I am completely stumped. I have the following configuration bound to both the ingress and egress adapters of a firewall (the only difference between them being that the external interface matches by source ip, the internal by destination), the goal of which is to throttle traffic to and from the local network on a host-by-host basis. Now, with this configuration throttling works perfectly for uploading (ie host -> eth2 -> eth1 -> *). However, downloading is not throttled at all *except* when the machine is uploading and downloading simultaneously; only then does the download throttle have any effect.
I tested this using IPerf, with the throttle set to 256kbit both ways. Upload always yields the expected results. Download tops out at about 4.5Mbit - its a wireless link, ie no throttling evident. However, when the test machine is running iperf as a client and server simultaneously (ie uploading and downloading about the same amount of data simultaneously), both directions are throttled as they should be around 256kbit.
"tc -s class show dev eth2" shows that no packets are being referred to this class; this is not the case for the same class on eth1.
Let me know if you would like to see the setup for eth1 (external interface) as well; this is the setup on eth2 (internal interface).
qdisc htb 1: r2q 10 default 0 direct_packets_stat 3
class htb 1:fffe root prio 0 rate 256Kbit ceil 256Kbit burst 6Kb cburst 3565b
filter parent 1: protocol ip pref 1 u32
filter parent 1: protocol ip pref 1 u32 fh 801: ht divisor 1
filter parent 1: protocol ip pref 1 u32 fh 2: ht divisor 256
filter parent 1: protocol ip pref 1 u32 fh 2:fe:800 order 2048 key ht 2 bkt fe flowid 1:fffe
match 0a00fffe/ffffffff at 16
filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 link 2:
match 0a000000/ffff0000 at 16
hash mask 000000ff at 12
filter parent 1: protocol ip pref 5 u32
filter parent 1: protocol ip pref 5 u32 fh 801: ht divisor 1
filter parent 1: protocol ip pref 5 u32 fh 2: ht divisor 256
filter parent 1: protocol ip pref 5 u32 fh 2:fe:800 order 2048 key ht 2 bkt fe flowid 1:fffe
match 0a00fffe/ffffffff at 16
filter parent 1: protocol ip pref 5 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 link 2:
match 0a000000/ffff0000 at 16
hash mask 000000ff at 12
Please help; I am completely confused.
Thanks, Paul
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/