View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Traffic Shaping
Log in to Ask a Question

Traffic Shaping

networking

Hello

I have a desktop pc running Debian 3.0 (Woody, I think). This pc has 2 NIC's. One NIC is connected to a network, the other is connected to a notebook. I want this linux box to forward all traffic from the network (eth0) to the notebook (eth1) and vica versa and it should be able to participate on the network itself too.

So far I have achieved this by creating a bridge between eth0 and eth1, this was not hard at all.

Now I want to do the following:

The linux box should always prioritize the traffic from the notebook (eth1) to the network (eth0). So if the notebook and the linux box want to send/recieve packets to/from the network, the linux box should always let the notebook's packets go first.

This should be possible with traffic shaping and ebtables, right?

I use the following script/command to set up traffic shaping:

ebtables -A FORWARD -j mark --set-mark 1
tc qdisc add dev eth0 root handle 1: prio
tc qdisc add dev eth1 root handle 2: prio
tc filter add dev eth0 parent 1: protocol ip handle 1 fw flowid 1:1
tc filter add dev eth1 parent 2: protocol ip handle 1 fw flowid 2:1

This returns no errors, but the script doesn't work. There is no difference between running it and just enableing the bridge without any traffic shaping.

What am I doing wrong?

Thx a lot in advance!

18 Replies

> What am I doing wrong?

Too long to list. You have some basic misconceptions about traffic control. And unless I'm not mistaken, I don't think it would do any good to enable TC on individual interfaces of a bridge. You might want to look over the LARTC HOWTO or the HTB manual.

I've found the HTB manual to be a very good solution for traffic control and the website also has a lot of good information about the subject in general.

:shock:

Ow, mmh I thought I had it right. Whell, thx for letting me know, I'll check those links that you gave me.

But I don't think I need HTB, PRIO should be enough for what I want, I think.

Mmh I've read the manual and I still don't see what I am doing wrong.

I'm marking everything in the forward chain with ebtables and then I apply a filter so that everything with that mark ends up in class 1 of the eth0/eth1 PRIO qdisc. And class 1 has the highest priority so those packets should be sent first…

Or does it have something to do with the priomap, maybe the FTP packets I use for testing end up in class 1 aswel because they are marked for high bandwith by TOS?

Could you give me some advice on what I am doing wrong?

perhaps you're taking the wrong approach to it… tell me exactly what you're trying to accomplish and I'll see if I can suggest a good way to go about getting there.

This is the setup:

Notebook –- LinuxBox --- Network Switch ---- a bunch of other pc's

(my ASCII skills are not that good ;) )

So the linuxbox has 2 NIC's. One is attached to the network switch (eth0), the other to the notebook (eth1).

The linuxbox should forward all traffic from eth1 to eth0 and forward all the traffic for the notebook from eth0 to eth1, so it should just act as a standard bridge. And it does that without any problems right now.

BUT, I also want it to prioritise all the packets to and from eth1. So the notebook should always have full bandwith available. It doesn't matter if the linuxbox is downloading from 1000 FTP servers, it should always let the notebook's packets (everything from and to eth1) go first.

I hope it's clear for you. If not, let me know what you need to know :? :) .

Edit:

I forgot to let you know, the way I am testing is like this:

Notebook --- LinuxBox --- Network Switch ---- FTP SERVER

I connect on the notebook and on the linuxbox to the FTP server and I transfer a 100MB file to it simultaneously from the notebook and the linuxbox. The linuxbox should let the notebook transfer the whole file first and only after it has been completed, the linuxbox's speed should rise again.

well that sounds possible and probably not too difficult. If you have those two cards truly bridged, then you don't have much to worry about on that part. The kernel will treat the bridged interfaces as one (as br0 probably).

Now, what I want to know is what do you need this traffic shaper to accomplish for you? It is 100% impossible to shape inbound traffic, by the way. You can not control what data a remote host sends to you first. It sounds like you want to control how fast your laptop downloads but it is mostly impossible to completely control. Is there a certain kind of traffic you want to go faster or is it all traffic to that computer? Is it for gaming, or file transfers?

You can easily shape upstream traffic, however. This can result in some improvement but it still will not make your laptop download any faster. I see only 2 options for making your total downloading speed selectively faster:

1: HARSH ingress policing on the external interface to force remote hosts from sending at full speed, saturating your downstream bandwidth. Then possibly making the policer ignore traffic TO your laptop's IP. This solution is generally easy to set up, but will cost you about 40-50% of your downstream bandwidth in order to be effective.

2: WRR + RED for the egress on br0 interface that gives better weight to your laptop's IP. This is a very complicated solution that works well from what I have read about it. But I have never done it myself and I don't really know how to do it either.

Just out of interest:

Why can't the notebook connect directly to the switch? or is the linuxbox a gateway to the internet via ppp or adsl.

@kangaby:

Just out of interest:

Why can't the notebook connect directly to the switch? or is the linuxbox a gateway to the internet via ppp or adsl.
No, this is not possible, otherwise the solution would indeed be simple :) .

Mmh, sounds pretty complicated.

So I can't control the incoming packets, I'll have to leave it like that then. Or can I prioritize the forwarding of packets to the notebook, so that if the LinuxBox has both packets to forward and packets for itsself in queue, that the LinuxBox will always first forward the notebooks packets and afterwards process its own?

For the outbound traffic: both low latency packets (gaming) and high bandwidth packets (file transfers) should be prioritized. So ALL traffic from the notebook must have highest priority.

I think I can probably find a simple solution for you. I need more information though.

> Notebook –- LinuxBox --- Network Switch ---- FTP SERVER

Am I to assume that your linux box is your router?

Does it work something like this?: -------------|br0|eth0------Switch |br0|eth1------Notebook Linux router | -------------|ppp0(or eth2)-----Cable Modem/DSL/Whatever Internet

And are you trying to shape traffic to/from your FTP servers and the internet or to/from your ftp servers and your laptop? So far, I'm getting the feeling that you have are FTP servers that could have several connections going at any point to people out on the internet and what you want to do is have that traffic not affect your experience while using your laptop and that the traffic you're wanting to prioritize is between the laptop and the internet? or is it between the laptop and your FTP servers?

Is there a Linode involved here, somewhere?

No linode (I hope it's OK that I post here anyway, this is a nice forum). And it's not a router.

All network 'routing' is done on layer 2.

It's just for when I only have 1 port available from the switch and I want to connect 2 pc's. And one of those 2 pc's must have priority on everything (the notebook).

You didn't answer the more important questions.

What traffic are you trying to prioritize? Internet traffic from the laptop or your own FTP server traffic from the laptop? or is it just all traffic in general? Where is your network bottleneck (shaping is best done near the bottleneck)

Any traffic from the laptop should be prioritized.

Mmh bottleneck is the router because everything is 100Mbps but the linuxbox and the notebook share one port on the switch so they have to share their 100Mbps.

I wouldn't really consider that a bottleneck and is probably not the source of your bandwidth problem. Can you provide an example of something you want to change? A scenario? Just saying "I want to prioritize the laptop" isn't working for me.

What you're saying is too broad to make sense of.

Well, there isn't any problem until the Linuxbox starts uploading/downloading (at max speed). Then the notebook would only have half of the bandwith left, I don't want that to happen.

So if the Linuxbox is for example sending a 1000MB file via FTP and the notebook wants to do the same at the same time, the notebook should be able to upload faster, at (almost) full speed…

I'm not sure how the bridge will impact this but maybe what you need are some HTB rules on your bridge interface.

Maybe something like this:````
1:
|
1:1
/\
/ \
/ \
Laptop 85% \
1:10 \
/\ \
/ \ Other 15%
/ \ 1:20
[1:11] [1:12] / \
high low / \
[1:21] [1:22]
high low

Children of 10: would be guaranteed 85% of the bandwidth, 11: would be guaranteed the rest. Both classes being able to borrow from the other when it is not in use. Put all high priority traffic from the IP of your laptop into 10:1, all other traffic from that IP into 10:2\. High prioirity traffic from all other IP's into 11:1, all other traffic into 11:2\. Set the dequeueing priorities of 1:10, 1:11, and 1:21 to 1, set 1:20, 1:22, and 1:12 to 2.

This translates into TC commands like so (i think):

tc qdisc add dev root handle 1: htb \
default 22

tc class add dev br0 parent 1: classid 1:1 htb \
rate 90000kbit

tc class add dev br0 parent 1:1 classid 1:10 htb \
rate 76500kbit \
prio 1

tc class add dev br0 parent 1:10 classid 1:11 htb \
rate 65025kbit \
prio 1

tc class add dev br0 parent 1:10 classid 1:12 htb \
rate 11475kbit \
prio 2

tc class add dev br0 parent 1:1 classid 1:20 htb \
rate 13500kbit \
prio 2

tc class add dev br0 parent 1:20 classid 1:21 htb \
rate 11475 \
prio 1

tc class add dev br0 parent 1:20 classid 1:22 htb \
rate 2025kbit \
prio 2
````

This is not a complete TC script because it doesn't have filters to classify traffic, nor does it have SFQ enabled on any leaf. Bascially you'd want to match high priority from the laptop and put it in 1:11, match everything else from the laptop and put it in 1:12, high priority traffic from elsewhere go to 1:21, and the rest go to 1:22.

Think you can come up with the right filter lines and add SFQ (if desired)? I'm too tired to think about those right now.

Thanks a lot! I will try this out as soon as I can, but that might take a while because I'm in the middle of my exams right now…

Does this work for incoming traffic too? (yes I know there are issues)

eg limit incoming ftp to X kb/sec.

> Does this work for incoming traffic too? (yes I know there are issues)
Assuming that the filters match against source and destination IP of the laptop and considering this is a bridge interface, it may… but I've never tried to shape a bridge interface so I dunno for sure.

The best sources of information on TC is on LARTC and The HTB manual. It really isn't as complicated as it seems.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct