[LARTC] Lots amounts of classes to solve the DAP problem

[LARTC] Lots amounts of classes to solve the DAP problem

[GoMi]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stef, remember the problem about DAP users? i have written a little scrip to create 255 classes each for an ip of my segment, what do you think, am i mistaken anywhere?
I am not sure i am getting the concept right. The idea is 
Total BW is lets say 255kbit

                   root 1:0

User 192.168.1.1:
                         |
                        1:1 2kbit ceil 255kbit
                        / \  
                       /   \
 1kbit ceil 127kbit   1:2  1:4 1kbit ceil 128kbit
                       |    |
               pfifo  1:3  1:5 sfq

User 192.168.1.2
                         |
                        1:6 2kbit ceil 255kbit
                        / \  
                       /   \
 1kbit ceil 127kbit   1:7  1:8 1kbit ceil 128kbit
                       |    |
               pfifo  1:9  1:10 sfq                       

And soo on 255 times...

I now the rate of the classes add up to be more than the total BW but since i am doing that for 2 ADSL working with multipath (loadbalanding) routing, i think there will never be all users using one interface. Dont know if my assumption is right..

To end up i have to set up a hashing table to create all the filters. The script to create the structure is the one on the bottom. What do you think? Am i going in the right direction or did i just completly missed what you were having in mind..? ( I have not set up the hashing table for filters yet)

#!/bin/bash
UPLINK00
DEV=eth0

IP=""

for ((a=1;a<255;a++))
do
 IP=$IP" "$a
done


b=1

for a in $IP
do
 let "c=b"

   tc class add dev $DEV parent 1: classid 1:$b htb rate 2kbit ceil 300kbit
 let "b=b+1"

   tc class add dev $DEV parent 1:${c} classid 1:${b} htb rate 1kbit ceil 150kbit
 let "c=b"
 let "b=b+1"

   tc qdisc add dev $DEV parent 1:${c} handle ${b}: pfifo
 let "b=b+1"
 let "c=c-1"

   tc class add dev $DEV parent 1:${c} classid 1:${b} htb rate 1kbit ceil 150kbit
 let "c=b"
 let "b=b+1"

  tc qdisc add dev $DEV parent 1:${c} handle ${b}: sfq perturb 10
 let "b=b+1"

done

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPqWFe37diNnrrZKsEQLqHACgyyMjyFuClTgT8CZFZRUF++sFHRYAoLjA
HOWpYCLIrIa0rW32Cjh4P6bd
äFN
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Lots amounts of classes to solve the DAP problem

[Stef Coene]

On Tuesday 22 April 2003 20:10, GoMi wrote:
> Stef, remember the problem about DAP users? i have written a little scrip
> to create 255 classes each for an ip of my segment, what do you think, am i
> mistaken anywhere? I am not sure i am getting the concept right. The idea
> is
> Total BW is lets say 255kbit
>
>                    root 1:0
>
> User 192.168.1.1:
>
>                         1:1 2kbit ceil 255kbit
>                         / \
>                        /   \
>  1kbit ceil 127kbit   1:2  1:4 1kbit ceil 128kbit
>
>                pfifo  1:3  1:5 sfq
>
> User 192.168.1.2
>
>                         1:6 2kbit ceil 255kbit
>                         / \
>                        /   \
>  1kbit ceil 127kbit   1:7  1:8 1kbit ceil 128kbit
>
>                pfifo  1:9  1:10 sfq
>
> And soo on 255 times...
Ok.

> I now the rate of the classes add up to be more than the total BW but since
> i am doing that for 2 ADSL working with multipath (loadbalanding) routing,
> i think there will never be all users using one interface. Dont know if my
> assumption is right..
Nothing bad will hapen if you have wrong rates for the parent.

I have a remark.  You add the class directly to the root class.  It's better 
to add 1 class to the root qdisc and add the other classes to that class.

> To end up i have to set up a hashing table to create all the filters. The
> script to create the structure is the one on the bottom. What do you think?
> Am i going in the right direction or did i just completly missed what you
> were having in mind..? ( I have not set up the hashing table for filters
> yet)
The idea is ok :)
But I can't remember why you give each IP 2 subclasses?  And why they can't 
use the full bandwidth ?


Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Lots amounts of classes to solve the DAP problem

[GoMi]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Because i want each IP to differ from interctive traffic and the rest. I have to change the ceil cuantity so they can get the full bw.
I dont get what you say about the root qdisc, i forgot to add to the script tc qdisc add dev $DEV root handle 1: htb :)


- -----Mensaje original-----
De: Stef Coene [mailto:stef.coene@docum.org] 
Enviado el: martes, 22 de abril de 2003 20:53
Para: GoMi
CC: lartc@mailman.ds9a.nl
Asunto: Re: [LARTC] Lots amounts of classes to solve the DAP problem


On Tuesday 22 April 2003 20:10, GoMi wrote:
> Stef, remember the problem about DAP users? i have written a little 
> scrip to create 255 classes each for an ip of my segment, what do you 
> think, am i mistaken anywhere? I am not sure i am getting the concept 
> right. The idea is Total BW is lets say 255kbit
>
>                    root 1:0
>
> User 192.168.1.1:
>
>                         1:1 2kbit ceil 255kbit
>                         / \
>                        /   \
>  1kbit ceil 127kbit   1:2  1:4 1kbit ceil 128kbit
>
>                pfifo  1:3  1:5 sfq
>
> User 192.168.1.2
>
>                         1:6 2kbit ceil 255kbit
>                         / \
>                        /   \
>  1kbit ceil 127kbit   1:7  1:8 1kbit ceil 128kbit
>
>                pfifo  1:9  1:10 sfq
>
> And soo on 255 times...
Ok.

> I now the rate of the classes add up to be more than the total BW but 
> since i am doing that for 2 ADSL working with multipath 
> (loadbalanding) routing, i think there will never be all users using 
> one interface. Dont know if my assumption is right..
Nothing bad will hapen if you have wrong rates for the parent.

I have a remark.  You add the class directly to the root class.  It's better 
to add 1 class to the root qdisc and add the other classes to that class.

> To end up i have to set up a hashing table to create all the filters. 
> The script to create the structure is the one on the bottom. What do 
> you think? Am i going in the right direction or did i just completly 
> missed what you were having in mind..? ( I have not set up the hashing 
> table for filters
> yet)
The idea is ok :)
But I can't remember why you give each IP 2 subclasses?  And why they can't 
use the full bandwidth ?


Stef

- -- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPqWQ8n7diNnrrZKsEQKuAwCfRsaAc0/yj15O8fy4t6V6SqdK8CAAoMzw
/MeQzjUfx2pPj+ehrgB2u984
=vNCD
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Lots amounts of classes to solve the DAP problem

[Stef Coene]

On Tuesday 22 April 2003 20:58, GoMi wrote:
> Because i want each IP to differ from interctive traffic and the rest. I
> have to change the ceil cuantity so they can get the full bw. I dont get
> what you say about the root qdisc, i forgot to add to the script tc qdisc
> add dev $DEV root handle 1: htb :)
I mean this :

1:
  1:1 with rate = ceil = link bandwidth
     1:2 IP1
     1:3 IP2
     etc

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Lots amounts of classes to solve the DAP problem

[GoMi]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have finally worked a solution for egress traffic, but now i am a bit troubled with ingress with IMQ due to SNAT
Here is my script, i have tried lots of combinations but with IMQ, the filters do not filter to the classes at all. 
I am pretty sure its because of the SNAT i am doing. Any one nows how to work around this problem?

I attach the script:

UPLINK00
DEV=eth2 
IDEV=imq1 
IQDEV=1

tc qdisc add dev $DEV root handle 1:0 htb default 766
tc class add dev $DEV parent 1:0 classid 1:1 htb rate 300kbit ceil 300kbit

tc qdisc add dev ${IDEV} handle 1: root htb default 766
tc class add dev ${IDEV} parent 1: classid 1:1 htb rate 1900kbit ceil 1900kbit

echo "Qdisc primario 1:1 [OK]"

for ((a=2;a<766;a=a+3))
do
   tc class add dev $DEV parent 1:1 classid 1:$a htb rate 2kbit ceil 300kbit
   tc class add dev ${IDEV} parent 1:1 classid 1:$a htb rate 2kbit ceil 1900kbit

done

for ((a=2,b=3;a<766;a=a+3,b=b+3))
do
   tc class add dev $DEV parent 1:$a classid 1:$b htb rate 1kbit ceil 300kbit
   tc qdisc add dev $DEV parent 1:$b handle $b: pfifo

   tc class add dev ${IDEV} parent 1:$a classid 1:$b htb rate 1kbit ceil 1900kbit
   tc qdisc add dev ${IDEV} parent 1:$b handle $b: pfifo

done
echo "Clases interactivas y Qdiscs [OK]"

for ((a=2,b=4;a<766;a=a+3,b=b+3))
do
   tc class add dev $DEV parent 1:$a classid 1:$b htb rate 1kbit ceil 300kbit
   tc qdisc add dev $DEV parent 1:$b handle $b: sfq perturb 10

   tc class add dev ${IDEV} parent 1:$a classid 1:$b htb rate 1kbit ceil 1900kbit
   tc qdisc add dev ${IDEV} parent 1:$b handle $b: sfq perturb 10

done
echo "Clases no-interactivas y Qdiscs [OK]"

for ((a=2,b=3,c=4;a<256;a++,b=b+3,c=c+3))
 do
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p icmp -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p tcp --dport :1024 -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p tcp --dport 1024: -j MARK --set-mark $c
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p udp --dport :1024 -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p udp --dport 1024: -j MARK --set-mark $c

  iptables -t mangle -A PREROUTING -d 192.168.2.$a -p icmp -j MARK --set-mark $b
  iptables -t mangle -A PREROUTING -d 192.168.2.$a -p tcp --sport :1024 -j MARK --set-mark $b
  iptables -t mangle -A PREROUTING -d 192.168.2.$a -p tcp --sport 1024: -j MARK --set-mark $c
  iptables -t mangle -A PREROUTING -d 192.168.2.$a -p udp --sport :1024 -j MARK --set-mark $b
  iptables -t mangle -A PREROUTING -d 192.168.2.$a -p udp --sport 1024: -j MARK --set-mark $c

  tc filter add dev $DEV protocol ip parent 1:0 handle $b fw flowid 1:$b
  tc filter add dev $DEV protocol ip parent 1:0 handle $c fw flowid 1:$c

  tc filter add dev $IDEV protocol ip parent 1:0 handle $b fw flowid 1:$b
  tc filter add dev $IDEV protocol ip parent 1:0 handle $c fw flowid 1:$c

done
echo "MANGLE y FILTROS [OK]" DEV=eth0

iptables -t mangle -A POSTROUTING -o eth3 -j IMQ --todev ${IQDEV}

ip link set ${IDEV} up
ip link set ${DEV} txqueue 30


- -----Mensaje original-----
De: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] En nombre de Stef Coene
Enviado el: martes, 22 de abril de 2003 21:06
Para: GoMi
CC: lartc@mailman.ds9a.nl
Asunto: Re: [LARTC] Lots amounts of classes to solve the DAP problem


On Tuesday 22 April 2003 20:58, GoMi wrote:
> Because i want each IP to differ from interctive traffic and the rest. 
> I have to change the ceil cuantity so they can get the full bw. I dont 
> get what you say about the root qdisc, i forgot to add to the script 
> tc qdisc add dev $DEV root handle 1: htb :)
I mean this :

