Page 6 of 9 FirstFirst ... 45678 ... LastLast
Results 76 to 90 of 128

Thread: Wondershaper QoS discussion

  1. Skype priority

    Hi, I want to add my bit to the description of "configuring" wondershaper.

    Background
    Code:
    +-------------+
    | cable modem |
    +-------------+
           |
      +--------+
      | wl500g |
      +--------+
         /    \
        /      \   wire
       /        \
    +----+   +---------+
    | PC |   |  NSLU2  |
    +----+   | storage |
             +---------+
    on the NSLU2 storage, I have (among other services available only locally) a web server with PHP and MySQL visible from outside world. On the PC I sometimes want to use Skype while browsing the web or downloading or such. As my bandwidth is limited to 1024/128 (give or take), it was sometims impossible to keep a good connection for Skype. Also I wanted the web site to be reasonably accessible while I was doing something else.

    Approach
    I mainly used the approach of akbor (thanks a lot) with some modifications:

    Code:
                          +-------+
                          | qdisc |
                          +-------+
                              |
           +---------------------------------------+
           |            root class 1:1             |
           |        rate 100% / ceil 100%          |
           +---------------------------------------+
             |                 |                 |
      +-------------+  +---------------+  +-------------+
      |hi class 1:10|  |main class 1:20|  |lo class 1:30|
      |  rate 50%   |  |    rate 40%   |  |  rate 10%   |
    --|  ceil 100%  |--|    ceil 100%  |--|  ceil 100%  |--
    | |  prio 1     |  |    prio 2     |  |  prio 3     | |
    | +-------------+  +---------------+  +-------------+ |
    |        ^                 ^                 ^        |
    ---------(------SFQ--------(-----------------(---------
             |  
            / \-----------\
           /               \
    +-------------+  +-------------+
    |subclass 1:11|  |subclass 1:15|
    |  rate 40%   |  | rate  2kbit |
    |  ceil 100%  |  | ceil 12kbit |
    +-------------+  +-------------+
    * The class 1:11 is used for all high priority traffic as in akbor's example including the outgoing web service (well, my web traffic is very low, it's only for personal purposes, for friends and so)
    * The class 1:15 is obviously the one used for Skype. I setup the Skype so it uses only the port 41100 and let this port in both UDP and TCP service go to this class (but I think the UDP would be enough)
    * I also hardcoded a 54321 port for torrents to go to 1:30 part.

    The code
    only the additions for Skype are here
    Code:
    tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
      match ip sport 41100 0xffff \
      match ip protocol 17 0xff \
      flowid 1:15
    tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
      match ip sport 41100 0xffff \
      match ip protocol 0x11 0xff \
      flowid 1:15
    and for the local web server:
    Code:
    tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
      match ip sport 80 0xffff \
      match ip src IPADDR \
      flowid 1:11
    where IPADDR is the IP address for the WAN side - that is the IP address assigned to you by your ISProvider. I have yet to figure out the way to update this address automatically with my DynDNS update, though. For the time being, the address is being hardcoded.

    Result
    So far, this seems to work rather well. I tried these proceses simultaneously:
    * downloading a large file from the internet
    * uploading a file to internet
    * Skype-phoning a friend
    * the friend being asked was accessing my website on the NSLU2 machine
    * browsing the web

    The Skype communication was without any significant drops (as was without wshaper), the pages served to my friend were almost as fast as without any other activity (the limiting factor here is the speed of the NSLU2, not the connection speed). The other activities were slowed accordingly. I'd describe that as a success.

    I hope this will help someone coping with a similar task.

    remarks
    I'm greatly delighted by the possibilities of the small beast (wl500g). I've had it for more than a year, only 1month ago did I install Oleg's firmware. Just plain great. When combined with possibilities of custom firmware in NSLU2 www.nslu2-linux.org, it is a combination with great potential on a very low short and long term budget

    Jiri

  2. #77
    Join Date
    Apr 2004
    Location
    Netherlands
    Posts
    1,308
    Interesting setup. A question:
    Why aren't you putting webserver traffic into 1:20 or even 1:30 and Skype into 1:10 and let it borrow bandwith from 1:10 when it's available. This seems to me like a much simpler approach and it doesn't limit Skype as much (it can then use as much as needed).

    Also, putting webserver traffic into the high priority class will potentially slow down ICMP traffic I guess.
    Last edited by Styno; 31-08-2006 at 13:54.

  3. Styno,

    the web server running on NSLU2 is just for personal purposes, there is nothing for general audience. Therefore the traffic there is very very low. Most of the time the bandwidth is consumed by different tasks (if at all). Yet I wanted to allow the pages being served to go out right away - so the high priority. The content of the pages is in rather small files, there is nothing larger then a hundred kb, so if it slows ICMP for awhile, it is not such a big problem.

    But you might be right about the web traffic, I might consider moving it to prio 2 category, though... I'll see how the configuration behaves for a while...

    Jiri

  4. #79
    @poutnik

    Hi Jiri and welcome to the "wshaper-club"

    I've only few points:
    Code:
    +-------------+
    |subclass 1:15|
    | rate  2kbit |
    | ceil 12kbit |
    +-------------+
    I think, you are wasting a little bit of your uplink speed. In this sub-class the rate can be 10% or hard-coded ca. 11.5 kbit (10% from 128kbit*0.9).

    Are 2 kbit really enough for using skype? That's guaranteed speed in your class 1:15!

    Code:
    tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
      match ip sport 41100 0xffff \
      match ip protocol 17 0xff \
      flowid 1:15
    tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
      match ip sport 41100 0xffff \
      match ip protocol 0x11 0xff \
      flowid 1:15
    That's exactly the same rule twice. 17 = 0x11 = udp. If you wanted to filter the TCP traffic too, just use 6 = 0x6 = tcp.

    Code:
    tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
      match ip sport 80 0xffff \
      match ip src IPADDR \
      flowid 1:11
    Does that really work? I think, the source IP for you outgoing WEB traffic isn't your public IP, but the private IP of yours WEB server (NSLU2? I don't know this device). If you really need to filter the traffic according to your public IP, you can mask the IP in the same way like a port:
    Code:
    tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
      match ip sport 80 0xffff \
      match ip src 215.145.75.0/24 \
      flowid 1:11
    that schould filter all packets from host (just for example!) 215.145.75.0 - 215.145.75.255, port 80. Or alternatley you can try to mark the packets from your IP with iptables:
    Code:
    tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 6 fw flowid 1:11
    iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 6
    take a look at http://lartc.org/howto/lartc.qdisc.filters.html!

    good luck!

    Robert
    Last edited by akbor; 31-08-2006 at 21:59.
    ISP: TV Cable 50/5 Mbit
    Modem: Arris Touchstone TM822S
    "NAS": 1000 GB 2.5" HDD, EXT4, (USB @ RT-AC87U)
    Router: Asus RT-AC87U 380.68 (Merlin build), vsftpd, Samba3, NFS, Transmission, PyLoad...)
    Clients: mittlerweile unzählige...

  5. akbor, thanks for your ideas and hints. In the meantime I modified the script a bit.

    I made 4 classes:
    1st - top priority, with 2 subclasses. 1:11 for ICMP, SSH is unlimited; 1:15 is for Skype. [the 1:15 has rate 16kbit ceil 32kbit - the 12kbit was too low and causing dropouts] akbor - what if I set the basic rate to 0 (zero) here? And as the traffic for Skype only grows when I actually phone and in this case the allocated bandwidth can grow, I think that I can set a very low basic rate. Or am I wrong?

    2nd - almost top - for the outgoing web pages. And yes, as I monitored the traffic on eth1 with iptraf, the traffic is correctly ascribed to the public IP. Because the NAT has already taken place and translated the packets from my private 192.168.1.xxx address to the public with 82.242.xxx.yyy. If I were monitoring (or limiting) the eth0 side, then I'd have to use the private 192... address. This approach is also verified by the output of "./wshaper status eth1" rising the count for correct class - I tried it from outside, while working through SSL tunnel (btw. over the most restrictive corporate password protected proxy allowing only ports 80 and 443 to go through).

    3rd - general traffic

    4th - the low priority traffic (like outgoing torrents. Btw., I limited it rather firmly for upload too - with ceil).

    Thanks for hinting the cloud over my brain - I know 0x11 is 17, but sometimes even the thoughts-train has dropouts. The duplicity could be removed. But by this (unwanted) test I assured that only the UDP setting is necessary. Thanks again.

    I also thought of the iptables filter, but in this field I'm still a beginner so I chose the easier approach. I'll test it in due time and post my impressions then...

  6. akbor, sorry for not replying to your question. Again a cloudy brain after a long day

    NSLU2 - that is another wonderful device - a NAT from LinkSys called NSLU2. It has a very low power consumption (around 1W according to measurements), is small (the size of a pack of cigarettes), has 2 USB2.0 ports and 1 100Mbit LAN port, a little more computing power than the WL500g (the bogoMIPS for wl500g is ~83, for NSLU2@266MHz is ~263), costs something like U$100 or 70€. And it can be taught Linux quite easily - and if you like, even in flavours like Debian or Gentoo. If you are interested, really do have a look at www.nslu2-linux.org, but be prepared to spend a long time browsing the site. It as packed with ideas as these forums are.

