confused by tc

To: debian-user@lists.debian.org
Subject: confused by tc
From: Michael Jinks <mjinks@uchicago.edu>
Date: Fri, 13 Sep 2002 15:05:14 -0500
Message-id: <[🔎] 20020913200514.GA31309@uchicago.edu>
In-reply-to: <[🔎] 20020911163544.GA18746@uchicago.edu>
References: <[🔎] 20020911163544.GA18746@uchicago.edu>

Thanks Jamin, Oki, Colin etc. for tips getting me started with bandwidth
limiting using the tc utility.  I've since been reading lots of
different example scripts and docs from iproute and tc packages, and
I've succeeded in thoroughly confusing myself.

As I think I said in my first post about this, what I need to do is limit
outbound traffic from one server to the Internet at large, while leaving
traffic to our class-B subnet unthrottled.  So far, all the tc examples
I've found describe limiting traffic to a specific destination (host or
subnet), while I presume that the default case is not to limit.  For
example see the three command lines at:

http://lartc.org/howto/lartc.ratelimit.single.html

At first I thought that this would do almost what I need; all I had to
do was adjust the numbers, replace the host's address with our subnet,
and reverse the sense of the match, so instead of limiting all traffic
to our class B, I'd limit all traffic /not/ to our class B.

But it appears (from the docs and some experimentation) that tc (or u32?)
doesn't have any notion of a reverse match, so I can't really write an
"all but" filter.  (Can I?)

So now I'm trying to figure out what to do instead.  I think that what I
need to do is something like this:

- Create a root qdisc;

- Define two classes, one throttled and one not (how does one make an
unthrottled class?  Is there a "null op" queueing algorithm?  Is
pfifo_fast such a beast?);

- Define two filters, one which sends traffic from our class B to the
unlimited class and one which sends everything else to the limited
class.

...but then I still have to write a filter which says, somehow, "if it
isn't for our class B then send it to flowid X:Y", right?  How do I do
that?  Or, is there a "default" match for a filter?  Or a matching
precedence, say, so that I can write a filter which matches 0.0.0.0/0
but place it (before|after) the one which matches our class B?

The following is one attempt to do the above, with comments describing
what goes wrong:

IFACE=eth0
# this seems to work:
/sbin/tc qdisc add dev $IFACE root handle 1: cbq avpkt 1000 bandwidth
100mbit

# "throttled" class
/sbin/tc class add dev $IFACE parent 1: classid 1:2 cbq rate 19290 allot
1500 prio 5 bounded

# ...but this returns: 'Error: Qdisc "pfifo_fast" is classless'...
/sbin/tc class add dev $IFACE parent 1: classid 1:1 pfifo_fast

# ...meaning that currently this filter has nothing to send traffic to:
/sbin/tc filter add dev $IFACE parent 1: protocol ip prio 16 u32 match
ip dst 128.135.0.0/16 flowid 1:1

# ...and I don't know any way of writing a filter command which will
# send 'ip dst ! 128.135.0.0/16' to flowid 1:2.

-- 
# Michael Jinks, IB # JFI/MRSEC/EFI Computing # University of Chicago #
      Reader!  Think not that
      technical information
      ought not be called speech;  -- Anonymous, "How to decrypt a DVD"

Reply to:

Follow-Ups:
- Re: confused by tc
  - From: Michael Jinks <mjinks@uchicago.edu>

References:
- Simple bandwidth limiting examples?
  - From: Michael Jinks <mjinks@uchicago.edu>

Prev by Date: reinstall all packages
Next by Date: Re: Kernel Panic: How to tell what happened?
Previous by thread: Re: Bandwidth limiting problems
Next by thread: Re: confused by tc
Index(es):
- Date
- Thread