In the filter sequence, would not all packets match the first filter and hence go thro' that only? Should the filter chain be modified to have the $LOCALIP source last so that packets not coming from sport 80 and 443 will only reach that filter as intended. What does rest mean in 4:0 when it would anyway match 2:0? The match or filter conditions do not look different at all. If my understanding is wrong, I'd like to know the correct one. Mohan -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Clemens Resanka Sent: Saturday, November 02, 2002 1:45 AM To: lartc@mailman.ds9a.nl Subject: how does <<isolated>> work?? Hi all, I am trying to use cbq to limit the traffic of an interface. I want all traffic from local addresses to pass through unlimted, all web-traffic limited to 500kbit and the rest limited to 250kbit. The 500kbit and the 250kbit traffic should be allowed to borrow from each other, but not from the unlimited local addresses. Here's the setup: # 1:0 cbq # / | \ # / | \ # / | \ # 1:1 1:2 1:3 # | | | # | | | # 2:0 3:0 4:0 sfq # # local Web rest # unl. LIMIT1 LIMIT2 I made 1:1 isolated but 1:2 and 1:3 still borrow from it. bounded however works as expected. Did I miss something or is the isolated option broken? btw: I tried it with a 2.4.10 and a 2.4.19 kernel. here are the commands I tried: ---------------------------------------------------------------------- # IP to route through 1:1 LOCALIP=192.168.0.0/24 # Limit of 1:2 LIMIT1=500kbit # Limit of 1:3 LIMIT2=250kbit # Interface to limit IFACE=eth1 # 1:0 cbq qdisc tc qdisc add dev $IFACE root handle 1:0 cbq bandwidth 100Mbit \ avpkt 1000 # 1:1 cbq class; unlimited tc class add dev $IFACE parent 1:0 classid 1:1 cbq \ bandwidth 100Mbit rate 100Mbit maxburst 20 avpkt 1000 isolated # 1:2 cbq class; limited to $LIMIT1 tc class add dev $IFACE parent 1:0 classid 1:2 cbq \ bandwidth 100Mbit rate $LIMIT1 maxburst 20 avpkt 1000 # 1:3 cbq class; limited to $LIMIT2 tc class add dev $IFACE parent 1:0 classid 1:3 cbq \ bandwidth 100Mbit rate $LIMIT2 maxburst 20 avpkt 1000 # 2:0, 3:0 sfq tc qdisc add dev $IFACE parent 1:1 handle 2:0 sfq tc qdisc add dev $IFACE parent 1:2 handle 3:0 sfq tc qdisc add dev $IFACE parent 1:3 handle 4:0 sfq # everything from $LOCALIP goes to 1:1 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip src $LOCALIP flowid 1:1 # port 80 to 1:2 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip sport 80 0xffff flowid 1:2 # port 443 to 1:2 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip sport 443 0xffff flowid 1:2 # everything else to 1:3 tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip src 0.0.0.0/0 flowid 1:3 ---------------------------------------------------------------------- So far.. - Clemens - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
