New Packet flow diagram

ekkas · August 15, 2013, 7:14am

Thanks for that, but what I do not understand is if the diagram shows Global HTB in Input chain, then it’s not supposed to get any forwarding traffic?

According to diagrams:
A) Traffic to Router(v5):
PreRouting (ConnTrack, Mangle, DstNAT**, Global HTB**)
Input (Mangle, Filter)Traffic to Router(v5):

B)Traffic forwarded(v5):
PreRouting (ConnTrack, Mangle, DstNAT, Global HTB)
Forward (Mangle, Filter)

C)Traffic to Router(v6):
PreRouting (ConnTrack, Mangle, DstNAT)
Input (Mangle, Filter, Global HTB)

D)Traffic forwarded(v6):
PreRouting (ConnTrack, Mangle, DstNAT)
Forward (Mangle, Filter,?)
…

In scenario D, there is no Global HTB in prerouting, according to diagram it is now in Input chain, but Input chain is not used if it is forwarded traffic.
I’m not suggesting ROS is broken, I’m suggesting that possibly the diagram is wrong, or does ROS6 process Input chain for forwarded traffic as well now?

Regards
Ekkas

andriys · August 15, 2013, 8:31am

It shows it not only in Input chain, but in the Postrouting chain as well.
See above the last two blocks in postrouting.

ekkas · August 15, 2013, 8:39am

It shows it not only in Input chain, but in the Postrouting chain as well.

I’m talking about prerouting.
Global has always been in postrouting(before Src-NAT, now after src-NAT), but seems to moved from prerouting to input, that’s the point I’m trying to make.
V5:

V6:

andriys · August 15, 2013, 10:11am

Any kind of traffic first hits Global HTB, then Simple Tree, and it does it only once. Input traffic hits them in the Input, while Output and Forward traffic - in the Postrouting. The packet flow has changed and you will need to adopt to it.

ekkas · August 15, 2013, 11:40am

Any kind of traffic first hits Global HTB, then Simple Tree, and it does it only once.

Ok, that makes sense.

The packet flow has changed and you will need to adopt to it.

I need to understand before I can adapt.

Where would you want QueueTree or Simple Queues in Input chain, except for web proxy maybe? Control is outbound?
Anyways…

Let me put it this way…
For normal unbridged, routed traffic a packed would travel roughly.(#=PacketMark *=Queue)

ROS 5
1-)Prerouting
1a)Mangle Prerouting #1
1b)Dst NAT
1c)Global-In Global-Total HTB *1
2-)Forward
2a)Mangle forward #2
2b)Filter forward
3-)PostRouting
3a)Mangle Postrouting #2
3b)Global-Out Global-Total HTB *2
3c)Src-NAT
4-)Interface HTB *2

So here (if I understand it correctly), you could:
new-packet-mark @ ManglePrerouting(1a), then queue @ Global-In/Global-total(1c)
Then re-mark the packet @ MangleForward(2a) or ManglePostrouting(3a), then queue @Global-out(3b) or Interface HTB(4-)
Correct?

ROS 6:
1-)Prerouting
1a)Mangle Prerouting #1
1b)Dst NAT
2-)Forward
2a)Mangle forward
2b)Filter forward
3-)PostRouting
3a)Mangle Postrouting
3b)src-NAT
3c)Global HTB *1?
3d)Simple queues
4-)Interface HTB

Here, the first queue that you reach, is only in Global HTB(3c), after prerouting, forward, postrouting Mangles. There is no mangle opportunity after that to re-mark the packet before Interface HTB(4-)?
I guess my question is then, can a packet carry more than one mark? Otherwise, how does a packet get remarked if the sequence above is correct?

Thanks for your patience
Ekkas

Chupaka · August 15, 2013, 12:40pm

no opportunity

it cannot

ekkas · August 15, 2013, 2:30pm

Thanks Chupaka,
it would seem then a big downgrade from ROS5?
How can you do double-control QoS, i.e. shape by client type and QoS by traffic type on one router?

Chupaka · August 15, 2013, 10:17pm

you may use dynamic Simple Queues for shaping, one queue per user - they are speedy now

ekkas · August 16, 2013, 12:15am

That is all fine and well, but the question is how to do it twice.
1)Per user (Throttling)
2)Total outgoing (QoS)
Where to mark and queue it second time?

Regards
Ekkas

macgaiver · August 16, 2013, 6:33am

mark by traffic type in any mangle chain… - i suggest “forward”
prioritize traffic by traffic type in HTB global
use simple queues to apply individual user limits (use target as individual IP, or network and PCQ queue type)

infused · September 1, 2013, 11:34pm

Can anyone chuck this in a nice, printable pdf?

Toby7 · September 3, 2013, 3:39pm

One addon from my point of view: I would like to have colours in the picture, they make the boxes much more clearer!
PDF is also a good point. Please publish a vector graphics inside the PDF so that we can enjoy a real wallpaper

Thank you!

ojsa · September 3, 2013, 8:27pm

Is it possible to get this flow chart pictures in SVG or other vectorbased picture format?

normis · September 5, 2013, 6:33am

The original is in Open Office, so no. You could re-draw it as vector and share

sergey · September 5, 2013, 8:43am

Guys

Thank you very much for for the diagram. They are very useful and clear. Well done!

Questions:

Could you add they to official documentation (WiKi)?
Is it possible to get originals for personal use? I’d want to add comments to the diagrams and print.

Thank you.

mrz · September 25, 2013, 1:01pm

Svg files for those who requested:

AlArenal · September 25, 2013, 2:05pm

Great, thx alot!

P.S.:
This would should go into the wiki

mrz · September 25, 2013, 2:19pm

It is already there. Images you see here are linked to wiki

macgaiver · September 26, 2013, 6:45am

Yes, thanks, finally i can replace my old packet flow diagram printouts that hangs on the wall just across the workplace.

Added PDF that i will use if someone wants to do the same
Packet Flow Diagram v6.pdf (204 KB)

arahim52 · November 7, 2013, 3:16pm

Thanks for sharing this post to us. This is really nice information.
IT Network Support