Join Log in
Score:0
PawelZ avatar Server

linux tc + vlan interface

za flag
PawelZ

This is my tc simple script. It limit bandwidth based on source ip address and use hashing filter based on /24 subnet. This example filter works but only when this example subnet 10.118.0.0/24 is add to physical interface eth1. When I switch this subnet to vlan interface for example eth1.100 traffic limiting stops working properly.

So this scenario work :

(PC 10.118.0.35 eth0) --- (SW) --- (eth1 ip 10.118.0.1 - NAT - eth0) --- INTERNET

But this don't:

(PC 10.118.0.35 eth0) --- (vlan 100 acces - SW - vlan 100 trunk) --- (eth1.100 ip 10.118.0.1 - NAT - eth0) --- INTERNET

#!/bin/bash
#UPLOAD
tc qdisc del root dev ifb1

tc qdisc add dev eth1 handle ffff: ingress
tc filter add dev eth1 parent ffff: u32 match u32 0 0 action mirred egress redirect dev ifb1

tc qdisc add dev ifb1 root handle 1: prio bands 2 priomap 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
tc qdisc add dev ifb1 parent 1:1 handle 10: sfq
tc filter add dev ifb1 parent 1:0 protocol ip prio 1 u32 match ip dst 10.90.0.0/16 flowid 1:1

tc qdisc add dev ifb1 parent 1:2 handle 20:0 htb

tc class add dev ifb1 parent 20:0 classid 20:1 htb rate 1024000kbit ceil 1024000kbit
tc class add dev ifb1 parent 20:1 classid 20:100 htb rate 51200kbit ceil 204800kbit

tc qdisc add dev ifb1 parent 20:100 sfq
tc class add dev ifb1 parent 20:1 classid 20:110 htb rate 972800kbit ceil 1013760kbit

tc filter add dev ifb1 parent 20:0 prio 1 handle 11: protocol ip u32 divisor 256
tc filter add dev ifb1 protocol ip parent 20:0 prio 5 u32 ht 800:: match ip src 10.118.0.0/24 hashkey mask 0x000000ff at 12 link 11:

tc class add dev ifb1 parent 20:110 classid 20:03E8 htb rate 1024kbit ceil 1024kbit
tc qdisc add dev ifb1 parent 20:03E8 handle 03E8 cake diffserv4 
tc filter add dev ifb1 protocol ip parent 20:0 prio 200 u32 ht 11:23: match ip src 10.118.0.35 flowid 20:03E8

#DOWNLOAD
tc qdisc del root dev eth1

tc qdisc add dev eth1 root handle 1: prio bands 2 priomap 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
tc qdisc add dev eth1 parent 1:1 handle 10: sfq
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 10.90.0.0/16 flowid 1:1

#qdisc add dev eth1 parent 1:2 handle 20:0 hfsc default 100
tc qdisc add dev eth1 parent 1:2 handle 20:0 htb

tc class add dev eth1 parent 20:0 classid 20:1 htb rate 1024000kbit ceil 1024000kbit
tc class add dev eth1 parent 20:1 classid 20:100 htb rate 51200kbit ceil 204800kbit

tc qdisc add dev eth1 parent 20:100 sfq
tc class add dev eth1 parent 20:1 classid 20:110 htb rate 972800kbit ceil 1013760kbit

tc filter add dev eth1 parent 20:0 prio 1 handle 11: protocol ip u32 divisor 256
tc filter add dev eth1 protocol ip parent 20:0 prio 5 u32 ht 800:: match ip dst 10.118.0.0/24 hashkey mask 0x000000ff at 16 link 11:

tc class add dev eth1 parent 20:110 classid 20:03E8 htb rate 1024kbit ceil 1024kbit
tc qdisc add dev eth1 parent 20:03E8 handle 03E8 cake diffserv4
tc filter add dev eth1 protocol ip parent 20:0 prio 200 u32 ht 11:23: match ip dst 10.118.0.35 flowid 20:03E8

Anyone know how this should look for vlan interface or is possible to run tc on vlan ? During my search tc + vlan I was able only find tc filter based on vlan number but in this scenario this is not the case.

206
1 + 2
tc
setenforce 1 avatar
us flag
setenforce 1
How did you test? Did you replace eth1 with eth1.100 in your script, or did you keep this script with eth1?
0
Reply
PawelZ avatar
za flag
PawelZ
First I try to replace eth1 with eth1.100 but this don't work. Then I left eth1 but this doesn't work either.
0
Reply
Score:0
PawelZ avatar Server
za flag
PawelZ

If someone else need this is solution:

#!/bin/bash
tc qdisc del root dev eth1.118

tc qdisc add dev eth1.118 root handle 1: prio bands 2 priomap 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
tc qdisc add dev eth1.118 parent 1:1 handle 10: cake diffserv4 #esfq hash src perturb 10
tc filter add dev eth1.118 parent 1:0 protocol ip prio 1 u32 match ip dst 10.90.0.0/16 flowid 1:1
tc qdisc add dev eth1.118 parent 1:2 handle 20:0 hfsc default 100
tc class add dev eth1.118 parent 20:0 classid 20:1 hfsc ls m2 1024000kbit ul m2 1024000kbit
tc class add dev eth1.118 parent 20:1 classid 20:100 hfsc ls m2 51200kbit ul m2 204800kbit
tc qdisc add dev eth1.118 parent 20:100 cake diffserv4 #esfq hash src perturb 5
tc class add dev eth1.118 parent 20:1 classid 20:110 hfsc ls m2 972800kbit ul m2 1013760kbit

tc filter add dev eth1.118 parent 20:0 prio 1 handle 11: protocol ip u32 divisor 256
tc filter add dev eth1.118 protocol ip parent 20:0 prio 5 u32 ht 800:: match ip dst 10.118.0.0/24 hashkey mask 0x000000ff at 16 link 11:

# ip=10.118.0.35 qdiscNo=1000 createQdisc=1 multiESFQ=0
tc class add dev eth1.118 parent 20:110 classid 20:03E8 hfsc ls m1 1024kbit d 2000ms m2 512kbit ul m1 2048kbit d 2000ms m2 1024kbit
tc qdisc add dev eth1.118 parent 20:03E8 handle 03E8 cake diffserv4 #sfq perturb 15
tc filter add dev eth1.118 protocol ip parent 20:0 prio 200 u32 ht 11:23: match ip dst 10.118.0.35 flowid 20:03E8


tc qdisc del dev eth1.118 handle ffff: ingress
tc qdisc del root dev ifb0
tc qdisc add dev eth1.118 handle ffff: ingress
tc filter add dev eth1.118 parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev ifb0

tc qdisc add dev ifb0 root handle 1: prio bands 2 priomap 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
tc qdisc add dev ifb0 parent 1:1 handle 10: cake diffserv4 #esfq hash src perturb 10
tc filter add dev ifb0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.90.0.0/16 flowid 1:1
tc qdisc add dev ifb0 parent 1:2 handle 20:0 hfsc default 100
tc class add dev ifb0 parent 20:0 classid 20:1 hfsc ls m2 1024000kbit ul m2 1024000kbit
tc class add dev ifb0 parent 20:1 classid 20:100 hfsc ls m2 51200kbit ul m2 204800kbit
tc qdisc add dev ifb0 parent 20:100 cake diffserv4 #esfq hash src perturb 5
tc class add dev ifb0 parent 20:1 classid 20:110 hfsc ls m2 972800kbit ul m2 1013760kbit

tc filter add dev ifb0 parent 20:0 prio 1 handle 11: protocol ip u32 divisor 256
tc filter add dev ifb0 protocol ip parent 20:0 prio 5 u32 ht 800:: match ip src 10.118.0.0/24 hashkey mask 0x000000ff at 12 link 11:

# ip=10.118.0.35 qdiscNo=1000 createQdisc=1 multiESFQ=0
tc class add dev ifb0 parent 20:110 classid 20:03E8 hfsc ls m1 1024kbit d 2000ms m2 512kbit ul m1 2048kbit d 2000ms m2 1024kbit
tc qdisc add dev ifb0 parent 20:03E8 handle 03E8 cake diffserv4 #sfq perturb 15
tc filter add dev ifb0 protocol ip parent 20:0 prio 200 u32 ht 11:23: match ip src 10.118.0.35 flowid 20:03E8

The key is "hashkey mask 0x000000ff at 16" in one interface and "hashkey mask 0x000000ff at 12" on second one. I don't know why this working but it works. Can someone explain why this option must be set on 12 and 16 ?

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.