Hmm, very interesting setup indeed. I have a few suggestions. Right now, you are making your root qdisc the prio qdisc. Instead of this, you might want to make it a class based qdisc with the ability to control the total upstream bandwidth of your ppp0 connection. I guess you're doing it right now with RED, but RED isn't quite the best solution here. Under the class based qdisc which shapes your bandwidth down to a little under your device's upstream bandwidth (so that queuing occurs in linux and not in your device) is where you can place your prio qdisc. On the prios, you can then place SFQs, or whatever you wish. As a final step, you can limit the traffic coming into your ppp0 device with an ingress filter to decrease latency on that end too. There's no real need to do much else in terms of controlling the ingress end, as it doesn't work the same way as controling your upstream. You don't have much control over what order people send you packets. So, a configuration/script like this might work for you: #Sets up root qdisc and limits all traffic to 100Kbit/s. Make sure to #change this to a little bit under whatever your link can support. tc qdisc del dev ppp0 root tc qdisc add dev ppp0 root handle 1: cbq bandwidth 10Mbit avpkt 1000 tc class add dev ppp0 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate \ 100Kbit allot 1514 weight 10Kbit prio 5 maxburst 0 avpkt 1400 bounded \ isolated #Sets up a prio qdisc with 2 bands, one for normal uploading traffic and #one for prioritized low latency traffic. tc qdisc add dev ppp0 parent 1:1 handle 2: prio bands 2 priomap 1 1 1 1 1 \ 1 1 1 1 1 1 1 1 1 1 1 tc qdisc add dev ppp0 parent 2:1 handle 10: pfifo limit 128 tc qdisc add dev ppp0 parent 2:2 handle 20: sfq perturb 5 quantum 1514b #Filters all priority traffic (in your case, icmp, ssh, and ack pacekts) #to the lower band in the prio qdisc. (also makes traffic go though the #cbq and prio qdiscs as it should) tc filter add dev ppp0 parent 1:0 protocol ip prio 5 u32 match u8 04 0x00 \ at 0 flowid 1:1 tc filter add dev ppp0 parent 1:1 protocol ip prio 5 u32 match u8 04 0x00 \ at 0 flowid 2:0 #ACK Packets: tc filter add dev ppp0 parent 2:0 protocol ip prio 2 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u8 0x34 0xff at 3 \ match u8 0x10 0xff at 33 \ flowid 2:1 #ICMP Packets: tc filter add dev ppp0 parent 2:0 protocol ip prio 2 u32 match ip protocol \ 1 0xff flowid 2:1 #SSH Packets: tc filter add dev ppp0 parent 2:0 protocol ip prio 3 u32 match ip sport 22 \ 0xffff flowid 2:1 tc filter add dev ppp0 parent 2:0 protocol ip prio 3 u32 match ip dport 22 \ 0xffff flowid 2:1 #Now as a final step, add a policing ingress filter. Make sure to set the #bandwidth to just under what your connection will support for downloads. tc qdisc del dev ppp0 ingress handle ffff: tc qdisc add dev ppp0 ingress handle ffff: tc filter add dev ppp0 parent ffff: protocol ip prio 10 u32 match ip src \ 0.0.0.0/0 police rate 500kbit buffer 3000 drop flowid :1 #End ----- I hope this works for you, -Ross Skaliotis On 16 Feb 2002, Mario Giammarco wrote: > Il ven, 2002-02-15 alle 19:27, Martin Devera ha scritto: > > post your conf. hard to say without it .. > > Ok if I can, this is my conf: > > #USCITA DA PPP0 > > > #classe root > echo ppp0 classe root > tc qdisc $1 dev ppp0 root handle 1: prio > > > #sottoclassi > echo sottoclassi > #tc qdisc $1 dev ppp0 parent 1:1 handle 10: sfq > #tc qdisc $1 dev ppp0 parent 1:2 handle 20: tbf rate 20kbit buffer 1600 limit 3000 > #tc qdisc $1 dev ppp0 parent 1:2 handle 20: sfq > #tc qdisc $1 dev ppp0 parent 1:3 handle 30: sfq > > tc