Re: [LARTC] Ingress utilization problem

From: Alexey Talikov <alexey_talikov@texlab.com.uz>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Ingress utilization problem
Date: Fri, 31 May 2002 15:22:43 +0000	[thread overview]
Message-ID: <marc-lartc-102285867307453@msgid-missing> (raw)
In-Reply-To: <marc-lartc-102284025723895@msgid-missing>

You can't add multiple instances of ingress qdisc it classless
but possible add some filters

tc qdisc add dev eth0 handle ffff:fff1 ingress

tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip src 192.168.1.2/32 \
police rate 100kbit burst 10k drop flowid :1

tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip src 192.168.1.3/32 \
police rate 150kbit burst 10k drop flowid :1

tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 handle 1 fw police rate 200kbit \
burst 18k drop flowid :1
iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.4 -j MARK --set-mark 1


You may also limit all traffic from 192.168.1.2 to 800kbit and ssh to 200 kbit for example

tc qdisc add dev eth0 handle ffff:fff1 ingress
tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip dport 22 0xffff \
police rate 200kbit burst 20k drop flowid :1

tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip src 192.168.1.2/32 \
police rate 800kbit burst 80k drop flowid :1

Note add limit for ssh before all limit

for more complexity conf you may use IMQ device see http://luxik.cdi.cz/~patrick/imq/

example with htb:
limit all traffic to 100kbps and then sharing 20kbps for ssh and 80 for ftp

modprobe imq numdevs=1
tc qdisc add dev imq0 root handle 1: htb default 1
tc class add dev imq0 parent 1: classid 1:1 htb rate 100kbps ceil 100kbps
tc class add dev imq0 parent 1: classid 1:10 htb rate 20kbps ceil 100kbps
tc class add dev imq0 parent 1: classid 1:11 htb rate 80kbps ceil 100kbps

tc filter add dev imq0 parent 1:0 protocol ip prio 2 handle 1 fw classid 1:11
tc filter add dev imq0 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:10

tc qdisc add dev imq0 parent 1:10 handle 30: sfq
tc qdisc add dev imq0 parent 1:11 handle 40: sfq

iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.2/32 -j IMQ
iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.2/32 --dport 20 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.2/32 --dport 22 -j MARK --set-mark 2

ip link set imq0 up


31.05.2002 18:43:25, Mr SERBAN Rares <serban_rares@yahoo.com> wrote:

