tc, QoS, priority

Robert emil.konev na atlas.cz
Pátek Červenec 7 10:24:51 CEST 2006


ja vychazel z techto dvou scriptu

1.


### Configuration START

SPEED="2048"

### Configuration STOP

presne tohle na vas ceka. SPEED je rychlost jakou muzou pres vas router 
tect data. Zpravidla se uvadi rychlost vaseho pripojeni do site CZF.

Co ktery script dela:

qosclear -vycisti aktualni nastaveni QoS
qos-stat - vypise aktualni konfiguraci QoS
qos_base -nastavuje QoS. Takze tenhle script spoustejte treba pri startu 
pocitace
Nezapomente si skript pro nastaveni QoS pridat do runlevelu

A tady jsou otisky verze z 28.3.02 23:37:

qos-stat
-------------------------------------------------------------
echo "Existing configuration:"

### Configuration START

### Configuration STOP

FACES="`ip l l | grep "^[0-9]" | grep -vE "(sit|gre|ipip|tun|dummy|lo)" 
| sed "s/^[0-9]*: \([^:]*\).*/\1/g"`"

for FACE in ${FACES} ; do
echo "Configuration for:"
echo ${FACE}
tc -s -d qdisc show dev ${FACE}
tc -s -d class show dev ${FACE}
done

------------------------------------------------------------
qosclear
-----------------------------------------------------------
echo "Applying QOS rules"

# Set global variables
IPTABLES="iptables"
TC="/sbin/tc"

### Configuration START


### Configuration STOP

FACES="`ip l l | grep "^[0-9]" | grep -vE "(sit|gre|ipip|tun|dummy|lo)" 
| sed "s/^[0-9]*: \([^:]*\).*/\1/g"`"

echo "Remove Qdisc root classes"

for FACE in ${FACES} ; do
$TC qdisc del dev ${FACE} root &>/dev/null
done

echo "Remove IPTables packed mangling, set defaults"

$IPTABLES -t mangle -F INPUT
$IPTABLES -t mangle -F OUTPUT
$IPTABLES -t mangle -F PREROUTING
$IPTABLES -t mangle -F POSTROUTING
$IPTABLES -t mangle -F FORWARD

$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
--------------------------------------------------------------------------------
qos_base
---------------------------------------------------------------------------------
#!/bin/sh

echo "Applying QOS rules"

echo "-Set global variables"
IPTABLES="/sbin/iptables"
TC="/sbin/tc"

### Configuration START
# $SPEED must be /2

SPEED="2048"

### Configuration STOP

FACES="`ip l l | grep "^[0-9]" | grep -vE 
"(sit|gre|ipip|tun|dummy|lo|teql)" | sed "s/^[0-9]*: \([^:]*\).*/\1/g"`"

STOCHASIS="sfq perturb 10"

echo "-Remove Qdisc root classes"

for FACE in ${FACES} ; do
$TC qdisc del dev ${FACE} root &>/dev/null
done

echo "-Remove IPTables packed mangling, set defaults"

$IPTABLES -t mangle -F INPUT
$IPTABLES -t mangle -F OUTPUT
$IPTABLES -t mangle -F PREROUTING
$IPTABLES -t mangle -F POSTROUTING
$IPTABLES -t mangle -F FORWARD

$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT

echo "-Trafic Marking"

for FACE in ${FACES} ; do
# SSH
$IPTABLES -t mangle -A OUTPUT -p tcp --sport 22 -o ${FACE} -j MARK 
--set-mark 1
$IPTABLES -t mangle -A OUTPUT -p tcp --dport 22 -o ${FACE} -j MARK 
--set-mark 1
$IPTABLES -t mangle -A FORWARD -p tcp --sport 22 -o ${FACE} -j MARK 
--set-mark 1
$IPTABLES -t mangle -A FORWARD -p tcp --dport 22 -o ${FACE} -j MARK 
--set-mark 1
# interactive UDP aplication, suported: Half-Life
$IPTABLES -t mangle -A FORWARD -p udp --sport 27015 -o ${FACE} -j MARK 
--set-mark 10
$IPTABLES -t mangle -A FORWARD -p udp --dport 27015 -o ${FACE} -j MARK 
--set-mark 10
# Ping
$IPTABLES -t mangle -A FORWARD -p icmp -o ${FACE} -j MARK --set-mark 20
# Routing, suported: OSPF
$IPTABLES -t mangle -A FORWARD -p ospf -o ${FACE} -j MARK --set-mark 30
$IPTABLES -t mangle -A FORWARD -p tcp --sport 179 -o ${FACE} -j MARK 
--set-mark 30
$IPTABLES -t mangle -A FORWARD -p tcp --dport 179 -o ${FACE} -j MARK 
--set-mark 30
# Huge data transfer, suported: FTP, HTTP, HTTPS, alt. HTTP
$IPTABLES -t mangle -A OUTPUT -p tcp --sport 20 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A OUTPUT -p tcp --dport 20 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --sport 20 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --dport 20 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A OUTPUT -p tcp --sport 21 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A OUTPUT -p tcp --dport 21 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --sport 21 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --dport 21 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A OUTPUT -p tcp --sport 80 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A OUTPUT -p tcp --dport 80 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --sport 80 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --dport 80 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --sport 443 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --dport 443 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A OUTPUT -p tcp --sport 8080 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A OUTPUT -p tcp --dport 8080 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --sport 8080 -o ${FACE} -j MARK 
--set-mark 40
$IPTABLES -t mangle -A FORWARD -p tcp --dport 8080 -o ${FACE} -j MARK 
--set-mark 40
# email: SMTP,IMAP, IMAPS, POP3, POP3S
$IPTABLES -t mangle -A FORWARD -p tcp --sport 110 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --dport 110 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --sport 143 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --dport 143 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --sport 25 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --dport 25 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --sport 993 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --dport 993 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --sport 995 -o ${FACE} -j MARK 
--set-mark 50
$IPTABLES -t mangle -A FORWARD -p tcp --dport 995 -o ${FACE} -j MARK 
--set-mark 50
done

echo "-Create HTB classes"

for FACE in ${FACES} ; do
$TC qdisc add dev ${FACE} root handle 1: htb default 30
$TC class add dev ${FACE} parent 1: classid 1:1 htb rate ${SPEED}kbit 
ceil ${SPEED}kbit burst 10k
$TC class add dev ${FACE} parent 1:1 classid 1:11 htb rate 64kbit ceil 
256kbit burst 2k prio 1 # SSH class
$TC class add dev ${FACE} parent 1:1 classid 1:110 htb rate 64kbit ceil 
$((${SPEED}/4))kbit burst 2k prio 2 # interactive class
$TC class add dev ${FACE} parent 1:1 classid 1:120 htb rate 32kbit ceil 
128kbit burst 1k prio 4 # ping class
$TC class add dev ${FACE} parent 1:1 classid 1:130 htb rate 32kbit ceil 
64kbit burst 1k prio 1 # routing class
$TC class add dev ${FACE} parent 1:1 classid 1:140 htb rate 32kbit ceil 
$((${SPEED}/2))kbit burst 5k prio 3 # data transfer class
$TC class add dev ${FACE} parent 1:1 classid 1:150 htb rate 128kbit ceil 
$((${SPEED}/2))kbit burst 5k prio 2 # email class
$TC class add dev ${FACE} parent 1:1 classid 1:30 htb rate 32kbit ceil 
$((${SPEED}/2))kbit burst 2k prio 5 # nonsuported trafic class
done

echo "-Add stochasic fairness to HTB classes"

for FACE in ${FACES} ; do
$TC qdisc add dev ${FACE} parent 1:11 handle 111: $STOCHASIS # SSH 
sub-classes
$TC qdisc add dev ${FACE} parent 1:110 handle 1101: $STOCHASIS # 
interactive sub-classes
$TC qdisc add dev ${FACE} parent 1:120 handle 1201: $STOCHASIS # ping 
sub-classes
$TC qdisc add dev ${FACE} parent 1:130 handle 1301: $STOCHASIS # routing 
sub-classes
$TC qdisc add dev ${FACE} parent 1:140 handle 1401: $STOCHASIS # data 
transfer sub-classes
$TC qdisc add dev ${FACE} parent 1:150 handle 1501: $STOCHASIS # email 
sub-classes
$TC qdisc add dev ${FACE} parent 1:30 handle 301: $STOCHASIS # 
nonsuported trafic class
done


