-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/09/2017 05:24 AM, Jacob W. Hiltz wrote: > I am having issues configuring QoS. > > I’ve followed the guide for QoS and also made the changes suggested > in FAQ 97a, but still cannot seem to get a working configuration. > > I had requested an example configuration here before and Tom had > provided, but QoS did not work and I had given up at the time. I am > thinking that perhaps there is something about my environment that > is causing issues. > > Here is a copy of the configuration used in an attempt to apply QoS > on port 8080 outbound from one of my LAN/VLAN networks (passing > through Shorewall) > > eth1 is WAN and bond0.100-500 are my VLAN interfaces. There are no > rules applied to VLAN interfaces. > > /etc/shorewall/mangle > > DIVERTHA - - tcp MANGLE(1) 0.0.0.0/0 > 0.0.0.0/0 tcp - 8080 > MANGLE(1) 0.0.0.0/0 0.0.0.0/0 tcp 8080 - > > /etc/shorewall/tcclasses > > eth1 1 10kbit 100kbit 1 eth1 2 10kbit full 2 > default > > /etc/shorewall/tcdevices > > eth1 80mbit 20mbit > > This configuration does not appear to limit traffic at all. > > If I change the tcdevices to: > > eth1 - 20mbit > > the traffic is limited far below the rules set in tcclasses which I > presumed would be fixed by FAQ 97a. > > Environment: > > Two physical systems (Intel SR15030AHLX) using > keepalived/conntrackd in a failover configuration Shorewall Version > 5.0.15.2 Each server runs HAProxy 1.7. I am using the DIVERTA > patch. There are a group of 40 VLANS on each server. Each VLAN has > restricted communications, but a central file server is accessed > from a number of these interfaces so traffic is passed through the > Shorewall server when accessing files. Interfaces are bonded in an > active-backup configuration on the LAN. There is a 10GB Mellanox > network card bonded with an Intel 82573E.
I will need to see the output of 'shorewall dump' to have any idea about what the problem is. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJY7NUoAAoJEJbms/JCOk0QkeYP/Av2vBNoQnskSw/ligsrALhh BPc2aEVZInLFbptdyFle3IuVp3qZC9y+yXqSSEO4WudHRnJW3opRadhXDw4b6DYC DJ8WTkAB9DUvNuApibyz0ogPjS2itoLiyHk+56xYXcXnQAHpdcKZILyZVyUDFHif NcvsPo1JgPSqT74QFiYuA9qG7BZYoYzensJeKjC96pzA7OzrvOcC/yQGFaUAQ7Tj ytfXU2n/Ea+SXltB2pPfh9FJgBp4CsBNDYmyeQkzAufz3xr6+/qHQWiWOtKWiP/F 8JIMUSsx3/NIaY4LnmCHCfpj0PRJSBzbgI5xLIILLcXDejyEKZHqQxsmSklB3OSB 73ER+bajIJ3ZMpKI4NLzpLuUMJXyVZkNxcL/LNwxmpMr0IjdJB2JYz8Fl9cVSr0e zvi9sLrtzXCD+4aqGU79u6Yv1NDHK6q4qcZr+/RfcnP4KOMrEC9HCQ+1ZIDbtybK k9qvevjAV7vW2nrOHHtWubgMvZxsUU5KaM3gYoME3A0EWnlCaheLS0yk8B9EnRl4 oxuCpdDF5ZpC6fzEfm9zgnsMaj7gWFKaVODU/UD9PJMX7cLt/6M6AbXmXYhzSQ0Q Ud3twUx76J1SSI86rEH5F+dWTR0YvNgy/DBAc4RqVQDTCjG8c+o6bXX8aIxB0rYV 6ERjLRFpuXHDhBB0YszA =I9JC -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
