* [LARTC] Parent rate=ceil Limit not respected
@ 2003-11-09 6:26 Chijioke Kalu
2003-11-10 17:43 ` Stef Coene
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Chijioke Kalu @ 2003-11-09 6:26 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1138 bytes --]
Hi Stef, lo all,
Am hoping someone could have the time to look at my simple script, it
basically tries to restrict users based on their ip, but I also incorporated
the hints given by Stef on being able to allow local traffic unrestricted.
no iptable marking (fw filter) is used, just tc.
I see traffic passing thru all the classes when ever those systems are in
use.
Ave done some stress test on the local traffic by plugging p2p/web crawlers
on the LAN of one of the systems, each time i notice that the parent ceil
limit is being broken.
I have met the one major requirement, sum of child classes rate <= parent
rate. I dont know what else i might be doing wrong, once placed perturb to
1, and internally(kernel) am using PSCHED_CPU and a sfq buffer length of 15
as against 128. (notes on docum.org) to try and increase speed. (Processor
has TSC flag)
Would be much obliged on any comments/improvements i can make on the script.
Using kernel 2.4.22
TIA
K
_________________________________________________________________
MSN Shopping upgraded for the holidays! Snappier product search...
http://shopping.msn.com
[-- Attachment #2: rc.qosv4.txt --]
[-- Type: text/plain, Size: 5907 bytes --]
#!/bin/bash
#
# rc.qos - GPL ver 0.04 (rate limiting specific ip's on a LAN)
# <kchijioke@msn.com>
#
# TODO:
# 1) make auto-startable
# 2) place command line arguments
# 3) make generic, this gonna be a hardone ;)
# 4) improve QoS, attempt DiffServ again
# 5) incorporate SQUID, include upload traffic control
# 6) auto determine bandwidth per ip
#
# Acknowledgements:
# Much thanks to Stef, Alex, Clouter and Ahu
# Special thanks to reeler@#lartc for pointing out the not so obvious (in
my case) ;)
#
# Schematic
# ---------
#
# _________root 1:0_______
# / \
# local (10mbit) Internet (90kbit)
# 1:2 1:3
# (h=handle 5) |
# |
# --------------+-----------------------------------
# / | | | |
\
# 1:10 1:11 1:12 1:13 1:...
1:50
# (high priority) (sys 1) (sys 2) (sys 3) (sys ...)
(default)
# (h10) (h11) (h12) (h13) (h...)
(h50)
#
#set -x
# LAN Interface ( Download )
# delete/create root class
tc qdisc del dev eth1 root 2> /dev/null
tc qdisc add dev eth1 root handle 1: htb default 50 r2q 1
# create local class
tc class add dev eth1 parent 1: classid 1:2 htb rate 10mbit ceil 10mbit
# create internet class #ceil 86
tc class add dev eth1 parent 1: classid 1:3 htb rate 86Kbit ceil 90Kbit
# create high priority class in internet class for ack, icmp packets #ceil
82
tc class add dev eth1 parent 1:3 classid 1:10 htb rate 5Kbit ceil 82Kbit
prio 0
# create 20 system classes in internet class, sys01 - sys20 ( 1:11 - 1:30 )
#ceil 82
for LOOP in `seq 11 30`
do
tc class add dev eth1 parent 1:3 classid 1:$[$LOOP] htb \
rate 4Kbit ceil 82Kbit prio 2
done
# default class #ceil 80
tc class add dev eth1 parent 1:3 classid 1:50 htb rate 2Kbit ceil 80Kbit
prio 3
# do qdisc attachment # perturb 10
tc qdisc add dev eth1 parent 1:2 handle 5: sfq perturb 10
for LOOP in `seq 10 30`
do
tc qdisc add dev eth1 parent 1:$[$LOOP] handle $[$LOOP]: sfq \
perturb 10
done
tc qdisc add dev eth1 parent 1:50 handle 50: sfq perturb 10
# filter rules
# 10mbit local traffic matched
tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip src
192.168.0.0/24 classid 1:2
# any other thing not matched to classid 1:3 ( must be from internet bound )
# 90Kbit Internet traffic match
tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip tos 0 0
classid 1:3
# High priority class 1:10 filter
tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 10 fw classid
1:10
# (1:10 is high priority class in internet class)
# TOS minimum delay in 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip tos 0x10 0xff flowid 1:10
# UDP Traffic in 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip protocol 17 0xff \
match ip dport 53 0xffff flowid 1:10
# ICMP (ip protocol 1) Set class to 1:10 to impress friends
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the 1:10 class
# ACKs on packets < 64 bytes
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
flowid 1:10
# remaining filters for sys01 - sys20
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.106/32 flowid 1:11
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.107/32 flowid 1:12
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.108/32 flowid 1:13
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.109/32 flowid 1:14
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.110/32 flowid 1:15
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.111/32 flowid 1:16
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.112/32 flowid 1:17
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.113/32 flowid 1:18
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.114/32 flowid 1:19
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.121/32 flowid 1:20
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.122/32 flowid 1:21
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.123/32 flowid 1:22
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.124/32 flowid 1:23
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.125/32 flowid 1:24
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.126/32 flowid 1:25
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.127/32 flowid 1:26
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.128/32 flowid 1:27
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.130/32 flowid 1:28
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.129/32 flowid 1:29
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst
192.168.0.104/32 flowid 1:30
tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 50 fw classid
1:50
# end of LAN interface ( download ) script
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Parent rate=ceil Limit not respected
2003-11-09 6:26 [LARTC] Parent rate=ceil Limit not respected Chijioke Kalu
@ 2003-11-10 17:43 ` Stef Coene
2003-11-10 18:46 ` Chijioke Kalu
2003-11-10 18:58 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2003-11-10 17:43 UTC (permalink / raw)
To: lartc
On Sunday 09 November 2003 07:26, Chijioke Kalu wrote:
> Hi Stef, lo all,
>
> Am hoping someone could have the time to look at my simple script, it
> basically tries to restrict users based on their ip, but I also
> incorporated the hints given by Stef on being able to allow local traffic
> unrestricted. no iptable marking (fw filter) is used, just tc.
