iproute2/doc/actions/ifb-README
<<
>>
Prefs 
   1
   2IFB is intended to replace IMQ.
   3Advantage over current IMQ; cleaner in particular in in SMP;
   4with a _lot_ less code.
   5
   6Known IMQ/IFB USES
   7------------------
   8
   9As far as i know the reasons listed below is why people use IMQ.
  10It would be nice to know of anything else that i missed.
  11
  121) qdiscs/policies that are per device as opposed to system wide.
  13IFB allows for sharing.
  14
  152) Allows for queueing incoming traffic for shaping instead of
  16dropping. I am not aware of any study that shows policing is
  17worse than shaping in achieving the end goal of rate control.
  18I would be interested if anyone is experimenting.
  19
  203) Very interesting use: if you are serving p2p you may want to give
  21preference to your own locally originated traffic (when responses come back)
  22vs someone using your system to do bittorent. So QoSing based on state
  23comes in as the solution. What people did to achieve this was stick
  24the IMQ somewhere prelocal hook.
  25I think this is a pretty neat feature to have in Linux in general.
  26(i.e not just for IMQ).
  27But i won't go back to putting netfilter hooks in the device to satisfy
  28this.  I also don't think its worth it hacking ifb some more to be
  29aware of say L3 info and play ip rule tricks to achieve this.
  30--> Instead the plan is to have a conntrack related action. This action will
  31selectively either query/create conntrack state on incoming packets.
  32Packets could then be redirected to ifb based on what happens -> eg
  33on incoming packets; if we find they are of known state we could send to
  34a different queue than one which didn't have existing state. This
  35all however is dependent on whatever rules the admin enters.
  36
  37At the moment this 3rd function does not exist yet. I have decided that
  38instead of sitting on the patch for another year, to release it and then
  39if there is pressure i will add this feature.
  40
  41An example, to provide functionality that most people use IMQ for below:
  42
  43--------
  44export TC="/sbin/tc"
  45
  46$TC qdisc add dev ifb0 root handle 1: prio
  47$TC qdisc add dev ifb0 parent 1:1 handle 10: sfq
  48$TC qdisc add dev ifb0 parent 1:2 handle 20: tbf rate 20kbit buffer 1600 limit 3000
  49$TC qdisc add dev ifb0 parent 1:3 handle 30: sfq
  50$TC filter add dev ifb0 protocol ip pref 1 parent 1: handle 1 fw classid 1:1
  51$TC filter add dev ifb0 protocol ip pref 2 parent 1: handle 2 fw classid 1:2
  52
  53ifconfig ifb0 up
  54
  55$TC qdisc add dev eth0 ingress
  56
  57# redirect all IP packets arriving in eth0 to ifb0
  58# use mark 1 --> puts them onto class 1:1
  59$TC filter add dev eth0 parent ffff: protocol ip prio 10 u32 \
  60match u32 0 0 flowid 1:1 \
  61action ipt -j MARK --set-mark 1 \
  62action mirred egress redirect dev ifb0
  63
  64--------
  65
  66
  67Run A Little test:
  68
  69from another machine ping so that you have packets going into the box:
  70-----
  71[root@jzny action-tests]# ping 10.22
  72PING 10.22 (10.0.0.22): 56 data bytes
  7364 bytes from 10.0.0.22: icmp_seq=0 ttl=64 time=2.8 ms
  7464 bytes from 10.0.0.22: icmp_seq=1 ttl=64 time=0.6 ms
  7564 bytes from 10.0.0.22: icmp_seq=2 ttl=64 time=0.6 ms
  76
  77--- 10.22 ping statistics ---
  783 packets transmitted, 3 packets received, 0% packet loss
  79round-trip min/avg/max = 0.6/1.3/2.8 ms
  80[root@jzny action-tests]#
  81-----
  82Now look at some stats:
  83
  84---
  85[root@jmandrake]:~# $TC -s filter show parent ffff: dev eth0
  86filter protocol ip pref 10 u32
  87filter protocol ip pref 10 u32 fh 800: ht divisor 1
  88filter protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
  89  match 00000000/00000000 at 0
  90        action order 1: tablename: mangle  hook: NF_IP_PRE_ROUTING
  91        target MARK set 0x1
  92        index 1 ref 1 bind 1 installed 4195sec  used 27sec
  93         Sent 252 bytes 3 pkts (dropped 0, overlimits 0)
  94
  95        action order 2: mirred (Egress Redirect to device ifb0) stolen
  96        index 1 ref 1 bind 1 installed 165 sec used 27 sec
  97         Sent 252 bytes 3 pkts (dropped 0, overlimits 0)
  98
  99[root@jmandrake]:~# $TC -s qdisc
 100qdisc sfq 30: dev ifb0 limit 128p quantum 1514b
 101 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 102qdisc tbf 20: dev ifb0 rate 20Kbit burst 1575b lat 2147.5s
 103 Sent 210 bytes 3 pkts (dropped 0, overlimits 0)
 104qdisc sfq 10: dev ifb0 limit 128p quantum 1514b
 105 Sent 294 bytes 3 pkts (dropped 0, overlimits 0)
 106qdisc prio 1: dev ifb0 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 107 Sent 504 bytes 6 pkts (dropped 0, overlimits 0)
 108qdisc ingress ffff: dev eth0 ----------------
 109 Sent 308 bytes 5 pkts (dropped 0, overlimits 0)
 110
 111[root@jmandrake]:~# ifconfig ifb0
 112ifb0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
 113          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
 114          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
 115          RX packets:6 errors:0 dropped:3 overruns:0 frame:0
 116          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
 117          collisions:0 txqueuelen:32
 118          RX bytes:504 (504.0 b)  TX bytes:252 (252.0 b)
 119-----
 120
 121You send it any packet not originating from the actions it will drop them.
 122[In this case the three dropped packets were ipv6 ndisc].
 123
 124cheers,
 125jamal
 126
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.