On 12/27/05, Ratel <ratel@xxxxxxx> wrote:
I believe you did this portion correctly. ceil is the hard limit, the rate is the guarentee. Class will use up to its rate, then after that it will borrow up to its ceil. What confused him was that you said you didn't want p2p to borrow from the other classes. If its to go above 100kbit, it has to borrow. However it should never borrow guarenteed rate bandwidth they are using.
And in that example, rate and ceil are set to the same value, which means it will use up to its rate and never try to borrow more. You seem to want it to be able to borrow, but not up to the full connection, only up to ~75%. Also, that email is partially incorrect. Nothing done in that email will prevent lending from the 1:40 to the 1:2 class and subclasses. However, I don't think this is a problem for you. If no p2p, then what is wrong with lending the 100kbit.
Oops :) yeah I meant CONNMARK. It sounds like your htb classes are setup perfectly fine, you should really check the tc statistics and see how things are actually being classified. I'm using CONNMARK like this to mark p2p:
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --bit --edk --kazaa --gnu --dc -j MARK --set-mark ${MARKP2P}
iptables -t mangle -A PREROUTING -p tcp --dport 3010 -j MARK --set-mark ${MARKP2P}
iptables -t mangle -A PREROUTING -p tcp -m mark --mark ${MARKP2P} -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
Personally, I don't have much experience with IMQ and have only been shaping upload, but I've done something similar and it works fine. I cap P2P to only 95% of the upload (used to be 85%) and give it a guarenteed rate of only 4kbit. It will use its full 95%, but as soon as I use something else, i'll use 100% of the line and as much as possible for the non P2P traffic.
http://webpages.charter.net/falconx/eth1-50-tc-cumulative.png
This image shows how this ends up working in reality for me, orange is P2P, blue is default, and red is priority.
Jody Shumaker wrote:
> Andreas Klauer wrote:
>
>Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil,
>but you say you don't want it to borrow bandwidth from other classes.
>However, to go over the 100kbit rate, it _has_ to borrow.
>
Oh yes, my mistake - I've confused ceil with rate. Anyway, the thing I
wanted to achieve was to allow
p2p class to use even 5600kbit of my bandwidth, but without guarantees
like rate. So guarantee a minimum bandwidth to a class - about 100kbit,
but allow it to reach 5600kbit or more e.g. when there's no other trafic
present. (Now I know I did it wrong)
I believe you did this portion correctly. ceil is the hard limit, the rate is the guarentee. Class will use up to its rate, then after that it will borrow up to its ceil. What confused him was that you said you didn't want p2p to borrow from the other classes. If its to go above 100kbit, it has to borrow. However it should never borrow guarenteed rate bandwidth they are using.
>So, if you don't want it to borrow like you said, the solution would
>be to set the ceil of the P2P class to 100kbit as well. The other
>classes will still be able to borrow from it if the P2P class is not
>using it's bandwidth.
>
>
Are you sure? In my previous post I was refering to this example
http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html
which says this class won't be able to exchange any bandwidth at all.
And in that example, rate and ceil are set to the same value, which means it will use up to its rate and never try to borrow more. You seem to want it to be able to borrow, but not up to the full connection, only up to ~75%. Also, that email is partially incorrect. Nothing done in that email will prevent lending from the 1:40 to the 1:2 class and subclasses. However, I don't think this is a problem for you. If no p2p, then what is wrong with lending the 100kbit.
> Jody Shumaker wrote:
> What are you basing this on? the P2P app or tc -s class show dev ---- ?
I simply block p2p traffic for some time and see that bandwidth usage
(according to iptraf) falls down to ~20% of total link's "capacity" +
classes that are supposed to send p2p traffic send nothing. (I also get
feedback that indeed p2p apps aren't working) After allowing p2p
through, bandwidth usage jumps to ~100% of the total available bandwidth.
> Are you using thee CONNTRACK module? It's simple to block P2P without
> CONNTRACK but if you want to shape it, you need it. Otherwise you'll
> only be marking the first packets for p2p connections, and not the rest.
I am aware of that, but didn't you mean CONNMARK target (module)?
W
Oops :) yeah I meant CONNMARK. It sounds like your htb classes are setup perfectly fine, you should really check the tc statistics and see how things are actually being classified. I'm using CONNMARK like this to mark p2p:
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --bit --edk --kazaa --gnu --dc -j MARK --set-mark ${MARKP2P}
iptables -t mangle -A PREROUTING -p tcp --dport 3010 -j MARK --set-mark ${MARKP2P}
iptables -t mangle -A PREROUTING -p tcp -m mark --mark ${MARKP2P} -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
Personally, I don't have much experience with IMQ and have only been shaping upload, but I've done something similar and it works fine. I cap P2P to only 95% of the upload (used to be 85%) and give it a guarenteed rate of only 4kbit. It will use its full 95%, but as soon as I use something else, i'll use 100% of the line and as much as possible for the non P2P traffic.
http://webpages.charter.net/falconx/eth1-50-tc-cumulative.png
This image shows how this ends up working in reality for me, orange is P2P, blue is default, and red is priority.
I'm not sure on the exact command to use for an imq, but possibly something like `tc -s class show dev imq0`? However from what I know right now, it seems like you've setup things very similar to how I have for upload which I know works.
- Jody
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
