[LARTC] class exceeds its ceil

Jody Shumaker jody.shumaker at gmail.com
Tue Dec 27 23:34:45 CET 2005 

On 12/27/05, Ratel <ratel at post.pl> wrote:
>
> Jody Shumaker wrote:
>
> > Andreas Klauer wrote:
> >
> >Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil,
> >but you say you don't want it to borrow bandwidth from other classes.
> >However, to go over the 100kbit rate, it _has_ to borrow.
> >
> Oh yes, my mistake - I've confused ceil with rate. Anyway, the thing I
> wanted to achieve was to allow
> p2p class to use even 5600kbit of my bandwidth, but without guarantees
> like rate. So guarantee a minimum bandwidth to a class - about 100kbit,
> but allow it to reach 5600kbit or more e.g. when there's no other trafic
> present. (Now I know I did it wrong)



I believe you did this portion correctly. ceil is the hard limit, the rate
is the guarentee.  Class will use up to its rate, then after that it will
borrow up to its ceil. What confused him was that you said you didn't want
p2p to borrow from the other classes.  If its to go above 100kbit, it has to
borrow.  However it should never borrow guarenteed rate bandwidth they are
using.

>So, if you don't want it to borrow like you said, the solution would
> >be to set the ceil of the P2P class to 100kbit as well. The other
> >classes will still be able to borrow from it if the P2P class is not
> >using it's bandwidth.
> >
> >
> Are you sure? In my previous post I was refering to this example
> http://mailman.ds9a.nl/pipermail/lartc/2002q2/003958.html
> which says this class won't be able to exchange any bandwidth at all.



And in that example, rate and ceil are set to the same value, which means it
will use up to its rate and never try to borrow more. You seem to want it to
be able to borrow, but not up to the full connection, only up to ~75%. Also,
that email is partially incorrect.  Nothing done in that email will prevent
lending from the 1:40 to the 1:2 class and subclasses.  However, I don't
think this is a problem for you. If no p2p, then what is wrong with lending
the 100kbit.

> Jody Shumaker wrote:
> > What are you basing this on? the P2P app or tc -s class show dev ---- ?
>
> I simply block p2p traffic for some time and see that bandwidth usage
> (according to iptraf) falls down to ~20% of total link's "capacity" +
> classes that are supposed to send p2p traffic send nothing. (I also get
> feedback that indeed p2p apps aren't working) After allowing p2p
> through, bandwidth usage jumps to ~100% of the total available bandwidth.
>
> > Are you using thee CONNTRACK module?  It's simple to block P2P without
> > CONNTRACK but if you want to shape it, you need it. Otherwise you'll
> > only be marking the first packets for p2p connections, and not the rest.
>
> I am aware of that, but didn't you mean CONNMARK target (module)?
>
> W


Oops :)  yeah I meant CONNMARK.  It sounds like your htb classes are setup
perfectly fine, you should really check the tc statistics and see how things
are actually being classified. I'm using CONNMARK like this to mark p2p:

iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j ACCEPT

iptables -t mangle -A PREROUTING -m ipp2p --bit --edk --kazaa --gnu --dc -j
MARK --set-mark ${MARKP2P}
iptables -t mangle -A PREROUTING -p tcp --dport 3010 -j MARK --set-mark
${MARKP2P}

iptables -t mangle -A PREROUTING -p tcp -m mark --mark ${MARKP2P} -j
CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT


Personally, I don't have much experience with IMQ and have only been shaping
upload, but I've done something similar and it works fine. I cap P2P to only
95% of the upload (used to be 85%) and give it a guarenteed rate of only
4kbit.  It will use its full 95%, but as soon as I use something else, i'll
use 100% of the line and as much as possible for the non P2P traffic.
http://webpages.charter.net/falconx/eth1-50-tc-cumulative.png
This image shows how this ends up working in reality for me, orange is P2P,
blue is default, and red is priority.


I'm not sure on the exact command to use for an imq, but possibly something
like `tc -s class show dev imq0`? However from what I know right now, it
seems like you've setup things very similar to how I have for upload which I
know works.

- Jody
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20051227/4fb29cd1/attachment.html

More information about the LARTC mailing list