Parent rate=ceil Limit not respected

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stef, lo all,

Am hoping someone could have the time to look at my simple script, it basically tries to restrict users based on their ip, but I also incorporated the hints given by Stef on being able to allow local traffic unrestricted. no iptable marking (fw filter) is used, just tc.

I see traffic passing thru all the classes when ever those systems are in use.

Ave done some stress test on the local traffic by plugging p2p/web crawlers on the LAN of one of the systems, each time i notice that the parent ceil limit is being broken.

I have met the one major requirement, sum of child classes rate <= parent rate. I dont know what else i might be doing wrong, once placed perturb to 1, and internally(kernel) am using PSCHED_CPU and a sfq buffer length of 15 as against 128. (notes on docum.org) to try and increase speed. (Processor has TSC flag)

Would be much obliged on any comments/improvements i can make on the script.

Using kernel 2.4.22

TIA

K

_________________________________________________________________
MSN Shopping upgraded for the holidays! Snappier product search... http://shopping.msn.com
#!/bin/bash
#
# rc.qos - GPL ver 0.04 (rate limiting specific ip's on a LAN)
# <kchijioke@xxxxxxx>
#
# TODO:
# 1) make auto-startable
# 2) place command line arguments
# 3) make generic, this gonna be a hardone ;)
# 4) improve QoS, attempt DiffServ again
# 5) incorporate SQUID, include upload traffic control
# 6) auto determine bandwidth per ip
#
# Acknowledgements:
# Much thanks to Stef, Alex, Clouter and Ahu
# Special thanks to reeler@#lartc for pointing out the not so obvious (in my case) ;)
#
# Schematic
# ---------
#
# _________root 1:0_______
# / \
# local (10mbit) Internet (90kbit)
# 1:2 1:3
# (h=handle 5) |
# |
# --------------+-----------------------------------
# / | | | | \
# 1:10 1:11 1:12 1:13 1:... 1:50
# (high priority) (sys 1) (sys 2) (sys 3) (sys ...) (default)
# (h10) (h11) (h12) (h13) (h...) (h50)
#
#set -x
# LAN Interface ( Download )


# delete/create root class
tc qdisc del dev eth1 root 2> /dev/null
tc qdisc add dev eth1 root handle 1: htb default 50 r2q 1

# create local class
tc class add dev eth1 parent 1: classid 1:2 htb rate 10mbit ceil 10mbit

# create internet class #ceil 86
tc class add dev eth1 parent 1: classid 1:3 htb rate 86Kbit ceil 90Kbit

# create high priority class in internet class for ack, icmp packets #ceil 82
tc class add dev eth1 parent 1:3 classid 1:10 htb rate 5Kbit ceil 82Kbit prio 0


# create 20 system classes in internet class, sys01 - sys20 ( 1:11 - 1:30 ) #ceil 82
for LOOP in `seq 11 30`
do
tc class add dev eth1 parent 1:3 classid 1:$[$LOOP] htb \
rate 4Kbit ceil 82Kbit prio 2
done


# default class #ceil 80
tc class add dev eth1 parent 1:3 classid 1:50 htb rate 2Kbit ceil 80Kbit prio 3


# do qdisc attachment # perturb 10
tc qdisc add dev eth1 parent 1:2 handle 5: sfq perturb 10

for LOOP in `seq 10 30`
do
	tc qdisc add dev eth1 parent 1:$[$LOOP] handle $[$LOOP]: sfq \
		perturb 10
done
tc qdisc add dev eth1 parent 1:50 handle 50: sfq perturb 10

# filter rules

# 10mbit local traffic matched
tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip src 192.168.0.0/24 classid 1:2
# any other thing not matched to classid 1:3 ( must be from internet bound )
# 90Kbit Internet traffic match
tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip tos 0 0 classid 1:3


# High priority class 1:10 filter
tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 10 fw classid 1:10


# (1:10 is high priority class in internet class)
# TOS minimum delay in 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
	match ip tos 0x10 0xff flowid 1:10

# UDP Traffic in 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
	match ip protocol 17 0xff \
	match ip dport 53 0xffff flowid 1:10

# ICMP (ip protocol 1) Set class to 1:10 to impress friends
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
	match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the 1:10 class
# ACKs on packets < 64 bytes
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
	match ip protocol 6 0xff \
	match u8 0x05 0x0f at 0 \
	match u16 0x0000 0xffc0 at 2 \
	match u8 0x10 0xff at 33 \
	flowid 1:10

tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \
	match ip protocol 6 0xff \
	match u8 0x05 0x0f at 0 \
	match u16 0x0000 0xffc0 at 2 \
	flowid 1:10


# remaining filters for sys01 - sys20
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.106/32 flowid 1:11
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.107/32 flowid 1:12
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.108/32 flowid 1:13
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.109/32 flowid 1:14
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.110/32 flowid 1:15
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.111/32 flowid 1:16
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.112/32 flowid 1:17
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.113/32 flowid 1:18
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.114/32 flowid 1:19
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.121/32 flowid 1:20
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.122/32 flowid 1:21
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.123/32 flowid 1:22
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.124/32 flowid 1:23
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.125/32 flowid 1:24
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.126/32 flowid 1:25
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.127/32 flowid 1:26
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.128/32 flowid 1:27
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.130/32 flowid 1:28
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.129/32 flowid 1:29
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.104/32 flowid 1:30
tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 50 fw classid 1:50


# end of LAN interface ( download ) script


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux