1

I am trying to slow down incoming packets for a specific program, while a second one will have full access to the unused bandwidth. In other words, I want to control the network bandwidth sharing in order to prioritize one app over another one.

Here is my current configuration, inpired from https://github.com/rfrail3/misc/blob/master/tc/traffic-control.sh :

# Set up a virtual interface
modprobe ifb
ip link set dev ifb0 up

# Set up eth0 in order to redirect incoming packets
tc qdisc add dev eth0 handle ffff: ingress
# Filter to make the packet going on ifb0
tc filter add dev eth0 protocol ip parent ffff: u32 match u32 0 0 action mirred egress redirect dev ifb0

# ifb0 configuration
tc qdisc add dev ifb0 root handle 2: htb

tc class add dev ifb0 parent 2: classid 2:1 htb rate 1000mbit

tc class add dev ifb0 parent 2:1 classid 2:10 htb rate 999mbit ceil 1000mbit
tc class add dev ifb0 parent 2:1 classid 2:11 htb rate 1mbit ceil 1000mbit

Then, I am applying filters on ifb0 to redirect my packet on 2:10 (the high priority class) or 2:11 (low priority class).

The packets are assigned to the classes as expected, but, the network is shared fairly between both applications (50/50, instead of 1/99 as I would expect from the HTB config).

Actually, I don't see why my network is fairly shared and my rates/ceils are not respected. What am I doing wrong here ?

LittleWhite
  • 21
  • 4

1 Answers1

1

You are setting the default traffic to go handle 20, but this one not exists so will never match any rate/ceils.

tc qdisc add dev ifb0 root handle 2: htb default 20

_________________________________________^^^^^^^^^^

try add one rule classid 2:20

i recommend a fast read on this page for more explanation: http://lartc.org/lartc.html#AEN1071

fgbreel
  • 663
  • 4
  • 13
  • I see your point, but my problem is not this since all incoming packets were redirected using filters. Effectively, even if I put "default 10" (let's say, unfiltered packets are not limited) and if I apply a filter to redirect some packets on 1:11, the rate will not be applied and the network will be fairly shared (50/50). Here an exemple of the filter that I am using : tc filter add dev ifb0 protocol ip parent 2: prio 1 u32 match ip dport 5555 0xffff flowid 2:11 – LittleWhite Feb 25 '14 at 08:59
  • Only egress shaping is possible, maybe what you need is a Intermediate Queueing Device (IMQ), see: http://lartc.org/lartc.html#LARTC.IMQ – fgbreel Feb 25 '14 at 12:49
  • By the way, you need to change the ceil defined for each rule, because if your interface are not under full load, then the ceil will permit class 2:11 to use at least 1mbit and up to 1000mbit. Anyway, why are you using so high values? – fgbreel Feb 25 '14 at 12:59
  • To allow ingress shaping, it seems that you can redirect your incoming packets to a virtual interface (ifb) and put them as egress. Then you can limit the bandwidth. Lot of resources are doing like this on internet, but I will look at IMQ. For the ceil values, I am putting these high values, to allow the programs to take all the bandwidth avalaible on my connection (which is 1Gb LAN). The point is to have the 2:11 to take all the remaining bandwidth not used by 2:10 class. So, if the 2:10 uses only 400 Mb, the remaining is given to 2:11. I am not sure to see what is wrong in my thinking. – LittleWhite Feb 26 '14 at 09:32