>Hi Alexey,
>
>I read the paper of Werner Almesberger. I didn' t
>understand if there are multiple instances of ingress
>queueing discipline. Can you be more specific?
>
>Also I want to do marking operation in ingress
>interface. How do I do?
>
>Thank you,
>
>R.
>
>--- Alexey Talikov <alexey_talikov@texlab.com.uz>
>wrote:
>> tc qdisc add dev $DEV handle ffff:fff1 ingress
>> or 
>> tc qdisc add dev $DEV handle ffff: ingress
>> tc filter add dev $DEV parent ffff:fff1 protocol ip
>> ....
>> or
>> tc filter add dev $DEV parent ffff: protocol ip ....
>> 
>> for details see Linux Network Traffic Control -
>> Implementation Overview
>> Werner Almesberger February 4, 2001
>> 
>> 31.05.2002 15:16:45, Mr SERBAN Rares
>> <serban_rares@yahoo.com> wrote:
>> 
>> >Hi,
>> > 
>> >I have one router with 4 interfaces:
>> > 
>> >                           Input1
>> >                         /
>> >               out - R - Input2
>> >                        \
>> >                          Input3
>> > 
>> >The flows sense is: Input1 -> output; Input2->out;
>> >Input3->out;
>> > 
>> >I want to do classification, shaping and marking in
>> >each In* interface and some queueing management in
>> out
>> >interface.
>> >For In* interfaces I tried to use the following
>> >script:
>> > 
>> >#!/bin/sh
>> >DEV1="dev eth3"
>> ># In1
>> >DEV2="dev eth2"
>> ># In2
>> >DEV3="dev eth4"
>> ># In3
>> >DEV4="dev eth1"
>> ># out
>> > 
>> >tc qdisc del $DEV1 ingress
>> >tc qdisc del $DEV2 ingress
>> >tc qdisc del $DEV3 ingress
>> >tc qdisc del $DEV4 root
>> > 
>> ># initialisation part
>> >tc qdisc add $DEV1 ingress
>> >tc qdisc add $DEV2 ingress
>> >tc qdisc add $DEV3 ingress
>> >tc qdisc add $DEV4 root handle 1:0 cbq bandwidth
>> >10Mbit avpkt 1500 cell 8
>> > 
>> ># for interface In1 (here is DEV1)
>> > 
>> ># shaping + classification
>> >tc filter add $DEV1 parent ffff:0 protocol ip prio
>> 1
>> >u32 match ip dst 192.168.3.6 match ip dport 6970
>> >0xffff police rate 500Kbit burst 30K drop flowid
>> 1:1
>> >tc filter add $DEV1 parent ffff:0 protocol ip prio
>> 1
>> >u32 match ip src 192.168.9.17 match ip dport 5050
>> >0xffff police rate 500Kbit burst 6K drop classid
>> 1:2
>> >tc filter add $DEV1 parent ffff:0 protocol ip prio
>> 1
>> >u32 match ip src 192.168.9.17 match ip sport 80
>> 0xffff
>> >police rate 300Kbit burst 6K drop classid 1:3
>> > 
>> ># marking with tos field
>> ># Somebody has an I ideea how it should be done?
>> > 
>> >#for interface In2 (here is DEV2)
>> >.................
>> > 
>> >#for interface In3 (here is DEV3)
>> >.................
>> > 
>> >#for interface out (here is DEV4)
>> >tc class add $DEV4 parent 1:0 classid 1:1 cbq
>> >bandwidth 10Mbit rate 250Kbit avpkt 1500 allot 1514
>> >mpu 64 prio
>> >tc qdisc add $DEV4 parent 1:1 tbf rate 1Mbit burst
>> >20kbit limit 20kb
>> > 
>> >tc class add $DEV4 parent 1:0 classid 1:2 cbq
>> >bandwidth 10Mbit rate 300Kbit avpkt 1500 allot 1514
>> >mpu 64 prio 2
>> >tc qdisc add $DEV4 parent 1:2 gred setup DPs 1
>> default
>> >1 grio 
>> >tc qdisc change $DEV4 parent 1:2 gred limit 10KB
>> min
>> >2KB max 6KB avpkt 1500 burst  4 bandwidth 10Mbit DP
>> 1
>> >probability 0.02 prio 2
>> > 
>> >tc class add $DEV4 parent 1:0 classid 1:3 cbq
>> >bandwidth 10Mbit rate 700Kbit avpkt 1500 allot 1514
>> >mpu 64 prio 2
>> >tc qdisc add $DEV4 parent 1:3 gred setup DPs 1
>> default
>> >1 grio
>> >tc qdisc change $DEV4 parent 1:3 gred limit 10KB
>> min
>> >2KB max 6KB avpkt 1500 burst 4 bandwidth 10Mbit DP
>> 1
>> >probability 0.02 prio 2
>> > 
>> >So, when I start the script and provision the In
>> >interface with ingress task the system is frozen!
>> Why?
>> >Can anybody explain me?
>> >Also, I don't have any ideea how to mark the
>> packets
>> >at the ingress. I tried to use dsmark queueing
>> >discipline but I can't use it at the ingress. Have
>> you
>> >another
>> >ideea?
>> > 
>> >Thank you,
>> > 
>> >R.
>> >
>> >__________________________________________________
>> >Do You Yahoo!?
>> >Yahoo! - Official partner of 2002 FIFA World Cup
>> >http://fifaworldcup.yahoo.com
>> >_______________________________________________
>> >LARTC mailing list / LARTC@mailman.ds9a.nl
>> >http://mailman.ds9a.nl/mailman/listinfo/lartc
>> HOWTO: http://lartc.org/
>> >
>> 
>> -----------------------------------
>> mailto:alexey_talikov@texlab.com.uz
>> BR
>> Alexey Talikov
>> FORTEK
>> -----------------------------------
>> 
>> 
>
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! - Official partner of 2002 FIFA World Cup
>http://fifaworldcup.yahoo.com
>

-----------------------------------
mailto:alexey_talikov@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/