I’ve got a CentOS 6.4 box (64bit) that’s acting as a router and firewall. It has two ethernet interfaces, and it’s connected to a cable modem. I’m attempting to do some bandwidth management. I’ve got: TBF with an upload rate limit of 4000kbit a PRIO qdisc hanging off of that with 3 bands an SFQ qdisc hanging off each of the bands of the PRIO qdisc The problem I’m running into is I cannot get outgoing packets to hit the high priority queue using the u32 filter. I can seem to get it to work if I use iptables to mark the packets and then filter based on the firewall mark. Setup commands look this this: $EXT is my external ethernet interface $UPLD is 4000kbit $TC qdisc add dev $EXT root handle 1: tbf rate $UPLD burst 100k latency 15ms mtu 100kb $TC qdisc add dev $EXT parent 1: handle 30: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0 $TC qdisc add dev $EXT parent 30:1 handle 100: sfq perturb 10 $TC qdisc add dev $EXT parent 30:2 handle 200: sfq perturb 10 $TC qdisc add dev $EXT parent 30:3 handle 300: sfq perturb 10 # Filter that doesn’t work. All traffic ends up in flow 30:3 $TC filter add dev $EXT parent 30: prio 1 u32 match ip dst 208.100.39.00/24 flowid 20:1 # (That IP is my VoIP host that I want to which I want to prioritize traffic.) If I use the following: $TC filter add dev $EXT parent 30: prio 1 protocol ip handle 1 fw flowid 30:1 iptables -t mangle -A PREROUTING -d 208.100.39.00/24 -j MARK --set-mark 0x1 Then traffic goes to flow 30:1 as I’d expect. I’ve got to be missing something pretty obvious, but I can’t figure out what. Can anyone enlighten me? I’m also doing ingress shaping (using ifb) and that’s working fine using a similar filter: $TC filter add dev ifb0 protocol ip parent 20: prio 1 u32 match ip src 208.100.39.0/24 flowid 20:1 Incoming packets match the filter and get put into flowid 20:1. Thanks! -Joe Rhodes
Attachment:
smime.p7s
Description: S/MIME cryptographic signature