Diego Andrés Asenjo Gonzalez wrote:
Hi everybody!
I'm using an edge bridge box with two ethernet cards to shape traffic in
a WAN link. I'm running Debian 3.1 stable with kernel 2.6.8 and iproute
from packages. I recompiled the kernel with the following built-in options:
[*] 802.1d Ethernet Bridging
[*] QoS and/or fair queueing
<*> HTB packet scheduler
<*> SFQ queue
[*] QoS support
<*> Firewall based classifier
<*> U32 classifier
As I select everything I don't know if this is enough - also I think you
need to select classify in netfilter the section.
I can mark packages with iptables, but I _can't_ make the packages get
queued in an specific class. Please, take a look on this sample script
that guarantees 64kbit (rate), 72kbit (ceil)
It's nicer with htb to give interactive more bandwidth and higher prio
than bulk. Also remember when setting rates that htb will see ip packets
as ip length + 14 when used on ethX
to the packets coming from
the host 172.16.0.185 to the 172.16.1.0/24 network with 10000-10100
destination ports:
# Flush tc qdiscs:
/sbin/tc qdisc del dev eth0 root >/dev/null 2>&1
/sbin/tc qdisc del dev eth1 root >/dev/null 2>&1
# Create root qdiscs:
/sbin/tc qdisc add dev eth0 root handle 1: htb default 1000
/sbin/tc qdisc add dev eth1 root handle 2: htb default 1000
# Create root class (1:1 2:1) :
/sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 3456kbit ceil
3456kbit burst 0 prio 1
/sbin/tc class add dev eth1 parent 2: classid 2:1 htb rate 3584kbit ceil
3584kbit burst 0 prio 1
# Create default class (1:1000 2:1000) :
/sbin/tc class add dev eth0 parent 1:1 classid 1:1000 htb rate 3350kbit
ceil 3500kbit burst 0 prio 5
/sbin/tc class add dev eth1 parent 2:1 classid 2:1000 htb rate 3350kbit
ceil 3500kbit burst 0 prio 5
# Create classes (1:44 2:44) :
/sbin/tc class add dev eth0 parent 1:1 classid 1:44 htb rate 64kbit ceil
72kbit burst 8kbit prio 1 quantum 1536
/sbin/tc class add dev eth1 parent 2:1 classid 2:44 htb rate 64kbit ceil
72kbit burst 8kbit prio 1 quantum 1536
# Flushing iptables rules:
/sbin/iptables -F -t mangle
# iptables classify
/sbin/iptables -A POSTROUTING -t mangle -p udp -s 172.16.0.185/32
--sport 10000:10100 -d 172.16.1.0/24 -j CLASSIFY --set-class 2:44
Now the statistics:
bridge:~# iptables -L -t mangle -v
34302 2415K CLASSIFY udp -- any any 172.16.0.185
172.16.1.0/24 udp spts:10000:10100 CLASSIFY set 2:44
bridge:~# tc -s cl sh dev eth1
class htb 2:44 parent 2:1 prio 1 rate 64000bit ceil 72000bit burst 1023b
cburst 1608b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 131070 ctokens: 183067
class htb 2:1 root rate 3584Kbit ceil 3584Kbit burst 2Kb cburst 2Kb
Sent 4686617538 bytes 6922322 pkts (dropped 0, overlimits 0)
rate 1936bit 2pps
lended: 3691 borrowed: 0 giants: 0
tokens: 4461 ctokens: 4461
class htb 2:1000 parent 2:1 prio 5 rate 3350Kbit ceil 3500Kbit burst
2017b cburst 2Kb
Sent 4686617538 bytes 6922322 pkts (dropped 0, overlimits 0)
rate 1936bit 2pps
lended: 6918631 borrowed: 3691 giants: 0
tokens: 4700 ctokens: 4543
As you can see, the packets are mraked by iptables but get queued
through the default class.
You need an -o eth1 in the iptables rule for a proper count.
I'm getting frustated and I will appreciate
all suggestions and comments.
I'm using now -j CLASSIFY but I have used -j MARK and u32 tc filters
with the same results.
I am not sure what else is wrong I don't use classify, maybe check that
there isn't any decimal/hex mismatch ie. try 0x44.
Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
