HTB and Openvpn

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

I have just started with traffic shaping, and after hours of reading 
websites, man pages asf. I am still stumped at one problem I have. 

The interface eth0 is attached to the outside world, and I have an openvpn 
tunnel to another part of the organization using eth0 and port 5001.

The idea was that all traffic going through the tunnel would have top 
priority and the rest share what's left. Sounded simple enough. 

Here's what I did: 

tc qdisc add dev eth0 root handle 1: htb default 30
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 700kbit ceil 1mbit 
	burst 15k prio 0
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 1kbit ceil 28800 
	burst 15k
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 1mbit 
	burst 15k prio 1
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
U32="tc filter add dev eth0 protocol ip parent 1:0 prio 0 u32"
$U32  match ip dport 5001 0xffff match ip protocol 17 0xff flowid 1:10
$U32  match ip sport 5001 0xffff match ip protocol 17 0xff flowid 1:10
$U32  match ip dport 5001 0xffff match ip protocol 6 0xff flowid 1:10
$U32  match ip sport 5001 0xffff match ip protocol 6 0xff flowid 1:10

As openvpn uses UDP on port 5001 I tried to use the protocol filter with 
the port filter. 

What happens though is that still about two thirds of the traffic goes 
through 1:30 (default), even though a tcpdump -i eth0 only shows UDP 
traffic on port 5001.

Thus I loose 2/3rds of the traffic to the default qdisc and have no 
guaranteed bandwidth. 

1:20 is only for testing purposes and nothing goes over that one.  

Any idea where I could be wrong? I am sure a lot of this is redundant, but 
as I said, I have only just started with this particular subject. 

Many thanks in advance

Peter Huetmannsberger
Admin Center for Contemporary Art, Linz

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux