LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-06-2013, 03:10 PM   #1
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 340

Rep: Reputation: Disabled
expanding my tc script to include prioritizing for TCP syn/ack/etc.


just looking for pointers or things i might be missing... i'm now trying to prioritize TCP traffic by header, mainly using prio & also some iptables classifying stuff. it actually seems to be working alright so far... to start off, i'm doing all of the shaping on the outbound interface of my router PC.

tc script relevant bits:

Code:
tc qdisc add dev external root handle 1: htb default 11
tc class add dev external parent 1: classid 1:1 htb rate 24mbit ceil 24mbit burst 8k
tc class add dev external parent 1:1 classid 1:10 htb rate 16mbit ceil 24mbit prio 1 burst 8k
tc class add dev external parent 1:1 classid 1:11 htb rate 6mbit ceil 24mbit prio 2 burst 8k
tc class add dev external parent 1:1 classid 1:12 htb rate 1mbit ceil 24mbit prio 3 burst 8k
tc class add dev external parent 1:1 classid 1:13 htb rate 1mbit ceil 5mbit prio 4 burst 8k

tc filter add dev external protocol ip parent 1: prio 1 u32 match ip sport 1194 0xffff flowid 1:10

tc qdisc add dev external parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev external parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev external parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev external parent 1:13 handle 13: sfq perturb 10
iptables:
Code:
*mangle
-N ack
-A ack -m tos ! --tos Normal-Service -j RETURN
-A ack -p tcp -m length --length 0:128 -j TOS --set-tos Minimize-Delay
-A ack -p tcp -m length --length 128: -j TOS --set-tos Maximize-Throughput
-A ack -j RETURN

-A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -j ack
-A POSTROUTING -o external -p tcp -m tos --tos Minimize-Delay -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -p icmp -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -p tcp --dport 80 -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -p tcp --dport 443 -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -p udp --dport 53 -j CLASSIFY --set-class 1:10
-A POSTROUTING -o external -s 172.16.16.15 -j CLASSIFY --set-class 1:12
-A POSTROUTING -o external -s 192.168.192.0/24 -j CLASSIFY --set-class 1:13
"iptables -t mangle -nvxL" definitely shows traffic across the various postrouting rules there...

one thing, i'm still working out how to retain those 1:12 and 1:13 classes; i was using it to set minimums for particular hosts/subnets. ever since adding this, i don't think these work anymore...


thanks in advance
 
Old 10-06-2013, 03:46 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,359
Blog Entries: 55

Rep: Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545
With iptables you can use -j LOG rules before or after changing aspects to check for example which subnets hit a filter or what modifications will be done. I wonder however how much performance increase you'll actually getting from prioritizing SYN/ACKs as they're small packets anyway and you can't control behavior of remote end points anyway... (Wrt network performance you may also want to look at Ethernet driver module options, mii/ethtool buffer/offload settings and 'net -related sysctls.)
 
Old 10-06-2013, 03:54 PM   #3
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 340

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
I wonder however how much performance increase you'll actually getting from prioritizing SYN/ACKs as they're small packets anyway and you can't control behavior of remote end points anyway...
yeah, i don't think it would be drastic, but rather that performance would be more consistent.... i've followed this guide, which says that TCP streams will be more of an even flow...
 
Old 10-06-2013, 04:07 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,359
Blog Entries: 55

Rep: Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545
Ah, OK. It's more about guaranteeing hosts (or not) their fair share of bandwidth then.
 
Old 10-06-2013, 04:26 PM   #5
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 340

Original Poster
Rep: Reputation: Disabled
yep, pretty much. also preventing active streams from increasing the latency, particularly when a client is uploading. i've actually done a crude test w/ping (that's why i put icmp in the iptables stuff), saturating the upload from 1 client and pinging out from another, and i'm getting pretty expected results.

without these rules:

Code:
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=123 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=129 ms
64 bytes from 208.67.222.222: icmp_seq=3 ttl=54 time=130 ms
64 bytes from 208.67.222.222: icmp_seq=4 ttl=54 time=87.1 ms
64 bytes from 208.67.222.222: icmp_seq=5 ttl=54 time=92.2 ms
with them:

Code:
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=39.0 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=33.3 ms
64 bytes from 208.67.222.222: icmp_seq=3 ttl=54 time=39.0 ms
64 bytes from 208.67.222.222: icmp_seq=4 ttl=54 time=35.2 ms
64 bytes from 208.67.222.222: icmp_seq=5 ttl=54 time=34.5 ms
so not exactly whale meat, but its an improvement... idk if this carries over to the TCP traffic tho
 
Old 10-06-2013, 05:13 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,359
Blog Entries: 55

Rep: Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545
Sure, but that's by sending ICMP messages to a service that's mostly used with UDP. See if you can test it by for example having a select remote host (family, friends, school, work, public terminal) initiate (concurrent?) FTP transfers and see how that stacks up?
 
Old 10-07-2013, 06:19 PM   #7
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 340

Original Poster
Rep: Reputation: Disabled
yeah, i'm getting similar results....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP handshake fails, SYN/ACK ignored by system. xnomad Linux - Networking 1 09-28-2011 11:10 AM
DNAT on first SYN ACK packet sseeley Linux - Networking 2 08-24-2010 01:33 PM
SYN, SYN_ACK but no ACK nitinarora Linux - Kernel 1 05-21-2009 06:31 PM
TCP stack imediately sends RST after it receives SYN-ACK berkon Linux - Networking 2 05-03-2009 01:56 PM
TCP packet flags (SYN, FIN, ACK, etc) and firewall rules TheLinuxDuck Linux - Security 12 04-28-2005 11:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration