[LARTC] Re: vlan interfaces and tc

Christian Benvenuti christian.benvenuti at libero.it
Mon Jun 11 18:39:33 CEST 2007 

>Christian Benvenuti wrote: 
>> Hi, 
>> 
> > [cut]
> >
> > Yes they are both allowed.
> > This means, for example, that the traffic that originates from
> > or that is addressed to a VLAN interface can potentially go through
> > two independent QoS configurations.
> > Depending on what you want to achieve, you may configure QoS
> > only on the VLAN interface, only on the real interface, or
> > on both.
> >
> > [cut]
> >
>
>Thanks for the answers. I've made some simple tests and there seems to 
>be one thing that doesn't work on virtual interfaces - classifying. 
>Whenever I used filters - u32, or fw paired with iptables' mark target, 
>or simply classify target - it was completely ignored on vlan interface, 
>while the same setup on real interface worked fine (if it wasn't going 
>through vlan earlier - look question below). So maybe queuing, despite 
>it's possible to set on vlan, shouldn't be used ? (it's weird a bit, 
>especially if someone wanted to have both disciplines at the same time).

This is one important detail you probably missed:

>(Note that in this case the VLAN interface is a L3 interface)

If you assign an IP address to the VLAN interface and you transmit
IP traffic on that interface, than the traffic goes through the VLAN
qdisc config and classification works (*).

#vconfig add eth2 500
#ifconfig eth2.500 10.0.10.1 netmask 255.255.255.0
<htb config here>
#tc filter add dev eth2.500 parent 1: protocol ip prio 1 \
	u32 match ip dst 10.0.10.2 flowid 1:12
#ping 10.0.10.2

#tc -s -d filter list dev eth2.500
filter parent 1: protocol ip pref 1 u32
filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:12  (rule hit 120 success 120)
  match 0a000a02/ffffffff at 16 (success 120 )
                                 ^^^^^^^^^^^

>One more question though - I've noticed that marks or direct classify 
>don't survive going through vlan interface (seems logical), so I can't 
>use them later on the real one.
>In the past someone asked it on the 
>list, and the answer was to use negative offsets with u32 filter, 
>looking for vlan tags in layer 2 header. It seems to work fine, but is 
>it actually safe to use ?

To me it seems they do survive (I just tested it).
Can it be the same issue above (*) ?

Regards
/Christian
[ http://benve.info ]

More information about the LARTC mailing list