Re: Question about wondershaper
--- Jean-Michel Hiver <hiver.j@wanadoo.fr> wrote:
> Hi List,
>
> I'm toying around with wondershaper but can't get it to work very well.
>
> I am on a fairly crappy ISDN connection (64 kbps up, 64kbps down) - top
> download @ about 7.7 ko/sec. I run it on a debian box with a 2.6 kernel
> which acts as gateway / nat server.
>
I have cable variable down(max 3Mbps) and 256kbps up, rate caped at my
modem.
> Whenever there is a download on my home network, pings to say,
> google.com skyrocket to 6000+ms as opposed to 300-400ms (I live in
> Reunion and I am on a fairly crappy ISDN connection=> high ping
> anyways).
>
Low pings, considering it's a modulated carrier.
> I have tried various parameters (wondershaper 64 64, wondershaper 60 60,
>
> wondershaper 56 56, etc) and it doesn't seem to do much at all.
>
> Only when I put ridiculous values (such as wondershaper 8 8) I get a
> "decent" ping, but then of course the download goes right down to 2
> ko/sec.
>
This was my experiance with the wondershaper as well. Are you using the
HTB or the older qdisc? Also I did end up using 200Kbps as my rate cap,
subjested is %80 of your bandwidth.
It takes a while for any change in your QoS to take effect. I read all
about TCP flow controle and it's congestion stratigies. Basicaly when
there is a change in bandwith(like you reloading your QoS rules) it will
take 15 to 20 minuts for a download/upload to detect the avalible rate.
This is taking into account that there are more than just that one TCP
connection, a single TCP flow will detect in about 5 minuts. This is all
the more reason why ECN needs to be avalible every where, currently linux
qdiscs don't support being an ECN provider. ECN is also vary unusable as
sites like Wellsfargo and about half a million other sites will ignore
you.
Attached is my current solution.
> Any ideas?
>
> NB: I was wondering if there was a tool which has less-barbaric-a-syntax
>
> than tc to do QOS. What I'm really after would be something that would
> prioritize traffic with:
>
> 1. Asterisk IAX (must be always in front of everything else)
> 2. SSH
> 3. Other
> 4. FTP / P2P etc
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
#!/bin/sh
test "$1" &&
IFACE=${IFACE:-$(grep =$1 /etc/network/ifstate | cut -f1 -d=)}
MODE=${MODE:-reload}
case $1:$MODE in
$1:reload )
# Example: IFACE=eth2 MODE=reload qdisc.sh comcast
# qdisc.sh comcast
echo -n "Undoing Rules: "
/etc/network/.qdisc-${1}.sh
echo "..."
#tc qdisc del dev $IFACE root > /dev/null 2>&1
echo -n "Loading Rules: "
MODE=start /etc/network/ifup-mkundo.sh \
$(which $0) \
/etc/network/.qdisc-${1}.sh $1
echo "..."
;;
comcast:start )
#UPLINK="218"
UPLINK="200"
add_htb_class () {
tc class add dev $IFACE parent $1:$5 classid $1:$2 htb rate $3 $4 \
ceil ${UPLINK}kbit
}
add_pfifo_qdisc () {
tc qdisc add dev $IFACE parent $1:$2 handle $3: pfifo limit $4
tc filter add dev $IFACE parent $1:0 prio $5 protocol ip u32 $6 \
flowid $1:$2
}
add_sfq_qdisc () {
tc qdisc add dev $IFACE parent $1:$2 handle $3: sfq perturb $4
tc filter add dev $IFACE parent $1:0 prio $5 protocol ip u32 $6 \
flowid $1:$2
}
# Total Bandwidth Limiter. (10)
tc qdisc add dev $IFACE root handle 10:0 htb r2q 1 default 14
{ # This is mutch like the default qdisc, exept 4 more bands the 4first&2last
add_htb_class 10 1 ${UPLINK}kbit "burst 8k"
{ # Band -1 Quake(UDP) packets, from port 27960. (30)
add_htb_class 10 30 $(( $UPLINK / 14 ))kbit "burst 8k prio 0" 1
add_pfifo_qdisc 10 30 30 500 1 \
"match ip protocol 17 0xff match ip sport 27960 0xffff"
### tc filter add dev $IFACE parent 10:10 prio 1 protocol ip u32 \
### match ip protocol 17 0xff \
### match ip dst 69.55.238.74/32 \
### flowid :1
}
{ # Band 0 Small packets, not on port 8080. (31)
add_htb_class 10 31 $(( $UPLINK / 7 ))kbit "burst 6k prio 3" 1
add_pfifo_qdisc 10 31 31 500 5 \
"match ip protocol 6 0xff match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33"
}
{ # The 3 default linux bands. (32,33,34)
add_htb_class 10 32 $(( $UPLINK / 7 ))kbit "burst 6k prio 3" 1
add_sfq_qdisc 10 32 32 60 10 \
"match ip tos 0x10 0x18"
add_htb_class 10 33 $(( $UPLINK / 7 ))kbit "burst 6k prio 4" 1
add_sfq_qdisc 10 33 33 60 10 \
"match ip tos 0x18 0x18"
tc filter add dev $IFACE parent 10:0 prio 11 protocol ip u32 \
match ip tos 0x00 0x18 \
flowid 10:33
add_htb_class 10 34 $(( $UPLINK / 7 ))kbit "burst 6k prio 5" 1
add_sfq_qdisc 10 34 34 60 10 \
"match ip tos 0x08 0x18"
tc filter add dev $IFACE parent 10:0 prio 10 protocol ip u32 \
match ip tos 0x02 0x1e \
flowid 10:33
} # END The 3 default linux bands. (32,33,34)
{ # 4th band for p2p traffic. (35)
add_htb_class 10 35 $(( 2 * $UPLINK / 7 ))kbit "burst 6k prio 2" 1
{ # Small packets. (41)
add_htb_class 10 41 $(( 2 * $UPLINK / 28 ))kbit "burst 6k prio 3" 35
tc qdisc add dev $IFACE parent 10:41 handle 41: pfifo limit 500
} # END Small packets. (41)
{ # Express p2p Data. (42)
add_htb_class 10 42 $(( 2 * $UPLINK / 28 ))kbit "burst 6k prio 1" 35
tc qdisc add dev $IFACE parent 10:42 handle 42: sfq perturb 30
} # END Express p2p Data. (42)
{ # Gnutella Data. (43)
add_htb_class 10 43 $(( 2 * $UPLINK / 28 ))kbit "burst 6k prio 1" 35
tc qdisc add dev $IFACE parent 10:43 handle 43: sfq perturb 10
} # END Gnutella Data. (43)
{ # HTTP Data. (44)
add_htb_class 10 44 $(( 2 * $UPLINK / 28 ))kbit "burst 6k prio 2" 35
tc qdisc add dev $IFACE parent 10:44 handle 44: sfq perturb 30
} # END HTTP Data. (44)
# Filters
add_p2p_filters () {
filter_p2p="match ip protocol ${2:-6} 0xff match ip $1"
{ # Small packets. (41)
tc filter add dev $IFACE parent 10:0 prio 2 protocol ip u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 $filter_p2p \
flowid 10:41
} # END Small packets. (41)
{ # Express p2p Data. (42)
tc filter add dev $IFACE parent 10:0 prio 3 protocol ip u32 \
match ip tos 0x10 0x18 $filter_p2p \
flowid 10:42
} # END Express p2p Data. (42)
{ # Gnutella Data. (43)
tc filter add dev $IFACE parent 10:0 prio 3 protocol ip u32 \
match ip tos 0x18 0x18 $filter_p2p \
flowid 10:43
tc filter add dev $IFACE parent 10:0 prio 4 protocol ip u32 \
match ip tos 0x00 0x18 $filter_p2p \
flowid 10:43
} # END Gnutella Data. (43)
{ # HTTP Data. (44)
tc filter add dev $IFACE parent 10:0 prio 3 protocol ip u32 \
match ip tos 0x08 0x18 $filter_p2p \
flowid 10:44
tc filter add dev $IFACE parent 10:0 prio 3 protocol ip u32 \
match ip tos 0x02 0x1e $filter_p2p \
flowid 10:44
} # END HTTP Data. (44)
}
add_p2p_filters "sport 8080 0xffff"
add_p2p_filters "sport 8080 0xffff" 17
add_p2p_filters "sport 8436 0xffff"
add_p2p_filters "sport 8436 0xffff" 17
add_p2p_filters "sport 6346 0xffff"
add_p2p_filters "sport 4662 0xffff" 6
add_p2p_filters "sport 4672 0xffff" 17
add_p2p_filters "sport 8181 0xffff"
add_p2p_filters "dport 6344 0xfff8"
add_p2p_filters "dport 8496 0xfff8"
add_p2p_filters "dport 8432 0xfff8"
} # END 4th band for ports 8080,8436,6344. (35)
{ # 5th band for icmp ?and arp?. (36)
add_htb_class 10 36 $(( $UPLINK / 14 ))kbit "burst 6k prio 7" 1
add_sfq_qdisc 10 36 36 0 1 \
"match ip protocol 1 0xff"
} # END 5th band for icmp ?and arp?. (36)
}
;;
esac
#!/bin/sh
umask 027
touch "$2"
if ! [ -r "$1" -a -w "$2" ]
then echo 'Usage $0: up-script down-script <options for up script>'
cat <<EOF
This script is used to run an admin script, called up. Based on
the output of "/bin/sh -x", a down script is created, to be run
later by the same means as this script was called.
The term "admin script" referees to a script that the system admin
(or you!) created. The idea is that when you change the up script
the down script is updated by this script. So this script should be
the only script to actually run the up script, however the down
script is completely self contained and dose not depend on anything.
The down-script is marked executable, but removes this when run.
It is also important to note that the down-script should be run
directly, and not by this script.
EXAMPLE for /etc/network/interfaces:
up /etc/network/ifup-mkundo.sh\
/etc/network/nat.sh /etc/network/.nat-eth0.sh\
eth0 up
down /etc/network/.nat-eth0.sh
Also this script just did a "touch $2", a hack to test parameters.
EOF
exit 0
fi
upscript="$1"
downscript="$2"
shift 2
# stderr never gets EOF, use file.
/bin/bash -x -c ". $upscript $*" 2> $downscript
# lifo and act as a command int.
cat $downscript | grep -n '^++' | tr "%'\"" " " | sort -rn > ${downscript}.tmp
# This is not the only way to do it, but printing #!/bin/sh is trixy.
{
cat <<EOF
#!/bin/sh
EOF
cat ${downscript}.tmp; } |
sed -e 's/^[0-9][0-9]*:++* /echo /' |
# FIXME get arp -a input for arp -d reversal, or fix arp :).
# sed -e 's/^echo arp\(.*\)-d/echo arp\1-tmp/' |
sed -e 's/^echo arp -s \([.0-9][.0-9]* \?\).*/arp -d \1 2>\/dev\/null/' |
# sed -e 's/^arp\(.*\)-tmp/arp -s\1/' $downscript <-- What's this "$downscript"???
# set +x, escape from being monitored. DELETE.
sed -e 's/^echo set +x$//' |
# Other known unsuported things, some not so ok to ignore.
sed -e 's/^echo exit/\# exit/' \
-e 's/^echo echo/\# echo/' \
-e 's/^echo disown/\# disown/' \
-e 's/^echo export/\# export/' \
-e 's/^echo ifconfig/\# ifconfig/' \
-e 's/^echo test/\# test/' \
-e 's/^echo case/\# case/' \
-e 's/^echo \([^ =][^ =]*\)=\(.*\)/\# \1=\2/' \
-e 's/^echo cat/\# cat/' \
-e 's/^echo add_/\# add_/' \
-e 's/^echo sleep/\# sleep/' |
# tc filters get optimized, non reversible. I.E. crypt :)
sed -e 's/^echo tc filter add/# tc filter add/' |
# tc classes end when school gets out.
sed -e 's/^echo tc class add/# tc class add/' |
# if and fi are useless, ignore what's inside as an added feature.
# NOT TESTED!!
sed -e 's/^echo if/\if 0/' \
-e 's/^echo fi/\fi/' |
# System tools
sed -e 's/^echo daemon\(.*\)--stop\(.*\)/taemon\1\2/' \
-e 's/^echo daemon\(.*\)/daemon\1 --stop/' \
-e 's/^taemon\(.*\)/daemon\1/' |
# Network tools
sed -e 's/^echo iptables\(.*\)-D/iptables\1-tmp/' \
-e 's/^echo iptables\(.*\)-A/iptables\1-D/' \
-e 's/^iptables\(.*\)-tmp/iptables\1-A/' \
-e 's/^echo iptables\(.*\)-I \?\([a-zA-Z]* \?\)[0-9]*/iptables\1-D \2/' \
-e 's/^echo iptables\(.*\)-X/iptables\1-tmp/' \
-e 's/^echo iptables\(.*\)-N/iptables\1-X/' \
-e 's/^iptables\(.*\)-tmp/iptables\1-N/' |
sed -e 's/^echo route\(.*\)del/route\1tmp/' \
-e 's/^echo route\(.*\)add/route\1del/' \
-e 's/^route\(.*\)tmp/route\1add/' \
-e 's/^echo ip\(.*\)del/ip\1tmp/' \
-e 's/^echo ip\(.*\)add/ip\1del/' \
-e 's/^ip\(.*\)tmp/ip\1add/' |
# for tc filters we can still add, what others remove.
sed -e 's/^echo tc\(.*\)del/tc\1tmp/' \
-e 's/^echo tc\(.*\)add/tc\1del/' \
-e 's/^tc\(.*\)tmp/tc\1add/' |
# Network daemons, EVAL HACKS AHEAD.
sed -e 's/^echo farpd/# farpd/' |
sed -e 's/^echo fake remove\(.*\)/__TMPXYAD\1/' \
-e 's/^echo fake\(.*\)$/export HOME=\/root\
fake remove\1 >\/dev\/null <\/dev\/null 2>&1/' \
-e 's/^__TMPXYAD\(.*\)/export HOME=\/root\
fake\1 >\/dev\/null <\/dev\/null 2>&1 & disown/' |
cat > $downscript && rm ${downscript}.tmp
echo 'chmod a-x $0; true' >> $downscript
chmod ug+x $downscript
exit 0
Reply to: