Weblog entry #1 for kapal
See all weblog entries made by kapal.
#1
Traffic shaping (shaperd)
Posted by kapal on Tue 10 Oct 2006 at 10:28
Previously there were http://www.debian-administration.org/articles/77 a few words written upon traffic shaping, which i found not really helpful. I've tried tc, but it's a bit `spartan' for me. I've installed shaperd, which wont work. Here's what i done (on Debian 3.1/testing with 2.6.15-1-686 ):
1) apt-get-installed shaperd
2) added some traffic shaping rules to /etc/shaperd/shaperd.conf (based on examples in /usr/share/doc/shaperd/examples) which are correct (according to syslog)
3) modprobe ip_queue
4) killall -HUP shaperd
5) iptables -I INPUT -j QUEUE
iptables -I OUTPUT -j QUEUE
what i got in syslog is that i should patch my kernel:
"localhost shaperd[5428]: invalid packet (hw_protocol=0x0) please apply http://webs.sinectis.com/lesanti/shaperd/fw-2.4.17.patch to fix this problem {packet.cpp:157}"
1) apt-get-installed shaperd
2) added some traffic shaping rules to /etc/shaperd/shaperd.conf (based on examples in /usr/share/doc/shaperd/examples) which are correct (according to syslog)
3) modprobe ip_queue
4) killall -HUP shaperd
5) iptables -I INPUT -j QUEUE
iptables -I OUTPUT -j QUEUE
what i got in syslog is that i should patch my kernel:
"localhost shaperd[5428]: invalid packet (hw_protocol=0x0) please apply http://webs.sinectis.com/lesanti/shaperd/fw-2.4.17.patch to fix this problem {packet.cpp:157}"
Comments on this Entry
"tc" is what you want - honest.
The documentation could be more straight forward.
The HTB is the tool that does what most people really want from a shaper.
Here we divide up a 2Mbps line leading to some webservers and email servers into chunks (buckets), each bucket gets so much bandwidth guaranteed, and each IP address is then assigned to a bucket, and then put some perturbation on the dross.
Note these limits can only apply to outgoing traffic. Read the LARTC docs for explanation of why.
The result is that each IP address is guaranteed its share of the bandwidth when things get congested. But otherwise can consume upto 2Mbps.
I had to edit out most of the content as it private to my employers. Be assured the buckets add up to 2Mbps. The documentation says you have to reduce the total slightly below the 2Mbps limit, so the congestion occurs in the shapers queues, not the routers, but I found it worked fine (but do test this bit - presumably Eurobell gave us a little bit more).
I'm sure one can get more details into the control. In our case all we cared was that no service, especially customers services, got starved of resource by another, so per IP address was fine.
My init scripts looks a bit like this...
DEVICE=eth0
RATE=2048kbit
SHARE1=128kbit
SHARE2=384kbit
SHARE3=512kbit
SHARE4=768kbit
SHARE5=1024kbit
# Buckets reflect IP last Octet for now
BZYNET=7
BCLUSTER6=46
BINTERNAL=69
BDEFAULT=255
start (){
# Create QDISC using HTB
tc qdisc add dev $DEVICE root handle 1: htb default $BDEFAULT
tc class add dev $DEVICE parent 1: classid 1:1 htb rate $RATE ceil $RATE
# Create Buckets
tc class add dev $DEVICE parent 1:1 classid 1:$BCLUSTER6 htb rate $SHARE5 ceil $RATE
tc class add dev $DEVICE parent 1:1 classid 1:$BINTERNAL htb rate $SHARE1 ceil $RATE
tc class add dev $DEVICE parent 1:1 classid 1:$BZYNET htb rate $SHARE3 ceil $RATE
tc class add dev $DEVICE parent 1:1 classid 1:$BDEFAULT htb rate $SHARE1 ceil $RATE
# Each IP address is put in a bucket.....
tc filter add dev $DEVICE protocol ip parent 1:0 prio 1 u32 match ip src 10.10.10.7 flowid 1:$BZYNET
# Repeat as needed changing IP and the Bucket name
# Make the dross play nicely using SFQ
tc qdisc add dev $DEVICE parent 1:$BDEFAULT handle 10: sfq perturb 10
}
stop()
{
# Delete the root of the tree to get a pfifo_fast back
tc qdisc del dev $DEVICE root
}
status()
{
echo ==== QDISC STATS =====
tc -s qdisc
echo ==== CLASS STATS =====
tc -s class show dev $DEVICE
}
The documentation could be more straight forward.
The HTB is the tool that does what most people really want from a shaper.
Here we divide up a 2Mbps line leading to some webservers and email servers into chunks (buckets), each bucket gets so much bandwidth guaranteed, and each IP address is then assigned to a bucket, and then put some perturbation on the dross.
Note these limits can only apply to outgoing traffic. Read the LARTC docs for explanation of why.
The result is that each IP address is guaranteed its share of the bandwidth when things get congested. But otherwise can consume upto 2Mbps.
I had to edit out most of the content as it private to my employers. Be assured the buckets add up to 2Mbps. The documentation says you have to reduce the total slightly below the 2Mbps limit, so the congestion occurs in the shapers queues, not the routers, but I found it worked fine (but do test this bit - presumably Eurobell gave us a little bit more).
I'm sure one can get more details into the control. In our case all we cared was that no service, especially customers services, got starved of resource by another, so per IP address was fine.
My init scripts looks a bit like this...
DEVICE=eth0
RATE=2048kbit
SHARE1=128kbit
SHARE2=384kbit
SHARE3=512kbit
SHARE4=768kbit
SHARE5=1024kbit
# Buckets reflect IP last Octet for now
BZYNET=7
BCLUSTER6=46
BINTERNAL=69
BDEFAULT=255
start (){
# Create QDISC using HTB
tc qdisc add dev $DEVICE root handle 1: htb default $BDEFAULT
tc class add dev $DEVICE parent 1: classid 1:1 htb rate $RATE ceil $RATE
# Create Buckets
tc class add dev $DEVICE parent 1:1 classid 1:$BCLUSTER6 htb rate $SHARE5 ceil $RATE
tc class add dev $DEVICE parent 1:1 classid 1:$BINTERNAL htb rate $SHARE1 ceil $RATE
tc class add dev $DEVICE parent 1:1 classid 1:$BZYNET htb rate $SHARE3 ceil $RATE
tc class add dev $DEVICE parent 1:1 classid 1:$BDEFAULT htb rate $SHARE1 ceil $RATE
# Each IP address is put in a bucket.....
tc filter add dev $DEVICE protocol ip parent 1:0 prio 1 u32 match ip src 10.10.10.7 flowid 1:$BZYNET
# Repeat as needed changing IP and the Bucket name
# Make the dross play nicely using SFQ
tc qdisc add dev $DEVICE parent 1:$BDEFAULT handle 10: sfq perturb 10
}
stop()
{
# Delete the root of the tree to get a pfifo_fast back
tc qdisc del dev $DEVICE root
}
status()
{
echo ==== QDISC STATS =====
tc -s qdisc
echo ==== CLASS STATS =====
tc -s class show dev $DEVICE
}
[ Parent | Reply to this comment ]
A question
If i only need a basic shaping of SMTP traffic because that is the only problematic traffic on ADSL for us, how do i do it with tc?
In shaperd it would be some 10 lines of config and 1 line iptables
but yes i face the same error as mentioned above, and interestingly my kernel isnt 2.4 ... :(
Greg
If i only need a basic shaping of SMTP traffic because that is the only problematic traffic on ADSL for us, how do i do it with tc?
In shaperd it would be some 10 lines of config and 1 line iptables
but yes i face the same error as mentioned above, and interestingly my kernel isnt 2.4 ... :(
Greg
[ Parent | Reply to this comment ]
Without a great deal of thought, what you want to guarantee is that other outgoing traffic gets priority over outgoing SMTP.
So you could use the above script with a couple of buckets, and match the outgoing port 25 traffic into one of them, and the rest of your traffic into the other, and give the rest most of your bandwidth.
On the Postfix list, Ralph suggests that you can just try and balance all connections more fairly, so that one connection never takes up more than a certain amount of the upstream, which if only a few connections cause an issue might fix up what you want in one line.
http://www.irbs.net/internet/postfix/0204/0804.html
Depending on what you are doing wondershaper is packaged for Debian and might "just work".
So you could use the above script with a couple of buckets, and match the outgoing port 25 traffic into one of them, and the rest of your traffic into the other, and give the rest most of your bandwidth.
On the Postfix list, Ralph suggests that you can just try and balance all connections more fairly, so that one connection never takes up more than a certain amount of the upstream, which if only a few connections cause an issue might fix up what you want in one line.
http://www.irbs.net/internet/postfix/0204/0804.html
Depending on what you are doing wondershaper is packaged for Debian and might "just work".
[ Parent | Reply to this comment ]