>
> I see traffic passing thru all the classes when ever those systems are in
> use.
>
> Ave done some stress test on the local traffic by plugging p2p/web crawlers
> on the LAN of one of the systems, each time i notice that the parent ceil
> limit is being broken.
>
> I have met the one major requirement, sum of child classes rate <= parent
> rate. I dont know what else i might be doing wrong, once placed perturb to
> 1, and internally(kernel) am using PSCHED_CPU and a sfq buffer length of 15
> as against 128. (notes on docum.org) to try and increase speed. (Processor
> has TSC flag)
>
> Would be much obliged on any comments/improvements i can make on the
> script.
You attach class 1:2 and 1:3 to the root qdisc. It's better to add 1 class to
the root qdisc and attach all other classes to that class.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Parent rate=ceil Limit not respected
2003-11-09 6:26 [LARTC] Parent rate=ceil Limit not respected Chijioke Kalu
2003-11-10 17:43 ` Stef Coene
@ 2003-11-10 18:46 ` Chijioke Kalu
2003-11-10 18:58 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Chijioke Kalu @ 2003-11-10 18:46 UTC (permalink / raw)
To: lartc
Thanks Stef,
but then, what bandwidth should I place on the first class, 10mbit or
90Kbit?
am re-writing the script to follow what you've just suggested, it will look
like this...
root (1:0)
|
class (1:2)
(10mbit or 90Kbit or nothing ?)
/
\
class (1:3)
class (1:4)
(LAN Traffic) (10Mbit) (90Kbit)
(Internet Traffic)
|
|
------------------------- -----------------------
|
| |
1:10
1:11 - 1:31 1:50
(high prio icmp,ack)
(sys01 ... sys20) (default)
1. Is this what you're asking?
2. Is there any other improvements I can make on the script to make it
efficient?
Thanks
K
_________________________________________________________________
Frustrated with dial-up? Get high-speed for as low as $26.95.
https://broadband.msn.com (Prices may vary by service area.)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Parent rate=ceil Limit not respected
2003-11-09 6:26 [LARTC] Parent rate=ceil Limit not respected Chijioke Kalu
2003-11-10 17:43 ` Stef Coene
2003-11-10 18:46 ` Chijioke Kalu
@ 2003-11-10 18:58 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2003-11-10 18:58 UTC (permalink / raw)
To: lartc
On Monday 10 November 2003 19:46, Chijioke Kalu wrote:
> Thanks Stef,
>
> but then, what bandwidth should I place on the first class, 10mbit or
> 90Kbit?
10 mbit.
> am re-writing the script to follow what you've just suggested, it will look
> like this...
>
> root
> (1:0)
>
> class
> (1:2) (10mbit or 90Kbit or nothing ?)
> /
> \
> class (1:3)
> class (1:4)
> (LAN Traffic) (10Mbit) (90Kbit)
> (Internet Traffic)
>
>
>
>
>
> ------------------------- -----------------------
>
>
> 1:10
> 1:11 - 1:31 1:50
> (high prio
> icmp,ack) (sys01 ... sys20) (default)
>
>
> 1. Is this what you're asking?
Yep.
> 2. Is there any other improvements I can make on the script to make it
> efficient?
I think the script is fine.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-11-10 18:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-11-09 6:26 [LARTC] Parent rate=ceil Limit not respected Chijioke Kalu
2003-11-10 17:43 ` Stef Coene
2003-11-10 18:46 ` Chijioke Kalu
2003-11-10 18:58 ` Stef Coene
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.