On 05/13/13 23:19, Benjamin Kiessling wrote:
On 05/12, dE wrote:
Hello everyone!
I was trying to do some traffic shaping to make http pages more responsive
while torrenting. So I decided to modify TOS value of packets to have an
affect on the default pfifo_fast qdisc.
I've the following iptable rules --
#DNS request
iptables -t mangle -A OUTPUT -o eth1 -p udp -m multiport --dports 53 -j TOS
--set-tos 0x10
#DNS response
iptables -t mangle -A PREROUTING -i eth1 -p udp -m multiport --sports 53 -j
TOS --set-tos 0x10
#Incoming torrent connections
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --dports 2000
-j TOS --set-tos 0x2
iptables -t mangle -A PREROUTING -i eth1 -p udp -m multiport --dports
2000,1900,2001 -j TOS --set-tos 0x2
#Mail server
iptables -t mangle -A OUTPUT -o eth1 -p tcp -d imap.googlemail.com -m
multiport --dports 993 -j TOS --set-tos 0x10
#HTTP(S)
iptables -t mangle -A OUTPUT -o eth1 -p tcp -m multiport --dports 80,443 -j
TOS --set-tos 0x14
#iptables -t mangle -A OUTPUT -o eth1 -p tcp -m multiport --dports 80,443 -j
TOS --set-tos 0x10
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --sport 80,443
-j TOS --set-tos 0x14
#iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --sport 80,443
-j TOS --set-tos 0x10
There are several issues with your configuration. First, setting the
(deprecated ToS) bits on incoming packets if you don't plan to forward
these packets is senseless. Second, all *fifo* qdiscs are
work-conserving, i.e. will dequeue packets at line speed. As the
bandwidth of your local LAN is usually quite a bit higher than your
internet uplink packets will still pile up at your DSL/cable/... modem.
To actually prioritize services you need to own the queue by limiting
your egress packet rate to slughtly lower than your modems rate. Be
aware that most ISPs overcommit bandwidth in the order of 1:15-1:50 and
your setup will still be ineffective if the shaped rate is higher than
the modems rate.
But is there a difference between all TOS values which fall in a single
band?
Nope.
I mean, does the behavior of pfifo_fast change if I change from 0x12 to
0x16? Cause I thought the qdisc to be simple, and a different behavior for
all of the above TOS values means pfifo_fast does a lot more than just
placing packets in 3 different queues.
Nope.
Another question -- how do you get these TOS values?
They are derived from [0]. Again ToS bits are deprecated.
and what does -j TOS --set-tos <HEX/DEC> do? Does it modify the 4 bits
or the whole 8 bit TOS value in the header, or does something
completely different?
Citing the manpage: "This module sets the Type of Service field in the
IPv4 header (including the "precedence" bits) or the Priority field in
the IPv6 header." It accesses the whole byte. Again ToS is deprecated.
If you want to explicitely mark packet priorities in your network use
DSCP (but don't forget admission control), otherwise just use iptables
to match hosts/protocols directly to HTB/HFSC/DRR/... classes.
Regards,
Ben
[0] https://tools.ietf.org/html/rfc1349
Thank you!
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
