Re: pfifo_fast behavior.

[dE <de.techno@gmail.com>]

On 05/13/13 23:19, Benjamin Kiessling wrote:
> On 05/12, dE wrote:
>> Hello everyone!
>>
>> I was trying to do some traffic shaping to make http pages more responsive
>> while torrenting. So I decided to modify TOS value of packets to have an
>> affect on the default pfifo_fast qdisc.
>>
>> I've the following iptable rules --
>>
>> #DNS request
>> iptables -t mangle -A OUTPUT -o eth1 -p udp -m multiport --dports 53 -j TOS
>> --set-tos 0x10
>>
>> #DNS response
>> iptables -t mangle -A PREROUTING -i eth1 -p udp -m multiport --sports 53 -j
>> TOS --set-tos 0x10
>>
>> #Incoming torrent connections
>> iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --dports 2000
>> -j TOS --set-tos 0x2
>> iptables -t mangle -A PREROUTING -i eth1 -p udp -m multiport --dports
>> 2000,1900,2001 -j TOS --set-tos 0x2
>>
>> #Mail server
>> iptables -t mangle -A OUTPUT -o eth1 -p tcp -d imap.googlemail.com -m
>> multiport --dports 993 -j TOS --set-tos 0x10
>>
>> #HTTP(S)
>> iptables -t mangle -A OUTPUT -o eth1 -p tcp -m multiport --dports 80,443 -j
>> TOS --set-tos 0x14
>> #iptables -t mangle -A OUTPUT -o eth1 -p tcp -m multiport --dports 80,443 -j
>> TOS --set-tos 0x10
>> iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --sport 80,443
>> -j TOS --set-tos 0x14
>> #iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --sport 80,443
>> -j TOS --set-tos 0x10
> There are several issues with your configuration. First, setting the
> (deprecated ToS) bits on incoming packets if you don't plan to forward
> these packets is senseless. Second, all *fifo* qdiscs are
> work-conserving, i.e. will dequeue packets at line speed. As the
> bandwidth of your local LAN is usually quite a bit higher than your
> internet uplink packets will still pile up at your DSL/cable/... modem.
> To actually prioritize services you need to own the queue by limiting
> your egress packet rate to slughtly lower than your modems rate. Be
> aware that most ISPs overcommit bandwidth in the order of 1:15-1:50 and
> your setup will still be ineffective if the shaped rate is higher than
> the modems rate.
>
>> But is there a difference between all TOS values which fall in a single
>> band?
> Nope.
>
>> I mean, does the behavior of pfifo_fast change if I change from 0x12 to
>> 0x16? Cause I thought the qdisc to be simple, and a different behavior for
>> all of the above TOS values means pfifo_fast does a lot more than just
>> placing packets in 3 different queues.
> Nope.
>
>> Another question -- how do you get these TOS values?
> They are derived from [0]. Again ToS bits are deprecated.
>
>> and what does -j TOS --set-tos <HEX/DEC> do? Does it modify the 4 bits
>> or the whole 8 bit TOS value in the header, or does something
>> completely different?
> Citing the manpage: "This module sets the Type of Service field in the
> IPv4 header (including the "precedence" bits) or the Priority field in
> the IPv6 header." It accesses the whole byte. Again ToS is deprecated.
> If you want to explicitely mark packet priorities in your network use
> DSCP (but don't forget admission control), otherwise just use iptables
> to match hosts/protocols directly to HTB/HFSC/DRR/... classes.
>
> Regards,
> Ben
>
> [0] https://tools.ietf.org/html/rfc1349
>

Thank you!