Topic: QOS : doesnt' work at all, I'm surely missing something...

The content of this topic has been archived on 16 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

nosmile

1 Dec 2007, 13:09

Well, I'm now tryin for 3 days to setup a correct QOS script on Kamikaze 7.09. The goal seem easy. I need to be sure to have at least 90kbit/s on port 9101, 9100, 5060 and 5061 on upload (these port are used for 2 shoutcast streams of 80kbit/s each). So, I first tried the qos-script package with this configuration :

# QoS configuration for OpenWrt

# INTERFACES:
config interface wan
        option classgroup  "Default"
        option enabled      1
        option overhead     1
        option upload       240
        option download     4096

# RULES:
config classify
        option target       "Bulk"
        option ipp2p        "all"
config classify
        option target       "Bulk"
        option layer7       "edonkey"
config classify
        option target       "Bulk"
        option layer7       "bittorrent"
config classify
        option target       "Priority"
        option proto        "tcp"
        option ports        "9100,9101,5060,5061"
        option tos      Minimize-Delay
config classify
        option target       "Priority"
        option srcports      "21,20,22,53,5055,5056"
config classify
        option target           "Up"
        option proto            "tcp"
        option direction        "out"
config default
        option target       "Express"
        option proto        "udp"
        option pktsize      "-500"
config reclassify
        option target       "Priority"
        option proto        "icmp"
config default
        option target       "Bulk"
        option portrange    "1024-65535"
config reclassify
        option target       "Priority"
        option proto        "tcp"
        option pktsize      "-128"
        option mark         "!Bulk"
        option tcpflags     "SYN"
config reclassify
        option target       "Priority"
        option proto        "tcp"
        option pktsize      "-128"
        option mark             "!Bulk"
        option tcpflags     "ACK"

config class "Priority"
        option packetsize  400
        option maxsize     400
        option avgrate     90
        option priority    15
config class "Priority_down"
        option packetsize  1000
        option avgrate     10


config class "Express"
        option packetsize  1000
        option maxsize     800
        option avgrate     50
        option priority    10

config class "Normal"
        option packetsize  1500
        option packetdelay 100
        option avgrate     10
        option priority    5
        option limitrate   1024
config class "Normal_down"
        option avgrate     20
config class "Up"
        option maxsize          200
        option limitrate        8
        option priority         4
config class "Bulk"
        option avgrate     1
        option packetdelay 200

I have a vnc server on port 5040. When QOS is off, everything is good (but there is no limit on upload...), but, when it's on, the connection dropped everytime I connect the vnc server!

I also tried to do it manually so, I writed a tc setup script :

# Copyright (C) 2006 OpenWrt.org
#!/bin/sh

# root

tc qdisc del dev eth0.1 root
tc qdisc add dev eth0.1 root handle 1: htb default 10
tc class add dev eth0.1 parent 1: classid 1:1 htb rate 240kbit ceil 240kbit

# branche illimitee
tc class add dev eth0.1 parent 1:1 classid 1:10 htb rate 100kbit ceil 100kbit prio 1 # burst 80k
tc class add dev eth0.1 parent 1:1 classid 1:20 htb rate 60kbit ceil 60kbit prio 2
tc qdisc add dev eth0.1 parent 1:10 handle 10: pfifo # as fast as possible
tc qdisc add dev eth0.1 parent 1:20 handle 20: sfq perturb 10 # stochiastik fairness (for ssh and vnc)

# branche principale (pour tout)
tc class add dev eth0.1 parent 1:1 classid 1:30 htb rate 40kbit ceil 40kbit prio 3 burst 2k
tc qdisc add dev eth0.1 parent 1:30 handle 30: sfq perturb 10

And here is my forewall setting :

#TOS sur l'upload :
# manual TOS!
iptables -t mangle -A FORWARD -p tcp --dport 9100:9101 -j CLASSIFY --set-class 1:10 


