I'm investigating other approaches to managing the very little, extremely over-used pipe we have feeding the residences of our small campus. Previously, I simply allotted them 2Mbit (there are about 100 users, some full-time users, most not), and did a number of prioritizations to improve responsiveness. I used HTB and attached ESFQ qdiscs to evenly distribute bandwidth based on IP, rather than per-session. This worked quite well until recently, where the number of users has increased and demand has gone up. One of the goals is that heavy users (basically p2p users) shouldn't be able to ruin it for the others. The average user should never have to sit and wait for 5 seconds while google loads, or get 4000ms pings to an upstream router. One of the approaches I'm fiddling with now is creating a separate class for each IP, guaranteeing them a small portion of bandwidth, to at least keep their latency down. I've also introduced weekly quotas, and am significantly penalizing users who go over their quota (such as rate-limiting them to 5KB/s). It's awfully harsh, but the proper solution (buying more bandwidth) is not my call, and so I have to make this 2Mbit work for now. Rather than rate-limiting each over-quota user to 5KB/s, I've been considering creating a separate, larger class, and just tossing each of the over-quota users in it to fight for the bandwidth in that class. However, the ceil for this class should depend on the number of users in it, because I must assume that each user in the class will try to use all of the allowed bandwidth in that class at all times. So what I'd like to do is provide a ceil in the HTB class that is computed based on the number of users in the class. I've rolled my own scripts that monitors usage of each user via iptables, so I could update those scripts to change the ceil each time a new user is added (tc class change dev ...), but I was wondering if there was a more elegant way of doing this -- that is, does HTB somehow support dynamic ceilings based on the number of users (IPs) it sees in that class? Another problem I'm having is that I can't seem to find the right syntax for removing filters. Can anyone help with that? The most obvious doesn't seem the work: [root@hawk ipacct]# tc filter add dev $ETH_RES protocol ip parent 2: u32 match ip dst 10.0.0.100/32 flowid 2:10 [root@hawk ipacct]# tc filter del dev $ETH_RES protocol ip parent 2: u32 match ip dst 10.0.0.100/32 flowid 2:10 RTNETLINK answers: No such file or directory Thanks much, Jason. -- Jason Tackaberry :: tack@xxxxxx :: 705-949-2301 x330 Academic Computing Support Specialist Information Technology Services Algoma University College :: www.auc.ca _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/