Hi, The filters work as expected. tc -s qdisc shows traffic for all 3 qdiscs. The first filter rule only applies to all packets coming from 192.168.0.0/24. All other packets are divided to 1:2 and 1:3. At Sat, 2 Nov 2002 08:00:56 +0530, S Mohan wrote: > > In the filter sequence, would not all packets match the first filter and > hence go thro' that only? Should the filter chain be modified to have > the $LOCALIP source last so that packets not coming from sport 80 and > 443 will only reach that filter as intended. What does rest mean in 4:0 > when it would anyway match 2:0? The match or filter conditions do not > look different at all. > > If my understanding is wrong, I'd like to know the correct one. > > Mohan > > -----Original Message----- > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] > On Behalf Of Clemens Resanka > Sent: Saturday, November 02, 2002 1:45 AM > To: lartc@mailman.ds9a.nl > Subject: how does <<isolated>> work?? > > > Hi all, > > I am trying to use cbq to limit the traffic of an interface. > > I want all traffic from local addresses to pass through unlimted, all > web-traffic limited to 500kbit and the rest limited to 250kbit. The > 500kbit and the 250kbit traffic should be allowed to borrow from each > other, but not from the unlimited local addresses. > > Here's the setup: > > # 1:0 cbq > # / | \ > # / | \ > # / | \ > # 1:1 1:2 1:3 > # | | | > # | | | > # 2:0 3:0 4:0 sfq > # > # local Web rest > # unl. LIMIT1 LIMIT2 > > I made 1:1 isolated but 1:2 and 1:3 still borrow from it. bounded > however works as expected. > > Did I miss something or is the isolated option broken? > > btw: I tried it with a 2.4.10 and a 2.4.19 kernel. > > here are the commands I tried: > ---------------------------------------------------------------------- > > # IP to route through 1:1 > LOCALIP=192.168.0.0/24 > > # Limit of 1:2 > LIMIT1=500kbit > > # Limit of 1:3 > LIMIT2=250kbit > > # Interface to limit > IFACE=eth1 > > # 1:0 cbq qdisc > tc qdisc add dev $IFACE root handle 1:0 cbq bandwidth 100Mbit \ avpkt > 1000 > > # 1:1 cbq class; unlimited > tc class add dev $IFACE parent 1:0 classid 1:1 cbq \ > bandwidth 100Mbit rate 100Mbit maxburst 20 avpkt 1000 isolated > > # 1:2 cbq class; limited to $LIMIT1 > tc class add dev $IFACE parent 1:0 classid 1:2 cbq \ > bandwidth 100Mbit rate $LIMIT1 maxburst 20 avpkt 1000 > > # 1:3 cbq class; limited to $LIMIT2 > tc class add dev $IFACE parent 1:0 classid 1:3 cbq \ > bandwidth 100Mbit rate $LIMIT2 maxburst 20 avpkt 1000 > > # 2:0, 3:0 sfq > tc qdisc add dev $IFACE parent 1:1 handle 2:0 sfq > tc qdisc add dev $IFACE parent 1:2 handle 3:0 sfq > tc qdisc add dev $IFACE parent 1:3 handle 4:0 sfq > > # everything from $LOCALIP goes to 1:1 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip > src $LOCALIP flowid 1:1 > # port 80 to 1:2 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip > sport 80 0xffff flowid 1:2 > # port 443 to 1:2 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip > sport 443 0xffff flowid 1:2 > # everything else to 1:3 > tc filter add dev $IFACE protocol ip parent 1:0 prio 1 u32 \ match ip > src 0.0.0.0/0 flowid 1:3 > > ---------------------------------------------------------------------- > > > > So far.. > > - Clemens - > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ So far.. - Clemens - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
