Traffic Control

Having an ADSL modem, I experience massive download degradation, if I upload with my full bandwith. This happens, because the TCP/IP ACK packets do not get through fast enough. To prevent this from happen, I installed a modified version of the wondershaper. I also use htb classes instead of the often used cbq.

<Download the tc script>:

#!/bin/bash
#
# http://www.harald-hoyer.de/linux/traffic-control
#
# pcfe, 2008-06-24
#
PATH=/usr/sbin:${PATH}
DEV=${DEV:-$6}

DOWNLINK=8192
UPLINK=1024
PRIODOWN=$[DOWNLINK/40]
MAXUP=$[UPLINK-DOWNLINK/40]
HALFUP=$[MAXUP/2]


TC=/sbin/tc

# clean existing down- and uplink qdiscs, hide errors
${TC} qdisc del dev $DEV root    2> /dev/null > /dev/null

###### uplink
# install root HTB, point default traffic to 1:30:
${TC} qdisc add dev $DEV root handle 1: htb default 30

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
${TC} class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k

# high prio class 1:10:
${TC} class add dev $DEV parent 1:1 classid 1:10 htb rate ${PRIODOWN}kbit burst 6k prio 0 ceil ${UPLINK}kbit


${TC} class add dev $DEV parent 1:1 classid 1:15 htb rate ${MAXUP}kbit burst 6k prio 1 ceil ${MAXUP}kbit

# bulk & default class 1:20 - gets slightly less traffic, 
# and a lower priority:
${TC} class add dev $DEV parent 1:15 classid 1:20 htb rate ${HALFUP}kbit burst 6k prio 2 ceil ${MAXUP}kbit

${TC} class add dev $DEV parent 1:15 classid 1:30 htb rate ${HALFUP}kbit burst 6k prio 3 ceil ${MAXUP}kbit

# all get Stochastic Fairness: 
${TC} qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
${TC} qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
${TC} qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10

${TC} filter add dev $DEV parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
${TC} filter add dev $DEV parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
${TC} filter add dev $DEV parent 1: protocol ip prio 1 handle 3 fw flowid 1:30

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
${TC} filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff  flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we 
# can do measurements & impress our friends:
${TC} filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
${TC} filter add dev $DEV parent 1: protocol ip prio 10 u32 \
  match ip protocol 6 0xff \
  match u8 0x05 0x0f at 0 \
  match u16 0x0000 0xffc0 at 2 \
  match u8 0x10 0xff at 33 \
  flowid 1:10

# rest is 'non-interactive' ie 'bulk' and ends up in 1:30
${TC} filter add dev $DEV parent 1: protocol ip prio 20 u32 match ip dst 0.0.0.0/0 flowid 1:30

This script can be called in /etc/ppp/ip-up.local with

  tc-dsl "$@"

or within a shell

  # DEV=ppp0 tc-dsl 

iptables

Now we can route traffic through the various priority classes with iptables.

• put my CIPE connection to high priority
  1. iptables -t mangle -A POSTROUTING -d 192.168.1.201 -p udp -m udp --dport 7777 -j MARK --set-mark 0x1
• put traffic to a specific host in class 2
  1. iptables -t mangle -A POSTROUTING -p tcp -m tcp -d 192.168.1.200 -j MARK --set-mark 0x2
  2. iptables -t mangle -A POSTROUTING -p udp -m udp -d 192.168.1.200 -j MARK --set-mark 0x2
• put imap ssl and http to class 2
  1. iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 993 -j MARK --set-mark 0x2
  2. iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2

Debugging

nice debugging tools are:

 # watch -n 1  /sbin/tc -s -d class show dev $DEV
 # watch -n 1 -d /sbin/iptables -t mangle -nvL
 # iptraf

To see the difference, just turn off traffic control:

  # /sbin/tc qdisc del dev $DEV root