Hello

I have a desktop pc running Debian 3.0 (Woody, I think). This pc has 2 NIC's. One NIC is connected to a network, the other is connected to a notebook. I want this linux box to forward all traffic from the network (eth0) to the notebook (eth1) and vica versa and it should be able to participate on the network itself too.

So far I have achieved this by creating a bridge between eth0 and eth1, this was not hard at all.

Now I want to do the following:

The linux box should always prioritize the traffic from the notebook (eth1) to the network (eth0). So if the notebook and the linux box want to send/recieve packets to/from the network, the linux box should always let the notebook's packets go first.
This should be possible with traffic shaping and ebtables, right?

I use the following script/command to set up traffic shaping:

ebtables -A FORWARD -j mark --set-mark 1
tc qdisc add dev eth0 root handle 1: prio
tc qdisc add dev eth1 root handle 2: prio
tc filter add dev eth0 parent 1: protocol ip handle 1 fw flowid 1:1
tc filter add dev eth1 parent 2: protocol ip handle 1 fw flowid 2:1

This returns no errors, but the script doesn't work. There is no difference between running it and just enableing the bridge without any traffic shaping.

What am I doing wrong?

Thx a lot in advance!

Too long to list. You have some basic misconceptions about traffic control. And unless I'm not mistaken, I don't think it would do any good to enable TC on individual interfaces of a bridge. You might want to look over the LARTC HOWTO or the HTB manual.

I've found the HTB manual to be a very good solution for traffic control and the website also has a lot of good information about the subject in general.

Ow, mmh I thought I had it right. Whell, thx for letting me know, I'll check those links that you gave me.

But I don't think I need HTB, PRIO should be enough for what I want, I think.

Mmh I've read the manual and I still don't see what I am doing wrong.

I'm marking everything in the forward chain with ebtables and then I apply a filter so that everything with that mark ends up in class 1 of the eth0/eth1 PRIO qdisc. And class 1 has the highest priority so those packets should be sent first...

Or does it have something to do with the priomap, maybe the FTP packets I use for testing end up in class 1 aswel because they are marked for high bandwith by TOS?

Could you give me some advice on what I am doing wrong?

perhaps you're taking the wrong approach to it... tell me exactly what you're trying to accomplish and I'll see if I can suggest a good way to go about getting there.

This is the setup:


Notebook --- LinuxBox --- Network Switch ---- a bunch of other pc's
(my ASCII skills are not that good )

So the linuxbox has 2 NIC's. One is attached to the network switch (eth0), the other to the notebook (eth1).

The linuxbox should forward all traffic from eth1 to eth0 and forward all the traffic for the notebook from eth0 to eth1, so it should just act as a standard bridge. And it does that without any problems right now.
BUT, I also want it to prioritise all the packets to and from eth1. So the notebook should always have full bandwith available. It doesn't matter if the linuxbox is downloading from 1000 FTP servers, it should always let the notebook's packets (everything from and to eth1) go first.

I hope it's clear for you. If not, let me know what you need to know .

Edit:
I forgot to let you know, the way I am testing is like this:


Notebook --- LinuxBox --- Network Switch ---- FTP SERVER

I connect on the notebook and on the linuxbox to the FTP server and I transfer a 100MB file to it simultaneously from the notebook and the linuxbox. The linuxbox should let the notebook transfer the whole file first and only after it has been completed, the linuxbox's speed should rise again.

well that sounds possible and probably not too difficult. If you have those two cards truly bridged, then you don't have much to worry about on that part. The kernel will treat the bridged interfaces as one (as br0 probably).

Now, what I want to know is what do you need this traffic shaper to accomplish for you? It is 100% impossible to shape inbound traffic, by the way. You can not control what data a remote host sends to you first. It sounds like you want to control how fast your laptop downloads but it is mostly impossible to completely control. Is there a certain kind of traffic you want to go faster or is it all traffic to that computer? Is it for gaming, or file transfers?

You can easily shape upstream traffic, however. This can result in some improvement but it still will not make your laptop download any faster. I see only 2 options for making your total downloading speed selectively faster:

1: HARSH ingress policing on the external interface to force remote hosts from sending at full speed, saturating your downstream bandwidth. Then possibly making the policer ignore traffic TO your laptop's IP. This solution is generally easy to set up, but will cost you about 40-50% of your downstream bandwidth in order to be effective.

2: WRR + RED for the egress on br0 interface that gives better weight to your laptop's IP. This is a very complicated solution that works well from what I have read about it. But I have never done it myself and I don't really know how to do it either.

Just out of interest:

Why can't the notebook connect directly to the switch? or is the linuxbox a gateway to the internet via ppp or adsl.

No, this is not possible, otherwise the solution would indeed be simple .


Mmh, sounds pretty complicated.
So I can't control the incoming packets, I'll have to leave it like that then. Or can I prioritize the forwarding of packets to the notebook, so that if the LinuxBox has both packets to forward and packets for itsself in queue, that the LinuxBox will always first forward the notebooks packets and afterwards process its own?

For the outbound traffic: both low latency packets (gaming) and high bandwidth packets (file transfers) should be prioritized. So ALL traffic from the notebook must have highest priority.

I think I can probably find a simple solution for you. I need more information though.



Am I to assume that your linux box is your router?

Does it work something like this?:

-------------|br0|eth0------Switch
             |br0|eth1------Notebook
Linux router |
-------------|ppp0(or eth2)-----Cable Modem/DSL/Whatever Internet

And are you trying to shape traffic to/from your FTP servers and the internet or to/from your ftp servers and your laptop? So far, I'm getting the feeling that you have are FTP servers that could have several connections going at any point to people out on the internet and what you want to do is have that traffic not affect your experience while using your laptop and that the traffic you're wanting to prioritize is between the laptop and the internet? or is it between the laptop and your FTP servers?

Is there a Linode involved here, somewhere?

No linode (I hope it's OK that I post here anyway, this is a nice forum). And it's not a router.
All network 'routing' is done on layer 2.

It's just for when I only have 1 port available from the switch and I want to connect 2 pc's. And one of those 2 pc's must have priority on everything (the notebook).

You didn't answer the more important questions.

What traffic are you trying to prioritize? Internet traffic from the laptop or your own FTP server traffic from the laptop? or is it just all traffic in general? Where is your network bottleneck (shaping is best done near the bottleneck)

Any traffic from the laptop should be prioritized.

Mmh bottleneck is the router because everything is 100Mbps but the linuxbox and the notebook share one port on the switch so they have to share their 100Mbps.

I wouldn't really consider that a bottleneck and is probably not the source of your bandwidth problem. Can you provide an example of something you want to change? A scenario? Just saying "I want to prioritize the laptop" isn't working for me.

What you're saying is too broad to make sense of.

Well, there isn't any problem until the Linuxbox starts uploading/downloading (at max speed). Then the notebook would only have half of the bandwith left, I don't want that to happen.

So if the Linuxbox is for example sending a 1000MB file via FTP and the notebook wants to do the same at the same time, the notebook should be able to upload faster, at (almost) full speed...