<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: cipe + traffic shaping -> crash
From: Gert.Vandelaer,AT,medisearch-int,DOT,com
Date: Tue, 2 Jul 2002 10:23:13 +0200

When you say policy routing, do you mean something like

iptables -A FORWARD -i "internal nic" -s "internal network" -o "cipe nic"
-d "other vpn lan" -j ACCEPT
iptables -A FORWARD -i "cipe nic" -s "other vpn lan" -o "internal nic" -d
"internal network" -j ACCEPT

because I've heared a lot of people calling a lot of things routing /
firewalling the last few years ...
if you catch my drift. :-)

I've done traffic shaping with cipe btw ... haven't had much result yet,
but need to do more testing in order to be conclusive.


                    Holger Marzen                                             
                    <holger@marze        To:     cipe-l,AT,inka,DOT,de        
                    n.de>                cc:                                  
                    Sent by:             Subject:     cipe + traffic shaping 
-> crash                              
                    09:43 PM                                                  
                    respond to                                                

cipe 1.5.3 on Linux 2.4.13

I use policy routing to ensure that outgoing traffic (responses) from
cipcb0's ip-address uses cipcb0 as outgoing interface (and not the ppp0
interface that has the default route).

So far so good. It works fine.

But then I wanted to do traffic shaping as it's described in the
advanced routing howto. After I started the following script the machine
freezed immediately and had to be hard-resetted. Is that a known bug?


#-- uplink --
$TC qdisc add dev $DEV root handle 1: cbq \
    avpkt 1000 bandwidth 10mbit
$TC class add dev $DEV parent 1: classid 1:1 cbq \
    rate ${UPLINK}kbit allot 1500 prio 5 bounded isolated

# high prio
$TC class add dev $DEV parent 1:1 classid 1:10 cbq \
    rate ${UPLINK}kbit allot 1600 prio 1 avpkt 1000
# bulk and default
$TC class add dev $DEV parent 1:1 classid 1:20 cbq \
    rate $[9*$UPLINK/10]kbit allot 1600 prio 2 avpkt 1000

# both get stochastic fairness
$TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
$TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
    match ip tos 0x10 0xff flowid 1:10

# icmp
$TC filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
    match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK
# packets in the interactive class:
$TC filter add dev $DEV parent 1: protocol ip prio 12 u32 \
    match ip protocol 6 0xff \
    match u8 0x05 0x0f at 0 \
    match u16 0x0000 0xffc0 at 2 \
    match u8 0x10 0xff at 33 \
    flowid 1:10

# rest is non-interactive bulk and ends up in 1:20
$TC filter add dev $DEV parent 1: protocol ip prio 13 u32 \
    match ip dst flowid 1:20

#-- downlink --
$TC qdisc add dev $DEV handle ffff: ingress
$TC filter add dev $DEV parent ffff: protocol ip prio 50 u32 \
    match ip src police rate ${DOWNLINK}kbit \
    burst 10k drop flowid :1

Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive: <URL:

<< | Thread Index | >> ]    [ << | Date Index | >> ]