1:
  1:1 with rate = ceil = link bandwidth
     1:2 IP1
     1:3 IP2
     etc

Stef

- -- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPqaK637diNnrrZKsEQI0LgCgwVy/IzJ8JYiSRbfKNGLf8kXMIhwAoPae
nzZ18637z02Pedi4NXSleWNg
=GbCa
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Lots amounts of classes to solve the DAP problem

[Stef Coene]

On Wednesday 23 April 2003 14:45, GoMi wrote:
> I have finally worked a solution for egress traffic, but now i am a bit
> troubled with ingress with IMQ due to SNAT Here is my script, i have tried
> lots of combinations but with IMQ, the filters do not filter to the classes
> at all. I am pretty sure its because of the SNAT i am doing. Any one nows
> how to work around this problem?
So the filters for the eth2 device are working?
Mhh.  You put all packets leaving eth3 in the imq1 device?  Why not shaping on 
the eth3 device???

I have some other remarks.  You will get some warnings in your kernel log 
about quantum too low.  That's because you have 1kbit rate.  You can solve 
this by specifying a quantum if you add the htb class.  The minimum quantum 
is MTU bytes.
Also the pfifo.  I'm not sure how and if this will work.  It's possbile that 
the default size of the pfifo is too small.

I snipped your almost perfect script to save some bandwidth :)

> ip link set ${IDEV} up
> ip link set ${DEV} txqueue 30
I'm not sure if this is going to change anything.  As fas as I can remember, 
you replaced the default queue with something else so the inital depth of 
that queue doesn't mather anymore.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Lots amounts of classes to solve the DAP problem

[GoMi]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stef, let me explain the full scenario:

Two 2mbit adsl's with to ethernets to them eth0 and eth2
A third ethernet card going to my switch eth3

I red you last email, and i set up a configuration to shape eth3 as well unstead of using IMQ

I attach the three scripts for all the interfaces. The thing is, when the DAP programs start to download,
The interactive traffic does not get the rate guarated, i am really falling into desesperation here :(
Thanks for your patience :)

#!/bin/bash
UPLINK00
DEV=eth0

tc qdisc add dev $DEV root handle 1:0 htb default 766
tc class add dev $DEV parent 1:0 classid 1:1 htb rate 300kbit ceil 300kbit

echo "Qdisc primario 1:1 [OK]"

for ((a=2;a<766;a=a+3))
do
   tc class add dev $DEV parent 1:1 classid 1:$a htb rate 2kbit ceil 300kbit
done

for ((a=2,b=3;a<766;a=a+3,b=b+3))
do
   tc class add dev $DEV parent 1:$a classid 1:$b htb rate 1kbit ceil 300kbit
   tc qdisc add dev $DEV parent 1:$b handle $b: pfifo
done
echo "Clases interactivas y Qdiscs [OK]"

for ((a=2,b=4;a<766;a=a+3,b=b+3))
do
   tc class add dev $DEV parent 1:$a classid 1:$b htb rate 1kbit ceil 300kbit
   tc qdisc add dev $DEV parent 1:$b handle $b: sfq perturb 10
done
echo "Clases no-interactivas y Qdiscs [OK]"

for ((a=2,b=3,c=4;a<256;a++,b=b+3,c=c+3))
 do
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p icmp -j MARK --set-mark $b

  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p tcp --dport :1024 -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p tcp --dport 1024: -j MARK --set-mark $c

  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p udp --dport :1024 -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p udp --dport 1024: -j MARK --set-mark $c

  iptables -t mangle -I PREROUTING -s 192.168.2.$a -i eth3 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark $b

  tc filter add dev $DEV protocol ip parent 1:0 handle $b fw flowid 1:$b
  tc filter add dev $DEV protocol ip parent 1:0 handle $c fw flowid 1:$c
done
echo "MANGLE y FILTROS [OK]"

######################################

#!/bin/bash
UPLINK00
DEV=eth2

tc qdisc add dev $DEV root handle 1:0 htb default 766
tc class add dev $DEV parent 1:0 classid 1:1 htb rate 300kbit ceil 300kbit

echo "Qdisc primario 1:1 [OK]"

for ((a=2;a<766;a=a+3))
do
   tc class add dev $DEV parent 1:1 classid 1:$a htb rate 2kbit ceil 300kbit
done

for ((a=2,b=3;a<766;a=a+3,b=b+3))
do
   tc class add dev $DEV parent 1:$a classid 1:$b htb rate 1kbit ceil 300kbit
   tc qdisc add dev $DEV parent 1:$b handle $b: pfifo
done
echo "Clases interactivas y Qdiscs [OK]"

for ((a=2,b=4;a<766;a=a+3,b=b+3))
do
   tc class add dev $DEV parent 1:$a classid 1:$b htb rate 1kbit ceil 300kbit
   tc qdisc add dev $DEV parent 1:$b handle $b: sfq perturb 10
done
echo "Clases no-interactivas y Qdiscs [OK]"

for ((a=2,b=3,c=4;a<256;a++,b=b+3,c=c+3))
 do
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p icmp -j MARK --set-mark $b

  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p tcp --dport :1024 -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p tcp --dport 1024: -j MARK --set-mark $c

  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p udp --dport :1024 -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p udp --dport 1024: -j MARK --set-mark $c

  iptables -t mangle -I PREROUTING -s 192.168.2.$a -i eth3 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark $b

  tc filter add dev $DEV protocol ip parent 1:0 handle $b fw flowid 1:$b
  tc filter add dev $DEV protocol ip parent 1:0 handle $c fw flowid 1:$c
done
echo "MANGLE y FILTROS [OK]"

##########################################

#!/bin/bash
UPLINK@00
DEV=eth3

tc qdisc add dev $DEV root handle 1:0 htb default 766
tc class add dev $DEV parent 1:0 classid 1:1 htb rate 4mbit ceil 4mbit

echo "Qdisc primario 1:1 [OK]"

for ((a=2;a<766;a=a+3))
do
   tc class add dev $DEV parent 1:1 classid 1:$a htb rate 10kbit ceil 2mbit
done

for ((a=2,b=3;a<766;a=a+3,b=b+3))
do
   tc class add dev $DEV parent 1:$a classid 1:$b htb rate 5kbit ceil 2mbit
   tc qdisc add dev $DEV parent 1:$b handle $b: pfifo
done
echo "Clases interactivas y Qdiscs [OK]"

for ((a=2,b=4;a<766;a=a+3,b=b+3))
do
   tc class add dev $DEV parent 1:$a classid 1:$b htb rate 5kbit ceil 2mbit
   tc qdisc add dev $DEV parent 1:$b handle $b: sfq perturb 10
done
echo "Clases no-interactivas y Qdiscs [OK]"

for ((a=2,b=3,c=4;a<256;a++,b=b+3,c=c+3))
 do
  iptables -t mangle -A FORWARD -d 192.168.2.$a -i eth3 -p icmp -j MARK --set-mark $b

  iptables -t mangle -A FORWARD -d 192.168.2.$a -i ! eth3 -p tcp --sport :1024 -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -d 192.168.2.$a -i ! eth3 -p tcp --sport 1024: -j MARK --set-mark $c

  iptables -t mangle -A FORWARD -d 192.168.2.$a -i ! eth3 -p udp --sport :1024 -j MARK --set-mark $b
  iptables -t mangle -A FORWARD -d 192.168.2.$a -i ! eth3 -p udp --sport 1024: -j MARK --set-mark $c

  iptables -t mangle -I PREROUTING -s 192.168.2.$a -i ! eth3 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark $b

  tc filter add dev $DEV protocol ip parent 1:0 handle $b fw flowid 1:$b
  tc filter add dev $DEV protocol ip parent 1:0 handle $c fw flowid 1:$c
done
echo "MANGLE y FILTROS [OK]"

