[LARTC] HTB and Openvpn

Andreas Klauer Andreas.Klauer@metamorpher.de
Wed, 06 Oct 2004 12:55:24 +0200 

Peter Huetmannsberger wrote:
> The idea was that all traffic going through the tunnel would have top 
> priority and the rest share what's left. Sounded simple enough. 

You could use a prio queue for that. Tunnel on band 0, rest on band 1. 
Downside is that there may be nothing left for the rest to share. :-)

> tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit burst 15k

Why make a 10mbit class when it's not used? I find it hard to tell what 
will happen when the rates don't add up properly.

> tc class add dev eth0 parent 1:1 classid 1:10 htb rate 700kbit ceil 1mbit 
> 	burst 15k prio 0

Since the parent has 10mbit which is never fully used, this class will 
most likely always borrow as much as it can. So although it says 700kbit 
it's really a 1mbit class.

> tc class add dev eth0 parent 1:1 classid 1:20 htb rate 1kbit ceil 28800 
> 	burst 15k

This class does not seem to be used at all, why does it exist?

> tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 1mbit 
> 	burst 15k prio 1

Another 1mbit class. The parent has 10mbit, so there's no reason why it 
shouldn't be able to borrow another mbit, no matter what the actual 
priority of that class is. Am I wrong? :)

> Any idea where I could be wrong?

Guesswork:

The logic of your class structure is flawed.

How fast is your connection to the outside world? I guess it's 1mbit, 
because you set the ceil of your VPN/rest class to 1mbit? However, the 
parent class of those two is a 10mbit class, so both borrow one 1mbit 
from that (they don't share the same one single mbit). In that case, no 
proper shaping is done at all.

10mbit then would be your LAN?

Then how about this class setup:

1:1      10mbit (LAN interface)
|
\--- 1:2 09mbit (LAN only traffic)
\--- 1:3 01mbit (Outside world traffic)
      |
      \--- 1:31 700kbit (VPN)
      \--- 1:32 300kbit (Rest)

This is (about) the kind of setup I use at home.
Make sure your rates add up.

If you intend to give your (Rest) class 1kbit only, throw HTB away and 
use PRIO instead. If (Rest) doesn't need any bandwidth at all, you can 
as well let it starve completely by using prio. And that's much less 
complicated than HTB.

Andreas