On Tue, 12 Jun 2001, Barton Hodges wrote:
(Your ASCII drawing was rather screwed up, maybe too wide?)
> I can limit the downstream with this:
>
> tc qdisc add dev eth0 handle ffff:0 ingress
>
> tc filter add dev eth0 parent ffff:0 protocol ip prio 5 handle 1 fw \
> police rate 128kbit burst 128kbit mtu 1500 drop
>
>
> What I think I need is a separate filter for eth1 and eth2 that looks
> for different marks (handles?) Therefore, I need to mark packets
> coming through eth0 to eth1 with a 0x1 and from eth0 to eth2 with a 0x2
> and filter accordingly (I think).
I'm not sure I understand what you want, but I assume you want to limit
the downstream from internet to the two internal masqu'ed subnets. With
two extra conditions:
1 - internal traffic has priority (from subnet to subnet)
2 - internet downstream is equally divided between the subnets
First of all, I don't know how condition 2 can be met. I hope someone else
can correct me.
For the rest, I propose the following setup:
1 - create for each internal interface a low and a high priority class
with low rates (unbounded)
2 - don't mark incoming packets from the external interface, but use the
u32 filter and match with the source address
3 - if the packet comes from a internal subnet, redirect it to the hi-prio
class, otherwise send it to the low-prio class
This might not be ideal, just an idea.
--
GnuPG public key: http://win-www.uia.ac.be/u/s965817/pub.key
fingerprint = A3C4 DE50 712D 4FA8 C564 4D96 5E06 C9CC ECFA 19C5
Please edit the quoted text.
