I have tested the example of the link and it works perfectly (I did not mix native commands with VyOS CLI).
As you are not completely following the example, I think you are missing a key part, the last one, when tc filter includes action connmark.
I will give it a try!
Thanks!
I execute theses commands
tc qdisc add dev eth0 ingress handle ffff:
returns
Error: Exclusivity flag on, cannot modify.
tc filter add dev eth0 parent ffff: protocol ip u32 match u32 0 0 action connmark action mirred egress redirect dev ifb0 flowid ffff:1
Traffic doesn’t seems to be marked.
Can you show me your configuration?
I just followed the example.
I also found some little problem when entering the configuration (maybe I failed to completely delete the old one before entering the new configuration). I solved it by using replace instead of add on the tc command.
Did you create an input interface with VyOS CLI ? Did you set the redirect on the eth0 via VyOS CLI ?
It’s working! Thanks a lot!
If I understand well
tc qdisc add dev ifb0 root handle 3: htb default 30
tc class add dev ifb0 parent 3: classid 3:3 htb rate 600mbit
tc class add dev ifb0 parent 3:3 classid 3:30 htb rate 1kbit ceil 600mbit
tc class add dev ifb0 parent 3:3 classid 3:33 htb rate 50mbit ceil 600mbit
the first line tell that the default class is 3:30 ?
the second line set the max bandwidth
the third line set the default class with guaranteed bandwidth at 1kbit and can use to 600mbit if available?
the fourth line set the class 33 with guaranteed bandwidth at 50mbit and can use 600mbit if available?
Am I right?
I did not use VyOS CLI at all. (Once the registered Phabricator task is solved, this configuration will be possible to be entirely done through the VyOS CLI).
You are welcome.
Yes, yes, yes, yes and yes : )
After some tests, there’s a thing that is weird.
I have this configuration
tc qdisc add dev ifb0 root handle 3: htb default 30
tc class add dev ifb0 parent 3: classid 3:3 htb rate 600mbit
tc class add dev ifb0 parent 3:3 classid 3:30 htb rate 1kbit ceil 600mbit
tc class add dev ifb0 parent 3:3 classid 3:33 htb rate 50mbit ceil 600mbit
When I do a speedtest, I only get around 510mbit. It’s the only device connected to the network.
Even with a downlink of 15mbit, I get 13-14 mbit. Not 15mbit. Do I missed a configuration?
Do I need to set a custom MTU? I read online that maybe an higher MTU will help.
@s.lorente did you fully test it? It’s very not accurate as the Upload shaping is…
I’m not able to get full speed at all. On a 940mbit link, I’m only able to get like 300mbit… Even if the full link is available.
Have you any idea why it’s very not accurate?
This is my script
#!/bin/sh -x
DOWNLINK=940
EXTDEV=pppoe0
modprobe ifb
ip link set dev ifb0 down
tc qdisc del dev $EXTDEV root 2> /dev/null > /dev/null
tc qdisc del dev $EXTDEV ingress 2> /dev/null > /dev/null
tc qdisc del dev ifb0 root 2> /dev/null > /dev/null
tc qdisc del dev ifb0 ingress 2> /dev/null > /dev/null
iptables -t mangle -F
iptables -t mangle -X QOS
if [ "$1" = "stop" ]
then
echo "Shaping removed on $EXTDEV."
exit
fi
ip link set dev ifb0 up
tc qdisc add dev ifb0 root handle 1:0 htb default 2
tc class add dev ifb0 parent 1:0 classid 1:1 htb rate ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:2 htb rate 4mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:10 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:11 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:12 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:13 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:14 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:15 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:16 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:17 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:18 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:19 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:20 htb rate 78mbit ceil ${DOWNLINK}mbit
tc class add dev ifb0 parent 1:1 classid 1:21 htb rate 78mbit ceil ${DOWNLINK}mbit
tc filter add dev ifb0 parent 1:0 protocol ip handle 10 fw flowid 1:10
tc filter add dev ifb0 parent 1:0 protocol ip handle 11 fw flowid 1:11
tc filter add dev ifb0 parent 1:0 protocol ip handle 12 fw flowid 1:12
tc filter add dev ifb0 parent 1:0 protocol ip handle 13 fw flowid 1:13
tc filter add dev ifb0 parent 1:0 protocol ip handle 14 fw flowid 1:14
tc filter add dev ifb0 parent 1:0 protocol ip handle 15 fw flowid 1:15
tc filter add dev ifb0 parent 1:0 protocol ip handle 16 fw flowid 1:16
tc filter add dev ifb0 parent 1:0 protocol ip handle 17 fw flowid 1:17
tc filter add dev ifb0 parent 1:0 protocol ip handle 18 fw flowid 1:18
tc filter add dev ifb0 parent 1:0 protocol ip handle 19 fw flowid 1:19
tc filter add dev ifb0 parent 1:0 protocol ip handle 20 fw flowid 1:20
tc filter add dev ifb0 parent 1:0 protocol ip handle 21 fw flowid 1:21
iptables -t mangle -N QOS
iptables -t mangle -A FORWARD -o $EXTDEV -j QOS
iptables -t mangle -A OUTPUT -o $EXTDEV -j QOS
iptables -t mangle -A QOS -j CONNMARK --restore-mark
iptables -t mangle -A QOS -s 192.168.10.0/24 -m mark --mark 0 -j MARK --set-mark 10
iptables -t mangle -A QOS -s 192.168.11.0/24 -m mark --mark 0 -j MARK --set-mark 11
iptables -t mangle -A QOS -s 192.168.12.0/24 -m mark --mark 0 -j MARK --set-mark 12
iptables -t mangle -A QOS -s 192.168.13.0/24 -m mark --mark 0 -j MARK --set-mark 13
iptables -t mangle -A QOS -s 192.168.14.0/24 -m mark --mark 0 -j MARK --set-mark 14
iptables -t mangle -A QOS -s 192.168.15.0/24 -m mark --mark 0 -j MARK --set-mark 15
iptables -t mangle -A QOS -s 192.168.16.0/24 -m mark --mark 0 -j MARK --set-mark 16
iptables -t mangle -A QOS -s 192.168.17.0/24 -m mark --mark 0 -j MARK --set-mark 17
iptables -t mangle -A QOS -s 192.168.18.0/24 -m mark --mark 0 -j MARK --set-mark 18
iptables -t mangle -A QOS -s 192.168.19.0/24 -m mark --mark 0 -j MARK --set-mark 19
iptables -t mangle -A QOS -s 192.168.20.0/24 -m mark --mark 0 -j MARK --set-mark 20
iptables -t mangle -A QOS -s 192.168.21.0/24 -m mark --mark 0 -j MARK --set-mark 21
iptables -t mangle -A QOS -j CONNMARK --save-mark
tc qdisc add dev $EXTDEV ingress handle ffff:
tc filter add dev $EXTDEV parent ffff: protocol ip u32 match u32 0 0 action connmark action mirred egress redirect dev ifb0 flowid ffff:1
exit 0
tc class show dev ifb0
class htb 1:11 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:10 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:13 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:12 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:15 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:14 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:17 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:16 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:19 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:18 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:1 root rate 940Mbit ceil 940Mbit burst 1410b cburst 1410b
class htb 1:2 parent 1:1 prio 0 rate 4Mbit ceil 940Mbit burst 1600b cburst 1410b
class htb 1:20 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
class htb 1:21 parent 1:1 prio 0 rate 78Mbit ceil 940Mbit burst 1589b cburst 1410b
tc filter show dev ifb0
filter parent 1: protocol ip pref 49141 fw chain 0
filter parent 1: protocol ip pref 49141 fw chain 0 handle 0x15 classid 1:21
filter parent 1: protocol ip pref 49142 fw chain 0
filter parent 1: protocol ip pref 49142 fw chain 0 handle 0x14 classid 1:20
filter parent 1: protocol ip pref 49143 fw chain 0
filter parent 1: protocol ip pref 49143 fw chain 0 handle 0x13 classid 1:19
filter parent 1: protocol ip pref 49144 fw chain 0
filter parent 1: protocol ip pref 49144 fw chain 0 handle 0x12 classid 1:18
filter parent 1: protocol ip pref 49145 fw chain 0
filter parent 1: protocol ip pref 49145 fw chain 0 handle 0x11 classid 1:17
filter parent 1: protocol ip pref 49146 fw chain 0
filter parent 1: protocol ip pref 49146 fw chain 0 handle 0x10 classid 1:16
filter parent 1: protocol ip pref 49147 fw chain 0
filter parent 1: protocol ip pref 49147 fw chain 0 handle 0xf classid 1:15
filter parent 1: protocol ip pref 49148 fw chain 0
filter parent 1: protocol ip pref 49148 fw chain 0 handle 0xe classid 1:14
filter parent 1: protocol ip pref 49149 fw chain 0
filter parent 1: protocol ip pref 49149 fw chain 0 handle 0xd classid 1:13
filter parent 1: protocol ip pref 49150 fw chain 0
filter parent 1: protocol ip pref 49150 fw chain 0 handle 0xc classid 1:12
filter parent 1: protocol ip pref 49151 fw chain 0
filter parent 1: protocol ip pref 49151 fw chain 0 handle 0xb classid 1:11
filter parent 1: protocol ip pref 49152 fw chain 0
filter parent 1: protocol ip pref 49152 fw chain 0 handle 0xa classid 1:10
Speedtest result from router
Did you find what the problem was?
I did fully test it last month and everything worked ok. I did it without the script, I entered the commands directly, but that should make no difference.
Yes I finally get it worked. I needed to set fq_codel or sfq on the HTB classes. The default FIFO is not very accurate.
HTB is very CPU intensive and my 4 cores 2.0 ghz is not able to handle the the full gigabit speed. I’m only getting around 500mbps and one of my CPU core is at 100%.
Actually, I’m asking my self if it’s very necessary to set traffic shaping on my fiber gigabit. Some reddit forums says that’s not very useful if the link is never fully loaded. And with fiber link, they said that even if the link is fully loaded, the latency will not jump up a lot because of how the fiber is make.
What do you think about that?
Thank you for the information.
Would it be acceptable for you if classes do not share available bandwidth?
If that is acceptable, a Policer would fix the problem, as it is far less CPU-intensive and can be applied directly without the need of redirecting all traffic to IFB.
If you want to try, you can configure everything through VyOS CLI.
