[Firehol-support] FireQOS: need help with input traffic shaping
Tsaousis, Costa
costa at tsaousis.gr
Mon Feb 2 16:44:32 GMT 2015
Hi Andreas,
I can see the following problems on your config:
1. There is no htb qdisc. Leave FireQOS select the default (fq_codel
or sfq). fq_codel will be of great help on your setup. Make sure your
kernel supports it.
2. On the lowprio class you match a private IP on the public
interface. This cannot be done. On the public interface there are only
public IPs. This is your key problem.
3. 'tcp ack' and 'tcp acks' is the same thing.
4. It is strange that on your output interface you have such traffic
on the interactive class. If this traffic are the tcp acks of the
download, they should be on the tcpack class. I hope this will be
fixed by setting the correct qdisc.
So, because of point 2, it is impossible to distinguish between normal
web traffic from other PCs and your NAS. fq_codel will help but it
won't solve the problem completely.
Another idea would be to use marks to separate nas traffic from other
traffic. This however does not work without the act_connmark kernel
module (which by default is only available in openwrt).
Let me think...
Do you masquerade or snat traffic in firehol?
When you masquerade or snat traffic, what you actually do is that you
map 192.168.2.11:PORT1 (or any local IP) to your PUBLIC_IP:PORT2.
You could use masquerade or snat to have your NAS use 60000-64999 for
PORT2, while all your other PCs use 20000-59999. This way you could
apply qos on the inbound direction by just examining your port range.
I will try to do this with firehol and fireqos later today and come
back with the statements you should use.
Costa
On Mon, Feb 2, 2015 at 2:31 PM, AM <stuff at kr33.de> wrote:
> Hi,
>
> I already spend hours on reading and testing tc.
> But now I'm at a point where I have to ask here for any hints.
>
> Basically I want to shape my input and output traffic.
> I have one nas server which handles large downloads. I want that nas to have
> a low priority, so that if I start a download on a normal client in the
> network this client gets most of the bandwidth.
> But I cant get this to work. Here is my fireqos.conf:
> ####################################
> DEVICE=eth0
> INPUT_SPEED=14300kbit
> OUTPUT_SPEED=2400kbit
> LINKTYPE="adsl remote bridged-llc mtu 1492"
>
> interface $DEVICE dsl-in input rate $INPUT_SPEED $LINKTYPE qdisc htb
> # Eingehender Traffic Internet --> LAN
> class interactive commit 1000kbit
> match udp port 53 # DNS
> match tcp port 22 # SSH
> match icmp
>
> class tcpack commit 2000kbit
> match tcp syn
> match tcp ack
> match tcp acks
>
> class web-http commit 7500kbit
> match tcp sports 80,443 prio 20 # http(s)
>
> class default commit 2500kbit
>
> class lowprio commit 1% max 80% prio 7
> match4 dst 192.168.2.11 prio 10 # debsrv
>
>
> interface $DEVICE dsl-out output rate $OUTPUT_SPEED $LINKTYPE qdisc htb
> # Ausgehender Traffic LAN --> Internet
> class interactive commit 200kbit
> match udp port 53 # DNS
> match tcp port 22 # SSH
> match icmp
>
> class tcpack commit 400kbit
> match tcp syn
> match tcp ack
> match tcp acks
>
> class web-http commit 1100kbit
> match tcp dports 80,443 prio 20 # http(s)
>
> class default commit 600kbit
>
> class lowprio commit 1% max 80% prio 7
> match4 src 192.168.2.11 prio 10 # debsrv
> ####################################
>
> If I now start downloading on both hosts with e.g. wget
> http://cdimage.debian.org/debian-cd/7.8.0/amd64/iso-dvd/debian-7.8.0-amd64-DVD-2.iso
> I get the following stats:
>
>
> Class Utilization on dsl-in (eth0 input => eth0-ifb) - values in Kbit/s
> TOTAL intera tcpack web-ht defaul lowpri
> 14552 - - 6069 3 8480
> 14116 1 - 5418 - 8697
> 14139 - - 6011 1 8127
> 14422 - - 6078 - 8344
> 14281 - - 5299 - 8982
> 14264 3 - 5521 - 8739
> 14277 - - 5252 1 9024
> 14201 - - 4798 1 9403
> 14288 - - 4762 1 9525
> 14227 - - 4988 - 9253
> 14293 - - 6318 11 7951
> 14327 - - 6905 142 7281
> 14219 - - 6988 - 7232
> 14133 - - 7172 - 6960
> 14347 - - 7196 - 7151
> 14390 - - 7048 1 7340
> 14203 1 - 7024 1 7177
> 14289 1 - 6979 - 7309
> 14272 1 4 6852 12 7403
> 14304 3 - 6385 - 7916
>
> ==> lowprio is getting much more bandwidth... why?
> Can anyone help me out / explain why it is behaving like this?
>
> Outgoing everything works like expected.
> (Used scp to upload a file to remote server)
>
> Class Utilization on dsl-out (eth0 output => eth0) - values in Kbit/s
> TOTAL intera tcpack web-ht defaul lowpri
> 2674 2619 - 28 - 27
> 2432 2379 - 25 - 27
> 2524 2483 - 14 - 27
> 2515 2462 - 25 - 27
> 2527 2490 - 24 - 14
> 2501 2458 - 14 1 27
> 2520 2476 - 17 - 27
> 2551 2509 - 14 - 27
> 2514 2463 - 25 - 27
> 2532 2479 - 25 1 27
> 2514 2474 - 13 - 27
> 2512 2469 2 27 1 14
> 2531 2323 70 25 86 27
> 2546 2490 - 29 - 27
> 2505 2463 - 15 - 27
> 2534 2479 1 25 1 27
> 2519 2440 - 52 - 27
> 2550 2491 - 31 - 27
> 2511 2476 - 22 - 14
> 2511 2449 5 22 7 27
>
> Thanks!
>
> Regards
> Andreas
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list