Hi I'm looking for a quick recipe for a newbie to control http traffic in my linux gw. My internet is overloaded already and vpn external clients are experiencing troubles (disconnecting in peak hours). Any suggestions ? Regards Guillermo Caracas/Venezuela On Thu, 2004-05-06 at 14:40, lartc-request@xxxxxxxxxxxxxxx wrote: > Send LARTC mailing list submissions to > lartc@xxxxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.ds9a.nl/mailman/listinfo/lartc > or, via email, send a message with subject or body 'help' to > lartc-request@xxxxxxxxxxxxxxx > > You can reach the person managing the list at > lartc-admin@xxxxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of LARTC digest..." > > > Today's Topics: > > 1. Re: [Fwd: Re: Simple HTB setup with tcng] (lartc@xxxxxxxxxxxxxxxxxxx) > 2. tcng ingress policing question (Simon Oosthoek) > 3. imap problems (Lars Oeschey) > 4. Re: imap problems (Jason Boxman) > 5. Fax Message Received (Devik) > > --__--__-- > > Message: 1 > Subject: Re: [Fwd: Re: Simple HTB setup with tcng] > From: "lartc@xxxxxxxxxxxxxxxxxxx" <lartc@xxxxxxxxxxxxxxxxxxx> > To: Clement MOREAU <clement.moreau@xxxxxxxxxxx> > Cc: LARTC Mailing List <lartc@xxxxxxxxxxxxxxx> > Date: Wed, 05 May 2004 18:27:40 +0200 > > hi clemment, > > On Wed, 2004-05-05 at 13:54, Clement MOREAU wrote: > > Thank you for your help. > > > > It generates this script : > > > > > > > > tc qdisc add dev eth0 handle 1:0 root htb default 2 > -----------------------------------^^^^-^^^ > > > tc class add dev eth0 parent 1:0 classid 1:1 htb rate 75000bps ceil \ > > 75000bps > > tc class add dev eth0 parent 1:0 classid 1:2 htb rate 125000bps > > tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u32 \ > > 0xa000001 0xffffffff at 12 classid 1:1 > > > > > > But I thought it was necessary to have a "root" htb class on the top of > > the hierarchy to get it working as expected. Is that true ? > yes and it does -- all packets matching the u32 filter (in this case 10.0.0.1) will go to the 1:1 class and be limited to the 75 kilobytes per second. > > cheers > > charles > > > --__--__-- > > Message: 2 > Date: Thu, 06 May 2004 16:16:04 +0200 > From: Simon Oosthoek <simon.oosthoek@xxxxxxxxx> > Organization: WMC > To: lartc@xxxxxxxxxxxxxxx > Subject: tcng ingress policing question > > Hi all > > I started playing with tcng to generate my tc rules, but I have some > difficulty implementing my rules... > > The script below generates an error: > # Device eth0 > > tc qdisc add dev eth0 ingress > beginner.tc:2: don't know how to build meter for this > > > The script is below, I changed the real IP numbers for XXs and YYs, > since it doesn't really matter what they are. eth0 is the external interface > > The intention is to limit the rate in most cases to 1 Mbit/s, the linux > distr. mirror's may cause a bit more and within the ISP we're not > charged with higher rates than we agreed on. > > Anyone know why tcc can't do this, or is it something I should be doing > in the egress part? > (I'd prefer not to, since I have more than 2 interfaces...) > > TIA > > Simon > > PS, the other interfaces don't have any queues, since this would be > handled by the ingress policing in this way. > ============================== > script: > ============================== > > dev eth0 { > ingress { > $police_isp = SLB( cbs 100kB, cir 50000 kbps ); > $police_mirror = SLB( cbs 20kB, cir 2000 kbps ); > $police_other = SLB( cbs 10kB, cir 1000 kbps ); > > class(<>) if (ip_src == XXX.XXX.XXX.XXX || /* external host */ > ip_src == YYY.YYY.YYY.YYY ) && /* backup traffic */ > SLB_ok($police_isp); > class(<>) if ( ip_src == host("host.mirror.one") || > ip_src == host("host.mirror.two") ) && > SLB_ok($police_mirror); > class(<>) if SLB_ok($police_other); > } > > egress { > class(<$isp>) if ip_src == XXX.XXX.XXX.XXX /* external host */ > if ip_src == YYY.YYY.YYY.YYY; /* backup traffic */ > class(<$other>) if 1; > > htb () { > class ( rate 100000 kbps ) { > > $isp = class ( prio 2, rate 50000 kbps ) > { sfq ( perturb 5 sec ); }; > > $other = class ( prio 1, rate 1000 kbps ) > { sfq ( perturb 10 sec ); }; > > } > } > } > } > > dev eth3 { > ingress { > $policer = SLB( cbs 10kB, cir 500 kbps ); > class ( <> ) if SLB_ok( $policer ); > drop if 1; > } > egress { > } > } > > > --__--__-- > > Message: 3 > From: "Lars Oeschey" <oeschey@xxxxxx> > To: <lartc@xxxxxxxxxxxxxxx> > Date: Thu, 6 May 2004 17:15:24 +0200 > Subject: imap problems > > Hi, > > I'm really new to traffic shaping and try to implement the wshaper.htb > script. > I have a linux box that serves as vdr, mldonkey, samba, apache and > mailserver (imap), connected to my LAN with 100mbit. I'm connected to > the inet via adsl with a hardware router/firewall, got 384k downlink 64k > uplink. When I have mldonkey running, imap (via Outlook) gets *very* > slow (mails with attachments take 5-10mins to show), and even ssh to the > linux-box gets sluggish. I tried to put imap into the wshaper script, > did I do something wrong? > > Here's the script: > > ----------------snip------------------------- > > #!/bin/bash > # Wonder Shaper > # please read the README before filling out these values > # > # Set the following values to somewhat less than your actual download > # and uplink speed. In kilobits. Also set the device that is to be > shaped. > > DOWNLINK=300 > UPLINK=50 > DEV=eth0 > > # low priority OUTGOING traffic - you can leave this blank if you want > # low priority source netmasks > NOPRIOHOSTSRC= > > # low priority destination netmasks > NOPRIOHOSTDST= > > # low priority source ports > NOPRIOPORTSRC="4661 4662 4665 4881 4882" > > # low priority destination ports > NOPRIOPORTDST="4661 4662 4665 4881 4882" > > > # Now remove the following two lines :-) > > #echo Please read the documentation in 'README' first > #exit > > if [ "$1" = "status" ] > then > tc -s qdisc ls dev $DEV > tc -s class ls dev $DEV > exit > fi > > > # clean existing down- and uplink qdiscs, hide errors > tc qdisc del dev $DEV root 2> /dev/null > /dev/null > tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null > > if [ "$1" = "stop" ] > then > exit > fi > > > ###### uplink > > # install root HTB, point default traffic to 1:20: > > tc qdisc add dev $DEV root handle 1: htb default 20 > > # shape everything at $UPLINK speed - this prevents huge queues in your > # DSL modem which destroy latency: > > tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst > 6k > > # high prio class 1:10: > > tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \ > burst 6k prio 1 > > # bulk & default class 1:20 - gets slightly less traffic, > # and a lower priority: > > tc class add dev $DEV parent 1:1 classid 1:20 htb rate > $[9*$UPLINK/10]kbit \ > burst 6k prio 2 > > tc class add dev $DEV parent 1:1 classid 1:30 htb rate > $[8*$UPLINK/10]kbit \ > burst 6k prio 2 > > # all get Stochastic Fairness: > tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 > tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 > tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10 > > # TOS Minimum Delay (ssh, NOT scp) in 1:10: > > tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ > match ip tos 0x10 0xff flowid 1:10 > > # ICMP (ip protocol 1) in the interactive class 1:10 so we > # can do measurements & impress our friends: > tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ > match ip protocol 1 0xff flowid 1:10 > > # To speed up downloads while an upload is going on, put ACK packets in > # the interactive class: > > tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \ > match ip protocol 6 0xff \ > match u8 0x05 0x0f at 0 \ > match u16 0x0000 0xffc0 at 2 \ > match u8 0x10 0xff at 33 \ > flowid 1:10 > > # Neues von Lars > > tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \ > match ip dport 143 0xffff flowid 1:10 > > tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \ > match ip sport 143 0xffff flowid 1:10 > > tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \ > match ip dport 3128 0xffff flowid 1:10 > > tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \ > match ip sport 3128 0xffff flowid 1:10 > > tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \ > match ip dport 80 0xffff flowid 1:10 > > tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \ > match ip sport 80 0xffff flowid 1:10 > > # rest is 'non-interactive' ie 'bulk' and ends up in 1:20 > > # some traffic however suffers a worse fate > for a in $NOPRIOPORTDST > do > tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \ > match ip dport $a 0xffff flowid 1:30 > done > > for a in $NOPRIOPORTSRC > do > tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \ > match ip sport $a 0xffff flowid 1:30 > done > > for a in $NOPRIOHOSTSRC > do > tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \ > match ip src $a flowid 1:30 > done > > for a in $NOPRIOHOSTDST > do > tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \ > match ip dst $a flowid 1:30 > done > > # rest is 'non-interactive' ie 'bulk' and ends up in 1:20 > > tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \ > match ip dst 0.0.0.0/0 flowid 1:20 > > > ########## downlink ############# > # slow downloads down to somewhat less than the real speed to prevent > # queuing at our ISP. Tune to see how high you can set it. > # ISPs tend to have *huge* queues to make sure big downloads are fast > # > # attach ingress policer: > > tc qdisc add dev $DEV handle ffff: ingress > > # filter *everything* to it (0.0.0.0/0), drop everything that's > # coming in too fast: > > tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src > \ > 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 > ---------------------------snip----------------------------------------- > ---- > > -- > visit The C.O.R.E. http://www.the-core.net > > > --__--__-- > > Message: 4 > From: Jason Boxman <jasonb@xxxxxxxxxx> > Reply-To: jasonb@xxxxxxxxxx > Organization: The Vortex > To: lartc@xxxxxxxxxxxxxxx > Subject: Re: imap problems > Date: Thu, 6 May 2004 12:27:20 -0400 > > On Thursday 06 May 2004 11:15, Lars Oeschey wrote: > > Hi, > > > > I'm really new to traffic shaping and try to implement the wshaper.htb > > script. > > I have a linux box that serves as vdr, mldonkey, samba, apache and > > mailserver (imap), connected to my LAN with 100mbit. I'm connected to > > the inet via adsl with a hardware router/firewall, got 384k downlink 64k > > uplink. When I have mldonkey running, imap (via Outlook) gets *very* > > slow (mails with attachments take 5-10mins to show), and even ssh to the > > linux-box gets sluggish. I tried to put imap into the wshaper script, > > did I do something wrong? > > Something I've found with mldonkey, if you're running with Overnet enabled, is > it likes to use tons of ports, so simply specifying 4662 for the Edonkey > network itself won't catch any of your Overnet traffic. I'm looking into > using IPP2P to resolve this. > > <snip> _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
