Re: Turning on TC throttles my HTTP downloads for no known reason

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alan McKay wrote:


So I turned that off and immediately it fixed my problem!  Fantastic!
  I then added that setting to post-up in /etc/network/interfaces on my
Ubuntu 12.10 firewall, and restarted networking to test that it still
worked.   And it did.   Great!

Until I had to reboot my firewall (right where you see the big dip on
that fixed graph).    After the reboot everything came up great and TC
was enabled as expected, and this gro setting was still off as
expected.   But my downloads were getting clobbered again and were in
the 5 Mbit range.

And as soon as I turned off TC they shoot back up again.
Strange - I would try turning gro on and off again when running to see if that helps and there is some timing issue with doing it at boot. 


I've reported all this to the shorewall list and everyone there seems stumped.

Here is how Shorewall configures the TC on my eth0 (internet facing
NIC on my firewall).    Some of the commands here are shorewallisms
but I think this should still be pretty straightforward.

         qt $TC qdisc del dev eth0 root
         qt $TC qdisc del dev eth0 ingress
         eth0_mtu=$(get_device_mtu eth0)
         eth0_mtu1=$(get_device_mtu1 eth0)
         run_tc qdisc add dev eth0 root handle 1: htb default 13 r2q 5
         run_tc class add dev eth0 parent 1: classid 1:1 htb rate
1000kbit $eth0_mtu1
         run_tc qdisc add dev eth0 handle ffff: ingress
         run_tc filter add dev eth0 parent ffff: protocol all prio 10 basic \
             police mpu 64 rate 35000kbit burst 10kb action drop
Another way to work around gro would be to use the mtu param for the policer try 3100 or may be bigger - I don't know how many packets get aggregated for you.
There is a potential problem with using protocol all in that you will be sending arp to potentially be dropped. If you are just shaping ipv4 then protocol ip would be better.
The same applies to using "htb default 13" though in this example having reasonable bandwidth and sfq on 13 will save the day. 

--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux