Menu
▾
▴
Re: [Devil-Linux-discuss] Fwd: Traffic Shaping on a Transparent Bridge not working!
|
From: cdmiller <cdm...@ad...> - 2006-11-20 21:46:52
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not sure if it helps, but you may also want to look at bandwidth arbitrator: http://www.bandwidtharbitrator.com/ It does require a patched kernel so you would have to do a devil-linux compilation. I had been planning to try it on Devil, just haven't gotten around to it yet. - - cameron drew einhorn wrote: > Trying again. Hope I'm finally off the bogus email blacklist, and > this goes through. > > ---------- Forwarded message ---------- > From: drew einhorn <dre...@gm...> > Date: Nov 19, 2006 11:51 PM > Subject: Traffic Shaping on a Transparent Bridge not working! > To: dev...@li... > > > My first DL project was going well. Then I ran into problems attempting > to shape my bandwidth. > > First I'll describe the parts that I believe are working correctly. > > I have a DL 1.2.11 box running the default kernel, 2.4.33.3-grsec > > I have br0 bridging all four ports eth0, eth1, eth2, eth3 on a quad port > pci card. The bridge has not been assigned an ip number on the theory > that this makes it much more difficult to attack. The bridge connects > four devices on the 3bit public static ip block from my ISP. > > I have a single port ethernet pci card, eth4 with a static ip, on my > internal private ip network. It is used for remote managent of the DL > box from anywhere on my internal network. > > eth0 is connected to my ISP's router via the ethernet port on my > ISDN modem. I know ISDN is a nearly dead technology, but it's the best > thing my crappy telco offers. Tried a satellite ISP, but that's another > long story. > > eth1 is connected to a hardened publicly accessible host. > > eth2 and eth3 are connected to the WAN ports on a couple of Linksys > Cable/DSL routers. Eventually most of their functions will migrate to the > DL box, but that is more than I wanted to bite off in my first DL project. > > The first Linksys box NATs one of my public ips to my internal private > ip network. The second Linksys box is newer and includes a wireless > access point used by a couple neighbors. It NATs a second public ip to > a separate private ip network. > > All of the above appears to be working as expected. > > After pondering the mysteries of traffic shaping I decided to start with > wondershaper 1.1a from lartc.org, rather than starting from scratch. > > Tried both the cbq and htb versions without any success. > > RTFM time. The htb section of http://lartc.org/howto/index.html is easier > reading than the cbq section. And the howto claims htb is better anyway. > Let's focus on the htb version of wondershaper. > > OK, First we edit wshaper.htb and configure the shell variables. Then we > run: sh -x wshaper.htb > to echo the commands as they are executed. > > Then we start pinging the router at the other end of the ISDN line. > > Then we start downloading a file to generate some traffic that really > needs to be shaped. > > Then we run: sh -x wshaper.htb status > to gather some statistics > > then we kill the download. > > then we sh -x wshaper.htb stop to shut down the malfunctioning shaper. > > Here's the output from the ping: > > $ ping 67.0.192.10 > PING 67.0.192.10 (67.0.192.10) 56(84) bytes of data. > > Link is idle, normal ping times. > > 64 bytes from 67.0.192.10: icmp_seq=0 ttl=254 time=48.5 ms > 64 bytes from 67.0.192.10: icmp_seq=1 ttl=254 time=48.4 ms > 64 bytes from 67.0.192.10: icmp_seq=2 ttl=254 time=48.4 ms > 64 bytes from 67.0.192.10: icmp_seq=3 ttl=254 time=48.4 ms > 64 bytes from 67.0.192.10: icmp_seq=4 ttl=254 time= 48.5 ms > 64 bytes from 67.0.192.10: icmp_seq=5 ttl=254 time=67.8 ms > 64 bytes from 67.0.192.10: icmp_seq=6 ttl=254 time=48.3 ms > 64 bytes from 67.0.192.10: icmp_seq=7 ttl=254 time=48.2 ms > > Download starts. Shaping is not working! Queues in > router and/or ISDN modem grow, and ping times rapidly > become huge. > > 64 bytes from 67.0.192.10: icmp_seq=8 ttl=254 time=184 ms > 64 bytes from 67.0.192.10: icmp_seq=9 ttl=254 time=1080 ms > 64 bytes from 67.0.192.10: icmp_seq=10 ttl=254 time=2025 ms > 64 bytes from 67.0.192.10: icmp_seq=11 ttl=254 time=1551 ms > 64 bytes from 67.0.192.10: icmp_seq=12 ttl=254 time=1078 ms > 64 bytes from 67.0.192.10: icmp_seq=13 ttl=254 time=896 ms > 64 bytes from 67.0.192.10: icmp_seq=14 ttl=254 time=1088 ms > 64 bytes from 67.0.192.10: icmp_seq=15 ttl=254 time=1171 ms > 64 bytes from 67.0.192.10: icmp_seq=16 ttl=254 time=1272 ms > 64 bytes from 67.0.192.10: icmp_seq=17 ttl=254 time=1280 ms > 64 bytes from 67.0.192.10: icmp_seq=18 ttl=254 time=1101 ms > 64 bytes from 67.0.192.10: icmp_seq=19 ttl=254 time=1258 ms > 64 bytes from 67.0.192.10: icmp_seq=20 ttl=254 time=1211 ms > 64 bytes from 67.0.192.10: icmp_seq=21 ttl=254 time=1259 ms > 64 bytes from 67.0.192.10: icmp_seq=22 ttl=254 time=1373 ms > 64 bytes from 67.0.192.10: icmp_seq=23 ttl=254 time=1424 ms > 64 bytes from 67.0.192.10: icmp_seq=24 ttl=254 time=1461 ms > 64 bytes from 67.0.192.10: icmp_seq=25 ttl=254 time=1277 ms > 64 bytes from 67.0.192.10: icmp_seq=26 ttl=254 time=1521 ms > 64 bytes from 67.0.192.10: icmp_seq=27 ttl=254 time=1467 ms > 64 bytes from 67.0.192.10: icmp_seq=28 ttl=254 time=1335 ms > 64 bytes from 67.0.192.10: icmp_seq=29 ttl=254 time=1329 ms > 64 bytes from 67.0.192.10: icmp_seq=30 ttl=254 time=1386 ms > 64 bytes from 67.0.192.10: icmp_seq=31 ttl=254 time=1360 ms > 64 bytes from 67.0.192.10: icmp_seq=32 ttl=254 time=1416 ms > 64 bytes from 67.0.192.10: icmp_seq=33 ttl=254 time=1480 ms > 64 bytes from 67.0.192.10: icmp_seq=34 ttl=254 time=1345 ms > 64 bytes from 67.0.192.10: icmp_seq=35 ttl=254 time=1356 ms > 64 bytes from 67.0.192.10: icmp_seq=36 ttl=254 time=1370 ms > 64 bytes from 67.0.192.10: icmp_seq=37 ttl=254 time=1278 ms > 64 bytes from 67.0.192.10: icmp_seq=38 ttl=254 time=1612 ms > 64 bytes from 67.0.192.10: icmp_seq=39 ttl=254 time=1520 ms > 64 bytes from 67.0.192.10: icmp_seq=40 ttl=254 time=1322 ms > 64 bytes from 67.0.192.10: icmp_seq=41 ttl=254 time=1545 ms > > Kill the download queues empty and ping times return to normal > > 64 bytes from 67.0.192.10 : icmp_seq=42 ttl=254 time=975 ms > 64 bytes from 67.0.192.10: icmp_seq=43 ttl=254 time=67.4 ms > 64 bytes from 67.0.192.10: icmp_seq=44 ttl=254 time= 73.6 ms > 64 bytes from 67.0.192.10: icmp_seq=45 ttl=254 time=45.2 ms > 64 bytes from 67.0.192.10: icmp_seq=46 ttl=254 time=45.2 ms > 64 bytes from 67.0.192.10: icmp_seq=47 ttl=254 time=44.8 ms > > > And, here's the shell commands and their output: > > root@Devil:~ # sh -x wshaper.htb > + DOWNLINK=100 > + UPLINK=100 > + DEV=eth0 > + NOPRIOHOSTSRC= > + NOPRIOHOSTDST= > + NOPRIOPORTSRC= > + NOPRIOPORTDST= > + '[' '' = status ']' > + tc qdisc del dev eth0 root > + tc qdisc del dev eth0 ingress > + '[' '' = stop ']' > + tc qdisc add dev eth0 root handle 1: htb default 20 > + tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbit burst 6k > + tc class add dev eth0 parent 1:1 classid 1:10 htb rate 100kbit burst 6k prio 1 > + tc class add dev eth0 parent 1:1 classid 1:20 htb rate 90kbit burst 6k prio 2 > + tc class add dev eth0 parent 1:1 classid 1:30 htb rate 80kbit burst 6k prio 2 > + tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 > + tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 > + tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10 > + tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip > tos 0x10 0xff flowid 1:10 > + tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip > protocol 1 0xff flowid 1:10 > + tc filter add dev eth0 parent 1: protocol ip prio 10 u32 match ip > protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 > match u8 0x10 0xff at 33 flowid 1:10 > + tc filter add dev eth0 parent 1: protocol ip prio 18 u32 match ip > dst 0.0.0.0/0 flowid 1:20 > + tc qdisc add dev eth0 handle ffff: ingress > + tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip > src 0.0.0.0/0 police rate 100kbit burst 10k drop flowid :1 > > > root@Devil:~ # sh -x wshaper.htb status > + DOWNLINK=100 > + UPLINK=100 > + DEV=eth0 > + NOPRIOHOSTSRC= > + NOPRIOHOSTDST= > + NOPRIOPORTSRC= > + NOPRIOPORTDST= > + '[' status = status ']' > + tc -s qdisc ls dev eth0 > qdisc htb 1: r2q 10 default 20 direct_packets_stat 0 > Sent 18649 bytes 191 pkts (dropped 0, overlimits 0) > qdisc sfq 10: parent 1:10 limit 128p quantum 1514b perturb 10sec > Sent 10582 bytes 147 pkts (dropped 0, overlimits 0) > qdisc sfq 20: parent 1:20 limit 128p quantum 1514b perturb 10sec > Sent 8067 bytes 44 pkts (dropped 0, overlimits 0) > qdisc sfq 30: parent 1:30 limit 128p quantum 1514b perturb 10sec > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > qdisc ingress ffff: ---------------- > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > + tc -s class ls dev eth0 > class htb 1:1 root rate 100000bit ceil 100000bit burst 6Kb cburst 1724b > Sent 18649 bytes 191 pkts (dropped 0, overlimits 0) > rate 1320bit 1pps > lended: 0 borrowed: 0 giants: 0 > tokens: 398459 ctokens: 108855 > > class htb 1:10 parent 1:1 leaf 10: prio 1 rate 100000bit ceil > 100000bit burst 6Kb cburst 1724b > Sent 10582 bytes 147 pkts (dropped 0, overlimits 0) > rate 656bit 1pps > lended: 147 borrowed: 0 giants: 0 > tokens: 398459 ctokens: 108855 > > class htb 1:20 parent 1:1 leaf 20: prio 2 rate 90000bit ceil 90000bit > burst 6Kb cburst 1711b > Sent 8067 bytes 44 pkts (dropped 0, overlimits 0) > rate 712bit > lended: 44 borrowed: 0 giants: 0 > tokens: 432284 ctokens: 109555 > > class htb 1:30 parent 1:1 leaf 30: prio 2 rate 80000bit ceil 80000bit > burst 6Kb cburst 1699b > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > lended: 0 borrowed: 0 giants: 0 > tokens: 503316 ctokens: 139264 > > + exit > root@Devil:~ # sh -x wshaper.htb stop > + DOWNLINK=100 > + UPLINK=100 > + DEV=eth0 > + NOPRIOHOSTSRC= > + NOPRIOHOSTDST= > + NOPRIOPORTSRC= > + NOPRIOPORTDST= > + '[' stop = status ']' > + tc qdisc del dev eth0 root > + tc qdisc del dev eth0 ingress > + '[' stop = stop ']' > + exit > > root@Devil :~ # > > Don't think we generated enough uplink traffic to exercise the htb qdiscs. > > But it doesn't look like the ingress qdisc is working at all. > > I'm out of ideas for now. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD4DBQFFYiJDJ62kxkSCtLARAoCSAJiAi9VWPPNxy2q7NkH+pTvhSptbAJ930j0z KS/+8xz2JoVcSDm8taaDIA== =Jphi -----END PGP SIGNATURE----- |