qos and iptables

qos and iptables

[ratheesh k]

Hi ,




lan
                                                wan
---------------------------->              eth0
--------------------------------------------> eth1
--------------------------------->

suppose a packet is  going  from lan to wan .  First it will go

 prerouting chain -----> forward ---> postrouting   chain




i want to know when qos rules on both interfaces will be executed with
respect to iptables chain  ?? .  forward chain  will be executed after
 qos rules on eth0 is executed , ????

Re: qos and iptables

[ratheesh k]

clear picture



LAN                                        WAN

------>   eth0  -------------> eth1---------->




















On Mon, Aug 17, 2009 at 9:39 PM, ratheesh k<ratheesh.ksz@gmail.com> wrote:
> Hi ,
>
>
>
>
> lan
>                                                wan
> ---------------------------->              eth0
> --------------------------------------------> eth1
> --------------------------------->
>
> suppose a packet is  going  from lan to wan .  First it will go
>
>  prerouting chain -----> forward ---> postrouting   chain
>
>
>
>
> i want to know when qos rules on both interfaces will be executed with
> respect to iptables chain  ?? .  forward chain  will be executed after
>  qos rules on eth0 is executed , ????
>

Re: qos and iptables

[Richard Horton]

As far as I know it depends.

If you use the ingress filter to apply QoS then it will be applied on
eth0 before the prerouting chain on that interface (I think, this is
good for me though ... hopefully someone will confirm whether I'm
right or talking out my backside ;) )

If you apply the QoS policy on the output side of eth1 then it will be
applied last of all immediately prior to packets being dequeued to the
device for transmission.


-- 
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery

Re: qos and iptables

[Stephen Hemminger]

Look at one of the big netfilter packet flow diagrams like:
  http://jengelh.medozas.de/images/nf-packet-flow.png

And you will figure out what you want.

Re: qos and iptables

[John A. Sullivan III]

On Mon, 2009-08-17 at 21:39 +0530, ratheesh k wrote:
> Hi ,
> 
> 
> 
> 
> lan
>                                                 wan
> ---------------------------->              eth0
> --------------------------------------------> eth1
> --------------------------------->
> 
> suppose a packet is  going  from lan to wan .  First it will go
> 
>  prerouting chain -----> forward ---> postrouting   chain
> 
> 
> 
> 
> i want to know when qos rules on both interfaces will be executed with
> respect to iptables chain  ?? .  forward chain  will be executed after
>  qos rules on eth0 is executed , ????<snip>

Hello, Ratheesh.  I've hesitated to answer because I am not an expert on
this subject but I see the list has been quiet today.

How are you establishing the QoS handling? I'm not sure if the process
varies if you set up a custom handler using tc (or at least I believe it
is tc).  Our setup uses the default pfifo_fast packet queueing.  In that
case, we are setting the ToS bits or DSCP bits using the PREROUTING
chain of the mangle table. 

But I gather that is not really what you are asking.  I think you are
asking, if packet A enters netfilter processing followed by packet B and
packet B is set to be prioritized ahead of A by whatever method - ToS
bits, packet marking - will B go through the filter table first or will
A.  Is that correct?

If so, I do not know the answer but you can probably find out with some
creating logging.  Set up a log rule in the very beginning of your
filter table.  Send a mix of prioritized and non-prioritized packets and
see in which order the log records them.  Kindly post your results to
the list as I am curious now that you have asked the question :-)

Hope this helps - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

Re: qos and iptables

[ratheesh k]

Richard ,

i am not using ingress filter ... Can u tell a liitle bit about
forward chain  ? when it will ge executed  ??


All ,

My question is : please look at the diagram . Suppose a packet A is
coming from lan side and is nated and went to wan side . Meanwhile it
should have gone thru  many iptables and traffic queues . I would like
to know the exact flow ........including trafiic queues on both
interfaces ( eth1 and eth0 ) ...





On Mon, Aug 17, 2009 at 10:51 PM, Richard
Horton<arimus.uk@googlemail.com> wrote:
> As far as I know it depends.
>
> If you use the ingress filter to apply QoS then it will be applied on
> eth0 before the prerouting chain on that interface (I think, this is
> good for me though ... hopefully someone will confirm whether I'm
> right or talking out my backside ;) )
>
> If you apply the QoS policy on the output side of eth1 then it will be
> applied last of all immediately prior to packets being dequeued to the
> device for transmission.
>
>
> --
> Richard Horton
> Users are like a virus: Each causing a thousand tiny crises until the
> host finally dies.
> http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
> http://www.pbase.com/arimus - My online photogallery
>