First of all, thank you Martin - this is fabulously helpful. On Wed, 2003-08-06 at 20:18, Martin A. Brown wrote: > Hello all, > > I played a bit with the ingress qdisc after seeing Patrick and Stef > talking about it and came up with a few notes and a few questions. > > ... > > About filtering on the ingress qdisc: > > - since there are no classes to which to direct the packets, the only > reasonable option (reasonable, indeed!) is to drop the packets > > - with clever use of filtering, you can limit particular traffic > signatures to particular uses of your bandwidth That sounds like a correct statement about the filters themselves. But it appears that we don't have to just drop the packets, because the policers we attach to the filters CAN queue packets. The following quote is from one of Stef's earlier replies: > You have to see the policer as a small tbf qdisc that exists on his own. If > you add the policer to a filter, all packets are "queued" in the policer and > throttled. Martin continues... > Here's an example of using an ingress policer to limit inbound traffic > from a particular set of IPs on a per IP basis. In this case, traffic > from each of these source IPs is limited to a T1's worth of bandwidth. > Note that this means that this host can receive up to 1536kbit (768kbit + > 768kbit) worth of bandwidth from these two source IPs alone. > > # -- start of script > #! /bin/ash > # > # -- simulate a much smaller amount of bandwidth than the 100MBit interface > # > RATE=1536kbit > DEV=eth0 > SOURCES="10.168.53.2/32 10.168.73.10/32 10.168.28.20/32" > > # -- attach our ingress qdisc > # > tc qdisc add dev $DEV ingress I don't see a handle argument here. I presume that, since the ingress handle for an interface MUST be ffff, that the handle argument is optional.
