diff options
| author | osdl.org!shemminger <osdl.org!shemminger> | 2004-04-15 20:56:59 +0000 |
|---|---|---|
| committer | osdl.org!shemminger <osdl.org!shemminger> | 2004-04-15 20:56:59 +0000 |
| commit | aba5acdfdb347d2c21fc67d613d83d4430ca3937 (patch) | |
| tree | 20a89d844444d062bac7e2a945251068f8e39d18 /examples | |
| parent | 86fdf0e47be697587efcf9602cd1f952a1d73170 (diff) | |
(Logical change 1.3)
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/SYN-DoS.rate.limit | 49 | ||||
| -rw-r--r-- | examples/cbqinit.eth1 | 76 | ||||
| -rw-r--r-- | examples/dhcp-client-script | 446 | ||||
| -rw-r--r-- | examples/diffserv/Edge1 | 68 | ||||
| -rw-r--r-- | examples/diffserv/Edge2 | 87 | ||||
| -rw-r--r-- | examples/diffserv/Edge31-ca-u32 | 170 | ||||
| -rw-r--r-- | examples/diffserv/Edge31-cb-chains | 132 | ||||
| -rw-r--r-- | examples/diffserv/Edge32-ca-u32 | 198 | ||||
| -rw-r--r-- | examples/diffserv/Edge32-cb-chains | 144 | ||||
| -rw-r--r-- | examples/diffserv/Edge32-cb-u32 | 145 | ||||
| -rw-r--r-- | examples/diffserv/README | 98 | ||||
| -rw-r--r-- | examples/diffserv/afcbq | 105 | ||||
| -rw-r--r-- | examples/diffserv/ef-prio | 25 | ||||
| -rw-r--r-- | examples/diffserv/efcbq | 31 | ||||
| -rw-r--r-- | examples/diffserv/regression-testing | 125 |
15 files changed, 1899 insertions, 0 deletions
diff --git a/examples/SYN-DoS.rate.limit b/examples/SYN-DoS.rate.limit index e69de29b..8766b679 100644 --- a/examples/SYN-DoS.rate.limit +++ b/examples/SYN-DoS.rate.limit @@ -0,0 +1,49 @@ +#! /bin/sh -x +# +# sample script on using the ingress capabilities +# this script shows how one can rate limit incoming SYNs +# Useful for TCP-SYN attack protection. You can use +# IPchains to have more powerful additions to the SYN (eg +# in addition the subnet) +# +#path to various utilities; +#change to reflect yours. +# +IPROUTE=/root/DS-6-beta/iproute2-990530-dsing +TC=$IPROUTE/tc/tc +IP=$IPROUTE/ip/ip +IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains +INDEV=eth2 +# +# tag all incoming SYN packets through $INDEV as mark value 1 +############################################################ +$IPCHAINS -A input -i $INDEV -y -m 1 +############################################################ +# +# install the ingress qdisc on the ingress interface +############################################################ +$TC qdisc add dev $INDEV handle ffff: ingress +############################################################ + +# +# +# SYN packets are 40 bytes (320 bits) so three SYNs equals +# 960 bits (approximately 1kbit); so we rate limit below +# the incoming SYNs to 3/sec (not very sueful really; but +#serves to show the point - JHS +############################################################ +$TC filter add dev $INDEV parent ffff: protocol ip prio 50 handle 1 fw \ +police rate 1kbit burst 40 mtu 9k drop flowid :1 +############################################################ + + +# +echo "---- qdisc parameters Ingress ----------" +$TC qdisc ls dev $INDEV +echo "---- Class parameters Ingress ----------" +$TC class ls dev $INDEV +echo "---- filter parameters Ingress ----------" +$TC filter ls dev $INDEV parent ffff: + +#deleting the ingress qdisc +#$TC qdisc del $INDEV ingress diff --git a/examples/cbqinit.eth1 b/examples/cbqinit.eth1 index e69de29b..226ec1c5 100644 --- a/examples/cbqinit.eth1 +++ b/examples/cbqinit.eth1 @@ -0,0 +1,76 @@ +#! /bin/sh + +TC=/home/root/tc +IP=/home/root/ip +DEVICE=eth1 +BANDWIDTH="bandwidth 10Mbit" + +# Attach CBQ on $DEVICE. It will have handle 1:. +# $BANDWIDTH is real $DEVICE bandwidth (10Mbit). +# avpkt is average packet size. +# mpu is minimal packet size. + +$TC qdisc add dev $DEVICE root handle 1: cbq \ +$BANDWIDTH avpkt 1000 mpu 64 + +# Create root class with classid 1:1. This step is not necessary. +# bandwidth is the same as on CBQ itself. +# rate == all the bandwidth +# allot is MTU + MAC header +# maxburst measure allowed class burstiness (please,read S.Floyd and VJ papers) +# est 1sec 8sec means, that kernel will evaluate average rate +# on this class with period 1sec and time constant 8sec. +# This rate is viewed with "tc -s class ls dev $DEVICE" + +$TC class add dev $DEVICE parent 1:0 classid :1 est 1sec 8sec cbq \ +$BANDWIDTH rate 10Mbit allot 1514 maxburst 50 avpkt 1000 + +# Bulk. +# New parameters are: +# weight, which is set to be proportional to +# "rate". It is not necessary, weight=1 will work as well. +# defmap and split say that best effort ttraffic, not classfied +# by another means will fall to this class. + +$TC class add dev $DEVICE parent 1:1 classid :2 est 1sec 8sec cbq \ +$BANDWIDTH rate 4Mbit allot 1514 weight 500Kbit \ +prio 6 maxburst 50 avpkt 1000 split 1:0 defmap ff3d + +# OPTIONAL. +# Attach "sfq" qdisc to this class, quantum is MTU, perturb +# gives period of hash function perturbation in seconds. +# +$TC qdisc add dev $DEVICE parent 1:2 sfq quantum 1514b perturb 15 + +# Interactive-burst class + +$TC class add dev $DEVICE parent 1:1 classid :3 est 2sec 16sec cbq \ +$BANDWIDTH rate 1Mbit allot 1514 weight 100Kbit \ +prio 2 maxburst 100 avpkt 1000 split 1:0 defmap c0 + +$TC qdisc add dev $DEVICE parent 1:3 sfq quantum 1514b perturb 15 + +# Background. + +$TC class add dev $DEVICE parent 1:1 classid :4 est 1sec 8sec cbq \ + $BANDWIDTH rate 100Kbit allot 1514 weight 10Mbit \ + prio 7 maxburst 10 avpkt 1000 split 1:0 defmap 2 + +$TC qdisc add dev $DEVICE parent 1:4 sfq quantum 1514b perturb 15 + +# Realtime class for RSVP + +$TC class add dev $DEVICE parent 1:1 classid 1:7FFE cbq \ +rate 5Mbit $BANDWIDTH allot 1514b avpkt 1000 \ +maxburst 20 + +# Reclassified realtime traffic +# +# New element: split is not 1:0, but 1:7FFE. It means, +# that only real-time packets, which violated policing filters +# or exceeded reshaping buffers will fall to it. + +$TC class add dev $DEVICE parent 1:7FFE classid 1:7FFF est 4sec 32sec cbq \ +rate 1Mbit $BANDWIDTH allot 1514b avpkt 1000 weight 10Kbit \ +prio 6 maxburst 10 split 1:7FFE defmap ffff + diff --git a/examples/dhcp-client-script b/examples/dhcp-client-script index e69de29b..7207b57d 100644 --- a/examples/dhcp-client-script +++ b/examples/dhcp-client-script @@ -0,0 +1,446 @@ +#!/bin/bash +# +# dhclient-script for Linux. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version +# 2 of the License, or (at your option) any later version. +# +# Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> +# +# Probably, I did not understand, what this funny feature as "alias" +# means exactly. For now I suppose, that it is a static address, which +# we should install and preserve. +# + +exec >> /tmp/DHS.log 2>&1 + +echo dhc-script $* reason=$reason +set | grep "^\(old_\|new_\|check_\)" + +LOG () { + echo LOG $* ; +} + +# convert 8bit mask to length +# arg: $1 = mask +# +Mask8ToLen() { + local l=0; + + while [ $l -le 7 ]; do + if [ $[ ( 1 << $l ) + $1 ] -eq 256 ]; then + return $[ 8 - $l ] + fi + l=$[ $l + 1 ] + done + return 0; +} + +# convert inet dotted quad mask to length +# arg: $1 = dotquad mask +# +MaskToLen() { + local masklen=0 + local mask8=$1 + + case $1 in + 0.0.0.0) + return 0; + ;; + 255.*.0.0) + masklen=8 + mask8=${mask8#255.} + mask8=${mask8%.0.0} + ;; + 255.255.*.0) + masklen=16 + mask8=${mask8#255.255.} + mask8=${mask8%.0} + ;; + 255.255.255.*) + masklen=24 + mask8=${mask8#255.255.255.} + ;; + *) + return 255 + ;; + esac + Mask8ToLen $mask8 + return $[ $? + $masklen ] +} + +# calculate ABC "natural" mask +# arg: $1 = dotquad address +# +ABCMask () { + local class; + + class=${1%%.*} + + if [ "$1" = "255.255.255.255" ]; then + echo $1 + elif [ "$1" = "0.0.0.0" ]; then + echo $1 + elif [ $class -ge 224 ]; then + echo 240.0.0.0 + elif [ $class -ge 192 ]; then + echo 255.255.255.0 + elif [ $class -ge 128 ]; then + echo 255.255.0.0 + else + echo 255.0.0.0 + fi +} + +# calculate ABC "natural" mask length +# arg: $1 = dotquad address +# +ABCMaskLen () { + local class; + + class=${1%%.*} + + if [ "$1" = "255.255.255.255" ]; then + return 32 + elif [ "$1" = "0.0.0.0" ]; then + return 0 + elif [ $class -ge 224 ]; then + return 4; + elif [ $class -ge 192 ]; then + return 24; + elif [ $class -ge 128 ]; then + return 16; + else + return 8; + fi +} + +# Delete IP address +# args: $1 = interface +# $2 = address +# $3 = mask +# $4 = broadcast +# $5 = label +# +DelINETAddr () { + local masklen=32 + local addrid=$1 + + LOG DelINETAddr $* + + if [ "$5" ]; then + addrid=$addrid:$5 + fi + LOG ifconfig $addrid down + ifconfig $addrid down +} + +# Add IP address +# args: $1 = interface +# $2 = address +# $3 = mask +# $4 = broadcast +# $5 = label +# +AddINETAddr () { + local mask_arg + local brd_arg + local addrid=$1 + + LOG AddINETAddr $* + + if [ "$5" ]; then + addrid=$addrid:$5 + fi + if [ "$3" ]; then + mask_arg="netmask $3" + fi + if [ "$4" ]; then + brd_arg="broadcast $4" + fi + + LOG ifconfig $addrid $2 $mask_arg $brd_arg up + ifconfig $addrid $2 $mask_arg $brd_arg up +} + +# Add default routes +# args: $1 = routers list +# +AddDefaultRoutes() { + local router + + if [ "$1" ]; then + LOG AddDefaultRoutes $* + for router in $1; do + LOG route add default gw $router + route add default gw $router + done ; + fi +} + +# Delete default routes +# args: $1 = routers list +# +DelDefaultRoutes() { + local router + + if [ "$1" ]; then + LOG DelDefaultRoutes $* + + for router in $1; do + LOG route del default gw $router + route del default gw $router + done + fi +} + +# ping a host +# args: $1 = dotquad address of the host +# +PingNode() { + LOG PingNode $* + if ping -q -c 1 -w 2 $1 ; then + return 0; + fi + return 1; +} + +# Check (and add route, if alive) default routers +# args: $1 = routers list +# returns: 0 if at least one router is alive. +# +CheckRouterList() { + local router + local succeed=1 + + LOG CheckRouterList $* + + for router in $1; do + if PingNode $router ; then + succeed=0 + route add default gw $router + fi + done + return $succeed +} + +# Delete/create static routes. +# args: $1 = operation (del/add) +# $2 = routes list in format "dst1 nexthop1 dst2 ..." +# +# BEWARE: this feature of DHCP is obsolete, because does not +# support subnetting. +# +X-StaticRouteList() { + local op=$1 + local lst="$2" + local masklen + + LOG X-StaticRouteList $* + + if [ "$lst" ]; then + set $lst + while [ $# -gt 1 ]; do + route $op -net $1 netmask `ABCMask "$1"` gw $2 + shift; shift; + done + fi +} + +# Create static routes. +# arg: $1 = routes list in format "dst1 nexthop1 dst2 ..." +# +AddStaticRouteList() { + LOG AddStaticRouteList $* + X-StaticRouteList add "$1" +} + +# Delete static routes. +# arg: $1 = routes list in format "dst1 nexthop1 dst2 ..." +# +DelStaticRouteList() { + LOG DelStaticRouteList $* + X-StaticRouteList del "$1" +} + +# Broadcast unsolicited ARP to update neighbours' caches. +# args: $1 = interface +# $2 = address +# +UnsolicitedARP() { + if [ -f /sbin/arping ]; then + /sbin/arping -A -c 1 -I "$1" "$2" & + (sleep 2 ; /sbin/arping -U -c 1 -I "$1" "$2" ) & + fi +} + +# Duplicate address detection. +# args: $1 = interface +# $2 = test address +# returns: 0, if DAD succeeded. +DAD() { + if [ -f /sbin/arping ]; then + /sbin/arping -c 2 -w 3 -D -I "$1" "$2" + return $? + fi + return 0 +} + + +# Setup resolver. +# args: NO +# domain and nameserver list are passed in global variables. +# +# NOTE: we try to be careful and not to break user supplied resolv.conf. +# The script mangles it, only if it has dhcp magic signature. +# +UpdateDNS() { + local nameserver + local idstring="#### Generated by DHCPCD" + + LOG UpdateDNS $* + + if [ "$new_domain_name" = "" -a "$new_domain_name_servers" = "" ]; then + return 0; + fi + + echo $idstring > /etc/resolv.conf.dhcp + if [ "$new_domain_name" ]; then + echo search $new_domain_name >> /etc/resolv.conf.dhcp + fi + echo options ndots:1 >> /etc/resolv.conf.dhcp + + if [ "$new_domain_name_servers" ]; then + for nameserver in $new_domain_name_servers; do + echo nameserver $nameserver >> /etc/resolv.conf.dhcp + done + else + echo nameserver 127.0.0.1 >> /etc/resolv.conf.dhcp + fi + + if [ -f /etc/resolv.conf ]; then + if [ "`head -1 /etc/resolv.conf`" != "$idstring" ]; then + return 0 + fi + if [ "$old_domain_name" = "$new_domain_name" -a + "$new_domain_name_servers" = "$old_domain_name_servers" ]; then + return 0 + fi + fi + mv /etc/resolv.conf.dhcp /etc/resolv.conf +} + +case $reason in +NBI) + exit 1 + ;; + +MEDIUM) + exit 0 + ;; + +PREINIT) + ifconfig $interface:dhcp down + ifconfig $interface:dhcp1 down + if [ -d /proc/sys/net/ipv4/conf/$interface ]; then + ifconfig $interface:dhcp 10.10.10.10 netmask 255.255.255.255 + ifconfig $interface:dhcp down + if [ -d /proc/sys/net/ipv4/conf/$interface ]; then + LOG The interface $interface already configured. + fi + fi + ifconfig $interface:dhcp up + exit 0 + ;; + +ARPSEND) + exit 0 + ;; + +ARPCHECK) + if DAD "$interface" "$check_ip_address" ; then + exit 0 + fi + exit 1 + ;; + +BOUND|RENEW|REBIND|REBOOT) + if [ "$old_ip_address" -a "$alias_ip_address" -a \ + "$alias_ip_address" != "$old_ip_address" ]; then + DelINETAddr "$interface" "$alias_ip_address" "$alias_subnet_mask" "$alias_broadcast_address" dhcp1 + fi + if [ "$old_ip_address" -a "$old_ip_address" != "$new_ip_address" ]; then + DelINETAddr "$interface" "$old_ip_address" "$old_subnet_mask" "$old_broadcast_address" dhcp + DelDefaultRoutes "$old_routers" + DelStaticRouteList "$old_static_routes" + fi + if [ "$old_ip_address" = "" -o "$old_ip_address" != "$new_ip_address" -o \ + "$reason" = "BOUND" -o "$reason" = "REBOOT" ]; then + AddINETAddr "$interface" "$new_ip_address" "$new_subnet_mask" "$new_broadcast_address" dhcp + AddStaticRouteList "$new_static_routes" + AddDefaultRoutes "$new_routers" + UnsolicitedARP "$interface" "$new_ip_address" + fi + if [ "$new_ip_address" != "$alias_ip_address" -a "$alias_ip_address" ]; then + AddINETAddr "$interface" "$alias_ip_address" "$alias_subnet_mask" "$alias_broadcast_address" dhcp1 + fi + UpdateDNS + exit 0 + ;; + +EXPIRE|FAIL) + if [ "$alias_ip_address" ]; then + DelINETAddr "$interface" "$alias_ip_address" "$alias_subnet_mask" "$alias_broadcast_address" dhcp1 + fi + if [ "$old_ip_address" ]; then + DelINETAddr "$interface" "$old_ip_address" "$old_subnet_mask" "$old_broadcast_address" dhcp + DelDefaultRoutes "$old_routers" + DelStaticRouteList "$old_static_routes" + fi + if [ "$alias_ip_address" ]; then + AddINETAddr "$interface" "$alias_ip_address" "$alias_subnet_mask" "$alias_broadcast_address" dhcp1 + fi + exit 0 + ;; + +TIMEOUT) + if [ "$alias_ip_address" ]; then + DelINETAddr "$interface" "$alias_ip_address" "$alias_subnet_mask" "$alias_broadcast_address" dhcp1 + fi +# Seems, <null address> means, that no more old leases found. +# Or does it mean bug in dhcpcd? 8) Fail for now. + if [ "$new_ip_address" = "<null address>" ]; then + if [ "$old_ip_address" ]; then + DelINETAddr "$interface" "$old_ip_address" "$old_subnet_mask" "$old_broadcast_address" dhcp + fi + if [ "$alias_ip_address" ]; then + AddINETAddr "$interface" "$alias_ip_address" "$alias_subnet_mask" "$alias_broadcast_address" dhcp1 + fi + exit 1 + fi + if DAD "$interface" "$new_ip_address" ; then + AddINETAddr "$interface" "$new_ip_address" "$new_subnet_mask" "$new_broadcast_address" dhcp + UnsolicitedARP "$interface" "$new_ip_address" + if [ "$alias_ip_address" -a "$alias_ip_address" != "$new_ip_address" ]; then + AddINETAddr "$interface" "$alias_ip_address" "$alias_subnet_mask" "$alias_broadcast_address" dhcp1 + UnsolicitedARP "$interface" "$alias_ip_address" + fi + if CheckRouterList "$new_routers" ; then + AddStaticRouteList "$new_static_routes" + UpdateDNS + exit 0 + fi + fi + DelINETAddr "$interface" "$new_ip_address" "$new_subnet_mask" "$new_broadcast_address" dhcp + DelDefaultRoutes "$old_routers" + DelStaticRouteList "$old_static_routes" + if [ "$alias_ip_address" ]; then + AddINETAddr "$interface" "$alias_ip_address" "$alias_subnet_mask" "$alias_broadcast_address" dhcp1 + fi + exit 1 + ;; +esac + +exit 0 diff --git a/examples/diffserv/Edge1 b/examples/diffserv/Edge1 index e69de29b..4ddffdd1 100644 --- a/examples/diffserv/Edge1 +++ b/examples/diffserv/Edge1 @@ -0,0 +1,68 @@ +#! /bin/sh -x +# +# sample script on using the ingress capabilities +# This script just tags on the ingress interfac using Ipchains +# the result is used for fast classification and re-marking +# on the egress interface +# +#path to various utilities; +#change to reflect yours. +# +IPROUTE=/root/DS-6-beta/iproute2-990530-dsing +TC=$IPROUTE/tc/tc +IP=$IPROUTE/ip/ip +IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains +INDEV=eth2 +EGDEV="dev eth1" +# +# tag all incoming packets from host 10.2.0.24 to value 1 +# tag all incoming packets from host 10.2.0.3 to value 2 +# tag the rest of incoming packets from subnet 10.2.0.0/24 to value 3 +#These values are used in the egress +# +############################################################ +$IPCHAINS -A input -s 10.2.0.4/24 -m 3 +$IPCHAINS -A input -i $INDEV -s 10.2.0.24 -m 1 +$IPCHAINS -A input -i $INDEV -s 10.2.0.3 -m 2 + +######################## Egress side ######################## + + +# attach a dsmarker +# +$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 set_tc_index +# +# values of the DSCP to change depending on the class +# +#becomes EF +$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ + value 0xb8 +#becomes AF11 +$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ + value 0x28 +#becomes AF21 +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x48 +# +# +# The class mapping +# +$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 1 fw classid 1:1 +$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 2 fw classid 1:2 +$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 3 fw classid 1:3 +# + +# +echo "---- qdisc parameters Ingress ----------" +$TC qdisc ls dev $INDEV +echo "---- Class parameters Ingress ----------" +$TC class ls dev $INDEV +echo "---- filter parameters Ingress ----------" +$TC filter ls dev $INDEV parent 1:0 + +echo "---- qdisc parameters Egress ----------" +$TC qdisc ls $EGDEV +echo "---- Class parameters Egress ----------" +$TC class ls $EGDEV +echo "---- filter parameters Egress ----------" +$TC filter ls $EGDEV parent 1:0 diff --git a/examples/diffserv/Edge2 b/examples/diffserv/Edge2 index e69de29b..2f78da24 100644 --- a/examples/diffserv/Edge2 +++ b/examples/diffserv/Edge2 @@ -0,0 +1,87 @@ +#! /bin/sh -x +# +# sample script on using the ingress capabilities +# This script tags the fwmark on the ingress interface using IPchains +# the result is used first for policing on the Ingress interface then +# for fast classification and re-marking +# on the egress interface +# +#path to various utilities; +#change to reflect yours. +# +IPROUTE=/root/DS-6-beta/iproute2-990530-dsing +TC=$IPROUTE/tc/tc +IP=$IPROUTE/ip/ip +IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains +INDEV=eth2 +EGDEV="dev eth1" +# +# tag all incoming packets from host 10.2.0.24 to value 1 +# tag all incoming packets from host 10.2.0.3 to value 2 +# tag the rest of incoming packets from subnet 10.2.0.0/24 to value 3 +#These values are used in the egress +############################################################ +$IPCHAINS -A input -s 10.2.0.0/24 -m 3 +$IPCHAINS -A input -i $INDEV -s 10.2.0.24 -m 1 +$IPCHAINS -A input -i $INDEV -s 10.2.0.3 -m 2 +############################################################ +# +# install the ingress qdisc on the ingress interface +############################################################ +$TC qdisc add dev $INDEV handle ffff: ingress +############################################################ + +# +# attach a fw classifier to the ingress which polices anything marked +# by ipchains to tag value 3 (The rest of the subnet packets -- not +# tag 1 or 2) to not go beyond 1.5Mbps +# Allow up to at least 60 packets to burst (assuming maximum packet +# size of # 1.5 KB) in the long run and upto about 6 packets in the +# shot run + +############################################################ +$TC filter add dev $INDEV parent ffff: protocol ip prio 50 handle 3 fw \ +police rate 1500kbit burst 90k mtu 9k drop flowid :1 +############################################################ + +######################## Egress side ######################## + + +# attach a dsmarker +# +$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 +# +# values of the DSCP to change depending on the class +# +$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ + value 0xb8 +$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ + value 0x28 +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x48 +# +# +# The class mapping +# +$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 1 fw classid 1:1 +$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 2 fw classid 1:2 +$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 3 fw classid 1:3 +# + +# +echo "---- qdisc parameters Ingress ----------" +$TC qdisc ls dev $INDEV +echo "---- Class parameters Ingress ----------" +$TC class ls dev $INDEV +echo "---- filter parameters Ingress ----------" +$TC filter ls dev $INDEV parent ffff: + +echo "---- qdisc parameters Egress ----------" +$TC qdisc ls $EGDEV +echo "---- Class parameters Egress ----------" +$TC class ls $EGDEV +echo "---- filter parameters Egress ----------" +$TC filter ls $EGDEV parent 1:0 +# +#deleting the ingress qdisc +#$TC qdisc del $DEV ingress diff --git a/examples/diffserv/Edge31-ca-u32 b/examples/diffserv/Edge31-ca-u32 index e69de29b..25e6c0b1 100644 --- a/examples/diffserv/Edge31-ca-u32 +++ b/examples/diffserv/Edge31-ca-u32 @@ -0,0 +1,170 @@ +#! /bin/sh -x +# +# sample script on using the ingress capabilities using u32 classifier +# This script tags tcindex based on metering on the ingress +# interface the result is used for fast classification and re-marking +# on the egress interface +# This is an example of a color aware mode marker with PIR configured +# based on draft-wahjak-mcm-00.txt (section 3.1) +# +# The colors are defined using the Diffserv Fields +#path to various utilities; +#change to reflect yours. +# +IPROUTE=/usr/src/iproute2-current +TC=$IPROUTE/tc/tc +IP=$IPROUTE/ip/ip +INDEV=eth0 +EGDEV="dev eth1" +CIR1=1500kbit +CIR2=1000kbit + +#The CBS is about 60 MTU sized packets +CBS1=90k +CBS2=90k + +############################################################ +# +# install the ingress qdisc on the ingress interface +$TC qdisc add dev $INDEV handle ffff: ingress +############################################################ +# +# Create u32 filters +$TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1: u32 \ +divisor 1 +############################################################ + +# The meters: Note that we have shared meters in this case as identified +# by the index parameter +meter1=" police index 1 rate $CIR1 burst $CBS1 " +meter2=" police index 2 rate $CIR2 burst $CBS1 " +meter3=" police index 3 rate $CIR2 burst $CBS2 " +meter4=" police index 4 rate $CIR1 burst $CBS2 " +meter5=" police index 5 rate $CIR1 burst $CBS2 " + +# All packets are marked with a tcindex value which is used on the egress +# tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE + +# *********************** AF41 *************************** +#AF41 (DSCP 0x22) is passed on with a tcindex value 1 +#if it doesnt exceed its CIR/CBS +#policer 1 is used. +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 4 u32 \ +match ip tos 0x88 0xfc \ +$meter1 \ +continue flowid :1 +# +# if it exceeds the above but not the extra rate/burst below, it gets a +# tcindex value of 2 +# policer 2 is used +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 5 u32 \ +match ip tos 0x88 0xfc \ +$meter2 \ +continue flowid :2 +# +# if it exceeds the above but not the rule below, it gets a tcindex value +# of 3 (policer 3) +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 6 u32 \ +match ip tos 0x88 0xfc \ +$meter3 \ +drop flowid :3 +# + +# *********************** AF42 *************************** +#AF42 (DSCP 0x24) from is passed on with a tcindex value 2 +#if it doesnt exceed its CIR/CBS +#policer 2 is used. Note that this is shared with the AF41 +# +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 5 u32 \ +match ip tos 0x90 0xfc \ +$meter2 \ +continue flowid :2 +# +# if it exceeds the above but not the rule below, it gets a tcindex value +# of 3 (policer 3) +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 6 u32 \ +match ip tos 0x90 0xfc \ +$meter3 \ +drop flowid :3 +# +# *********************** AF43 *************************** +# +#AF43 (DSCP 0x26) from is passed on with a tcindex value 3 +#if it doesnt exceed its CIR/CBS +#policer 3 is used. Note that this is shared with the AF41 and AF42 +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 6 u32 \ +match ip tos 0x98 0xfc \ +$meter3 \ +drop flowid :3 +# +# *********************** BE *************************** +# +# Anything else (not from the AF4*) gets discarded if it +# exceeds 1Mbps and by default goes to BE if it doesnt +# Note that the BE class is also used by the AF4* in the worst +# case +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 7 u32 \ +match ip src 0/0\ +$meter4 \ +drop flowid :4 + +######################## Egress side ######################## + +# attach a dsmarker +# +$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 +# +# values of the DSCP to change depending on the class +#note that the ECN bits are masked out +# +#AF41 (0x88 is 0x22 shifted to the right by two bits) +# +$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ + value 0x88 +#AF42 +$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ + value 0x90 +#AF43 +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x98 +#BE +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x0 +# +# +# The class mapping +# +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 1 tcindex classid 1:1 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 2 tcindex classid 1:2 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 3 tcindex classid 1:3 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 4 tcindex classid 1:4 +# + +# +echo "---- qdisc parameters Ingress ----------" +$TC qdisc ls dev $INDEV +echo "---- Class parameters Ingress ----------" +$TC class ls dev $INDEV +echo "---- filter parameters Ingress ----------" +$TC filter ls dev $INDEV parent ffff: + +echo "---- qdisc parameters Egress ----------" +$TC qdisc ls $EGDEV +echo "---- Class parameters Egress ----------" +$TC class ls $EGDEV +echo "---- filter parameters Egress ----------" +$TC filter ls $EGDEV parent 1:0 +# +#deleting the ingress qdisc +#$TC qdisc del $INDEV ingress diff --git a/examples/diffserv/Edge31-cb-chains b/examples/diffserv/Edge31-cb-chains index e69de29b..d7faae98 100644 --- a/examples/diffserv/Edge31-cb-chains +++ b/examples/diffserv/Edge31-cb-chains @@ -0,0 +1,132 @@ +#! /bin/sh -x +# +# sample script on using the ingress capabilities +# This script fwmark tags(IPchains) based on metering on the ingress +# interface the result is used for fast classification and re-marking +# on the egress interface +# This is an example of a color blind mode marker with no PIR configured +# based on draft-wahjak-mcm-00.txt (section 3.1) +# +#path to various utilities; +#change to reflect yours. +# +IPROUTE=/root/DS-6-beta/iproute2-990530-dsing +TC=$IPROUTE/tc/tc +IP=$IPROUTE/ip/ip +IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains +INDEV=eth2 +EGDEV="dev eth1" +CIR1=1500kbit +CIR2=1000kbit + +#The CBS is about 60 MTU sized packets +CBS1=90k +CBS2=90k + +meter1="police rate $CIR1 burst $CBS1 " +meter2="police rate $CIR1 burst $CBS2 " +meter3="police rate $CIR2 burst $CBS1 " +meter4="police rate $CIR2 burst $CBS2 " +meter5="police rate $CIR2 burst $CBS2 " +# +# tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1 +# tag all incoming packets from any other subnet to fw tag 2 +############################################################ +$IPCHAINS -A input -i $INDEV -s 0/0 -m 2 +$IPCHAINS -A input -i $INDEV -s 10.2.0.0/24 -m 1 +# +############################################################ +# install the ingress qdisc on the ingress interface +$TC qdisc add dev $INDEV handle ffff: ingress +# +############################################################ + +# All packets are marked with a tcindex value which is used on the egress +# tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE +# +############################################################ +# +# anything with fw tag of 1 is passed on with a tcindex value 1 +#if it doesnt exceed its allocated rate (CIR/CBS) +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1 fw \ +$meter1 \ +continue flowid 4:1 +# +# if it exceeds the above but not the extra rate/burst below, it gets a +#tcindex value of 2 +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 5 handle 1 fw \ +$meter2 \ +continue flowid 4:2 +# +# if it exceeds the above but not the rule below, it gets a tcindex value +# of 3 +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 1 fw \ +$meter3 \ +drop flowid 4:3 +# +# Anything else (not from the subnet 10.2.0.24/24) gets discarded if it +# exceeds 1Mbps and by default goes to BE if it doesnt +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 2 fw \ +$meter5 \ +drop flowid 4:4 + + +######################## Egress side ######################## + + +# attach a dsmarker +# +$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 +# +# values of the DSCP to change depending on the class +#note that the ECN bits are masked out +# +#AF41 (0x88 is 0x22 shifted to the right by two bits) +# +$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ + value 0x88 +#AF42 +$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ + value 0x90 +#AF43 +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x98 +#BE +$TC class change $EGDEV classid 1:4 dsmark mask 0x3 \ + value 0x0 +# +# +# The class mapping (using tcindex; could easily have +# replaced it with the fw classifier instead) +# +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 1 tcindex classid 1:1 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 2 tcindex classid 1:2 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 3 tcindex classid 1:3 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 4 tcindex classid 1:4 +# + +# +echo "---- qdisc parameters Ingress ----------" +$TC qdisc ls dev $INDEV +echo "---- Class parameters Ingress ----------" +$TC class ls dev $INDEV +echo "---- filter parameters Ingress ----------" +$TC filter ls dev $INDEV parent ffff: + +echo "---- qdisc parameters Egress ----------" +$TC qdisc ls $EGDEV +echo "---- Class parameters Egress ----------" +$TC class ls $EGDEV +echo "---- filter parameters Egress ----------" +$TC filter ls $EGDEV parent 1:0 +# +#deleting the ingress qdisc +#$TC qdisc del $INDEV ingress diff --git a/examples/diffserv/Edge32-ca-u32 b/examples/diffserv/Edge32-ca-u32 index e69de29b..edf21e43 100644 --- a/examples/diffserv/Edge32-ca-u32 +++ b/examples/diffserv/Edge32-ca-u32 @@ -0,0 +1,198 @@ +#! /bin/sh -x +# +# sample script on using the ingress capabilities using u32 classifier +# This script tags tcindex based on metering on the ingress +# interface the result is used for fast classification and re-marking +# on the egress interface +# This is an example of a color aware mode marker with PIR configured +# based on draft-wahjak-mcm-00.txt (section 3.2) +# +# The colors are defined using the Diffserv Fields +#path to various utilities; +#change to reflect yours. +# +IPROUTE=/root/DS-6-beta/iproute2-990530-dsing +TC=$IPROUTE/tc/tc +IP=$IPROUTE/ip/ip +IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains +INDEV=eth2 +EGDEV="dev eth1" +CIR1=1000kbit +CIR2=500kbit +# the PIR is what is in excess of the CIR +PIR1=1000kbit +PIR2=500kbit + +#The CBS is about 60 MTU sized packets +CBS1=90k +CBS2=90k +#the EBS is about 20 max sized packets +EBS1=30k +EBS2=30k + +# The meters: Note that we have shared meters in this case as identified +# by the index parameter +meter1=" police index 1 rate $CIR1 burst $CBS1 " +meter1a=" police index 2 rate $PIR1 burst $EBS1 " +meter2=" police index 3 rate $CIR2 burst $CBS1 " +meter2a=" police index 4 rate $PIR2 burst $EBS1 " +meter3=" police index 5 rate $CIR2 burst $CBS2 " +meter3a=" police index 6 rate $PIR2 burst $EBS2 " +meter4=" police index 7 rate $CIR1 burst $CBS2 " + +############################################################ +# +# install the ingress qdisc on the ingress interface +$TC qdisc add dev $INDEV handle ffff: ingress +############################################################ +# +# All packets are marked with a tcindex value which is used on the egress +# tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE +# +# *********************** AF41 *************************** +#AF41 (DSCP 0x22) from is passed on with a tcindex value 1 +#if it doesnt exceed its CIR/CBS + PIR/EBS +#policer 1 is used. +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 1 u32 \ +match ip tos 0x88 0xfc \ +$meter1 \ +continue flowid :1 +$TC filter add dev $INDEV parent ffff: protocol ip prio 2 u32 \ +match ip tos 0x88 0xfc \ +$meter1a \ +continue flowid :1 +# +# if it exceeds the above but not the extra rate/burst below, it gets a +# tcindex value of 2 +# policer 2 is used +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 3 u32 \ +match ip tos 0x88 0xfc \ +$meter2 \ +continue flowid :2 +$TC filter add dev $INDEV parent ffff: protocol ip prio 4 u32 \ +match ip tos 0x88 0xfc \ +$meter2a \ +continue flowid :2 +# +# if it exceeds the above but not the rule below, it gets a tcindex value +# of 3 (policer 3) +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 5 u32 \ +match ip tos 0x88 0xfc \ +$meter3 \ +continue flowid :3 +$TC filter add dev $INDEV parent ffff: protocol ip prio 6 u32 \ +match ip tos 0x88 0xfc \ +$meter3a \ +drop flowid :3 +# +# *********************** AF42 *************************** +#AF42 (DSCP 0x24) from is passed on with a tcindex value 2 +#if it doesnt exceed its CIR/CBS + PIR/EBS +#policer 2 is used. Note that this is shared with the AF41 +# +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 8 u32 \ +match ip tos 0x90 0xfc \ +$meter2 \ +continue flowid :2 +$TC filter add dev $INDEV parent ffff: protocol ip prio 9 u32 \ +match ip tos 0x90 0xfc \ +$meter2a \ +continue flowid :2 +# +# if it exceeds the above but not the rule below, it gets a tcindex value +# of 3 (policer 3) +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 10 u32 \ +match ip tos 0x90 0xfc \ +$meter3 \ +continue flowid :3 +$TC filter add dev $INDEV parent ffff: protocol ip prio 11 u32 \ +match ip tos 0x90 0xfc \ +$meter3a \ +drop flowid :3 + +# +# *********************** AF43 *************************** +# +#AF43 (DSCP 0x26) from is passed on with a tcindex value 3 +#if it doesnt exceed its CIR/CBS + PIR/EBS +#policer 3 is used. Note that this is shared with the AF41 and AF42 +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 13 u32 \ +match ip tos 0x98 0xfc \ +$meter3 \ +continue flowid :3 +$TC filter add dev $INDEV parent ffff: protocol ip prio 14 u32 \ +match ip tos 0x98 0xfc \ +$meter3a \ +drop flowid :3 +# +## *********************** BE *************************** +## +## Anything else (not from the AF4*) gets discarded if it +## exceeds 1Mbps and by default goes to BE if it doesnt +## Note that the BE class is also used by the AF4* in the worst +## case +## +$TC filter add dev $INDEV parent ffff: protocol ip prio 16 u32 \ +match ip src 0/0\ +$meter4 \ +drop flowid :4 + +######################## Egress side ######################## + +# attach a dsmarker +# +$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 +# +# values of the DSCP to change depending on the class +#note that the ECN bits are masked out +# +#AF41 (0x88 is 0x22 shifted to the right by two bits) +# +$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ + value 0x88 +#AF42 +$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ + value 0x90 +#AF43 +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x98 +#BE +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x0 +# +# +# The class mapping +# +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 1 tcindex classid 1:1 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 2 tcindex classid 1:2 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 3 tcindex classid 1:3 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 4 tcindex classid 1:4 +# + +# +echo "---- qdisc parameters Ingress ----------" +$TC qdisc ls dev $INDEV +echo "---- Class parameters Ingress ----------" +$TC class ls dev $INDEV +echo "---- filter parameters Ingress ----------" +$TC filter ls dev $INDEV parent ffff: + +echo "---- qdisc parameters Egress ----------" +$TC qdisc ls $EGDEV +echo "---- Class parameters Egress ----------" +$TC class ls $EGDEV +echo "---- filter parameters Egress ----------" +$TC filter ls $EGDEV parent 1:0 +# +#deleting the ingress qdisc +#$TC qdisc del $INDEV ingress diff --git a/examples/diffserv/Edge32-cb-chains b/examples/diffserv/Edge32-cb-chains index e69de29b..804fad19 100644 --- a/examples/diffserv/Edge32-cb-chains +++ b/examples/diffserv/Edge32-cb-chains @@ -0,0 +1,144 @@ +#! /bin/sh -x +# +# sample script on using the ingress capabilities +# This script fwmark tags(IPchains) based on metering on the ingress +# interface the result is used for fast classification and re-marking +# on the egress interface +# This is an example of a color blind mode marker with no PIR configured +# based on draft-wahjak-mcm-00.txt (section 3.1) +# +#path to various utilities; +#change to reflect yours. +# +IPROUTE=/root/DS-6-beta/iproute2-990530-dsing +TC=$IPROUTE/tc/tc +IP=$IPROUTE/ip/ip +IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains +INDEV=eth2 +EGDEV="dev eth1" +CIR1=1500kbit +CIR2=500kbit + +#The CBS is about 60 MTU sized packets +CBS1=90k +CBS2=90k + +meter1="police rate $CIR1 burst $CBS1 " +meter1a="police rate $CIR2 burst $CBS1 " +meter2="police rate $CIR1 burst $CBS2 " +meter2a="police rate $CIR2 burst $CBS2 " +meter3="police rate $CIR2 burst $CBS1 " +meter3a="police rate $CIR2 burst $CBS1 " +meter4="police rate $CIR2 burst $CBS2 " +meter5="police rate $CIR1 burst $CBS2 " +# +# tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1 +# tag all incoming packets from any other subnet to fw tag 2 +############################################################ +$IPCHAINS -A input -i $INDEV -s 0/0 -m 2 +$IPCHAINS -A input -i $INDEV -s 10.2.0.0/24 -m 1 +# +############################################################ +# install the ingress qdisc on the ingress interface +$TC qdisc add dev $INDEV handle ffff: ingress +# +############################################################ + +# All packets are marked with a tcindex value which is used on the egress +# tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE +# +############################################################ +# +# anything with fw tag of 1 is passed on with a tcindex value 1 +#if it doesnt exceed its allocated rate (CIR/CBS) +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 1 handle 1 fw \ +$meter1 \ +continue flowid 4:1 +$TC filter add dev $INDEV parent ffff: protocol ip prio 2 handle 1 fw \ +$meter1a \ +continue flowid 4:1 +# +# if it exceeds the above but not the extra rate/burst below, it gets a +#tcindex value of 2 +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 3 handle 1 fw \ +$meter2 \ +continue flowid 4:2 +$TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1 fw \ +$meter2a \ +continue flowid 4:2 +# +# if it exceeds the above but not the rule below, it gets a tcindex value +# of 3 +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 5 handle 1 fw \ +$meter3 \ +continue flowid 4:3 +$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 1 fw \ +$meter3a \ +drop flowid 4:3 +# +# Anything else (not from the subnet 10.2.0.24/24) gets discarded if it +# exceeds 1Mbps and by default goes to BE if it doesnt +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 7 handle 2 fw \ +$meter5 \ +drop flowid 4:4 + + +######################## Egress side ######################## + + +# attach a dsmarker +# +$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 +# +# values of the DSCP to change depending on the class +#note that the ECN bits are masked out +# +#AF41 (0x88 is 0x22 shifted to the right by two bits) +# +$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ + value 0x88 +#AF42 +$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ + value 0x90 +#AF43 +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x98 +#BE +$TC class change $EGDEV classid 1:4 dsmark mask 0x3 \ + value 0x0 +# +# +# The class mapping (using tcindex; could easily have +# replaced it with the fw classifier instead) +# +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 1 tcindex classid 1:1 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 2 tcindex classid 1:2 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 3 tcindex classid 1:3 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 4 tcindex classid 1:4 +# + +# +echo "---- qdisc parameters Ingress ----------" +$TC qdisc ls dev $INDEV +echo "---- Class parameters Ingress ----------" +$TC class ls dev $INDEV +echo "---- filter parameters Ingress ----------" +$TC filter ls dev $INDEV parent ffff: + +echo "---- qdisc parameters Egress ----------" +$TC qdisc ls $EGDEV +echo "---- Class parameters Egress ----------" +$TC class ls $EGDEV +echo "---- filter parameters Egress ----------" +$TC filter ls $EGDEV parent 1:0 +# +#deleting the ingress qdisc +#$TC qdisc del $INDEV ingress diff --git a/examples/diffserv/Edge32-cb-u32 b/examples/diffserv/Edge32-cb-u32 index e69de29b..cc2ebb40 100644 --- a/examples/diffserv/Edge32-cb-u32 +++ b/examples/diffserv/Edge32-cb-u32 @@ -0,0 +1,145 @@ +#! /bin/sh +# +# sample script on using the ingress capabilities using u32 classifier +# This script tags tcindex based on metering on the ingress +# interface the result is used for fast classification and re-marking +# on the egress interface +# This is an example of a color blind mode marker with PIR configured +# based on draft-wahjak-mcm-00.txt (section 3.2) +# +#path to various utilities; +#change to reflect yours. +# +IPROUTE=/root/DS-6-beta/iproute2-990530-dsing +TC=$IPROUTE/tc/tc +IP=$IPROUTE/ip/ip +INDEV=eth2 +EGDEV="dev eth1" +CIR1=1000kbit +CIR2=1000kbit +# The PIR is the excess (in addition to the CIR i.e if always +# going to the PIR --> average rate is CIR+PIR) +PIR1=1000kbit +PIR2=500kbit + +#The CBS is about 60 MTU sized packets +CBS1=90k +CBS2=90k +#the EBS is about 10 max sized packets +EBS1=15k +EBS2=15k +# The meters +meter1=" police rate $CIR1 burst $CBS1 " +meter1a=" police rate $PIR1 burst $EBS1 " +meter2=" police rate $CIR2 burst $CBS1 " +meter2a="police rate $PIR2 burst $CBS1 " +meter3=" police rate $CIR2 burst $CBS2 " +meter3a=" police rate $PIR2 burst $EBS2 " +meter4=" police rate $CIR1 burst $CBS2 " +meter5=" police rate $CIR1 burst $CBS2 " + + +# install the ingress qdisc on the ingress interface +############################################################ +$TC qdisc add dev $INDEV handle ffff: ingress +############################################################ +# +############################################################ + +# All packets are marked with a tcindex value which is used on the egress +# NOTE: tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE +# +#anything from subnet 10.2.0.2/24 is passed on with a tcindex value 1 +#if it doesnt exceed its CIR/CBS + PIR/EBS +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 1 u32 \ +match ip src 10.2.0.0/24 $meter1 \ +continue flowid :1 +$TC filter add dev $INDEV parent ffff: protocol ip prio 2 u32 \ +match ip src 10.2.0.0/24 $meter1a \ +continue flowid :1 + +# +# if it exceeds the above but not the extra rate/burst below, it gets a +#tcindex value of 2 +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 3 u32 \ +match ip src 10.2.0.0/24 $meter2 \ +continue flowid :2 +$TC filter add dev $INDEV parent ffff: protocol ip prio 4 u32 \ +match ip src 10.2.0.0/24 $meter2a \ +continue flowid :2 +# +# if it exceeds the above but not the rule below, it gets a tcindex value +# of 3 +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 5 u32 \ +match ip src 10.2.0.0/24 $meter3 \ +continue flowid :3 +$TC filter add dev $INDEV parent ffff: protocol ip prio 6 u32 \ +match ip src 10.2.0.0/24 $meter3a \ +drop flowid :3 +# +# +# Anything else (not from the subnet 10.2.0.24/24) gets discarded if it +# exceeds 1Mbps and by default goes to BE if it doesnt +# +$TC filter add dev $INDEV parent ffff: protocol ip prio 7 u32 \ +match ip src 0/0 $meter5 \ +drop flowid :4 + + +######################## Egress side ######################## + + +# attach a dsmarker +# +$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 +# +# values of the DSCP to change depending on the class +#note that the ECN bits are masked out +# +#AF41 (0x88 is 0x22 shifted to the right by two bits) +# +$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ + value 0x88 +#AF42 +$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ + value 0x90 +#AF43 +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x98 +#BE +$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ + value 0x0 +# +# +# The class mapping +# +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 1 tcindex classid 1:1 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 2 tcindex classid 1:2 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 3 tcindex classid 1:3 +$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ + handle 4 tcindex classid 1:4 +# + +# +echo "---- qdisc parameters Ingress ----------" +$TC qdisc ls dev $INDEV +echo "---- Class parameters Ingress ----------" +$TC class ls dev $INDEV +echo "---- filter parameters Ingress ----------" +$TC filter ls dev $INDEV parent ffff: + +echo "---- qdisc parameters Egress ----------" +$TC qdisc ls $EGDEV +echo "---- Class parameters Egress ----------" +$TC class ls $EGDEV +echo "---- filter parameters Egress ----------" +$TC filter ls $EGDEV parent 1:0 +# +#deleting the ingress qdisc +#$TC qdisc del $INDEV ingress diff --git a/examples/diffserv/README b/examples/diffserv/README index e69de29b..ec91d632 100644 --- a/examples/diffserv/README +++ b/examples/diffserv/README @@ -0,0 +1,98 @@ + +Note all these are mere examples which can be customized to your needs + +AFCBQ +----- +AF PHB built using CBQ, DSMARK,GRED (default in GRIO mode) ,RED for BE +and the tcindex classifier with some algorithmic mapping + +EFCBQ +----- +EF PHB built using CBQ (for rate control and prioritization), +DSMARK( to remark DSCPs), tcindex classifier and RED for the BE +traffic. + +EFPRIO +------ +EF PHB using the PRIO scheduler, Token Bucket to rate control EF, +tcindex classifier, DSMARK to remark, and RED for the BE traffic + +EDGE scripts +============== + +CB-3(1|2)-(u32/chains) +====================== + + +The major differences are that the classifier is u32 on -u32 extension +and IPchains on the chains extension. CB stands for color Blind +and 31 is for the mode where only a CIR and CBS are defined whereas +32 stands for a mode where a CIR/CBS + PIR/EBS are defined. + +Color Blind (CB) +==========-----= +We look at one special subnet that we are interested in for simplicty +reasons to demonstrate the capability. We send the packets from that +subnet to AF4*, BE or end up dropping depending on the metering results. + + +The algorithm overview is as follows: + +*classify: + +**case: subnet X +---------------- + if !exceed meter1 tag as AF41 + else + if !exceed meter2 tag as AF42 + else + if !exceed meter 3 tag as AF43 + else + drop + +default case: Any other subnet +------------------------------- + if !exceed meter 5 tag as AF43 + else + drop + + +One Egress side change the DSCPs of the packets to reflect AF4* and BE +based on the tags from the ingress. + +------------------------------------------------------------- + +Color Aware +=========== + +Define some meters with + policing and give them IDs eg + +meter1=police index 1 rate $CIR1 burst $CBS1 +meter2=police index 2 rate $CIR2 burst $CBS2 etc + +General overview: +classify based on the DSCPs and use the policer ids to decide tagging + + +*classify on ingress: + +switch (dscp) { + case AF41: /* tos&0xfc == 0x88 */ + if (!exceed meter1) break; + case AF42: /* tos&0xfc == 0x90 */ + if (!exceed meter2) { + tag as AF42; + break; + } + case AF43: /* tos&0xfc == 0x98 */ + if (!exceed meter3) { + tag as AF43; + break; + } else + drop; + default: + if (!exceed meter4) tag as BE; + else drop; +} + +On the Egress side mark the proper AF tags diff --git a/examples/diffserv/afcbq b/examples/diffserv/afcbq index e69de29b..10d6d934 100644 --- a/examples/diffserv/afcbq +++ b/examples/diffserv/afcbq @@ -0,0 +1,105 @@ +#!/usr/bin/perl +# +# +# AF using CBQ for a single interface eth0 +# 4 AF classes using GRED and one BE using RED +# Things you might want to change: +# - the device bandwidth (set at 10Mbits) +# - the bandwidth allocated for each AF class and the BE class +# - the drop probability associated with each AF virtual queue +# +# AF DSCP values used (based on AF draft 04) +# ----------------------------------------- +# AF DSCP values +# AF1 1. 0x0a 2. 0x0c 3. 0x0e +# AF2 1. 0x12 2. 0x14 3. 0x16 +# AF3 1. 0x1a 2. 0x1c 3. 0x1e +# AF4 1. 0x22 2. 0x24 3. 0x26 + +# +# +# A simple DSCP-class relationship formula used to generate +# values in the for loop of this script; $drop stands for the +# DP +# $dscp = ($class*8+$drop*2) +# +# if you use GRIO buffer sharing, then GRED priority is set as follows: +# $gprio=$drop+1; +# + +$TC = "/usr/src/iproute2-current/tc/tc"; +$DEV = "dev lo"; +$DEV = "dev eth1"; +$DEV = "dev eth0"; +# the BE-class number +$beclass = "5"; + +#GRIO buffer sharing on or off? +$GRIO = ""; +$GRIO = "grio"; +# The bandwidth of your device +$linerate="10Mbit"; +# The BE and AF rates +%rate_table=(); +$berate="1500Kbit"; +$rate_table{"AF1rate"}="1500Kbit"; +$rate_table{"AF2rate"}="1500Kbit"; +$rate_table{"AF3rate"}="1500Kbit"; +$rate_table{"AF4rate"}="1500Kbit"; +# +# +# +print "\n# --- General setup ---\n"; +print "$TC qdisc add $DEV handle 1:0 root dsmark indices 64 set_tc_index\n"; +print "$TC filter add $DEV parent 1:0 protocol ip prio 1 tcindex mask 0xfc " . + "shift 2 pass_on\n"; + #"shift 2\n"; +print "$TC qdisc add $DEV parent 1:0 handle 2:0 cbq bandwidth $linerate ". + "cell 8 avpkt 1000 mpu 64\n"; +print "$TC filter add $DEV parent 2:0 protocol ip prio 1 tcindex ". + "mask 0xf0 shift 4 pass_on\n"; +for $class (1..4) { + print "\n# --- AF Class $class specific setup---\n"; + $AFrate=sprintf("AF%drate",$class); + print "$TC class add $DEV parent 2:0 classid 2:$class cbq ". + "bandwidth $linerate rate $rate_table{$AFrate} avpkt 1000 prio ". + (6-$class)." bounded allot 1514 weight 1 maxburst 21\n"; + print "$TC filter add $DEV parent 2:0 protocol ip prio 1 handle $class ". + "tcindex classid 2:$class\n"; + print "$TC qdisc add $DEV parent 2:$class gred setup DPs 3 default 2 ". + "$GRIO\n"; +# +# per DP setup +# + for $drop (1..3) { + print "\n# --- AF Class $class DP $drop---\n"; + $dscp = $class*8+$drop*2; + $tcindex = sprintf("1%x%x",$class,$drop); + print "$TC filter add $DEV parent 1:0 protocol ip prio 1 ". + "handle $dscp tcindex classid 1:$tcindex\n"; + $prob = $drop*0.02; + if ($GRIO) { + $gprio = $drop+1; + print "$TC qdisc change $DEV parent 2:$class gred limit 60KB min 15KB ". + "max 45KB burst 20 avpkt 1000 bandwidth $linerate DP $drop ". + "probability $prob ". + "prio $gprio\n"; + } else { + print "$TC qdisc change $DEV parent 2:$class gred limit 60KB min 15KB ". + "max 45KB burst 20 avpkt 1000 bandwidth $linerate DP $drop ". + "probability $prob \n"; + } + } +} +# +# +print "\n#------BE Queue setup------\n"; +print "$TC filter add $DEV parent 1:0 protocol ip prio 2 ". + "handle 0 tcindex mask 0 classid 1:1\n"; +print "$TC class add $DEV parent 2:0 classid 2:$beclass cbq ". + "bandwidth $linerate rate $berate avpkt 1000 prio 6 " . + "bounded allot 1514 weight 1 maxburst 21 \n"; +print "$TC filter add $DEV parent 2:0 protocol ip prio 1 handle 0 tcindex ". + "classid 2:5\n"; +print "$TC qdisc add $DEV parent 2:5 red limit 60KB min 15KB max 45KB ". + "burst 20 avpkt 1000 bandwidth $linerate probability 0.4\n"; diff --git a/examples/diffserv/ef-prio b/examples/diffserv/ef-prio index e69de29b..48611bdd 100644 --- a/examples/diffserv/ef-prio +++ b/examples/diffserv/ef-prio @@ -0,0 +1,25 @@ +#!/usr/bin/perl +$TC = "/root/DS-6-beta/iproute2-990530-dsing/tc/tc"; +$DEV = "dev eth1"; +$efrate="1.5Mbit"; +$MTU="1.5kB"; +print "$TC qdisc add $DEV handle 1:0 root dsmark indices 64 set_tc_index\n"; +print "$TC filter add $DEV parent 1:0 protocol ip prio 1 tcindex ". + "mask 0xfc shift 2\n"; +print "$TC qdisc add $DEV parent 1:0 handle 2:0 prio\n"; +# +# EF class: Maximum about one MTU sized packet allowed on the queue +# +print "$TC qdisc add $DEV parent 2:1 tbf rate $efrate burst $MTU limit 1.6kB\n"; +print "$TC filter add $DEV parent 2:0 protocol ip prio 1 ". + "handle 0x2e tcindex classid 2:1 pass_on\n"; +# +# BE class +# +print "#BE class(2:2) \n"; +print "$TC qdisc add $DEV parent 2:2 red limit 60KB ". + "min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit ". + "probability 0.4\n"; +# +print "$TC filter add $DEV parent 2:0 protocol ip prio 2 ". + "handle 0 tcindex mask 0 classid 2:2 pass_on\n"; diff --git a/examples/diffserv/efcbq b/examples/diffserv/efcbq index e69de29b..bcc437b3 100644 --- a/examples/diffserv/efcbq +++ b/examples/diffserv/efcbq @@ -0,0 +1,31 @@ +#!/usr/bin/perl +# +$TC = "/root/DS-6-beta/iproute2-990530-dsing/tc/tc"; +$DEV = "dev eth1"; +print "$TC qdisc add $DEV handle 1:0 root dsmark indices 64 set_tc_index\n"; +print "$TC filter add $DEV parent 1:0 protocol ip prio 1 tcindex ". + "mask 0xfc shift 2\n"; +print "$TC qdisc add $DEV parent 1:0 handle 2:0 cbq bandwidth ". + "10Mbit cell 8 avpkt 1000 mpu 64\n"; +# +# EF class +# +print "$TC class add $DEV parent 2:0 classid 2:1 cbq bandwidth ". + "10Mbit rate 1500Kbit avpkt 1000 prio 1 bounded isolated ". + "allot 1514 weight 1 maxburst 10 \n"; +# packet fifo for EF? +print "$TC qdisc add $DEV parent 2:1 pfifo limit 5\n"; +print "$TC filter add $DEV parent 2:0 protocol ip prio 1 ". + "handle 0x2e tcindex classid 2:1 pass_on\n"; +# +# BE class +# +print "#BE class(2:2) \n"; +print "$TC class add $DEV parent 2:0 classid 2:2 cbq bandwidth ". + "10Mbit rate 5Mbit avpkt 1000 prio 7 allot 1514 weight 1 ". + "maxburst 21 borrow split 2:0 defmap 0xffff \n"; +print "$TC qdisc add $DEV parent 2:2 red limit 60KB ". + "min 15KB max 45KB burst 20 avpkt 1000 bandwidth 10Mbit ". + "probability 0.4\n"; +print "$TC filter add $DEV parent 2:0 protocol ip prio 2 ". + "handle 0 tcindex mask 0 classid 2:2 pass_on\n"; diff --git a/examples/diffserv/regression-testing b/examples/diffserv/regression-testing index e69de29b..0ec705c0 100644 --- a/examples/diffserv/regression-testing +++ b/examples/diffserv/regression-testing @@ -0,0 +1,125 @@ + +These were the tests done to validate the Diffserv scripts. +This document will be updated continously. If you do more +thorough validation testing please post the details to the +diffserv mailing list. +Nevertheless, these tests should serve for basic validation. + +AFCBQ, EFCBQ, EFPRIO +---------------------- + +generate all possible DSCPs and observe that they +get sent to the proper classes. In the case of AF also +to the correct Virtual Queues. + +Edge1 +----- +generate TOS values 0x0,0x10,0xbb each with IP addresses +10.2.0.24 (mark 1), 10.2.0.3 (mark2) and 10.2.0.30 (mark 3) +and observe that they get marked as expected. + +Edge2 +----- + +-Repeat the tests in Edge1 +-ftp with data direction from 10.2.0.2 + *observe that the metering/policing works correctly (and the marking + as well). In this case the mark used will be 3 + +Edge31-cb-chains +---------------- + +-ftp with data direction from 10.2.0.2 + + *observe that the metering/policing works correctly (and the marking + as well). In this case the mark used will be 1. + + Metering: The data throughput should not exceed 2*CIR1 + 2*CIR2 + which is roughly: 5mbps + + Marking: the should be a variation of marked packets: + AF41(TOS=0x88) AF42(0x90) AF43(0x98) and BE (0x0) + +More tests required to see the interaction of several sources (other +than subnet 10.2.0.0/24). + +Edge31-ca-u32 +-------------- + +Generate data using modified tcpblast from 10.2.0.2 (behind eth2) to the +discard port of 10.1.0.2 (behind eth1) + +1) generate with src tos = 0x88 + Metering: Allocated throughput should not exceed 2*CIR1 + 2*CIR2 + approximately 5mbps + Marking: Should vary between 0x88,0x90,0x98 and 0x0 + +2) generate with src tos = 0x90 + Metering: Allocated throughput should not exceed CIR1 + 2*CIR2 + approximately 3.5mbps + Marking: Should vary between 0x90,0x98 and 0x0 + +3) generate with src tos = 0x98 + Metering: Allocated throughput should not exceed CIR1 + CIR2 + approximately 2.5mbps + Marking: Should vary between 0x98 and 0x0 + +4) generate with src tos any other than the above + Metering: Allocated throughput should not exceed CIR1 + approximately 1.5mbps + Marking: Should be consistent at 0x0 + +TODO: Testing on how each color shares when all 4 types of packets +are going through the edge device + +Edge32-cb-u32, Edge32-cb-chains +------------------------------- + +-ftp with data direction from 10.2.0.2 + + *observe that the metering/policing works correctly (and the marking + as well). + + Metering: + The data throughput should not exceed 2*CIR1 + 2*CIR2 + + 2*PIR2 + PIR1 for u32 which is roughly: 6mbps + The data throughput should not exceed 2*CIR1 + 5*CIR2 + for chains which is roughly: 6mbps + + Marking: the should be a variation of marked packets: + AF41(TOS=0x88) AF42(0x90) AF43(0x98) and BE (0x0) + +TODO: +-More tests required to see the interaction of several sources (other +than subnet 10.2.0.0/24). +-More tests needed to capture stats on how many times the CIR was exceeded +but the data was not remarked etc. + +Edge32-ca-u32 +-------------- + +Generate data using modified tcpblast from 10.2.0.2 (behind eth2) to the +discard port of 10.1.0.2 (behind eth1) + +1) generate with src tos = 0x88 + Metering: Allocated throughput should not exceed 2*CIR1 + 2*CIR2 + +PIR1 -- approximately 4mbps + Marking: Should vary between 0x88,0x90,0x98 and 0x0 + +2) generate with src tos = 0x90 + Metering: Allocated throughput should not exceed CIR1 + 2*CIR2 + + 2* PIR2 approximately 3mbps + Marking: Should vary between 0x90,0x98 and 0x0 + +3) generate with src tos = 0x98 + Metering: Allocated throughput should not exceed PIR1+ CIR1 + CIR2 + approximately 2.5mbps + Marking: Should vary between 0x98 and 0x0 + +4) generate with src tos any other than the above + Metering: Allocated throughput should not exceed CIR1 + approximately 1mbps + Marking: Should be consistent at 0x0 + +TODO: Testing on how each color shares when all 4 types of packets +are going through the edge device |