Steff and all, I tried the following commands on both a linux bridge placed between two linux routers and a linux router connected to a hub: tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 \ match ip src 0.0.0.0/0 police rate 100kbit burst 10k drop flowid :1 Test 1: |Router 1| (eth0)----- |Hub| -----(eth0) |Router 2| The result is that by limiting the ingress rate to 100kbps on Router 1's eth0, data from Router 2 to Router 1 is received at 100kbps and at maximum rate from Router 1 to Router 2. Test 2: |Router 1| (eth0)-----(eth0) |Linux Bridge| (eth1)-----(eth0) |Router 2| The result is that by limiting the ingress rate to 100kbps on the Linux Bridge's eth0 does not affect the rate at which data is transferred on either direction. I would expect the same bahavior as in Test 1, but that is not what I see. The linux bridge is just a RedHat 7.3 linux box running on bridging mode and no ip addresses associated with any of the interfaces. The following commands are used to configure it (assuming only two interfaces on the bridge): /usr/sbin/brctl addbr brgrp /usr/sbin/brctl addif brgrp eth0 /usr/sbin/brctl addif brgrp eth1 /sbin/ip link set brgrp up /sbin/ip link set eth0 up /sbin/ip link set eth1 up /sbin/ip addr add 192.168.128.50/24 brd + dev brgrp So what is it that is different about the linux bridge interface that incoming packets are not limitted to 100kbps? Does the bridge ever look at the source ip address of the incoming packet or just at the destination mac address? If that is the case, it will never match "ip src 0.0.0.0/0". Any help will be greatly appreciated. Thanks, Marcelo. > -----Original Message----- > From: Stef Coene [mailto:stef.coene@docum.org] > Sent: Tuesday, October 15, 2002 11:40 AM > To: Albuquerque, Marcelo M; 'lartc@mailman.ds9a.nl' > Subject: Re: (no subject) > > > On Friday 11 October 2002 23:17, Albuquerque, Marcelo M wrote: > > Stef, > > > > Thanks for the reply. > > > > I want my bridge to "emulate" a rate limit on the > transmitter of the device > > connected to that particular bridge interface. That's why I > need an ingress > > qdisc on each and every interface of my Linux bridge. This > is what I tried: > > > tc qdisc add dev eth4 handle ffff: ingress > > tc filter add dev eth4 parent ffff: protocol ip prio 50 u32 > match ip \ > > src 0.0.0.0/0 police rate 100kbit burst 10k drop flowid :1 > > > > I didn't obeserve any rate reduction though. I suspect that > on the bridge, > > packets are being forwarded and therefore the ip-related > matches have no > > effect. How can I have the 'police rate 100kbit' portion of > the command > > without the ip-related arguments? > All packets arriving are ip related, so the above command > should work. Can > you test it without a switch? Connect the box to a hub, send > some data and > record the speed. > > Stef > > -- > > stef.coene@docum.org > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
