search

facebookarchive / augmented-traffic-control

Augmented Traffic Control: A tool to simulate network conditions
https://facebook.github.io/augmented-traffic-control
Other
4.33k stars 599 forks source link

Puzzled with ATC #238

Closed Darky-Lucera closed 8 years ago

Darky-Lucera commented 8 years ago

I think I have ATC working well but it seems it is not shapping devices.

atcd is running and logging messages, the web interface is running and logging messages. I seems that I can shape a device using the web interface. But I can't reduce the bandwidth of any device. I don't know if I'm doing something wrong but all seems to work properly.

I'm running Ubuntu inside VMWare with two interfaces ens32 (connected to internet. ip 10.82.2.249/22) and ens33 (connected to a WIFI router. ip 192.168.1.33/24). The default gateway is 10.82.0.1.

With this configuration every device connected to the WIFI router can make internet conections without problems.

Now I start atcd and the web server, and I try to configure a device with ip 192.168.1.34 to get only 128 kbits for uplink and downlink.

I restart the server (atcd and the web server. everithing) and I get these messages:

INFO:AtcdVService.AtcdLinuxShaper:Request startShaping TrafficControl(device=TrafficControlledDevice(controllingIP='192.168.1.34', controlledIP='192.168.1.34'), timeout=84680.19875216484, settings=TrafficControlSetting(down=Shaping(loss=Loss(percentage=0.0, correlation=0.0), delay=Delay(delay=0, jitter=0, correlation=0.0), rate=128, iptables_options=[], corruption=Corruption(percentage=0.0, correlation=0.0), reorder=Reorder(percentage=0.0, correlation=0.0, gap=0)), up=Shaping(loss=Loss(percentage=0.0, correlation=0.0), delay=Delay(delay=0, jitter=0, correlation=0.0), rate=128, iptables_options=[], corruption=Corruption(percentage=0.0, correlation=0.0), reorder=Reorder(percentage=0.0, correlation=0.0, gap=0)))) INFO:AtcdVService.AtcdLinuxShaper:Shaping ip 192.168.1.34 on interface ens33 INFO:AtcdVService.AtcdLinuxShaper:create new HTB class on IFID ens33, classid 1:3,parent 1:0, rate 128kbits INFO:AtcdVService.AtcdLinuxShaper:create new Netem qdisc on IFID ens33, parent 1:3, loss 0.0%, delay 0 INFO:AtcdVService.AtcdLinuxShaper:create new FW filter on IFID ens33, classid 1:3, handle 3, rate: 128kbits INFO:AtcdVService.AtcdLinuxShaper:Running /sbin/iptables -t mangle -A FORWARD -d 192.168.1.34 -i ens33 -j MARK --set-mark 3 INFO:AtcdVService.AtcdLinuxShaper:Shaping ip 192.168.1.34 on interface ens32 INFO:AtcdVService.AtcdLinuxShaper:create new HTB class on IFID ens32, classid 1:3,parent 1:0, rate 128kbits INFO:AtcdVService.AtcdLinuxShaper:create new Netem qdisc on IFID ens32, parent 1:3, loss 0.0%, delay 0 INFO:AtcdVService.AtcdLinuxShaper:create new FW filter on IFID ens32, classid 1:3, handle 3, rate: 128kbits

Note that if I do not restart the servers ocurrs the same

It seems that this device is correctly configured but when I try to access to whatever web or an speedtest the bandwitdh is not limited to 128 kbits (It has several Mbits).

What I'm doing bad?

Thanks in advance.

PD: (venv)atc@atc-virtual-machine:~$ pip freeze

Django==1.9.2 argparse==1.2.1 atc-thrift==0.1.3 atcd==0.1.3 daemonize==2.4.2 django-atc-api==0.1.3 django-atc-demo-ui==0.1.3 django-atc-profile-storage==0.1.3 django-bootstrap-themes==3.1.2 django-static-jquery==1.11.1 djangorestframework==3.3.2 futures==3.0.4 pyotp==1.4.1 pyroute2==0.3.3 six==1.10.0 sparts==0.7.1 thrift==0.9.3 wsgiref==0.1.2

zealws commented 8 years ago

Everything here looks okay to me. The first thing that comes to mind is to check to be sure your wireless router is not running NAT. This would prevent the ATC machine from seeing the real IP of the client, instead it would see the IP of the wireless router. Note that if this were happening you would still be shaped, so I don't think that's the issue, but it's worth checking anyway.

Do you mind running the following commands (as root) and pasting the output into (gist)[gist.github.com] and attaching the link here?

iptables -t mangle -nL
tc qdisc show dev ens32
tc filter show dev ens32
tc class show dev ens32
tc qdisc show dev ens33
tc filter show dev ens33
tc class show dev ens33
chantra commented 8 years ago

On top of @zfjagann comments, it also seems that your wireless router is the one doing DHCP. Is the wireless router connected to internet directly?

I have a feeling that your wireless router is having its own access to internet, bypassing ATC. It serves dhcp addresses to devices and provide a default route to itself. Host can access the ATC ui because it is on the same network, but when accessing internet resources, it does not go through atc.

Darky-Lucera commented 8 years ago

@zfjagann This is the info you requested:

iptables -t mangle -nL Chain PREROUTING (policy ACCEPT) target prot opt source destination

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain FORWARD (policy ACCEPT) target prot opt source destination
MARK all -- 0.0.0.0/0 127.0.0.1 MARK set 0x2 MARK all -- 127.0.0.1 0.0.0.0/0 MARK set 0x2 MARK all -- 0.0.0.0/0 192.168.1.34 MARK set 0x3 MARK all -- 192.168.1.34 0.0.0.0/0 MARK set 0x3 MARK all -- 0.0.0.0/0 192.168.1.33 MARK set 0x4 MARK all -- 192.168.1.33 0.0.0.0/0 MARK set 0x4

Chain OUTPUT (policy ACCEPT) target prot opt source destination

Chain POSTROUTING (policy ACCEPT) target prot opt source destination

tc qdisc show dev ens32 qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 0 direct_qlen 1000 qdisc netem 8008: parent 1:2 limit 1000 delay 15.0ms loss 5% qdisc netem 800a: parent 1:3 limit 1000 qdisc netem 800c: parent 1:4 limit 1000

tc filter show dev ens32 filter parent 1: protocol ip pref 1 fw filter parent 1: protocol ip pref 1 fw handle 0x2 classid 1:2 police 0x8 rate 400Kbit burst 12000b mtu 2Kb action drop overhead 0b ref 1 bind 1

filter parent 1: protocol ip pref 1 fw handle 0x3 classid 1:3 police 0xa rate 128Kbit burst 12000b mtu 2Kb action drop overhead 0b ref 1 bind 1

filter parent 1: protocol ip pref 1 fw handle 0x4 classid 1:4 police 0xc rate 128Kbit burst 12000b mtu 2Kb action drop overhead 0b ref 1 bind 1

tc class show dev ens32 class htb 1:4 root leaf 800c: prio 0 rate 128Kbit ceil 128Kbit burst 1600b cburst 1600b class htb 1:2 root leaf 8008: prio 0 rate 400Kbit ceil 400Kbit burst 1600b cburst 1600b class htb 1:3 root leaf 800a: prio 0 rate 128Kbit ceil 128Kbit burst 1600b cburst 1600b

tc qdisc show dev ens33 qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 16 direct_qlen 1000 qdisc netem 8007: parent 1:2 limit 1000 delay 10.0ms loss 1% qdisc netem 8009: parent 1:3 limit 1000 qdisc netem 800b: parent 1:4 limit 1000

tc filter show dev ens33 filter parent 1: protocol ip pref 1 fw filter parent 1: protocol ip pref 1 fw handle 0x2 classid 1:2 police 0x7 rate 200Kbit burst 12000b mtu 2Kb action drop overhead 0b ref 1 bind 1

filter parent 1: protocol ip pref 1 fw handle 0x3 classid 1:3 police 0x9 rate 128Kbit burst 12000b mtu 2Kb action drop overhead 0b ref 1 bind 1

filter parent 1: protocol ip pref 1 fw handle 0x4 classid 1:4 police 0xb rate 128Kbit burst 12000b mtu 2Kb action drop overhead 0b ref 1 bind 1

tc class show dev ens33 class htb 1:4 root leaf 800b: prio 0 rate 128Kbit ceil 128Kbit burst 1600b cburst 1600b class htb 1:2 root leaf 8007: prio 0 rate 200Kbit ceil 200Kbit burst 1600b cburst 1600b class htb 1:3 root leaf 8009: prio 0 rate 128Kbit ceil 128Kbit burst 1600b cburst 1

@chantra Yes, it is the WIFI router which is running the DHCP Server, but this router is not connected to internet, it has only one net wire to the VMWare host computer.

Another question. Is there a way to disable the token system to be able to add some IPs freely from the server?

And, one more thing, hehe. The web UI is always telling: No Controlled Machines

Thanks in advance!

Darky-Lucera commented 8 years ago

I changed the WIFI router to make DHCP Relay. Now the Ubuntu machine is which is giving IPs to devices, and everything remains the same.

Furthermore, I'm using "tcpdump -i ens33" and I can see that the device IP is related in the communication. ATC seems that is not doing anything. :(

Some clues?

Adding a new device throught the ATC web UI I can see this log message:

INFO:AtcdVService.AtcdLinuxShaper:Request requestControl(TrafficControlledDevice(controllingIP='192.168.1.64', controlledIP='192.168.1.64'), AccessToken(valid_until=None, token=552344, interval=None))

Then I make some test and nothing

Darky-Lucera commented 8 years ago

Only to send you a bit more information.

Now I add a PC (before all was mobiles (with mobile data disabled, of course) and I get this log:

INFO:AtcdVService.AtcdLinuxShaper:Request startShaping TrafficControl(device=TrafficControlledDevice(controllingIP='192.168.1.65', controlledIP='192.168.1.65'), timeout=86400, settings=TrafficControlSetting(down=Shaping(loss=Loss(percentage=0.0, correlation=0.0), delay=Delay(delay=0, jitter=0, correlation=0.0), rate=10, iptables_options=[], corruption=Corruption(percentage=0.0, correlation=0.0), reorder=Reorder(percentage=0.0, correlation=0.0, gap=0)), up=Shaping(loss=Loss(percentage=0.0, correlation=0.0), delay=Delay(delay=0, jitter=0, correlation=0.0), rate=10, iptables_options=[], corruption=Corruption(percentage=0.0, correlation=0.0), reorder=Reorder(percentage=0.0, correlation=0.0, gap=0)))) INFO:AtcdVService.AtcdLinuxShaper:Shaping ip 192.168.1.65 on interface ens33 INFO:AtcdVService.AtcdLinuxShaper:create new HTB class on IFID ens33, classid 1:4,parent 1:0, rate 10kbits INFO:AtcdVService.AtcdLinuxShaper:create new Netem qdisc on IFID ens33, parent 1:4, loss 0.0%, delay 0 INFO:AtcdVService.AtcdLinuxShaper:create new FW filter on IFID ens33, classid 1:4, handle 4, rate: 10kbits INFO:AtcdVService.AtcdLinuxShaper:Running /sbin/iptables -t mangle -A FORWARD -d 192.168.1.65 -i ens33 -j MARK --set-mark 4 INFO:AtcdVService.AtcdLinuxShaper:Shaping ip 192.168.1.65 on interface ens32 INFO:AtcdVService.AtcdLinuxShaper:create new HTB class on IFID ens32, classid 1:4,parent 1:0, rate 10kbits INFO:AtcdVService.AtcdLinuxShaper:create new Netem qdisc on IFID ens32, parent 1:4, loss 0.0%, delay 0 INFO:AtcdVService.AtcdLinuxShaper:create new FW filter on IFID ens32, classid 1:4, handle 4, rate: 10kbits INFO:AtcdVService.AtcdLinuxShaper:Running /sbin/iptables -t mangle -A FORWARD -s 192.168.1.65 -i ens32 -j MARK --set-mark 4 INFO:AtcdVService.AtcdLinuxShaper:Unshaping ip 192.168.1.65 on interface ens33 INFO:AtcdVService.AtcdLinuxShaper:Running /sbin/iptables -t mangle -D FORWARD -d 192.168.1.65 -i ens33 -j MARK --set-mark 2 INFO:AtcdVService.AtcdLinuxShaper:deleting filter on IFID ens33, handle 2 INFO:AtcdVService.AtcdLinuxShaper:deleting class on IFID ens33, classid 1:2 INFO:AtcdVService.AtcdLinuxShaper:Unshaping ip 192.168.1.65 on interface ens32 INFO:AtcdVService.AtcdLinuxShaper:Running /sbin/iptables -t mangle -D FORWARD -s 192.168.1.65 -i ens32 -j MARK --set-mark 2 INFO:AtcdVService.AtcdLinuxShaper:deleting filter on IFID ens32, handle 2 INFO:AtcdVService.AtcdLinuxShaper:deleting class on IFID

Before that I was looking some youtube videos.

chantra commented 8 years ago

@Darky-Lucera

You have not started atcd with the right parameters. You WAN is ens32 and your LAN is ens33

Reading those logs:

INFO:AtcdVService.AtcdLinuxShaper:Shaping ip 192.168.1.34 on interface ens33
...
INFO:AtcdVService.AtcdLinuxShaper:Shaping ip 192.168.1.34 on interface ens32
...

You have started atc with --atcd-lan ens32 --atcd-wan ens33 instead of --atcd-lan ens33 --atcd-wan ens32,

Another question. Is there a way to disable the token system to be able to add some IPs freely from the server?

You should be able to use --atcd-mode unsecure to help you with that.

Darky-Lucera commented 8 years ago

Oops! Solved

I have a mistake when I write the ATC.sh script and exchange atcd-lan and atcd-wan interfaces.

Sorry very much! Now It works fine.

Thank you very much!