echo "-Redirect marked services to HTB classes"

for FACE in ${FACES} ; do
$TC filter add dev ${FACE} parent 1:0 protocol ip handle 1 fw flowid 
1:11 # SSH
$TC filter add dev ${FACE} parent 1:0 protocol ip handle 10 fw flowid 
1:110 # interactive
$TC filter add dev ${FACE} parent 1:0 protocol ip handle 20 fw flowid 
1:120 # ping
$TC filter add dev ${FACE} parent 1:0 protocol ip handle 30 fw flowid 
1:130 # routing
$TC filter add dev ${FACE} parent 1:0 protocol ip handle 40 fw flowid 
1:140 # data transfer
$TC filter add dev ${FACE} parent 1:0 protocol ip handle 50 fw flowid 
1:150 # email
done


2.
#!/bin/sh
#
# GameScript     This script establishes policy routing and traffic
#                control rules to minimize latency for game packets
#                in the presence of other traffic.
#

# Besides this script, there is one other thing that must be done.
# Assuming that iproute2 is already installed, edit the file
# /etc/iproute2/rt_tables and add the following line at the bottom:
# "100  Small_MTU"

# ***********************************************************************
# DEFINES                                                               *
# ***********************************************************************

# Change these values as required to reflect your setup

# Addresses and Interfaces
LAN_IP_RANGE="192.168.1.0/24"
LAN_IP="192.168.0.1"
LAN_INTERFACE="eth0"
LOCALHOST_IP="127.0.0.1/32"
INTERNET_IP_RANGE="123.123.123.0/24"
INTERNET_IP="123.123.123.123"
INTERNET_GATEWAY="123.123.123.1"
INTERNET_INTERFACE="eth1"

# Executables

IPTABLES="/sbin/iptables"
TC="/sbin/tc"
IP="/sbin/ip"

# Information used to identify game traffic.
# add more as required

HOST1="192.168.0.2"
HOST1_GAME_PORT="3724"

# Packet marks (arbitrary)

GAME_PACKET="1"

# For traffic shaping:
#
# The numbers below were arrived at by test on a DSL
# line with nominal line speeds of 128 kbit up and
# 1400 kbit down.  Actual measured throughput was
# about 90 kbit up and 1150 kbit down.
#
# A note regarding MTU:  Standard ethernet MTU is 1500
# bytes, which which resulted in unacceptable single
# packet xmit waits of 1500 x 8 / 90,000 = 133 msec.
# Lowering the interface MTU changes the MTU in both
# directions, which helped uplink latency but hurt
# downlink throughput.  Lowering the interface MTU to
# 256 bytes resulted in a downlink throughput of less
# than 500kbit. An interface MTU in the 400 - 500 byte
# range provided an acceptable compromise, with single
# packet xmit times of about 40 msec and downlink speeds
# of about 700kbit. However, leaving the interface MTU
# at 1500 bytes and setting a lower per-route MTU that
# only affected non-game uplink traffic was the best
# solution.  An uplink MTU smaller than 256 bytes would
# help latency even more, but tc and/or htb don't seem
# to like mtu's below 256 and, besides, 256 results in a max
# single packet xmit wait of around 25 msec, with
# even better average behavior.

STD_MTU="1500"
TC_MTU="256"

TC_MSS=$(( $STD_MTU - 40 ))

TC_UPLINK_RATE="90"
TC_DOWNLINK_RATE="1000"
TC_GAME_RATE="30"
TC_GAME_CEIL=$TC_UPLINK_RATE
TC_OTHER_RATE=$(( $TC_UPLINK_RATE - $TC_GAME_RATE ))
TC_OTHER_CEIL=$(( $TC_UPLINK_RATE - $TC_GAME_RATE ))

# *********************************************************************
# RULES                                                               *
# *********************************************************************

case "$1" in
   start)

       # ***************************************************************
       # MANGLE Table PREROUTING Chain                                 *
       # ***************************************************************

       # Firewall packet marking TCP game traffic from Host1

       $IPTABLES   --table                 mangle                      \
                   --append                PREROUTING                  \
                   --protocol              TCP                         \
                   --in-interface          $LAN_INTERFACE              \
                   --source                $HOST1                      \
                   --source-port           $HOST1_GAME_PORT            \
                   --jump                  MARK                        \
                   --set-mark              $GAME_PACKET

       # Firewall packet marking UDP game traffic from Host1

       $IPTABLES   --table                 mangle                      \
                   --append                PREROUTING                  \
                   --protocol              UDP                         \
                   --in-interface          $LAN_INTERFACE              \
                   --source                $HOST1                      \
                   --source-port           $HOST1_GAME_PORT            \
                   --jump                  MARK                        \
                   --set-mark              $GAME_PACKET

       # Firewall packet marking TCP game traffic to Host1

       $IPTABLES   --table                 mangle                      \
                   --append                PREROUTING                  \
                   --protocol              TCP                         \
                   --in-interface          $INTERNET_INTERFACE         \
                   --destination           $HOST1                      \
                   --destination-port      $HOST1_GAME_PORT            \
                   --jump                  MARK                        \
                   --set-mark              $GAME_PACKET

       # Firewall packet marking UDP game traffic to Host1

       $IPTABLES   --table                 mangle                      \
                   --append                PREROUTING                  \
                   --protocol              UDP                         \
                   --in-interface          $INTERNET_INTERFACE         \
                   --destination           $HOST1                      \
                   --destination-port      $HOST1_GAME_PORT            \
                   --jump                  MARK                        \
                   --set-mark              $GAME_PACKET

       # ***************************************************************
       # Policy Routing                                                *
       # ***************************************************************

       # Delete any existing / old rules.

       $IP rule del priority 4000 2> /dev/null

       $IP rule del priority 5000 2> /dev/null

       # Flush the alternate routing table and routing cache

       $IP route flush table Small_MTU 2> /dev/null

       $IP route flush cache

       # Duplicate the normal routing table except lower the MTU of the
       # default route.

       $IP route add $LOCALHOST_IP dev lo table Small_MTU

       $IP route add $LAN_IP_RANGE dev $LAN_INTERFACE src $LAN_IP      \
            table Small_MTU proto static

       $IP route add $INTERNET_IP_RANGE dev $INTERNET_INTERFACE        \
            src $INTERNET_IP table Small_MTU proto static

       $IP route add default via $INTERNET_GATEWAY mtu $TC_MTU         \
            advmss $TC_MSS table Small_MTU proto static

       # Game traffic continues to go to the main routing table with
       # so that it can take advantage of larger uplink packet sizes.

       $IP rule add fwmark $GAME_PACKET priority 4000 table main

       # Now start referring non-game traffic to the new routing table

       $IP rule add from 0/0 priority 5000 table Small_MTU

       $IP route flush cache

       # ***************************************************************
       # Uplink Traffic Control                                        *
       # ***************************************************************

       # Egress bandwidth shaping and scheduling are performed to ensure
       # that packets are never queued in the ADSL modem, and that game
       # packets, if present, take priority over all other traffic.

