# Links > Tutorials >  OpenWrt & Linux Traffic Shape QoS howto

## acoul

Στο πλαίσιο: lets put some value to our nice AWMN forum...

Original post



> I have 3 PC-s at home, and i would like to share the bandwith. I want low latencies even if other computers are downloading. Unfortunately there is little or confusing documentation about this topic. Some of the documentation claims it is not possible to shape ingress (incoming) traffic, but (i think) that is not true.
> 
> I had to install the dd-wrt firmware and learned the qos concepts it uses.
> 
> I assign static IP addresses to the computers with dhcp (dnsmasq, /etc/ethers).
> 
> This picture helped me a lot: http://upload.wikimedia.org/wikipedia/c … ecture.png
> http://openwrt.org/OpenWrtDocs/Configuration
> 
> ...

----------


## Vigor

Πολύ χαίρομαι που ξαναβρίσκω μπροστά μου το *tc* (Traffic Control). 
Το χρησιμοποίησα εκτενώς στην Πτυχιακή μου με θέμα "Resource Provisioning and Experimentation in an IP Differentiated Services Testbed" πριν 3 χρόνια.

----------


## dimkasta

Ωραία, ας το αναλύσουμε λίγο για να δούμε τι κάνει μπας και μπορέσουμε να το αξιοποιήσουμε για τα δικά μας μηχανήματα, αλλά και για να μην "αρμέγουμε" ως αιμοσταγείς βδέλλες το bandwidth.

Βασικός λόγος που το κάνω αυτό είναι να το κατανοήσω και εγώ, γι'αυτό please provide *inline* feedback.





> I have *3 PC-s* at home, and i would like to share the bandwith. I want *low latencies* even if other computers are downloading. Unfortunately there is little or confusing documentation about this topic. Some of the documentation claims it is not possible to shape ingress (incoming) traffic, but (i think) that is not true.
> 
> I had to install the dd-wrt firmware and learned the qos concepts it uses.
> 
> I assign static IP addresses to the computers with dhcp (*dnsmasq*, /etc/ethers).
> 
> This picture helped me a lot: http://upload.wikimedia.org/wikipedia/c … ecture.png
> http://openwrt.org/OpenWrtDocs/Configuration
> 
> ...


Υπάρχει τρόπος να ορίσουμε διαφορετική συμπεριφορά, ανάλογα με το subnet *προς* το οποίο πάνε τα requests ή το port?

----------


## dimkasta

Λοιπόν δοκίμασα σήμερα να το στήσω. Τα αποτελέσματα δεν μπορώ να πώ ότι με άφησαν ικανοποιημένο. Ενδεχομένως βέβαια να έπρεπε να κάνω κάτι άλλο για να πετύχω αυτό που ήθελα.

Όπως και να χει, αυτή είναι η κατάσταση που μου δείχνει το tc



```
[email protected]:~# tc -s qdisc show dev vlan0
qdisc htb 1: r2q 10 default 1 direct_packets_stat 5458
 Sent 7804716 bytes 5524 pkts (dropped 0, overlimits 0)
```



```
[email protected]:~# tc -s class show dev vlan0
class htb 1:1 root rate 10000bit ceil 10000bit burst 6Kb cburst 2623b
 Sent 11033 bytes 93 pkts (dropped 0, overlimits 0)
 rate 544bit
 lended: 0 borrowed: 0 giants: 0
 tokens: 3947888 ctokens: 1641021

class htb 1:10 parent 1:2 prio 0 rate 10000bit ceil 5500Kbit burst 6Kb cburst 2622b
 Sent 11033 bytes 93 pkts (dropped 0, overlimits 0)
 rate 544bit
 lended: 93 borrowed: 0 giants: 0
 tokens: 3947888 ctokens: 2984

class htb 1:2 parent 1:1 rate 10000bit ceil 5500Kbit burst 1611b cburst 8474b
 Sent 11033 bytes 93 pkts (dropped 0, overlimits 0)
 rate 752bit
 lended: 0 borrowed: 0 giants: 0
 tokens: 977797 ctokens: 9956

class htb 1:20 parent 1:2 prio 0 rate 10000bit ceil 5500Kbit burst 6Kb cburst 2622b
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 4026531 ctokens: 3126

class htb 1:30 parent 1:2 prio 0 rate 10000bit ceil 5500Kbit burst 6Kb cburst 2622b
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 4026531 ctokens: 3126

class htb 1:40 parent 1:2 prio 0 rate 10000bit ceil 5500Kbit burst 6Kb cburst 2622b
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 4026531 ctokens: 3126
```

Στο class 1:10 έχω το laptop μου, με το οποίο έκανα τις δοκιμές.

Παρ' όλο που σε όλα τα class ρύθμισα σαν rate τα 10κβιτ, όταν πήγαινα να κατεβάσω ένα αρχείο από το φτπ της κοκι, αυτό ερχότανε σύμφωνα με το task manager me 2,5% του δικτύου (2,5mbit?).

O ρυθμίσεις αυτές ισχύουν μόνο όταν υπάρχει αυξημένο traffic? Δηλαδή εξασφαλίζει τουλάχιστον 10kbit για κάθε class? ή περιορίζει το traffic που μπορεί να τραβήξει κάθε class στα 10kbit?

To αρχείο ΄που έφτιαξα είναι το S51QOS και είναι το ακόλουθο


```
#-------------------------
#!/bin/sh

#check the status od QOS
#iptables -t mangle -L
#tc -s qdisk show dev eth1
#tc -s class show dev eth1

. /etc/functions.sh

#it is ok for wrt54g/s
ifconfig vlan0 10.2.25.35 netmask 255.255.255.192 broadcast 10.2.25.63 up
DOWN_IFACE=vlan0

#uplink bandwidth
#specified in kbits (90% of actual uplink rate)
UP_RATE=5500
DOWN_RATE=5500

#inserting various kernel modules
insmod ipt_TOS
insmod ipt_tos
insmod ipt_length
insmod sch_prio
insmod sch_red
insmod sch_htb
insmod sch_sfq
insmod sch_ingress
insmod sch_tcindex
insmod cls_fw
insmod cls_route
insmod cls_u32

echo alma0

#clear all traffic control things to start from a clean state
tc qdisc del dev $DOWN_IFACE root

echo alma1

tc qdisc add dev $DOWN_IFACE root handle 1: htb default 1
#This is for the intra-LAN traffic
tc class add dev $DOWN_IFACE parent 1: classid 1:1 htb rate 10kbit burst 6k cburst 2624b
tc class add dev $DOWN_IFACE parent 1:1 classid 1:2 htb rate 10kbit ceil ${DOWN_RATE}kbit

#Class for the laptop
tc class add dev $DOWN_IFACE parent 1:2 classid 1:10 htb rate 10kbit ceil ${DOWN_RATE}kbit burst 6k cburst 2624b
#Class for server
tc class add dev $DOWN_IFACE parent 1:2 classid 1:20 htb rate 10kbit ceil ${DOWN_RATE}kbit burst 6k cburst 2624b
#Class for Evi
tc class add dev $DOWN_IFACE parent 1:2 classid 1:30 htb rate 10kbit ceil ${DOWN_RATE}kbit burst 6k cburst 2624b
#Class for all others
tc class add dev $DOWN_IFACE parent 1:2 classid 1:40 htb rate 10kbit ceil ${DOWN_RATE}kbit burst 6k cburst 2624b

echo alma2

#tc qdisc add dev $DOWN_IFACE parent 1:10 handle 10: red limit 10000b min 10000b max 20000b avpkt 1000 burst 10 ecn
#tc qdisc add dev $DOWN_IFACE parent 1:20 handle 20: red limit 10000b min 10000b max 20000b avpkt 1000 burst 10 ecn
#tc qdisc add dev $DOWN_IFACE parent 1:30 handle 30: red limit 10000b min 10000b max 20000b avpkt 1000 burst 10 ecn
#tc qdisc add dev $DOWN_IFACE parent 1:40 handle 40: red limit 10000b min 10000b max 20000b avpkt 1000 burst 10 ecn

tc qdisc add dev $DOWN_IFACE parent 1:10 handle 10: sfq preturb 10
tc qdisc add dev $DOWN_IFACE parent 1:20 handle 20: sfq preturb 10
tc qdisc add dev $DOWN_IFACE parent 1:30 handle 30: sfq preturb 10
tc qdisc add dev $DOWN_IFACE parent 1:40 handle 40: sfq preturb 10

echo alma3

#Flush the mangle table
iptables -t mangle -F

#Mark all incoming, outgoing traffic

#Default
#iptables -t mangle -A POSTROUTING -s 10.0.0.0/8 -d 10.0.0.0/8 -j MARK --set-mark 0x40
#iptables -t mangle -A POSTROUTING -d 10.0.0.0/8 -s 10.0.0.0/8 -j MARK --set-mark 0x40

#Laptop
iptables -t mangle -A POSTROUTING -d 10.2.25.33/26 -s 10.0.0.0/8 -j MARK --set-mark 0x10
iptables -t mangle -A POSTROUTING -s 10.2.25.33/26 -d 10.0.0.0/8 -j MARK --set-mark 0x10

#Server
iptables -t mangle -A POSTROUTING -d 10.2.25.34 -s 10.0.0.0/8 -j MARK --set-mark 0x20
iptables -t mangle -A POSTROUTING -s 10.2.25.34 -d 10.0.0.0/8 -j MARK --set-mark 0x20

#Evi
iptables -t mangle -A POSTROUTING -d 10.2.25.35 -s 10.0.0.0/8 -j MARK --set-mark 0x30
iptables -t mangle -A POSTROUTING -s 10.2.25.35 -d 10.0.0.0/8 -j MARK --set-mark 0x30

echo alma4

#Assign the traffic to classes using the marks
tc filter add dev $DOWN_IFACE protocol ip parent 1: handle 0x10 fw classid 1:10
tc filter add dev $DOWN_IFACE protocol ip parent 1: handle 0x20 fw classid 1:20
tc filter add dev $DOWN_IFACE protocol ip parent 1: handle 0x30 fw classid 1:30
tc filter add dev $DOWN_IFACE protocol ip parent 1: handle 0x40 fw classid 1:40
```

Ωραία. Κάπως έτσι άν όντως είναι έτσι, εξασφαλίζουμε ότι κάθε μηχάνημα θα έχει 10kbit τουλάχιστον bandwidth πρόσβαση στο AWMN.

Υπάρχει όμως κάποιος τρόπος να περιορίσουμε το bandwidth που τραβάει ένα μηχάνημα από ένα άλλο μηχάνημα πχ έναν proxy?

Παρακαλώ τις απόψεις σας. Είμαι λίγο μπερδεμένος...

----------


## acoul

Δυο ενδιαφέροντα links σχετικά με QoS εδώ και εδώ και ένα ακόμη script - από το OpenWRT forum:


```
#!/bin/sh

DEBUG=0

# To enable logging (requires iptables-mod-extra package)
[ $DEBUG -eq 1 ] && insmod ipt_LOG >&- 2>&-

#######################################################
DOWNLOAD=800
UPLOAD=280
D=100
BURST=1000

TCP_BULK="1024:"
UDP_BULK="1024:"

TCP_PRIO="22 23 53 80 443"
UDP_PRIO="53"

#BULK_PROTOS="edonkey bittorrent"
#######################################################

WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)

U_M1_PRIO=$(($UPLOAD*90/100))
U_M1_NORM=$(($UPLOAD*10/100))
U_M1_BULK=$(($UPLOAD* 0/100))

U_M2_PRIO=$(($UPLOAD*50/100))
U_M2_NORM=$(($UPLOAD*30/100))
U_M2_BULK=$(($UPLOAD*20/100))

D_BURST=$(($BURST*$DOWNLOAD/8))

insmod cls_fw >&- 2>&-
insmod sch_hfsc >&- 2>&-
insmod sch_htb >&- 2>&-
insmod ipt_CONNMARK >&- 2>&-
insmod ipt_length >&- 2>&-
insmod ipt_limit >&- 2>&-
insmod ipt_tos >&- 2>&-
#insmod sch_ingress >&- 2>&-
#insmod ipt_layer7 >&- 2>&-
#insmod ipt_ipp2p >&- 2>&-
#insmod ipt_multiport >&- 2>&-
#insmod cls_u32 >&- 2>&-

iptables -t mangle -F
iptables -t mangle -X

tc qdisc del dev $WAN root >&- 2>&-
tc qdisc add dev $WAN root handle 1: hfsc default 30
tc class add dev $WAN parent 1: classid 1:1 hfsc sc rate ${UPLOAD}kbit ul rate ${UPLOAD}kbit
tc class add dev $WAN parent 1:1 classid 1:10 hfsc sc m1 ${U_M1_PRIO}kbit d ${D}ms m2 ${U_M2_PRIO}kbit ul rate ${UPLOAD}kbit
tc class add dev $WAN parent 1:1 classid 1:20 hfsc sc m1 ${U_M1_NORM}kbit d ${D}ms m2 ${U_M2_NORM}kbit ul rate ${UPLOAD}kbit
tc class add dev $WAN parent 1:1 classid 1:30 hfsc sc m1 ${U_M1_BULK}kbit d ${D}ms m2 ${U_M2_BULK}kbit ul rate ${UPLOAD}kbit
tc filter add dev $WAN parent 1: prio 1 protocol ip handle 1 fw flowid 1:10
tc filter add dev $WAN parent 1: prio 2 protocol ip handle 2 fw flowid 1:20
tc filter add dev $WAN parent 1: prio 3 protocol ip handle 3 fw flowid 1:30

#tc qdisc del dev $WAN ingress >&- 2>&-
#tc qdisc add dev $WAN handle ffff: ingress
#tc filter add dev $WAN parent ffff: protocol ip prio 50 handle 3 fw police rate $(($DOWNLOAD/2))kbit burst $D_BURST drop flowid :1
#tc filter add dev $WAN parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate $(($DOWNLOAD))kbit burst $D_BURST drop flowid :1

tc qdisc del dev $LAN root >&- 2>&-
# htb qdisc without default: all unmarked (mark 0) packages pass unlimited
tc qdisc add dev $LAN root handle 1: htb
tc class add dev $LAN parent 1: classid 1:1 htb rate ${DOWNLOAD}kbit ceil ${DOWNLOAD}kbit burst $D_BURST cburst $D_BURST
tc class add dev $LAN parent 1:1 classid 1:10 htb rate $(($DOWNLOAD*8/10))kbit ceil ${DOWNLOAD}kbit burst $D_BURST cburst $D_BURST prio 0
tc class add dev $LAN parent 1:1 classid 1:20 htb rate $(($DOWNLOAD*2/10))kbit ceil $(($DOWNLOAD/2))kbit burst $D_BURST cburst $D_BURST prio 1
tc filter add dev $LAN parent 1: prio 1 protocol ip handle 1 fw flowid 1:10
tc filter add dev $LAN parent 1: prio 2 protocol ip handle 2 fw flowid 1:10
tc filter add dev $LAN parent 1: prio 3 protocol ip handle 3 fw flowid 1:20

iptables -t mangle -N mark_chain
iptables -t mangle -N ingress_chain

iptables -t mangle -A POSTROUTING -o $WAN -j mark_chain
iptables -t mangle -A PREROUTING -i $WAN -j ingress_chain

###################################### INGRESS CHAIN #################################################
# Restore any saved connection mark
iptables -t mangle -A ingress_chain -j CONNMARK --restore-mark

# Default is normal priority (to make sure every packet on wan interface gets marked)
iptables -t mangle -A ingress_chain -m mark --mark 0 -j MARK --set-mark 2

# Mark *any* p2p package (first package in connection only)
#iptables -t mangle -A ingress_chain -m mark --mark 0 -m ipp2p --ipp2p -j MARK --set-mark 1

# Mark bulk packets according to Layer 7 match. Works for first package only!
#for PROTO in $BULK_PROTOS; do
#  iptables -t mangle -A ingress_chain -m mark --mark 0 -m layer7 --l7proto $PROTO -j MARK --set-mark 1
#done

# Save mark onto connection
#iptables -t mangle -A ingress_chain -j CONNMARK --save-mark
######################################################################################################
    
######################################## MARK CHAIN ##################################################
# Restore any saved connection mark
iptables -t mangle -A mark_chain -j CONNMARK --restore-mark

# Mark prio packets based on port numbers and protocol
for PORT in $UDP_PRIO; do
  iptables -t mangle -A mark_chain -m mark --mark 0 -p udp --dport $PORT -j MARK --set-mark 1
done
for PORT in $TCP_PRIO; do
  iptables -t mangle -A mark_chain -m mark --mark 0 -p tcp --dport $PORT -j MARK --set-mark 1
done

# Mark bulk packets based on port numbers and protocol
for PORT in $UDP_BULK; do
  iptables -t mangle -A mark_chain -m mark --mark 0 -p udp --dport $PORT -j MARK --set-mark 3
done
for PORT in $TCP_BULK; do
  iptables -t mangle -A mark_chain -m mark --mark 0 -p tcp --dport $PORT -j MARK --set-mark 3
done

# Save mark onto connection
iptables -t mangle -A mark_chain -j CONNMARK --save-mark

# Make sure ACK packets get priority
iptables -t mangle -A mark_chain -p tcp -m length --length :128 --tcp-flags SYN,RST,ACK ACK -j MARK --set-mark 1

# Default is normal priority
iptables -t mangle -A mark_chain -m mark --mark 0 -j MARK --set-mark 2
######################################################################################################

[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 0 -j LOG --log-prefix mark_0::
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 0 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 1 -j LOG --log-prefix mark_1::
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 1 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 2 -j LOG --log-prefix mark_2::
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 2 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 3 -j LOG --log-prefix mark_3::
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 3 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -j LOG --log-prefix mark_other::

[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 0 -j LOG --log-prefix ingress_0::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 0 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 1 -j LOG --log-prefix ingress_1::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 1 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 2 -j LOG --log-prefix ingress_2::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 2 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 3 -j LOG --log-prefix ingress_3::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 3 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -j LOG --log-prefix ingress_other::
```

----------


## acoul

Πηγή



> QoS Linux with HFSC
> 
> HFSC
> HFSC is a method to prioritize traffic with iptables and tc. Make shure your kernel supports HFSC.
> 
> I succesfully use this script, which brough me dramatically improved latency while up- and downloading simultaneously via a 1024/128 adsl line (in Germany). I tried the same with HTB before, and it didn't work so well. I use a 2.6.10 kernel image on Debian Linux.
> 
> 
> ```
> ...


Πηγή



> QoS Linux
> 
> HTB
> HTB is an alternative to CBQ (lower CPU usage & better help)
> 
> * http://luxik.cdi.cz/~devik/qos/htb/ 
> 
> Here is a script to optimise one end of an IAX over SDSL link:
> 
> ...

----------

