From: "Chijioke Kalu" <kchijioke@msn.com>
To: lartc@vger.kernel.org
Subject: [LARTC] Parent rate=ceil Limit not respected
Date: Sun, 09 Nov 2003 06:26:21 +0000 [thread overview]
Message-ID: <marc-lartc-106835933327390@msgid-missing> (raw)
[-- Attachment #1: Type: text/plain, Size: 1138 bytes --]
Hi Stef, lo all,
Am hoping someone could have the time to look at my simple script, it
basically tries to restrict users based on their ip, but I also incorporated
the hints given by Stef on being able to allow local traffic unrestricted.
no iptable marking (fw filter) is used, just tc.
I see traffic passing thru all the classes when ever those systems are in
use.
Ave done some stress test on the local traffic by plugging p2p/web crawlers
on the LAN of one of the systems, each time i notice that the parent ceil
limit is being broken.
I have met the one major requirement, sum of child classes rate <= parent
rate. I dont know what else i might be doing wrong, once placed perturb to
1, and internally(kernel) am using PSCHED_CPU and a sfq buffer length of 15
as against 128. (notes on docum.org) to try and increase speed. (Processor
has TSC flag)
Would be much obliged on any comments/improvements i can make on the script.
Using kernel 2.4.22
TIA
K
_________________________________________________________________
MSN Shopping upgraded for the holidays! Snappier product search...
http://shopping.msn.com
[-- Attachment #2: rc.qosv4.txt --]
[-- Type: text/plain, Size: 5907 bytes --]
#!/bin/bash
#
# rc.qos - GPL ver 0.04 (rate limiting specific ip's on a LAN)
# <kchijioke@msn.com>
#
# TODO:
# 1) make auto-startable
# 2) place command line arguments
# 3) make generic, this gonna be a hardone ;)
# 4) improve QoS, attempt DiffServ again
# 5) incorporate SQUID, include upload traffic control
# 6) auto determine bandwidth per ip
#
# Acknowledgements:
# Much thanks to Stef, Alex, Clouter and Ahu
# Special thanks to reeler@#lartc for pointing out the not so obvious (in
my case) ;)
#
# Schematic
# ---------
#
# _________root 1:0_______
# / \
# local (10mbit) Internet (90kbit)
# 1:2 1:3
# (h=handle 5) |
# |
# --------------+-----------------------------------
# / | | | |
\
# 1:10 1:11 1:12 1:13 1:...
1:50
# (high priority) (sys 1) (sys 2) (sys 3) (sys ...)
(default)
# (h10) (h11) (h12) (h13) (h...)
(h50)
#
#set -x
# LAN Interface ( Download )
# delete/create root class
tc qdisc del dev eth1 root 2> /dev/null
tc qdisc add dev eth1 root handle 1: htb default 50 r2q 1
# create local class
tc class add dev eth1 parent 1: classid 1:2 htb rate 10mbit ceil 10mbit
# create internet class #ceil 86
tc class add dev eth1 parent 1: classid 1:3 htb rate 86Kbit ceil 90Kbit
# create high priority class in internet class for ack, icmp packets #ceil
82
tc class add dev eth1 parent 1:3 classid 1:10 htb rate 5Kbit ceil 82Kbit
prio 0
# create 20 system classes in internet class, sys01 - sys20 ( 1:11 - 1:30 )
#ceil 82
for LOOP in `seq 11 30`
do
tc class add dev eth1 parent 1:3 classid 1:$[$LOOP] htb \
rate 4Kbit ceil 82Kbit prio 2
done
# default class #ceil 80
tc class add dev eth1 parent 1:3 classid 1:50 htb rate 2Kbit ceil 80Kbit
prio 3
# do qdisc attachment # perturb 10
tc qdisc add dev eth1 parent 1:2 handle 5: sfq perturb 10
for LOOP in `seq 10 30`
do
tc qdisc add dev eth1 parent 1:$[$LOOP] handle $[$LOOP]: sfq \
perturb 10
done
tc qdisc add dev eth1 parent 1:50 handle 50: sfq perturb 10
# filter rules
# 10mbit local traffic matched
tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip src
192.168.0.0/24 classid 1:2
# any other thing not matched to classid 1:3 ( must be from internet bound )
# 90Kbit Internet traffic match
tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip tos 0 0
classid 1:3
# High priority class 1:10 filter
tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 10 fw classid
1:10
# (1:10 is high priority class in internet class)
# TOS minimum delay in 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip tos 0x10 0xff flowid 1:10
# UDP Traffic in 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip protocol 17 0xff \
match ip dport 53 0xffff flowid 1:10
# ICMP (ip protocol 1) Set class to 1:10 to impress friends
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the 1:10 class
# ACKs on packets < 64 bytes
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
flowid 1:10
# remaining filters for sys01 - sys20
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.106/32 flowid 1:11
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.107/32 flowid 1:12
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.108/32 flowid 1:13
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.109/32 flowid 1:14
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.110/32 flowid 1:15
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.111/32 flowid 1:16
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.112/32 flowid 1:17
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.113/32 flowid 1:18
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.114/32 flowid 1:19
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.121/32 flowid 1:20
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.122/32 flowid 1:21
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.123/32 flowid 1:22
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.124/32 flowid 1:23
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.125/32 flowid 1:24
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.126/32 flowid 1:25
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.127/32 flowid 1:26
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.128/32 flowid 1:27
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.130/32 flowid 1:28
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.129/32 flowid 1:29
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.104/32 flowid 1:30
tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 50 fw classid
1:50
# end of LAN interface ( download ) script
next reply other threads:[~2003-11-09 6:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-09 6:26 Chijioke Kalu [this message]
2003-11-10 17:43 ` [LARTC] Parent rate=ceil Limit not respected Stef Coene
2003-11-10 18:46 ` Chijioke Kalu
2003-11-10 18:58 ` Stef Coene
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106835933327390@msgid-missing \
--to=kchijioke@msn.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.