       # First delete any previous traffic control rules

       $TC qdisc del dev $INET_IFACE root 2> /dev/null
       $TC qdisc del dev $INET_IFACE ingress 2> /dev/null

       # Now establish the HTB root discipline

       $TC qdisc add dev $INTERNET_INTERFACE root handle 1:0           \
            htb default 11 r2q 1

       # Now establish the root class

       $TC class add dev $INTERNET_INTERFACE parent 1:0 classid 1:1    \
            htb rate $TC_UPLINK_RATE"kbit" ceil $TC_UPLINK_RATE"kbit"  \
            burst 6k cburst 6k

       # Add leaf class for game traffic

       $TC class add dev $INTERNET_INTERFACE parent 1:1 classid 1:10   \
            htb rate $TC_GAME_RATE"kbit" ceil $TC_GAME_CEIL"kbit"      \
            prio 1 burst 6k cburst 6k

       # Add leaf class for non-game traffic.  Note that non-game
       # traffic is capped at about 67% of the available uplink
       # bandwidth, both for rate and ceiling.  This was done
       # to ensure that sufficient bandwidth (tokens) is always
       # available for game packets when they arrive.

       $TC class add dev $INTERNET_INTERFACE parent 1:1 classid 1:11   \
            htb rate $TC_OTHER_RATE"kbit" ceil $TC_OTHER_CEIL"kbit"    \
            prio 2 mtu $TC_MTU

       # Add fifo queueing discipline for game traffic

       $TC qdisc add dev $INTERNET_INTERFACE parent 1:10 handle 10:    \
            pfifo limit 25

       # Add prio queueing discipline for non-game traffic to provide
       # standard TOS priority queueing.

       $TC qdisc add dev $INTERNET_INTERFACE parent 1:11 handle 11:    \
            prio

       # Add sfq queueing discipline for minimize-delay traffic

       $TC qdisc add dev $INTERNET_INTERFACE parent 11:1 handle 111:   \
            sfq perturb 5

       # Add sfq queueing discipline for best-effort traffic

       $TC qdisc add dev $INTERNET_INTERFACE parent 11:2 handle 112:   \
            sfq perturb 5

       # Add sfq queueing discipline for maximize-throughput traffic

       $TC qdisc add dev $INTERNET_INTERFACE parent 11:3 handle 113:   \
            sfq perturb 5

       # Now filter game traffic to leaf 1:10 as first priority

       $TC filter add dev $INTERNET_INTERFACE parent 1:0               \
            protocol ip prio 1 handle $GAME_PACKET fw flowid 1:10

       # Empty ack packets are assigned directly to the minimize-
       # delay queue.

       $TC filter add dev $INTERNET_INTERFACE parent 11:0 protocol ip \
            prio 3 u32 match ip protocol 6 0xff                       \
            match u8 0x05 0x0f at 0                                   \
            match u16 0x0000 0xffc0 at 2                              \
            match u8 0x10 0xff at 33                                  \
            flowid 11:1

       # The remaining traffic defaults to htb leaf 1:11

       # **************************************************************
       # Downlink Traffic Control (Ingress Policing)                  *
       # **************************************************************

       # Downlink traffic is limited to about 85% of actual downlink
       # capability to prevent upstream queueing.

       # First establish an ingress qdisc

       $TC qdisc add dev $INTERNET_INTERFACE handle ffff: ingress

       # Incoming game traffic is not policed

       $TC filter add dev $INTERNET_INTERFACE parent ffff:            \
            protocol ip prio 1 handle $GAME_PACKET fw flowid :1

       # Filter everything else to that qdisc and drop packets
       # that exceed the bandwidth limit

       $TC filter add dev $INTERNET_INTERFACE parent ffff:            \
            protocol ip prio 3 u32 match ip src 0.0.0.0/0             \
            police rate $TC_DOWNLINK_RATE"kbit" burst 3k drop         \
            flowid :1
       ;;
   stop)
       # Remove any uplink throttling

       $TC qdisc del dev $INTERNET_INTERFACE root 2> /dev/null
       $TC qdisc del dev $INTERNET_INTERFACE ingress 2> /dev/null

       # Remove policy routing

       $IP rule del priority 5000 2> /dev/null
       $IP rule del priority 4000 2> /dev/null
       $IP route flush table Small_MTU 2> /dev/null
       $IP route flush cache
       ;;
   restart)
       $0 stop
       sleep 3
       $0 start
       ;;
   *)
       echo "Usage: ./$0 start|stop|restart}"
       exit 1
esac

exit 0



Robert


Další informace o konferenci Linux