Talk:QoS

From Gentoo Linux Wiki

(Redirected from Talk:HOWTO Packet Shaping)
Jump to: navigation, search

Contents

[edit] Talk about Packet Shaping

Grammar: Grammar and spelling here need improvement. I'd do some edits, but I'd rather people fixed their own work. But if that doesn't happen, I might just jump in and do it myself.

-BobK, 24 June 2006

  1. We should split up the Page, one version for using on a normal PC and one for Gateway/Bridges, I'll try to change a few things but sometimes my english tends to get horrible :-(...

This page has been linked to from Toms Hardware (heh thanks for all that traffic guys :[]...... So keep an eye on it for strange edits etc :D

  • After coming back, a year or more, after I wrote the original howto, I must say i'm disappointed. I believe some parts have been changed to the better, but the overall usefullness of the howto has degraded! I'm glad to know so many people have used it, but it seems I'll have to write a new howto some place where it is not editable. When I'm done i'll post a link to this new site. /kallenberg
    • Umm... Since its probably my fault, can you tell me in what ways you believe the howto has degraded? I'd like to fix those if possible =) Chaosite 14:40, 25 May 2006 (UTC)
  • I've attempted editing this page a bit, in an attempt to make it less confusing and more useful. I just don't get Bursts and Quantum, and the manpage isn't much help there, not mentioning quantum at all. I've changed burst to be less scary, and am unsure on how to deal with quantum. --Chaosite 12:59, 17 November 2005 (GMT)

[edit] Talk: Traffic Control Next Generation

  • What about using TCNG? I think this HOWTO is good, but I think everyone can agree that writing iproute rules is a pain. Using TCNG is way simpler and it is in portage. I can speak from experience that it works on 2.4 and 2.6 series kernels. I put an example of a TCNG source: (Geekmug)
  • I have only one comment for this. Command line tools will always be more powerfull than their frontends, get used to it! /kallenberg
  • I think you may have misunderstood (Kallenberg), this is not gui frontend but a language layer on top that compiles the rules. Gabriel

This is an example of how simple Traffic Control Next Generation is to use: (Geekmug) 

dev eth0 {
    egress {
        class (<$highest>)
            if (ip_dst:8 == 127.0.0.0) || (ip_dst:8 == 192.0.0.0) || (tcp_sport == PORT_SSH);
        class (<$high>)
            if (tcp_sport == PORT_SMTP);
        class (<$low>)
            if 1;

        prio {
            $low = class (1) { tbf (rate 256kbps, peakrate 384kbps, limit 16kB, burst 40kB, mtu 1.5kB); }
                    $high = class (2) { sfq (perturb 10s); }
            $highest = class (3) { sfq (perturb 10s); }
        }
    }
}

[edit] Talk: Other

I wrote this for kernel 2.4, since I don't run kernel 2.6 on my server. I know a lot of this howto applies to kernel 2.6 as well, but some parts don't. It would be nice if someone were to test this this howto on a 2.6 kernel.

Can anyone help to look into all this:

  • The kernel module section. I'm not entirely sure you need all those modules.
  • Firewall section. I'm not worlds best iptables guy. Please check the script.
  • QOS section. I'm not worlds best HTB guy either. Please check the script.
  • Can anyone to try it out. Does it actually help following this howto?
  • Can anyone add a section about l7-filter?
  • I like to write, but hate formatting, please look into this.
if you would just add {{Wikify}} in to the text and somebody will take care about wikification ΩD'mitri
  • And a wiki question. How do I upload the image to the wiki? Can anyone do it for me?
In the Special Pages --> Special:Upload ΩD'mitri
OK, fixed this (kale)

I'm from Denmark, please correct my typos!

/kallenberg kale@kallenberg.dk

  • I've been trying to find a simple method where several downloads will "play nicely" together and allow for reasonably responsive web browsing. I've found this can be achieved by editing down the values in /proc/sys/net/ipv4/tcp_rmem down significantly. This results in downloads that are more sensitive to changing conditions on the line and don't require the dropping of packets. On an ADSL line with (256/64) I use 1500 3000 6000. I was just wondering what seasoned veterans would say about my "solution"? --Rastilin 08:33, 27 September 2005 (GMT)

[edit] Talk: 2.6.11-r9 seems to work following this howto

I've been looking for a way to shape my traffic effectively, and from what I can tell without doing extensive testing, this works. I still need to find a way to manage downstream data one way or another (similar to what this page does), but this should help me out. I'll post more information on how it works for me after I can do more testing. Also, for the curious, all my settings are here and the QOS graphs are here. --Andy J

This is close to what I was working with, except that I use tc filter for putting traffic into htb flows. I may use iptables for marking, but tc filter does the work of traffic management since it was less confusing. I had to add imq as another device and make incoming traffic rules, but this script looks very similar for building queues and other constants. :) --Martinlouis 12:57, 26 April 2007 (UTC)

