[LARTC] alternative for imq

Alin Nonosel alin@polar.ro
Mon, 29 Nov 2004 23:20:33 +0200 

This is a multi-part message in MIME format.

------=_NextPart_000_000A_01C4D66A.06749E80
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi!

I tried to make IMQ work for the past week, but i keep getting a lot of =
trouble with it. First the latency is growing from 0.1ms to 1.5ms and =
second the CPU usage is very high and is not very stable, sometimes, =
after a day, there's a lot of packet loss. I'm using the latest stable =
kernel 2.6.9 with latest imq patch. Is there any other alternative to =
IMQ for limiting inbound and outbound traffic?
Will CLASSIFY from iptables work for both upload and download?=20
I want to separate local traffic from internet traffic, so can I create =
two classes, like this

        | 1:1 |
| 1:10 |   | 1:20 |

iptables -t nat -A PREROUTING -s 10.1.1.0/24 -j CLASSIFY --set-class =
1:10
(let's say for local traffic)
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -j CLASSIFY --set-class =
1:20

now all local traffic will be in class 1:10 and internet traffic in =
class 1:20 and i will make another class inside 1:10 for every ip in =
lan.

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 100mbps
tc class add dev eth0 parent 1:10 classid 1:100 htb rate 1000kbit ceil =
1000kbit quantum 2000
tc qdisc add dev eth0 parent 1:100 handle 100: sfq perturb 10
tc filter add dev eth0 parent 1:10 protocol ip prio 1 u32 match ip dst =
10.1.1.1 flowid 1:100

Will this work? Also if i change -s with -d will it work for upload?


PS: If i compile IMQ as a module after adding more than a few rules in =
iptables with -j IMQ --to-dev 0 i cannot ping any host. It is working =
for let's say 50-100, i don't know, but if i put more than 500 it dies. =
If i compile it in kernel it is working with more than 500 but i get =
packet loss after a while of using it..

------=_NextPart_000_000A_01C4D66A.06749E80
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I tried to make IMQ work for the past =
week, but i=20
keep getting a lot of trouble with it. First the latency is growing from =
0.1ms=20
to 1.5ms and second the CPU usage is very high and is not very stable,=20
sometimes, after a day, there's a lot of packet loss. I'm using the =
latest=20
stable kernel 2.6.9 with latest imq patch. Is there any other =
alternative to IMQ=20
for limiting inbound and outbound traffic?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Will CLASSIFY from iptables&nbsp;work =
for both=20
upload and download?&nbsp;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I want to separate local traffic from =
internet=20
traffic, so can I create two classes, like this</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; =
|&nbsp;1:1=20
|</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>| 1:10 |&nbsp;&nbsp; | 1:20 =
|</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>iptables -t nat -A PREROUTING -s =
10.1.1.0/24 -j=20
CLASSIFY --set-class 1:10</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>(let's say for local =
traffic)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>iptables -t nat -A PREROUTING -s =
192.168.1.0/24 -j=20
CLASSIFY --set-class 1:20</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>now all local traffic will be in class =
1:10 and=20
internet traffic in class 1:20 and i will make another class inside 1:10 =
for=20
every ip in lan.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>tc class add dev eth0 parent 1:1 =
classid 1:10 htb=20
rate 100mbps</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>tc class add dev eth0 parent 1:10 =
classid 1:100 htb=20
rate 1000kbit ceil 1000kbit quantum 2000</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>tc qdisc add dev eth0 parent 1:100 =
handle 100: sfq=20
perturb 10</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>tc filter add dev eth0 parent 1:10 =
protocol ip prio=20
1 u32 match ip dst&nbsp;10.1.1.1 flowid 1:100<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Will this work? Also if i change -s =
with -d will it=20
work for upload?<BR></DIV></FONT>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>PS: If i compile IMQ as a module after =
adding more=20
than a few rules in iptables with -j IMQ --to-dev 0 i cannot ping any =
host. It=20
is working for let's say 50-100, i don't know, but if i put more than =
500 it=20
dies. If i compile it in kernel it is working with more than 500 but i =
get=20
packet loss after a while of using it..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;</DIV></FONT></BODY></HTML>

------=_NextPart_000_000A_01C4D66A.06749E80--