even more tc "fun" - trying to guarantee openvpn 8mbit on upload interface
so i'm now trying to set the htb on the upload interface of my linux router PC. I have ~11mbps upload from my ISP. What i'm trying is to have all traffic have a default minimum of 1.5mbit, while openvpn traffic gets 9.4:
Code:
tc qdisc add dev external root handle 1: htb default 11 Code:
iptables -A POSTROUTING -o external -s XX.XX.XX.XX -p udp --sport 1194 -j CLASSIFY --set-class 1:10 but of course, this isn't working as I would expect. For example, if I start an upload from the LAN to an openvpn client, and then start another upload from within the LAN to another place (not an openvpn client), I would think that the local LAN upload would slow down to 1.5mbit, while the openvpn transfer would get the 9.4. but this doesn't happen; both transfers balance out, as if there wasn't any traffic controlling going on at all. ideas? |
mmm, not sure. Will the openvpn client hit 11.4 if run on its own, i.e. there isn't another factor slowing it down?
|
yes, all clients are able to max out the ceil bandwidth if they are the only one sending, including openvpn
|
So it's most likely that your traffic is all ending up in one queue is my guess. So the problem is most likely your classification.
If I remember rightly think 'tc -s qdisc' should give you stats for the queues. If you classification was working you should see traffic on both queues. |
hmmm... i don't know what you mean by 'tc -s qdisc' showing me both queues.... it shows the following:
Code:
qdisc mq 0: dev vpnftp root idk. afaict, my iptables classifying logic seems right, and i'm doing it identically as my other classifications.... give data being output on external (-o external) with source IP of me (-s xx.xx.xx.xx) using udp with source port 1194 (-p udp --sport 1194) the classification of 1:10 (-j CLASSIFY --set-class 1:10).... i tried removing the "-s" option but no dice. 'iptables -t mangle -nvL' definitely shows traffic counters for the class: Code:
Chain PREROUTING (policy ACCEPT 6004K packets, 5041M bytes) |
an update on this
apparently you can't use -i with the POSTROUTING chain.... beats me why. in any case, i'll go ahead and post my internal and external tc scripts. i've added some burst values and an sfq, thinking maybe that would fix it. of course it didn't, nothing's changed. i haven't got a clue why the same kind of subdividing of traffic works on the download (internal) but not the upload (external)... doesn't make sense. Code:
tc qdisc add dev internal root handle 1: htb default 10 |
A pure-tc solution
Here's what I used when I was on a slow link. You'd need to adapt it to detect particular IP's, look at the matches.
Code:
#!/bin/sh |
yeah you lost me on most of that man... i haven't done much work with tc, and have had very little luck in finding good docs. you say i would need it to "adapt" to detect destination IPs.... why? i wouldn't think it should matter what the destination of the UDP openvpn packets are, i'm just wanting to place all of that traffic in 1:10, giving it a minimum HTB rate on the external interface.... seems simple enough with iptables --sport classification, but apparently not.
|
Have you found lartc.org?
|
i've read 1 thing from there, but i figured it was just yet another collection of the man pages out there. i'll check it out thanks
|
All times are GMT -5. The time now is 01:31 PM. |