Jacob W. Hiltz
2017-04-09 12:24:00 UTC
I am having issues configuring QoS.
I’ve followed the guide for QoS and also made the changes suggested in FAQ 97a, but still cannot seem to get a working configuration.
I had requested an example configuration here before and Tom had provided, but QoS did not work and I had given up at the time. I am thinking that perhaps there is something about my environment that is causing issues.
Here is a copy of the configuration used in an attempt to apply QoS on port 8080 outbound from one of my LAN/VLAN networks (passing through Shorewall)
eth1 is WAN and bond0.100-500 are my VLAN interfaces. There are no rules applied to VLAN interfaces.
/etc/shorewall/mangle
DIVERTHA - - tcp
MANGLE(1) 0.0.0.0/0 0.0.0.0/0 tcp - 8080
MANGLE(1) 0.0.0.0/0 0.0.0.0/0 tcp 8080 -
/etc/shorewall/tcclasses
eth1 1 10kbit 100kbit 1
eth1 2 10kbit full 2 default
/etc/shorewall/tcdevices
eth1 80mbit 20mbit
This configuration does not appear to limit traffic at all.
If I change the tcdevices to:
eth1 - 20mbit
the traffic is limited far below the rules set in tcclasses which I presumed would be fixed by FAQ 97a.
Environment:
Two physical systems (Intel SR15030AHLX) using keepalived/conntrackd in a failover configuration
Shorewall Version 5.0.15.2
Each server runs HAProxy 1.7. I am using the DIVERTA patch.
There are a group of 40 VLANS on each server. Each VLAN has restricted communications, but a central file server is accessed from a number of these interfaces so traffic is passed through the Shorewall server when accessing files.
Interfaces are bonded in an active-backup configuration on the LAN. There is a 10GB Mellanox network card bonded with an Intel 82573E.
I’ve followed the guide for QoS and also made the changes suggested in FAQ 97a, but still cannot seem to get a working configuration.
I had requested an example configuration here before and Tom had provided, but QoS did not work and I had given up at the time. I am thinking that perhaps there is something about my environment that is causing issues.
Here is a copy of the configuration used in an attempt to apply QoS on port 8080 outbound from one of my LAN/VLAN networks (passing through Shorewall)
eth1 is WAN and bond0.100-500 are my VLAN interfaces. There are no rules applied to VLAN interfaces.
/etc/shorewall/mangle
DIVERTHA - - tcp
MANGLE(1) 0.0.0.0/0 0.0.0.0/0 tcp - 8080
MANGLE(1) 0.0.0.0/0 0.0.0.0/0 tcp 8080 -
/etc/shorewall/tcclasses
eth1 1 10kbit 100kbit 1
eth1 2 10kbit full 2 default
/etc/shorewall/tcdevices
eth1 80mbit 20mbit
This configuration does not appear to limit traffic at all.
If I change the tcdevices to:
eth1 - 20mbit
the traffic is limited far below the rules set in tcclasses which I presumed would be fixed by FAQ 97a.
Environment:
Two physical systems (Intel SR15030AHLX) using keepalived/conntrackd in a failover configuration
Shorewall Version 5.0.15.2
Each server runs HAProxy 1.7. I am using the DIVERTA patch.
There are a group of 40 VLANS on each server. Each VLAN has restricted communications, but a central file server is accessed from a number of these interfaces so traffic is passed through the Shorewall server when accessing files.
Interfaces are bonded in an active-backup configuration on the LAN. There is a 10GB Mellanox network card bonded with an Intel 82573E.