I am using complex traffic shaping and marking traffic with MARK 1 through
5.
Then I am using accounting to detect the MARKs and keep counts of each so
that I can see that my traffic shaping is doing what I want.
I am finding that the accounting packet count is often 0 when the
corresponding "shorewall show tc" piority does have a packet count.
Here is my tcclasses:
#INTERFACE MARK RATE CEIL PRIORITY
OPTIONS
#$NET_IF = eth0
$NET_IF 1 400kbit full 1
tos=0x68/0xfc,tos=0xb8/0xfc # voip: N trunks @ 80kbit per trunk : at
least 400kbit for 5 trunks. Here 5% of 10mbit is 500kbit.
$NET_IF 2 full*10/100 full 2
tcp-ack,tos-minimize-delay # interactive traffic
$NET_IF 3 full*10/100 full
3 # vpn traffic (encrypted)
$NET_IF 4 full*60/100 full 4
default # default
$NET_IF 5 full*10/100 full*95/100
5 # backups and other low
priority stuff
Here are my tc and accounting results. Notice how the tc packet count for
priority 3 (which is mark 3) is 23477 whereas the accounting packet count
for mark 3 is 0. Conversely notice how tc packet count for priority 5
(which is mark 5) is 0 whereas the accounting packet count for mark 5 is
17130. The counts for priority 1 pretty closely match the accounting
counts for mark 1.
# shorewall show tc | tail -55 | head -35;shorewall show tc_0 tc_1 tc_2
tc_3 tc_4 tc_5
class htb 1:11 parent 1:1 leaf 2: prio 1 quantum 2000 rate 400000bit ceil
5000Kbit burst 1800b/8 mpu 0b overhead 0b cburst 4Kb/8 mpu 0b overhead 0b
level 0
Sent 7884354 bytes 37911 pkt (dropped 0, overlimits 0 requeues 0)
rate 240bit 0pps backlog 0b 0p requeues 0
lended: 37911 borrowed: 0 giants: 0
tokens: 34720 ctokens: 6458
class htb 1:1 root rate 5000Kbit ceil 5000Kbit burst 4Kb/8 mpu 0b overhead
0b cburst 4Kb/8 mpu 0b overhead 0b level 7
Sent 31397414 bytes 251481 pkt (dropped 0, overlimits 0 requeues 0)
rate 107728bit 71pps backlog 0b 0p requeues 0
lended: 1727 borrowed: 0 giants: 0
tokens: 5959 ctokens: 5959
class htb 1:13 parent 1:1 leaf 4: prio 3 quantum 2500 rate 500000bit ceil
5000Kbit burst 1850b/8 mpu 0b overhead 0b cburst 4Kb/8 mpu 0b overhead 0b
level 0
Sent 7805243 bytes 23477 pkt (dropped 0, overlimits 0 requeues 0)
rate 22088bit 13pps backlog 0b 0p requeues 0
lended: 21781 borrowed: 1696 giants: 0
tokens: 23584 ctokens: 5959
class htb 1:12 parent 1:1 leaf 3: prio 2 quantum 2500 rate 500000bit ceil
5000Kbit burst 1850b/8 mpu 0b overhead 0b cburst 4Kb/8 mpu 0b overhead 0b
level 0
Sent 9658166 bytes 169508 pkt (dropped 0, overlimits 0 requeues 0)
rate 16104bit 33pps backlog 0b 0p requeues 0
lended: 169493 borrowed: 4 giants: 0
tokens: 28064 ctokens: 6407
class htb 1:15 parent 1:1 leaf 6: prio 5 quantum 2500 rate 500000bit ceil
4750Kbit burst 1850b/8 mpu 0b overhead 0b cburst 3974b/8 mpu 0b overhead 0b
level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 29600 ctokens: 6694
class htb 1:14 parent 1:1 leaf 5: prio 4 quantum 15000 rate 3000Kbit ceil
5000Kbit burst 3099b/8 mpu 0b overhead 0b cburst 4Kb/8 mpu 0b overhead 0b
level 0
Sent 6049651 bytes 20585 pkt (dropped 0, overlimits 0 requeues 0)
rate 69296bit 25pps backlog 0b 0p requeues 0
lended: 20558 borrowed: 27 giants: 0
tokens: 8138 ctokens: 6484
Shorewall 4.4.12.1 Chains tc_0 tc_1 tc_2 tc_3 tc_4 tc_5 at
gw-cary.corp.ibcengineering.com - Mon Jan 30 11:10:59 CST 2012
Counters reset Mon Jan 30 10:14:52 CST 2012
Chain tc_0 (2 references)
pkts bytes target prot opt in out source
destination
389K 495M all -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK match 0x0/0xff
213K 21M all -- * eth0 0.0.0.0/0
0.0.0.0/0 MARK match 0x0/0xff
Chain tc_1 (2 references)
pkts bytes target prot opt in out source
destination
0 0 all -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK match 0x1/0xff
37909 7353K all -- * eth0 0.0.0.0/0
0.0.0.0/0 MARK match 0x1/0xff
Chain tc_2 (2 references)
pkts bytes target prot opt in out source
destination
0 0 all -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK match 0x2/0xff
49 8504 all -- * eth0 0.0.0.0/0
0.0.0.0/0 MARK match 0x2/0xff
Chain tc_3 (2 references)
pkts bytes target prot opt in out source
destination
0 0 all -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK match 0x3/0xff
0 0 all -- * eth0 0.0.0.0/0
0.0.0.0/0 MARK match 0x3/0xff
Chain tc_4 (2 references)
pkts bytes target prot opt in out source
destination
0 0 all -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK match 0x4/0xff
0 0 all -- * eth0 0.0.0.0/0
0.0.0.0/0 MARK match 0x4/0xff
Chain tc_5 (2 references)
pkts bytes target prot opt in out source
destination
17130 2652K all -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK match 0x5/0xff
0 0 all -- * eth0 0.0.0.0/0
0.0.0.0/0 MARK match 0x5/0xff
Here are my shorewall capabilities that are lacking:
# shorewall show capabilities|grep Not
Extended Connection Tracking Match Support: Not available
IPP2P Match: Not available
Repeat match: Not available
Extended MARK Target 2: Not available
Time Match: Not available
LOGMARK Target: Not available
IPMARK Target: Not available
Persistent SNAT: Not available
TPROXY Target: Not available
FLOW Classifier: Not available
fwmark route mask: Not available
Do I misunderstand the capabilities of the MARK column in the accounting
table? Or have I misconfigured something?
Thanks for the help.
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
