All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Checking Configuration
@ 2002-11-26 23:10 Dorneles Treméa
  2002-11-27 21:11 ` Stef Coene
  0 siblings, 1 reply; 2+ messages in thread
From: Dorneles Treméa @ 2002-11-26 23:10 UTC (permalink / raw)
  To: lartc

[-- Attachment #1: Type: text/plain, Size: 5072 bytes --]

### Sorry for the long mail... :-( ###

Hi folks,

I'm playing with traffic control, trying to improve network
performance, minimizing delay and privileging some hosts, in
a small local ISP, around here.

This sketch tries to show the network structure:

             +------+       +------+       +---+
Internet --- |Cisco | ----- |Linux | ----- |HUB| --- LAN
             |Router|   eth1|Box   |eth0   +---+
             +------+       +------+

Cisco is connected to Internet at 256Kbp/s and LAN runs at
100Mbp/s. Servers in LAN uses public address. Linux box
just do traffic control and packet filtering.

Main problem is a LAN mail server, which generates a lot
of traffic (SMTP in & out, POP out), causing long delays
in web and ssh connections...

So, I write a little script (attached) to try to solve this
issues.

After reading lartc.org docs again, I see that I have made
a grave mistake: filter incoming and outcoming traffic in
the same interface (I still have to fix this...).

Furthermore, script last line gives me an error: 'Unknown
filter "flowid", hence option "1:5" is unparsable'.

---
Q1: How can I solve this parser error?
Q2: Can someone point me a example to filter in/out at the
same interface? I accecpt RTFMs (with links)... :-)
Q3: Just to confirm: is internal interface (etho) the right
place to control traffic?
---

It works, but last class (1:5) doesn't receive traffic,
due parsing error at last line, as we can see:

# tc -s class show dev eth0
class cbq 1: root rate 256Kbit (bounded,isolated) prio no-transmit
 Sent 108298255 bytes 173189 pkts (dropped 0, overlimits 0)
  borrowed 141722 overactions 0 avgidle 24218 undertime 0
class cbq 1:1 parent 1: rate 51Kbit prio 1
 Sent 84552 bytes 744 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 2.85223e+06 undertime 0
class cbq 1:2 parent 1: rate 102Kbit prio 1
 Sent 1643641 bytes 14453 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 902728 undertime 0
class cbq 1:3 parent 1: rate 38Kbit prio 1
 Sent 44100 bytes 80 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 3.94254e+06 undertime 0
class cbq 1:4 parent 1: rate 38Kbit prio 2
 Sent 105178843 bytes 141913 pkts (dropped 0, overlimits 0)
  borrowed 141722 overactions 0 avgidle -3.3321e+06 undertime 3.42344e+06
class cbq 1:5 parent 1: rate 38Kbit prio 1
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 4.07074e+06 undertime 0

---
Q4: These values at 'avgidle' and 'undertime' make sense?
Q5: There is a better way to improve performance?
Q6: Is it necessary to attach qdiscs to each final class?
There is some kind of advantage in this?
---

Thanks in advance and sorry my poor English...

Script Code:

###

# Internal Interface
IF="eth0"

# Link Speed (Kbp/s)
LINK=256

# Percentual
WEB=40
SSH=20
MAIL=15
FTP=15
OTHER=15

###

# Pseudo-Macros
DEV="dev $IF"
BANDWIDTH="bandwidth ${LINK}kbit"
OPTIONS1="avpkt 1000 cell 8 mpu 64"
OPTIONS2="allot 1514 maxburst 20"
CLASS="tc class add $DEV parent 1: classid"
FILTER="tc filter add $DEV protocol ip parent 1: prio 1"

###

# ROOT QDISC
tc qdisc del $DEV root
tc qdisc add $DEV root handle 1: cbq $BANDWIDTH $OPTIONS1

###

# SSH CLASS
$CLASS 1:1 cbq $BANDWIDTH rate $[$SSH*$LINK/100]kbit \
  weight $[$SSH*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# WEB CLASS
$CLASS 1:2 cbq $BANDWIDTH rate $[$WEB*$LINK/100]kbit \
  weight $[$WEB*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# FTP CLASS
$CLASS 1:3 cbq $BANDWIDTH rate $[$FTP*$LINK/100]kbit \
  weight $[$FTP*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

# MAIL CLASS
$CLASS 1:4 cbq $BANDWIDTH rate $[$MAIL*$LINK/100]kbit \
  weight $[$MAIL*$LINK/1000]kbit prio 2 $OPTIONS1 $OPTIONS2

# OTHER CLASS
$CLASS 1:5 cbq $BANDWIDTH rate $[$OTHER*$LINK/100]kbit \
  weight $[$OTHER*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2

