QoS not working (no match?)

Home Page Forums Network Management ZeroShell QoS not working (no match?)

This topic contains 3 replies, has 0 voices, and was last updated by  ingeniado 12 years ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • June 15, 2007 at 1:33 pm #40651

    ingeniado
    Member

    Hello, (great software, Fulvio 😉 ):

    I’ve configured Zeroshell as in the QoS example (Bridge with eth00 and eth01), but only with 3 class (PRIO_IN, P2P_IN. DEFAULT in ETH00 and PRIO_OUT, P2P_OUT, DEFAULT in ETH01).

    LAN 10.20.0.0/16 —- zeroshell 10.20.0.2

    ADSL router 10.20.0.1

    PRIO_IN, PRIO_OUT is traffic for 80 tcp port
    P2P_IN, P2P_OUT is traffic for layer7 Ares and ipp2p.
    DEFAULT, i have no modified it.

    In the statistics page, I can see all the traffic in the DEFAULT class (in eth00 and eth01). No match in other class. 😥

    these are my rules:


    
1 	* 	* 	MARK tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:80 MARK set 0x11 	PRIO_IN 	no
    
2 	* 	* 	MARK tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:80 MARK set 0x10 	PRIO_OUT 	no
    
3 	* 	* 	MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 ipp2p v0.8.2 --kazaa --gnu --edk --dc --bit LAYER7 l7proto ares MARK set 0xf 	P2P_IN 	no
    
4 	* 	* 	MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 ipp2p v0.8.2 --kazaa --gnu --edk --dc --bit LAYER7 l7proto ares MARK set 0xe 	P2P_OUT 	no

    And these the logs generated in “view chain”:

    Chain FORWARD (policy ACCEPT 299K packets, 218M bytes)
    
pkts bytes target     prot opt in     out     source               destination
    
2098  501K MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 MARK set 0x11
    
2098  501K MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 MARK set 0x10
    
23000   17M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore
    
0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK match !0x0
    
0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ipp2p v0.8.2 --kazaa --gnu --edk --dc --bit LAYER7 l7proto ares MARK set 0xf
    
23000   17M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save
    
22998   17M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore
    
0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK match !0x0
    
0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ipp2p v0.8.2 --kazaa --gnu --edk --dc --bit LAYER7 l7proto ares MARK set 0xe
    
22998   17M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save

    what’s wrong?

    thanx in advance.
    Michael.

    June 16, 2007 at 11:05 am #45457

    imported_fulvio
    Participant

    For the PRIO_IN you have to select source port to tcp 80 and not destination one.
    You shouldn’t use the IPP2P filter and Layer 7 filters in the same rule. You must match ares protocol in another rule.

    Regards
    Fllvio

    June 19, 2007 at 11:36 pm #45458

    ingeniado
    Member

    Hello and thanks for the response.

    I’ve re-configured zeroshell and I can see in statistics the outgoing (upload) traffic being shaped correctly. But all the incoming (download) traffic is sending to DEFAULT class. I’ve no idea why 😥

    These are my interfaces:


    
ETH00    100Mb/s Full Duplex
    
Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10)  On
    
This device is member of BRIDGE00 (ETH00,ETH01)
    
QoS Status:Enabled       Max:2Mbit/s       Guaranteed:1500Kbit/s  (Assigned:74%)
    
Class         Description            Priority   Max Bandwidth   Guaranteed  On
    
DEFAULT   Default class for unclassified traffic    Medium
    
P2P_IN     P2P DE ENTRADA                              Low   100Kbit/s
    
PRIO_IN   ENTRADA PRIORITARIA                     High   1Mbit/s

    
ETH01    100Mb/s Full Duplex
    
VIA Technologies, Inc. VT6102 [Rhine-II] (rev 7c)  On
    
This device is member of BRIDGE00 (ETH00,ETH01)
    
QoS Status:Enabled       Max:400Kbit/s       Guaranteed:400Kbit/s  (Assigned:87%)
    
Class          Description            Priority   Max Bandwidth   Guaranteed  On
    
DEFAULT    Default class for unclassified traffic    Medium
    
P2P_OUT    P2P DE SALIDA                                 Low   50Kbit/s
    
PRIO_OUT  SALIDA PRIORITARIA                       High   300Kbit/s

    And this the classifier:


    
1 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 ipp2p v0.8.2 --kazaa --gnu --edk --dc --bit MARK set 0xe  P2P_OUT no
    
2 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto ares MARK set 0xe  P2P_OUT no
    
3 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 ipp2p v0.8.2 --kazaa --gnu --edk --dc --bit MARK set 0xf  P2P_IN no
    
4 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto ares MARK set 0xf  P2P_IN no
    
5 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto http MARK set 0x11  PRIO_IN no
    
6 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto http MARK set 0x10  PRIO_OUT no

    any suggestion?

    thanks in advance.
    Michael.

    June 20, 2007 at 11:35 pm #45459

    ingeniado
    Member

    I have solved it.

    I was using 2 classes for each service (P2P_IN, P2P_OUT, …)
    The solution is to use ONE class for each service (P2P, PRIO, etc) and configure the local parameter of the class in each interface. 😉

    regards.
    Michael.

    June 21, 2007 at 9:49 pm #45460

    imported_fulvio
    Participant

    Ok, the reason is that connection tracking used by the L7 Filter needs to track the connections looking to incoming and outgoing packets.

    Fulvio

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.