From: "Phill" <PedroPhill@seznam.cz>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] HTB - shaping services and IP
Date: Fri, 19 Sep 2003 06:49:54 +0000 [thread overview]
Message-ID: <marc-lartc-106395432508567@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106386774113974@msgid-missing>
WOW, thanks very much, I know I had some problems in understanding the
problem.
When I read my post I found out that it is sometimes not making sense,
sorry.
I am sending my currently working config.
It seems to be working, but I got some problems. When I start downloading
from
the web then the packets flow through class 1:11. And if I starts Dirrect
Connect(P2P)
downloading something. It gets limited to about 5-8kbytes, but I want it to
be something
like 1000kbit or less. That is my first problem.
The second problem is, that I want to make a limitation of speed to some
clients.
Lets say that user Phill won't download more then 64kbps. I don't know how
to do it.
That's why I was trying to selve it the way in previous email.
Thank you!!!!
Phill
#!/bin/sh
############################################################################
####
# HTB script made by phill
# mailto:phill@seznam.cz
############################################################################
####
LOCAL="imq0"
NET="ppp0"
CeilDownload\x170
CeilDouwnloadDC\x120 #max download speed for direct connect
CeilUpload–
CeilUploadDC\x16 #max upload speed for direct connect
############################################################################
####
#echo -n "Starting HTB..."
############################################################################
####
modprobe imq numdevs=1
ip link set imq0 up
############################################################################
####
# Download part ...
############################################################################
####
tc qdisc add dev $LOCAL root handle 1: htb default 14
tc class add dev $LOCAL parent 1: classid 1:1 htb rate ${CeilDownload}kbit
ceil ${CeilDownload}kbit
#11-->Fast-WWW,telnet,ssh,ping,...
tc class add dev $LOCAL parent 1:1 classid 1:11 htb rate 100kbit ceil
${CeilDownload}kbit prio 1 burst 15k quantum 100
#12-->Medium-eMail
tc class add dev $LOCAL parent 1:1 classid 1:12 htb rate 25kbit ceil ${
CeilDownload}kbit prio 2 burst 5k quantum 100
#13-->Slow-FTP
tc class add dev $LOCAL parent 1:1 classid 1:13 htb rate 25kbit ceil
${CeilDownload}kbit prio 3 burst 15k quantum 100
#14-->Other stuff-Default
tc class add dev $LOCAL parent 1:1 classid 1:14 htb rate 18kbit ceil
${CeilDownload}kbit prio 4 burst 5k quantum 100
#15-->DC,eDonkey
tc class add dev $LOCAL parent 1:1 classid 1:15 htb rate 2kbit ceil
${CeilDownloadDC}kbit prio 5 quantum 1
tc filter add dev $LOCAL parent 1:0 protocol ip prio 1 handle 1 fw classid
1:11
tc filter add dev $LOCAL parent 1:0 protocol ip prio 2 handle 2 fw classid
1:12
tc filter add dev $LOCAL parent 1:0 protocol ip prio 3 handle 3 fw classid
1:13
tc filter add dev $LOCAL parent 1:0 protocol ip prio 4 handle 4 fw classid
1:14
tc filter add dev $LOCAL parent 1:0 protocol ip prio 5 handle 5 fw classid
1:15
#sfq
tc qdisc add dev $LOCAL parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:13 handle 13: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:14 handle 14: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:15 handle 15: sfq perturb 10
#IPTABLES
#default
iptables -A PREROUTING -t mangle -j MARK --set-mark 0x4
#11
#WWW without squida
iptables -A PREROUTING -t mangle -p tcp --sport 80 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p tcp --sport 443 -j
MARK --set-mark 0x1
#WWW through squid <???>
#dont know how but lets say everything going to the router machine
will
#have this class. This works :->
iptables -A PREROUTING -t mangle -p tcp -s 192.168.1.1 -j
MARK --set-mark 0x1
#telnet
iptables -A PREROUTING -t mangle -p tcp --sport 23 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 23 -j
MARK --set-mark 0x1
#ssh
iptables -A PREROUTING -t mangle -p tcp --sport 22 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 22 -j
MARK --set-mark 0x1
#icmp
iptables -A PREROUTING -t mangle -p icmp -j MARK --set-mark 0x1
#dns
iptables -A PREROUTING -t mangle -p tcp --sport 53 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 53 -j
MARK --set-mark 0x1
#ack
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j MARK --set-mark 0x1
#12
#pop3
iptables -A PREROUTING -t mangle -p tcp --sport 110 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 110 -j MARK --set-mark
0x2
#smtp
iptables -A PREROUTING -t mangle -p tcp --sport 25 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 25 -j MARK --set-mark
0x2
#imap
iptables -A PREROUTING -t mangle -p tcp --sport 143 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 143 -j MARK --set-mark
0x2
#13
#ftp
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 20:21 -j
MARK --set-mark 0x3
#14
#Other stuff...DEFAULT!!!
#15
#DC 2 users, 2 ports 412,414
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 412 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 412 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 414 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 414 -j
MARK --set-mark 0x5
#eDonkey
iptables -A PREROUTING -t mangle -p tcp --sport 4662 -j MARK --set-mark
0x5
iptables -A PREROUTING -t mangle -p tcp --dport 4662 -j MARK --set-mark
0x5
############################################################################
####
# Download part ... OK
############################################################################
####
############################################################################
####
# Upload part ...
############################################################################
####
tc qdisc add dev $NET root handle 2: htb default 21
tc class add dev $NET parent 2: classid 2:1 htb rate ${CeilUpload}kbit
ceil ${CeilUpload}kbit
#11-->Fast-everything...Default
tc class add dev $NET parent 2:1 classid 2:11 htb rate 90kbit ceil
${CeilUpload}kbit prio 7 burst 15k
#12-->Slow-DC,edonkey upload
tc class add dev $NET parent 2:1 classid 2:12 htb rate 6kbit ceil
${CeilUploadDC}kbit prio 8 burst 5k quantum 1
tc filter add dev $NET parent 2:0 protocol ip prio 1 handle 1 fw classid
2:11
tc filter add dev $NET parent 2:0 protocol ip prio 5 handle 5 fw classid
2:12
############################################################################
####
# Upload part ... OK
############################################################################
####
iptables -t mangle -A PREROUTING -i ppp0 -j IMQ
echo " OK"
> Phill,
>
> : _____________________________________________ 160kbps/96kbps
_____
> : |imq0(eth1, eth2) Linux router with
NAT>ppp0|------------------------|ISP|
>
------------------------- -----
> : +|Roman| - 192.168.1.10 on eth1
> : +|Phill| - 192.168.2.10 on eth2
> : + ...
>
> I don't understand what you are trying to convey with the notes
"eth1/eth2"
> and 160kbps/96kbps part of the diagram, but the rest makes sense to me.
>
> I'm going to draw a picture of your traffic control structure to point out
> where I think your problem lies.
>
> root class
> + r/c 160kbit
> r 80kbit | r 80kbit
> c 160kbit +---------------+---------------+ c 160kbit
> Roman | | Phill
> +---------+---------+ +---------+---------+
> | ftp other | | other ftp |
> | | | |
> r 1kbit r 79kbit r 79kbit r 1kbit
> c 160kbit c 160kbit c 160kbit c 160kbit
>
>
> Note that you have four leaf classes. Two classes, each with a rate of
79kbit
> and two each with a rate of 1kbit (which HTB can't reasonably accomplish
[1],
> but your technique should work, anyway--keep reading).
>
> Several items of note.
>
> - HTB only performs shaping in the leaf classes. [2]
> - HTB rate is essentially treated as a CIR, and HTB will not
> check a parent class to see if a parent class is above its
> rate. [2]
> - The sum of the rates of your leaf classes is 160kbit. You have
> committed all of your bandwidth, and left nothing for borrowing or
> dynamic allocation.
>
> Try this instead:
>
> root class
> + r/c 160kbit
> r 80kbit | r 80kbit
> c 160kbit +---------------+---------------+ c 160kbit
> Roman | | Phill
> +---------+---------+ +---------+---------+
> | ftp other | | other ftp |
> | | | |
> r 1kbit r 40kbit r 40kbit r 1kbit
> c 160kbit c 160kbit c 160kbit c 160kbit
>
>
> With this sort of configuration, the borrowing model of HTB should
distribute
> the leftover bandwidth in a way that seems fairer to you. You have now
> guaranteed a total of 82kbit to your leaf classes and above that (sum of
the
> rates of the leaf classes), the leaf classes will try to borrow as much as
> they can up to ceil.
>
> : The point is, that I want to shape the speed of each client
> : and I want to shape the speed of the services the client uses.
> : I don't use iptables to mark the packets, because the use of IMQ,
> : but I know that there is a patch for this.
>
> I don't know what you mean in this paragraph.....
>
> [ snipped textual description ]
>
> : modprobe imq numdevs=1
> : ip link set imq0 up
> : $IPT -t mangle -A PREROUTING -i ppp0 -j IMQ
>
> Do you need to use IMQ? It's not a bad thing to use IMQ, but if your
router
> is a separate machine, you can simply attach the "download" shaper to the
> internal interface--the interface closest to Phill and Roman. [3]
>
> [ snipped start of script ]
>
> See notes above about the rate/ceil here.
>
> : ... parent 1:0 protocol ip u32 match ip dst 192.168.1.10 flowid 1:110
> : ... parent 1:110 protocol ip u32 match ip dst 192.168.1.10 flowid
1:1101
> : ... parent 1:110 protocol ip u32 match ip dport 20 0xffff flowid 1:1102
> : ... parent 1:110 protocol ip u32 match ip dport 21 0xffff flowid 1:1102
>
> See note above about IMQ necessity. In particular your u32 classifier
with
> "ip dport 21" will never match. Do you perhaps mean "ip sport 21"? Still
> probably not all that helpful. Your u32 classifier "ip dport 20" is
correct,
> but will only work for port mode connections. Check/search the LARTC
archives
> for a description of the problems involved with shaping FTP (port v.
passive
> mode data channel). [4]
>
> Best of luck,
>
> -Martin
>
> [1] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#sharing
> (see last paragraph, for mtu\x1500, r2q=1, 12kbit is minimum rate)
> [2] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#hsharing
> [3] http://www.docum.org/stef.coene/qos/faq/cache/9.html
> [4] http://www.google.com/search?q=site%3Amailman.ds9a.nl+ftp+shaping
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-09-19 6:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-18 6:47 [LARTC] HTB - shaping services and IP Phill
2003-09-19 4:56 ` Martin A. Brown
2003-09-19 6:49 ` Phill [this message]
2003-09-19 6:57 ` Phill
2003-09-21 5:22 ` Martin A. Brown
2003-09-21 6:25 ` Phill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106395432508567@msgid-missing \
--to=pedrophill@seznam.cz \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.