![\includegraphics[scale=0.2]{htbtree.eps}](img1.png)
|
Nikolaj Fogh
October 3, 2004
The p2pshaper is a script, using patches to the linux kernel made by Martin Devera. Namely the HTB packet scheduler, and the connbytes netfilter patch.
Its main purpose is to be installed on the primary gateway on a medium sized network (100 users) and a non-broadband connection (ADSL). Normally, the amount of peer-to-peer traffic on such networks, will make it impossible to surf, not to mention doing interactive traffic (ssh). The normal action is to shut down p2p traffic totally, and set up the net, so that Internet connection is only possible through a proxy. This breaks many useful programs. And not all p2p traffic is evil.
Normally, one would mark packets coming to a specific port (emule ports) to be of a lower priority than packets to other ports. This used to be a good solution. But now, there exist a huge number of p2p clients, eact with different port ranges, and also, some programs are able to change the ports. Normally the Internet newsgroup port should have a high priority. But binary newsgroups are sometimes used for massive downloads, which will use up all bandwidth. Better packet markers are needed.
As http pages normally are in the range of 1-20kb, the text of the page (which is the most important part) will load faster than the large images. p2p connections usually exceed 1MB of bytes downloaded, so they will have a very low priority.
It is still possible to classify packets on a port-by-port basis. But it only says where the connection priority will start. If it downloads more than the band allows, it will be moved, thus giving the binary newsgroup downloads lower priority.
Also, to improve interactive traffic, all packets under a certain size are forced into the interactive band. This allows ssh traffic, that normally uses small packets, to have decent interactivity while there are many downloads.
Last, it is possible to give packets coming from certain hosts full priority all the time.
To use these scripts, you need to get the following packages. Some of them are in the patches subdirectory. If you want newer files, or just want to download them yourself, here are the links. Some of the packages are not needed because they are included in newer kernels:
You will need the kernel source tree to include some features needed by these scripts. If you have never configured and compiled a kernel before, contact your local linux guru, or google for it.
http://www.kernel.org
p2pshaper relies a very efficient classful queueing discipline known as Hierachial Token Bucket. You will need to patch your kernel with this patch to get this supported. As of kernel 2.4.20, HTB support is included in the kernel source tree as default. If you have kernel 2.4.20 or newer, there is no need to download this patch.
http://luxik.cdi.cz/ devik/qos/htb/
Connbytes is needed to classify packages with iptables.
http://luxik.cdi.cz/ devik/connbytes/
You will need to download and patch the sources for iproute2, so you can use HTB. Newer versions of iproute2 includes htb support. If you download one of these versions, you don't need to patch.
source: ftp://ftp.inr.ac.ru/ip-routing/
patch: http://luxik.cdi.cz/ devik/qos/htb/
You will also need the iptables source, so you can patch it with connbytes support.
http://luxik.cdi.cz/ devik/connbytes/
http://www.netfilter.org
Untar your kernel source to a directory:
$ tar xjvf linux-2.4.18.tar.bz2
Unpack the connbytes and htb kernel patches to the linux kernel source tree, and patch using these commands
$ cd /usr/src/linux $ patch -Np1 -i connbytes_1.0_kern_2.4.17.diff $ patch -Np1 -i htb2_2.4.17.diff
Now configure your kernel as normal, and be sure to add the following as either modules or built-in under the menu "Networking options":
IP: Netfilter Configuration -> Connection byte counter support QoS and/or fair queueing HTB packet sceduler
Now, compile and install your kernel and modules
Untar the iproute2 source
$ tar xzjf iproute2-2.2.4-now-ss991023.tar.gz
Patch the iproute2 source
$ cd iproute2 $ patch -Np1 -i htb2_tc.diff
Compile the source
$ make
If you have problems compiling the source, deviks page includes a precompiled binary.
Untar the iptables source
$ tar xjvf iptables-1.2.4.tar.bz2
Patch the source
$ cd iptables-1.2.4 $ patch -Np1 -i connbytes_1.0_ipt_1.2.4.diff
NOTE: In some sources, the extensions/libipt_iplimit.c file is broken. You will need to erase line 116 in it - It contains an extra static. gcc will complain about this if you try to compile it.
Compile the source
$ make
Untar the source
$ tar xzvf p2pshaper_v1.0.tar.bz2
Install p2pshaper using the install.sh script.
$ cd p2pshaper_v1.0 $ ./install.sh
p2pshaper is configured in the /etc/p2pshaper/p2pshaper.conf file. In this file, some things are needed to make p2pshaper work properly. This includes
You can check the configuration file itself for specific syntax.
There are some other configuration options that will enable you to tweak the settings of the p2pshaper to fit your needs. These are
Again, all this is documented in the configuration file itself.
To run p2pshaper, you simply need to run /usr/sbin/p2pshaper.
Note. The p2pshaper nukes all the rules in the mangle table, be sure to check if you have any rules in this table you need to include.
Get the ipp2p package from
http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html
Follow the install instructions given in the package to install ipp2p.
Edit the p2pshaper configuration and change the line
has_ipp2p="no" to has_ipp2p="yes".
Get the l7-filter package from
http://l7-filter.sourceforge.net/
Patch your kernel and iptables. Because of the connbytes patch, it can be a bit tricky, so probably you need to alter the kernel source yourself, to make the patch apply.
Compile, and install.
Edit the p2pshaper configuration and change the line
has_l7="no" to has_l7="yes"
p2pshaper defines 9 priority ``bands'', that traffic is divided into.
The packets are positioned in the bands on a port-by-port basis, if the port is not classified, thef will be put in the Bulk traffic band.
As described in section 2, the packets will change band, if they transfer more traffic than the band allows. The settings can be set in the configuration file. Currently, the defaults are the ones that can be seen on table 1.
If a connection to port 119 (news) are set in the Surf,irc and IM band. It will stay there, until it has downloaded more than 250 KBs of data. Then it will be moved to the Email and news band, until it has downloaded more than 1 MB of data, and so on. Quite simple.
The problem with ssh connections is, that they normally take a lot of time. They don't transfer much data. But given time, they end up in a low priority band. Luckily, ssh packets are normally very small. p2pshaper enables you to force packets under a certain size to go in the interactive traffic band. If you cat a very large file, then even the ssh packets get large, so the above rules apply again. Therefore it is not possible to totally circumvent the p2pshaper just by using ssh.
This gives a bit of in-depth information about how the p2pshaper actually does its work. It is a bit technical, but essential if you want to do some p2pshaper hacking.
The p2pshaper script creates a htb tree that can be seen on figure 1.
The root qdisc is divided into two classes, that are allowed to borrow bandwidth from each other, SPEED_MAX and UPLINK. SPEED_MAX has no traffic limiter, so it can use all the bandwidth the interface has to offer. UPLINK is shaped to a predefined rate. Usually a few percent under the actual bandwidth of the interface.
The interresting part, is the 9 classes UPLINK is divided into. As with SPEED_MAX and UPLINK, they are able to borrow from each other, if the other classes arent using the bandwidth allocated to them.
As can be seen on figure 1, the upper classes, have a higher priority than the lower classes, so they will be able to send traffic first. When they are empty, the other classes will be able to send data.
The special band 0 is like the interactive band 1, but is shaped, so it doesnt take up all the available bandwidth. This band is used for local service ports, and special hosts.
The special band 8 is for very low priority traffic. It has a lower priority than ``downloads 4'' and is also further shaped. It is intended for use with special packet markers. (ipp2p and l7filter)
This document was generated using the LaTeX2HTML translator Version 2002-2 (1.70)
Copyright © 1993, 1994, 1995, 1996,
Nikos Drakos,
Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999,
Ross Moore,
Mathematics Department, Macquarie University, Sydney.
The command line arguments were:
latex2html -split 0 p2pshaper.tex
The translation was initiated by on 2004-10-03