LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   expanding my tc script to include prioritizing for TCP syn/ack/etc. (https://www.linuxquestions.org/questions/linux-networking-3/expanding-my-tc-script-to-include-prioritizing-for-tcp-syn-ack-etc-4175479817/)

psycroptic 10-06-2013 03:10 PM
expanding my tc script to include prioritizing for TCP syn/ack/etc.
 
just looking for pointers or things i might be missing... i'm now trying to prioritize TCP traffic by header, mainly using prio & also some iptables classifying stuff. it actually seems to be working alright so far... to start off, i'm doing all of the shaping on the outbound interface of my router PC.

tc script relevant bits:

Code:
tc qdisc add dev external root handle 1: htb default 11
tc class add dev external parent 1: classid 1:1 htb rate 24mbit ceil 24mbit burst 8k
tc class add dev external parent 1:1 classid 1:10 htb rate 16mbit ceil 24mbit prio 1 burst 8k
tc class add dev external parent 1:1 classid 1:11 htb rate 6mbit ceil 24mbit prio 2 burst 8k
tc class add dev external parent 1:1 classid 1:12 htb rate 1mbit ceil 24mbit prio 3 burst 8k
tc class add dev external parent 1:1 classid 1:13 htb rate 1mbit ceil 5mbit prio 4 burst 8k

tc filter add dev external protocol ip parent 1: prio 1 u32 match ip sport 1194 0xffff flowid 1:10

tc qdisc add dev external parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev external parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev external parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev external parent 1:13 handle 13: sfq perturb 10
iptables:
Code:
*mangle
-N ack
-A ack -m tos ! --tos Normal-Service -j RETURN
-A ack -p tcp -m length --length 0:128 -j TOS --set-tos Minimize-Delay
-A ack -p tcp -m length --length 128: -j TOS --set-tos Maximize-Throughput
-A ack -j RETURN

-A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -j ack
-A POSTROUTING -o external -p tcp -m tos --tos Minimize-Delay -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -p icmp -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -p tcp --dport 80 -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -p tcp --dport 443 -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -p udp --dport 53 -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -s 172.16.16.15 -j CLASSIFY --set-class 1:12
-A POSTROUTING -o external -s 192.168.192.0/24 -j CLASSIFY --set-class 1:13
"iptables -t mangle -nvxL" definitely shows traffic across the various postrouting rules there...

one thing, i'm still working out how to retain those 1:12 and 1:13 classes; i was using it to set minimums for particular hosts/subnets. ever since adding this, i don't think these work anymore...


thanks in advance

unSpawn 10-06-2013 03:46 PM
With iptables you can use -j LOG rules before or after changing aspects to check for example which subnets hit a filter or what modifications will be done. I wonder however how much performance increase you'll actually getting from prioritizing SYN/ACKs as they're small packets anyway and you can't control behavior of remote end points anyway... (Wrt network performance you may also want to look at Ethernet driver module options, mii/ethtool buffer/offload settings and 'net -related sysctls.)

psycroptic 10-06-2013 03:54 PM
Quote:
Originally Posted by unSpawn (Post 5041095)
I wonder however how much performance increase you'll actually getting from prioritizing SYN/ACKs as they're small packets anyway and you can't control behavior of remote end points anyway...
yeah, i don't think it would be drastic, but rather that performance would be more consistent.... i've followed this guide, which says that TCP streams will be more of an even flow...

unSpawn 10-06-2013 04:07 PM
Ah, OK. It's more about guaranteeing hosts (or not) their fair share of bandwidth then.

psycroptic 10-06-2013 04:26 PM
yep, pretty much. also preventing active streams from increasing the latency, particularly when a client is uploading. i've actually done a crude test w/ping (that's why i put icmp in the iptables stuff), saturating the upload from 1 client and pinging out from another, and i'm getting pretty expected results.

without these rules:

Code:
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=123 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=129 ms
64 bytes from 208.67.222.222: icmp_seq=3 ttl=54 time=130 ms
64 bytes from 208.67.222.222: icmp_seq=4 ttl=54 time=87.1 ms
64 bytes from 208.67.222.222: icmp_seq=5 ttl=54 time=92.2 ms
with them:

Code:
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=39.0 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=33.3 ms
64 bytes from 208.67.222.222: icmp_seq=3 ttl=54 time=39.0 ms
64 bytes from 208.67.222.222: icmp_seq=4 ttl=54 time=35.2 ms
64 bytes from 208.67.222.222: icmp_seq=5 ttl=54 time=34.5 ms
so not exactly whale meat, but its an improvement... idk if this carries over to the TCP traffic tho

unSpawn 10-06-2013 05:13 PM
Sure, but that's by sending ICMP messages to a service that's mostly used with UDP. See if you can test it by for example having a select remote host (family, friends, school, work, public terminal) initiate (concurrent?) FTP transfers and see how that stacks up?

psycroptic 10-07-2013 06:19 PM
yeah, i'm getting similar results....


All times are GMT -5. The time now is 07:56 AM.