From: "mjoachimiak" <mjoachimiak@poczta.onet.pl>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Packet loss with htb+sfq+l7filter
Date: Mon, 15 Nov 2004 22:29:04 +0000 [thread overview]
Message-ID: <005301c4cb62$83fce8c0$0802a8c0@komp> (raw)
In-Reply-To: <1100530341.2796.19.camel@laserite>
Ypu said ypu've got 4Mbit. As far as I'm concerned 4Mbit= 1024*4@96
So link capacity should be 4000kbit (rate and ceil of base class)
Am I wrong?
----- Original Message -----
From: "Eduardo Fernández" <eduardo@cmusanjuan.com>
To: <lartc@mailman.ds9a.nl>
Sent: Monday, November 15, 2004 3:52 PM
Subject: [LARTC] Packet loss with htb+sfq+l7filter
> Hi all!
>
> I'm trying to shape traffic in a dorm's network (4 mbit symmetrical
> internet link, about 200 computers, heavy p2p usage). The router is a
> p4xeon running linux 2.6.9 with the qnet patches
> (http://kem.p.lodz.pl/~peter/qnet/). When I activate ip_forward I get
> >20% packet loss and a lot of duplicates. Any ideas? I attach my shaping
> script.
>
> Thank you very much in advance,
>
> Eduardo
>
> router:~# cat htb.new
> #!/bin/sh
> IFOUT=eth0
> IFIN=eth2
>
> # cleaning
> tc qdisc del dev $IFOUT root &>/dev/null
> tc qdisc del dev $IFOUT ingress &>/dev/null
>
> # link's capacity
> CEILP0
>
> # 1:10 interactive traffic with the highest prio (dns, ssh...)
> # 1:20 interactive traffic with lower prio (radios, vcn, x11...)
> # 1:30 bulk (http, ftp, cvs...)
> # 1:40 the rest (p2p mostly)
> tc qdisc add dev $IFOUT root handle 1: htb default 40
> tc class add dev $IFOUT parent 1: classid 1:1 htb rate ${CEIL}kbps ceil
> ${CEIL}kbps
> tc class add dev $IFOUT parent 1:1 classid 1:10 htb rate 80kbps ceil
> 80kbps prio 0
> tc class add dev $IFOUT parent 1:1 classid 1:20 htb rate 10kbps ceil
> 100kbps prio 1
> tc class add dev $IFOUT parent 1:1 classid 1:30 htb rate 400kbps ceil
> ${CEIL}kbps prio 2
> tc class add dev $IFOUT parent 1:1 classid 1:40 htb rate 10kbps ceil
> ${CEIL}kbps prio 3
>
> tc qdisc add dev $IFOUT parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev $IFOUT parent 1:20 handle 20: sfq perturb 10
> tc qdisc add dev $IFOUT parent 1:30 handle 30: sfq perturb 10
> tc qdisc add dev $IFOUT parent 1:40 handle 40: sfq perturb 10
>
> tc filter add dev $IFOUT parent 1:0 protocol ip prio 1 handle 1 fw
> classid 1:10
> tc filter add dev $IFOUT parent 1:0 protocol ip prio 2 handle 2 fw
> classid 1:20
> tc filter add dev $IFOUT parent 1:0 protocol ip prio 3 handle 3 fw
> classid 1:30
> tc filter add dev $IFOUT parent 1:0 protocol ip prio 4 handle 4 fw
> classid 1:40
>
> NF="/usr/local/sbin/iptables -t mangle -A PREROUTING "
> NFl7="/usr/local/sbin/iptables -t mangle -A POSTROUTING -m layer7 "
>
> /usr/local/sbin/iptables -F -t mangle
>
> # by tos
> $NF -p icmp -j MARK --set-mark 0x1
> $NF -p icmp -j RETURN
> $NF -m tos --tos 0x8 -j MARK --set-mark 0x3 #scp
> $NF -m tos --tos 0x8 -j RETURN
> $NF -m tos --tos Minimize-Cost -j MARK --set-mark 0x1
> $NF -m tos --tos Minimize-Cost -j RETURN
> $NF -m tos --tos Maximize-Throughput -j MARK --set-mark 0x4
> $NF -m tos --tos Maximize-Throughput -j RETURN
> $NF -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
> $NF -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
>
> # by layer 7
> $NFl7 --l7proto http -j MARK --set-mark 0x3
> $NFl7 --l7proto http -j RETURN
> $NFl7 --l7proto ftp -j MARK --set-mark 0x3
> $NFl7 --l7proto ftp -j RETURN
> $NFl7 --l7proto skype -j MARK --set-mark 0x2
> $NFl7 --l7proto skype -j RETURN
> $NFl7 --l7proto msnmessenger -j MARK --set-mark 0x1
> $NFl7 --l7proto msnmessenger -j RETURN
> $NFl7 --l7proto msn-filetransfer -j MARK --set-mark 0x3
> $NFl7 --l7proto msn-filetransfer -j RETURN
> $NFl7 --l7proto jabber -j MARK --set-mark 0x1
> $NFl7 --l7proto jabber -j RETURN
> $NFl7 --l7proto smtp -j MARK --set-mark 0x3
> $NFl7 --l7proto smtp -j RETURN
> $NFl7 --l7proto pop3 -j MARK --set-mark 0x3
> $NFl7 --l7proto pop3 -j RETURN
> $NFl7 --l7proto ssh -j MARK --set-mark 0x2
> $NFl7 --l7proto ssh -j RETURN
> $NFl7 --l7proto dns -j MARK --set-mark 0x1
> $NFl7 --l7proto dns -j RETURN
> $NFl7 --l7proto telnet -j MARK --set-mark 0x2
> $NFl7 --l7proto telnet -j RETURN
> $NFl7 --l7proto cvs -j MARK --set-mark 0x3
> $NFl7 --l7proto cvs -j RETURN
> $NFl7 --l7proto irc -j MARK --set-mark 0x1
> $NFl7 --l7proto irc -j RETURN
> $NFl7 --l7proto yahoo -j MARK --set-mark 0x1
> $NFl7 --l7proto yahoo -j RETURN
> $NFl7 --l7proto counterstrike -j MARK --set-mark 0x1
> $NFl7 --l7proto counterstrike -j RETURN
> $NFl7 --l7proto rstp -j MARK --set-mark 0x2
> $NFl7 --l7proto rstp -j RETURN
> $NFl7 --l7proto live365 -j MARK --set-mark 0x2
> $NFl7 --l7proto live365 -j RETURN
> $NFl7 --l7proto h323 -j MARK --set-mark 0x2
> $NFl7 --l7proto h323 -j RETURN
> $NFl7 --l7proto quake-halflife -j MARK --set-mark 0x1
> $NFl7 --l7proto quake-halflife -j RETURN
> $NFl7 --l7proto rdp -j MARK --set-mark 0x2
> $NFl7 --l7proto rdp -j RETURN
> $NFl7 --l7proto rlogin -j MARK --set-mark 0x2
> $NFl7 --l7proto rlogin -j RETURN
> $NFl7 --l7proto shoutcast -j MARK --set-mark 0x2
> $NFl7 --l7proto shoutcast -j RETURN
> $NFl7 --l7proto validcertssl -j MARK --set-mark 0x3
> $NFl7 --l7proto validcertssl -j RETURN
> $NFl7 --l7proto vnc -j MARK --set-mark 0x2
> $NFl7 --l7proto vnc -j RETURN
> $NFl7 --l7proto x11 -j MARK --set-mark 0x2
> $NFl7 --l7proto x11 -j RETURN
> # end
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2004-11-15 22:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-15 14:52 [LARTC] Packet loss with htb+sfq+l7filter Eduardo Fernández
2004-11-15 22:29 ` mjoachimiak [this message]
2004-11-15 22:30 ` Eduardo Fernández
2004-11-15 22:37 ` Eicke Friedrich
2004-11-15 23:03 ` Eduardo Fernández
2004-11-16 15:41 ` Andy Furniss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='005301c4cb62$83fce8c0$0802a8c0@komp' \
--to=mjoachimiak@poczta.onet.pl \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox