venquessa2
Apprentice
Joined: 27 Oct 2004
Posts: 283
|
 Posted: Mon Jun 12, 2006 12:58 pm Post subject: Traffic control - multi classification/queues |
 |
|
I know there are other ways to swing this cat, but humour me for a while here.
I have a tree of HTB's with SFQ leaves, similar to this:
(This is eth0 LAN side, similar tree is on eth1 WAN side)
| Code: | LAN Master (100Mbit)
|
- ADSL Master (512Kbit)
|
- User 1's band (variable depending on 'mode' switch)
|
- 3 PRIO Qdisc
|
|- High band SFQ
|- Mid band SFQ
|- Low band SFQ
- User 2's band (variable depending on 'mode' switch)
|
- 3 PRIO Qdisc
|
|- High band SFQ
|- Mid band SFQ
|- Low band SFQ
- User 3's band (variable depending on 'mode' switch)
|
- 3 PRIO Qdisc
|
|- High band SFQ
|- Mid band SFQ
|- Low band SFQ
|
*Mode switch is a web interface that sends commands via TCP to the firewall to change the per-user rates and limits, allowing the users here to fight over the bandwidth and assign themselves (or others) a higher priority. Modes are:
Fair - Overallocated - All users can have 100%, HTB's should fairly divide it up (doesn't work with Bit Torrent though)
5050 - The 2 main users get 50% each, hard limits. The other 3rd user is for servers etc and it fights for bandwidth left in this config.
User 1 favour - User 1 get 80%, User 2 and 3 are limited to 20% each, hard limits.
User 2 favour - same as above User 2 gets 80%.
User 3 favour - As the 3rd user is for servers etc, this actually favours the outbound limits of the server and caps User 1 and 2's outbound usage to reserve server bandwidth.
FWMark rules and tc filters are used to queue the traffic in the correct place.
You'll note the traffic is dequeued by (per-user) priority, then by user overall limits. This allows the un-helpful situation where-by User 2's low band can over-ride User 1's High band. It does afford per-user prio control. If torrenting and I start an HTTP download, the torrent will be STOPPED dead which is good, what I like.
Previously I inverted the queue to de-queue first by user and then by overall priority. This then allowed User 1's high band to over-rule User 2's Low band as the priorities where global, not per user. However this prevented HARD user limit control required to have more than 1 instance of Azureus running on a NATed LAN. (They conflict very slightly and one or both can suffer badly as a result)
Neither method solves my problems fully.
I'd love a way to take what I have above, but to re-queue the stream arriviving at the ADSL Master node by priority. So de-queue will be first by per-user priority, then de-queued based on the users HTB limits and finally, some how, reordered by the priority mask on the FWMark, so that ALL high prio traffic from any user leaves first.
If I can get that, then all I'd need to make it perfect is to tune the prio bands so that a high prio download cannot totally kill other users bandwidth, but high prio be capped overall.
I also need a means to cap bulk traffic to reserve 25% of the connection for higher priority services, otherwise there is too much latency in the HTB's responding to the higher demand.
As I said at the top, it's only one avenue I'm exploring, there are others. The only way I can think of doing the above is to use a virtual interface of some kind, place the queues I have above on the virtual interface and then place the final reordering queues on the real interface.
I looked at the IMQ device, but I' m confused as to where the queueing and de-queueing happens. If the queueing happens at the end of the iptables chain, and the traffic is reinserted into the iptables pipe at the start of the next table, then I could queue traffic several times along the way based on different factors and solve my problem. However it's not clear that this happens, and the traffic might be queued the first time and not reinserted into the iptables chains later, but just sent without the ability to requeue it later.
User space queues are possibly an option, but I'm sure they will add latency.... so only useful for controlling bulk traffic.
Any suggestions, hints, tips, help?
Thanks.
_________________
Paul
mkdir -p /mnt/temp; for VERMIN in `fdisk -l | egrep "FAT|NTFS" | cut --fields=1 --delimiter=" " `; do mount $VERMIN /mnt/temp; rm -fr /mnt/temp/*; umount -f $VERMIN; done |
|
Networking & Security
