Traffic Shapping

qos
firewall

#1

Hi All,

I’ve got three INT :

WAN :
LAN : (with sub-int)
MGMT :

I’ve applied traffic policy on each sub-int (vif) (out) to shapre Download Traffic. (it works)
Now i’m trying to shape upload traffic.

I’ve applied another policy on WAN-INT (out) to shape upload traffic from each sub-int (so each VLAN or subnet)
Thanks to confirguation commands :

set traffic-policy shaper IA-SHAPE-WAN bandwidth ‘auto’
set traffic-policy shaper IA-SHAPE-WAN class 2 bandwidth ‘51920’
set traffic-policy shaper IA-SHAPE-WAN class 2 burst ‘128k’
set traffic-policy shaper IA-SHAPE-WAN class 2 ceiling ‘51920’
set traffic-policy shaper IA-SHAPE-WAN class 2 match ‘LAN1’
set traffic-policy shaper IA-SHAPE-WAN class 2 queue-type ‘fair-queue’
set traffic-policy shaper IA-SHAPE-WAN class 3 bandwidth ‘102400’
set traffic-policy shaper IA-SHAPE-WAN class 3 burst ‘128k’
set traffic-policy shaper IA-SHAPE-WAN class 3 ceiling ‘102400’
set traffic-policy shaper IA-SHAPE-WAN class 3 match ‘LAN2’
set traffic-policy shaper IA-SHAPE-WAN class 3 queue-type ‘fair-queue’

I tested with ip source destination, lan int , vif, … but anything works.

Who can help ?

Thanks in advance.


#3

Hello, @Fab!
If you saying, that traffic-policy work for download direction, then the symmetric configuration at WAN interface must work for upload too. Let’s try to find out why it don’t.
Show please output of next commands, it allow us to see active configuration of traffic-policy:

/sbin/tc -g -s class show dev WAN-INT
/sbin/tc -g -s qdisc show dev WAN-INT
/sbin/tc -g -s filter show dev WAN-INT

Where WAN-INT is name of your WAN interface.


#4

Hello zsdc, thanks for your help !

I make CLI without -g it’s not an option valid, so the first command :
image

:/sbin$ ./tc -s class show dev eth4
class htb 1:1 root rate 10000Mbit ceil 10000Mbit burst 0b cburst 0b
 Sent 597266045 bytes 539826 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 12 ctokens: 12

class htb 1:2 parent 1:1 leaf 8056: prio 0 rate 51920Kbit ceil 51920Kbit burst 128Kb cburst 1590b
 Sent 12960 bytes 240 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 240 borrowed: 0 giants: 0
 tokens: 315416 ctokens: 3713

class htb 1:3 parent 1:1 leaf 8057: prio 0 rate 102400Kbit ceil 102400Kbit burst 128Kb cburst 1587b
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 160000 ctokens: 1953

class htb 1:4 parent 1:1 leaf 8055: prio 0 rate 10000Mbit ceil 10000Mbit burst 13750b cburst 0b
 Sent 597253085 bytes 539586 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 182036 borrowed: 0 giants: 0
 tokens: 184 ctokens: 12



///////////


:/sbin$ ./tc -g -s qdisc show dev eth4
Option "-g" is unknown, try "tc -help".
viapass@vr-privateaccess:/sbin$ ./tc -s qdisc show dev eth4
qdisc htb 1: root refcnt 5 r2q 6250 default 4 direct_packets_stat 0 direct_qlen 1000
 Sent 597385765 bytes 540626 pkt (dropped 0, overlimits 50 requeues 0)
 backlog 0b 0p requeues 0
qdisc sfq 8055: parent 1:4 limit 127p quantum 1514b depth 127 divisor 1024
 Sent 597372805 bytes 540386 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc sfq 8056: parent 1:2 limit 127p quantum 1514b depth 127 divisor 1024
 Sent 12960 bytes 240 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc sfq 8057: parent 1:3 limit 127p quantum 1514b depth 127 divisor 1024
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0



/////////



:/sbin$ ./tc -s filter show dev eth4
filter parent 1: protocol all pref 1 u32
filter parent 1: protocol all pref 1 u32 fh 800: ht divisor 1
filter parent 1: protocol all pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:2  (rule hit 183303 success 240)
  match c0a80a00/ffffff00 at 12 (success 240 )
filter parent 1: protocol all pref 2 u32
filter parent 1: protocol all pref 2 u32 fh 801: ht divisor 1
filter parent 1: protocol all pref 2 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:3  (rule hit 183063 success 0)
  match c0a80b00/ffffff00 at 12 (success 0 )

#5

Thank you for output!
So, you have configured:

50 mbps for traffic from 192.168.10.0/24
100 mbps for traffic from 192.168.11.0/24

Is this right?
According to counters, there is no traffic yet that exceed this limits. How you checking this traffic-policy for efficiency?


#6

Yes right zsdc but 10Mb not 100Mb :slight_smile:

According to counters, there is no traffic yet that exceed this limits. How you checking this traffic-policy for efficiency?

A simple speedtest from a client device


#7

Hm… Check your config, please. Cause we clearly see, that there is 100 mpbs limit for 192.168.11.0/24:

class htb 1:3 parent 1:1 leaf 8057: prio 0 rate 102400Kbit ceil 102400Kbit burst 128Kb cburst 1587b

And in first your post limit also set as 100 mbps:

set traffic-policy shaper IA-SHAPE-WAN class 3 bandwidth ‘102400’

Maybe, there is no problem at all, but just typo in config?


#8

ok right, but i don’t have got 50Mb on other LAN !
Maybe restart Router ?


#9

No, it’s not necessary. By commands /sbin/tc ... we see effective configuration of traffic-policy, so restart will not help anything.
What results of tests you’ve got?


#10

New results ::


#11

There is one surmise, that can explain situation.
Do you use SNAT on this router? According to traffic flow diagram, QoS made after all firewall actions:


So, if you use SNAT, when packet enter to traffic-policy, it source address must be already changed to external IP address and policy don’t apply to it.
If this is your situation, try to use other match criteria instead source address.


#12

Yeah i see, so i have to configure IP Nat on source address class.

And now it works !!

Thanks you so much zsdc


#13

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.