diff options
author | shemminger <shemminger> | 2006-04-17 21:54:34 +0000 |
---|---|---|
committer | shemminger <shemminger> | 2006-04-17 21:54:34 +0000 |
commit | adeb6bf25e5460d1f70e48f2fb63eaa986c3c669 (patch) | |
tree | 2b71bd914132ff8e891bfb30b4e03104791a905d /doc | |
parent | 29fdf987c537eff826faa7e1331e0c975f2ebf2c (diff) |
ifb needed to be added to repo.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/actions/ifb-README | 155 |
1 files changed, 155 insertions, 0 deletions
diff --git a/doc/actions/ifb-README b/doc/actions/ifb-README new file mode 100644 index 00000000..02581a8c --- /dev/null +++ b/doc/actions/ifb-README @@ -0,0 +1,155 @@ + +Advantage over current IMQ; cleaner in particular in in SMP; +with a _lot_ less code. +Old Dummy device functionality is preserved while new one only +kicks in if you use actions. + +IMQ USES +-------- +As far as i know the reasons listed below is why people use IMQ. +It would be nice to know of anything else that i missed. + +1) qdiscs/policies that are per device as opposed to system wide. +IMQ allows for sharing. + +2) Allows for queueing incoming traffic for shaping instead of +dropping. I am not aware of any study that shows policing is +worse than shaping in achieving the end goal of rate control. +I would be interested if anyone is experimenting. + +3) Very interesting use: if you are serving p2p you may wanna give +preference to your own localy originated traffic (when responses come back) +vs someone using your system to do bittorent. So QoSing based on state +comes in as the solution. What people did to achive this was stick +the IMQ somewhere prelocal hook. +I think this is a pretty neat feature to have in Linux in general. +(i.e not just for IMQ). +But i wont go back to putting netfilter hooks in the device to satisfy +this. I also dont think its worth it hacking ifb some more to be +aware of say L3 info and play ip rule tricks to achieve this. +--> Instead the plan is to have a contrack related action. This action will +selectively either query/create contrack state on incoming packets. +Packets could then be redirected to ifb based on what happens -> eg +on incoming packets; if we find they are of known state we could send to +a different queue than one which didnt have existing state. This +all however is dependent on whatever rules the admin enters. + +At the moment this function does not exist yet. I have decided instead +of sitting on the patch to release it and then if theres pressure i will +add this feature. + +What you can do with ifb currently with actions +-------------------------------------------------- + +Lets say you are policing packets from alias 192.168.200.200/32 +you dont want those to exceed 100kbps going out. + +tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \ +match ip src 192.168.200.200/32 flowid 1:2 \ +action police rate 100kbit burst 90k drop + +If you run tcpdump on eth0 you will see all packets going out +with src 192.168.200.200/32 dropped or not +Extend the rule a little to see only the ones that made it out: + +tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \ +match ip src 192.168.200.200/32 flowid 1:2 \ +action police rate 10kbit burst 90k drop \ +action mirred egress mirror dev ifb0 + +Now fire tcpdump on ifb0 to see only those packets .. +tcpdump -n -i ifb0 -x -e -t + +Essentially a good debugging/logging interface. + +If you replace mirror with redirect, those packets will be +blackholed and will never make it out. This redirect behavior +changes with new patch (but not the mirror). + +What you can do with the patch to provide functionality +that most people use IMQ for below: + +-------- +export TC="/sbin/tc" + +$TC qdisc add dev ifb0 root handle 1: prio +$TC qdisc add dev ifb0 parent 1:1 handle 10: sfq +$TC qdisc add dev ifb0 parent 1:2 handle 20: tbf rate 20kbit buffer 1600 limit 3000 +$TC qdisc add dev ifb0 parent 1:3 handle 30: sfq +$TC filter add dev ifb0 protocol ip pref 1 parent 1: handle 1 fw classid 1:1 +$TC filter add dev ifb0 protocol ip pref 2 parent 1: handle 2 fw classid 1:2 + +ifconfig ifb0 up + +$TC qdisc add dev eth0 ingress + +# redirect all IP packets arriving in eth0 to ifb0 +# use mark 1 --> puts them onto class 1:1 +$TC filter add dev eth0 parent ffff: protocol ip prio 10 u32 \ +match u32 0 0 flowid 1:1 \ +action ipt -j MARK --set-mark 1 \ +action mirred egress redirect dev ifb0 + +-------- + + +Run A Little test: + +from another machine ping so that you have packets going into the box: +----- +[root@jzny action-tests]# ping 10.22 +PING 10.22 (10.0.0.22): 56 data bytes +64 bytes from 10.0.0.22: icmp_seq=0 ttl=64 time=2.8 ms +64 bytes from 10.0.0.22: icmp_seq=1 ttl=64 time=0.6 ms +64 bytes from 10.0.0.22: icmp_seq=2 ttl=64 time=0.6 ms + +--- 10.22 ping statistics --- +3 packets transmitted, 3 packets received, 0% packet loss +round-trip min/avg/max = 0.6/1.3/2.8 ms +[root@jzny action-tests]# +----- +Now look at some stats: + +--- +[root@jmandrake]:~# $TC -s filter show parent ffff: dev eth0 +filter protocol ip pref 10 u32 +filter protocol ip pref 10 u32 fh 800: ht divisor 1 +filter protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 + match 00000000/00000000 at 0 + action order 1: tablename: mangle hook: NF_IP_PRE_ROUTING + target MARK set 0x1 + index 1 ref 1 bind 1 installed 4195sec used 27sec + Sent 252 bytes 3 pkts (dropped 0, overlimits 0) + + action order 2: mirred (Egress Redirect to device ifb0) stolen + index 1 ref 1 bind 1 installed 165 sec used 27 sec + Sent 252 bytes 3 pkts (dropped 0, overlimits 0) + +[root@jmandrake]:~# $TC -s qdisc +qdisc sfq 30: dev ifb0 limit 128p quantum 1514b + Sent 0 bytes 0 pkts (dropped 0, overlimits 0) +qdisc tbf 20: dev ifb0 rate 20Kbit burst 1575b lat 2147.5s + Sent 210 bytes 3 pkts (dropped 0, overlimits 0) +qdisc sfq 10: dev ifb0 limit 128p quantum 1514b + Sent 294 bytes 3 pkts (dropped 0, overlimits 0) +qdisc prio 1: dev ifb0 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 + Sent 504 bytes 6 pkts (dropped 0, overlimits 0) +qdisc ingress ffff: dev eth0 ---------------- + Sent 308 bytes 5 pkts (dropped 0, overlimits 0) + +[root@jmandrake]:~# ifconfig ifb0 +ifb0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 + inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link + UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 + RX packets:6 errors:0 dropped:3 overruns:0 frame:0 + TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:32 + RX bytes:504 (504.0 b) TX bytes:252 (252.0 b) +----- + +Dummy continues to behave like it always did. +You send it any packet not originating from the actions it will drop them. +[In this case the three dropped packets were ipv6 ndisc]. + +cheers, +jamal |