LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Problem with Traffic Shaping and HTTP Traffic. (http://www.linuxquestions.org/questions/linux-networking-3/problem-with-traffic-shaping-and-http-traffic-686710/)

redvivi 11-27-2008 03:51 PM

Problem with Traffic Shaping and HTTP Traffic.
 
Hi !

I have a problem with traffic control on a Debian gateway server using a symmetric line 4kbps shared by 300 computers. Please have a look at the 1:22 class (default htb one). If I put its rate near zero, the HTTP traffic is stopped. However, I designed a filter to lead the http packets to the 1:21 class (colored in red) and if I set a "-j DROP" on this filter, the HTTP traffic is also stopped.

Here comes that question: It seems that my http traffic (egress) is divided between the 1:22 (default class) and 1:21 classes despite of my filter which should redirect ALL the http traffic on the 1:21 class.

Did I miss something ?

Here is my code:

Code:

tc qdisc add dev $DEV root handle 1: htb default 22

tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit

tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[40*$RATEUP/100]kbit \
        ceil ${RATEUP}kbit prio 0
tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[40*$RATEUP/100]kbit \
        ceil ${RATEUP}kbit prio 1
tc class add dev $DEV parent 1:1 classid 1:22 htb rate $[19*$RATEUP/100]kbit \
        ceil $[20*RATEUP/100]kbit prio 2
tc class add dev $DEV parent 1:1 classid 1:23 htb rate $[1*$RATEUP/100]kbit \
        ceil $[5*RATEUP/100]kbit prio 3

tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev $DEV parent 1:23 handle 23: sfq perturb 10

tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23


# Table TOSFIX
iptables -t mangle -N tosfix
iptables -t mangle -A tosfix -p tcp -m length --length 0:512 -j RETURN
iptables -t mangle -A tosfix -m limit --limit 2/s --limit-burst 10 -j RETURN
iptables -t mangle -A tosfix -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A tosfix -j RETURN

# Table ACK
iptables -t mangle -N ack
iptables -t mangle -A ack -m tos ! --tos Normal-Service -j RETURN
iptables -t mangle -A ack -p tcp -m length --length 0:128 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A ack -p tcp -m length --length 128: -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A ack -j RETURN

# Is our TOS broken? Fix it for TCP ACK and OpenSSH.

iptables -t mangle -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -j ack
iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Delay -j tosfix


# Match DNS Packets
#iptables -t mangle -I POSTROUTING -o $DEV -p udp --dport 53 -j MARK --set-mark 20
iptables -t mangle -I POSTROUTING -o $DEV -p udp --dport 53 -j DROP
iptables -t mangle -I POSTROUTING -o $DEV -p udp --dport 53 -j RETURN


# Match UDP Packets
iptables -t mangle -A POSTROUTING -o $DEV -p udp -j MARK --set-mark 21

# Here we deal with ACK, SYN, and RST packets

# Match SYN and RST packets
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m tcp --tcp-flags ! SYN,RST,ACK ACK -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m tcp --tcp-flags ! SYN,RST,ACK ACK -j RETURN


# Match ACK packets
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m length --length :128 -m tos --tos Minimize-Delay -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m length --length :128 -m tos --tos Minimize-Delay -j MARK --set-mark 20


# Match packets with TOS Minimize-Delay
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m tos --tos Minimize-Delay -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m tos --tos Minimize-Delay -j RETURN

# Flow Selection
iptables -t mangle -A POSTROUTING -o $DEV -p tcp --dport 80 -j MARK --set-mark 21
iptables -t mangle -A POSTROUTING -o $DEV -p tcp --dport 80 -j RETURN

iptables -t mangle -A POSTROUTING -o $DEV -p tcp --dport 443 -j MARK --set-mark 21
iptables -t mangle -A POSTROUTING -o $DEV -p tcp --dport 443 -j RETURN


iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto edonkey -j MARK --set-mark 23
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto edonkey -j RETURN

iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto bittorrent -j MARK --set-mark 23
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto bittorrent -j RETURN

iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto imesh -j MARK --set-mark 23
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto imesh -j RETURN

iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto gnutella -j MARK --set-mark 23
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto gnutella -j RETURN

iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto fasttrack -j MARK --set-mark 23
iptables -t mangle -A POSTROUTING -o $DEV -p tcp -m layer7 --l7proto fasttrack -j RETURN

exit

Thanks,
RedVivi

redvivi 11-29-2008 12:23 PM

I made a mistake, it's a 4mbits symmetric line, not a 4k one ;-)

Thanks !
RedVivi


All times are GMT -5. The time now is 06:33 AM.