You are talking about marks which have to stay in one machine. It seems more general to have marks that can travel on your network. If you add the RIFRAF Routing changes to FreeBSD, then you can do all sorts of things on a per /16 prefix basis. For example, you can easily mark packets for sorting into flows, or mark them with random tags to have them routed to two links in a load-balancing mode. http://www.dot-biz.com/IPv4/Tutorial/ http://www.dot-biz.com/IPv4/Tutorial/RIFRAFBSD4.4.txt The simple ping command is used to control the RIFRAF settings in another machine, so, in theory, you can reach across the entire global Internet and change the way packets are handled for specific /16 prefixes. 10.0 and 192.168 are commonly used. RIFRAF - Remote Identification Field Random Action Filter Jim Fleming http://www.IPv8.info IPv16....One Better !! ----- Original Message ----- From: "Daniel Wittenberg" <daniel-wittenberg@xxxxxxxxxxx> To: <skaya@xxxxxxxx> Cc: <lartc@xxxxxxxxxxxxxxx> Sent: Wednesday, December 19, 2001 11:46 PM Subject: RE: [LARTC] shaping/routing > Just to clarify how this works, so I know it's going to work for what I > need: Let's say I have 10 subnets, I mark the packets coming from 3 of > them with a 1. Now I just set an out-going limit on packets marked with > 1 to let's say 100 bytes/second. Now, does the 100 bytes/sec apply to > each connection, or to _all_ packets with that mark? What I want to > make sure is that the entire subnet is limited to 100 bytes/sec, and not > individual connections or src addy's...? > > Dan > > On Wed, 2001-12-19 at 12:07, Jerome PETAZZONI wrote: > > > > > I've been doing ipchains/tables firewalls for quite a while now, but I'd > > > like to be able to do some bandwith shaping, and src-address based > > > routing to specific net connections. > > > > I'll again do some advertisement for my bytelimit patch :-) > > it is a patch for netfilter (iptables) allowing to limit bandwidth, > > like the "limit" match but allowing to specify rates in bytes/second > > instead of packets/second. > > > > you might combine this patch and SNAT to do "overflowing", i.e. > > your first link will be used, and when it is "full" (or exceeds > > a given bandwidth), further connections will be SNAT'ed with > > another address, thus using the 2nd link. > > > > Jerome Petazzoni <skaya at enix dot org> > > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ >
