Bridge HFSC QOS questions ...

[Sébastien CRAMATTE <s.cramatte@xxxxxxxxxx>]

Hello,

I've got somes questions about  Bridge and QOS ...
I've got a serveur with 2 interfaces eth0,eth1 inside br0 bridge ...
nothing of special ...

If I understand all, normally I should configure  TC  class and qdisc on
each physical or use ebtables  to manage packets on output ... right ?
I've attached my qos_script that hsfc and layer7 module. I use only
Iptables in this script... might be should I use ebtables too ?

Does anyone can take a look to this script and tell me If I've done any
errors because seems that not works  :(
Thanks for the help

Sébastien

SPEED=30
DEV=eth0

CL1="-j CLASSIFY --set-class 1:10"
CL2="-j CLASSIFY --set-class 1:11"
CL3="-j CLASSIFY --set-class 1:12"
CL4="-j CLASSIFY --set-class 1:13"
CL5="-j CLASSIFY --set-class 1:14"
RET="-j RETURN"

echo -n "+ Create root queue discipline for ${DEV} cpe interface "
tc qdisc add dev ${DEV} root handle 1: hfsc default 13
echo "[done]"

iptables -t mangle -A POSTROUTING -j LOG

iptables -t mangle -N SHAPPER
iptables -t mangle -A POSTROUTING -j SHAPPER

# add main rate limit class
echo -n "  + Create class for CPE SHAPPING "
tc class add dev ${DEV} parent 1: classid 1:1 hfsc sc rate ${SPEED}mbit ul rate ${SPEED}mbit
echo "[done]"

# Interactive traffic: guarantee realtime full uplink for 50ms, then
# 1/10 of the uplink
echo -n "   + Append subclass for low delay "
tc class add dev ${DEV} parent 1:1 classid 1:10 hfsc \
        rt m1 ${SPEED}mbit d  50ms m2 $[1*$SPEED/10]mbit \
        ls m1   ${SPEED}mbit d  50ms m2 $[3*$SPEED/10]mbit \
        ul rate ${SPEED}mbit

# To speed up downloads while an upload is going on, put short ACK
# packets in the interactive class:
iptables -t mangle -A SHAPPER -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK -m length --length :64 $CL1
iptables -t mangle -A SHAPPER -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK -m length --length :64 $RET

# ICMP in the interactive class
iptables -t mangle -A SHAPPER -p icmp                              $CL1
iptables -t mangle -A SHAPPER -p icmp                              $RET

# All traffic optimized for minimize monetary cost TOS 0x02
iptables -t mangle -A SHAPPER -m tos --tos 0x02                    $CL1
iptables -t mangle -A SHAPPER -m tos --tos 0x02                    $RET

# All traffic optimized for minimize delay TOS 0x10
iptables -t mangle -A SHAPPER -m tos --tos 0x10                    $CL1
iptables -t mangle -A SHAPPER -m tos --tos 0x10                    $RET

# Interactive port
#iptables -t mangle -A SHAPPER -p tcp -m multiport --sports ftp,ftp $CL1
#iptables -t mangle -A SHAPPER -p tcp -m multiport --sports ssh,ftp $RET

# All udp dns traffic
iptables -t mangle -A SHAPPER -p udp --dport 53                    $CL1
iptables -t mangle -A SHAPPER -p udp --dport 53                    $RET

echo "[done]"


# VoIP: guarantee full uplink for 200ms, then 5/10
echo -n "   + Append subclass for VoIP traffic "
tc class add dev ${DEV} parent 1:1  classid 1:11 hfsc \
        sc m1 ${SPEED}mbit d 200ms m2 $[5*$SPEED/10]mbit \
        ul rate ${SPEED}kbit

iptables -t mangle -A SHAPPER -p tcp -m multiport --sports sip $CL2
iptables -t mangle -A SHAPPER -p tcp -m multiport --sports sip $RET

iptables -t mangle -A SHAPPER -p tcp -m multiport --dport 10000:20000 $CL2
iptables -t mangle -A SHAPPER -p tcp -m multiport --dport 10000:20000 $RET


echo "[done]"

# smtp traffic: don't guarantee anything for the first 10 seconds,
# then guarantee 1/20
echo -n "   + Append subclass for high reliability  traffic "
tc class add dev ${DEV} parent 1:1  classid 1:12 hfsc \
        sc m1 0 d 10s m2 $[1*$SPEED/20]mbit \
        ul rate ${SPEED}mbit

iptables -t mangle -A SHAPPER -p tcp -m multiport --sports smtp,ssmtp $CL3
iptables -t mangle -A SHAPPER -p tcp -m multiport --sports smtp,ssmtp $RET

iptables -t mangle -A SHAPPER -m tos --tos 0x04          $CL3
iptables -t mangle -A SHAPPER -m tos --tos 0x04          $RET

echo "[done]"


# p2p traffic: don't guarantee anything for the first 20 seconds,
# then guarantee 1/20
echo -n "   + Append subclass for P2P "
tc class add dev $DEV parent 1:1  classid 1:14 hfsc \
        sc m1 0 d 20s m2 $[1*$SPEED/20]mbit \
        ul rate ${SPEED}mbit

iptables -t mangle -A SHAPPER -m layer7 --l7proto edonkey   $CL5
iptables -t mangle -A SHAPPER -m layer7 --l7proto edonkey   $RET

iptables -t mangle -A SHAPPER -m layer7 --l7proto fasttrack $CL5
iptables -t mangle -A SHAPPER -m layer7 --l7proto fasttrack  $RET

iptables -t mangle -A SHAPPER -m layer7 --l7proto bittorrent $CL5
iptables -t mangle -A SHAPPER -m layer7 --l7proto bittorrent $RET

echo "[done]"

# Default traffic: don't guarantee anything for the first two seconds,
echo -n "   + Append subclass for high bandwith, low latency traffic (default) "
tc class add dev $DEV parent 1:1  classid 1:13 hfsc \
         sc m1 0 d 2s m2 $[1*$SPEED/20]mbit \
         ul rate ${SPEED}mbit

iptables -t mangle -A SHAPPER -m tos --tos 0x08         $CL4
iptables -t mangle -A SHAPPER -m tos --tos 0x08         $RET
iptables -t mangle -A SHAPPER $CL4
iptables -t mangle -A SHAPPER $RET

echo "[done]"

begin:vcard
fn;quoted-printable:S=C3=A9bastien CRAMATTE
n;quoted-printable:CRAMATTE;S=C3=A9bastien
org:ZEN Soluciones;IT technologies, Linux and Web
adr;quoted-printable:Piso 4b;;Calle Alfonso X el Sabio, 29;Las torres de cotillas;Murcia;30565;Espa=C3=B1a
email;internet:scramatte@xxxxxxxxxxxxxxxxx
title:Consultant
tel;work:+34 968 292 965
tel;cell:+34 627 665 283
x-mozilla-html:FALSE
url:http://www.zensoluciones.com
version:2.1
end:vcard

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc