[LARTC] Checking Configuration

["Dorneles Treméa" <dorneles@x3ng.com.br>]

[-- Attachment #1: Type: text/plain, Size: 5072 bytes --]

### Sorry for the long mail... :-( ###

Hi folks,

I'm playing with traffic control, trying to improve network
performance, minimizing delay and privileging some hosts, in
a small local ISP, around here.

This sketch tries to show the network structure:

             +------+       +------+       +---+
Internet --- |Cisco | ----- |Linux | ----- |HUB| --- LAN
             |Router|   eth1|Box   |eth0   +---+
             +------+       +------+

Cisco is connected to Internet at 256Kbp/s and LAN runs at
100Mbp/s. Servers in LAN uses public address. Linux box
just do traffic control and packet filtering.

Main problem is a LAN mail server, which generates a lot
of traffic (SMTP in & out, POP out), causing long delays
in web and ssh connections...

So, I write a little script (attached) to try to solve this
issues.

After reading lartc.org docs again, I see that I have made
a grave mistake: filter incoming and outcoming traffic in
the same interface (I still have to fix this...).

Furthermore, script last line gives me an error: 'Unknown
filter "flowid", hence option "1:5" is unparsable'.

---
Q1: How can I solve this parser error?
Q2: Can someone point me a example to filter in/out at the
same interface? I accecpt RTFMs (with links)... :-)
Q3: Just to confirm: is internal interface (etho) the right
place to control traffic?
---

It works, but last class (1:5) doesn't receive traffic,
due parsing error at last line, as we can see:

# tc -s class show dev eth0
class cbq 1: root rate 256Kbit (bounded,isolated) prio no-transmit
 Sent 108298255 bytes 173189 pkts (dropped 0, overlimits 0)
  borrowed 141722 overactions 0 avgidle 24218 undertime 0
class cbq 1:1 parent 1: rate 51Kbit prio 1
 Sent 84552 bytes 744 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 2.85223e+06 undertime 0
class cbq 1:2 parent 1: rate 102Kbit prio 1
 Sent 1643641 bytes 14453 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 902728 undertime 0
class cbq 1:3 parent 1: rate 38Kbit prio 1
 Sent 44100 bytes 80 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 3.94254e+06 undertime 0
class cbq 1:4 parent 1: rate 38Kbit prio 2
 Sent 105178843 bytes 141913 pkts (dropped 0, overlimits 0)
  borrowed 141722 overactions 0 avgidle -3.3321e+06 undertime 3.42344e+06
class cbq 1:5 parent 1: rate 38Kbit prio 1
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 4.07074e+06 undertime 0

---
Q4: These values at 'avgidle' and 'undertime' make sense?
Q5: There is a better way to improve performance?
Q6: Is it necessary to attach qdiscs to each final class?
There is some kind of advantage in this?
---

Thanks in advance and sorry my poor English...

Script Code:

###

# Internal Interface
IF="eth0"

# Link Speed (Kbp/s)
LINK=256

# Percentual
WEB=40
SSH=20
MAIL=15
FTP=15
OTHER=15

###

# Pseudo-Macros
DEV="dev $IF"
BANDWIDTH="bandwidth ${LINK}kbit"
OPTIONS1="avpkt 1000 cell 8 mpu 64"
OPTIONS2="allot 1514 maxburst 20"
CLASS="tc class add $DEV parent 1: classid"
FILTER="tc filter add $DEV protocol ip parent 1: prio 1"

###

# ROOT QDISC
tc qdisc del $DEV root
tc qdisc add $DEV root handle 1: cbq $BANDWIDTH $OPTIONS1

###

# SSH CLASS
$CLASS 1:1 cbq $BANDWIDTH rate $[$SSH*$LINK/100]kbit \
  weight $[$SSH*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# WEB CLASS
$CLASS 1:2 cbq $BANDWIDTH rate $[$WEB*$LINK/100]kbit \
  weight $[$WEB*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# FTP CLASS
$CLASS 1:3 cbq $BANDWIDTH rate $[$FTP*$LINK/100]kbit \
  weight $[$FTP*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# MAIL CLASS
$CLASS 1:4 cbq $BANDWIDTH rate $[$MAIL*$LINK/100]kbit \
  weight $[$MAIL*$LINK/1000]kbit prio 2 $OPTIONS1 $OPTIONS2

# OTHER CLASS
$CLASS 1:5 cbq $BANDWIDTH rate $[$OTHER*$LINK/100]kbit \
  weight $[$OTHER*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

###

# SSH FILTER
$FILTER u32 match ip dport 22 0xffff flowid 1:1
$FILTER u32 match ip sport 22 0xffff flowid 1:1

# WEB FILTER
$FILTER u32 match ip dport 80 0xffff flowid 1:2
$FILTER u32 match ip sport 80 0xffff flowid 1:2

# FTP FILTER
$FILTER u32 match ip dport 20 0xffff flowid 1:3
$FILTER u32 match ip sport 20 0xffff flowid 1:3
$FILTER u32 match ip dport 21 0xffff flowid 1:3
$FILTER u32 match ip sport 21 0xffff flowid 1:3

# SMTP FILTER
$FILTER u32 match ip dport 25 0xffff flowid 1:4
$FILTER u32 match ip sport 25 0xffff flowid 1:4
$FILTER u32 match ip dport 110 0xffff flowid 1:4
$FILTER u32 match ip sport 110 0xffff flowid 1:4

# OTHER FILTER
$FILTER flowid 1:5

###

Best regards,

-- 

Dorneles Treméa
Caxias do Sul - RS - Brasil
+55 54 9114 9312 - UIN: 2413568
X3ng Web Technology <http://www.x3ng.com.br>

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/IT d- s:->: a23 C+++ UBL++++$ P--- L++ E-- W+++
N++ o? K? w+ O M+ V-- PS+ PE- Y-- PGP++ t+ 5 X++ R+
tv+ b(++) DI+ D++ G+>+++ e++>++++ h---- r+++ y+++**
------END GEEK CODE BLOCK------


[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]