Re: [IT-SecNots] Traffic shaping on debian

[lxP <lxp AT davizone.at>]

Since a few years, I am searching for a good solution for services of 
different
priority, so I am really interested in how you would do that.

On 2016-05-28 09:49, Ruben Wisniewski wrote:
> fq_codel should be used in any case, if you have more than one service use a
> fq_codel per service and shape them accordingly with a hard limit. Above all
> services queues add a root fq_codel and shape them to 92% of the total 
> available
> bandwidth in total.
>
> Reducing a service under the physical bandwidth needed is mostly unintended 
> or
> is a result of misunderstanding of the difference between  average to peak
> bandwidth of network-applications and cost me in job a huge amount of time.
>
> A good start point:
> https://wiki.gentoo.org/wiki/Traffic_shaping
>
>
> Best regards Ruben

I didn't fully understand what qdisc hierarchy you are suggesting. It sounds 
for
me that you add fq_codel below an fq_codel queue, which is impossible, or?

htb (hard limit)
- ?
-- fq_codel (service A)
-- fq_codel (service B)
-- fq_codel (service C)

You could remove the question mark entirely and put the fq_codel queues 
directly
below htb with a fixed hard limit.
However, in most cases you don't want a hard limit, but just specify a rough
priority between the services. If the link is unsaturated, each service should
be able to use arbitrary bandwidth. However, if it approaches saturation the
services should approach a specified percentage of the total bandwidth.
The obvious solution would be to use "ceil", but as mentioned before it 
doesn't
perform well.
You could put drr for the question mark, which performs well, but it would 
just
handle each service of equal priority.
You could put prio for the question mark, but if service A uses all bandwidth,
service B and C will starve.
Does anyone have a solution for that problem?

Best regards,
lxP