TC traffic control with htb

netguy2000 · 07-26-2016, 12:22 AM

Dear all Gurus,
you kind attention and help required in TC traffic control with htb, as i am still beginner in TC (traffic control).

I want to understand priority setting in TC and its filter.
I am using following lines in my script but when I check with (watch -n 0 tc -s class ls dev eth0) command, it shows different priorities on my rules.
Please help, if you dont aggree with my script lines then kindly only help me with how to set priorities. with your own simple TC lines.

# Name of the traffic control command.
TC=/sbin/tc
IPTABLES=/sbin/iptables

# ISP1 Download limit (in mega bits)
ISP1DNLD=100 (ISP1 interface download speed)
# ISP2 Download limit (in mega bits)
ISP2DNLD=100 (ISP2 interface download speed)
# Proxy Browsing to-words Users
PDNLD=100 (Proxy download speed)

# The network interface we're planning on limiting bandwidth.
# LOCAL LAN Interface
LOCALIF=eth0
# ISP2 Interface
ISP2IF=eth4
# ISP1 Interface
ISP1IF=eth2

#LOCAL LAN Interface Speed
LOCALIFDN=100 (download speed)
LOCALIFUP=100 (upload speed)

# IP address of the machine OR NETWORK we are controlling
LOCALNET=192.168.0.0

$TC qdisc add dev $LOCALIF root handle 1: htb default 1
$TC class add dev $LOCALIF parent 1: classid 1:1 htb prio 60 rate $[LOCALIFDN]mbit ceil $[LOCALIFDN]mbit
# email traffic form ISP1 to user
$TC class add dev $LOCALIF parent 1:1 classid 1:10 htb prio 1 rate $[ISP1DNLD/30]mbit ceil $[TWDNLD/30]mbit
#for ports 1-65535 from ISP1 to user and for port 443 from ISP1 to user
$TC class add dev $LOCALIF parent 1:1 classid 1:20 htb prio 10 rate $[ISP1DNLD/20]mbit ceil $[TWDNLD/20]mbit
#for Proxy port 8080 to user / proxy serving towords user
$TC class add dev $LOCALIF parent 1:1 classid 1:30 htb prio 0 rate $[PDNLD/15]mbit ceil $[PDNLD/15]mbit
#for port 443 from ISP2 to user and for port 1-65535 from ISP2 to user
$TC class add dev $LOCALIF parent 1:1 classid 1:40 htb prio 12 rate $[ISP2DNLD/15]mbit ceil $[ISP2DNLD/15]mbit
$TC class add dev $LOCALIF parent 1:1 classid 1:50 htb prio 15 rate $[ISP2DNLD/15]mbit ceil $[ISP2DNLD/15]mbit

# email traffic form ISP1 to user
$TC filter add dev $LOCALIF protocol ip parent 1:0 prio 0 handle 11 fw flowid 1:10
#for ports 1-65535 from ISP1 to user and for port 443 from ISP1 to user
$TC filter add dev $LOCALIF protocol ip parent 1:0 prio 2 handle 12 fw flowid 1:20
$TC filter add dev $LOCALIF protocol ip parent 1:0 prio 55 handle 13 fw flowid 1:20
#for Proxy port 8080 to user / proxy serving towords user
$TC filter add dev $LOCALIF protocol ip parent 1:0 prio 0 handle 14 fw flowid 1:30
#for port 443 from ISP2 to user and for port 1-65535 from ISP2 to user
$TC filter add dev $LOCALIF protocol ip parent 1:0 prio 13 handle 15 fw flowid 1:40
$TC filter add dev $LOCALIF protocol ip parent 1:0 prio 0 handle 16 fw flowid 1:50

$IPTABLES -A FORWARD -t mangle -i $ISP1IF -p tcp -s 245.145.45.5 -d $LOCALNET/22 --sport 110 -j MARK --set-mark 11
$IPTABLES -A FORWARD -t mangle -i $ISP1IF -p tcp -s 245.145.45.5 -d $LOCALNET/22 --sport 110 -j RETURN
$IPTABLES -A FORWARD -t mangle -i $ISP1IF -p tcp -s 245.145.45.5 -d $LOCALNET/22 --sport 995 -j MARK --set-mark 11
$IPTABLES -A FORWARD -t mangle -i $ISP1IF -p tcp -s 245.145.45.5 -d $LOCALNET/22 --sport 995 -j RETURN
$IPTABLES -A FORWARD -t mangle -p tcp -i $ISP1IF -d $LOCALNET/22 --sport 443 -j MARK --set-mark 12
$IPTABLES -A FORWARD -t mangle -p tcp -i $ISP1IF -d $LOCALNET/22 --sport 443 -j RETURN
$IPTABLES -A FORWARD -t mangle -p tcp -i $ISP1IF -d $LOCALNET/22 -m multiport --sport ! 110,443,995 -j MARK --set-mark 13
$IPTABLES -A FORWARD -t mangle -p tcp -i $ISP1IF -d $LOCALNET/22 -m multiport --sport ! 110,443,995 -j RETURN
$IPTABLES -A FORWARD -t mangle -p udp -i $ISP1IF -d $LOCALNET/22 -j MARK --set-mark 13
$IPTABLES -A FORWARD -t mangle -p udp -i $ISP1IF -d $LOCALNET/22 -j RETURN
$IPTABLES -A OUTPUT -t mangle -o $LOCALIF -d $LOCALNET/22 -p tcp --sport 8080 -j MARK --set-mark 14
$IPTABLES -A OUTPUT -t mangle -o $LOCALIF -d $LOCALNET/22 -p tcp --sport 8080 -j RETURN
$IPTABLES -A FORWARD -t mangle -p tcp -i $ISP2IF -d $LOCALNET/22 --sport 443 -j MARK --set-mark 15
$IPTABLES -A FORWARD -t mangle -p tcp -i $ISP2IF -d $LOCALNET/22 --sport 443 -j RETURN
$IPTABLES -A FORWARD -t mangle -p tcp -i $ISP2IF -d $LOCALNET/22 -m multiport --sport ! 80,443 -j MARK --set-mark 16
$IPTABLES -A FORWARD -t mangle -p tcp -i $ISP2IF -d $LOCALNET/22 -m multiport --sport ! 80,443 -j RETURN
$IPTABLES -A FORWARD -t mangle -p udp -i $ISP2IF -d $LOCALNET/22 -j MARK --set-mark 16
$IPTABLES -A FORWARD -t mangle -p udp -i $ISP2IF -d $LOCALNET/22 -j RETURN
$IPTABLES -A FORWARD -t mangle -i $ISP2IF -s! $LOCALNET/22 -d $LOCALNET/22 -j MARK --set-mark 16
$IPTABLES -A FORWARD -t mangle -i $ISP2IF -s! $LOCALNET/22 -d $LOCALNET/22 -j RETURN

$IPTABLES -A POSTROUTING -t mangle -m mark --mark 11 -o $LOCALIF -p tcp -s 245.145.45.5 -d $LOCALNET/22 --sport 110 -j MARK --set-mark 11
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 11 -o $LOCALIF -p tcp -s 245.145.45.5 -d $LOCALNET/22 --sport 110 -j RETURN
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 11 -o $LOCALIF -p tcp -s 245.145.45.5 -d $LOCALNET/22 --sport 995 -j MARK --set-mark 11
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 11 -o $LOCALIF -p tcp -s 245.145.45.5 -d $LOCALNET/22 --sport 995 -j RETURN
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 12 -p tcp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 --sport 443 -j MARK --set-mark 12
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 12 -p tcp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 --sport 443 -j RETURN
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 13 -p tcp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -m multiport --sport ! 110,443,995 -j MARK --set-mark 13
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 13 -p tcp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -m multiport --sport ! 110,443,995 -j RETURN
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 13 -p udp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -j MARK --set-mark 13
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 13 -p udp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -j RETURN
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 15 -p tcp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 --sport 443 -j MARK --set-mark 15
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 15 -p tcp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 --sport 443 -j RETURN
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 16 -p tcp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -m multiport --sport ! 80,443 -j MARK --set-mark 16
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 16 -p tcp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -m multiport --sport ! 80,443 -j RETURN
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 16 -p udp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -j MARK --set-mark 16
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 16 -p udp -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -j RETURN
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 16 -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -j MARK --set-mark 16
$IPTABLES -A POSTROUTING -t mangle -m mark --mark 16 -o $LOCALIF -s! $LOCALNET/22 -d $LOCALNET/22 -j RETURN

RESULT OF (watch -n 0 tc -s class ls dev eth0)

class htb 1:1 root rate 100000Kbit ceil 100000Kbit burst 14100b cburst 14100b
Sent 27729445741 bytes 26084624 pkt (dropped 0, overlimits 0 requeues 0)
rate 5565Kbit 723pps backlog 0b 0p requeues 0
lended: 16 borrowed: 0 giants: 0
tokens: 916 ctokens: 916

class htb 1:10 parent 1:1 prio 1 rate 3000Kbit ceil 3000Kbit burst 1974b cburst 1974b
Sent 3270059395 bytes 2401844 pkt (dropped 3372, overlimits 0 requeues 0)
rate 941792bit 89pps backlog 0b 0p requeues 0
lended: 2401844 borrowed: 0 giants: 0
tokens: 5074 ctokens: 5074

class htb 1:20 parent 1:1 prio 7 rate 5000Kbit ceil 5000Kbit burst 2225b cburst 2225b
Sent 2992884013 bytes 4050747 pkt (dropped 0, overlimits 0 requeues 0)
rate 86000bit 67pps backlog 0b 0p requeues 0
lended: 4050747 borrowed: 0 giants: 0
tokens: 3432 ctokens: 3432

class htb 1:30 parent 1:1 prio 0 rate 6000Kbit ceil 6000Kbit burst 2349b cburst 2349b
Sent 19781205742 bytes 17600008 pkt (dropped 10750, overlimits 0 requeues 0)
rate 4459Kbit 540pps backlog 0b 74p requeues 0
lended: 17599934 borrowed: 0 giants: 0
tokens: -3231 ctokens: -3231

class htb 1:40 parent 1:1 prio 7 rate 6000Kbit ceil 6000Kbit burst 2349b cburst 2349b
Sent 1150288326 bytes 1415402 pkt (dropped 0, overlimits 0 requeues 0)
rate 56736bit 23pps backlog 0b 0p requeues 0
lended: 1415402 borrowed: 0 giants: 0
tokens: 2995 ctokens: 2995

class htb 1:50 parent 1:1 prio 7 rate 6000Kbit ceil 6000Kbit burst 2349b cburst 2349b
Sent 535100893 bytes 616681 pkt (dropped 0, overlimits 0 requeues 0)
rate 5008bit 4pps backlog 0b 0p requeues 0
lended: 616681 borrowed: 0 giants: 0
tokens: 2938 ctokens: 2938

TB0ne · 07-26-2016, 07:44 AM

Quote:

Originally Posted by netguy2000

Dear all Gurus,
you kind attention and help required in TC traffic control with htb, as i am still beginner in TC (traffic control).

Are you REALLY??? Because you've been asking about TC since 2004...or TWELVE YEARS NOW:
http://www.linuxquestions.org/questi...gement-154490/
http://www.linuxquestions.org/questi...tables-678023/

Hard to believe that you've been here for 13 years, and asking about TC for 12, that you're a 'beginner in TC'.

Quote:

I want to understand priority setting in TC and its filter. I am using following lines in my script but when I check with (watch -n 0 tc -s class ls dev eth0) command, it shows different priorities on my rules.

Right...because you have SET different priorities on your rules.

Quote:

Please help, if you dont aggree with my script lines then kindly only help me with how to set priorities. with your own simple TC lines.

So you want us to just FIX your script for you, but not help you do it yourself? Read the man page on TC...pay special attention to the part where it mentions "prio".

And a better question here would be, what is the actual PROBLEM with what you've done/tried? What's it doing/not-doing?