[Firehol-support] FireQOS: need help with input traffic shaping
AM
stuff at kr33.de
Mon Feb 2 17:40:43 GMT 2015
Hi again,
Okay tested the modifications
1. Removed the qdisc htb statement, fq_codel is now used.
4. I added prio 1 to the match lines for tcp ack and syn, the now show
up in the right class! :)
This is the input status now:
Class Utilization on dsl-in (eth0 input => eth0-ifb) - values in Kbit/s
TOTAL intera tcpack web-ht defaul lowpri
14423 - - 7436 - 6988
14250 - - 7222 - 7028
14299 - - 6971 1 7327
14249 - - 7437 - 6811
14460 - - 7608 - 6852
14205 - - 7774 - 6431
14324 - - 7863 2 6458
14443 - - 7549 1 6893
14223 - 3 7354 - 6865
14472 - 1 8080 - 6391
14385 - 1 7191 - 7192
14379 - - 7324 - 7055
14316 - - 6432 - 7884
14152 - - 6768 3 7381
14487 3 - 6560 - 7924
14263 - - 6516 - 7747
14304 - - 6663 2 7639
14299 - 1 6537 - 7761
14157 - - 6274 - 7883
14570 - 2 5722 - 8846
Class Utilization on dsl-out (eth0 output => eth0) - values in Kbit/s
TOTAL intera tcpack web-ht defaul lowpri
473 3 444 25 - 2
561 3 536 22 1 -
534 4 529 - - 1
510 1 487 22 - -
633 1 502 33 - 97
526 - 526 - - -
522 - 520 - 2 -
495 - 407 5 - 83
488 - 409 - - 79
464 - 400 64 - -
554 - 506 47 - -
Download seems to be spitted up 50:50, I can live with that if there is
no other solution.
But a 90:10 split would be nicer, if this is even possible with ingress
traffic?
Thanks for your help!
Andreas
AM schrieb:
> Hi Costa,
>
> Thanks for your reply!
>
> 1. Ok, I will remove the "qdisc htb" line an try again, if that is
> what you meant?
>
> 2. I do masquerading and it is configured like this:
> Outsite is eth0 with ip 192.168.2.10/24 - Internal LAN is 10.0.0.0/24
> which is masqueraded to 192.168.2.10.
> Then I have eth0:1 with ip 192.168.2.11/24 - all outgoing requests
> from my nas (10.0.0.254) get masqueraded to 192.168.2.11
> And as seen in the status output it is working, as traffic gets
> associated with the right class. (Checked with iptraf on eth0 too)
>
> 3. Ok, will remove the acks and just leave ack.
>
> 4. Yes I also noticed that and was wondering why there is barely
> anything in the tcpack class... but no idea why?
>
> Will report back once I had the chance to test your suggestions!
> Thanks!
>
> Andreas
>
> Tsaousis, Costa schrieb:
>> Hi Andreas,
>>
>> I can see the following problems on your config:
>>
>> 1. There is no htb qdisc. Leave FireQOS select the default (fq_codel
>> or sfq). fq_codel will be of great help on your setup. Make sure your
>> kernel supports it.
>>
>> 2. On the lowprio class you match a private IP on the public
>> interface. This cannot be done. On the public interface there are only
>> public IPs. This is your key problem.
>>
>> 3. 'tcp ack' and 'tcp acks' is the same thing.
>>
>> 4. It is strange that on your output interface you have such traffic
>> on the interactive class. If this traffic are the tcp acks of the
>> download, they should be on the tcpack class. I hope this will be
>> fixed by setting the correct qdisc.
>>
>>
>> So, because of point 2, it is impossible to distinguish between normal
>> web traffic from other PCs and your NAS. fq_codel will help but it
>> won't solve the problem completely.
>>
>> Another idea would be to use marks to separate nas traffic from other
>> traffic. This however does not work without the act_connmark kernel
>> module (which by default is only available in openwrt).
>>
>> Let me think...
>>
>> Do you masquerade or snat traffic in firehol?
>>
>> When you masquerade or snat traffic, what you actually do is that you
>> map 192.168.2.11:PORT1 (or any local IP) to your PUBLIC_IP:PORT2.
>>
>> You could use masquerade or snat to have your NAS use 60000-64999 for
>> PORT2, while all your other PCs use 20000-59999. This way you could
>> apply qos on the inbound direction by just examining your port range.
>>
>> I will try to do this with firehol and fireqos later today and come
>> back with the statements you should use.
>>
>> Costa
>>
>>
>>
>>
>> On Mon, Feb 2, 2015 at 2:31 PM, AM<stuff at kr33.de> wrote:
>>> Hi,
>>>
>>> I already spend hours on reading and testing tc.
>>> But now I'm at a point where I have to ask here for any hints.
>>>
>>> Basically I want to shape my input and output traffic.
>>> I have one nas server which handles large downloads. I want that nas
>>> to have
>>> a low priority, so that if I start a download on a normal client in the
>>> network this client gets most of the bandwidth.
>>> But I cant get this to work. Here is my fireqos.conf:
>>> ####################################
>>> DEVICE=eth0
>>> INPUT_SPEED=14300kbit
>>> OUTPUT_SPEED=2400kbit
>>> LINKTYPE="adsl remote bridged-llc mtu 1492"
>>>
>>> interface $DEVICE dsl-in input rate $INPUT_SPEED $LINKTYPE qdisc htb
>>> # Eingehender Traffic Internet --> LAN
>>> class interactive commit 1000kbit
>>> match udp port 53 # DNS
>>> match tcp port 22 # SSH
>>> match icmp
>>>
>>> class tcpack commit 2000kbit
>>> match tcp syn
>>> match tcp ack
>>> match tcp acks
>>>
>>> class web-http commit 7500kbit
>>> match tcp sports 80,443 prio 20 # http(s)
>>>
>>> class default commit 2500kbit
>>>
>>> class lowprio commit 1% max 80% prio 7
>>> match4 dst 192.168.2.11 prio 10 # debsrv
>>>
>>>
>>> interface $DEVICE dsl-out output rate $OUTPUT_SPEED $LINKTYPE qdisc htb
>>> # Ausgehender Traffic LAN --> Internet
>>> class interactive commit 200kbit
>>> match udp port 53 # DNS
>>> match tcp port 22 # SSH
>>> match icmp
>>>
>>> class tcpack commit 400kbit
>>> match tcp syn
>>> match tcp ack
>>> match tcp acks
>>>
>>> class web-http commit 1100kbit
>>> match tcp dports 80,443 prio 20 # http(s)
>>>
>>> class default commit 600kbit
>>>
>>> class lowprio commit 1% max 80% prio 7
>>> match4 src 192.168.2.11 prio 10 # debsrv
>>> ####################################
>>>
>>> If I now start downloading on both hosts with e.g. wget
>>> http://cdimage.debian.org/debian-cd/7.8.0/amd64/iso-dvd/debian-7.8.0-amd64-DVD-2.iso
>>>
>>> I get the following stats:
>>>
>>>
>>> Class Utilization on dsl-in (eth0 input => eth0-ifb) - values in
>>> Kbit/s
>>> TOTAL intera tcpack web-ht defaul lowpri
>>> 14552 - - 6069 3 8480
>>> 14116 1 - 5418 - 8697
>>> 14139 - - 6011 1 8127
>>> 14422 - - 6078 - 8344
>>> 14281 - - 5299 - 8982
>>> 14264 3 - 5521 - 8739
>>> 14277 - - 5252 1 9024
>>> 14201 - - 4798 1 9403
>>> 14288 - - 4762 1 9525
>>> 14227 - - 4988 - 9253
>>> 14293 - - 6318 11 7951
>>> 14327 - - 6905 142 7281
>>> 14219 - - 6988 - 7232
>>> 14133 - - 7172 - 6960
>>> 14347 - - 7196 - 7151
>>> 14390 - - 7048 1 7340
>>> 14203 1 - 7024 1 7177
>>> 14289 1 - 6979 - 7309
>>> 14272 1 4 6852 12 7403
>>> 14304 3 - 6385 - 7916
>>>
>>> ==> lowprio is getting much more bandwidth... why?
>>> Can anyone help me out / explain why it is behaving like this?
>>>
>>> Outgoing everything works like expected.
>>> (Used scp to upload a file to remote server)
>>>
>>> Class Utilization on dsl-out (eth0 output => eth0) - values in
>>> Kbit/s
>>> TOTAL intera tcpack web-ht defaul lowpri
>>> 2674 2619 - 28 - 27
>>> 2432 2379 - 25 - 27
>>> 2524 2483 - 14 - 27
>>> 2515 2462 - 25 - 27
>>> 2527 2490 - 24 - 14
>>> 2501 2458 - 14 1 27
>>> 2520 2476 - 17 - 27
>>> 2551 2509 - 14 - 27
>>> 2514 2463 - 25 - 27
>>> 2532 2479 - 25 1 27
>>> 2514 2474 - 13 - 27
>>> 2512 2469 2 27 1 14
>>> 2531 2323 70 25 86 27
>>> 2546 2490 - 29 - 27
>>> 2505 2463 - 15 - 27
>>> 2534 2479 1 25 1 27
>>> 2519 2440 - 52 - 27
>>> 2550 2491 - 31 - 27
>>> 2511 2476 - 22 - 14
>>> 2511 2449 5 22 7 27
>>>
>>> Thanks!
>>>
>>> Regards
>>> Andreas
>>> _______________________________________________
>>> Firehol-support mailing list
>>> Firehol-support at lists.firehol.org
>>> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list