From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?S=E9bastien_CRAMATTE?= Date: Tue, 05 Dec 2006 12:00:01 +0000 Subject: [LARTC] Bridge HFSC QOS questions ... Message-Id: <45755F41.50500@wanadoo.fr> MIME-Version: 1 Content-Type: multipart/mixed; boundary="------------030601000901090808090505" List-Id: To: lartc@vger.kernel.org This is a multi-part message in MIME format. --------------030601000901090808090505 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, I've got somes questions about Bridge and QOS ... I've got a serveur with 2 interfaces eth0,eth1 inside br0 bridge ... nothing of special ... If I understand all, normally I should configure TC class and qdisc on each physical or use ebtables to manage packets on output ... right ? I've attached my qos_script that hsfc and layer7 module. I use only Iptables in this script... might be should I use ebtables too ? Does anyone can take a look to this script and tell me If I've done any errors because seems that not works :( Thanks for the help S=E9bastien --------------030601000901090808090505 Content-Type: text/plain; name="qos_script.sh" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="qos_script.sh" SPEED=30 DEV=eth0 CL1="-j CLASSIFY --set-class 1:10" CL2="-j CLASSIFY --set-class 1:11" CL3="-j CLASSIFY --set-class 1:12" CL4="-j CLASSIFY --set-class 1:13" CL5="-j CLASSIFY --set-class 1:14" RET="-j RETURN" echo -n "+ Create root queue discipline for ${DEV} cpe interface " tc qdisc add dev ${DEV} root handle 1: hfsc default 13 echo "[done]" iptables -t mangle -A POSTROUTING -j LOG iptables -t mangle -N SHAPPER iptables -t mangle -A POSTROUTING -j SHAPPER # add main rate limit class echo -n " + Create class for CPE SHAPPING " tc class add dev ${DEV} parent 1: classid 1:1 hfsc sc rate ${SPEED}mbit ul rate ${SPEED}mbit echo "[done]" # Interactive traffic: guarantee realtime full uplink for 50ms, then # 1/10 of the uplink echo -n " + Append subclass for low delay " tc class add dev ${DEV} parent 1:1 classid 1:10 hfsc \ rt m1 ${SPEED}mbit d 50ms m2 $[1*$SPEED/10]mbit \ ls m1 ${SPEED}mbit d 50ms m2 $[3*$SPEED/10]mbit \ ul rate ${SPEED}mbit # To speed up downloads while an upload is going on, put short ACK # packets in the interactive class: iptables -t mangle -A SHAPPER -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK -m length --length :64 $CL1 iptables -t mangle -A SHAPPER -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK -m length --length :64 $RET # ICMP in the interactive class iptables -t mangle -A SHAPPER -p icmp $CL1 iptables -t mangle -A SHAPPER -p icmp $RET # All traffic optimized for minimize monetary cost TOS 0x02 iptables -t mangle -A SHAPPER -m tos --tos 0x02 $CL1 iptables -t mangle -A SHAPPER -m tos --tos 0x02 $RET # All traffic optimized for minimize delay TOS 0x10 iptables -t mangle -A SHAPPER -m tos --tos 0x10 $CL1 iptables -t mangle -A SHAPPER -m tos --tos 0x10 $RET # Interactive port #iptables -t mangle -A SHAPPER -p tcp -m multiport --sports ftp,ftp $CL1 #iptables -t mangle -A SHAPPER -p tcp -m multiport --sports ssh,ftp $RET # All udp dns traffic iptables -t mangle -A SHAPPER -p udp --dport 53 $CL1 iptables -t mangle -A SHAPPER -p udp --dport 53 $RET echo "[done]" # VoIP: guarantee full uplink for 200ms, then 5/10 echo -n " + Append subclass for VoIP traffic " tc class add dev ${DEV} parent 1:1 classid 1:11 hfsc \ sc m1 ${SPEED}mbit d 200ms m2 $[5*$SPEED/10]mbit \ ul rate ${SPEED}kbit iptables -t mangle -A SHAPPER -p tcp -m multiport --sports sip $CL2 iptables -t mangle -A SHAPPER -p tcp -m multiport --sports sip $RET iptables -t mangle -A SHAPPER -p tcp -m multiport --dport 10000:20000 $CL2 iptables -t mangle -A SHAPPER -p tcp -m multiport --dport 10000:20000 $RET echo "[done]" # smtp traffic: don't guarantee anything for the first 10 seconds, # then guarantee 1/20 echo -n " + Append subclass for high reliability traffic " tc class add dev ${DEV} parent 1:1 classid 1:12 hfsc \ sc m1 0 d 10s m2 $[1*$SPEED/20]mbit \ ul rate ${SPEED}mbit iptables -t mangle -A SHAPPER -p tcp -m multiport --sports smtp,ssmtp $CL3 iptables -t mangle -A SHAPPER -p tcp -m multiport --sports smtp,ssmtp $RET iptables -t mangle -A SHAPPER -m tos --tos 0x04 $CL3 iptables -t mangle -A SHAPPER -m tos --tos 0x04 $RET echo "[done]" # p2p traffic: don't guarantee anything for the first 20 seconds, # then guarantee 1/20 echo -n " + Append subclass for P2P " tc class add dev $DEV parent 1:1 classid 1:14 hfsc \ sc m1 0 d 20s m2 $[1*$SPEED/20]mbit \ ul rate ${SPEED}mbit iptables -t mangle -A SHAPPER -m layer7 --l7proto edonkey $CL5 iptables -t mangle -A SHAPPER -m layer7 --l7proto edonkey $RET iptables -t mangle -A SHAPPER -m layer7 --l7proto fasttrack $CL5 iptables -t mangle -A SHAPPER -m layer7 --l7proto fasttrack $RET iptables -t mangle -A SHAPPER -m layer7 --l7proto bittorrent $CL5 iptables -t mangle -A SHAPPER -m layer7 --l7proto bittorrent $RET echo "[done]" # Default traffic: don't guarantee anything for the first two seconds, echo -n " + Append subclass for high bandwith, low latency traffic (default) " tc class add dev $DEV parent 1:1 classid 1:13 hfsc \ sc m1 0 d 2s m2 $[1*$SPEED/20]mbit \ ul rate ${SPEED}mbit iptables -t mangle -A SHAPPER -m tos --tos 0x08 $CL4 iptables -t mangle -A SHAPPER -m tos --tos 0x08 $RET iptables -t mangle -A SHAPPER $CL4 iptables -t mangle -A SHAPPER $RET echo "[done]" --------------030601000901090808090505 Content-Type: text/x-vcard; charset=utf-8; name="s.cramatte.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="s.cramatte.vcf" begin:vcard fn;quoted-printable:S=C3=A9bastien CRAMATTE n;quoted-printable:CRAMATTE;S=C3=A9bastien org:ZEN Soluciones;IT technologies, Linux and Web adr;quoted-printable:Piso 4b;;Calle Alfonso X el Sabio, 29;Las torres de cotillas;Murcia;30565;Espa=C3=B1a email;internet:scramatte@zensoluciones.com title:Consultant tel;work:+34 968 292 965 tel;cell:+34 627 665 283 x-mozilla-html:FALSE url:http://www.zensoluciones.com version:2.1 end:vcard --------------030601000901090808090505 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --------------030601000901090808090505--