 
offset and a hex match. I use 801.q and TC with iptables and tc filter 
rules based on iptables mark with great success. I admit it is more 
complicated this way, but it works...

iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j MARK --set-mark 12
iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j RETURN
tc class add dev eth0 parent 10:1 classid 10:112 htb rate 20Mbit ceil 
20Mbit ..............
tc filter add dev eth0 parent 10:0 protocol 802.1q prio 90 handle 12 fw 
flowid 10:112
tc qdisc add dev eth0 parent 10:112 handle 10112 sfq perturb 10

class htb 10:112 parent 10:1 leaf 112: prio 0 rate 20000Kbit ceil 
20000Kbit burst 2Kb cburst 11597b
 Sent 9638423935 bytes 12057262 pkt (dropped 0, overlimits 0 requeues 0)
 rate 268048bit 37pps backlog 0b 0p requeues 0
 lended: 11929727 borrowed: 127535 giants: 0
 tokens: 806 ctokens: 4719

> For documentation, see the LARTC howto and the docs
> on the HTB home page. There are also some ready-made
> shaping scripts which can help you understanding how
> all this works.
>
> Regards,
> Torsten
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>   

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] TC using vlan interface

[Torsten Luettgert]

On Fri, 2006-06-23 at 01:17 +0300, Radu Oprisan wrote:
> Torsten Luettgert wrote:
> > On Thu, 2006-06-22 at 11:28 -0300, Luciano wrote:
> >   
> Let me explain...
> Due to the fact that vlan id's add some 4 bytes to the header of the 
> packet, tc filter does not work properly unless you feed it with an 
> offset and a hex match. I use 801.q and TC with iptables and tc filter 
> rules based on iptables mark with great success. I admit it is more 
> complicated this way, but it works...
> 
> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j MARK --set-mark 12
> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j RETURN

Oh, I see. Didn't ever think of those problems, because I never
use tc filters. My setup would look like

iptables -t mangle -A FORWARD -d x.y.z.t -j CLASSIFY --set-class 10:112

which removes a bit of the complexity.

Regards,
Torsten

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] TC using vlan interface

[Gafton Claudiu]

[-- Attachment #1.1: Type: text/plain, Size: 1521 bytes --]

How it'll work for 150kpps ? I think the solution is hashing filters and this can't be done with iptables -j CLASSIFY ... i think !
   
  PS
  Does anyone use IFB insted of IMQ ?
   
  

Torsten Luettgert <t.luettgert@pressestimmen.de> wrote:
  On Fri, 2006-06-23 at 01:17 +0300, Radu Oprisan wrote:
> Torsten Luettgert wrote:
> > On Thu, 2006-06-22 at 11:28 -0300, Luciano wrote:
> > 
> Let me explain...
> Due to the fact that vlan id's add some 4 bytes to the header of the 
> packet, tc filter does not work properly unless you feed it with an 
> offset and a hex match. I use 801.q and TC with iptables and tc filter 
> rules based on iptables mark with great success. I admit it is more 
> complicated this way, but it works...
> 
> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j MARK --set-mark 12
> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j RETURN

Oh, I see. Didn't ever think of those problems, because I never
use tc filters. My setup would look like

iptables -t mangle -A FORWARD -d x.y.z.t -j CLASSIFY --set-class 10:112

which removes a bit of the complexity.

Regards,
Torsten

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



signature
-----
Fight back spam! Download the Blue Frog.
http://www.bluesecurity.com/register/s?user=Z2FmdHk%3D
 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

[-- Attachment #1.2: Type: text/html, Size: 1891 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] TC using vlan interface

[Radu Oprisan]

Torsten Luettgert wrote:
> On Fri, 2006-06-23 at 01:17 +0300, Radu Oprisan wrote:
>   
>> Torsten Luettgert wrote:
>>     
>>> On Thu, 2006-06-22 at 11:28 -0300, Luciano wrote:
>>>   
>>>       
>> Let me explain...
>> Due to the fact that vlan id's add some 4 bytes to the header of the 
>> packet, tc filter does not work properly unless you feed it with an 
>> offset and a hex match. I use 801.q and TC with iptables and tc filter 
>> rules based on iptables mark with great success. I admit it is more 
>> complicated this way, but it works...
>>
>> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j MARK --set-mark 12
>> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j RETURN
>>     
>
> Oh, I see. Didn't ever think of those problems, because I never
> use tc filters. My setup would look like
>
> iptables -t mangle -A FORWARD -d x.y.z.t -j CLASSIFY --set-class 10:112
>   
Ok, you can do it with -j CLASSIFY ... forgot about that. But anyway, 
the best solution for this if you want speed is to adapt, as in, use the 
offset trick in u32. I had an email once from somebody who was kind 
enough to assist me in this problem and if i find it, i will gladly post 
the translation.
Btw, all this marking and -j CLASSIFY uses quite a bit of processing 
power, which amounts in a bigger timespan from the time the packet 
enters the system until if finally leaves it.
> which removes a bit of the complexity.
>
> Regards,
> Torsten
>
>   

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc