Re: [LARTC] htb not hard limiting correctly

From: Abraham van der Merwe <abz@frogfoot.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] htb not hard limiting correctly
Date: Mon, 22 Sep 2003 16:58:34 +0000	[thread overview]
Message-ID: <marc-lartc-106425013811326@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106414342521006@msgid-missing>

Hi Mahmoud                                       >@2003.09.22_11:44:01_+0200

(a) You can't put it in PREROUTING - the CLASSIFY patch don't allow that:

from net/ipv4/netfilter/ipt_CLASSIFY.c:

------------< snip <------< snip <------< snip <------------
    if (hook_mask & ~(1 << NF_IP_POST_ROUTING)) {
        printk(KERN_ERR "CLASSIFY: only valid in POST_ROUTING.\n");
        return 0;
    }
------------< snip <------< snip <------< snip <------------

Would you mind telling me why you suggested PREROUTING?

(b)

I discovered some serious problems in my ruleset below which I fixed in the
meantime (Notice all the qdiscs have the same major id - they're supposed to
be unique for each qdisc, i.e. the sfq qdisc's and the two htb qdisc's
should have different major numbers)

(c)

One thing I discovered as well is that if all traffic goes through one of
our backup links, the line is so congested that I still get around double
the traffic incoming on the qos box itself. If I check on a box behind it
you can see that that class is shaped correctly, the requests are just
flooding in at such a pace that it still eats up twice the bandwidth!

> I am not sure, but I think if you classify your packet in PREROUTING chain 
> it will works fine
> 
> > Hi!
> > 
> > This morning one of our major links died and suddenly I was streaming 1mbit
> > of traffic through 256kbit (one of our backup links), but it just doesn't
> > work. The client is still doing in the region of 350kbit/s (the link
> > capacity is 512kbit). Here is my config:
> > 
> > ------------< snip <------< snip <------< snip <------------
> > tc qdisc add dev eth1 root handle 1: htb default 4 r2q 5
> > tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit
> > tc class add dev eth1 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1
> > tc qdisc add dev eth1 handle 2: parent 1:2 sfq perturb 10 limit 84
> > tc class add dev eth1 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3
> > tc qdisc add dev eth1 handle 3: parent 1:3 sfq perturb 10 limit 42
> > tc class add dev eth1 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2
> > tc qdisc add dev eth1 handle 4: parent 1:4 sfq perturb 10 limit 84
> > tc qdisc add dev eth0 root handle 1: htb default 4 r2q 5
> > tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit
> > tc class add dev eth0 parent 1:1 classid 1:2 htb rate 320kbit ceil 512kbit prio 1
> > tc qdisc add dev eth0 handle 2: parent 1:2 sfq perturb 10 limit 84
> > tc class add dev eth0 parent 1:1 classid 1:3 htb rate 64kbit ceil 256kbit prio 3
> > tc qdisc add dev eth0 handle 3: parent 1:3 sfq perturb 10 limit 42
> > tc class add dev eth0 parent 1:1 classid 1:4 htb rate 128kbit ceil 512kbit prio 2
> > tc qdisc add dev eth0 handle 4: parent 1:4 sfq perturb 10 limit 84
> > ------------< snip <------< snip <------< snip <------------
> > 
> > I'm tagging packets with the netfilter CLASSIFY patch. I've got a
> > user-defined chain in the mangle table and I redirect all traffic from the
> > POSTROUTING chain into that and add rules like this:
> > 
> > iptables -t mangle -N qos
> > iptables -t mangle -A POSTROUTING -j qos
> > 
> > and then these rules for the ftc rules above:
> > 
> > ------------< snip <------< snip <------< snip <------------
> > iptables -t mangle -A qos -o eth1 -d 66.8.28.92/30 -j CLASSIFY --set-class 1:2
> > iptables -t mangle -A qos -o eth1 -d 66.8.28.160/27 -j CLASSIFY --set-class 1:2
> > iptables -t mangle -A qos -o eth1 -d 168.210.55.0/24 -j CLASSIFY --set-class 1:2
> > iptables -t mangle -A qos -o eth1 -d 168.210.54.80/29 -j CLASSIFY --set-class 1:2
> > iptables -t mangle -A qos -o eth1 -d 168.210.56.0/24 -j CLASSIFY --set-class 1:3
> > iptables -t mangle -A qos -o eth1 -d 66.8.28.32/27 -j CLASSIFY --set-class 1:3
> > iptables -t mangle -A qos -o eth0 -s 66.8.28.92/30 -j CLASSIFY --set-class 1:2
> > iptables -t mangle -A qos -o eth0 -s 66.8.28.160/27 -j CLASSIFY --set-class 1:2
> > iptables -t mangle -A qos -o eth0 -s 168.210.55.0/24 -j CLASSIFY --set-class 1:2
> > iptables -t mangle -A qos -o eth0 -s 168.210.54.80/29 -j CLASSIFY --set-class 1:2
> > iptables -t mangle -A qos -o eth0 -s 168.210.56.0/24 -j CLASSIFY --set-class 1:3
> > iptables -t mangle -A qos -o eth0 -s 66.8.28.32/27 -j CLASSIFY --set-class 1:3
> > ------------< snip <------< snip <------< snip <------------
> > 
> > The class which is not shaping correctly is 1:3 - it has a rate of 64kbit
> > and a ceil of 256kbit so it should be limited to 256kbit even if there is
> > 512kbit of traffic available.
> > 
> > Any ideas what I did wrong or is this a bug?
> > 
> > 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 

-- 

Regards
 Abraham

But Officer, I stopped for the last one, and it was green!

___________________________________________________
 Abraham vd Merwe - Frogfoot Networks CC
 9 Kinnaird Court, 33 Main Street, Newlands, 7700
 Phone: +27 21 686 1665 Cell: +27 82 565 4451
 Http: http://www.frogfoot.net/ Email: abz@frogfoot.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/