Quality of service troubleshooting¶

Traffic Classes¶

To show the speeds currently applied to traffic classes, use the following command:

tc class show dev tun<tunnel ID>

This shows the guaranteed rate (rate xxxxbit) and limit (ceil xxxxbit) rates for each class.

class htb 10:110 parent 10:1 leaf 80c5: prio 0 rate 2280Kbit ceil 5700Kbit burst 1599b cburst 1598b
class htb 10:1 root rate 5700Kbit ceil 5700Kbit burst 1598b cburst 1598b
class htb 10:130 parent 10:1 leaf 80c7: prio 2 rate 1140Kbit ceil 5700Kbit burst 1599b cburst 1598b
class htb 10:120 parent 10:1 leaf 80c6: prio 1 rate 1140Kbit ceil 5700Kbit burst 1599b cburst 1598b
class htb 10:140 parent 10:1 leaf 80c8: prio 3 rate 1140Kbit ceil 5700Kbit burst 1599b cburst 1598b

To show the byte and packet counts and current queue size (called backlog in tc) for a class, add the -s argument to the above tc command:

tc -s class show dev tun90

class htb 10:110 parent 10:1 leaf 80c5: prio 0 rate 2280Kbit ceil 5700Kbit burst 1599b cburst 1598b
 Sent 827961 bytes 4440 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 4440 borrowed: 0 giants: 0
 tokens: 99723 ctokens: 39882
...

To verify that traffic classes have been set up properly, use the following command:

tc qdisc show dev tun<tunnel ID>

qdisc htb 10: root refcnt 2 r2q 10 default 130 direct_packets_stat 0
qdisc pfifo 8031: parent 10:110 limit 500p
qdisc sfq 8032: parent 10:120 limit 127p quantum 1452b perturb 10sec
qdisc sfq 8033: parent 10:130 limit 127p quantum 1452b perturb 10sec
qdisc sfq 8034: parent 10:140 limit 127p quantum 1452b perturb 10sec

There should be one root HTB qdisc and one PFIFO or SFQ qdisc for each traffic class.

Packet Filters¶

To verify that packet filters have been set up properly, use the following commands:

iptables -t mangle -L qos_<QoS profile ID> -nv

This shows the current filters for the given QoS profile. It can be used to determine which filters are being matched. For example,

root@prodagg02:~# iptables -t mangle -L qos_1 -nv
Chain qos_1 (2 references)
 pkts bytes target     prot opt in out source    destination
 140K 9710K CLASSIFY   icmp --  *  *   0.0.0.0/0 0.0.0.0/0   /* ICMP */ length 0:500 CLASSIFY set 10:110
    0     0 CLASSIFY   udp  --  *  *   0.0.0.0/0 0.0.0.0/0   /* IAX2 */ multiport ports 4569 CLASSIFY set 10:110
    0     0 CLASSIFY   tcp  --  *  *   0.0.0.0/0 0.0.0.0/0   /* SIP control (TCP) */ multiport ports 5060:5061 CLASSIFY set 10:110
  818  357K CLASSIFY   udp  --  *  *   0.0.0.0/0 0.0.0.0/0   /* SIP control (UDP) */ multiport ports 5060:5061 CLASSIFY set 10:110

To show which profiles apply to which tunnels, use a command such as:

iptables -t mangle -L POSTROUTING -nv | grep qos_

For example, this displays something such as:

root@prodagg02:~# iptables -t mangle -L POSTROUTING -nv | grep qos_
89592 5619K qos_1      all  --  *      tun35   0.0.0.0/0            0.0.0.0/0           /* Bond 35 QoS */
  11M   11G qos_1      all  --  *      tun3    0.0.0.0/0            0.0.0.0/0           /* Bond 3 QoS */

This shows that bond 3 and bond 35 are both using profile 1.