###

# SSH FILTER
$FILTER u32 match ip dport 22 0xffff flowid 1:1
$FILTER u32 match ip sport 22 0xffff flowid 1:1

# WEB FILTER
$FILTER u32 match ip dport 80 0xffff flowid 1:2
$FILTER u32 match ip sport 80 0xffff flowid 1:2

# FTP FILTER
$FILTER u32 match ip dport 20 0xffff flowid 1:3
$FILTER u32 match ip sport 20 0xffff flowid 1:3
$FILTER u32 match ip dport 21 0xffff flowid 1:3
$FILTER u32 match ip sport 21 0xffff flowid 1:3

# SMTP FILTER
$FILTER u32 match ip dport 25 0xffff flowid 1:4
$FILTER u32 match ip sport 25 0xffff flowid 1:4
$FILTER u32 match ip dport 110 0xffff flowid 1:4
$FILTER u32 match ip sport 110 0xffff flowid 1:4

# OTHER FILTER
$FILTER flowid 1:5

###

Best regards,

-- 

Dorneles Treméa
Caxias do Sul - RS - Brasil
+55 54 9114 9312 - UIN: 2413568
X3ng Web Technology <http://www.x3ng.com.br>

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/IT d- s:->: a23 C+++ UBL++++$ P--- L++ E-- W+++
N++ o? K? w+ O M+ V-- PS+ PE- Y-- PGP++ t+ 5 X++ R+
tv+ b(++) DI+ D++ G+>+++ e++>++++ h---- r+++ y+++**
------END GEEK CODE BLOCK------


[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] Checking Configuration
  2002-11-26 23:10 [LARTC] Checking Configuration Dorneles Treméa
@ 2002-11-27 21:11 ` Stef Coene
  0 siblings, 0 replies; 2+ messages in thread
From: Stef Coene @ 2002-11-27 21:11 UTC (permalink / raw)
  To: lartc

On Wednesday 27 November 2002 00:10, Dorneles Treméa wrote:
> ### Sorry for the long mail... :-( ###
>
> Hi folks,
>
> I'm playing with traffic control, trying to improve network
> performance, minimizing delay and privileging some hosts, in
> a small local ISP, around here.
>
> This sketch tries to show the network structure:
>
>              +------+       +------+       +---+
> Internet --- |Cisco | ----- |Linux | ----- |HUB| --- LAN
>
>              |Router|   eth1|Box   |eth0   +---+
>
>              +------+       +------+
>
> Cisco is connected to Internet at 256Kbp/s and LAN runs at
> 100Mbp/s. Servers in LAN uses public address. Linux box
> just do traffic control and packet filtering.
>
> Main problem is a LAN mail server, which generates a lot
> of traffic (SMTP in & out, POP out), causing long delays
> in web and ssh connections...
>
> So, I write a little script (attached) to try to solve this
> issues.
>
> After reading lartc.org docs again, I see that I have made
> a grave mistake: filter incoming and outcoming traffic in
> the same interface (I still have to fix this...).
>
> Furthermore, script last line gives me an error: 'Unknown
> filter "flowid", hence option "1:5" is unparsable'.
>
> ---
> Q1: How can I solve this parser error?
> $FILTER flowid 1:5
You have to match something.  Try this :
$FILTER  u32 match ip src 0/0 flowid 1:5

> Q2: Can someone point me a example to filter in/out at the
> same interface? I accecpt RTFMs (with links)... :-)
> Q3: Just to confirm: is internal interface (etho) the right
> place to control traffic?
You can only shape outgoing traffic with htb or cbq (or you have to use the 
imq device).  But why not shaping on eth0 _and_ eth1?  Shaping on eth0 is for 
the traffic that goes to the LAN.  Shaping on eth1 is done for the traffic 
that goes to the internet.  You have a dedicated shaping box this can 
perfectly be done.  And it's the best solution.
Shaping incoming traffic can be done, but why if you can shape on both 
interfaces ??

> Q4: These values at 'avgidle' and 'undertime' make sense?
I think so.  They are used for internal cbq calculations and I have no idea 
what happens if you change them.

> Q5: There is a better way to improve performance?
Yes.  You add all the class directly to the qdisc and you use the wrong 
bandwidth parameter.  Bandwidth parameter = NIC bandwidth, so 10mbit or 
100mbit.  To share the same bandwidth, you have to add 1 bounded class to the 
qdisc with rate = link bandwidth.  All the other classes are attached to this 
class (each bandwidth = NIC bandwidth).

> Q6: Is it necessary to attach qdiscs to each final class?
No, but the default qdisc is a simple one.  Don't forget that each class has 
always 1 qdisc attached to it, even if you don't add one.

> There is some kind of advantage in this?
If you add a sfq qdisc, data streams within 1 class will get better balanced.

> Thanks in advance and sorry my poor English...
Mine is not better :)

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-11-27 21:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-26 23:10 [LARTC] Checking Configuration Dorneles Treméa
2002-11-27 21:11 ` Stef Coene

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.