All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] HTB and filters on many levels
@ 2003-07-24 22:03 Daniel Brahneborg
  0 siblings, 0 replies; only message in thread
From: Daniel Brahneborg @ 2003-07-24 22:03 UTC (permalink / raw)
  To: lartc

Hi all,

I'm using HTB with Linux 2.4.21, and have gotten a little problem
that I don't quite understand.  I'd be very glad if any of you
could help me tell what's wrong.

My setup is like this:

  ISP - [ eth0  'firewall machine'  eth1 ] - LAN

I'd like to split the traffic evenly between the firewall and the LAN,
and then prioritize traffic within those classes, similarly to the
example in the HTB User Guide.  I want something like this:

 qdisc root 1: htb default 2
	1:9 htb rate 240
		1:1 htb rate 120 ceil 240
			1:11 htb rate 20 ceil 80 prio 1
				filter: ssh, ack, etc
				11: pfifo
			1:12 htb rate 60 ceil 200 prio 2
				no filter
				12: pfifo
			1:13 htb rate 20 ceil 80 prio 3
				filter: direct connect
				13: pfifo
		1:2 htb rate 120 ceil 240
			1:21 htb rate 20 ceil 80 prio 1
				21: pfifo
			1:22 htb rate 60 ceil 200 prio 2
				22: pfifo
			1:23 htb rate 20 ceil 80 prio 3
				23: pfifo

I then use iptables -j MARK to set a '1' if the traffic comes from
eth1.  If not, it should end up in 1:2, and 1:1 and 1:2 should be able
to borrow from each other.

If I only have 1:1 and 1:2 and no filters at all, locally generated
traffic correctly ends up in 1:2.  Then I added these 7 lines, and
expected traffic to move down to 1:22.  However, when I run
'tc -s qdisc show dev eth0' I see that traffic runs through 1:0, but
'tc -s class show dev eth0' shows nothing.

tc class add dev eth0 parent 1:2 classid 1:21 htb rate 20kbit ceil 100kbit prio 1
tc class add dev eth0 parent 1:2 classid 1:22 htb rate 60kbit ceil 200kbit prio 2
tc class add dev eth0 parent 1:2 classid 1:23 htb rate 20kbit ceil 60kbit  prio 3
tc qdisc add dev eth0 parent 1:21 handle 121: pfifo limit 2
tc qdisc add dev eth0 parent 1:22 handle 122: sfq perturb 10
tc qdisc add dev eth0 parent 1:23 handle 123: sfq perturb 10
tc filter add dev eth0 parent 1:2 protocol ip u32 match ip dst 0.0.0.0/0 flowid 1:22

I have another setup which is almost identical to the example in the
User Guide, and that works great.  The kids got really happy that they
could play counterstrike while I was using direct connect.  Super!
I really want to split the bandwidth more evenly between the machines
though, which is why I created this two level setup.

What have I done wrong?  Why doesn't the filter on 1:2 move the
packets to 1:22?

Lots of thanks in advance!

My complete script looks like this.

#!/bin/sh

tc qdisc del dev eth0 root 2> /dev/null > /dev/null
tc qdisc del dev eth0 ingress 2> /dev/null > /dev/null

tc qdisc add dev eth0 root handle 1: htb default 9

tc class add dev eth0 parent 1:0 classid 1:9  htb rate 200kbit ceil 200kbit

tc class add dev eth0 parent 1:9 classid 1:1  htb rate 120kbit ceil 200kbit
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 80kbit  prio 1
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 60kbit ceil 200kbit prio 2
tc class add dev eth0 parent 1:1 classid 1:13 htb rate 20kbit ceil 80kbit  prio 3

tc qdisc add dev eth0 parent 1:11 handle 111: pfifo limit 2
tc qdisc add dev eth0 parent 1:12 handle 112: sfq perturb 10
tc qdisc add dev eth0 parent 1:13 handle 113: sfq perturb 10

tc class add dev eth0 parent 1:9 classid 1:2  htb rate 120kbit ceil 200kbit prio 0
tc class add dev eth0 parent 1:2 classid 1:21 htb rate 20kbit ceil 100kbit prio 1
tc class add dev eth0 parent 1:2 classid 1:22 htb rate 60kbit ceil 200kbit prio 2
tc class add dev eth0 parent 1:2 classid 1:23 htb rate 20kbit ceil 60kbit  prio 3

tc qdisc add dev eth0 parent 1:2 handle 120: pfifo limit 2
tc qdisc add dev eth0 parent 1:21 handle 121: pfifo limit 2
tc qdisc add dev eth0 parent 1:22 handle 122: sfq perturb 10
tc qdisc add dev eth0 parent 1:23 handle 123: sfq perturb 10

# To the firewall or LAN?
tc filter add dev eth0 parent 1:9 protocol ip prio 1 handle 1 fw classid 1:1
tc filter add dev eth0 parent 1:9 protocol ip prio 1 handle 2 fw classid 1:2


# To LAN

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev eth0 parent 1:1 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:10

# CS
tc filter add dev eth0 parent 1:1 protocol ip prio 10 u32 \
      match ip dport 27015 0xffff  flowid 1:10

# Diablo
tc filter add dev eth0 parent 1:1 protocol ip prio 10 u32 \
      match ip dport 6112 0xffff  flowid 1:10
tc filter add dev eth0 parent 1:1 protocol ip prio 10 u32 \
      match ip dport 4000 0xffff  flowid 1:10

tc filter add dev eth0 parent 1:1 protocol ip prio 10 u32 \
      match ip dport 22 0xffff  flowid 1:10

tc filter add dev eth0 parent 1:1 protocol ip prio 11 u32 \
	match ip protocol 1 0xff flowid 1:10

tc filter add dev eth0 parent 1:1 protocol ip prio 12 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:10

tc filter add dev eth0 parent 1:1 protocol ip prio 12 u32 \
      match ip dport 411 0xfffe  flowid 1:13

tc filter add dev eth0 parent 1: protocol ip prio 13 u32 \
   match ip dst 0.0.0.0/0 flowid 1:12


# To the firewall

# TOS Minimum Delay (ssh, NOT scp) in 1:21:
tc filter add dev eth0 parent 1:2 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:21

tc filter add dev eth0 parent 1:2 protocol ip prio 10 u32 \
      match ip dport 22 0xffff  flowid 1:21
tc filter add dev eth0 parent 1:2 protocol ip prio 10 u32 \
      match ip sport 22 0xffff  flowid 1:21

tc filter add dev eth0 parent 1:2 protocol ip prio 11 u32 \
	match ip protocol 1 0xff flowid 1:21

tc filter add dev eth0 parent 1:2 protocol ip prio 12 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:21

tc filter add dev eth0 parent 1:2 protocol ip prio 12 u32 \
      match ip dport 411 0xfffe  flowid 1:23

tc filter add dev eth0 parent 1:2 protocol ip prio 12 u32 \
   match ip dst 0.0.0.0/0 flowid 1:22

/Basic

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2003-07-24 22:03 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-24 22:03 [LARTC] HTB and filters on many levels Daniel Brahneborg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.