Re: tncg and bandwidth limiting

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Scott,

 : Basically ignore that last message.

Earlier message ignored.

 : I'm trying to do some very simple rate-shaping on an interface. I want
 : to limit my 100baseT interface to 7 megs both ingress and egress of the
 : interface.

You'll notice that Rubens suggested you use a TBF.  This would be
perfectly adequate solution for your transmitted traffic.  Note that an
HTB class and a TBF qdisc are essentially performing the same function.
Shaping!

Note there is a difference in the traffic control structures created by
your tcng configuration.  Your egress section will actually be two HTB
classes inside an HTB qdisc attached to the INTERFACE in question.  In
your situation, you do not need both classes (created as siblings), since
you are classifying everything into class $all.

 : I'm curious if some of the other experts out there wouldn't have a
 : "better"  way to do what I'm doing. I'd like to do HTB ingress as well,
 : but it complains that the the ingress qdisc doesn't allow inside
 : classes or something like that. I think this will work for me, I just
 : want to make sure this is the best way to do things.

This is a limitation of traffic control under Linux.  You can only shape
what you transmit [ see IMQ if you want to know how to break this rule ].
So, unless you are going to use IMQ, you'll not be able to shape your
local input traffic (if you are a router, you should be able to slow down
conversations by "artificially" delaying the packets on the internal
interface).

However, you don't need to care that you are not shaping on your inbound
traffic.  You can police the traffic.  For the difference between shaping
and policing, try here [0].

[ snip ]

 :        htb () {
 :           class ( rate 100Mbps, ceil 100Mbps ) ;  /* remove this */
 :           $all = class ( rate 7Mbps, ceil 7Mbps ) ;
 :        }

 :     ingress {
 :        $p = bucket(rate 7Mbps, burst 100kB, mpu 200B);
 :        class (1) if (conform $p && count $p) || drop;
 :     }

After you run your tcng config file through tcc ("tcc < $FILE | less"),
you should see (lines broken for readability) the following for the
ingress traffic control.  I left INTERFACE in the config file--obviously
you have #defined it someplace else.

  tc qdisc add dev INTERFACE ingress
  tc filter add dev INTERFACE parent ffff:0 protocol all prio 1 \
    u32 match u32 0x0 0x0 at 0 classid ffff:1 \
    police index 2 rate 875000bps burst 102400 mpu 200 action drop/pass
    ^^^^^^

Note that the policer will (somewhat harshly) accommodate your desires to
limit the traffic accepted inbound on an interface.

Best of luck,

-Martin

 [0] http://tldp.org/HOWTO/Traffic-Control-HOWTO/elements.html#e-shaping
     http://tldp.org/HOWTO/Traffic-Control-HOWTO/elements.html#e-policing

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux