[LARTC] HTB class above the given limit

From: miller69@gmx.net
To: lartc@vger.kernel.org
Subject: [LARTC] HTB class above the given limit
Date: Thu, 07 Aug 2003 09:49:14 +0000	[thread overview]
Message-ID: <marc-lartc-106024985728516@msgid-missing> (raw)

Hi there,

i'm running a firewalling bridge with the following config:

Dual Athlon MP, 512MB RAM
3 ethernet interfaces (eth0<om 3c905B; eth1=Intel Ethernet Pro 100;
eth2=Realtek RTL8139)
Kernel 2.4.21 from kernel.org
HTB kernel part version 3.12
iptables 1.2.8
pom-20030710 (list of applied patches available on request)

The setup:
I've created a bridging interface (br0) that uses eth0 and eth2 as ports.
eth1 is for administration only. The following QoS config is applied:

tc qdisc add dev eth0 root handle 1:0 htb default 10
tc qdisc add dev eth2 root handle 2:0 htb default 10

tc class add dev eth0 parent 1:0 classid 1:1 htb rate 102400kbit ceil
102400kbit quantum 20000
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 102380kbit ceil
102400kbit prio 3 quantum 20000
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 20kbit ceil 100kbit
prio 5 quantum 2000

tc class add dev eth2 parent 2:0 classid 2:2 htb rate 102400kbit ceil
102400kbit quantum 20000
tc class add dev eth2 parent 2:2 classid 2:10 htb rate 102380kbit ceil
102400kbit prio 3 quantum 20000
tc class add dev eth2 parent 2:2 classid 2:12 htb rate 20kbit ceil 100kbit
prio 5 quantum 2000

After that I use a couple of iptables rules that identify p2p-traffic and
put a mark on the whole connection:
iptables -A FORWARD -t mangle -p tcp -j CONNMARK --restore-mark
iptables -A FORWARD -t mangle -p tcp -m mark ! --mark 0 -j ACCEPT
iptables -A FORWARD -t mangle -p tcp -m ipp2p --ipp2p -j MARK --set-mark 22
iptables -A FORWARD -t mangle -p tcp -m mark --mark 22 -j CONNMARK
--save-mark

Finally I classify marked packets to the existing HTB classes (and do some
logging):
1# iptables -A POSTROUTING -t mangle -o eth0 -m mark --mark 22 -j CLASSIFY
--set-class 1:12
2# iptables -A POSTROUTING -t mangle -o eth0 -j ACCEPT
3# iptables -A POSTROUTING -t mangle -o eth2 -m mark --mark 22 -j CLASSIFY
--set-class 2:12
4# iptables -A POSTROUTING -t mangle -o eth2 -j ACCEPT

This setup works almost perfect but when I calculate the used bandwidth per
second for class 1:12 it is slightly above the given limit of 100kbits. I
counted the bytes for 24 hours for rule 1# and calculated the average transfer
rate per second and came to something near 123,3 kbit/sec. After that I did
another 24h test using rate 20kbit and ceil 50kbit for classes 1:12 & 2:12 and
calculated the average throughput again. I came up to 61,3kbit/sec. If
compare these results this heavily stressed class is in both tests 23% above the
given ceil. For class 2:12 the limit is meet (49,1 kbit/sec in test 2) but this
class is not as stressed as 1:12 is.

Can you help me out on this? I don't believe it's wanted that way, is it?

Cheers,
Mike

-- 
COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test
--------------------------------------------------
1. GMX TopMail - Platz 1 und Testsieger!
2. GMX ProMail - Platz 2 und Preis-Qualitätssieger!
3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/