From: Andy Furniss <adf.lists@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: Problem with cls_flow nfct-* keys
Date: Mon, 30 Nov 2015 12:02:41 +0000 [thread overview]
Message-ID: <565C3AE1.8050704@gmail.com> (raw)
In-Reply-To: <3419281448878074@web15j.yandex.ru>
Гаврилов Игорь wrote:
> Hi everyone! I've discovered some issues with cls_flow nfct-* keys. I have a router with NAT and clients behind it. All incoming traffic from WAN interface is redirecting to ifb0 device. With HTB qdisc.
> I Am install SFQ qdisc 99:0 with flow classifyer and nfct-dst key on HTB deafault leaf class (1:99) :
>
> tc qdisc add dev eth0 ingress
> tc filter add dev eth0 parent ffff: protocol all pref 100 u32 match u32 0 0 action mirred egress redirect dev ifb0
>
> tc qdisc add dev ifb0 root handle 1: htb default 99 r2q 10
> tc class add dev ifb0 parent 1: classid 1:1 htb rate 10Mbit
>
> tc class add dev ifb0 parent 1:1 classid 1:99 htb rate 2mbit ceil 10Mbit burst 150k prio 7
> tc qdisc add dev ifb0 parent 1:99 handle 99: sfq limit 10240
> tc filter add dev ifb0 parent 99: protocol all handle 1 flow map key nfct-dst and 0xff divisor 1024
>
> I am trying to achieve equal bandwidth sharing between internal IPs, so that single IP could not get all free bandwidth with Torrent. But it doesn't work. After investigation I've discovered, that all incoming traffic,
> that hit default HTB class (1:99), goes to SFQ class 99:1f, which equals to WAN IP of my router *.*.*.30, so I see that nfct-dst key behaves like a simple dst. Is there any chance to fix it?
I am not sure if this should work or not.
If there is no/low incoming traffic to this box then you could shape on
egress.
Generally I would avoid redirecting protocol all then restricting htb
default - you may end up dropping arp.
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-11-30 12:02 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-30 10:07 Problem with cls_flow nfct-* keys Гаврилов Игорь
2015-11-30 11:33 ` Гаврилов Игорь
2015-11-30 12:02 ` Andy Furniss [this message]
2015-11-30 15:49 ` Гаврилов Игорь
2015-12-03 0:24 ` Andy Furniss
2015-12-03 8:45 ` Гаврилов Игорь
2015-12-03 9:19 ` Florian Westphal
2015-12-03 10:50 ` Гаврилов Игорь
2015-12-03 10:51 ` Andy Furniss
2015-12-04 16:00 ` Гаврилов Игорь
2015-12-06 11:06 ` Andy Furniss
2015-12-07 11:15 ` Гаврилов Игорь
2015-12-08 21:38 ` Andy Furniss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=565C3AE1.8050704@gmail.com \
--to=adf.lists@gmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.