[LARTC] hfsc rule command problem

To:	lartc lartc <lartc@mailman.ds9a.nl>
Subject:	[LARTC] hfsc rule command problem
From:	Thossapron Apinyapanha <e1605projecter@yahoo.com>
Date:	Thu, 14 Dec 2006 08:38:37 -0800 (PST)
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type; b=YPK1DvIYbhphjNN+ucoUYAkU7x1zPJAcTjSA/UpZOJS6DLzjTkIkI18mQGEE+CBbxVnwlQi3Z5YhVX4Tozy3cjsjThrIEiyDGFG8m0hK4xQgV7z41WSusufCyJb96DiaVEymTZrq9kY5fhT4LebDs6g+RI39VETKJ1JfnMjJ6Co= ;
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
Sender:	lartc-bounces@mailman.ds9a.nl

My hfsc rule ..

tc qdisc add dev eth2 handle 1: root hfsc

iptables -t mangle -N ms-all

iptables -t mangle -N ms-all-chains

iptables -t mangle -N ms-prerouting

iptables -t mangle -A PREROUTING -j ms-prerouting

iptables -t mangle -A ms-prerouting -j CONNMARK --restore-mark

iptables -t mangle -A ms-prerouting -p udp --dport 4444 -j MARK --set-mark 1

iptables -t mangle -A ms-prerouting -p udp -m multiport --dports 1755,5005,1024:4443,4445:5500 -j MARK --set-mark 1

iptables -t mangle -A ms-prerouting -p tcp --dport 23 -j MARK --set-mark 1

iptables -t mangle -A ms-prerouting -p tcp -m multiport --dports 20,21,5001:5004,5006:5100 -j MARK --set-mark 2

iptables -t mangle -A ms-prerouting -p tcp --dport 80 -j MARK --set-mark 2

iptables -t mangle -A ms-prerouting -j CONNMARK --save-mark

iptables -t mangle -A FORWARD -o eth2 -j ms-all

iptables -t mangle -A POSTROUTING -o eth2 -j ms-all-chains

tc class add dev eth2 parent 1: classid 1:1 hfsc sc m2 10000kbit

tc filter add dev eth2 parent 1:0 protocol all u32 match u32 0 0 classid 1:1

tc class add dev eth2 parent 1:1 classid 1:11 hfsc ls m2 3500kbit ul m2 10000kbit

iptables -t mangle -N ms-chain-eth2-1:11

iptables -t mangle -A ms-all-chains -m mark --mark 1 -j ms-chain-eth2-1:11

iptables -t mangle -A ms-all -o eth2 -j ms-chain-eth2-1:11

tc class add dev eth2 parent 1:11 classid 1:111 hfsc rt m1 3500kbit d 10s m2 200kbit ls m2 3500kbit ul m2 3500kbit

tc qdisc add dev eth2 handle 111: parent 1:111 sfq

iptables -t mangle -A ms-chain-eth2-1:11 -p udp --dport 4444 -j CLASSIFY --set-class 1:111

iptables -t mangle -A ms-chain-eth2-1:11 -p udp --dport 4444 -j RETURN

tc class add dev eth2 parent 1:11 classid 1:112 hfsc rt m1 3500kbit d 10s m2 1300kbit ls m2 3500kbit ul m2 3500kbit

tc qdisc add dev eth2 handle 112: parent 1:112 sfq

iptables -t mangle -A ms-chain-eth2-1:11 -p udp -m multiport --dports 1755,5005,1024:4443,4445:5500 -j CLASSIFY --set-class 1:112

iptables -t mangle -A ms-chain-eth2-1:11 -p udp -m multiport --dports 1755,5005,1024:4443,4445:5500 -j RETURN

tc class add dev eth2 parent 1:11 classid 1:113 hfsc rt m1 3500kbit d 10s m2 1500kbit ls m2 3500kbit ul m2 3500kkbit

tc qdisc add dev eth2 handle 113: parent 1:113 sfq

iptables -t mangle -A ms-chain-eth2-1:11 -p tcp --dport 23 -j CLASSIFY --set-class 1:113

iptables -t mangle -A ms-chain-eth2-1:11 -p tcp --dport 23 -j RETURN

tc class add dev eth2 parent 1:11 classid 1:199 hfsc rt m1 3500kbit d 10s m2 500kbit ls m2 3500kbit ul m2 3500kbit

tc qdisc add dev eth2 handle 199: parent 1:199 sfq

iptables -t mangle -A ms-chain-eth2-1:11 -j CLASSIFY --set-class 1:199

iptables -t mangle -A ms-chain-eth2-1:11 -j RETURN

tc class add dev eth2 parent 1:1 classid 1:12 hfsc ls m2 7500kbit ul m2 10000kbit

iptables -t mangle -N ms-chain-eth2-1:12

iptables -t mangle -A ms-all-chains -m mark --mark 2 -j ms-chain-eth2-1:12

iptables -t mangle -A ms-all -o eth2 -j ms-chain-eth2-1:12

tc class add dev eth2 parent 1:12 classid 1:121 hfsc ls m2 3500kbit ul m2 7500kbit

tc qdisc add dev eth2 handle 121: parent 1:121 sfq

iptables -t mangle -A ms-chain-eth2-1:12 -p tcp -m multiport --dports 20,21,5001:5004,5006:5100 -j CLASSIFY --set-class 1:121

iptables -t mangle -A ms-chain-eth2-1:12 -p tcp -m multiport --dports 20,21,5001:5004,5006:5100 -j RETURN

tc class add dev eth2 parent 1:12 classid 1:122 hfsc ls m2 3500kbit ul m2 7500kbit

tc qdisc add dev eth2 handle 122: parent 1:122 sfq

iptables -t mangle -A ms-chain-eth2-1:12 -p tcp --dport 80 -j CLASSIFY --set-class 1:122

iptables -t mangle -A ms-chain-eth2-1:12 -p tcp --dport 80 -j RETURN

tc class add dev eth2 parent 1:12 classid 1:299 hfsc rt m1 3500kbit d 10s m2 500kbit ls m2 500kbit ul m2 7500kbit

tc qdisc add dev eth2 handle 299: parent 1:299 sfq

iptables -t mangle -A ms-chain-eth2-1:12 -j CLASSIFY --set-class 1:299

iptables -t mangle -A ms-chain-eth2-1:12 -j RETURN

I have got a big problem, I don’t know my rule are wrong?? My rule are like this

Root

Real time class Non-real time class #interior class

(Voip ,MMS, Telnet, default) (HTTP FTP default) #leaf class

My setting rate in each class is

Real time class guarantee rate: 3500kbit max rate: 10000kbit

VoIP guarantee rate: 200kbit max rate: 3500kbit

MMS guarantee rate: 1300kbit max rate: 3500kbit

Telnet guarantee rate: 1500kbit max rate: 3500kbit

Default guarantee rate: 500kbit max rate: 3500kbit

Non Real time class

HTTP guarantee rate: 7500kbit max rate: 10000kbit

FTP guarantee rate: 3500kbit max rate: 7500kbit

Default guarantee rate: 3500kbit max rate: 7500kbit

I need to input traffic with so very load to shaper about 10Mbit by traffic generator but nomatter I try to change input rate by decrease rate from 10Mbit until input rate less than all of guarantee rate in each class, the result is after about 10s all input traffic are error (can’t send anymore traffic)

First, I think, it must relative with percentage between TCP and UDP about If it have a lot UDP, TCP may be lost because request time out and need to retransmission again (it make overflow of network load so much in incoming queue and at last it full and can’t sent anymore traffic to shaper.

So nomatter I try to decrease rate down until 2Mbit, all are die. And My last choice is input traffic with rate same as each rate in all class so .. after 10s ,can’t input traffic anymore So Is it true about HFSC can’t manage traffic that very load about 10Mbit???

Second, I’m doubt about level in hierarchical rule are the factor for happen so much delay? In my lab, I’m compare between 2 level (root and leaf class) and input traffic all about 600Kbit … the result is ok but if I change to 3 level (root interior and leaf class) after 10s, it down and can’t send anymore

So my question

1. Is my rule are setting wrong?? About parameter or filter iptable (but after I test this filter iptable with htb , it’s ok and very good)

2. Is it true about HFSC can’t manage traffic load more than 1Mbit ??

3. I have a lot question but I don’t know what is wrong? My rule or hfsc can’t manage load traffic

thank you

Have a burning question? Go to Yahoo! Answers and get answers from real people who know.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] hfsc rule command problem, Thossapron Apinyapanha <= Re: [LARTC] hfsc rule command problem, Andy Furniss

Previous by Date:	RE: [LARTC] blocking traffic on the FORWARD chain using physdev, Oscar Mechanic
Next by Date:	Re: [LARTC] hfsc rule command problem, Andy Furniss
Previous by Thread:	[LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan
Next by Thread:	Re: [LARTC] hfsc rule command problem, Andy Furniss
Indexes:	[Date] [Thread] [Top] [All Lists]