[edit] Recent References

[edit] Typical Home Network Use Case

[edit] User Situation

  • ADSL Router already using NAT
  • Gentoo Linux 'Router/Server' with 2 NIC cards. eth1 to WAN, eth0 to LAN in this case.
  • 3-4 PCs behind the Gentoo Linux router

[edit] User Goal

  • Common Goal: Permit effective or equal access by IP address to end users, regardless of protocol. (If an end user runs bittorrent, and their own web access is slow, they will see the effect for their own IP. However, they will not adversely affect other users on the net.)
    • Exceptions: gaming latency issues (find by port and/or destination IP)
    • Advanced: setup mini-queues to be used within each IP address. (So a bittorrent user can still browse the web effectively without configuration on their PC)

[edit] Technical Requirements

  • Egress traffic shaping (outgoing traffic)
  • Ingress traffic shaping (incoming traffic)
    • This is rather useless, isn't it? Shaping is useful in bottlenecks, when the network goes from having a lot of bandwidth to much less bandwidth and you have to give certain packets a higher priority. Assuming your internal network has more bandwidth than your internet connection, why is this needed? --Chaosite 13:03, 17 November 2005 (GMT)
      • Incoming traffic should be queued and managed to prevent end users from saturating the incoming network pipe (affecting other users). If no one else is using the net, the queues do not affect the overall bandwidth and permit maximum use. Queues can be built to divide the whole incoming streams equally. Without the IMQ patch, the Gentoo router/desktop can shape traffic for everyone EXCEPT traffic originating or ending to itself. When I use gentoo also for desktop purposes, this does not work well. --Martinlouis 07:45, 26 April 2007 (UTC)
  • Low latency and high priority for games, small packets (usually don't use that much bandwidth)
  • Equal share among IPs following HTB reasoning. Excess bandwidth not in use is given proportionally to active sessions. HTB is nice in that at least a certain amount of bandwidth is reserved for each PC if configured properly. Unused traffic can be borrowed.
    • Note: This INCLUDES the Gentoo Linux box, to avoid allowing even the Gentoo box to abuse of the network for normal everyday use. I use the Gentoo box for many things, which are not critical. The traffic shaping and routing is critical. My everyday useage of the gentoo box is not.

[edit] Technical 80% solution

  • Egress traffic shaping on both eth0[LAN] and eth1[WAN] simulates both ingress and egress shaping for the network using both cards, but excludes the possibility of controlling the incoming traffic addressed to the server in the middle. No kernel patching required.

NAT causes problems because you can't identify internal IP addresses before they reach iptables for the device. 99% of the documentation on the net dealt with using Gentoo working as a NAT router. There is a kernel hack/patch to reorder when iptables and NAT operate, but I didn't get good feedback through iptables status reports. Since I already have an ADSL NAT router, using double-NAT is practical overkill. My Gentoo box is working as a non-NAT router to make IP identification easier on either network card.

[edit] Technical ~100% solution

Image:Hometraffic.jpg

Warning: The following need configured in the kernel, at least as loadable modules:
  • Hierarchical Token Bucket - Martin Devera's (devik) hierarchical approach is well suited for setups where you have a fixed amount of bandwidth which you want to divide for different purposes, giving each purpose a guaranteed bandwidth, with the possibility of specifying how much bandwidth can be borrowed.
    • HTB is a classful Token Bucket Filter - hence the name. It has only a few parameters, which are well documented on his site.
    • HTB is included in the official kernel sources. The linux kernel, imq patch, and sys-apps/iproute2 must be the same major version, or 'tc' will not work with HTB.
    • Warning: Latency seems to be an issue with HTB, since HTB relies on shared bandwidth calculations rather than shared latency calculations. Allowing a web user to burst to full capacity of the link will cause lag spikes for the poor gamer. I don't know solutions or tweaks off hand to minimize a gamer's latency by IP address alone on a shared network. I could be just stupid. --124.254.120.80 19:44, 26 April 2007 (UTC)

[edit] Linux IMQ - Intermediate Queueing Device

Note: The IMQ kernel patch permits ingress shaping in front of network devices. It is a temporary parking zone, not a rejection zone. After installing the patch into the kernel, it enables you to use egress qdiscs for real ingress shaping.

[edit] tc: included with iproute2 package

Note: tc is a multi-purpose command can be used to identify packets and create traffic queues on devices (qdiscs).

[edit] Example tc command types 

tc qdisc
tc class
tc filter

[edit] tc class status report 

tc -s -d class show dev eth1

class htb 1:1 root prio 0 rate 800Kbit ceil 800Kbit burst 2Kb/8 mpu 0b 
    cburst 2Kb/8 mpu 0b quantum 10240 level 3 
 Sent 5914000 bytes 11828 pkts (dropped 0, overlimits 0) 
 rate 70196bps 141pps 
 lended: 6872 borrowed: 0 giants: 0

class htb 1:2 parent 1:1 prio 0 rate 320Kbit ceil 4000Kbit burst 2Kb/8 mpu 0b 
    cburst 2Kb/8 mpu 0b quantum 4096 level 2 
 Sent 5914000 bytes 11828 pkts (dropped 0, overlimits 0) 
 rate 70196bps 141pps 
 lended: 1017 borrowed: 6872 giants: 0

class htb 1:10 parent 1:2 leaf 20: prio 1 rate 224Kbit ceil 800Kbit burst 2Kb/8 mpu 0b 
    cburst 2Kb/8 mpu 0b quantum 2867 level 0 
 Sent 2269000 bytes 4538 pkts (dropped 4400, overlimits 36358) 
 rate 14635bps 29pps 
 lended: 2939 borrowed: 1599 giants: 0

filter parent 1: protocol ip pref 2 u32 fh 801::803 order 2051 key ht 801 bkt 0 flowid 1:15  (rule hit 364098 success 364098)
match c0a80347/ffffffff at 16 (success 364098 )


[edit] Problems with iptables that we avoid altogether

Warning: iptables can get confusing because you have pre and postrouting tables before and after NAT. iptables is ok for "marking" traffic, which tc can identify as marked traffic, but do not use iptables for actually putting traffic into traffic control flows. That is the job of tc, part of the sys-apps/iproute2 package.
  1. iptables can mark packets,
  2. "tc filter" looks for a mark to send to a flow, if tc filter catches the packet in time
    • iptables may mark the packet after tc filter can examine the packet
  3. Verify. Unfortunately, "tc filter"'s status report is ugly and very hard to read when it changes everything to hex notation, even IP addresses. :P
    • Start graphing if possible

[edit] The "U32 classifier"

The linux kernel module, QoS and/or fair queueing ---> U32 classifier, lets you use "tc filter" to directly place packets in flow classes without needing iptables. The program, tc, works directly on a device with the linux kernel: eth0, eth1, imq# (intermediate queue)

[edit] Example u32 match by IP address using tc filter into flow ID "1:15" 

tc filter add dev $DEV parent 1:0 protocol ip prio 2 \ 
  u32 match ip dst 192.168.3.71/32 flowid 1:15
# $DEV = device such as: eth0, eth1, imq0, imq1.  
# Imagine that imq# is a queue setup just in front of the network card IP itself.  
# For incoming data, imq0 receives data before eth0.

[edit] Graph and chart your results

[edit] Settings lost after reboot?

If I run the iptables_quotas.sh does these settings survive a reboot or do I have to run this script at each system start?

I believe iptables rules can be saved with the /etc/init.d/iptables script however anything thats not iptables specifc will probally need to be done each boot (put in /etc/conf.d/local.start)

Yes, you'll need to run a script at each system start for your traffic shaping wizardry. --Martinlouis 09:46, 26 April 2007 (UTC)

[edit] UDP

Ive noticed that the howto seems to have bittorrent as TCP however when i was playing around with shorewall azureus was using mostly UDP. Might be worth adding UDP rules for the bittorrent ports.

[edit] qos.pl

Probably, an error exists in qos.pl.

In your script graph A is present mark-4, graph B is present mark-3 and so on... while the readers can expect the ordinary logical order: A-1, B-2 and so on...

So, probably the right part of code for qos.pl is: 

                     $qdisc = 1; #@logdata; 
                     #while ($qdisc-- > 1) { 
                     while ($qdisc <= $#logdata ) {
                             $plotdata .= "\t";
                             $value = ($logdata[$qdisc] - $buffer[0][$qdisc]) / 1024;
                             if ($value < 0 ) {
                                   $value = 0;
                             }
                             if ($seconds > 0) {
                                   $value /= $seconds;
                             } else {
                                   $value = 0;
                             }
                             $plotdata .= $value;
                             $qdisc ++; # new line
                     }

sorry - it is not a 'diff'... see comments...

[edit] Kernel options for linux-2.6.17-gentoo-r8

Hi there. I could not find all the kernel options in my version of Gentoo (linux-2.6.17-gentoo-r8). Some options are missing, activating others will deactivate some of the required options. Is there an update of this howto coming for newer Kernels?

[edit] Bug with prio 0 ?

The example script in the tutorial currently sets "prio" values like this: 

# Filter packets
tc filter add dev $IFACE parent 1:0 protocol ip prio 0 handle $MARKPRIO1 fw classid 1:101
tc filter add dev $IFACE parent 1:0 protocol ip prio 1 handle $MARKPRIO2 fw classid 1:102
tc filter add dev $IFACE parent 1:0 protocol ip prio 2 handle $MARKPRIO3 fw classid 1:103
tc filter add dev $IFACE parent 1:0 protocol ip prio 3 handle $MARKPRIO4 fw classid 1:104

However, I noticed on my setup that "prio 0" didn't work as expected. It appears that "prio 0" isn't the highest priority, it is actually the lowest priority (it got converted to a priority of 49152!). See also this mailing list entry which also explains that "prio 0" is actually low-priority. So, it seems the priorities should go 1-4 instead of 0-3.

If so, the example script should be changed...

Retrieved from "http://gentoo-wiki.com/Talk:QoS"
Personal tools