From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?Dorneles_Trem=E9a?= Date: Tue, 26 Nov 2002 23:10:23 +0000 Subject: [LARTC] Checking Configuration MIME-Version: 1 Content-Type: multipart/mixed; boundary="------------enig80E766C061E0EF12E528DD37" Message-Id: List-Id: To: lartc@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig80E766C061E0EF12E528DD37 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable ### Sorry for the long mail... :-( ### Hi folks, I'm playing with traffic control, trying to improve network performance, minimizing delay and privileging some hosts, in a small local ISP, around here. This sketch tries to show the network structure: +------+ +------+ +---+ Internet --- |Cisco | ----- |Linux | ----- |HUB| --- LAN |Router| eth1|Box |eth0 +---+ +------+ +------+ Cisco is connected to Internet at 256Kbp/s and LAN runs at 100Mbp/s. Servers in LAN uses public address. Linux box just do traffic control and packet filtering. Main problem is a LAN mail server, which generates a lot of traffic (SMTP in & out, POP out), causing long delays in web and ssh connections... So, I write a little script (attached) to try to solve this issues. After reading lartc.org docs again, I see that I have made a grave mistake: filter incoming and outcoming traffic in the same interface (I still have to fix this...). Furthermore, script last line gives me an error: 'Unknown filter "flowid", hence option "1:5" is unparsable'. --- Q1: How can I solve this parser error? Q2: Can someone point me a example to filter in/out at the same interface? I accecpt RTFMs (with links)... :-) Q3: Just to confirm: is internal interface (etho) the right place to control traffic? --- It works, but last class (1:5) doesn't receive traffic, due parsing error at last line, as we can see: # tc -s class show dev eth0 class cbq 1: root rate 256Kbit (bounded,isolated) prio no-transmit Sent 108298255 bytes 173189 pkts (dropped 0, overlimits 0) borrowed 141722 overactions 0 avgidle 24218 undertime 0 class cbq 1:1 parent 1: rate 51Kbit prio 1 Sent 84552 bytes 744 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 2.85223e+06 undertime 0 class cbq 1:2 parent 1: rate 102Kbit prio 1 Sent 1643641 bytes 14453 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 902728 undertime 0 class cbq 1:3 parent 1: rate 38Kbit prio 1 Sent 44100 bytes 80 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 3.94254e+06 undertime 0 class cbq 1:4 parent 1: rate 38Kbit prio 2 Sent 105178843 bytes 141913 pkts (dropped 0, overlimits 0) borrowed 141722 overactions 0 avgidle -3.3321e+06 undertime 3.42344e+06= class cbq 1:5 parent 1: rate 38Kbit prio 1 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 4.07074e+06 undertime 0 --- Q4: These values at 'avgidle' and 'undertime' make sense? Q5: There is a better way to improve performance? Q6: Is it necessary to attach qdiscs to each final class? There is some kind of advantage in this? --- Thanks in advance and sorry my poor English... Script Code: ### # Internal Interface IF=3D"eth0" # Link Speed (Kbp/s) LINK=3D256 # Percentual WEB=3D40 SSH=3D20 MAIL=3D15 FTP=3D15 OTHER=3D15 ### # Pseudo-Macros DEV=3D"dev $IF" BANDWIDTH=3D"bandwidth ${LINK}kbit" OPTIONS1=3D"avpkt 1000 cell 8 mpu 64" OPTIONS2=3D"allot 1514 maxburst 20" CLASS=3D"tc class add $DEV parent 1: classid" FILTER=3D"tc filter add $DEV protocol ip parent 1: prio 1" ### # ROOT QDISC tc qdisc del $DEV root tc qdisc add $DEV root handle 1: cbq $BANDWIDTH $OPTIONS1 ### # SSH CLASS $CLASS 1:1 cbq $BANDWIDTH rate $[$SSH*$LINK/100]kbit \ weight $[$SSH*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2 # WEB CLASS $CLASS 1:2 cbq $BANDWIDTH rate $[$WEB*$LINK/100]kbit \ weight $[$WEB*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2 # FTP CLASS $CLASS 1:3 cbq $BANDWIDTH rate $[$FTP*$LINK/100]kbit \ weight $[$FTP*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2 # MAIL CLASS $CLASS 1:4 cbq $BANDWIDTH rate $[$MAIL*$LINK/100]kbit \ weight $[$MAIL*$LINK/1000]kbit prio 2 $OPTIONS1 $OPTIONS2 # OTHER CLASS $CLASS 1:5 cbq $BANDWIDTH rate $[$OTHER*$LINK/100]kbit \ weight $[$OTHER*$LINK/1000]kbit prio 1 $OPTIONS1 $OPTIONS2 ### # SSH FILTER $FILTER u32 match ip dport 22 0xffff flowid 1:1 $FILTER u32 match ip sport 22 0xffff flowid 1:1 # WEB FILTER $FILTER u32 match ip dport 80 0xffff flowid 1:2 $FILTER u32 match ip sport 80 0xffff flowid 1:2 # FTP FILTER $FILTER u32 match ip dport 20 0xffff flowid 1:3 $FILTER u32 match ip sport 20 0xffff flowid 1:3 $FILTER u32 match ip dport 21 0xffff flowid 1:3 $FILTER u32 match ip sport 21 0xffff flowid 1:3 # SMTP FILTER $FILTER u32 match ip dport 25 0xffff flowid 1:4 $FILTER u32 match ip sport 25 0xffff flowid 1:4 $FILTER u32 match ip dport 110 0xffff flowid 1:4 $FILTER u32 match ip sport 110 0xffff flowid 1:4 # OTHER FILTER $FILTER flowid 1:5 ### Best regards, --=20 Dorneles Trem=E9a Caxias do Sul - RS - Brasil +55 54 9114 9312 - UIN: 2413568 X3ng Web Technology -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/IT d- s:->: a23 C+++ UBL++++$ P--- L++ E-- W+++ N++ o? K? w+ O M+ V-- PS+ PE- Y-- PGP++ t+ 5 X++ R+ tv+ b(++) DI+ D++ G+>+++ e++>++++ h---- r+++ y+++** ------END GEEK CODE BLOCK------ --------------enig80E766C061E0EF12E528DD37 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) iD8DBQE94/9lRWMKWolsw8gRAnUmAKDKon45wY6fVLAlqthQXz3t1SRoUwCg3QCM M7H+7kI8LBfoyT1p3oWV4zc= =cj0f -----END PGP SIGNATURE----- --------------enig80E766C061E0EF12E528DD37-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/