[LARTC] traffic shaping and gre tunnels

[LARTC] traffic shaping and gre tunnels

[Andrea Rossato]

Hi!

Thanks to LARTC I was able to set up  this configuration:
- ppp0 (adsl connection) to the internet
- vpn0 connection to a remote router with a gre tunnel

I'm doing shaping traffic out of ppp0 with HTB: Minimum delay (tos 
0x10), icmp and ACK packets get maximun priority and all available 
bandwitdh, file sharing gets 3/10 of bandwidth (ceiil 9/10) and the rest 
6/10 of bandwidth (ceil 9/10). I can get good result even with eavy loads.

Now, I would very much like to know, if someone can help:

1. gre tunnel traffic is not shaped internally when it gets to ppp0, 
right? So if I want to shape it I need to use a qdisc for vpn0.
2. if 1 is correct, I need to set a txqueuelen for vpn0, otherwise I 
 would not get any effect, right? (default is txqueuelen:0)
3. In order to set priority, in ppp0, for all tunnel traffic,  I need to 
use  a filter with the u32 selector? will somthing like 'match ip 
protocol 47' be fine?
4. How can I set up a filter for shaping (in ppp0) encapsulated traffic? 
for istance, if I want ssh to vpn0 to have maximum priority either 
within the tunnel and also within the traffic passing trough ppp0, how 
can achivie that?  I cannot find documentation on u32 that I can use to 
work that out...


Thank you very much.
Andrea

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] traffic shaping and gre tunnels

[Andrea Rossato]

Andrea Rossato wrote:

> 4. How can I set up a filter for shaping (in ppp0) encapsulated traffic?
> for istance, if I want ssh to vpn0 to have maximum priority either
> within the tunnel and also within the traffic passing trough ppp0, how
> can achivie that?  I cannot find documentation on u32 that I can use to
> work that out...


I did it the hard way: dumped packets to find out...
I post this with the hope tha it can be useful to others.
I need to shape internally encapsulated traffic (a gre tunnel) in order 
to give interactivity maximum priority in my adsl uplink connection but 
treating bulk vpn traffic as usual bulk traffic.
To achieve that I need to match encapsulated packets. Following you will 
find some tested examples that can help you understand how to do - I 
needed something like this last night. :)

Question: I cannot match anything with nexthdr (neither assuming ip 
herders are 24 bytes long). Way? I'm using linux-2.4.20-rc4 and tc 
binary from  htb3.6-020525

Regards,
Andrea



A gre encapsulated ip packet:

         
|<20 bytes ip header>||<4 bytes gre header >||<20 bytes ip header>||<ip 
protocol header and the rest>|

Matching exsamples:

#match tos 0x10 Minimum Delay
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
         match ip protocol 47 0xff \
         match u16 0x10 00ff at 24  \
         flowid 1:50

#match ICMP (ip protocol 1)
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
         match ip protocol 47 0xff \
         match u16 0x01 00ff at 32  \
         flowid 1:50

#match dport 22 (ssh)
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
         match ip protocol 47 0xff \
         match u16 0x06 00ff at 32  \ # match ip protocol 6 (tcp)
         match u16 0x0016 ffff at 46 \ # match dport 22 (ssh)
         flowid 1:50

#match dest address
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
         match ip protocol 47 0xff \
         match u16 0x01 00ff at 32  \ # match ip protocol 1 (icmp)
         match u32 0xac100201 ffffffff at 40 \ # match ip addr 172.16.02.01
         flowid 1:50

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/