From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-user+bounces-139093-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1SeR3v-0003Jp-1D
for garchives@archives.gentoo.org; Tue, 12 Jun 2012 13:23:11 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 0BACBE0417;
Tue, 12 Jun 2012 13:22:56 +0000 (UTC)
Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53])
by pigeon.gentoo.org (Postfix) with ESMTP id ABA9AE0175
for <gentoo-user@lists.gentoo.org>; Tue, 12 Jun 2012 13:21:30 +0000 (UTC)
Received: by bkcjk13 with SMTP id jk13so5235371bkc.40
for <gentoo-user@lists.gentoo.org>; Tue, 12 Jun 2012 06:21:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
bh=wE1t/+exh7uj+BZvj1UHv1g5TaS/nzKv8SzhDJw7O00=;
b=cRqflVU91fqXron4gibv1GdthjJGS/701v+fSKP2D2ogeK2PFO/V+/uonZ8ARhXufK
XonSo8wsKh6kQ70/neOhNZw3pGs5Gop3cWA1A4Vhxn70goiY7OH3/NYSI8kPjfElzdMV
G6A6uqPYedZBIZu361gpzcP/gNZmoYh9NjHBd9Sv74XBNE0Z6s7ZbSNGBfkXoDf/PG1O
qmXj73sD9P024oI2lXNvAA+0ZzLIqqzohhA+sr74SlmlgmsDrzrMjlLcSrJ147t5tUrc
KEyH95Mb3FeeRgfzTO+Hq8XRD9PaQRwbFsEotKf/gwM6iqvAG5DwLYib7KAs8F1GlXVD
vsAw==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.205.133.193 with SMTP id hz1mr12019183bkc.31.1339507289610;
Tue, 12 Jun 2012 06:21:29 -0700 (PDT)
Received: by 10.204.42.207 with HTTP; Tue, 12 Jun 2012 06:21:29 -0700 (PDT)
Received: by 10.204.42.207 with HTTP; Tue, 12 Jun 2012 06:21:29 -0700 (PDT)
In-Reply-To: <CAG+b7UV1FiMqzOUB9Wtfo+RcVBng+KL5aRCB4R-Y-QjyVU2f9g@mail.gmail.com>
References: <CAG+b7UX6OmouZttGJpMsM+otJBGjT-2rdS3-aSgUjjrrU4CQqA@mail.gmail.com>
<5bd4ba758840149a5dabfaf4515eb997.squirrel@www.antarean.org>
<CAG+b7UV1FiMqzOUB9Wtfo+RcVBng+KL5aRCB4R-Y-QjyVU2f9g@mail.gmail.com>
Date: Tue, 12 Jun 2012 09:21:29 -0400
Message-ID: <CA+czFiC7oKYhW5MhMP7CteoJeXzPBofTaeUerSaHFPMEBsNTpg@mail.gmail.com>
Subject: Re: [gentoo-user] Traffic shaping - downstream data
From: Michael Mol <mikemol@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: multipart/alternative; boundary=0015174769762bd7f104c246586d
X-Archives-Salt: 8dadccc2-6db6-4b30-8bf9-0bd9facdb322
X-Archives-Hash: dc27f351d33a2b07ecc68427d350ef48
--0015174769762bd7f104c246586d
Content-Type: text/plain; charset=UTF-8
More detail later...but make sure your vpn link is not TCP. UDP, fine,
IP-IP, fine, but not TCP. TCP transport for a VPN tunnel leads to ugly
traffic problems.
On Jun 12, 2012 8:59 AM, "Datty" <datty.wtb@gmail.com> wrote:
>
> On Tue, Jun 12, 2012 at 9:58 AM, J. Roeleveld <joost@antarean.org> wrote:
>
>> On Mon, June 11, 2012 5:27 pm, Datty wrote:
>> > Hi all
>> >
>> > I'm looking for some help setting up traffic shaping on my internet
>> > connection. I have a bit of an odd setup in that I run a remote VPN
>> server
>> > that all of my traffic is pushed through and out on to the internet. As
>> I
>> > understand generally it isn't possible to shape incoming traffic but as
>> I
>> > have control of the VPN server which pushes the traffic to me I wondered
>> > if
>> > it was possible to implement something on that side? No traffic other
>> than
>> > the VPN tunnel goes out of my home connection.
>> >
>> > I'm trying to do this because I have a service running on one of my home
>> > machines that requires around 5kbps constantly with low latency
>> (<200ms),
>> > but as my home connection is 750kbps it gets saturated very quickly
>> > causing
>> > huge spikes in latency. Does anyone have any ideas as to how I could
>> > achieve this? Generally any pointers at all would be greatly
>> appreciated.
>>
>> If VPN is the only traffic to/from your home, eg. using your internet
>> connection and you control the VPN-server on the other side, you could
>> limit the "upstream" of the remote server to your home.
>>
>> > Thanks for your time
>> >
>> > Oliver
>> >
>>
>>
>> --
>> Joost
>>
>>
>> Thanks that makes total sense. I was looking at it backwards, not
> thinking that I could apply the same upstream limit to my VPN server.
> A bit of background/my aims - The vpn interface is 100mbps, I want
> everybody but me on the VPN to be able to use up to that speed, but for
> traffic sent to 192.168.50.0/24 to be limited to 750kbps, with 700kbps of
> that for normal traffic and 50kbps for my tcp traffic from port 9999.
>
> Based on that do the following rules make sense?
>
> tc qdisc add dev tap0 root handle 1: htb default 12 -- Set the interface
> to be handle 1 and default traffic to be in class 1:12
> tc class add dev tap0 parent 1: classid 1:1 htb rate 100mbps ceil 100mbps
> -- Set 100mbps to be available to all classes overall
> tc class add dev tap0 parent 1:1 classid 1:12 htb rate 100mbps ceil
> 100mbps -- Set 100mbps to be available to all people on the vpn
> tc class add dev tap0 parent 1:1 classid 1:15 htb rate 750kbps ceil
> 750kbps -- To be applied to all traffic from my home network
> tc class add dev tap0 parent 1:15 classid 1:16 htb rate 700kbps ceil
> 700kbps -- To be applied to all traffic other than special on home network
> tc class add dev tap0 parent 1:15 classid 1:17 htb rate 50kbps ceil 50kbps
> -- To be applied to special traffic on home network
> tc qdisc add dev $modemif parent 1:15 handle 20: sfq perturb 10 -- I
> understand this to prevent high bandwidth traffic in a class from filling
> up the whole of the class bandwidth and allow fair sharing. Is this
> right/needed?
> tc qdisc add dev $modemif parent 1:12 handle 20: sfq perturb 10
>
> iptables -t mangle -A POSTROUTING -o tap0 -d 192.168.50.0/24 -p tcp
> --sport 9999 -j CLASSIFY --set-class 1:17
> iptables -t mangle -A POSTROUTING -o tap0 -d 192.168.50.4/24 -j CLASSIFY
> --set-class 1:16
> iptables -t mangle -A POSTROUTING -o tap0 -j CLASSIFY --set-class 1:12
>
>
> Thanks again for your help
>
> Oliver
>
--0015174769762bd7f104c246586d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<p>More detail later...but make sure your vpn link is not TCP. UDP, fine, I=
P-IP, fine, but not TCP. TCP transport for a VPN tunnel leads to ugly traff=
ic problems.</p>
<div class=3D"gmail_quote">On Jun 12, 2012 8:59 AM, "Datty" <<=
a href=3D"mailto:datty.wtb@gmail.com">datty.wtb@gmail.com</a>> wrote:<br=
type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br><div class=3D"gmail_quote">On Tue, Jun 12, 2012 at 9:58 AM, J. Roelevel=
d <span dir=3D"ltr"><<a href=3D"mailto:joost@antarean.org" target=3D"_bl=
ank">joost@antarean.org</a>></span> wrote:<br><blockquote class=3D"gmail=
_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:=
1ex">
<div><div>On Mon, June 11, 2012 5:27 pm, Datty wrote:<br>
> Hi all<br>
><br>
> I'm looking for some help setting up traffic shaping on my interne=
t<br>
> connection. I have a bit of an odd setup in that I run a remote VPN se=
rver<br>
> that all of my traffic is pushed through and out on to the internet. A=
s I<br>
> understand generally it isn't possible to shape incoming traffic b=
ut as I<br>
> have control of the VPN server which pushes the traffic to me I wonder=
ed<br>
> if<br>
> it was possible to implement something on that side? No traffic other =
than<br>
> the VPN tunnel goes out of my home connection.<br>
><br>
> I'm trying to do this because I have a service running on one of m=
y home<br>
> machines that requires around 5kbps constantly with low latency (<2=
00ms),<br>
> but as my home connection is 750kbps it gets saturated very quickly<br=
>
> causing<br>
> huge spikes in latency. Does anyone have any ideas as to how I could<b=
r>
> achieve this? Generally any pointers at all would be greatly appreciat=
ed.<br>
<br>
</div></div>If VPN is the only traffic to/from your home, eg. using your in=
ternet<br>
connection and you control the VPN-server on the other side, you could<br>
limit the "upstream" of the remote server to your home.<br>
<div><div><br>
> Thanks for your time<br>
><br>
> Oliver<br>
><br>
<br>
<br>
</div></div><span><font color=3D"#888888">--<br>
Joost<br>
<br><br>
</font></span></blockquote></div>Thanks that makes total sense. I was looki=
ng at it backwards, not thinking that I could apply the same upstream limit=
to my VPN server.<div>A bit of background/my aims - The vpn interface is 1=
00mbps, I want everybody but me on the VPN to be able to use up to that spe=
ed, but for traffic sent to <a href=3D"http://192.168.50.0/24" target=3D"_b=
lank">192.168.50.0/24</a> to be limited to 750kbps, with 700kbps of that fo=
r normal traffic and 50kbps for my tcp traffic from port 9999.=C2=A0
</div><div><br></div><div>Based on that do the following rules make sense?=
=C2=A0</div><div><br></div><div><div>tc qdisc add dev tap0 root handle 1: h=
tb default 12 -- Set the interface to be handle 1 and default traffic to be=
in class 1:12</div>
<div>tc class add dev tap0 parent 1: classid 1:1 htb rate 100mbps ceil 100m=
bps -- Set 100mbps to be available to all classes overall</div><div>tc clas=
s add dev tap0 parent 1:1 classid 1:12 htb rate 100mbps ceil 100mbps -- Set=
100mbps to be available to all people on the vpn</div>
<div>tc class add dev tap0 parent 1:1 classid 1:15 htb rate 750kbps ceil 75=
0kbps -- To be applied to all traffic from my home network</div><div>tc cla=
ss add dev tap0 parent 1:15 classid 1:16 htb rate 700kbps ceil 700kbps -- T=
o be applied to all traffic other than special on home network</div>
<div>tc class add dev tap0 parent 1:15 classid 1:17 htb rate 50kbps ceil 50=
kbps -- To be applied to special traffic on home network</div><div><div>tc =
qdisc add dev $modemif parent 1:15 handle 20: sfq perturb 10 -- I understan=
d this to prevent high bandwidth traffic in a class from filling up the who=
le of the class bandwidth and allow fair sharing. Is this right/needed?</di=
v>
<div>tc qdisc add dev $modemif parent 1:12 handle 20: sfq perturb 10=C2=A0<=
/div></div><div><br></div><div>iptables -t mangle -A POSTROUTING -o tap0 -d=
<a href=3D"http://192.168.50.0/24" target=3D"_blank">192.168.50.0/24</a> -=
p tcp --sport 9999 -j CLASSIFY --set-class 1:17</div>
<div>iptables -t mangle -A POSTROUTING -o tap0 -d <a href=3D"http://192.168=
.50.4/24" target=3D"_blank">192.168.50.4/24</a> -j CLASSIFY --set-class 1:1=
6</div><div>iptables -t mangle -A POSTROUTING -o tap0 -j CLASSIFY --set-cla=
ss 1:12</div>
</div>
<div><br></div><div><br></div><div>Thanks again for your help</div><div><br=
></div><div>Oliver</div>
</blockquote></div>
--0015174769762bd7f104c246586d--