    For your idea, mine runs as samba/nfs storage, squid proxy server, lighttpd web server with PHP, MySQL database. And the webpages are complex and heavilly dependent on MySQL and PHP - it's a genealogy suite based on the phpGedView.

    The little beast is equiped with 32MB RAM, 4MB flash, an IXP420 processor running at 133MHz from factory. With a very very simple modification, you can de-underclock it to 266MHz (for more info on this, have a look at this site) - I had to do this modification. As of some recent reports, it will come running at 266MHz from the factory, so no modifications may be needed...

    Jiri

  7. #82
    what if I set the basic rate to 0 (zero) here? And as the traffic for Skype only grows when I actually phone and in this case the allocated bandwidth can grow, I think that I can set a very low basic rate. Or am I wrong?
    Well, the problem is, that in this case your skype doesn't have any guaranteed bantwidth and the class 1:15 always borrows the bandwidth from the others. If all other classes are working to their full capacity, then 1:15 can only borow the bandwith 1:10 - 1:11. That's -I think- almost the same as when had a rate of 1:10 - 1:11. But with a little difference - this rate isn't guaranteed, I really don't know whether the HTB + SFQ work *perfectly* or not. That's my theory

    Then, if your NAT really replaces the private IP in the outgoing packets trough the public IP, then you could try to mask the IP with /24 as I said. Maybe you helped me in this point, because I didn't have any success with filtering the traffic by the private source IP yet. Maybe that's caused by NAT of the devices in my private network. In each case I should check this issue, thank you for your idea!

    Well, you've defined four top-classes in parallel. Are you sure that "prio 4" does work correctly? I think, I read somewhere, that the prio of the classes can only be 1 to 3. I don't know, whether this information is correct or not. Or maybe you have two classes with the same prio?

    be good

    Robert
    Last edited by akbor; 01-09-2006 at 09:09.
    ISP: TV Cable 50/5 Mbit
    Modem: Arris Touchstone TM822S
    "NAS": 1000 GB 2.5" HDD, EXT4, (USB @ RT-AC87U)
    Router: Asus RT-AC87U 380.68 (Merlin build), vsftpd, Samba3, NFS, Transmission, PyLoad...)
    Clients: mittlerweile unzählige...

  8. I didn't know that only prio 1-3 are working, I defined the least priority as no.4. At the moment, there are no torrents being processed, so the 1:30 class is empty. I'll check that.

    As for the NAT translation, I spent a whole evening figuring that out - different filter rules, iptraf running all the time. I recommend try also the iptraf utility, it's very useful if you want to figure what is going on...

    Jiri

  9. akbor, I have checked the documentation and examples on the lartc.org site and I wonder why you have changed all the policy rules from CBQ to HTB? I'm just starting to study these thinks so as to better define my QoS.

  10. #85
    I've never changed the queue from CBQ to HTB! The HTB queue was used in wondershaper from the beginning!

    Quote Originally Posted by http://lartc.org/howto/lartc.qdisc.classful.html#AEN939
    As said before, CBQ is the most complex qdisc available, the most hyped, the least understood, and probably the trickiest one to get right.
    I think, that was the reason for using the HTB queue.

    Be good

    Robert
    ISP: TV Cable 50/5 Mbit
    Modem: Arris Touchstone TM822S
    "NAS": 1000 GB 2.5" HDD, EXT4, (USB @ RT-AC87U)
    Router: Asus RT-AC87U 380.68 (Merlin build), vsftpd, Samba3, NFS, Transmission, PyLoad...)
    Clients: mittlerweile unzählige...

  11. Yeah, I read only the first chapter with CBQ, then I found out it had also the version with HTB...

    In the meantime, I'm working on marking the packets with iptables, but it doesn't come out well so far. Please could you check my setup?

    Code:
    iptables -t mangle -A PREROUTING -p tcp -m tcp -s 192.168.1.xxx --sport 80 \
       -j MARK --set-mark 0x1
    iptables -t mangle -A PREROUTING -p tcp -m tcp -s 192.168.1.xxx --sport 80 \
       -j RETURN
    where 192.168.1.xxx is the private IP address of my NSLU2 unit (see diagram in my previous posts). I do add the second command because I intend to set the same set of rules also for ports 8080 and 8000, and then assign all ports above 1000 mark 0x2 (apart from those 8080 and 8000 already marked 0x1)

    then in wshaper I try this command
    Code:
    tc filter add dev $DEV parent 1:0 protocol ip prio 1 handle fw 1 flowid 1:21
    but the output from the wshaper script for this particular line is
    Code:
    RTNETLINK answers: Invalid argument
    What is wrong? What did I do wrong?
    Last edited by poutnik; 04-09-2006 at 16:32. Reason: correction of typo

  12. My above problem solved. It is not possible to mix iptables mark with tc u32 match rules assignment for the same class.

    But it still doesn't work well. Even if I try to mark packets as described above, the counter for the 1:21 class doesn't go up. Even if I change the marking rules to
    Code:
    iptables -t mangle -A OUTPUT -p tcp -m tcp -s 84.42.xxx.yyy --sport 80 -j MARK --set-mark 1
    or anything different. In short either the iptables doesn't mark the packets, or the tc rules don't read the mark. I have spent more than 5 hours trying to solve this and still nothing...

    Can anyone with working iptables marking and corresponding tc rules help? Thanks a lot

    Jiri

  13. #88

    Bridging and QoS

    Hey guys,

    I have a quite separate question on QoS. I want to use my Asus wl500g(x) as a bridging mode device with QoS, ie I want to connect to the LAN side of an existing router and perform QoS without making any IP level 3 routing changes to the LAN. Is that possible ? I have prepared to make source level changes and introduce additonal packages.

    To be specific and clearer, this shall be a one-LAN-in-one-LAN-out device, one end connected to the LAN-side of an existing Firewall/Router ( hopefully this can be the WL500g WAN port ), and the other end can either be connected to the HUB or can be connected straight to LAN computers.

    Cheers.
    Last edited by mctiew; 16-09-2006 at 04:34. Reason: make it clearer

  14. #89

    Bridge QoS

    Hmmm maybe this is what I will try :-

    1) add vlan1 into bridge br0
    2) perform shaping on vlan0 and vlan1 respectively.

    Wish me good luck and appreciate your comments.
    Last edited by mctiew; 16-09-2006 at 09:27. Reason: mistake

  15. #90

    Does not work :(

    Hey,

    I have a fully working wl500gx, with Oleg's 1.9.2.7 firmware, with an USB harddisk and swap partition. I'm running enhanced-ctorrent on it.

    My problem is that enchanced ctorrent eats up all the bandwidth. If I limit the upload bandwidth (-U switch), it more or less works, however, there are big spikes every 4-5 seconds (~500ms ping time), then they go back to 20-40. These sudden spikes really makes skype go crazy, and also, I'm limiting torrent upload to 20Kbyte/s, while I have ~30Kbyte/s upload bandwidth (what a waste ). So I went and started wondershaper like this:

    /sbin/wshaper vlan1 3600 220

    (My net connection is 4M down, 256k up - I know, I know. It was chosen by the HR department)

    Of course this alone doesn't help much, so I checked the wshaper script and saw that tagging TOS to 0x10 (lowest latency) puts everything into the 1st priority queue. So I inserted a rule on my desktop PC:

    iptables -t mangle -A PREROUTING -j TOS --set-tos 0x10

    This has helped a lot, ssh connections are blazing fast, ping is down to 20-40 all the time despite enchanced-ctorrent is uploading ~20Kbyte/s.

    This is good, BUT:
    If I start an upload (like scp'ing something to a remote server or send an email), enchanced-ctorrent stays at ~20Kbyte/s upload and scp/email is sent with ~10Kbyte/s, despite the TOS field mangling. I don't get it! All traffic from the desktop pc gets the 0x10 TOS bit set because of the mangling rule, and the wshaper puts every such packet into the first, high priority queue. How come it doesn't work then?

    Any help would be appreciated!

Page 6 of 9 FirstFirst ... 45678 ... LastLast

Similar Threads

  1. WonderShaper/tc IP filtering
    By kolaf in forum WL-500g Q&A
    Replies: 1
    Last Post: 02-08-2005, 16:34
  2. wondershaper howto?
    By rexster in forum WL-500g Q&A
    Replies: 8
    Last Post: 01-05-2005, 15:06
  3. Wondershaper in Post-Firewall
    By britnet in forum WL-500g Q&A
    Replies: 3
    Last Post: 05-03-2005, 13:46
  4. Slow performance of WL-HDD - Discussion
    By Oleg in forum WL-HDD Q&A
    Replies: 20
    Last Post: 21-11-2004, 22:07
  5. Would it be possible to implement wondershaper?
    By Snigel in forum WL-500g Custom Development
    Replies: 25
    Last Post: 26-06-2004, 21:22

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •