Free htb software for linux

The Wonder Shaper is a very special network shaper script with a lot of features. Works on Linux 2.4 & higher.

Goals

I attempted to create the holy grail:

* Maintain low latency for interfactive traffic at all times.

This means that downloading or uploading files should not disturb SSH or even telnet. These are the most important things, even 200ms latency is sluggish to work over.

* Allow surfing at reasonable speeds while up or downloading

Even though http is bulk traffic, other traffic should not drown it out too much.

* Make sure uploads dont harm downloads, and the other way around

This is a much observed phenomenon where upstream traffic simply destroys download speed. It turns out that all this is possible, at the cost of a tiny bit of bandwidth. The reason that uploads, downloads and ssh hurt eachother is the presence of large queues in many domestic access devices like cable or DSL modems.

Why it doesnt work well by default

ISPs know that they are benchmarked solely on how fast people can download. Besides available bandwidth, download speed is influenced heavily by packet loss, which seriously hampers TCP/IP performance. Large queues can help prevent packetloss, and speed up downloads. So ISPs configure large queues.

These large queues however damage interactivity. A keystroke must first travel the upstream queue, which may be seconds (!) long and go to your remote host. It is then displayed, which leads to a packet coming back, which must then traverse the downstream queue, located at your ISP, before it appears on your screen.

This HOWTO teaches you how to mangle and process the queue in many ways, but sadly, not all queues are accessible to us. The queue over at the ISP is completely off-limits, whereas the upstream queue probably lives inside your cable modem or DSL device. You may or may not be able to configure it. Most probably not.

So, what next? As we cant control either of those queues, they must be eliminated, and moved to your Linux router. Luckily this is possible.

Limit upload speed somewhat

By limiting our upload speed to slightly less than the truly available rate, no queues are built up in our modem. The queue is now moved to Linux.

Limit download speed

This is slightly trickier as we cant really influence how fast the internet ships us data. We can however drop packets that are coming in too fast, which causes TCP/IP to slow down to just the rate we want. Because we dont want to drop traffic unnecessarily, we configure a burst size we allow at higher speed.

Now, once we have done this, we have eliminated the downstream queue totally (except for short bursts), and gain the ability to manage the upstream queue with all the power Linux offers.

Let interactive traffic skip the queue

What remains to be done is to make sure interactive traffic jumps to the front of the upstream queue. To make sure that uploads dont hurt downloads, we also move ACK packets to the front of the queue. This is what normally causes the huge slowdown observed when generating bulk traffic both ways. The ACKnowledgements for downstream traffic must compete with upstream traffic, and get delayed in the process.

We also move other small packets to the front of the queue - this helps operating systems which do not set TOS bits, like everything from Microsoft.

Allow the user to specify low priority traffic (new in 1.1!)

Sometimes you may notice low priority OUTGOING traffic slowing down important traffic. In that case, the following options may help you:

NOPRIOHOSTSRC
Set this to hosts or netmasks in your network that should have low priority

NOPRIOHOSTDST
Set this to hosts or netmasks on the internet that should have low priority

NOPRIOPORTSRC
Set this to source ports that should have low priority. If you have an unimportant webserver on your traffic, set this to 80

NOPRIOPORTDST
Set this to destination ports that should have low priority.

See the start of wshaper and wshaper.htb

Results

If we do all this we get the following measurements using an excellent ADSL connection from xs4all in the Netherlands:

Baseline latency:
round-trip min/avg/max = 14.4/17.1/21.7 ms

Without traffic conditioner, while downloading:
round-trip min/avg/max = 560.9/573.6/586.4 ms

Without traffic conditioner, while uploading:
round-trip min/avg/max = 2041.4/2332.1/2427.6 ms

With conditioner, during 220kbit/s upload:
round-trip min/avg/max = 15.7/51.8/79.9 ms

With conditioner, during 850kbit/s download:
round-trip min/avg/max = 20.4/46.9/74.0 ms

When uploading, downloads proceed at ~80% of the available speed. Uploads at around 90%. Latency then jumps to 850 ms, still figuring out why.

What you can expect from this script depends a lot on your actual uplink speed. When uploading at full speed, there will always be a single packet ahead of your keystroke. That is the lower limit to the latency you can achieve - divide your MTU by your upstream speed to calculate. Typical values will be somewhat higher than that. Lower your MTU for better effects!

A small table:

Uplink speed | Expected latency due to upload
--------------------------------------------------
32 | 234ms
64 | 117ms
128 | 58ms
256 | 29ms

So to calculate your effective latency, take a baseline measurement (ping on an unloaded link), and look up the number in the table, and add it. That is about the best you can expect. This number comes from a calculation that assumes that your upstream keystroke will have at most half a full sized packet ahead of it.

This boils down to:

mtu * 0.5 * 10
-------------- + baseline_latency
kbit

The factor 10 is not quite correct but works well in practice.

Your kernel

If you run a recent distribution, everything should be ok. You need 2.4 with QoS options turned on.

If you compile your own kernel, it must have some options enabled. Most notably, in the Networking Options menu, QoS and/or Fair Queueing, turn at least CBQ, PRIO, SFQ, Ingress, Traffic Policing, QoS support, Rate Estimator, QoS classifier, U32 classifier, fwmark classifier.

In practice, I (and most distributions) just turn on everything.

The scripts

The script comes in two versions, one which works on standard kernels and is implemented using CBQ. The other one uses the excellent HTB qdisc which is not in the default kernel. The CBQ version is more tested than the HTB one!

See wshaper and wshaper.htb.

Tuning

These scripts need to know the real rate of your ISP connection. This is hard to determine upfront as different ISPs use different kinds of bits it appears. People report success using the following technique:

Estimate both your upstream and downstream at half the rate your ISP specifies. Now verify if the script is functioning - check interactivity while uploading and while downloading. This should deliver the latency as calculated above. If not, check if the script executed without errors.

Now slowly increase the upstream & downstream numbers in the script until the latency comes back. This way you can find optimum values for your connection. If you are happy, please report to me so I can make a list of numbers that work well. Please let me know which ISP you use and the name of your subscription, and its reputed specifications, so I can list you here and save others the trouble.

Installation

If you dial in, you can copy the script to /etc/ppp/ip-up.d and it will be run at each connect.

If you want to remove the shaper from an interface, run wshaper stop. To see status information, run wshaper status.

KNOWN PROBLEMS

If you get errors, add an -x to the first line, as follows:

#!/bin/bash -x

And retry. This will show you which line gives an error. Before contacting me, make sure that you are running a recent version of iproute!

Recent versions can be found at your Linux distributor, or if you prefer compiling, here:
ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz

Pacemaker is a dynamic rate-limiting script that watches network traffic and determines which machines are probably abusing your network. Pacemaker catches things like Windows worm scans, port scans, P2P network traffic, and anything else that tries to go beyond the normal number of connections a standard machine should use. The machine needs to abuse the network for two minutes before pacemaker will mark the IP address to be ratelimited. Also, a machine will stay marked for as many minutes as it has abused the network.
Pacemaker uses iptables to mark packets for specific IP addresses it determines are abusing the network resources. Once the packets are marked iproute2 and tc can filter and ratelimit the traffic to whatever speed you want.
In order to use pacemaker you will need to have the latest iptables, a kernel that can handle iptables packet mangling, a network sniffer (currently only tcpdump or tethereal are
supported) and the lastest iproute2+tc tools.
First add a class to your ratelimiting system. There is an example provided (what I use currently) in htb-qdisc-example-eth0 or htb-qdisc-example-eth1.
open pacemaker and change the defaults to your local settings.
run make install
Enhancements:
- Fixed documentation listing required software.

Kuliax project is an effort to bring Free and Open Source Software (FOSS) to University education, especially in Indonesia. Many students and lecturers have been "addicted" to the closed-source and expensive software that they couldnt afford or not suitable with their needs. Universities encouraged to do something important to the _real_ meaning of education by using and developing FOSS.
FOSS gives civitas academica freedom to use, study, modify, and distribute all software released under its licenses. We should spend more money to the empowerment of human resources, instead of products. This is great, if each universities generate as many as possible people who can develop themself and their surrounding with true and open knowledge, the one that forgeted by some/most education institutions.
Kuliax Project provides bridge between students, lecturers, and civitas academica to cooperate with each other. In Bahasa Indonesia, its called Gotong Royong. Like the logo which symbolizes peoples hands that holds one to another, making a square.
The near possible milestone to reach that goal is developing Linux distro to fit University or Campus needs and invite people to join in.
Kuliax, is one of the implementation for the first milestone, Linux distro for Information Technology, Electrical Engineering, Computer Science, or related department, but its likely can be used by some others departments as well. It tries to provide "base system" and applications suited to the curriculum/syllabus.
Applications installed:
- Desktop Environment: KDE 3.5.5
- Internet: Akregator, Gaim 2.0, KFTPGrabber 0.8.0, KMail, Iceweasel 2.0 (Firefox)
- Graphics: XMRM, Gwenview, ImageMagick, Inkscape 0.44.1, The Gimp 2.2.13, autotrace, gif2png, qiv, xaos, xfig
- Multimedia: XMMS 1.2.10+plugins, (K)MPlayer, VCD tools, Audacity, Kino 0.92+plugins, dvgrab, k3b, sox
- Office: OpenOffice.org 2.0.4
- File Reader: KPDF, KchmViewer
- Brainstorming: Freemind 0.8.0
- Dictionary: StarDict 2.4.8, English-Indonesian dictionary-database
- Printing: CUPS+driver
- Wireless: ndiswrapper, wireless-tools, wlassistant, wpasupplicant
- Statistics and Data Mining: R-base, RKWard
- Mathematics and Modelling: GNUPLOT, Octave
- Electrical/Electronics and Digital/Microprocessor: gnusim8085, gpsim, ktechlab, sdcc, tkgate, uisp
- Programming:
- LISP: CLISP 2.4.1
- PHP: PHP4 dan PHP5
- Assembler: nasm 0.98.38
- C/C++: GCC 4.1.1
- Haskell: Hugs 98.200503.08
- Java(tm): Sun Java 5.0
- Pascal: Freepascal 2.0.0
- Perl: Perl 5.8.8
- Prolog: SWI-Prolog 5.6.14
- Python: Python 2.4.4
- Scheme: Guile 1.6.8
- Smalltalk: GNU Smalltalk 2.1.8
- Tcl/Tk: Tcl/Tk 8.4
- Development: CVS, KDevelop 3.3.5 (IDE), Motor 3.4.0 (IDE), autoconf, automake, distcc, gdb, make, ncurses, whiptail 0.52.2
- Computer Organization and Architecture: GNU MIX Development Kit
- Operating System: UserModeLinux, VisualOS, qemu
- Computer Network: BIND9, DHCP3 server/client, arpwatch, bridge-utils, etherwake, fping, htb-gen, iftop, iproute, iptables, iptraf, krdc, krfb, mtr, netcat, netpipe-tcp, openssh, scli, shaper (CBQ), sipcalc, stunnel, tcpdump, tcpwrapper, telnet-ssl, vpnc, vsftpd
- Network Simulator: cnet
- Web Server: Apache 2.2.3
- Database: MySQL 5.0.27, SQLite 3.3.8, sqlitebrowser 1.3
- Security: GNUPG 1.4.5, dsniff, nmap, outguess
- Software Engineering: ArgoUML, GanttProject, sloccount
- Utilities: abakus, bc, ethtool, fdisk/cfdisk, knetworkconf, ksysguard, mc, qtparted, rsync, screen, synaptic, vrms
- E-Book: Operating System Book, created and maintained by Masyarakat Digital Gotong Royong (MDGR), in Bahasa Indonesia