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPqcACH7diNnrrZKsEQKvcQCgp05O299MzoOaaXo2SeY7RWjetU8AoIjM
QR4cewMIL+r/u0mZZlivwNa/
¿Sa
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Lots amounts of classes to solve the DAP problem

[GoMi]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there stef, since it does not work with the set up i sent you, i am thinking in changing the qdiscs to esfq. I will try that today and see what happens. Another question.. With the scripts i sent to the mailing list, there is an enormous amount of rules in the PREROUTING mangle section. Since each user has 1 class and those classes 2 marks to distinguish between interactive and noninteractive traffic. Thats more than 500 entries. I am not sure if thats a bit "too mutch" so i thought adding filters on eth0 and eth2 in the root qdisc and then based on the src address send it to the class, and there have tc filtres based on marks, that way i would have 250 filters on the root chain to a their class, and then 2 more filters in each class, having only 2 -J MARK entries in the mangle chain to mark pachets. The problem is i am doing SNAT and the EGRESS QDISC is applied after the SNAT so the tc filter based on src address do not work at all. Any idea how to solve that?

- -----Mensaje original-----
De: Stef Coene [mailto:stef.coene@docum.org] 
Enviado el: miércoles, 23 de abril de 2003 22:29
Para: GoMi
CC: lartc@mailman.ds9a.nl
Asunto: Re: [LARTC] Lots amounts of classes to solve the DAP problem


On Wednesday 23 April 2003 14:45, GoMi wrote:
> I have finally worked a solution for egress traffic, but now i am a 
> bit troubled with ingress with IMQ due to SNAT Here is my script, i 
> have tried lots of combinations but with IMQ, the filters do not 
> filter to the classes at all. I am pretty sure its because of the SNAT 
> i am doing. Any one nows how to work around this problem?
So the filters for the eth2 device are working?
Mhh.  You put all packets leaving eth3 in the imq1 device?  Why not shaping on 
the eth3 device???

I have some other remarks.  You will get some warnings in your kernel log 
about quantum too low.  That's because you have 1kbit rate.  You can solve 
this by specifying a quantum if you add the htb class.  The minimum quantum 
is MTU bytes.
Also the pfifo.  I'm not sure how and if this will work.  It's possbile that 
the default size of the pfifo is too small.

I snipped your almost perfect script to save some bandwidth :)

> ip link set ${IDEV} up
> ip link set ${DEV} txqueue 30
I'm not sure if this is going to change anything.  As fas as I can remember, 
you replaced the default queue with something else so the inital depth of 
that queue doesn't mather anymore.

Stef

- -- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPqfwy37diNnrrZKsEQK8VgCeMeBT6yB4P7yRzXjPNxJOtelmLX8AnAmP
W2MMkuC/CU2KeqiK+dHx8MSG
=Hy+u
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Lots amounts of classes to solve the DAP problem

[Stef Coene]

On Thursday 24 April 2003 16:12, GoMi wrote:
> Hi there stef, since it does not work with the set up i sent you, i am
> thinking in changing the qdiscs to esfq. I will try that today and see what
> happens. Another question.. With the scripts i sent to the mailing list,
> there is an enormous amount of rules in the PREROUTING mangle section.
> Since each user has 1 class and those classes 2 marks to distinguish
> between interactive and noninteractive traffic. Thats more than 500
> entries. I am not sure if thats a bit "too mutch" so i thought adding
> filters on eth0 and eth2 in the root qdisc and then based on the src
> address send it to the class, and there have tc filtres based on marks,
> that way i would have 250 filters on the root chain to a their class, and
> then 2 more filters in each class, having only 2 -J MARK entries in the
> mangle chain to mark pachets. The problem is i am doing SNAT and the EGRESS
> QDISC is applied after the SNAT so the tc filter based on src address do
> not work at all. Any idea how to solve that?
You can only solve that problem with the fw filter.  But you can use the fw 
filter in a special way.  If you add 1 fw filter with no options, the mark is 
used to classify the packets.  So if you have a packet with mark 10, it will 
placed in class x:10.  So you only have the 500 iptables rules and only 1 
filter rule.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Lots amounts of classes to solve the DAP problem

[Rio Martin.]

----- Original Message -----
From: Stef Coene <stef.coene@docum.org>
> On Thursday 24 April 2003 16:12, GoMi wrote:
> > Hi there stef, since it does not work with the set up i sent you, i am
> > thinking in changing the qdiscs to esfq. I will try that today and see
what

GoMi, i agreed with you.
I am having trouble with HTB qdisc also, since i cant solved it yet, i plan
to change the way i shape with CBQ qdisc..

In CBQ qdisc i also have another trouble, i set all children able to borrow
from their parent (unbounded), but they borrow as much as ethernet speed
have or in other words they got 100Mbit access.
I am still working on it, and try to find where the mistake is..

Regards,
Rio Martin.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Lots amounts of classes to solve the DAP problem

[Paul Evans]

Hi Stef,

On April 25, 2003 13:53 pm, Stef Coene wrote:
> You can only solve that problem with the fw filter.  But you can use the fw
> filter in a special way.  If you add 1 fw filter with no options, the mark
> is used to classify the packets.  So if you have a packet with mark 10, it
> will placed in class x:10.  So you only have the 500 iptables rules and
> only 1 filter rule.

You mean instead of a zillion of these:
$tc filter add dev $extif parent 1:0 protocol ip handle $var fw flowid 1:$var

It's just one of:
$tc filter add dev $extif parent 1:0 protocol ip fw 
?

I see it doesn't error, but I haven't tried it on the real thing yet.

Also, could I then add further filters *with* options and would they be 
honored? It'd be very cool if so.

I totally missed that info. Time to revisit ahu's doc I guess; I didn't see it 
on your site.

-- 
Regards, Paul Evans


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Lots amounts of classes to solve the DAP problem

[Stef Coene]

On Saturday 26 April 2003 06:50, Paul Evans wrote:
> Hi Stef,
>
> On April 25, 2003 13:53 pm, Stef Coene wrote:
> > You can only solve that problem with the fw filter.  But you can use the
> > fw filter in a special way.  If you add 1 fw filter with no options, the
> > mark is used to classify the packets.  So if you have a packet with mark
> > 10, it will placed in class x:10.  So you only have the 500 iptables
> > rules and only 1 filter rule.
>
> You mean instead of a zillion of these:
> $tc filter add dev $extif parent 1:0 protocol ip handle $var fw flowid
> 1:$var
>
> It's just one of:
> $tc filter add dev $extif parent 1:0 protocol ip fw
> ?
>
> I see it doesn't error, but I haven't tried it on the real thing yet.
It works.  If you add that filter, packets with mark 11 will end in class 
1:11.  Actually you use a bery fast hash key so you don't need to check all 
the filters.
But be aware.  Mark and classid is in hex.  So somtimes 10 is translated in to 
A.  So it's better to specify 0x10 for the mark so you are sure it's in hex.

> Also, could I then add further filters *with* options and would they be
> honored? It'd be very cool if so.
Yes.  You can iuse the fw filter to put the packets in a class.  And you can 
add extra filters to that class to classify the packets in sub classes :
1:0
  1:1
    1:10
    1:11

$tc filter add dev $extif parent 1:0 protocol ip handle $var fw 
$tc filter add dev $extif parent 1:10 blabla flowid 1:10
$tc filter add dev $extif parent 1:11 blabla flowid 1:11


> I totally missed that info. Time to revisit ahu's doc I guess; I didn't see
> it on your site.
I know it can be done, but I never checked it my self.  So if it works, let me 
know :)  And if it works, I create an extra fas and update the howto.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/