AW: [LARTC] big problem with HTB/CBQ and CPU for more than 1.700 customers

["Pablo Fernandes Yahoo" <fernandes_pablo@yahoo.com.br>]

Hey,

I'm definately glad because i can see that someone else knows what is happening 
here. Thank for all the help and also i'm here to help anyone as much as i can.

So, refreshing my current setup, i have this rules for each customer:

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1:0 htb
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 100mbit

tc qdisc del dev eth1 root
tc qdisc add dev eth1 root handle 1:0 htb
tc class add dev eth1 parent 1:0 classid 1:1 htb rate 100mbit

user 1
tc class add dev eth0 parent 1:1 classid 1:5 htb rate 150kbit ceil 150kbit
tc qdisc add dev eth0 parent 1:5 handle 5: sfq perturb 10

tc class add dev eth1 parent 1:1 classid 1:5 htb rate 50kbit ceil 50kbit
tc qdisc add dev eth1 parent 1:5 handle 5: sfq perturb 10
iptables -t mangle -A POSTROUTING --dest 10.30.0.54 -o eth0 -j CLASSIFY 
--set-class 1:5
iptables -t mangle -A FORWARD --src 10.30.0.54 -o eth1 -j CLASSIFY --set-class 
1:5

user n
tc class add dev eth0 parent 1:1 classid 1:8 htb rate 150kbit ceil 150kbit
tc qdisc add dev eth0 parent 1:8 handle 8: sfq perturb 10

tc class add dev eth1 parent 1:1 classid 1:8 htb rate 50kbit ceil 50kbit
tc qdisc add dev eth1 parent 1:8 handle 8: sfq perturb 10
iptables -t mangle -A POSTROUTING --dest 10.20.0.43 -o eth0 -j CLASSIFY 
--set-class 1:8
iptables -t mangle -A FORWARD --src 10.20.0.43 -o eth1 -j CLASSIFY --set-class 
1:8

what u32 rules could replace these iptables rules? I would like to try u32 
filters and see if them will solve the problem, if i had no success, i will try 
the IPCLASSIFY patch.

Thanks again in Advance.

Regards

Pablo Fernandes


-----Ursprüngliche Nachricht-----
Von: VladSun [mailto:vladsun@relef.net] 
Gesendet: segunda-feira, 28 de maio de 2007 14:39
An: Alexandru Dragoi
Cc: Pablo Fernandes Yahoo; lartc@mailman.ds9a.nl
Betreff: Re: [LARTC] big problem with HTB/CBQ and CPU for more than 1.700 
customers

Alexandru Dragoi написа:
> u32 hash filters is the key, as somebody pointed. You can also tune your
> iptables setup, like this
>
> #192.168.1.0/24
> iptables -t mangle -N 192-168-1-0-24
> iptables -t mangle -A FORWARD -s 192.168.1.0/24 -j 192-168-1-0-24
> iptables -t mangle -N 192-168-1-0-25
> iptables -t mangle -N 192-168-1-128-25
> iptables -t mangle -A 192-168-1-0-24 -s 192.168.1.0/25 -j 192-168-1-0-25
> iptables -t mangle -A 192-168-1-0-24 -s 192.168.128.0/25 -j 192-168-1-128-25
> .
> .
> and so on, until (ip 192.168.1.11, which is called in chain created for
> 192.168.1.10/31)
>
> iptables -t mangle -A 192-168-1-10-31 -s 192.168.1.10 -j CLASSIFY
> --set-class 1:10
> iptables -t mangle -A 192-168-1-10-31 -s 192.168.1.11 -j CLASSIFY
> --set-class 1:11
>
> .. I guess you got the ideea, it requires some RAM, which i belive is
> not such a big problem. Similar rules should be made for download.
>
>   
Or you can use my patch - IPCLASSIFY. Then the rules above would be 
substituted by a signle rule per direction:


iptables -t mangle -A FORWARD -s 192.168.1.0/24 -j IPCLASSIFY --addr=src 
--and-mask=0xff --or-mask=0x11000
iptables -t mangle -A FORWARD -d 192.168.1.0/24 -j IPCLASSIFY --addr=dst 
--and-mask=0xff --or-mask=0x12000

This is equal to applying CLASSIFY target to each packet with 
--set-class (srcIP & 0xFF | 0x1100 ) and --set-class (dstIP & 0xFF | 
0x1200 ).
It is very similar to IPMARK, but it uses skb->priority field instead 
mark. So no tc filters are needed.



_______________________________________________________
Yahoo! Mail - Sempre a melhor op��o para voc�!
Experimente j� e veja as novidades.
http://br.yahoo.com/mailbeta/tudonovo/
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc