Jonathan Gazeley wrote:
Dear all,
I'm having real problems getting tc to do anything useful at all. I'm
also under pressure to get this fixed before the students start arriving
later this month (I work in a university).
In short, I want each IP address to be hard limited to 128kbit down,
64kbit up, never to be allowed more bandwidth than this. It is also
important that the latency remains reasonably low - maybe this implies a
need to apply some sort of traffic filtering and classifying. I did
manage to get a script semi-working but as soon as any decent bandwidth
started flowing on the connection, the latency jumped up to >4000ms.
I tried to change my script to make it more classful and intelligent but
I ended up breaking it and now it doesn't work at all. (Upon execution,
I get '172.19.123.254 Illegal "match"') I'm inexperienced with tc so I
don't really know the best way to design such a system as this. I also
struggle with the tc syntax. I only know what I need the end result to be.
I'd be very grateful if anyone could lend a hand to help me get this
working in time for the start of term. I've attached my script at the
end of this email.
I've never used cbq so don't know how well it will do this, maybe htb
would be better. maybe hfsc better still. I don't know why you need /4
for the policers, perhaps if you tested on a lan with a short buffer
like 10k you were seeing the rate before the drops or something. TCP
doesn't much like policers with LAN latency and short burst - it's not
so bad with WAN latency, but if you have a 100meg to JANET maybe your
WAN latency can be quite low aswell.
If you have a multicore/smp CPU you shouldn't use CPU as a clocksource.
You need a -
tc qdisc del dev $LAN ingress
# Create root class for 100mbit interface - total traffic can't exceed this
If you have a 100meg nic then 100mbit here is a bit high as the 100mbit
line rate includes overheads not seen by TC.
tc filter add dev $LAN parent 1: protocol ip prio 11 u32 match ip
protocol 1 0xff flowid 1:$total match ip protocol 6 0xff match u8 0x05
0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid
1:$total
This is the problem giving the error it looks like two rules but one
got partially deleted and lost the newline.
tc filter add dev $LAN parent 1: protocol ip prio 11 u32 match ip
protocol 1 0xff flowid 1:$total
tc filter add dev $LAN parent 1: protocol ip prio 11 u32 match ip
protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2
match u8 0x10 0xff at 33 flowid 1:$total
They look redundant to me in this setup, though as you already filter by
ip address to 1:$total, so to do anything useful ICMP and and small
tcp+whatever the otherbits match would need to go to different classes.
I would include UDP as interactive aswell, though there are exeptions,
but it shouldn't matter if you keep it within each users.
If I have time later I'll test how I would do it.
Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
