tbf and prio blocking some flows entirely

["Brian J. Murrell" <brian@xxxxxxxxxxxxxxx>]

I thought I had this all worked out, but it seems not.  The following tc
configuration:

tc qdisc del dev ppp0 root 2> /dev/null > /dev/null
tc qdisc add dev ppp0 root handle 1: tbf rate 120kbit burst 1200 limit 1
tc qdisc add dev ppp0 parent 1:1 handle 2: prio bands 3
tc qdisc add dev ppp0 parent 2:1 handle 10: sfq perturb 20
tc qdisc add dev ppp0 parent 2:2 handle 20: sfq perturb 20
tc qdisc add dev ppp0 parent 2:3 handle 30: sfq perturb 20
# ICMP so we can see PRIO working
tc filter add dev ppp0 parent 2:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 2:1

Is producing the following tc rules:

qdisc tbf 1: rate 120000bit burst 1199b lat 4294.9s
 Sent 2024323 bytes 38831 pkt (dropped 54, overlimits 280 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc prio 2: parent 1:1 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 2024323 bytes 38831 pkt (dropped 0, overlimits 0 requeues 280)
 rate 0bit 0pps backlog 0b 0p requeues 280
qdisc sfq 10: parent 2:1 limit 128p quantum 1452b perturb 20sec
 Sent 123362 bytes 1983 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 20: parent 2:2 limit 128p quantum 1452b perturb 20sec
 Sent 122669 bytes 1007 pkt (dropped 0, overlimits 0 requeues 127)
 rate 0bit 0pps backlog 0b 0p requeues 127
qdisc sfq 30: parent 2:3 limit 128p quantum 1452b perturb 20sec
 Sent 1778292 bytes 35841 pkt (dropped 0, overlimits 0 requeues 153)
 rate 0bit 0pps backlog 0b 0p requeues 153

And I have the following iptables rules:

Chain PREROUTING (policy ACCEPT 1564K packets, 875M bytes)
 pkts bytes target     prot opt in     out     source               destination
1560K  872M tcpre      all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source               destination
1504K  864M CONNMARK   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff
1280K  726M RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK match !0x0/0xff
   86  8988 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           ipp2p v0.7.2 --bit MARK set 0x1
   86  8988 CONNMARK   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK match 0x1/0xff CONNMARK save mask 0xff

Chain POSTROUTING (policy ACCEPT 1533K packets, 866M bytes)
 pkts bytes target     prot opt in     out     source               destination
 599K   29M CLASSIFY   tcp  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x10 length 0:128 CLASSIFY set 2:1
1529K  864M tcpost     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               destination
 212K  111M CLASSIFY   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CLASSIFY set 2:2
 549K   28M CLASSIFY   all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           MARK match 0x1/0xff CLASSIFY set 2:3
 713K  689M CLASSIFY   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x1/0xff CLASSIFY set 2:3
30518 2862K CLASSIFY   all  --  *      *       10.75.22.1           66.1.2.3            CLASSIFY set 2:1
    0     0 CLASSIFY   all  --  *      *       66.1.2.3             66.9.8.7            CLASSIFY set 2:1
    0     0 CLASSIFY   udp  --  *      *       0.0.0.0/0            66.9.8.7            udp dpt:29378 CLASSIFY set 2:1
    0     0 CLASSIFY   udp  --  *      *       10.75.22.1           0.0.0.0/0           udp spt:29378 CLASSIFY set 2:1

But it seems that some outbound flows are being blocked entirely.  I
don't think they are being starved though.  Even if they end up in 2:3,
they should at least be treated fairly.  But I am producing a flow to
66.1.2.3 which does increment the counters in 2:1 but after a few
packets the flow stalls:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0   8240 10.75.22.1:55318            66.1.2.3:922                ESTABLISHED 21028/ssh

And that flow stays stuck with 8240 bytes in the Send-Q.

What have I done wrong?  I am so close to my desired behaviour with the
exception being of course that some flows seem to get stuck.  I should
add that some initial packets in that stuck flow above (port 922) are
processed.  It seems that at some point they just stop getting
processed.  The last packets that went out on that flow were:

11:26:47.691755 IP 66.1.2.3.922 > 66.9.8.7.55318: P 1872:1920(48) ack 2261 win 9968 <nop,nop,timestamp 8735287 43843955>
11:26:47.731489 IP 66.9.8.7.55318 > 66.1.2.3.922: . ack 1920 win 2548 <nop,nop,timestamp 43844116 8735287>
11:26:47.855781 IP 66.1.2.3.922 > 66.9.8.7.55318: P 1920:1968(48) ack 2261 win 9968 <nop,nop,timestamp 8735300 43844116>
11:26:47.856142 IP 66.9.8.7.55318 > 66.1.2.3.922: . ack 1968 win 2548 <nop,nop,timestamp 43844240 8735300>
11:26:47.857866 IP 66.9.8.7.55318 > 66.1.2.3.922: P 2261:2373(112) ack 1968 win 2548 <nop,nop,timestamp 43844242 8735300>
11:26:48.072776 IP 66.1.2.3.922 > 66.9.8.7.55318: P 1968:2016(48) ack 2373 win 9968 <nop,nop,timestamp 8735316 43844242>
11:26:48.321959 IP 66.1.2.3.922 > 66.9.8.7.55318: P 1968:2016(48) ack 2373 win 9968 <nop,nop,timestamp 8735352 43844242>
11:26:48.322384 IP 66.9.8.7.55318 > 66.1.2.3.922: . ack 2016 win 2548 <nop,nop,timestamp 43844707 8735352,nop,nop,sack 1 {1968:2016}>

So maybe for some reason that last ack is not being dequeued?  But
surely it should as classes 2:1 and 2:2 are virtually quiet and class
2:3 while having steady traffic, should at least treat it all fairly,
no?

b.

-- 
My other computer is your Microsoft Windows server.

Brian J. Murrell

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc