<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-forward-container"><br>
<div class="moz-forward-container"> <b>1. Feature<br>
<br>
</b><b>a)</b> Switch from CBQ traffic shaper to HTB.<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-18245">https://jira.sw.ru/browse/PSBM-18245</a><br>
<br>
<b>b)</b> Added packet rate limitation.<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-17708">https://jira.sw.ru/browse/PSBM-17708</a><br>
<br>
<b>2. Description<br>
<br>
</b><b>a) </b>HTB traffic shaper has following advantages:<br>
<ul>
<li>higher accuracy</li>
<li>does not need bandwidth for interfaces<br>
</li>
</ul>
Therefore we made bandwidth rate optional in vz.conf:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-28834?focusedCommentId=2503775&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2503775">https://jira.sw.ru/browse/PSBM-28834?focusedCommentId=2503775&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2503775</a><br>
<br>
We use BANDWIDTH parameter from vz.conf only to get list of
configured devices. So <br>
BANDWIDTH="eth0 eth1:100000" <br>
is a valid syntax now.<br>
<br>
<br>
<b>b)</b> To prevent e.g. DoS attacks it is not enough to limit
outgoing bandwidth. Despite being limited in bandwidth, we still
can produce a great number of packets. Thus we need to limit
packet rate along with byte rate.<br>
<br>
This feature is implemented using HTB 'mpu' (Minimum packet
unit) param. It makes small packets with size < MPU bytes
consume MPU HTB tokens. Consequently, the maximum allowed packet
rate is <br>
TOTALRATE (bytes) / MPU (bytes/packet).<br>
<br>
We introduce a new <b>optional</b> parameter in vz.conf:<br>
RATEMPU="<dev|*>:<class>[:<mpu>] ..."<br>
<ol>
<li>If <dev>:<class> is not present in RATEMPU, no
packet rate limitation is done for it.</li>
<li>If <mpu> is not present for
<dev>:<class>, then the default MPU (1000) is
used.</li>
</ol>
The default value of 1000 (not e.g. mtu ~ 1500) was chosen
because too high MPU makes configured TOTALRATE unreachable
(TOTALRATE can be reached only with packets of size >= MPU;
such large packets are unusual). The value of 1000 is big enough
to prevent DoS but realistic in terms of packet size.<br>
<br>
To implement this feature we made the following modifications:<br>
<ol>
<li>Added RateMPU integer parameter to NetworkConfig.xsd in
SDK (<b>default: 0 - enabled</b>).<br>
</li>
<li>Added NRM_ENABLED=0, NRM_DISABLED=-1 to PrlEnums.h in SDK.</li>
<li>Added PrlNetworkShapingEntry_Get(Set)RateMPU functions to
PrlApiNet.h in SDK.<br>
</li>
<li>Added RATEMPU param to default config in vzctl, added
entry to 'man 5 vz'.<br>
</li>
<li>Necessary implementation.</li>
</ol>
RATEMPU is enabled by default for every newly created
NetworkShapingEntry. The values 0 and -1 are special, reserved
for constants NRM_ENABLED (use default MPU value) and
NRM_DISABLED (do not limit packet rate for this entry).<br>
<br>
<b>3. Products<br>
<br>
</b>Virtuozzo 7 beta1<br>
<br>
Packages:<br>
<b><br>
</b><b>a) <br>
</b>
<ul>
<li>libvzctl >= 7.0.61<br>
</li>
</ul>
<b>b)</b><br>
<ul>
<li>libprlsdk >= 7.0.20<br>
</li>
<li>prl-disp-service >= 7.0.68<br>
</li>
<li>libvzctl >= 7.0.70<br>
</li>
<li>vzctl >= 7.0.50<br>
</li>
</ul>
<b>4. Testing<br>
<br>
</b>Need to test the following cases:<br>
<b><br>
a)</b><br>
<ul>
<li>Shaper is accurate, even for high rates (~1Gbit/s).<br>
</li>
</ul>
<b>b)</b><br>
<ul>
<li>mpu parameter is used by HTB and shown in "tc -d class
show ..." </li>
<li>packet rate is limited by value of TOTALRATE / RATEMPU.</li>
<li>packet rate limit is enabled for newly-created shaping
entries with default RATEMPU (1000).</li>
<li>packet rate is disabled (if arg == -1) or RATEMPU value is
equal to given value (arg > 0) according to SetRateMPU()
argument.</li>
</ul>
<p><b>5. Known issues<br>
</b></p>
<p>For mpu >= 300, there is some magic in tc, so given mpu
value is split into 'mpu' and 'overhead' parameters. <b><br>
</b></p>
<p>mpu HTB parameter is (was?) ignored in vz7:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-34874">https://jira.sw.ru/browse/PSBM-34874</a><br>
</p>
<p><b>6. What was checked by developer<br>
</b></p>
<p><b>a) </b>Two servers connected with a crossover. Measured
HTB accuracy, got the following results:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-18245?focusedCommentId=2525949&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2525949">https://jira.sw.ru/browse/PSBM-18245?focusedCommentId=2525949&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2525949</a><br>
</p>
<p><b>b) </b>Nothing. See section 5.<br>
</p>
<p><b>7. Feature owner</b><br>
</p>
<b>a) </b><a moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:igor@odin.com">igor@odin.com</a>
<br>
<b>b) </b><a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:mperevedentsev@odin.com">mperevedentsev@odin.com</a><br>
<br>
<pre class="moz-signature" cols="72">--
Sincerely,
Maxim Perevedentsev
</pre>
<br>
</div>
<br>
<br>
</div>
<br>
</body>
</html>