From: Andy Furniss <adf.lists@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: How to classify a port range?
Date: Sat, 17 Dec 2016 22:43:38 +0000 [thread overview]
Message-ID: <5855BF9A.9020504@gmail.com> (raw)
In-Reply-To: <2cc58282-00cf-0fb5-9583-3ebc86f7eedd@itlabs.bg>
Yassen Damyanov wrote:
> Hi again LARTC list,
>
> Andy helped recently to spot a bug in an ematch filter definition that
> classifies a range of ports (thanks again!)
>
> Now I again have a problem with that same classifier, this time on an
> ifb device which is "connected" to an eth device to allow for richer
> ingress control:
>
> # ip link set dev ifb0 up
> # tc qdisc add dev eth0 handle ffff: ingress
> # tc filter add dev eth0 parent ffff: protocol ip u32 match u32 0 0
> action mirred egress redirect dev ifb0
>
> # tc qdisc add dev ifb0 root handle 1:0 htb
> # tc class add dev ifb0 parent 1:0 classid 1:1 htb rate 30gbit
> # tc filter add dev ifb0 parent 1:0 protocol ip prio 1 u32 match ip
> protocol 6 0xff flowid 1:1
> # tc qdisc add dev ifb0 parent 1:1 handle 2:0 htb
> # tc class add dev ifb0 parent 2:0 classid 2:1 htb rate 2mbit
> # tc filter add dev ifb0 parent 2:0 protocol ip prio 1 basic match
> "cmp(u16 at 2 layer transport gt 8079) and cmp(u16 at 2 layer transport
> lt 8089)" flowid 2:1
>
> When doing measurements, the speed within the shaped range is way below
> what would be if no shaping is done, but substantially higher than the
> htb rate specified (2mbit). It also differs significantly from test to
> test.
>
> If I just put a u32 filter like this:
>
> # tc filter add dev ifb0 parent 2:0 protocol ip prio 1 u32 match ip
> dport 8080 0xffff flowid 2:1
>
> -- this works as expected.
>
> I see this in the ematch man page and I guess it might be related, but I
> am not sure how:
>
> """
> When using the ipset ematch with the "ifb" device, the outgoing device
> will be the ifb device itself, e.g. "ifb0". The original interface
> (i.e. the device the packet arrived on) is treated as the incoming
> interface.
> """
>
> Does anyone see what am I missing and how to get that ematch working on
> the ifb? Thanks!
Seems to work for me with a quick test on lan.
Random thoughts -
Putting htb qdisc under htb is allowed, but not normal and
gets in dmesg "htb: htb qdisc 2: is non-work-conserving?"
30 gig is really high and I see htb sets burst and cburst to 0.
Your qlens will be picked up from ifb, default 32 which may be too
low for the high bandwidth/htb direct traffic.
Nics may be doing hardware/driver software offloads, causing
giant packets to hit the qdisc - you can disable with ethtool.
prev parent reply other threads:[~2016-12-17 22:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-23 10:56 How to classify a port range? Yassen Damyanov
2016-11-24 23:29 ` Andy Furniss
2016-11-25 14:52 ` Yassen Damyanov
2016-11-25 17:19 ` Andy Furniss
2016-11-25 18:34 ` Yassen Damyanov
2016-12-17 16:12 ` Yassen Damyanov
2016-12-17 22:43 ` Andy Furniss [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5855BF9A.9020504@gmail.com \
--to=adf.lists@gmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox