Koozali.org formerly Contribs.org

testers wanted: htbwondershaper

testers wanted: htbwondershaper
« on: November 11, 2005, 10:29:09 PM »
Hi,
I announced a wondershaper script for sme7 here before.

I have tested it and it works for me.
I would like to ask people with adsl/ broadband to test the script.
This wondershaper script does traffic-shaping, and so it should enhance your latency for instance.


I would like to know:
- Do you understand the script enough to use it?
- Does it work for your situation
- Can you come up with ideas to enhance it?

If you already use a wondershaper script, would you be so kind to compare it with this one? Do you see
differences in latency for instance?

Please also measure latency (use ping and surf)  while you are downloading/uploading a lot etc.

The script lives here:
http://www.hanscees.com/sme7/HTBWondershaper
The page describing it is here:
http://www.hanscees.com/sme7/wondershaperbeefedup.html

The script is relatively easily extendable to do traffic shaping like:
- limit downloads from some internal ip-address/ tcp-port etc.

Hope to have many testers! If all goes well it might grow into a regular sme package.

Hans-Cees
nl.linkedin.com/in/hanscees/

Offline psoren

  • *
  • 369
Re: testers wanted: htbwondershaper
« Reply #1 on: November 13, 2005, 01:03:11 AM »
Quote from: "hanscees"
Hi,
I announced a wondershaper script for sme7 here before.

I have tested it and it works for me.
I would like to ask people with adsl/ broadband to test the script.
This wondershaper script does traffic-shaping, and so it should enhance your latency for instance.


I would like to know:
- Do you understand the script enough to use it?
- Does it work for your situation
- Can you come up with ideas to enhance it?

If you already use a wondershaper script, would you be so kind to compare it with this one? Do you see
differences in latency for instance?

Please also measure latency (use ping and surf)  while you are downloading/uploading a lot etc.

The script lives here:
http://www.hanscees.com/sme7/HTBWondershaper
The page describing it is here:
http://www.hanscees.com/sme7/wondershaperbeefedup.html

The script is relatively easily extendable to do traffic shaping like:
- limit downloads from some internal ip-address/ tcp-port etc.

Hope to have many testers! If all goes well it might grow into a regular sme package.

Hans-Cees


Hi, i would love to test it... But i don't even know where to put it :hammer:
The reason for me to use it would be to priorytize VoIP traffic. I have looked a little on the script but i don't fully understand yet. I have read that there has to be some things enabled in the kernel for HTB, is that already the case? I'm sure a lot off people want's to get VoIP to work better with this script, so maybe we could get a few pointers how to do that.

Per

Re: testers wanted: htbwondershaper
« Reply #2 on: November 13, 2005, 07:21:42 PM »
see below, this went wrong..
nl.linkedin.com/in/hanscees/

Re: testers wanted: htbwondershaper
« Reply #3 on: November 13, 2005, 07:24:48 PM »
Quote from: "hanscees"
Quote from: "psoren"

Hi, i would love to test it... But i don't even know where to put it
The reason for me to use it would be to priorytize VoIP traffic. I have looked a little on the script but i don't fully understand yet. I have read that there has to be some things enabled in the kernel for HTB, is that already the case? I'm sure a lot off people want's to get VoIP to work better with this script, so maybe we could get a few pointers how to do that.

Per

Hi,
-HTB is enabled in sme7. I do not know about sme6.
Have a look with lsmod and see if:


sch_sfq          
sch_htb          

are there. The htb thing is htb.

What traffic do you have that is voip? You will need to mark it with iptables. To be able to do that you will need to know what tcp/udp-ports it uses and what flows take place from internal to internet and back.
So question is:
- what kind of traffic are you aiming at exactly with voip here?

If you can answer that I can see if that is possible.


You can save the script and just run it as a script. You should firstly adjust the liner-speed to your speed, so adjust "CEIL" "DOWNLINK" and "EXTDEV" and "LANDEV" if needed.

Does this answer help? Or are still other things unclear?

Hans-Cees
nl.linkedin.com/in/hanscees/

Offline psoren

  • *
  • 369
Re: testers wanted: htbwondershaper
« Reply #4 on: November 18, 2005, 10:53:56 AM »
Quote from: "hanscees"
Quote from: "hanscees"
Quote from: "psoren"

Hi, i would love to test it... But i don't even know where to put it
The reason for me to use it would be to priorytize VoIP traffic. I have looked a little on the script but i don't fully understand yet. I have read that there has to be some things enabled in the kernel for HTB, is that already the case? I'm sure a lot off people want's to get VoIP to work better with this script, so maybe we could get a few pointers how to do that.

Per

Hi,
-HTB is enabled in sme7. I do not know about sme6.
Have a look with lsmod and see if:


sch_sfq          
sch_htb          

are there. The htb thing is htb.

What traffic do you have that is voip? You will need to mark it with iptables. To be able to do that you will need to know what tcp/udp-ports it uses and what flows take place from internal to internet and back.
So question is:
- what kind of traffic are you aiming at exactly with voip here?

If you can answer that I can see if that is possible.


You can save the script and just run it as a script. You should firstly adjust the liner-speed to your speed, so adjust "CEIL" "DOWNLINK" and "EXTDEV" and "LANDEV" if needed.

Does this answer help? Or are still other things unclear?

Hans-Cees


Hans-Cees,

I am running SME 6.
I can do "modprobe sch_htb" and i can se it with lsmod, but sch_sfq says "can't locate module".

I need ports UDP 10000-20000 (incoming) for the voice traffic and UDP 5060 to connect to the VoIP provider (don't think that would need priority) but i don't know what ports is used outgoing. Is there a way to see that?

Where do i physically locate the script on the server and how do i actually activate it?

I hope you can help a little, i think this is interesting for all the people using VoIP and all the people implementing asterisk on the SME.

Cheers
Per

Re: testers wanted: htbwondershaper
« Reply #5 on: November 18, 2005, 10:03:22 PM »
Quote from: "psoren"

Hans-Cees,

I am running SME 6.
I can do "modprobe sch_htb" and i can se it with lsmod, but sch_sfq says "can't locate module".

I need ports UDP 10000-20000 (incoming) for the voice traffic and UDP 5060 to connect to the VoIP provider (don't think that would need priority) but i don't know what ports is used outgoing. Is there a way to see that?

Where do i physically locate the script on the server and how do i actually activate it?

I hope you can help a little, i think this is interesting for all the people using VoIP and all the people implementing asterisk on the SME.

Cheers
Per


Question one is howto run it, that is relatively easy:

Ok, I think you only need sch_htb, so that would be fine.

You can runs the script from anywhere you like. So for instance do:

go to your sme server with ssh.
mkdir /root/scripts
cd /root/scripts
wget http://web.inter.nl.net/users/hanscees/sme7/HTBWondershaper

chmod +x HTBWondershaper

and run it like this:
/root/scripts/HTBWondershaper

Than look with
/root/scripts/HTBWondershaper status

if you see all kinds of lines with information about htb and iptables chains. So far for question one.

Question two is about traffic shaping and what you need. This is more difficult.

We need to determine what traffic you need to prioritise exactly. That question is not simple I am afraid.

There is a chance the script will improve your traffic
as long as you set the CEIL and other variables correctly. By default it can improve your latency. It also improves the flow for traffic where the TOS bits are set. If for instance asteriks sets those tos bits, the script might do good as it is by default.

If that is not the case we will have to look more into the traffic your voip will generate.

Is it correct that you want to look at using this script with an asteriks on your sme?

Hans-Cees
nl.linkedin.com/in/hanscees/

Offline psoren

  • *
  • 369
Re: testers wanted: htbwondershaper
« Reply #6 on: November 19, 2005, 11:40:00 PM »
Quote from: "hanscees"

Question one is howto run it, that is relatively easy:

Ok, I think you only need sch_htb, so that would be fine.

There is a chance the script will improve your traffic
as long as you set the CEIL and other variables correctly. By default it can improve your latency. It also improves the flow for traffic where the TOS bits are set. If for instance asteriks sets those tos bits, the script might do good as it is by default.

If that is not the case we will have to look more into the traffic your voip will generate.

Is it correct that you want to look at using this script with an asteriks on your sme?

Hans-Cees


Hans-Cees,

OK, i got the script running but it did give me a few errors:

Unknown qdisc "htb", hence option "default" is unparsable
+ tc class add dev eth1 parent 1: classid 1:1 htb rate 384kbit ceil 384kbit
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:10 htb rate 100kbit ceil 200kbit prio 0
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:11 htb rate 200kbit ceil 384kbit prio 1
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:12 htb rate 50kbit ceil 384kbit prio 2
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:13 htb rate 100kbit ceil 307kbit prio 3
Error: Qdisc "htb" is classless.
+ tc qdisc add dev eth1 parent 1:10 handle 100: sfq perturb 10

Is that bad?

I use VoIP in tree different ways:
 1. My Sipura 2002 adapter set up to my VoIP provider. Simple but no fun... Is what i use at the moment.

 2. I have an older server running asterisk@home and my sipura set up with local extensions. Good fun but not without problems.

3. A basic asterisk installation on the SME server. Works well.

If SME 7 and asterisk@home gets well integrated, then i will go for that in the long run. But ideally, the traffic shaping should wor regardless if the VoIP is happening on the SME serv or through it.

I will try running the script now for a while and see (hear  :-D ) how it works.

Thanks
Per

Re: testers wanted: htbwondershaper
« Reply #7 on: November 21, 2005, 07:12:41 PM »
Quote from: "psoren"


OK, i got the script running but it did give me a few errors:

Unknown qdisc "htb", hence option "default" is unparsable
+ tc class add dev eth1 parent 1: classid 1:1 htb rate 384kbit ceil 384kbit
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:10 htb rate 100kbit ceil 200kbit prio 0
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:11 htb rate 200kbit ceil 384kbit prio 1
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:12 htb rate 50kbit ceil 384kbit prio 2
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:13 htb rate 100kbit ceil 307kbit prio 3
Error: Qdisc "htb" is classless.
+ tc qdisc add dev eth1 parent 1:10 handle 100: sfq perturb 10

Is that bad?

I will try running the script now for a while and see (hear  :-D ) how it works.

Thanks
Per


I am afraid the script will not work at all with those errors. Sorry, I can't help you.

Hans-Cees
nl.linkedin.com/in/hanscees/

Offline psoren

  • *
  • 369
Re: testers wanted: htbwondershaper
« Reply #8 on: November 21, 2005, 07:24:50 PM »
Quote from: "hanscees"

I am afraid the script will not work at all with those errors. Sorry, I can't help you.

Hans-Cees


Hmmm.. I was afraid so... But your help so far is very apreciated, thanks.
Guess i have to go for 7 soon....

Per

BeatJunkie

Re: testers wanted: htbwondershaper
« Reply #9 on: November 24, 2005, 06:35:18 PM »
Quote from: "psoren"
OK, i got the script running but it did give me a few errors:

Unknown qdisc "htb", hence option "default" is unparsable
+ tc class add dev eth1 parent 1: classid 1:1 htb rate 384kbit ceil 384kbit
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:10 htb rate 100kbit ceil 200kbit prio 0
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:11 htb rate 200kbit ceil 384kbit prio 1
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:12 htb rate 50kbit ceil 384kbit prio 2
Error: Qdisc "htb" is classless.
+ tc class add dev eth1 parent 1:1 classid 1:13 htb rate 100kbit ceil 307kbit prio 3
Error: Qdisc "htb" is classless.
+ tc qdisc add dev eth1 parent 1:10 handle 100: sfq perturb 10

Is that bad?

I had the same problem running this on SME 6 too.  I found a post on the LARTC mailing list archive, where someone downloaded a tarball for HTB3 and used the version of tc contained in it.  I suppose the version of tc included with SME 6 is broken, or is the wrong version for use with HTB.

The post that I read is here: http://mailman.ds9a.nl/pipermail/lartc/2004q4/013799.html

The HTB3 tarball is available here: http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz

Extract this tarball to a directory of your choice, then copy the file "tc" into /sbin to replace the original one.  The HTBWonderShaper script should work after that.

Cheers!

BeatJunkie

Re: testers wanted: htbwondershaper
« Reply #10 on: November 24, 2005, 07:06:03 PM »
Quote from: "hanscees"
I would like to know:
- Do you understand the script enough to use it?
- Does it work for your situation
- Can you come up with ideas to enhance it?

The script lives here:
http://www.hanscees.com/sme7/HTBWondershaper
The page describing it is here:
http://www.hanscees.com/sme7/wondershaperbeefedup.html

Hi Hans,

Bug report!  :)

I noticed that in many of your tc and iptables lines, there are direct references to eth1 where $EXTDEV should be used instead.

It occurs mostly in your examples, but it also occurs in some of your live tc commands.  Your script will work fine as-is for firewalls using eth1 as the external interface, but not for firewalls using another device as its external interface (in my case, ppp0 for my PPPoE DSL connection).

The following lines:
Code: [Select]
tc qdisc add dev eth1 root handle 1: htb default 13
tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
should read:
Code: [Select]
tc qdisc add dev $EXTDEV root handle 1: htb default 13
tc class add dev $EXTDEV parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit

And these lines:
Code: [Select]
tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13
Should read:
Code: [Select]
tc filter add dev $EXTDEV parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev $EXTDEV parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
tc filter add dev $EXTDEV parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
tc filter add dev $EXTDEV parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13

I modified those lines on my copy, and it appears to load correctly.  I'll have to do some further tweakage and testing.

Cheers!

Offline psoren

  • *
  • 369
Re: testers wanted: htbwondershaper
« Reply #11 on: November 24, 2005, 07:31:26 PM »
Quote from: "BeatJunkie"
I had the same problem running this on SME 6 too.  I found a post on the LARTC mailing list archive, where someone downloaded a tarball for HTB3 and used the version of tc contained in it.  I suppose the version of tc included with SME 6 is broken, or is the wrong version for use with HTB.

The post that I read is here: http://mailman.ds9a.nl/pipermail/lartc/2004q4/013799.html

The HTB3 tarball is available here: http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz

Extract this tarball to a directory of your choice, then copy the file "tc" into /sbin to replace the original one.  The HTBWonderShaper script should work after that.

Cheers!


OK, that fixed the errors. Thanks BeatJunkie.
It will be interesting to see over time how it works for VoIP.

Per

testers wanted: htbwondershaper
« Reply #12 on: November 24, 2005, 10:38:10 PM »
Hi,
thanks for the bugreport. I have changed the online version to 1.2.1 which has $EXTDEV and $LANDEV everywhere.

By the way in my case I notice that you need to have your bandtwidh free for 70% to be able to really do effective traffic shaping. I have an 1mb upload line adsl. When I set the ceil to 700 trafficshaping really works well for upload traffic. When you ago above 70% theory says shaping will not work, since ip/tcp cannot do its flow-controle effectively since packets are dropped that need to do the flow-control. In practice that is true also.

hope to hear some testing from you all.

Hans-Cees
nl.linkedin.com/in/hanscees/

Offline psoren

  • *
  • 369
testers wanted: htbwondershaper
« Reply #13 on: November 28, 2005, 08:50:05 PM »
Hanscees,

I have done a few VoIP calls since doing the fix BeatJunkie suggested and i have done simultaneously downloads, and it seems that the script actually helps as there was no studdering in the sound. I can't do more testing since i am away from home until Xmas but i will when i get back home. I had the upload/download limits set to 75%, no other changes to the script.

Thanks!

Per

testers wanted: htbwondershaper
« Reply #14 on: November 28, 2005, 09:30:45 PM »
Quote from: "psoren"
Hanscees,

I have done a few VoIP calls since doing the fix BeatJunkie suggested and i have done simultaneously downloads, and it seems that the script actually helps as there was no studdering in the sound. I can't do more testing since i am away from home until Xmas but i will when i get back home. I had the upload/download limits set to 75%, no other changes to the script.

Thanks!

Per


It makes sense since by default the script will prioritise outgoing traffic with TOS minimize-delay set.

But the question relevant here is if your voip did studder without the script?

Hans-Cees
nl.linkedin.com/in/hanscees/

BeatJunkie

testers wanted: htbwondershaper
« Reply #15 on: November 29, 2005, 12:11:41 AM »
Hi again Hans,

I spent most of today part of today going through the script, learning about what's going on, and adapting it to my network.

I added a bit of intelligence to the rate and ceil parameters where the tc classes are being defined.  Here's what I came up with:
Code: [Select]
tc qdisc add dev $EXTDEV root handle 1: htb default 13
tc class add dev $EXTDEV parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
tc class add dev $EXTDEV parent 1:1 classid 1:10 htb rate $[3*$CEIL/10]kbit ceil $[3*$CEIL/10]kbit prio 0
tc class add dev $EXTDEV parent 1:1 classid 1:11 htb rate $[3*$CEIL/10]kbit ceil ${CEIL}kbit prio 1
tc class add dev $EXTDEV parent 1:1 classid 1:12 htb rate $[2*$CEIL/10]kbit ceil ${CEIL}kbit prio 2
tc class add dev $EXTDEV parent 1:1 classid 1:13 htb rate $[2*$CEIL/10]kbit ceil ${CEIL}kbit prio 3

You will notice that I put a calculation in for each rate so I could specify the rates as percentages of the ceiling.  The first two are 30% each, and the remaining two are 20% each, so that the total is 100%, and each class is guaranteed their minimum rate.

My implementation is a bit different than the one that the script was originally tailored to.  I my case, my SME server is not a web server that is eating up my uplink.  Rather, mine is a firewall and VPN server.  My boss needs high priority for presenting demos of our software over the Internet to clients using GoToMeeting.  Our bandwidth killer is uploading files to our co-locate facility through FTP, Therefore my priorities are assigned as follows:

Code: [Select]
#                 FORWARD to internet   |   OUTPUT to internet
#level 1 acks/small packets all icmp    | dns icmp time small-packets
#level 2 GoToMeeting                    |
#level 3 default other traffic          | everything else
#level 4 FTP uploading                  |

I expect to do some actual testing under this setup tomorrow.  It should work out nice.

Offline psoren

  • *
  • 369
testers wanted: htbwondershaper
« Reply #16 on: November 29, 2005, 08:58:53 AM »
Quote from: "hanscees"


But the question relevant here is if your voip did studder without the script?

Hans-Cees


Ohh yes, even if i just view regular pages on internet, my link is 512/512 so there should be enough bandwith just for that. With the script, i actually downloaded 2 big files from 2 different servers to be sure to eat up as much bandwith as possible while phoning, and it still worked fine.

Per

BeatJunkie

testers wanted: htbwondershaper
« Reply #17 on: November 30, 2005, 12:06:24 AM »
Well, I had some more time to tweak, and the traffic shaping is working for the most part.  My ping times remain fast even when uploading at full speed, and my FTP traffic to outside hosts runs at a lower priority than the rest of the traffic.

There is one caveat though.  I have an IPSEC VPN on my SME server, which connects my office to our hosting facility.  If I do an FTP session over the VPN to the hosting facility, the FTP upload gets the same priority as the regular traffic, and not the lower priority that it should get.

I figured out the reason for this...  My SME server routes VPN-bound traffic through the ipsec0 interface.  But HTBWonderShaper is set up to do traffic shaping on ppp0.  All ppp0 sees of this traffic is the IPSEC packets.  The priority mark on my FTP packets is hidden by the IPSEC encapsulation, and the qdisc just gives IPSEC packets default priority.

Because of this, I think I am going to have to do traffic shaping on both the ppp0 and the ipsec0 interfaces, giving them each their own htb tree.  And because all traffic eventually goes through ppp0, I will have to mark IPSEC packets such that they go out with a certain priority...perhaps even create a specific class for it.  Does that sound correct?

testers wanted: htbwondershaper
« Reply #18 on: November 30, 2005, 08:16:28 PM »
Quote from: "BeatJunkie"
Well, I had some more time to tweak, and the traffic shaping is working for the most part.  My ping times remain fast even when uploading at full speed, and my FTP traffic to outside hosts runs at a lower priority than the rest of the traffic.

That sounds good. Could you post your iptables rules for this please. Perhaps people can learn from it. I am wondering how you do your ftp so the ports used for the data fall within a certain class?


Quote from: "BeatJunkie"


There is one caveat though.  I have an IPSEC VPN on my SME server, which connects my office to our hosting facility.  If I do an FTP session over the VPN to the hosting facility, the FTP upload gets the same priority as the regular traffic, and not the lower priority that it should get.

I figured out the reason for this...  My SME server routes VPN-bound traffic through the ipsec0 interface.  But HTBWonderShaper is set up to do traffic shaping on ppp0.  All ppp0 sees of this traffic is the IPSEC packets.  The priority mark on my FTP packets is hidden by the IPSEC encapsulation, and the qdisc just gives IPSEC packets default priority.

Because of this, I think I am going to have to do traffic shaping on both the ppp0 and the ipsec0 interfaces, giving them each their own htb tree.  And because all traffic eventually goes through ppp0, I will have to mark IPSEC packets such that they go out with a certain priority...perhaps even create a specific class for it.  Does that sound correct?


The reason you give makes sense. You could do a couple of things, but what you suggest may be the best thing to do.
You could do your ftp by sftp (ftp over ssh) and make sure this does not go over ipsec. But that might be a problem, since you should adjust your ipsec tunnels, and sftp might not be as secure as your ipsec.

I do not know what traffic goes over ipsec but you could de-prioritise all ipsec traffic.
But the best way to go is probably to make an htb-class for the ipsec interface as you suggest. And perhaps give ipsec traffic a specific amount in the htb class of the external interface.

If that succeeds please do post your configuration. I have no idea if it will work, but it just might work out fine.

Hans-Cees
nl.linkedin.com/in/hanscees/

testers wanted: htbwondershaper
« Reply #19 on: November 30, 2005, 08:26:47 PM »
Quote from: "psoren"
Quote from: "hanscees"


But the question relevant here is if your voip did studder without the script?

Hans-Cees


Ohh yes, even if i just view regular pages on internet, my link is 512/512 so there should be enough bandwith just for that. With the script, i actually downloaded 2 big files from 2 different servers to be sure to eat up as much bandwith as possible while phoning, and it still worked fine.

Per


That means the scripts defaults do work benificial for voip as you use it. That is good news for voip users.

Hans-Cees
nl.linkedin.com/in/hanscees/

BeatJunkie

testers wanted: htbwondershaper
« Reply #20 on: November 30, 2005, 10:30:32 PM »
Quote from: "hanscees"
That sounds good. Could you post your iptables rules for this please. Perhaps people can learn from it. I am wondering how you do your ftp so the ports used for the data fall within a certain class?

Well, I haven't come across the universal solution yet.  Active ftp-data can be tagged because active ftp uses tcp port 20.  However, passive ftp uses random high ports as determined by the ftp server, so it isn't possible to tag passive ftp by a simple port rule.

Here's my temporary solution...  In my case, it is rare for my staff to upload FTP to anywhere except our co-locate, and I configured my co-locate's FTP server to use a specific narrow range of high ports for passive ftp .  I created a tagging rule in my HTBWonderShaper to tag destination port 20, and the destination ftp data ports that my ftp server uses.
Code: [Select]
iptables -t mangle -A FORWARD -p tcp --dport 20 -i $LANDEV -j MARK --set-mark 0x4
iptables -t mangle -A FORWARD -p tcp --dport 20 -i $LANDEV -j RETURN
iptables -t mangle -A FORWARD -p tcp --dport 20001:20005 -i $LANDEV -j MARK --set-mark 0x4
iptables -t mangle -A FORWARD -p tcp --dport 20001:20005 -i $LANDEV -j RETURN

But for passive ftp anywhere else, a solution remains to be found.  I can live with this for a while.

As for my IPSEC tunnel...Aside from file transfers, there is also interactive traffic that needs high priority, such as rdp and ssh for remote administration of servers.  This eliminates de-prioritizing IPSEC as an option for me.

Perhaps instead of trying to de-prioritize FTP traffic, I should just explicitly prioritize interactive traffic.  That would probably be easier.  :)

I found an unanswered year-old post asking about a situation similar to mine.  I'm going to e-mail that person and see if he ever found a solution.  Maybe he figured it out, or maybe we can help each other.

BeatJunkie

testers wanted: htbwondershaper
« Reply #21 on: December 01, 2005, 10:35:11 PM »
Things are shaping up!  (No pun intended)

The gentleman who had a similar setup to mine got back to me, and confirmed that I will need to set up two htb trees, one for ipsec0 and one for ppp0.  He also added that he is now using 2.6sec (IPSEC built into the kernel), which doesn't use a virtual interface for IPSEC, so he can get away with just one HTB tree.

But for those of us running FreeS/WAN or Openswan we need two trees.  I set up shaping on both my ipsec0 and ppp0 interfaces.  Here's how my htb trees are configured:

On the $EXTDEV interface...
1:10  TCP SYN, SYN-ack, ICMP, etc
1:11  Interactive traffic (dest ports 21, 22, 80, 443, 3389), GoToMeeting traffic (boss uses this for demos)
1:12  IPSEC traffic (ie: everything that goes through $VPNDEV)
1:13  Everything else

On the $VPNDEV interface...
2:10  TCP SYN, SYN-ack, ICMP, etc
2:11  Interactive traffic (dest ports 21, 22, 80, 443, 3389)
2:12  (nothing)
2:13  Everything else

I set up the tc filters so that the priority tags are interpreted the same for both interfaces.  As you can see above, TCP SYN, SYN-ack, ICMP, etc go to the *.10 class, interactive traffic goes to the *.11 class, bulk "Everything else" traffic goes to *.13.  That way I only need one set of tagging rules.

It seems to be working.  Traffic seems to be going through the proper counters.

In my script I also added an additional command line option that shows a subset of the status.  Useful when you want to just look at one set of counters, or just the iptables rules.

My complete script can be found here.
http://www.colp.ca/HTBWonderShaperIPSEC

So to answer some more of your original questions...
Quote
- Do you understand the script enough to use it?
- Does it work for your situation
- Can you come up with ideas to enhance it?

Yes on all counts!

Thank you very much for making the HTBWondershaper script.  It made it much easier for me to learn what traffic shaping is all about and implement it.

-Ryan

Offline p1ur

Tested for VoIP
« Reply #22 on: January 09, 2006, 05:58:38 PM »
Hi
I have installed the script, but before i could figure it out,
I had to write my own howto.

HowTo for htbwondershaper, QoS for VoIP

Connect to SME Server with PuTTy
1. Handle(or execute? or ??) module:
[root@e-smith]# modprobe sch_htb
2. Check module with the command:
[root@e-smith]# lsmod

3 Collect data for VoIP:
ADSL: Up/down: 512/2048 kbit/s
Ip-Adapter: Sipura 2002
TCP:
Line1. Mapped SIP Port:   5060
Line2. Mapped SIP Port:   5061
UDP:
RTP Port Min:16384 RTP Port Max: 16482

4. Get Script
[root@e-smith]# mkdir /root/scripts
[root@e-smith]# cd /root/scripts
[root@server scripts]# wget http://web.inter.nl.net/users/hanscees/sme7/HTBWondershaper

5. Change the file tc i \sbin
Get the file htb3.6-020525.tgz
Get it here: http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz
Extract the file tc and copy it to /sbin to replace it with the existing tc-file

6. Edit Script
Change CHMOD to 755.
Use MC or the command:
[root@server scripts]# chmod +x HTBWondershaper
Edit the file.
First You should adjust the liner-speed to your speed,
Then adjust "CEIL" "DOWNLINK" and "EXTDEV" and "LANDEV" if needed

Liner speed
Downlink is set to 1950 in the file, is that liner-speed? -
If so, what speed is it? 2mb?, why is it set to 1950?
Ceil is set to 950 in the file. Is that 75% of upstream bandwih? ~ 1266

I have 2048 down, so I set Downlink to 1950 - is that correct?
I have 512 up, so I set ceil to 384 ~ 75% af 512 - is that correct?

My EXDEV is eth1 (i'm pretty sure, but how do I check?)

7. Execute the script.
[root@server scripts]# /root/scripts/HTBWondershaper
Check status:
[root@server scripts]# /root/scripts/HTBWondershaper status


I have done no other changes to the script. My primery reason for trying htbwondershaper, is because I have set up at Ip-telefony-adapter, a Sipura 2002.
With that I can(have) connected a standard telefone to the LAN, and with that (and a provider) I can telefone to and from normal telefones.
When I first stress-tested it, with lots of download and filesharing, it was not possible to hear/understand the conversation.
After installing the script, I tested with huge filedownload and filesharing with Azureus
There is still studdering in the sound from the IP-phone The sound to the IP-phone is okay.
It did however help with browsing. It used to be imposible to browse the internet while Azureus was online.

My server is at home, it is ver 6.01.
I have only little experince with LINUX, but have had a sme-server for some years
(and I love it :-)

Is /root the right place to put the script?
If I have to restart the server, how do I make sure the script is loaded automatic?

I dont use the server as a web-server, and would like to know how to optimize the script for my purpose, and would also like to know, if the information given above, is enough.

Thanx in advance
 :-)

Petur
......

Priortize VOIP traffic
« Reply #23 on: January 10, 2006, 08:22:01 PM »
Does the script need any changes if my VOIP traffic uses  4569, 5060 & 10000-20000 all UDP ports.

Thanks
......

Re: Tested for VoIP
« Reply #24 on: January 11, 2006, 04:02:25 PM »
Quote from: "p1ur"
Hi
...........................
Liner speed

I have 2048 down, so I set Downlink to 1950 - is that correct?
I have 512 up, so I set ceil to 384 ~ 75% af 512 - is that correct?

My EXDEV is eth1 (i'm pretty sure, but how do I check?)



yes that is correct.

Check the ip-addres by ifconfig eth1,

or ping to somewhere on the internet and see if traffic passes there:

open two putty screens, in screen 1 do: ping www.nu.nl
in screen 2 do tcpdump -nlpi eth1

and see if the traffic passes there. If so it is the outside interface.


Quote




I have done no other changes to the script. My primery reason for trying htbwondershaper, is because I have set up at Ip-telefony-adapter, a Sipura 2002.
With that I can(have) connected a standard telefone to the LAN, and with that (and a provider) I can telefone to and from normal telefones.
When I first stress-tested it, with lots of download and filesharing, it was not possible to hear/understand the conversation.
After installing the script, I tested with huge filedownload and filesharing with Azureus
There is still studdering in the sound from the IP-phone The sound to the IP-phone is okay.
It did however help with browsing. It used to be imposible to browse the internet while Azureus was online.


That is a good sign, so it helps a bit anyway. Perhaps some more tweaking is possible.

Quote



Is /root the right place to put the script?
If I have to restart the server, how do I make sure the script is loaded automatic?


I am sure there are better ways, but adding it to
/etc/rc.local will do the trick.


Quote



I dont use the server as a web-server, and would like to know how to optimize the script for my purpose, and would also like to know, if the information given above, is enough.



I am not sure.
You must know that the script as presented can only shape upward, so traffic to the internet.

So the ports you mention can be be shaped if they go up.
But adding these ports to the most fast class should be a good bet.
Hans-Cees
nl.linkedin.com/in/hanscees/

Offline Tib

  • *
  • 571
    • http://www.tibors.net
testers wanted: htbwondershaper
« Reply #25 on: April 09, 2006, 05:44:30 AM »
The way sme server7 runs seems to be fine except mail uploads to internet ... what would be the best wondershaper setup for a 1500/256 setup.

When a few large e-mails go out it totally kills the internet conection to the point that you cannot acces anything ... till all the mail goes out.

Anyone got any good ideas on that sort of setup?

Reagrds,

Tib.

Offline Tib

  • *
  • 571
    • http://www.tibors.net
testers wanted: htbwondershaper
« Reply #26 on: April 11, 2006, 01:27:04 PM »
I love wondershaper  :-D

Played arround with the settings and now i can slow down my e-mails to a reasonable speed so it doesn't impact on other users trying to brows the net.

You deserve a  :pint: hanscees


Regards,

Tib

Offline brianr

  • *
  • 898
testers wanted: htbwondershaper
« Reply #27 on: April 11, 2006, 02:37:52 PM »
can you give us an indication of the parameters that you found worked?
Brian j Read
(retired, for a second time, still got 3 installations though)
.........

testers wanted: htbwondershaper
« Reply #28 on: April 11, 2006, 07:40:56 PM »
Quote from: "Tib"
I love wondershaper  :-D

Played arround with the settings and now i can slow down my e-mails to a reasonable speed so it doesn't impact on other users trying to brows the net.

You deserve a  pint hanscees


Regards,

Tib


To your health then:-)

Hans-Cees
nl.linkedin.com/in/hanscees/

Offline Tib

  • *
  • 571
    • http://www.tibors.net
testers wanted: htbwondershaper
« Reply #29 on: April 12, 2006, 02:09:52 PM »
brianr

here is my setup ...

#Size of downloads. Used for igress filter all below (2mb).
DOWNLINK=1152
#Adjust CEIL to 75% of your upstream bandwith limit by now(1mb line).
#tinkering with ceil and ceil-related variables in tables is crucial for success.
#with 80% of upload, my line becomes clogged. With 70% all goes well.
CEIL=180

My ADSL speed is 1500/256 so I set it to 75% of down and 70% of up

##set devices, extdev is your internet/outside device. Lan the inside one.
EXTDEV=ppp0
LANDEV=eth0

tc qdisc add dev $EXTDEV root handle 1: htb default 13
tc class add dev $EXTDEV parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
tc class add dev $EXTDEV parent 1:1 classid 1:10 htb rate $[3*$CEIL/10]kbit ceil $[5*$CEIL/10]kbit prio 0
tc class add dev $EXTDEV parent 1:1 classid 1:11 htb rate $[3*$CEIL/10]kbit ceil ${CEIL}kbit prio 1
tc class add dev $EXTDEV parent 1:1 classid 1:12 htb rate $[2*$CEIL/10]kbit ceil $[8*$CEIL/10]kbit 2
tc class add dev $EXTDEV parent 1:1 classid 1:13 htb rate $[2*$CEIL/10]kbit ceil ${CEIL}kbit prio 3

These are the only bits I changed ... all else is default

I'm still getting my head arround the way it works ... but seems to run fine the way it is atm.

Mail upload is about 15k/sec and that leaves 10k/sec for other traffic ... I just want to have a look later and set the mail traffic to the least priority setting so that mail goes out after all else.

Regards,

Tib

Re: testers wanted: htbwondershaper
« Reply #30 on: May 04, 2006, 05:02:15 PM »
I have been looking for something like this for some time.  Our main problem is large emails being sent out that just stop all internet traffic.  I installed this script last night.  After modifing the Downlink and Ceil I was able to surf the net while sending out a large email which as previously unheard of.  Thanks for the hard work.

Quote from: "hanscees"

I would like to know:
- Do you understand the script enough to use it?
- Does it work for your situation
- Can you come up with ideas to enhance it?

Please also measure latency (use ping and surf)  while you are downloading/uploading a lot etc.

Hans-Cees


I understand the iptables portion of the script pretty well.  The other portions are new to me.  
It works great.
Ideas...not at this time.

Our ping times range from 21-52ms for major sites.  It is still eratic at times jumping from 100-500ms but surfing is not a problem with these times.  I blame our DSL line for thiese fluctuations.  Later this month we upgrade to Cable.  

Our DSL is 768/128
I set downlink to 700 and ceil to 80.

Thanks again,
Joel

Voip worse with script
« Reply #31 on: October 05, 2006, 06:52:34 AM »
I have sucessfully set up the htbwonderscript (beefed up version) and have set my up and down at 75% of max.

now My Voip is worse.

Unfortunatly I don't understand the rest of the script to change anything.  I will email my Voip provider for information such as ports but don't know if there is anything else that I need to ask.  Please help

testers wanted: htbwondershaper
« Reply #32 on: October 24, 2006, 10:29:35 AM »
Hello to all

I need some help here with the priority system that i don't really understand.

I need to build this script to a general SME7 server that runs on locations that connect to the internet at 2550kbs/256kbs.
I need to reduce the priority of ALL mail traffic - incomming AND outgoing so the rest of the resources will remain free for workstations to surf, external vpn connections to the server from the internet and ftp upload and download.
After playing with the script i couldn't get a good balance btween all the resources consumers and i would like to ask you to help me out here.

The main problem occours when mail is being recieved by the server or sent by it and the same happens when a file is uploaded to the ftp server from the outside.

The basic configuration is server and gateway, workstations connect to the internet through the server and i usually dissable http and smtp proxy to reduce server load.
The server is using dialup to connect to the internet thous it has the external ethernet exposed to the world with the static ip obtained from the ISP.
i did :
Code: [Select]

DOWNLINK=1875
CEIL=180

EXTDEV=eth1
LANDEV=eth0


tc class add dev $EXTDEV parent 1:1 classid 1:10 htb rate $[3*$CEIL/10]kbit ceil $[5*$CEIL/10]kbit prio 0
tc class add dev $EXTDEV parent 1:1 classid 1:11 htb rate $[3*$CEIL/10]kbit ceil ${CEIL}kbit prio 1
tc class add dev $EXTDEV parent 1:1 classid 1:12 htb rate $[2*$CEIL/10]kbit ceil $[8*$CEIL/10]kbit prio 2
#$[8*$CEIL/10] this class is for upload webserver. We set the ceil not at 100% but 80%
tc class add dev $EXTDEV parent 1:1 classid 1:13 htb rate $[2*$CEIL/10]kbit ceil ${CEIL}kbit prio 3
tc qdisc add dev $EXTDEV parent 1:10 handle 100: sfq perturb 10
tc qdisc add dev $EXTDEV parent 1:11 handle 110: sfq perturb 10
tc qdisc add dev $EXTDEV parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev $EXTDEV parent 1:13 handle 130: sfq perturb 10
......