khodor/documentation
0
0
Fork 0
forked from spinesystemspublic/documentation
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add docs for shaper

Browse Source 
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
This commit is contained in:
Denys Fedoryshchenko
2024-06-11 08:37:28 +03:00
parent 0625d7fda3
commit 782eb80d85
2 changed files with 223 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
PPPOE_shaper.md
+181
View File
@@ -195,3 +195,184 @@ If you execute command several times, take attention on counters, for example if
traffic is being "buffered", so user use all speed for this class.<br>
If counter in dropped is not zero, it means that user is sending more traffic than allowed by class and packets are dropped.<br>
And sure you can match rate and ceil, which match cir and burst values.<br>
# burst2d config.json options
## Example config.json
```json
{
"defaultservice": "#default",
"traffic_classes": {
"fna" : { "classid": 10, "parent": 1, "qdisc": "pie limit 100 target 10ms" },
"ggc" : { "classid": 11, "parent": 1, "qdisc": "pfifo limit 100" },
"bypass" : { "classid": 12, "parent": 0, "qdisc": "pie limit 100 target 10ms" },
"default" : { "classid": 2, "parent": 1, "qdisc": "pie limit 100 target 100ms" }
},
"traffic_filters": {
"fna" : { "prio": 10, "classid": 10, "criteria": "u32 match ip src 185.22.34.0/24" },
"ggc" : { "prio": 10, "classid": 11, "criteria": "u32 match ip src 91.240.80.224/27" },
"ping" : { "prio": 5, "classid": 12, "criteria": "u32 match ip protocol 1 0xff" },
"dns" : { "prio": 5, "classid": 12, "criteria": "u32 match ip protocol 17 0xff match ip sport 53 0xffff" },
"proxy" : { "prio": 6, "classid": 12, "criteria": "handle 1 fw" },
"default" : { "prio": 200, "classid": 2, "criteria": "u32 match u32 0 0" }
},
"classifiers": {
"fuped": { "speed": "<512", "setservice": "#fuped", "decision": "final" },
"bigvip": { "speed": ">100000", "tag":"vip", "setservice": "#plainflat" },
"big": { "speed": ">100000", "setservice": "#plainflat", "decision": "final" },
"eveningshapedfna": { "timerange":"17-24", "setservice": "#default" },
"noshapedfna": { "timerange":"0-17", "setservice": "#defaultnofnashape" }
},
"services": {
"#default" : {
"activate_classes": ["fna", "ggc", "bypass", "default"],
"cir_classes": ["%25", "10000", "10000", "%1"],
"burst_classes": ["%50", "10000", "10000", "%100"],
"modifiers_classes": ["", "pfifo limit 1000", "", ""],
"activate_filters": ["fna", "ggc", "ping", "dns", "proxy", "default"]
},
"#defaultnofnashape" : {
"activate_classes": ["ggc", "bypass", "default"],
"cir_classes": ["10000", "10000", "%1"],
"burst_classes": ["10000", "10000", "%100"],
"modifiers_classes": ["pfifo limit 1000", "", ""],
"activate_filters": ["ggc", "ping", "dns", "proxy", "default"]
},
"#fuped" : {
"activate_classes": ["bypass", "ggc", "default"],
"cir_classes": ["2000","1000", "%1"],
"burst_classes": ["2000","1000", "%100"],
"modifiers_classes": ["", "", ""],
"activate_filters": ["ping", "proxy", "dns", "ggc", "default"]
},
"#plainflat" : {
"activate_classes": ["default"],
"cir_classes": ["%100"],
"burst_classes": ["%100"],
"modifiers_classes": [""],
"activate_filters": ["default"]
}
}
}
```
## Radius attributes
* Login-LAT-Service tag1,tag2,tag3 - set tags for user
* Login-LAT-Node bypass:N1/N2/N3... - set bypass speed for user, for example bypass:1000/3000/6000 means bypass0 is 1000, bypass1 is 3000, bypass2 is 6000, which is set as #0, #1, #2 in cir_classes and burst_classes
## Config.json structure
* defaultservice - default service to use if no classifier matched
* traffic_classes - classes to use in traffic shaper
* classid - classid to use, this classid will be used in filters, so when filter match it will route traffic to this class
* parent - parent classid, this means burst will be limited by parent class, or it can be set as 0 if this is root class and no burst expected (cir should be equal to burst)
* qdisc - qdisc to use, this is queue discipline, it can be pfifo, pie, fq_codel, etc.
* traffic_filters - filters to match traffic and decide which class will handle it
* prio - priority of filter, lower number means higher priority
* classid - classid to route traffic if filter matched
* criteria - criteria to match, it can be u32 match, handle, etc.
* classifiers - classifiers to match user and set service. WARNING: if you have complex classifiers, you should set them in order of priority using prio field. Prio evaluated from 0 to last classifier, so if you have classifier with prio 0, it will be evaluated first, then 1, etc.
* speed - speed to match, it can be <, >, =, <=, >=, <>, etc.
* setservice - service to set if classifier matched
* decision - decision to make if classifier matched, it can be final, continue, etc.
* timerange - timerange to match, it can be 0-24, 17-24, etc, so you can set different service for different time range
* tag VALUE - check if tag is present (Login-LAT-Service tag1,tag2,tag3)
* notag VALUE - check if tag is not present (Login-LAT-Service tag1,tag2,tag3)
* isreal 0/1 - check if realip is 0 or not
* isfup 0/1 - check if bypass_speed[0] is equal to speed
* brasname VALUE - check if brasname is equal to VALUE (set in /etc/burst2d.conf brasname=xxx, default value is "default")
* services - services to use in traffic shaper
* activate_classes - classes to activate in this service
* cir_classes - cir values for classes, it can be %XXX, #N, NNNN, where %XXX is percentage of account speed, #N is bypass N, NNNN is fixed speed. For example 10000 is 10Mbit, %200 is 2x account speed, etc.
* burst_classes - burst values for classes, it can be %XXX, #N, NNNN
* modifiers_classes - modifiers for classes, it can be "", "pfifo limit 1000", etc.
* activate_filters - filters to activate in this service
## Example of changing config.json
Let's say we want to introduce new service for users where all CDN bypass(fna and ggc) is grouped together and set to 10Mbit, and we want to set it to users with tag "onebypass".
New config will look as following:
```json
{
"defaultservice": "#default",
"traffic_classes": {
"fna" : { "classid": 10, "parent": 1, "qdisc": "pie limit 100 target 10ms" },
"ggc" : { "classid": 11, "parent": 1, "qdisc": "pfifo limit 100" },
"bypass" : { "classid": 12, "parent": 0, "qdisc": "pie limit 100 target 10ms" },
"default" : { "classid": 2, "parent": 1, "qdisc": "pie limit 100 target 100ms" }
},
"traffic_filters": {
"fna" : { "prio": 10, "classid": 10, "criteria": "u32 match ip src 185.22.34.0/24" },
"ggc" : { "prio": 10, "classid": 11, "criteria": "u32 match ip src 91.240.80.224/27" },
"ping" : { "prio": 5, "classid": 12, "criteria": "u32 match ip protocol 1 0xff" },
"dns" : { "prio": 5, "classid": 12, "criteria": "u32 match ip protocol 17 0xff match ip sport 53 0xffff" },
"proxy" : { "prio": 6, "classid": 12, "criteria": "handle 1 fw" },
"fnaonebypass" : { "prio": 10, "classid": 12, "criteria": "u32 match ip src 185.22.34.0/24" },
"ggconebypass" : { "prio": 10, "classid": 12, "criteria": "u32 match ip src 91.240.80.224/27" },
"default" : { "prio": 200, "classid": 2, "criteria": "u32 match u32 0 0" }
},
"classifiers": {
"fuped": { "speed": "<512", "setservice": "#fuped", "decision": "final", "prio": 0 },
"onebypass": { "tag":"onebypass", "setservice": "#onebypass", "decision": "final", "prio": 1 },
"bigvip": { "speed": ">100000", "tag":"vip", "setservice": "#plainflat", "prio": 2 },
"big": { "speed": ">100000", "setservice": "#plainflat", "decision": "final", "prio": 3 },
"eveningshapedfna": { "timerange":"17-24", "setservice": "#default", "prio": 4 },
"noshapedfna": { "timerange":"0-17", "setservice": "#defaultnofnashape", "prio": 5 },
},
"services": {
"#default" : {
"activate_classes": ["fna", "ggc", "bypass", "default"],
"cir_classes": ["%25", "10000", "10000", "%1"],
"burst_classes": ["%50", "10000", "10000", "%100"],
"modifiers_classes": ["", "pfifo limit 1000", "", ""],
"activate_filters": ["fna", "ggc", "ping", "dns", "proxy", "default"]
},
"#defaultnofnashape" : {
"activate_classes": ["ggc", "bypass", "default"],
"cir_classes": ["10000", "10000", "%1"],
"burst_classes": ["10000", "10000", "%100"],
"modifiers_classes": ["pfifo limit 1000", "", ""],
"activate_filters": ["ggc", "ping", "dns", "proxy", "default"]
},
"#fuped" : {
"activate_classes": ["bypass", "ggc", "default"],
"cir_classes": ["2000","1000", "%1"],
"burst_classes": ["2000","1000", "%100"],
"modifiers_classes": ["", "", ""],
"activate_filters": ["ping", "proxy", "dns", "ggc", "default"]
},
"#plainflat" : {
"activate_classes": ["default"],
"cir_classes": ["%100"],
"burst_classes": ["%100"],
"modifiers_classes": [""],
"activate_filters": ["default"]
},
"#onebypass" : {
"activate_classes": ["bypass", "default"],
"cir_classes": ["10000", "%100"],
"burst_classes": ["10000", "%100"],
"modifiers_classes": ["", ""],
"activate_filters": ["fnaonebypass", "ggconebypass", "default"]
}
}
}
```
So what are changed?
* Added new filters fnaonebypass and ggconebypass to match fna and ggc traffic to class 12, which is bypass class
* Added new classifier onebypass to match users with tag "onebypass" and set service to #onebypass
* Added new service #onebypass to activate only 2 classes, bypass and default, and set speed of bypass to 10Mbit, and "default" (which is direct traffic) to 100% of account speed
## How this rules evaluated when shaper find such user?
* First it will read radius attributes and find all tags
* Then it will start evaluating classifiers in order of prio. First one is fuped, it will check if user speed is less than 512, if yes, it will set service to #fuped and stop evaluating classifiers. But we are not, so it will continue. Next rule is onebypass, it will check if user has tag "onebypass", if yes, it will set service to #onebypass and stop evaluating classifiers. This is our case, so it will set service to #onebypass and stop evaluating classifiers.
* Then it will read service #onebypass and activate classes bypass and default, set cir of bypass to 10Mbit and default to 100% of account speed.
* Also it will activate filters fnaonebypass and ggconebypass, so all fna and ggc traffic will be matched to bypass class.
To verify if user is matched to correct service, you can use tc command to show classes of user, for example:
```
tc -s -d class show dev pppX
```
Where pppX is user ppp interface name of user identified by accel-cmd show sessions|grep username for example. And you can see two classes, one for fna + ggc traffic, and one for all other traffic.