# prioritise outbound TCP control packets without a payload (ie they're short.)
# This will tend to pull inbound packets faster (especially good on an assymmetric link.)
iptables -t mangle -A POSTROUTING -o eth0.0 -p tcp --syn -m length \
--length 40:68 -j CLASSIFY --set-class 1:20
ptables -t mangle -A POSTROUTING -o eth0.0 -p tcp --tcp-flags ALL SYN,ACK -m length \
--length 40:68 -j CLASSIFY --set-class 1:20
iptables -t mangle -A POSTROUTING -o eth0.0 -p tcp --tcp-flags ALL ACK -m length \
--length 40:100 -j CLASSIFY --set-class 1:20
iptables -t mangle -A POSTROUTING -o eth0.0 -p tcp --tcp-flags ALL RST \
-j CLASSIFY --set-class 1:20
iptables -t mangle -A POSTROUTING -o eth0.0 -p tcp --tcp-flags ALL ACK,RST \
-j CLASSIFY --set-class 1:20
iptables -t mangle -A POSTROUTING -o eth0.0 -p tcp --tcp-flags ALL ACK,FIN \
-j CLASSIFY --set-class 1:20

# prioritise ssh, but not long packets because they are scp or sftp.
iptables -t mangle -A POSTROUTING -o eth0.0 -p tcp --sport 22 -m length \
--length 40:100 -j CLASSIFY --set-class 1:20
iptables -t mangle -A POSTROUTING -o eth0.0 -p tcp --dport 22 -m length \
--length 40:100 -j CLASSIFY --set-class 1:20
iptables -t mangle -A FORWARD -p tcp --sport 5040 -j CLASSIFY --set-class 1:20

# port forwarding setting
(...)

But, this as the same effect when connecting via vnc... I'm surely missing something but I can't see what...

Thanks for help!

(Last edited by nosmile on 1 Dec 2007, 13:12)

Post #2

nbd

1 Dec 2007, 13:16

Try to use the /etc/config/qos that you pasted above, except that you remove the 'option tos Minimize-Delay'

Post #3

frostschutz

1 Dec 2007, 14:30

nosmile wrote:

# Copyright (C) 2006 OpenWrt.org
#!/bin/sh

# root

tc qdisc del dev eth0.1 root
tc qdisc add dev eth0.1 root handle 1: htb default 10
tc class add dev eth0.1 parent 1: classid 1:1 htb rate 240kbit ceil 240kbit

# branche illimitee
tc class add dev eth0.1 parent 1:1 classid 1:10 htb rate 100kbit ceil 100kbit prio 1 # burst 80k
tc class add dev eth0.1 parent 1:1 classid 1:20 htb rate 60kbit ceil 60kbit prio 2
tc qdisc add dev eth0.1 parent 1:10 handle 10: pfifo # as fast as possible
tc qdisc add dev eth0.1 parent 1:20 handle 20: sfq perturb 10 # stochiastik fairness (for ssh and vnc)

# branche principale (pour tout)
tc class add dev eth0.1 parent 1:1 classid 1:30 htb rate 40kbit ceil 40kbit prio 3 burst 2k
tc qdisc add dev eth0.1 parent 1:30 handle 30: sfq perturb 10

I don't know about hsfc, can't find any documentation that makes sense for it either.

However regarding this HTB setup, it has many errors, and thus it's unlikely to yield the expected results. The rates don't add up (root class has 240kbit, children have only 200 all together), bandwidth is not shared (rate = ceil for all classes), prio has no effect (only affects distribution of shared bandwidth), and none of the classes fit your description (you said you have 2 shoutcast streams of 80kbit/s each, where are they supposed to go?).

Post #4

nosmile

2 Dec 2007, 03:24

Well, I have not understand everything about how "tc and co." work. It's my first qos configuration and inspired myself from a series of tutorial.

To nbd : I already tried it without any differences...

To frostschutz : The two shoutcast stream does not work at the same time. They both use the 1:10 class. For the error, I'm not surprised... I'm not english native (as you surely noticed). I did not understand every word (Especially the differences between the rate-ceil and burst) and didn't find any good french documentation.

I started the read the famous Linux Advanced Routing & Traffic Control but, since it's not a short doc, I have not yet entirely read the traffic shapping part...

Post #5

nosmile

4 Dec 2007, 02:09

Hi, I discovered strange things by surfing on this network.

The config of the routeur is the default one regarding qos (disabled) and here is my /etc/firewall.user :

#!/bin/sh
# Copyright (C) 2006 OpenWrt.org

iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule


# The following chains are for traffic directed at the IP of the
# WAN interface

iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan

# forward ssh
iptables --table nat --append prerouting_wan --protocol tcp --dport 5045 --jump DNAT --to 10.0.1.100:22
iptables --append forwarding_wan --protocol tcp --dport 22 --destination 10.0.1.100 --jump ACCEPT
                                   
# accept ssh
iptables --table nat --append prerouting_wan --protocol tcp --dport 22 --jump ACCEPT
iptables --append input_wan --protocol tcp --dport 22 --jump ACCEPT

iptables --table nat --append prerouting_wan --protocol tcp --dport 5040 --jump DNAT --to 10.0.1.100:5040
iptables --append forwarding_wan --protocol tcp --dport 5040 --destination 10.0.1.100 --jump ACCEPT
                                 

iptables --table nat --append prerouting_wan --protocol tcp --dport 5050 --jump DNAT --to 10.0.1.100:5050
iptables --append forwarding_wan --protocol tcp --dport 5050 --destination 10.0.1.100 --jump ACCEPT
                                                               
                                                               
iptables --table nat --append prerouting_wan --protocol tcp --dport 5061 --jump DNAT --to 10.0.1.100:5061
                   
iptables --append forwarding_wan --protocol tcp --dport 5061 --destination 10.0.1.100 --jump ACCEPT
                                                                                   
                                                                              
iptables --table nat --append prerouting_wan --protocol tcp --dport 5060 --jump DNAT --to 10.0.1.100:5060
iptables --append forwarding_wan --protocol tcp --dport 5060 --destination 10.0.1.100 --jump ACCEPT
                                                                             
                                                          
iptables --table nat --append prerouting_wan  --protocol tcp --dport 5055 --jump DNAT --to 10.0.1.100:20-20
iptables --append forwarding_wan --protocol tcp --dport 20 --destination 10.0.1.100 -j ACCEPT
iptables --table nat --append prerouting_wan --protocol tcp --dport 5056 --jump DNAT --to 10.0.1.100:21-21
iptables --append forwarding_wan --protocol tcp --dport 21 --destination 10.0.1.100 -j ACCEPT
                                                                                     
# passif ports                                          
iptables --table nat --append prerouting_wan --protocol tcp --dport 6000:7000 --jump DNAT --to 10.0.1.100:6000-7000
iptables --append forwarding_wan --protocol tcp --dport 6000:7000 --destination 10.0.1.100 -m state --state NEW -j ACCEPT
                                                                               
# traque des connexions                                                                  
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT   
# tag sortant :                                                   
iptables -A FORWARD -i eth0.0 -o eth0.1 -p tcp -m state --state NEW -j ACCEPT          
iptables -A FORWARD -i eth0.0 -o eth0.1 -p udp -m state --state NEW -j ACCEPT
                                                                                   
# changing ip source                                                         
iptables -t nat -P POSTROUTING ACCEPT                                        
#iptables -t nat -F POSTROUTING      
iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE                       
                                                      
# changing ip destination                                                    
iptables -t nat -P PREROUTING ACCEPT                  
#iptables -t nat -F PREROUTING

The problem is that, when I'm downloading a file, my upload's speed (one shoutcast stream at 80 kbit/s) goes down (and almost stop sending...). Is it normal or could it be related to my above QOS problem? (Which I did not resolved yet...)

The discussion might have continued from here.

Page 1 of 1