| View previous topic :: View next topic |
| Author |
Message |
Inodoro_Pereyra
Advocate
Joined: 03 Nov 2006
Posts: 2631
Location: En la otra punta del cable
|
 Posted: Sat Sep 05, 2009 10:33 pm Post subject: QoS - Simple setup - I Need help. (open) |
 |
|
Hi everybody, im trying to setup QoS on my Gentoo router and need advice. Obviously there's something conceptually wrong with my setup since i can't get it working... Can someone point me where i got it wrong?
The type of setup im trying to acomplish is far more complex but for the sake of simplicity here an example (jus tested and not working) much more simple:
Mi router have two ethernet cards: eth0 = LAN, eth1 = WAN side and I have a 3072/256 mbps internet connection.
I want to have QoS working only in the upload stream, no IMQ for download QoS or anything like that
A root qdisc with defaults junk traffic into the leaf "30":
| Code: | | tc qdisc add dev eth1 root handle 1: htb default 30 |
A root class with ceil and rate at 75% upload speed:
| Code: | | tc class add dev eth1 parent 1: classid 1:1 htb rate 192kbit ceil 192kbit |
Three leafs in that root class, 1:10, 1:20, 1:30:
| Code: | tc class add dev eth1 parent 1:1 classid 1:10 htb rate 80kbit ceil 192kbit
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 80kbit ceil 192kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:30 htb rate 32kbit ceil 192kbit prio 2 |
At this point i start to see traffic over the class htb 1:1 and the 1:30 wich was the default one...
Everything goes fine, so let's filter. I want to queue any packet marked with "1" to 1:10, "2" to 1:20 and so on...
| Code: | tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev eth1 parent 1:1 protocol ip prio 2 handle 2 fw classid 1:20
tc filter add dev eth1 parent 1:1 protocol ip prio 3 handle 3 fw classid 1:30 |
So, for example, this is what i do to mark any ICMP packet with iptables:
| Code: | | iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 1 |
But when i start pinging any host outside my lan from any workstation i don't see any increment in the 1:10 class count wich remains untouched:
| Code: | class htb 1:10 parent 1:1 prio 0 rate 80000bit ceil 192000bit burst 1600b cburst 1599b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 156250 ctokens: 65103 |
Any help will be greatly appreciated 
Cheers!
_________________
Mi Blog.
Si no fuera por C, estaríamos escribiendo programas en BASI, PASAL y OBOL. |
|
| Back to top |
|
 |
tb5342
n00b
Joined: 29 Aug 2009
Posts: 17
|
| Posted: Mon Sep 07, 2009 3:30 pm Post subject: |
|
|
Do you set TOS in your iptables rules anywhere?
Maybe try something like this:
| Code: | | iptables -t mangle -A PREROUTING -p icmp -j TOS --set-tos Minimize-Delay |
For more info about iptables and TOS values:
You may find this site useful as well: http://lartc.org/howto/ |
|
| Back to top |
|
|
Inodoro_Pereyra
Advocate
Joined: 03 Nov 2006
Posts: 2631
Location: En la otra punta del cable
|
| Posted: Sat Sep 12, 2009 12:19 am Post subject: |
|
|
Bump 
Yes, i have TOS matching too but even trying to classify packets based on TOS no packets are queued in any class but the default one.
Still missing something here. Thank you.
Cheers!
_________________
Mi Blog.
Si no fuera por C, estaríamos escribiendo programas en BASI, PASAL y OBOL. |
|
| Back to top |
|
|
Nossie
Apprentice
Joined: 19 Apr 2002
Posts: 181
|
| Posted: Fri Sep 18, 2009 11:20 am Post subject: |
|
|
I use the following script, maybe it's useful to you...
I found this script somewhere and modified it a bit, so the descriptions don't match anymore, but you can still use it as a basis for your own setup.
| Code: |
#!/bin/bash
UPLINK_SPEED=2048 # kbit
UPLINK_SPEED_LOCAL=100 # mbit
INET_DEV=eth0
DOWNLINK_THROTTLE=N # Set to 'Y' if you want to anable downlink throttle
DOWNLINK_SPEED=1450
if [ "$1" = "status" ]
then
tc -s qdisc ls dev $INET_DEV
tc -s class ls dev $INET_DEV
exit
fi
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $INET_DEV root 2> /dev/null > /dev/null
tc qdisc del dev $INET_DEV ingress 2> /dev/null > /dev/null
iptables -F -t mangle
if [ "$1" = "stop" ]
then
exit
fi
#################################################################################################
# qdiscs, classes and filters
# add HTB root qdisc
tc qdisc add dev $INET_DEV root handle 1: htb default 12
tc class add dev $INET_DEV parent 1: classid 1:1 htb rate ${UPLINK_SPEED_LOCAL}mbit ceil ${UPLINK_SPEED_LOCAL}mbit
tc class add dev $INET_DEV parent 1:1 classid 1:10 htb rate $[$UPLINK_SPEED_LOCAL]mbit ceil $[$UPLINK_SPEED_LOCAL]mbit prio 0
tc class add dev $INET_DEV parent 1:1 classid 1:11 htb rate $[$UPLINK_SPEED/4*3]kbit ceil $[$UPLINK_SPEED]kbit prio 1
tc class add dev $INET_DEV parent 1:1 classid 1:12 htb rate $[$UPLINK_SPEED/4]kbit ceil $[$UPLINK_SPEED/2]kbit prio 2
tc qdisc add dev $INET_DEV parent 1:10 handle 100: sfq perturb 10
tc qdisc add dev $INET_DEV parent 1:11 handle 110: sfq perturb 10
tc qdisc add dev $INET_DEV parent 1:12 handle 120: sfq perturb 10
# filters
tc filter add dev $INET_DEV parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev $INET_DEV parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
tc filter add dev $INET_DEV parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
#################################################################################################
#
# classid 1:10 htb rate $[$UPLINK_SPEED/5]kbit ceil $[$UPLINK_SPEED]kbit prio 0 [mark 1]
# This is the higher priority class. The packets in this class will have the lowest delay
# and would get the excess of bandwith first so it's a good idea to limit the ceil rate to
# this class. We will send through this class the following packets that benefit from low
# delay, such as interactive traffic: ssh, telnet, dns, quake3, irc, and packets with the
# SYN flag.
#
# classid 1:11 htb rate $[$UPLINK_SPEED/5]kbit ceil $[$UPLINK_SPEED]kbit prio 1 [mark 2]
# Here we have the first class in which we can start to put bulk traffic. In my example I have
# traffic from the local web server and requests for web pages: source port 80, and destination
# port 80 respectively.
#
# classid 1:12 htb rate $[$UPLINK_SPEED/5]kbit ceil $[9*$UPLINK_SPEED/10]kbit prio 2 [mark 3]
# In this class I will put traffic with Maximize-Throughput TOS bit set and the rest of the
# traffic that goes from local processes on the router to the Internet. So the following
# classes will only have traffic that is "routed through" the box.
#
# classid 1:13 htb rate $[$UPLINK_SPEED/5]kbit ceil $[7*$UPLINK_SPEED/10]kbit prio 3 [mark 4]
# Here goes mail traffic (SMTP,pop3...) and packets with Minimize-Cost TOS bit set.
#
# classid 1:14 htb rate $[$UPLINK_SPEED/5]kbit ceil $[8*$UPLINK_SPEED/10]kbit prio 4 [mark 5]
# And finally here we have bulk traffic from the NATed machines behind the router. All kazaa,
# edonkey, and others will go here, in order to not interfere with other services.
#
#################################################################################################
#################################################################################################
# Packets originating from localhost - rule order does matter !
# Use --dport if you connect TO that port on a server on the internet
# Use --sport to mark packets emmenating from this computer at specified port (for services
# running on this computer).
#
# Example :
# If I connect to a remote computer with SSH, the DESTINATION port will be port 22
# The packets that leave this computer have source port xxx and destination port 22
#
# If someone connects to this computer with SSH the SOURCE port will be 22
# The packets that leave this computer will have source port 22 and destination port xxxx
# local network (100 MBit)
iptables -t mangle -A OUTPUT -d 62.177.186.107/32 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -d 62.177.186.107/32 -j RETURN
iptables -t mangle -A OUTPUT -d 62.177.186.106/32 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -d 62.177.186.106/32 -j RETURN
iptables -t mangle -A OUTPUT -d 62.177.186.109/32 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -d 62.177.186.109/32 -j RETURN
iptables -t mangle -A OUTPUT -d 62.177.186.110/32 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -d 62.177.186.110/32 -j RETURN
# priority packets, more bandwidth
# special hosts
#iptables -t mangle -A OUTPUT -d 213.84.248.7/32 -j MARK --set-mark 2
#iptables -t mangle -A OUTPUT -d 213.84.248.7/32 -j RETURN
# SYN packets
iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
# ICMP packets
iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p icmp -j RETURN
# SSH packets
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j RETURN
# Services
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 25 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 25 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 25 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 993 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 993 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 995 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 995 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 443 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 443 -j RETURN
# Default disc, all other packets
iptables -t mangle -A OUTPUT -j MARK --set-mark 3
if [ $DOWNLINK_THROTTLE = "N" ]
then
exit
fi
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $INET_DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
tc filter add dev $INET_DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK_SPEED}kbit burst 10k drop flowid :1
|
|
|
| Back to top |
|
|
Schnulli
Guru
Joined: 25 Jun 2010
Posts: 320
Location: Bremen DE
|
| Posted: Wed Mar 30, 2011 8:36 pm Post subject: |
|
|
*plopp*
Pulling up.......
We´r working on IMQ with Kernel 38.x ... lets see if we get the needed Patches etc...... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
