<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
btw, domain jira.sw.ru has no A/CNAME records in dns now and all
links are not accessable.<br>
<br>
<div class="moz-cite-prefix">20.07.2015 21:54, Maxim Perevedentsev
пишет:<br>
</div>
<blockquote cite="mid:55AD27DA.3050202@parallels.com" type="cite">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<br>
<div class="moz-forward-container"><br>
<div class="moz-forward-container"> <b>1. Feature<br>
<br>
</b><b>a)</b> Switch from CBQ traffic shaper to HTB.<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-18245">https://jira.sw.ru/browse/PSBM-18245</a><br>
<br>
<b>b)</b> Added packet rate limitation.<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-17708">https://jira.sw.ru/browse/PSBM-17708</a><br>
<br>
<b>2. Description<br>
<br>
</b><b>a) </b>HTB traffic shaper has following advantages:<br>
<ul>
<li>higher accuracy</li>
<li>does not need bandwidth for interfaces<br>
</li>
</ul>
Therefore we made bandwidth rate optional in vz.conf:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-28834?focusedCommentId=2503775&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2503775">https://jira.sw.ru/browse/PSBM-28834?focusedCommentId=2503775&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2503775</a><br>
<br>
We use BANDWIDTH parameter from vz.conf only to get list of
configured devices. So <br>
BANDWIDTH="eth0 eth1:100000" <br>
is a valid syntax now.<br>
<br>
<br>
<b>b)</b> To prevent e.g. DoS attacks it is not enough to
limit outgoing bandwidth. Despite being limited in bandwidth,
we still can produce a great number of packets. Thus we need
to limit packet rate along with byte rate.<br>
<br>
This feature is implemented using HTB 'mpu' (Minimum packet
unit) param. It makes small packets with size < MPU bytes
consume MPU HTB tokens. Consequently, the maximum allowed
packet rate is <br>
TOTALRATE (bytes) / MPU (bytes/packet).<br>
<br>
We introduce a new <b>optional</b> parameter in vz.conf:<br>
RATEMPU="<dev|*>:<class>[:<mpu>] ..."<br>
<ol>
<li>If <dev>:<class> is not present in RATEMPU,
no packet rate limitation is done for it.</li>
<li>If <mpu> is not present for
<dev>:<class>, then the default MPU (1000) is
used.</li>
</ol>
The default value of 1000 (not e.g. mtu ~ 1500) was chosen
because too high MPU makes configured TOTALRATE unreachable
(TOTALRATE can be reached only with packets of size >= MPU;
such large packets are unusual). The value of 1000 is big
enough to prevent DoS but realistic in terms of packet size.<br>
<br>
To implement this feature we made the following modifications:<br>
<ol>
<li>Added RateMPU integer parameter to NetworkConfig.xsd in
SDK (<b>default: 0 - enabled</b>).<br>
</li>
<li>Added NRM_ENABLED=0, NRM_DISABLED=-1 to PrlEnums.h in
SDK.</li>
<li>Added PrlNetworkShapingEntry_Get(Set)RateMPU functions
to PrlApiNet.h in SDK.<br>
</li>
<li>Added RATEMPU param to default config in vzctl, added
entry to 'man 5 vz'.<br>
</li>
<li>Necessary implementation.</li>
</ol>
RATEMPU is enabled by default for every newly created
NetworkShapingEntry. The values 0 and -1 are special, reserved
for constants NRM_ENABLED (use default MPU value) and
NRM_DISABLED (do not limit packet rate for this entry).<br>
<br>
<b>3. Products<br>
<br>
</b>Virtuozzo 7 beta1<br>
<br>
Packages:<br>
<b><br>
</b><b>a) <br>
</b>
<ul>
<li>libvzctl >= 7.0.61<br>
</li>
</ul>
<b>b)</b><br>
<ul>
<li>libprlsdk >= 7.0.20<br>
</li>
<li>prl-disp-service >= 7.0.68<br>
</li>
<li>libvzctl >= 7.0.70<br>
</li>
<li>vzctl >= 7.0.50<br>
</li>
</ul>
<b>4. Testing<br>
<br>
</b>Need to test the following cases:<br>
<b><br>
a)</b><br>
<ul>
<li>Shaper is accurate, even for high rates (~1Gbit/s).<br>
</li>
</ul>
<b>b)</b><br>
<ul>
<li>mpu parameter is used by HTB and shown in "tc -d class
show ..." </li>
<li>packet rate is limited by value of TOTALRATE / RATEMPU.</li>
<li>packet rate limit is enabled for newly-created shaping
entries with default RATEMPU (1000).</li>
<li>packet rate is disabled (if arg == -1) or RATEMPU value
is equal to given value (arg > 0) according to
SetRateMPU() argument.</li>
</ul>
<p><b>5. Known issues<br>
</b></p>
<p>For mpu >= 300, there is some magic in tc, so given mpu
value is split into 'mpu' and 'overhead' parameters. <b><br>
</b></p>
<p>mpu HTB parameter is (was?) ignored in vz7:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-34874">https://jira.sw.ru/browse/PSBM-34874</a><br>
</p>
<p><b>6. What was checked by developer<br>
</b></p>
<p><b>a) </b>Two servers connected with a crossover. Measured
HTB accuracy, got the following results:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://jira.sw.ru/browse/PSBM-18245?focusedCommentId=2525949&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2525949">https://jira.sw.ru/browse/PSBM-18245?focusedCommentId=2525949&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2525949</a><br>
</p>
<p><b>b) </b>Nothing. See section 5.<br>
</p>
<p><b>7. Feature owner</b><br>
</p>
<b>a) </b><a moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:igor@odin.com">igor@odin.com</a>
<br>
<b>b) </b><a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:mperevedentsev@odin.com">mperevedentsev@odin.com</a><br>
<br>
<pre class="moz-signature" cols="72">--
Sincerely,
Maxim Perevedentsev
</pre>
<br>
</div>
<br>
<br>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@openvz.org">Users@openvz.org</a>
<a class="moz-txt-link-freetext" href="https://lists.openvz.org/mailman/listinfo/users">https://lists.openvz.org/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Best Regards,
Nick Knutov
<a class="moz-txt-link-freetext" href="http://knutov.com">http://knutov.com</a>
ICQ: 272873706
Voice: +7-904-84-23-130 </pre>
</body>
</html>