On Tuesday 16 August 2005 21:37, Gabriel wrote: > If I wanted to create classes for every client on the network, I would > have to use iptables to mark packets (using -j MARK) and not > filters because, according to > http://www.docum.org/docum.org/kptd/ the shaping is done > after the SNAT, so all the clients would have the src > address rewritten with the public IP. Am I getting this > right? I'm not 100% sure, but I think so. Anyway, I'm more comfortable with iptables than the sometimes rather complicated tc filter syntax. So I try to do most stuff in iptables. > 2) shaping inbound traffic is tricky because you can't > control the rate that the packets come to you. Is it a good > idea to shape the outgoing traffic to the clients on the > LAN side NIC? Yes, you can't control the way packets come to you directly. But still, does that mean you should allow an incoming connection to hog the whole bandwidth? Dropping packets slows down incoming tcp connections, and in my case, although dropping means throwing away already-downloaded packets, I feel it improved usability. > Would I achieve both upload and download shaping using the same htb > script (a script that does shaping using iptables for marking packets and > fw for matching them) on both NICs (LAN side and ISP side)? There might be minor differences (on LAN interface, you have to account for internal LAN traffic, e.g. SSH sessions to your router, and other local services you might be running, which do not actually use internet bandwidth. > What happens if shaping a variable bandwidth link and, at one moment, for > a period of time, the available bandwidth goes beyond the rate specified > for the class 1:1 (the class attached to the root qdisc)? How will > htb act in such a situation? I don't have a variable bandwidth link, but I guess HTB won't let you use more bandwith than specified in any case. > 4) related to 3), I've tried to use a syntax like this: "tc > clas add dev $ETH parent 1:0 classid 1:1 htb rate $RATE > ceil $CEIL", where CEIL > RATE , but the max speed I > achieved was the RATE speed. After further reading, I found > out that you can't (well, you can, there's no syntax error, > but it's useless) specify CEIL for the class attached to > the root qdisc because it doesn't have a parent to borrow > from. So is there a way to simulate a variable bandwidth > link or should I just set RATE to the highest possible > value the bandwidth can reach? I doubt that HTB was made for variable bandwidth links. Anyway, I suggest you try out both possibilities and use the ones that work best for you. Shaping is always a lot of trial & error in my opinion. > 5) related to 1). Is there a (major) difference between -j > MARK and -j CLASSIFY? From what I've read, -j CLASSIFY sets > both the major and minor (major:minor) numbers to be > matched while -j MARK only sets the minor. I haven't used classify so far, but if I understand it right, it puts packets directly into the appropriate class. If that's true, it's a good idea to use it, since it saves you the hassle of first marking packets and then adding tc filter matches for that mark. HTH Andreas _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