qdisc $1 dev ppp0 parent 1:1 handle 10: red min 200 max 400 avpkt 50 \ > burst 10 limit 600 > tc qdisc $1 dev ppp0 parent 1:2 handle 20: red min 300 max 400 avpkt 150 \ > burst 10 limit 700 > tc qdisc $1 dev ppp0 parent 1:3 handle 30: red min 1500 max 8000 avpkt 250 \ > burst 10 limit 20000 > > # filtri > > echo filtro ssh > # ssh > tc filter add dev ppp0 parent 1:0 protocol ip prio 11 u32 \ > match ip tos 0x10 0xff classid 1:2 > > > echo filtro icmp > # icmp > tc filter add dev ppp0 parent 1:0 protocol ip prio 12 u32 \ > match ip protocol 1 0xff classid 1:2 > > > > echo filtro ack > # ack > tc filter add dev ppp0 parent 1: protocol ip prio 10 u32 \ > match ip protocol 6 0xff \ > match u8 0x05 0x0f at 0 \ > match u8 0x34 0xff at 3 \ > match u8 0x10 0xff at 33 \ > classid 1:1 > > > echo filtro resto > # resto > tc filter add dev ppp0 parent 1: protocol ip prio 14 u32 \ > match ip dst 0.0.0.0/0 classid 1:3 > > > echo filtro udp > # udp > > iptables -A OUTPUT -t mangle -p udp -j MARK --set-mark 2 > > tc filter add dev ppp0 parent 1: protocol ip prio 13 handle 2 fw \ > classid 1:2 > > > > > > > #ENTRATA DA ETH0 > > echo eth0 classe root > #classe root > > tc qdisc $1 dev eth0 root handle 1: htb default 13 > > tc class $1 dev eth0 parent 1: classid 1:1 htb rate 51kbit \ > ceil 52kbit burst 3k > > > > echo sottoclassi > #sottoclassi > > tc class $1 dev eth0 parent 1:1 classid 1:10 htb rate 4kbit burst 1k \ > prio 1 ceil 50kbit > > tc class $1 dev eth0 parent 1:1 classid 1:11 htb rate 25kbit burst 3k \ > prio 2 ceil 50kbit > > tc class $1 dev eth0 parent 1:1 classid 1:12 htb rate 7kbit burst 2k \ > prio 3 ceil 50kbit > > tc class $1 dev eth0 parent 1:1 classid 1:13 htb rate 4kbit burst 1k \ > prio 4 ceil 50kbit > > > #tc qdisc $1 dev eth0 parent 1:10 handle 10: sfq > #tc qdisc $1 dev eth0 parent 1:11 handle 20: sfq > #tc qdisc $1 dev eth0 parent 1:12 handle 30: sfq > #tc qdisc $1 dev eth0 parent 1:13 handle 40: sfq > > tc qdisc $1 dev eth0 parent 1:10 handle 10: red min 200 max 400 avpkt 50 \ > burst 10 limit 600 > tc qdisc $1 dev eth0 parent 1:11 handle 20: red min 300 max 1500 avpkt 150 \ > burst 10 limit 700 > tc qdisc $1 dev eth0 parent 1:12 handle 30: red min 1500 max 8000 avpkt 250 \ > burst 20 limit 20000 > tc qdisc $1 dev eth0 parent 1:13 handle 40: red min 1500 max 8000 avpkt 250 \ > burst 10 limit 20000 > > > > # filtri > > echo ssh > # ssh > tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \ > match ip tos 0x10 0xff classid 1:11 > > echo icmp > # icmp > tc filter add dev eth0 parent 1: protocol ip prio 11 u32 \ > match ip protocol 1 0xff classid 1:11 > > > echo ack > # ack > tc filter add dev eth0 parent 1: protocol ip prio 13 u32 \ > match ip protocol 6 0xff \ > match u8 0x05 0x0f at 0 \ > match u8 0x34 0xff at 3 \ > match u8 0x10 0xff at 33 \ > classid 1:10 > > > echo resto > # resto > tc filter add dev eth0 parent 1: protocol ip prio 15 u32 \ > match ip dst 0.0.0.0/0 classid 1:13 > > > echo www > # www > iptables -A PREROUTING -t mangle -p tcp --dport 8080 \ > -j MARK --set-mark 1 > iptables -A PREROUTING -t mangle -p tcp --sport 8080 \ > -j MARK --set-mark 1 > iptables -A PREROUTING -t mangle -p tcp --dport 80 \ > -j MARK --set-mark 1 > iptables -A PREROUTING -t mangle -p tcp --sport 80 \ > -j MARK --set-mark 1 > > tc filter add dev eth0 parent 1: protocol ip prio 14 handle 1 fw \ > classid 1:12 > > > echo udp > # udp > > iptables -A PREROUTING -t mangle -p udp -j MARK --set-mark 2 > > tc filter add dev eth0 parent 1: protocol ip prio 12 handle 2 fw \ > classid 1:11 > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ >
